From patchwork Tue Dec 3 12:45:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13892381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8CC52E64A8A for ; Tue, 3 Dec 2024 12:59:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=LeJdzf4t40MZFTMmuIYXtkOVI7y8KM/1YokE6gmXH/Y=; b=1lLEvlsPU56qqqZUvymJn4LDkZ EPxGXi7LCdtMt5OD0YslgtBlR7mXvC9ATcelOqHBwbP59gJB8fpG2ZlDVH0N0HU1GGy1y3CXa7d0B tme1XlmPnoVgjhp//SWFtO01KDis9AymOOthQgHpdYvpbq1KSQ/w//Zx62cM9qq4fOuTaPbcB9YhV ppKr7nOJGOa/HyP1TS6B1v6Z4RBlC+nog6JWpqZV/Ji9TSaqq6hYuw+Mm+JNLKUc9z84OheoEqylP vCYCVKdEpyzViWEaRGrhSPAE3XqZLorK+OLTdnOxMPWpade5/O3tNXGfLbYfVpjFEULCV1epT2I7g GY86q08w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tISV9-00000009WYa-3xI6; Tue, 03 Dec 2024 12:59:39 +0000 Received: from nyc.source.kernel.org ([2604:1380:45d1:ec00::3]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tISK3-00000009UIP-030R for linux-arm-kernel@lists.infradead.org; Tue, 03 Dec 2024 12:48:12 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 161CEA411AA; Tue, 3 Dec 2024 12:46:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2ACCCC4CED8; Tue, 3 Dec 2024 12:48:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733230090; bh=LpOVQoMlpE/E8rUSHH5zwrqMIfcMHJ5yw+nwZF82uAs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=NtYb1fxEkI2ZLYOEInRO4JT0N1O6Cp77u2HFOwEHVSmNmbf2mmBLUjqLFy5Muk8ls tNHX8UfGBS94tO5oQ6EBOqpHVic4wyRcZzBAGWRGaOGpA/vZR5IIWJQBIMREXyMRZw mS9c9iHlerOja+AAN72vQqTvDefMaHLfWQrRRL0TuN90LxRZXVQ9gzqM4fi2bGmjzo C8zJ+vR80iUumIGgA5JzJ7JDigny3VQEwpyYCsEBj/ULGyNMTwXHi3x/kRWP3cLMM/ yK5BcRvwa6m/QbqpPjDA2DYQWy7xo/rfhkJ77rHu2whIUKlJyb32sI53o09uMIieiF eqDc1Vg8U5BJg== From: Mark Brown Date: Tue, 03 Dec 2024 12:45:53 +0000 Subject: [PATCH 1/6] arm64/sme: Flush foreign register state in do_sme_acc() MIME-Version: 1.0 Message-Id: <20241203-arm64-sme-reenable-v1-1-d853479d1b77@kernel.org> References: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> In-Reply-To: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> To: Catalin Marinas , Will Deacon Cc: Mark Rutland , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Mark Brown , stable@vger.kernel.org X-Mailer: b4 0.15-dev-9b746 X-Developer-Signature: v=1; a=openpgp-sha256; l=1524; i=broonie@kernel.org; h=from:subject:message-id; bh=LpOVQoMlpE/E8rUSHH5zwrqMIfcMHJ5yw+nwZF82uAs=; b=owGbwMvMwMWocq27KDak/QLjabUkhnS/fwxZFimK2tZr1lq9W90o8CI4fq/Sy1JJxgCOwmCpNZxB sv2djMYsDIxcDLJiiixrn2WsSg+X2Dr/0fxXMINYmUCmMHBxCsBE3vqz/9OzNm9XOHpxwU7GkkX7Wu 5sfHg6nbPpFfv2KXbJHOlHD36KPvRVi3nZzmsXpPz8TwtMn2rhv7XCyuXbmqqlvKunlnyc82Nf0skM YbtK48Atu47Paw5s6rjn0xHkJNNgdvJfCHP+TV1Z90l7C3/IvbEK2bnKjDH6u2ecUl/ocaF+ra21Bb YGtl9kn1xj5VbsU2yTeOK/xf77moPBv8xkvxzlcemVubFttVXYvdd/bVujl4rPfZFuVV5SxHbSV7mb t6rO3tkgNe6n5uSfj39G7Yxmar6g/7/OMHWJmFMgU/eUDxPXf0qb8ttUsbb8jfSfhBw7kTRR8ZKHc7 tVl3hckAvtaf3To2sxx1y9INoJAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241203_044811_113666_5E640052 X-CRM114-Status: GOOD ( 11.77 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When do_sme_acc() runs with foreign FP state it does not do any updates of the task structure, relying on the next return to userspace to reload the register state appropriately, but leaves the task's last loaded CPU untouched. This means that if the task returns to userspace on the last CPU it ran on then the checks in fpsimd_bind_task_to_cpu() will incorrectly determine that the register state on the CPU is current and suppress reload of the floating point register state before returning to userspace. This will result in spurious warnings due to SME access traps occuring for the task after TIF_SME is set. Call fpsimd_flush_task_state() to invalidate the last loaded CPU recorded in the task, forcing detection of the task as foreign. Fixes: 8bd7f91c03d8 ("arm64/sme: Implement traps and syscall handling for SME") Reported-by: Mark Rutlamd Signed-off-by: Mark Brown Cc: stable@vger.kernel.org --- arch/arm64/kernel/fpsimd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index 8c4c1a2186cc510a7826d15ec36225857c07ed71..eca0b6a2fc6fa25d8c850a5b9e109b4d58809f54 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1460,6 +1460,8 @@ void do_sme_acc(unsigned long esr, struct pt_regs *regs) sme_set_vq(vq_minus_one); fpsimd_bind_task_to_cpu(); + } else { + fpsimd_flush_task_state(current); } put_cpu_fpsimd_context(); From patchwork Tue Dec 3 12:45:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13892382 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D8844E64A8C for ; Tue, 3 Dec 2024 13:00:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=63Dz4jjbRwX5CQLNLC40wvOTv92feQluubf1HWJS80s=; b=XMsDUFZUYb5+Oj4FgppZxoFZ2A nDz90WEuRS6E9BcFkEuQBNsQz6HEv+Z7O9LYyi3GUa5gHbI9Exuor7Lb7Mr9ry4R79ssTXCdqm0oB OEkRK8MGA4Jr3Ta05wwdrI9jAwL/HtxbEraXxUjnwVXQRjizMkHHGNrOBSjB58WBzbB2aHpe+mWyq icnOrdpoKcbVeFsGO4k8lBEVIdDOdVb+RjOaU2A+6iCDEmgrg9bUMciY13d+PgvH0QZMEA1ObpZUX N7CMZWrqyFuiG7HwSPOD1M9i6B6ohuVZH6NvJJfKRKUGzfaIuBp/qBX1ccVpUzoBi8rDhmdmEllWm Sqc3phrw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tISW8-00000009WnK-2KRj; Tue, 03 Dec 2024 13:00:40 +0000 Received: from nyc.source.kernel.org ([147.75.193.91]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tISK4-00000009UJP-3RKh for linux-arm-kernel@lists.infradead.org; Tue, 03 Dec 2024 12:48:14 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id C9BC0A414B5; Tue, 3 Dec 2024 12:46:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8DA78C4CECF; Tue, 3 Dec 2024 12:48:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733230091; bh=fwkQ2FXE6pq57Zq+2np3KAdjth1F3BAf6kMutQobcPY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uECPxY2yGDTQ96vqDI8oz8ZKkSYDhsE6FOJ+q/2wjZ0pJYpkWoqI7JXoWxmMjv1No JPlnGyw/i4S5l/2DcfSALiOluwqInss7WhO5yjyPxjE0jmLKsYQvADY2/hIOOBHlmz APAh7elCXYNs02IQQ7PiJDb1zWUEuBlegj+isdtZaV4S1GJf0RcVYU3nzSb4EAQkW2 Hj+1RSVRGVrtwlCfYWhD414y4jo7uI2qJZ+7v90KOjbisEg+XPh8BEl61ZYtQKZJRs cnZegheuib6DkJdL0WR4cfk5IaplQYsaQjMKXONdbJSECGF8N5zvkRxSkHeMHyPy42 yS07ous1B5OQQ== From: Mark Brown Date: Tue, 03 Dec 2024 12:45:54 +0000 Subject: [PATCH 2/6] arm64/fp: Don't corrupt FPMR when streaming mode changes MIME-Version: 1.0 Message-Id: <20241203-arm64-sme-reenable-v1-2-d853479d1b77@kernel.org> References: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> In-Reply-To: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> To: Catalin Marinas , Will Deacon Cc: Mark Rutland , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Mark Brown X-Mailer: b4 0.15-dev-9b746 X-Developer-Signature: v=1; a=openpgp-sha256; l=1433; i=broonie@kernel.org; h=from:subject:message-id; bh=fwkQ2FXE6pq57Zq+2np3KAdjth1F3BAf6kMutQobcPY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnTv4BcA+HNfWUMV0jBjkRtcw5Z8TgIMYMn0+FMt8+ 8FdSoVaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ07+AQAKCRAk1otyXVSH0KOMB/ 9c2BmpHnuajRU9qKEBELWI4QXCe3SSVNuHwY74LKEBjrA8LN2EW6J9MdYUqtSC91exM3H18GcOdtPf kSEYFZADm3h48TsP4aXgofFDty7s/LK/SmV9pGvmEGxzFgsLAlmFvM9PuPmPTrGNIocxNGN85Exhn1 h9Z9VYduy9XzB91sdEGxS6cL3DwT1C4dIiqZyLfGErJx1FIYFmK1FFkFWjHmx+KKOTQDE2GDiSw1uC GPJgu5V3/TalyHuLYZF110vLpLWVYuhreG2JnasDGX8SMuXx9R7nh6i12CDNyDIVzmR297d6IR0880 VkFbiwNqxJlS8lBoTT8NQ5eahcD7cl X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241203_044812_941091_683F6513 X-CRM114-Status: GOOD ( 11.87 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When we enter or exit streaming more FPMR is reset to 0. This means that when restoring the floating point state from memory we need to restore FPMR after we restore SVCR, otherwise if we are entering or exiting streaming mode as part of loading the new state the value of FPMR will be corrupted. Fixes: 203f2b95a882 ("arm64/fpsimd: Support FEAT_FPMR") Signed-off-by: Mark Brown --- arch/arm64/kernel/fpsimd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index eca0b6a2fc6fa25d8c850a5b9e109b4d58809f54..a3bb17c88942eba031d26e9f75ad46f37b6dc621 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -359,9 +359,6 @@ static void task_fpsimd_load(void) WARN_ON(preemptible()); WARN_ON(test_thread_flag(TIF_KERNEL_FPSTATE)); - if (system_supports_fpmr()) - write_sysreg_s(current->thread.uw.fpmr, SYS_FPMR); - if (system_supports_sve() || system_supports_sme()) { switch (current->thread.fp_type) { case FP_STATE_FPSIMD: @@ -413,6 +410,9 @@ static void task_fpsimd_load(void) restore_ffr = system_supports_fa64(); } + if (system_supports_fpmr()) + write_sysreg_s(current->thread.uw.fpmr, SYS_FPMR); + if (restore_sve_regs) { WARN_ON_ONCE(current->thread.fp_type != FP_STATE_SVE); sve_load_state(sve_pffr(¤t->thread), From patchwork Tue Dec 3 12:45:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13892383 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 77E5DE64A8B for ; Tue, 3 Dec 2024 13:01:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=TbrPPtzaz1uYp8syc2SwQibDDWFYYYcWdraEyuneUW8=; b=ewk72zMEf0wrjy9QjNnSRGgxKt 20NVsjuB4LHYgNlN0kmzh7QlXwg0LwBVxXwDFmWlSFYXLOQ3LKIqTJ036wbv55X0nE5KVIp0p3Psx pN0cK9NBZk3Ly5BC+9D7URdkEKjFWuZ/+n2HwYM9mhfYtAn01CdbDZkk3ec84h5prPqB1DjZt6whH 0Y5HdF37jsCscPHk4tr47v1I3x7nPF7GU6fRfbEJKscpiEi4bI6TLRmguMgFCU7bQY7uILvpzAr3i MNCavPumRM9sq0vtQZV+0GpJAXNuCUz3ZWqIEG0uX18owr3lrhcfwd1S7MvFesHmqmfTMKh/0km57 eD8Yctcw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tISX7-00000009X1v-0lVl; Tue, 03 Dec 2024 13:01:41 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tISK6-00000009UKn-1fUO for linux-arm-kernel@lists.infradead.org; Tue, 03 Dec 2024 12:48:15 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id E06675C6CC6; Tue, 3 Dec 2024 12:47:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 35ACEC4CEDA; Tue, 3 Dec 2024 12:48:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733230093; bh=A8QKBxilDmxPa7rkbda6zcbE9W7eNHPT2bdz3YleFLw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=YB1/JhVVfVllWqpTIrk7/axmeR9qWo1CHsDZMaaZTOWJ29KPqtjV3kLB4Pk0GoN2V AbbvlHTU1FZ+DHYwFi6AF3Yeu1TKtv9Yew9wF0o6u89WlZgOlzsLREFY46EmLl4PKE gPF3qGGGtg59PCzJPDt1gkn684JMR/mBBVmy2MShSIbi26KebRhM7L9dA3FiXS6KUs SwyBymbe+bDRIlhaoAYRn/ZBN5dHh2KzXQjr2m27ZIVUMpOTk8jlRJMmXw9f8XTI4k 58sA3Wu7c1Pc8ei4ezose9Kdwq05p9VvShFCdrxjTEdh93/RDQeITLthtHW2ol+mUm HN/ENvn45KIsg== From: Mark Brown Date: Tue, 03 Dec 2024 12:45:55 +0000 Subject: [PATCH 3/6] arm64/ptrace: Zero FPMR on streaming mode entry/exit MIME-Version: 1.0 Message-Id: <20241203-arm64-sme-reenable-v1-3-d853479d1b77@kernel.org> References: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> In-Reply-To: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> To: Catalin Marinas , Will Deacon Cc: Mark Rutland , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Mark Brown , stable@vger.kernel.org X-Mailer: b4 0.15-dev-9b746 X-Developer-Signature: v=1; a=openpgp-sha256; l=2536; i=broonie@kernel.org; h=from:subject:message-id; bh=A8QKBxilDmxPa7rkbda6zcbE9W7eNHPT2bdz3YleFLw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnTv4CiOSW2bhpgcdgsYNhwD/Bim4F7ucOylhTitF5 bNZ69KSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ07+AgAKCRAk1otyXVSH0LOrB/ 99y5btc73beTOcl314LKxYh6c8mPHO20HigFHyqQdH86SXdpieb5FJR5m4nRfAnosSZgvstgKONgTz XZqsLN/KGPd4tQ9DKCVEydJ3/qFG/nswfG8vbzrZjvHZJ/R27QaD+TrhV3stJvQ+vb9ExTbYHxLbly a2q+yRIYr7+UZg5twhsndT1luzc4kNgcnc3yyEiqUm/6CQZzYTl3hn7duGakQiQun0A5IFN4fo3+7W /RfIDT448OmJWNI/6atAEtDOSpHazBrW8YbYL2Hn8+vGSQmltJjnGmtktoMOAjED3od8W1fkRBQB9w gfO+/3RX68xQLyTKjlR4djCYJYqWcj X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241203_044814_525236_EA8BBDD7 X-CRM114-Status: GOOD ( 13.05 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When FPMR and SME are both present then entering and exiting streaming mode clears FPMR in the same manner as it clears the V/Z and P registers. Since entering and exiting streaming mode via ptrace is expected to have the same effect as doing so via SMSTART/SMSTOP it should clear FPMR too but this was missed when FPMR support was added. Add the required reset of FPMR. Since changing the vector length resets SVCR a SME vector length change implemented via a write to ZA can trigger an exit of streaming mode and we need to check when writing to ZA as well. Fixes: 4035c22ef7d4 ("arm64/ptrace: Expose FPMR via ptrace") Signed-off-by: Mark Brown Cc: stable@vger.kernel.org --- arch/arm64/kernel/ptrace.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index e4437f62a2cda93734052c44b48886db83d75b3e..43a9397d5903ff87b608befdcaed3f9a7e48f976 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -877,6 +877,7 @@ static int sve_set_common(struct task_struct *target, const void *kbuf, const void __user *ubuf, enum vec_type type) { + u64 old_svcr = target->thread.svcr; int ret; struct user_sve_header header; unsigned int vq; @@ -908,8 +909,6 @@ static int sve_set_common(struct task_struct *target, /* Enter/exit streaming mode */ if (system_supports_sme()) { - u64 old_svcr = target->thread.svcr; - switch (type) { case ARM64_VEC_SVE: target->thread.svcr &= ~SVCR_SM_MASK; @@ -1008,6 +1007,10 @@ static int sve_set_common(struct task_struct *target, start, end); out: + /* If we entered or exited streaming mode then reset FPMR */ + if ((target->thread.svcr & SVCR_SM) != (old_svcr & SVCR_SM)) + target->thread.uw.fpmr = 0; + fpsimd_flush_task_state(target); return ret; } @@ -1104,6 +1107,7 @@ static int za_set(struct task_struct *target, unsigned int pos, unsigned int count, const void *kbuf, const void __user *ubuf) { + u64 old_svcr = target->thread.svcr; int ret; struct user_za_header header; unsigned int vq; @@ -1184,6 +1188,10 @@ static int za_set(struct task_struct *target, target->thread.svcr |= SVCR_ZA_MASK; out: + /* If we entered or exited streaming mode then reset FPMR */ + if ((target->thread.svcr & SVCR_SM) != (old_svcr & SVCR_SM)) + target->thread.uw.fpmr = 0; + fpsimd_flush_task_state(target); return ret; } From patchwork Tue Dec 3 12:45:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13892384 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7C0DDE64A89 for ; Tue, 3 Dec 2024 13:02:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=jmTlt8yceUwYSHPAT9RsfDwAJcRxAV4NP7eizCa3WVw=; b=XoZO8YRoWM0X/9Hww5XYpGL0zd 0rb6ptEo/ZI6n6+MYwUjiLgyZCSWu7kL11v0R1MM/H3cpPLXSvKukL57AYkPzUfm6gWRZa9z1l53b NH2DM3F49V9Nc9kdFwhBcQ+mT6fhSA6AHIbMt8sbIgHsrA+ZaBJC8xRvX1FBwHD0wWA2aYT+VUPc3 1MFBzmjocWW8f/Mxlh8+qKjTGI8D2kYPyA4WTkH8sp9SWegIwzsJumL4N3Y/eqpyfF/36470qN41Y v1bvrVtmeQ6GxCzo1DfQoOm+Hlz8khjO6lV1L63BiTg2mYsX554Tzllj0jqX6yZwytOu5zrxQJh0j FR4JK19g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tISY4-00000009XC0-3nUe; Tue, 03 Dec 2024 13:02:40 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tISK8-00000009ULT-2D5n for linux-arm-kernel@lists.infradead.org; Tue, 03 Dec 2024 12:48:17 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 05E005C6CED; Tue, 3 Dec 2024 12:47:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0832DC4CED6; Tue, 3 Dec 2024 12:48:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733230095; bh=i08Tzo89Z13rb+kYRXH2bI07rV1ZZlwqvs7iq1bbVjc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=RLd6ENmPrTM0A34TzAcUtU1uiKIT0kVJ+FuE5vic1Vz/f14EEiVqDcDscxQ70QZJH /jd82Oyg6xjbMeEeeiOjVQU0lWN8KMeItR5pKlc3rstA2RAp39whz6I73IC9VZ1Ep9 oMvJNYuJ50MydecPpV9rOInue5MgbRfSRfMJh+yB1+6LfF4mDm0KGRHAcUFiS9/ZLp czl1/GimPnA/L6WSb2EuRUVANWIwmWObblrr6mZ4c2op/zJ9g7aIcqudeKdY8Aixvf HOj0cbfHtBoCR3uWfqI8qC3HXi97lp/yj5na4Dh/3NTUtqIXyv0jRe99Hug9IU8hAy X7cznEbbOUxSg== From: Mark Brown Date: Tue, 03 Dec 2024 12:45:56 +0000 Subject: [PATCH 4/6] arm64/signal: Consistently invalidate the in register FP state in restore MIME-Version: 1.0 Message-Id: <20241203-arm64-sme-reenable-v1-4-d853479d1b77@kernel.org> References: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> In-Reply-To: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> To: Catalin Marinas , Will Deacon Cc: Mark Rutland , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Mark Brown X-Mailer: b4 0.15-dev-9b746 X-Developer-Signature: v=1; a=openpgp-sha256; l=7030; i=broonie@kernel.org; h=from:subject:message-id; bh=i08Tzo89Z13rb+kYRXH2bI07rV1ZZlwqvs7iq1bbVjc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnTv4C57b2eCs7HLjeNSCmcdMbpX+CdFHe1mg7BuJt nPHGwkSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ07+AgAKCRAk1otyXVSH0BCxB/ 4uPgjG9e6YkBaGPIdRsGHOnukmb1x17JGEj6UQpY/pJHCtwqJcFwnfc07vZQ6R2iRB7GvOIX3iJokl oLaXc6zX8Zwa8+WxPGG2sm8lnP47LDXCyi+NdtA9VOP3KUjnxai2aeN44YrAGzq9VGZ+B6a8XvOPvp Mn6H2Gx4ZiajcWQ7XR9SNeXUAR21k/UDEZsOqZoZPcYKHsQyXfUuRxYnMRTb9/X76CJOHM+w5Fu12q seHTGI72aiBJA481jDry92XRzjSJ9GRiqYA2/YEnkINviq3drGIarOQlEBt6mIcltxZPDbhcks3uKl 3H3N7ysk4yc2poh/Avxtja8Im1pedg X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241203_044816_656960_FDFD8710 X-CRM114-Status: GOOD ( 22.40 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When restoring the SVE and SME specific floating point register states we flush the task floating point state, marking the hardware state as stale so that preemption does not result in us saving register state from the signal handler on top of the restored context and forcing a reload from memory. For the plain FPSIMD state we don't do this, we just copy the state from userspace and then force an immediate reload of the register state. This isn't racy against context switch since we copy the incoming data onto the stack rather than directly into the task struct but it's still messy and inconsistent. Simplify things and avoid a potential source of error by moving the invalidation of the CPU state to the main restore_sigframe() and reworking the restore of the FPSIMD state to update the task struct and rely on loading as part of the general do_notify_resume() handling for return to user like we do for the SVE and SME state. As a result of this the only user of fpsimd_update_current_state() is the 32 bit signal code which should not have any SVE state, add an assert there that we don't have SVE enabled. Signed-off-by: Mark Brown --- arch/arm64/kernel/fpsimd.c | 2 +- arch/arm64/kernel/signal.c | 70 +++++++++++++++------------------------------- 2 files changed, 23 insertions(+), 49 deletions(-) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index a3bb17c88942eba031d26e9f75ad46f37b6dc621..f02762762dbcf954e9add6dfd3575ae7055b6b0e 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1828,7 +1828,7 @@ void fpsimd_update_current_state(struct user_fpsimd_state const *state) get_cpu_fpsimd_context(); current->thread.uw.fpsimd_state = *state; - if (test_thread_flag(TIF_SVE)) + if (WARN_ON_ONCE(test_thread_flag(TIF_SVE))) fpsimd_to_sve(current); task_fpsimd_load(); diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 14ac6fdb872b9672e4b16a097f1b577aae8dec50..abd0907061fe664bf22d1995319f9559c4bbed91 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -271,7 +271,7 @@ static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) static int restore_fpsimd_context(struct user_ctxs *user) { - struct user_fpsimd_state fpsimd; + struct user_fpsimd_state *fpsimd = ¤t->thread.uw.fpsimd_state; int err = 0; /* check the size information */ @@ -279,18 +279,14 @@ static int restore_fpsimd_context(struct user_ctxs *user) return -EINVAL; /* copy the FP and status/control registers */ - err = __copy_from_user(fpsimd.vregs, &(user->fpsimd->vregs), - sizeof(fpsimd.vregs)); - __get_user_error(fpsimd.fpsr, &(user->fpsimd->fpsr), err); - __get_user_error(fpsimd.fpcr, &(user->fpsimd->fpcr), err); + err = __copy_from_user(fpsimd->vregs, &(user->fpsimd->vregs), + sizeof(fpsimd->vregs)); + __get_user_error(fpsimd->fpsr, &(user->fpsimd->fpsr), err); + __get_user_error(fpsimd->fpcr, &(user->fpsimd->fpcr), err); clear_thread_flag(TIF_SVE); current->thread.fp_type = FP_STATE_FPSIMD; - /* load the hardware registers from the fpsimd_state structure */ - if (!err) - fpsimd_update_current_state(&fpsimd); - return err ? -EFAULT : 0; } @@ -396,7 +392,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs *user) { int err = 0; unsigned int vl, vq; - struct user_fpsimd_state fpsimd; + struct user_fpsimd_state *fpsimd = ¤t->thread.uw.fpsimd_state; u16 user_vl, flags; if (user->sve_size < sizeof(*user->sve)) @@ -439,16 +435,6 @@ static int restore_sve_fpsimd_context(struct user_ctxs *user) if (user->sve_size < SVE_SIG_CONTEXT_SIZE(vq)) return -EINVAL; - /* - * Careful: we are about __copy_from_user() directly into - * thread.sve_state with preemption enabled, so protection is - * needed to prevent a racing context switch from writing stale - * registers back over the new data. - */ - - fpsimd_flush_task_state(current); - /* From now, fpsimd_thread_switch() won't touch thread.sve_state */ - sve_alloc(current, true); if (!current->thread.sve_state) { clear_thread_flag(TIF_SVE); @@ -471,14 +457,10 @@ static int restore_sve_fpsimd_context(struct user_ctxs *user) fpsimd_only: /* copy the FP and status/control registers */ /* restore_sigframe() already checked that user->fpsimd != NULL. */ - err = __copy_from_user(fpsimd.vregs, user->fpsimd->vregs, - sizeof(fpsimd.vregs)); - __get_user_error(fpsimd.fpsr, &user->fpsimd->fpsr, err); - __get_user_error(fpsimd.fpcr, &user->fpsimd->fpcr, err); - - /* load the hardware registers from the fpsimd_state structure */ - if (!err) - fpsimd_update_current_state(&fpsimd); + err = __copy_from_user(fpsimd->vregs, user->fpsimd->vregs, + sizeof(fpsimd->vregs)); + __get_user_error(fpsimd->fpsr, &user->fpsimd->fpsr, err); + __get_user_error(fpsimd->fpcr, &user->fpsimd->fpcr, err); return err ? -EFAULT : 0; } @@ -587,16 +569,6 @@ static int restore_za_context(struct user_ctxs *user) if (user->za_size < ZA_SIG_CONTEXT_SIZE(vq)) return -EINVAL; - /* - * Careful: we are about __copy_from_user() directly into - * thread.sme_state with preemption enabled, so protection is - * needed to prevent a racing context switch from writing stale - * registers back over the new data. - */ - - fpsimd_flush_task_state(current); - /* From now, fpsimd_thread_switch() won't touch thread.sve_state */ - sme_alloc(current, true); if (!current->thread.sme_state) { current->thread.svcr &= ~SVCR_ZA_MASK; @@ -664,16 +636,6 @@ static int restore_zt_context(struct user_ctxs *user) if (nregs != 1) return -EINVAL; - /* - * Careful: we are about __copy_from_user() directly into - * thread.zt_state with preemption enabled, so protection is - * needed to prevent a racing context switch from writing stale - * registers back over the new data. - */ - - fpsimd_flush_task_state(current); - /* From now, fpsimd_thread_switch() won't touch ZT in thread state */ - err = __copy_from_user(thread_zt_state(¤t->thread), (char __user const *)user->zt + ZT_SIG_REGS_OFFSET, @@ -1028,6 +990,18 @@ static int restore_sigframe(struct pt_regs *regs, if (err == 0) err = parse_user_sigframe(&user, sf); + /* + * Careful: we are about __copy_from_user() directly into + * thread floating point state with preemption enabled, so + * protection is needed to prevent a racing context switch + * from writing stale registers back over the new data. Mark + * the register floating point state as invalid and unbind the + * task from the CPU to force a reload before we return to + * userspace. fpsimd_flush_task_state() has a check for FP + * support. + */ + fpsimd_flush_task_state(current); + if (err == 0 && system_supports_fpsimd()) { if (!user.fpsimd) return -EINVAL; From patchwork Tue Dec 3 12:45:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13892385 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 118A1E64A89 for ; Tue, 3 Dec 2024 13:03:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=yHTXjhuveq9WVkJrTG01/Zg4whS1KOZuNvWKaJQ6f0A=; b=ORpYjcByV01ZQexoN5HTCAxFMG XaNsuOmTZoBEW1qceNT6YSXL0AKLS7WbljD89gCiuyoQBv900qe7U5ipOS+Ki88CSLRO8y8mu9kMu 30SiJys5jb6VPk2vb/ma4Os1dYx4FPMdi1PPUxZy/h2Z9V/ueYiBfUwJ4xon1qNMTTalGk6hBPuL9 sYaugim7B4YSOEtRsanytwHCMNrpTvXGyEKvrxsvLAyPFJ0T9Kxi642IPVIW6+TCULGB838Zj5Hjp ZG8T61ynKjZQEmYBZay4UUvA0yqTUU55wq4YeOfnVCvz9VFQKP4waI1lI1LwSxL55K7W3reBDnHE8 0C7xEusA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tISZ3-00000009XK6-21zu; Tue, 03 Dec 2024 13:03:41 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tISKA-00000009UMN-49S0 for linux-arm-kernel@lists.infradead.org; Tue, 03 Dec 2024 12:48:20 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 806135C6CF3; Tue, 3 Dec 2024 12:47:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 41E3FC4CECF; Tue, 3 Dec 2024 12:48:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733230098; bh=tqDF+LZfpEl117YVlmHOd2bm86U4BFv5nd1yWgZtYGw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=f6uhEE7H+DIQTiSt6efWDdKqNHf4x8FbOju6/e0fmTWKzZ3d0B9DIcj+vhB05z1B3 lYXZ8lJ0if1ZmJesw7RAue1VKPWYXso1SNkS9sUzPdsfMyK8eXqTk4p7ocD2wqX99C Vnv+m1Q4zA7VwKhRZaavpHfgALVNFYbQvIBsaeDGn4ygeGelIrol/lInc4PLz1FQZd 3S8Yph/IhbU22252h0frg/hHF5CBFi3AVI/DWkVOrvhdBVY0HBzL/XbE0z/O2TPZPk AYQvifJVkM9velVV/4/LrWM8uK9nkhnw2Unjvh9eOnLN9tcxCcXTqFhzJ4uggGvyKf racF4Br/ohEpQ== From: Mark Brown Date: Tue, 03 Dec 2024 12:45:57 +0000 Subject: [PATCH 5/6] arm64/signal: Avoid corruption of SME state when entering signal handler MIME-Version: 1.0 Message-Id: <20241203-arm64-sme-reenable-v1-5-d853479d1b77@kernel.org> References: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> In-Reply-To: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> To: Catalin Marinas , Will Deacon Cc: Mark Rutland , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Mark Brown , stable@vger.kernel.org X-Mailer: b4 0.15-dev-9b746 X-Developer-Signature: v=1; a=openpgp-sha256; l=6180; i=broonie@kernel.org; h=from:subject:message-id; bh=tqDF+LZfpEl117YVlmHOd2bm86U4BFv5nd1yWgZtYGw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnTv4DRiB8mALTlanBgA4iu6r/2JeW9mfceg8ltz9C lMm+gWGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ07+AwAKCRAk1otyXVSH0KpXB/ 91iUpGoZkqphYBXkHXp+N0vZK7oXmkKGHfuOimfDbia5FwbFMvPjAGF0/KH1aIbemNG/356x2/1zTw l2n+JeMtTVaAH08PKBv+bz8YlbeTzHe8/10/nkMBE35m26sZ0MVTgADLhZbuX6NDxw3FGxz+GvOnEN z0XxIwuCi3OGCAPmt8L905uHm3c8i0A6oMAn+ZlVxdmsiBIEmE2EH6gt++6XEQ3KMor7hptg6gd2Yw HtB9UITN4mPZvJr99IR8Cmwk/Xr5W5VPwh2DDTn6hVy6bE2tCNZ7EBIdNc1teFGpOFyRDr/8/tHul5 jOhMoIZxMl/vjNRcGLNdMNJKDtjntH X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241203_044819_119836_C7BCBAAE X-CRM114-Status: GOOD ( 24.51 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org We intend that signal handlers are entered with PSTATE.{SM,ZA}={0,0}. The logic for this in setup_return() manipulates the saved state and live CPU state in an unsafe manner, and consequently, when a task enters a signal handler: * The task entering the signal handler might not have its PSTATE.{SM,ZA} bits cleared, and other register state that is affected by changes to PSTATE.{SM,ZA} might not be zeroed as expected. * An unrelated task might have its PSTATE.{SM,ZA} bits cleared unexpectedly, potentially zeroing other register state that is affected by changes to PSTATE.{SM,ZA}. Tasks which do not set PSTATE.{SM,ZA} (i.e. those only using plain FPSIMD or non-streaming SVE) are not affected, as there is no resulting change to PSTATE.{SM,ZA}. Consider for example two tasks on one CPU: A: Begins signal entry in kernel mode, is preempted prior to SMSTOP. B: Using SM and/or ZA in userspace with register state current on the CPU, is preempted. A: Scheduled in, no register state changes made as in kernel mode. A: Executes SMSTOP, modifying live register state. A: Scheduled out. B: Scheduled in, fpsimd_thread_switch() sees the register state on the CPU is tracked as being that for task B so the state is not reloaded prior to returning to userspace. Task B is now running with SM and ZA incorrectly cleared. Fix this by: * Checking TIF_FOREIGN_FPSTATE, and only updating the saved or live state as appropriate. * Using {get,put}_cpu_fpsimd_context() to ensure mutual exclusion against other code which manipulates this state. To allow their use, the logic is moved into a new fpsimd_enter_sighandler() helper in fpsimd.c. This race has been observed intermittently with fp-stress, especially with preempt disabled, commonly but not exclusively reporting "Bad SVCR: 0". While we're at it also fix a discrepancy between in register and in memory entries. When operating on the register state we issue a SMSTOP, exiting streaming mode if we were in it. This clears the V/Z and P register and FPMR but nothing else. The in memory version clears all the user FPSIMD state including FPCR and FPSR but does not clear FPMR. Add the clear of FPMR and limit the existing memset() to only cover the vregs, preserving the state of FPCR and FPSR like SMSTOP does. Fixes: 40a8e87bb3285 ("arm64/sme: Disable ZA and streaming mode when handling signals") Signed-off-by: Mark Brown Cc: stable@vger.kernel.org --- arch/arm64/include/asm/fpsimd.h | 1 + arch/arm64/kernel/fpsimd.c | 39 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/signal.c | 19 +------------------ 3 files changed, 41 insertions(+), 18 deletions(-) diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h index f2a84efc361858d4deda99faf1967cc7cac386c1..09af7cfd9f6c2cec26332caa4c254976e117b1bf 100644 --- a/arch/arm64/include/asm/fpsimd.h +++ b/arch/arm64/include/asm/fpsimd.h @@ -76,6 +76,7 @@ extern void fpsimd_load_state(struct user_fpsimd_state *state); extern void fpsimd_thread_switch(struct task_struct *next); extern void fpsimd_flush_thread(void); +extern void fpsimd_enter_sighandler(void); extern void fpsimd_signal_preserve_current_state(void); extern void fpsimd_preserve_current_state(void); extern void fpsimd_restore_current_state(void); diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index f02762762dbcf954e9add6dfd3575ae7055b6b0e..c5465c8ec467cb1ab8bd211dc5370f91aa2bcf35 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1696,6 +1696,45 @@ void fpsimd_signal_preserve_current_state(void) sve_to_fpsimd(current); } +/* + * Called by the signal handling code when preparing current to enter + * a signal handler. Currently this only needs to take care of exiting + * streaming mode and clearing ZA on SME systems. + */ +void fpsimd_enter_sighandler(void) +{ + if (!system_supports_sme()) + return; + + get_cpu_fpsimd_context(); + + if (test_thread_flag(TIF_FOREIGN_FPSTATE)) { + /* + * Exiting streaming mode zeros the V/Z and P + * registers and FPMR. Zero FPMR and the V registers, + * marking the state as FPSIMD only to force a clear + * of the remaining bits during reload if needed. + */ + if (current->thread.svcr & SVCR_SM_MASK) { + memset(¤t->thread.uw.fpsimd_state.vregs, 0, + sizeof(current->thread.uw.fpsimd_state.vregs)); + current->thread.uw.fpmr = 0; + current->thread.fp_type = FP_STATE_FPSIMD; + } + + current->thread.svcr &= ~(SVCR_ZA_MASK | + SVCR_SM_MASK); + + /* Ensure any copies on other CPUs aren't reused */ + fpsimd_flush_task_state(current); + } else { + /* The register state is current, just update it. */ + sme_smstop(); + } + + put_cpu_fpsimd_context(); +} + /* * Called by KVM when entering the guest. */ diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index abd0907061fe664bf22d1995319f9559c4bbed91..335c2327baf74eac9634cf594855dbf26a7d6b01 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -1461,24 +1461,7 @@ static int setup_return(struct pt_regs *regs, struct ksignal *ksig, /* TCO (Tag Check Override) always cleared for signal handlers */ regs->pstate &= ~PSR_TCO_BIT; - /* Signal handlers are invoked with ZA and streaming mode disabled */ - if (system_supports_sme()) { - /* - * If we were in streaming mode the saved register - * state was SVE but we will exit SM and use the - * FPSIMD register state - flush the saved FPSIMD - * register state in case it gets loaded. - */ - if (current->thread.svcr & SVCR_SM_MASK) { - memset(¤t->thread.uw.fpsimd_state, 0, - sizeof(current->thread.uw.fpsimd_state)); - current->thread.fp_type = FP_STATE_FPSIMD; - } - - current->thread.svcr &= ~(SVCR_ZA_MASK | - SVCR_SM_MASK); - sme_smstop(); - } + fpsimd_enter_sighandler(); if (ksig->ka.sa.sa_flags & SA_RESTORER) sigtramp = ksig->ka.sa.sa_restorer; From patchwork Tue Dec 3 12:45:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13892404 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1F1AFE64A89 for ; Tue, 3 Dec 2024 13:04:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=nKPY5mUDwCQzcC0NaKAT50ijS7gJKsqZHOvVhsiu++M=; b=D8jcsxG3V6rhgUIM1C7N0N61dq qdoc6AqeAKolNPc3M3ybdKBu/eb8N3EYBt+DmfBUTetlenRRssAxLzevWW6ZS6xmJd/54HN2KT88u RD0x90VY7ei4Pu780+9Epk1GEkQmpQDp3018eLm2vjy+NI2rEm7gaZH1e2sbbdecBaaomF6TJmWkJ IKy16q09MNcQF6hPw871sGotmLncqd4nB41eTsER8KSE+7tghhnRVREUd8jkwsBW4z9vhpBCcsOjk kZEE8CwkAtSP0yYgnwaeaP4bbso7BdmxeoBOLu+LXysTFU8/pC2ZWG2XcYQv7ENRAvZD5BI273m+S 4Da8MA3w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tISa2-00000009XXp-0LhQ; Tue, 03 Dec 2024 13:04:42 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tISKD-00000009UNO-0wTo for linux-arm-kernel@lists.infradead.org; Tue, 03 Dec 2024 12:48:22 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id BB5725C6CD0; Tue, 3 Dec 2024 12:47:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C299CC4CED8; Tue, 3 Dec 2024 12:48:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733230100; bh=NfLmqQjhH+UlQ7Y+G2ykkZMplv/ejiQc6RhXEP3cv9c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Yu2+KZWiSIg/vcibGpWsC4cSQbX7GUoTsRpfcjQeVzVoSvs+rjG+UlSrYzTyUDwdI ga5ga1wgyLuIOxUK7PRdjOOwas0dHstcVRs4hb6Ct/oOTZlr3NpjewUgorCB0g1wv3 uTSF9S1gNIZJ4Of4zDoStJL+72ik3DAONCVZE+JXx74xTwu/2AFg8rcOcRWXBMcuax mulsC1oYrj9JpLIzDjmaiHaRR9S9iFbbgMkR3dpxBTlauafShocbEDuyC47gx8wPKP jz4tCO3BzZ6kbwKbJMAX7d3JQ/oCVDEUMAaDvZQYqRnKRyZ8qaz8bgndw9Vy1S5HNY SNbYEK10lubvw== From: Mark Brown Date: Tue, 03 Dec 2024 12:45:58 +0000 Subject: [PATCH 6/6] arm64/sme: Reenable SME MIME-Version: 1.0 Message-Id: <20241203-arm64-sme-reenable-v1-6-d853479d1b77@kernel.org> References: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> In-Reply-To: <20241203-arm64-sme-reenable-v1-0-d853479d1b77@kernel.org> To: Catalin Marinas , Will Deacon Cc: Mark Rutland , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Mark Brown X-Mailer: b4 0.15-dev-9b746 X-Developer-Signature: v=1; a=openpgp-sha256; l=769; i=broonie@kernel.org; h=from:subject:message-id; bh=NfLmqQjhH+UlQ7Y+G2ykkZMplv/ejiQc6RhXEP3cv9c=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnTv4EwAM7vHQhCvbi4NPdM/aOb5HiD8WW+R04Hwxs zQLBaXaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ07+BAAKCRAk1otyXVSH0GhZB/ sGRSMP+r1w2EvOeWpp1ren3qhBDoiJyO61GV2YT1wDopNT9HefjfeDe+yPisElGPZdPvi21dHByK0u 6EHYKPBCF6TrC5EW4eLWCIl86ntF5Ym7Zw6qsBgrdlnQNoUF1NzxxOziu2h9Odun/EjCWC0Ted5Uf4 31BnrqOPDSmcBabkjEVeXjvAKgHv5uFRVHS9MnPNuM1TD55kahcDYCsjQmTFiHM/3OI3z3OkxaMxpu Dr/XrY6g3eQ1/BD5u00yHaMQOHyF71QdwHBMgO6b6ZnKogrJcJcAUmmhlYqU7seGNaylYBWkSUfnum R0rvriv0KBw/bSl5tqqYZBYvZm8ePz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241203_044821_319332_3DC5BBF4 X-CRM114-Status: GOOD ( 10.13 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Now that fixes for all the known issues with SME have been applied remove the BROKEN dependency from it so it's generally available again. Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 100570a048c5e8892c0112704f9ca74c4fc55b27..7e3182dd6fa0dadd961c352f88484cff0e520eaa 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2270,7 +2270,6 @@ config ARM64_SME bool "ARM Scalable Matrix Extension support" default y depends on ARM64_SVE - depends on BROKEN help The Scalable Matrix Extension (SME) is an extension to the AArch64 execution state which utilises a substantial subset of the SVE