* [PATCH v3 00/28] ARM Scalable Vector Extension (SVE)
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki,
kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg,
libc-alpha-9JcytcrH/bA+uJoB2kUjGw,
linux-arch-u79uwXL29TY76Z2rM5mHXA, Alan Hayward, Marc Zyngier,
Mark Rutland, Michael Kerrisk, Suzuki K Poulose,
linux-api-u79uwXL29TY76Z2rM5mHXA
This series implements Linux kernel support for the ARM Scalable Vector
Extension (SVE). [1] It supersedes the previous v2: see [3] for link.
See the individual patches for details of changes.
The patches apply on v4.14-rc4.
For convenience, a git tree is available. [4]
To reduce spam, some people may not been copied on the entire series.
For those who did not receive the whole series, it can be found in the
linux-arm-kernel archive. [2]
*Note* The final two patches (27-28) of the series are still RFC --
before committing to this ABI it would be good to get feedback on
whether the approach makes sense and whether it suitable for other
architectures. These two patches are not required by the rest of the
series and can be revised or merged later.
Support for use of SVE by KVM guests is not currently included.
Instead, such use will be trapped and reflected to the guest as
undefined instruction execution. SVE is hidden from the view of the
CPU feature registers visible to guests, so that guests will not
expect it to work.
This series has been build- and boot-tested on the ARM FVP Base model
with and without the SVE plugin. Because there is no hardware with
SVE support yet, testing of the SVE functionality has only been
performed on the model.
Regression testing of v3 is under way.
Series summary:
* Patches 1-5 contain some individual bits of preparatory spadework,
which are indirectly related to SVE.
Dave Martin (5):
regset: Add support for dynamically sized regsets
arm64: KVM: Hide unsupported AArch64 CPU features from guests
arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
arm64: Port deprecated instruction emulation to new sysctl interface
arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag()
Non-trivial changes among these are:
* Patch 1: updates the regset core code to handle regsets whose size
is not fixed at compile time. This avoids bloating coredumps even
though the maximum theoretical SVE regset size is large.
* Patch 2: extends KVM to modify the ARM architectural ID registers
seen by guests, by trapping and emulating certain registers. For
SVE this is a temporary measure, but it may be useful for other
architecture extensions. This patch may also be built on in the
future, since the only registers currently emulated are those
required for hiding SVE.
* Patches 6-10 add SVE-specific system register and structure layout
definitions, and the low-level boot code and accessors needed for
making use of SVE.
Dave Martin (5):
arm64/sve: System register and exception syndrome definitions
arm64/sve: Low-level SVE architectural state manipulation functions
arm64/sve: Kconfig update and conditional compilation support
arm64/sve: Signal frame and context structure definition
arm64/sve: Low-level CPU setup
* Patches 11-13 implement the core context management facilities to
provide each user task with its own SVE register context, signal
handling facilities, and sane programmer's model interoperation
between SVE and FPSIMD.
Dave Martin (3):
arm64/sve: Core task context handling
arm64/sve: Support vector length resetting for new processes
arm64/sve: Signal handling support
* Patches 14 and 16 provide backend logic for detecting and making use
of the different SVE vector lengths supported by the hardware.
* Patch 15 moves around code in cpufeatures.c to fit.
Dave Martin (3):
arm64/sve: Backend logic for setting the vector length
arm64: cpufeature: Move sys_caps_initialised declarations
arm64/sve: Probe SVE capabilities and usable vector lengths
* Patches 17-18 update the kernel-mode NEON / EFI FPSIMD frameworks to
interoperate correctly with SVE.
Dave Martin (2):
arm64/sve: Preserve SVE registers around kernel-mode NEON use
arm64/sve: Preserve SVE registers around EFI runtime service calls
* Patches 19-21 implement the userspace frontend for managing SVE,
comprising ptrace, some new arch-specific prctl() calls, and a new
sysctl for init-time setup.
Dave Martin (3):
arm64/sve: ptrace and ELF coredump support
arm64/sve: Add prctl controls for userspace vector length management
arm64/sve: Add sysctl to set the default vector length for new
processes
* Patches 22-24 provide stub KVM extensions for using KVM only on the
host, while denying guest access. (A future series will extend this
with full support for SVE in guests.)
Dave Martin (3):
arm64/sve: KVM: Prevent guests from using SVE
arm64/sve: KVM: Treat guest SVE use as undefined instruction
execution
arm64/sve: KVM: Hide SVE from CPU features exposed to guests
And finally:
* Patch 25 disengages the safety catch, enabling the kernel SVE runtime
support and allowing userspace to use SVE.
Dave Martin (1):
arm64/sve: Detect SVE and activate runtime support
* Patch 26 adds some basic documentation.
Dave Martin (1):
arm64/sve: Add documentation
* Patches 27-28 (which may be considered RFC) propose a mechanism to
report the maximum runtime signal frame size to userspace.
Dave Martin (2):
arm64: signal: Report signal frame size to userspace via auxv
arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ
References:
[1] ARM Scalable Vector Extension
https://community.arm.com/groups/processors/blog/2016/08/22/technology-update-the-scalable-vector-extension-sve-for-the-armv8-a-architecture
[2] linux-arm-kernel October 2017 Archives by thread
http://lists.infradead.org/pipermail/linux-arm-kernel/2017-October/thread.html
[3] [PATCH v2 00/28] ARM Scalable Vector Extension (SVE)
http://lists.infradead.org/pipermail/linux-arm-kernel/2017-August/529575.html
[4] http://linux-arm.org/git?p=linux-dm.git;a=shortlog;h=refs/heads/sve/v3
git://linux-arm.org/linux-dm.git sve/v3
Full series and diffstat:
Dave Martin (28):
regset: Add support for dynamically sized regsets
arm64: KVM: Hide unsupported AArch64 CPU features from guests
arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
arm64: Port deprecated instruction emulation to new sysctl interface
arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag()
arm64/sve: System register and exception syndrome definitions
arm64/sve: Low-level SVE architectural state manipulation functions
arm64/sve: Kconfig update and conditional compilation support
arm64/sve: Signal frame and context structure definition
arm64/sve: Low-level CPU setup
arm64/sve: Core task context handling
arm64/sve: Support vector length resetting for new processes
arm64/sve: Signal handling support
arm64/sve: Backend logic for setting the vector length
arm64: cpufeature: Move sys_caps_initialised declarations
arm64/sve: Probe SVE capabilities and usable vector lengths
arm64/sve: Preserve SVE registers around kernel-mode NEON use
arm64/sve: Preserve SVE registers around EFI runtime service calls
arm64/sve: ptrace and ELF coredump support
arm64/sve: Add prctl controls for userspace vector length management
arm64/sve: Add sysctl to set the default vector length for new
processes
arm64/sve: KVM: Prevent guests from using SVE
arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
arm64/sve: KVM: Hide SVE from CPU features exposed to guests
arm64/sve: Detect SVE and activate runtime support
arm64/sve: Add documentation
arm64: signal: Report signal frame size to userspace via auxv
arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ
Documentation/arm64/cpu-feature-registers.txt | 6 +-
Documentation/arm64/sve.txt | 484 ++++++++++++++
arch/arm/include/asm/kvm_host.h | 3 +
arch/arm64/Kconfig | 12 +
arch/arm64/include/asm/cpu.h | 4 +
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/include/asm/cpufeature.h | 42 ++
arch/arm64/include/asm/elf.h | 5 +
arch/arm64/include/asm/esr.h | 3 +-
arch/arm64/include/asm/fpsimd.h | 73 +-
arch/arm64/include/asm/fpsimdmacros.h | 148 ++++
arch/arm64/include/asm/kvm_arm.h | 5 +-
arch/arm64/include/asm/kvm_host.h | 11 +
arch/arm64/include/asm/processor.h | 10 +
arch/arm64/include/asm/sysreg.h | 24 +
arch/arm64/include/asm/thread_info.h | 2 +
arch/arm64/include/asm/traps.h | 2 +
arch/arm64/include/uapi/asm/auxvec.h | 3 +-
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/include/uapi/asm/ptrace.h | 138 ++++
arch/arm64/include/uapi/asm/sigcontext.h | 120 +++-
arch/arm64/kernel/armv8_deprecated.c | 15 +-
arch/arm64/kernel/cpufeature.c | 97 ++-
arch/arm64/kernel/cpuinfo.c | 7 +
arch/arm64/kernel/entry-fpsimd.S | 17 +
arch/arm64/kernel/entry.S | 14 +-
arch/arm64/kernel/fpsimd.c | 927 +++++++++++++++++++++++++-
arch/arm64/kernel/head.S | 13 +-
arch/arm64/kernel/process.c | 14 +-
arch/arm64/kernel/ptrace.c | 271 +++++++-
arch/arm64/kernel/signal.c | 222 +++++-
arch/arm64/kernel/signal32.c | 2 +-
arch/arm64/kernel/traps.c | 7 +-
arch/arm64/kvm/handle_exit.c | 8 +
arch/arm64/kvm/hyp/switch.c | 12 +-
arch/arm64/kvm/sys_regs.c | 292 ++++++--
fs/binfmt_elf.c | 6 +-
include/linux/regset.h | 67 +-
include/uapi/linux/elf.h | 1 +
include/uapi/linux/prctl.h | 9 +
kernel/sys.c | 12 +
virt/kvm/arm/arm.c | 3 +
42 files changed, 2970 insertions(+), 145 deletions(-)
create mode 100644 Documentation/arm64/sve.txt
--
2.1.4
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 00/28] ARM Scalable Vector Extension (SVE)
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Alan Hayward, Marc Zyngier, Mark Rutland,
Michael Kerrisk, Suzuki K Poulose, linux-api
This series implements Linux kernel support for the ARM Scalable Vector
Extension (SVE). [1] It supersedes the previous v2: see [3] for link.
See the individual patches for details of changes.
The patches apply on v4.14-rc4.
For convenience, a git tree is available. [4]
To reduce spam, some people may not been copied on the entire series.
For those who did not receive the whole series, it can be found in the
linux-arm-kernel archive. [2]
*Note* The final two patches (27-28) of the series are still RFC --
before committing to this ABI it would be good to get feedback on
whether the approach makes sense and whether it suitable for other
architectures. These two patches are not required by the rest of the
series and can be revised or merged later.
Support for use of SVE by KVM guests is not currently included.
Instead, such use will be trapped and reflected to the guest as
undefined instruction execution. SVE is hidden from the view of the
CPU feature registers visible to guests, so that guests will not
expect it to work.
This series has been build- and boot-tested on the ARM FVP Base model
with and without the SVE plugin. Because there is no hardware with
SVE support yet, testing of the SVE functionality has only been
performed on the model.
Regression testing of v3 is under way.
Series summary:
* Patches 1-5 contain some individual bits of preparatory spadework,
which are indirectly related to SVE.
Dave Martin (5):
regset: Add support for dynamically sized regsets
arm64: KVM: Hide unsupported AArch64 CPU features from guests
arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
arm64: Port deprecated instruction emulation to new sysctl interface
arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag()
Non-trivial changes among these are:
* Patch 1: updates the regset core code to handle regsets whose size
is not fixed at compile time. This avoids bloating coredumps even
though the maximum theoretical SVE regset size is large.
* Patch 2: extends KVM to modify the ARM architectural ID registers
seen by guests, by trapping and emulating certain registers. For
SVE this is a temporary measure, but it may be useful for other
architecture extensions. This patch may also be built on in the
future, since the only registers currently emulated are those
required for hiding SVE.
* Patches 6-10 add SVE-specific system register and structure layout
definitions, and the low-level boot code and accessors needed for
making use of SVE.
Dave Martin (5):
arm64/sve: System register and exception syndrome definitions
arm64/sve: Low-level SVE architectural state manipulation functions
arm64/sve: Kconfig update and conditional compilation support
arm64/sve: Signal frame and context structure definition
arm64/sve: Low-level CPU setup
* Patches 11-13 implement the core context management facilities to
provide each user task with its own SVE register context, signal
handling facilities, and sane programmer's model interoperation
between SVE and FPSIMD.
Dave Martin (3):
arm64/sve: Core task context handling
arm64/sve: Support vector length resetting for new processes
arm64/sve: Signal handling support
* Patches 14 and 16 provide backend logic for detecting and making use
of the different SVE vector lengths supported by the hardware.
* Patch 15 moves around code in cpufeatures.c to fit.
Dave Martin (3):
arm64/sve: Backend logic for setting the vector length
arm64: cpufeature: Move sys_caps_initialised declarations
arm64/sve: Probe SVE capabilities and usable vector lengths
* Patches 17-18 update the kernel-mode NEON / EFI FPSIMD frameworks to
interoperate correctly with SVE.
Dave Martin (2):
arm64/sve: Preserve SVE registers around kernel-mode NEON use
arm64/sve: Preserve SVE registers around EFI runtime service calls
* Patches 19-21 implement the userspace frontend for managing SVE,
comprising ptrace, some new arch-specific prctl() calls, and a new
sysctl for init-time setup.
Dave Martin (3):
arm64/sve: ptrace and ELF coredump support
arm64/sve: Add prctl controls for userspace vector length management
arm64/sve: Add sysctl to set the default vector length for new
processes
* Patches 22-24 provide stub KVM extensions for using KVM only on the
host, while denying guest access. (A future series will extend this
with full support for SVE in guests.)
Dave Martin (3):
arm64/sve: KVM: Prevent guests from using SVE
arm64/sve: KVM: Treat guest SVE use as undefined instruction
execution
arm64/sve: KVM: Hide SVE from CPU features exposed to guests
And finally:
* Patch 25 disengages the safety catch, enabling the kernel SVE runtime
support and allowing userspace to use SVE.
Dave Martin (1):
arm64/sve: Detect SVE and activate runtime support
* Patch 26 adds some basic documentation.
Dave Martin (1):
arm64/sve: Add documentation
* Patches 27-28 (which may be considered RFC) propose a mechanism to
report the maximum runtime signal frame size to userspace.
Dave Martin (2):
arm64: signal: Report signal frame size to userspace via auxv
arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ
References:
[1] ARM Scalable Vector Extension
https://community.arm.com/groups/processors/blog/2016/08/22/technology-update-the-scalable-vector-extension-sve-for-the-armv8-a-architecture
[2] linux-arm-kernel October 2017 Archives by thread
http://lists.infradead.org/pipermail/linux-arm-kernel/2017-October/thread.html
[3] [PATCH v2 00/28] ARM Scalable Vector Extension (SVE)
http://lists.infradead.org/pipermail/linux-arm-kernel/2017-August/529575.html
[4] http://linux-arm.org/git?p=linux-dm.git;a=shortlog;h=refs/heads/sve/v3
git://linux-arm.org/linux-dm.git sve/v3
Full series and diffstat:
Dave Martin (28):
regset: Add support for dynamically sized regsets
arm64: KVM: Hide unsupported AArch64 CPU features from guests
arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
arm64: Port deprecated instruction emulation to new sysctl interface
arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag()
arm64/sve: System register and exception syndrome definitions
arm64/sve: Low-level SVE architectural state manipulation functions
arm64/sve: Kconfig update and conditional compilation support
arm64/sve: Signal frame and context structure definition
arm64/sve: Low-level CPU setup
arm64/sve: Core task context handling
arm64/sve: Support vector length resetting for new processes
arm64/sve: Signal handling support
arm64/sve: Backend logic for setting the vector length
arm64: cpufeature: Move sys_caps_initialised declarations
arm64/sve: Probe SVE capabilities and usable vector lengths
arm64/sve: Preserve SVE registers around kernel-mode NEON use
arm64/sve: Preserve SVE registers around EFI runtime service calls
arm64/sve: ptrace and ELF coredump support
arm64/sve: Add prctl controls for userspace vector length management
arm64/sve: Add sysctl to set the default vector length for new
processes
arm64/sve: KVM: Prevent guests from using SVE
arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
arm64/sve: KVM: Hide SVE from CPU features exposed to guests
arm64/sve: Detect SVE and activate runtime support
arm64/sve: Add documentation
arm64: signal: Report signal frame size to userspace via auxv
arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ
Documentation/arm64/cpu-feature-registers.txt | 6 +-
Documentation/arm64/sve.txt | 484 ++++++++++++++
arch/arm/include/asm/kvm_host.h | 3 +
arch/arm64/Kconfig | 12 +
arch/arm64/include/asm/cpu.h | 4 +
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/include/asm/cpufeature.h | 42 ++
arch/arm64/include/asm/elf.h | 5 +
arch/arm64/include/asm/esr.h | 3 +-
arch/arm64/include/asm/fpsimd.h | 73 +-
arch/arm64/include/asm/fpsimdmacros.h | 148 ++++
arch/arm64/include/asm/kvm_arm.h | 5 +-
arch/arm64/include/asm/kvm_host.h | 11 +
arch/arm64/include/asm/processor.h | 10 +
arch/arm64/include/asm/sysreg.h | 24 +
arch/arm64/include/asm/thread_info.h | 2 +
arch/arm64/include/asm/traps.h | 2 +
arch/arm64/include/uapi/asm/auxvec.h | 3 +-
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/include/uapi/asm/ptrace.h | 138 ++++
arch/arm64/include/uapi/asm/sigcontext.h | 120 +++-
arch/arm64/kernel/armv8_deprecated.c | 15 +-
arch/arm64/kernel/cpufeature.c | 97 ++-
arch/arm64/kernel/cpuinfo.c | 7 +
arch/arm64/kernel/entry-fpsimd.S | 17 +
arch/arm64/kernel/entry.S | 14 +-
arch/arm64/kernel/fpsimd.c | 927 +++++++++++++++++++++++++-
arch/arm64/kernel/head.S | 13 +-
arch/arm64/kernel/process.c | 14 +-
arch/arm64/kernel/ptrace.c | 271 +++++++-
arch/arm64/kernel/signal.c | 222 +++++-
arch/arm64/kernel/signal32.c | 2 +-
arch/arm64/kernel/traps.c | 7 +-
arch/arm64/kvm/handle_exit.c | 8 +
arch/arm64/kvm/hyp/switch.c | 12 +-
arch/arm64/kvm/sys_regs.c | 292 ++++++--
fs/binfmt_elf.c | 6 +-
include/linux/regset.h | 67 +-
include/uapi/linux/elf.h | 1 +
include/uapi/linux/prctl.h | 9 +
kernel/sys.c | 12 +
virt/kvm/arm/arm.c | 3 +
42 files changed, 2970 insertions(+), 145 deletions(-)
create mode 100644 Documentation/arm64/sve.txt
--
2.1.4
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 00/28] ARM Scalable Vector Extension (SVE)
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This series implements Linux kernel support for the ARM Scalable Vector
Extension (SVE). [1] It supersedes the previous v2: see [3] for link.
See the individual patches for details of changes.
The patches apply on v4.14-rc4.
For convenience, a git tree is available. [4]
To reduce spam, some people may not been copied on the entire series.
For those who did not receive the whole series, it can be found in the
linux-arm-kernel archive. [2]
*Note* The final two patches (27-28) of the series are still RFC --
before committing to this ABI it would be good to get feedback on
whether the approach makes sense and whether it suitable for other
architectures. These two patches are not required by the rest of the
series and can be revised or merged later.
Support for use of SVE by KVM guests is not currently included.
Instead, such use will be trapped and reflected to the guest as
undefined instruction execution. SVE is hidden from the view of the
CPU feature registers visible to guests, so that guests will not
expect it to work.
This series has been build- and boot-tested on the ARM FVP Base model
with and without the SVE plugin. Because there is no hardware with
SVE support yet, testing of the SVE functionality has only been
performed on the model.
Regression testing of v3 is under way.
Series summary:
* Patches 1-5 contain some individual bits of preparatory spadework,
which are indirectly related to SVE.
Dave Martin (5):
regset: Add support for dynamically sized regsets
arm64: KVM: Hide unsupported AArch64 CPU features from guests
arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
arm64: Port deprecated instruction emulation to new sysctl interface
arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag()
Non-trivial changes among these are:
* Patch 1: updates the regset core code to handle regsets whose size
is not fixed at compile time. This avoids bloating coredumps even
though the maximum theoretical SVE regset size is large.
* Patch 2: extends KVM to modify the ARM architectural ID registers
seen by guests, by trapping and emulating certain registers. For
SVE this is a temporary measure, but it may be useful for other
architecture extensions. This patch may also be built on in the
future, since the only registers currently emulated are those
required for hiding SVE.
* Patches 6-10 add SVE-specific system register and structure layout
definitions, and the low-level boot code and accessors needed for
making use of SVE.
Dave Martin (5):
arm64/sve: System register and exception syndrome definitions
arm64/sve: Low-level SVE architectural state manipulation functions
arm64/sve: Kconfig update and conditional compilation support
arm64/sve: Signal frame and context structure definition
arm64/sve: Low-level CPU setup
* Patches 11-13 implement the core context management facilities to
provide each user task with its own SVE register context, signal
handling facilities, and sane programmer's model interoperation
between SVE and FPSIMD.
Dave Martin (3):
arm64/sve: Core task context handling
arm64/sve: Support vector length resetting for new processes
arm64/sve: Signal handling support
* Patches 14 and 16 provide backend logic for detecting and making use
of the different SVE vector lengths supported by the hardware.
* Patch 15 moves around code in cpufeatures.c to fit.
Dave Martin (3):
arm64/sve: Backend logic for setting the vector length
arm64: cpufeature: Move sys_caps_initialised declarations
arm64/sve: Probe SVE capabilities and usable vector lengths
* Patches 17-18 update the kernel-mode NEON / EFI FPSIMD frameworks to
interoperate correctly with SVE.
Dave Martin (2):
arm64/sve: Preserve SVE registers around kernel-mode NEON use
arm64/sve: Preserve SVE registers around EFI runtime service calls
* Patches 19-21 implement the userspace frontend for managing SVE,
comprising ptrace, some new arch-specific prctl() calls, and a new
sysctl for init-time setup.
Dave Martin (3):
arm64/sve: ptrace and ELF coredump support
arm64/sve: Add prctl controls for userspace vector length management
arm64/sve: Add sysctl to set the default vector length for new
processes
* Patches 22-24 provide stub KVM extensions for using KVM only on the
host, while denying guest access. (A future series will extend this
with full support for SVE in guests.)
Dave Martin (3):
arm64/sve: KVM: Prevent guests from using SVE
arm64/sve: KVM: Treat guest SVE use as undefined instruction
execution
arm64/sve: KVM: Hide SVE from CPU features exposed to guests
And finally:
* Patch 25 disengages the safety catch, enabling the kernel SVE runtime
support and allowing userspace to use SVE.
Dave Martin (1):
arm64/sve: Detect SVE and activate runtime support
* Patch 26 adds some basic documentation.
Dave Martin (1):
arm64/sve: Add documentation
* Patches 27-28 (which may be considered RFC) propose a mechanism to
report the maximum runtime signal frame size to userspace.
Dave Martin (2):
arm64: signal: Report signal frame size to userspace via auxv
arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ
References:
[1] ARM Scalable Vector Extension
https://community.arm.com/groups/processors/blog/2016/08/22/technology-update-the-scalable-vector-extension-sve-for-the-armv8-a-architecture
[2] linux-arm-kernel October 2017 Archives by thread
http://lists.infradead.org/pipermail/linux-arm-kernel/2017-October/thread.html
[3] [PATCH v2 00/28] ARM Scalable Vector Extension (SVE)
http://lists.infradead.org/pipermail/linux-arm-kernel/2017-August/529575.html
[4] http://linux-arm.org/git?p=linux-dm.git;a=shortlog;h=refs/heads/sve/v3
git://linux-arm.org/linux-dm.git sve/v3
Full series and diffstat:
Dave Martin (28):
regset: Add support for dynamically sized regsets
arm64: KVM: Hide unsupported AArch64 CPU features from guests
arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
arm64: Port deprecated instruction emulation to new sysctl interface
arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag()
arm64/sve: System register and exception syndrome definitions
arm64/sve: Low-level SVE architectural state manipulation functions
arm64/sve: Kconfig update and conditional compilation support
arm64/sve: Signal frame and context structure definition
arm64/sve: Low-level CPU setup
arm64/sve: Core task context handling
arm64/sve: Support vector length resetting for new processes
arm64/sve: Signal handling support
arm64/sve: Backend logic for setting the vector length
arm64: cpufeature: Move sys_caps_initialised declarations
arm64/sve: Probe SVE capabilities and usable vector lengths
arm64/sve: Preserve SVE registers around kernel-mode NEON use
arm64/sve: Preserve SVE registers around EFI runtime service calls
arm64/sve: ptrace and ELF coredump support
arm64/sve: Add prctl controls for userspace vector length management
arm64/sve: Add sysctl to set the default vector length for new
processes
arm64/sve: KVM: Prevent guests from using SVE
arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
arm64/sve: KVM: Hide SVE from CPU features exposed to guests
arm64/sve: Detect SVE and activate runtime support
arm64/sve: Add documentation
arm64: signal: Report signal frame size to userspace via auxv
arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ
Documentation/arm64/cpu-feature-registers.txt | 6 +-
Documentation/arm64/sve.txt | 484 ++++++++++++++
arch/arm/include/asm/kvm_host.h | 3 +
arch/arm64/Kconfig | 12 +
arch/arm64/include/asm/cpu.h | 4 +
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/include/asm/cpufeature.h | 42 ++
arch/arm64/include/asm/elf.h | 5 +
arch/arm64/include/asm/esr.h | 3 +-
arch/arm64/include/asm/fpsimd.h | 73 +-
arch/arm64/include/asm/fpsimdmacros.h | 148 ++++
arch/arm64/include/asm/kvm_arm.h | 5 +-
arch/arm64/include/asm/kvm_host.h | 11 +
arch/arm64/include/asm/processor.h | 10 +
arch/arm64/include/asm/sysreg.h | 24 +
arch/arm64/include/asm/thread_info.h | 2 +
arch/arm64/include/asm/traps.h | 2 +
arch/arm64/include/uapi/asm/auxvec.h | 3 +-
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/include/uapi/asm/ptrace.h | 138 ++++
arch/arm64/include/uapi/asm/sigcontext.h | 120 +++-
arch/arm64/kernel/armv8_deprecated.c | 15 +-
arch/arm64/kernel/cpufeature.c | 97 ++-
arch/arm64/kernel/cpuinfo.c | 7 +
arch/arm64/kernel/entry-fpsimd.S | 17 +
arch/arm64/kernel/entry.S | 14 +-
arch/arm64/kernel/fpsimd.c | 927 +++++++++++++++++++++++++-
arch/arm64/kernel/head.S | 13 +-
arch/arm64/kernel/process.c | 14 +-
arch/arm64/kernel/ptrace.c | 271 +++++++-
arch/arm64/kernel/signal.c | 222 +++++-
arch/arm64/kernel/signal32.c | 2 +-
arch/arm64/kernel/traps.c | 7 +-
arch/arm64/kvm/handle_exit.c | 8 +
arch/arm64/kvm/hyp/switch.c | 12 +-
arch/arm64/kvm/sys_regs.c | 292 ++++++--
fs/binfmt_elf.c | 6 +-
include/linux/regset.h | 67 +-
include/uapi/linux/elf.h | 1 +
include/uapi/linux/prctl.h | 9 +
kernel/sys.c | 12 +
virt/kvm/arm/arm.c | 3 +
42 files changed, 2970 insertions(+), 145 deletions(-)
create mode 100644 Documentation/arm64/sve.txt
--
2.1.4
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 01/28] regset: Add support for dynamically sized regsets
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
Currently the regset API doesn't allow for the possibility that
regsets (or at least, the amount of meaningful data in a regset)
may change in size.
In particular, this results in useless padding being added to
coredumps in a regset's current size is smaller than its
theoretical maximum size.
This patch adds a get_size() function to struct user_regset.
Individual regset implementations can implement this function to
return the current size of the regset data. A regset_size()
function is added to provide callers with an abstract interface for
determining the size of a regset without needing to know whether
the regset is dynamically sized or not.
The only affected user of this interface is the ELF coredump code:
This patch ports ELF coredump to dump regsets with their actual
size in the coredump. This has no effect except for new regsets
that are dynamically sized and provide a get_size() implementation.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
fs/binfmt_elf.c | 6 ++---
include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
2 files changed, 63 insertions(+), 10 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 73b01e4..35aa03f 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1699,7 +1699,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
long signr, size_t *total)
{
unsigned int i;
- unsigned int regset_size = view->regsets[0].n * view->regsets[0].size;
+ unsigned int size = regset_size(t->task, &view->regsets[0]);
/*
* NT_PRSTATUS is the one special case, because the regset data
@@ -1708,7 +1708,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
* We assume that regset 0 is NT_PRSTATUS.
*/
fill_prstatus(&t->prstatus, t->task, signr);
- (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset_size,
+ (void) view->regsets[0].get(t->task, &view->regsets[0], 0, size,
&t->prstatus.pr_reg, NULL);
fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
@@ -1728,7 +1728,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
if (regset->core_note_type && regset->get &&
(!regset->active || regset->active(t->task, regset))) {
int ret;
- size_t size = regset->n * regset->size;
+ size_t size = regset_size(t->task, regset);
void *data = kmalloc(size, GFP_KERNEL);
if (unlikely(!data))
return 0;
diff --git a/include/linux/regset.h b/include/linux/regset.h
index 8e0c9fe..494ceda 100644
--- a/include/linux/regset.h
+++ b/include/linux/regset.h
@@ -107,6 +107,28 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
int immediate);
/**
+ * user_regset_get_size_fn - type of @get_size function in &struct user_regset
+ * @target: thread being examined
+ * @regset: regset being examined
+ *
+ * This call is optional; usually the pointer is %NULL.
+ *
+ * When provided, this function must return the current size of regset
+ * data, as observed by the @get function in &struct user_regset. The
+ * value returned must be a multiple of @size. The returned size is
+ * required to be valid only until the next time (if any) @regset is
+ * modified for @target.
+ *
+ * This function is intended for dynamically sized regsets. A regset
+ * that is statically sized does not need to implement it.
+ *
+ * This function should not be called directly: instead, callers should
+ * call regset_size() to determine the current size of a regset.
+ */
+typedef unsigned int user_regset_get_size_fn(struct task_struct *target,
+ const struct user_regset *regset);
+
+/**
* struct user_regset - accessible thread CPU state
* @n: Number of slots (registers).
* @size: Size in bytes of a slot (register).
@@ -117,19 +139,33 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
* @set: Function to store values.
* @active: Function to report if regset is active, or %NULL.
* @writeback: Function to write data back to user memory, or %NULL.
+ * @get_size: Function to return the regset's size, or %NULL.
*
* This data structure describes a machine resource we call a register set.
* This is part of the state of an individual thread, not necessarily
* actual CPU registers per se. A register set consists of a number of
* similar slots, given by @n. Each slot is @size bytes, and aligned to
- * @align bytes (which is at least @size).
+ * @align bytes (which is at least @size). For dynamically-sized
+ * regsets, @n must contain the maximum possible number of slots for the
+ * regset, and @get_size must point to a function that returns the
+ * current regset size.
*
- * These functions must be called only on the current thread or on a
- * thread that is in %TASK_STOPPED or %TASK_TRACED state, that we are
- * guaranteed will not be woken up and return to user mode, and that we
- * have called wait_task_inactive() on. (The target thread always might
- * wake up for SIGKILL while these functions are working, in which case
- * that thread's user_regset state might be scrambled.)
+ * Callers that need to know only the current size of the regset and do
+ * not care about its internal structure should call regset_size()
+ * instead of inspecting @n or calling @get_size.
+ *
+ * For backward compatibility, the @get and @set methods must pad to, or
+ * accept, @n * @size bytes, even if the current regset size is smaller.
+ * The precise semantics of these operations depend on the regset being
+ * accessed.
+ *
+ * The functions to which &struct user_regset members point must be
+ * called only on the current thread or on a thread that is in
+ * %TASK_STOPPED or %TASK_TRACED state, that we are guaranteed will not
+ * be woken up and return to user mode, and that we have called
+ * wait_task_inactive() on. (The target thread always might wake up for
+ * SIGKILL while these functions are working, in which case that
+ * thread's user_regset state might be scrambled.)
*
* The @pos argument must be aligned according to @align; the @count
* argument must be a multiple of @size. These functions are not
@@ -156,6 +192,7 @@ struct user_regset {
user_regset_set_fn *set;
user_regset_active_fn *active;
user_regset_writeback_fn *writeback;
+ user_regset_get_size_fn *get_size;
unsigned int n;
unsigned int size;
unsigned int align;
@@ -371,5 +408,21 @@ static inline int copy_regset_from_user(struct task_struct *target,
return regset->set(target, regset, offset, size, NULL, data);
}
+/**
+ * regset_size - determine the current size of a regset
+ * @target: thread to be examined
+ * @regset: regset to be examined
+ *
+ * Note that the returned size is valid only until the next time
+ * (if any) @regset is modified for @target.
+ */
+static inline unsigned int regset_size(struct task_struct *target,
+ const struct user_regset *regset)
+{
+ if (!regset->get_size)
+ return regset->n * regset->size;
+ else
+ return regset->get_size(target, regset);
+}
#endif /* <linux/regset.h> */
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 01/28] regset: Add support for dynamically sized regsets
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
Currently the regset API doesn't allow for the possibility that
regsets (or at least, the amount of meaningful data in a regset)
may change in size.
In particular, this results in useless padding being added to
coredumps in a regset's current size is smaller than its
theoretical maximum size.
This patch adds a get_size() function to struct user_regset.
Individual regset implementations can implement this function to
return the current size of the regset data. A regset_size()
function is added to provide callers with an abstract interface for
determining the size of a regset without needing to know whether
the regset is dynamically sized or not.
The only affected user of this interface is the ELF coredump code:
This patch ports ELF coredump to dump regsets with their actual
size in the coredump. This has no effect except for new regsets
that are dynamically sized and provide a get_size() implementation.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
fs/binfmt_elf.c | 6 ++---
include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
2 files changed, 63 insertions(+), 10 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 73b01e4..35aa03f 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1699,7 +1699,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
long signr, size_t *total)
{
unsigned int i;
- unsigned int regset_size = view->regsets[0].n * view->regsets[0].size;
+ unsigned int size = regset_size(t->task, &view->regsets[0]);
/*
* NT_PRSTATUS is the one special case, because the regset data
@@ -1708,7 +1708,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
* We assume that regset 0 is NT_PRSTATUS.
*/
fill_prstatus(&t->prstatus, t->task, signr);
- (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset_size,
+ (void) view->regsets[0].get(t->task, &view->regsets[0], 0, size,
&t->prstatus.pr_reg, NULL);
fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
@@ -1728,7 +1728,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
if (regset->core_note_type && regset->get &&
(!regset->active || regset->active(t->task, regset))) {
int ret;
- size_t size = regset->n * regset->size;
+ size_t size = regset_size(t->task, regset);
void *data = kmalloc(size, GFP_KERNEL);
if (unlikely(!data))
return 0;
diff --git a/include/linux/regset.h b/include/linux/regset.h
index 8e0c9fe..494ceda 100644
--- a/include/linux/regset.h
+++ b/include/linux/regset.h
@@ -107,6 +107,28 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
int immediate);
/**
+ * user_regset_get_size_fn - type of @get_size function in &struct user_regset
+ * @target: thread being examined
+ * @regset: regset being examined
+ *
+ * This call is optional; usually the pointer is %NULL.
+ *
+ * When provided, this function must return the current size of regset
+ * data, as observed by the @get function in &struct user_regset. The
+ * value returned must be a multiple of @size. The returned size is
+ * required to be valid only until the next time (if any) @regset is
+ * modified for @target.
+ *
+ * This function is intended for dynamically sized regsets. A regset
+ * that is statically sized does not need to implement it.
+ *
+ * This function should not be called directly: instead, callers should
+ * call regset_size() to determine the current size of a regset.
+ */
+typedef unsigned int user_regset_get_size_fn(struct task_struct *target,
+ const struct user_regset *regset);
+
+/**
* struct user_regset - accessible thread CPU state
* @n: Number of slots (registers).
* @size: Size in bytes of a slot (register).
@@ -117,19 +139,33 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
* @set: Function to store values.
* @active: Function to report if regset is active, or %NULL.
* @writeback: Function to write data back to user memory, or %NULL.
+ * @get_size: Function to return the regset's size, or %NULL.
*
* This data structure describes a machine resource we call a register set.
* This is part of the state of an individual thread, not necessarily
* actual CPU registers per se. A register set consists of a number of
* similar slots, given by @n. Each slot is @size bytes, and aligned to
- * @align bytes (which is at least @size).
+ * @align bytes (which is at least @size). For dynamically-sized
+ * regsets, @n must contain the maximum possible number of slots for the
+ * regset, and @get_size must point to a function that returns the
+ * current regset size.
*
- * These functions must be called only on the current thread or on a
- * thread that is in %TASK_STOPPED or %TASK_TRACED state, that we are
- * guaranteed will not be woken up and return to user mode, and that we
- * have called wait_task_inactive() on. (The target thread always might
- * wake up for SIGKILL while these functions are working, in which case
- * that thread's user_regset state might be scrambled.)
+ * Callers that need to know only the current size of the regset and do
+ * not care about its internal structure should call regset_size()
+ * instead of inspecting @n or calling @get_size.
+ *
+ * For backward compatibility, the @get and @set methods must pad to, or
+ * accept, @n * @size bytes, even if the current regset size is smaller.
+ * The precise semantics of these operations depend on the regset being
+ * accessed.
+ *
+ * The functions to which &struct user_regset members point must be
+ * called only on the current thread or on a thread that is in
+ * %TASK_STOPPED or %TASK_TRACED state, that we are guaranteed will not
+ * be woken up and return to user mode, and that we have called
+ * wait_task_inactive() on. (The target thread always might wake up for
+ * SIGKILL while these functions are working, in which case that
+ * thread's user_regset state might be scrambled.)
*
* The @pos argument must be aligned according to @align; the @count
* argument must be a multiple of @size. These functions are not
@@ -156,6 +192,7 @@ struct user_regset {
user_regset_set_fn *set;
user_regset_active_fn *active;
user_regset_writeback_fn *writeback;
+ user_regset_get_size_fn *get_size;
unsigned int n;
unsigned int size;
unsigned int align;
@@ -371,5 +408,21 @@ static inline int copy_regset_from_user(struct task_struct *target,
return regset->set(target, regset, offset, size, NULL, data);
}
+/**
+ * regset_size - determine the current size of a regset
+ * @target: thread to be examined
+ * @regset: regset to be examined
+ *
+ * Note that the returned size is valid only until the next time
+ * (if any) @regset is modified for @target.
+ */
+static inline unsigned int regset_size(struct task_struct *target,
+ const struct user_regset *regset)
+{
+ if (!regset->get_size)
+ return regset->n * regset->size;
+ else
+ return regset->get_size(target, regset);
+}
#endif /* <linux/regset.h> */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 01/28] regset: Add support for dynamically sized regsets
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Currently the regset API doesn't allow for the possibility that
regsets (or at least, the amount of meaningful data in a regset)
may change in size.
In particular, this results in useless padding being added to
coredumps in a regset's current size is smaller than its
theoretical maximum size.
This patch adds a get_size() function to struct user_regset.
Individual regset implementations can implement this function to
return the current size of the regset data. A regset_size()
function is added to provide callers with an abstract interface for
determining the size of a regset without needing to know whether
the regset is dynamically sized or not.
The only affected user of this interface is the ELF coredump code:
This patch ports ELF coredump to dump regsets with their actual
size in the coredump. This has no effect except for new regsets
that are dynamically sized and provide a get_size() implementation.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
fs/binfmt_elf.c | 6 ++---
include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
2 files changed, 63 insertions(+), 10 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 73b01e4..35aa03f 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1699,7 +1699,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
long signr, size_t *total)
{
unsigned int i;
- unsigned int regset_size = view->regsets[0].n * view->regsets[0].size;
+ unsigned int size = regset_size(t->task, &view->regsets[0]);
/*
* NT_PRSTATUS is the one special case, because the regset data
@@ -1708,7 +1708,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
* We assume that regset 0 is NT_PRSTATUS.
*/
fill_prstatus(&t->prstatus, t->task, signr);
- (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset_size,
+ (void) view->regsets[0].get(t->task, &view->regsets[0], 0, size,
&t->prstatus.pr_reg, NULL);
fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
@@ -1728,7 +1728,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
if (regset->core_note_type && regset->get &&
(!regset->active || regset->active(t->task, regset))) {
int ret;
- size_t size = regset->n * regset->size;
+ size_t size = regset_size(t->task, regset);
void *data = kmalloc(size, GFP_KERNEL);
if (unlikely(!data))
return 0;
diff --git a/include/linux/regset.h b/include/linux/regset.h
index 8e0c9fe..494ceda 100644
--- a/include/linux/regset.h
+++ b/include/linux/regset.h
@@ -107,6 +107,28 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
int immediate);
/**
+ * user_regset_get_size_fn - type of @get_size function in &struct user_regset
+ * @target: thread being examined
+ * @regset: regset being examined
+ *
+ * This call is optional; usually the pointer is %NULL.
+ *
+ * When provided, this function must return the current size of regset
+ * data, as observed by the @get function in &struct user_regset. The
+ * value returned must be a multiple of @size. The returned size is
+ * required to be valid only until the next time (if any) @regset is
+ * modified for @target.
+ *
+ * This function is intended for dynamically sized regsets. A regset
+ * that is statically sized does not need to implement it.
+ *
+ * This function should not be called directly: instead, callers should
+ * call regset_size() to determine the current size of a regset.
+ */
+typedef unsigned int user_regset_get_size_fn(struct task_struct *target,
+ const struct user_regset *regset);
+
+/**
* struct user_regset - accessible thread CPU state
* @n: Number of slots (registers).
* @size: Size in bytes of a slot (register).
@@ -117,19 +139,33 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
* @set: Function to store values.
* @active: Function to report if regset is active, or %NULL.
* @writeback: Function to write data back to user memory, or %NULL.
+ * @get_size: Function to return the regset's size, or %NULL.
*
* This data structure describes a machine resource we call a register set.
* This is part of the state of an individual thread, not necessarily
* actual CPU registers per se. A register set consists of a number of
* similar slots, given by @n. Each slot is @size bytes, and aligned to
- * @align bytes (which is at least @size).
+ * @align bytes (which is at least @size). For dynamically-sized
+ * regsets, @n must contain the maximum possible number of slots for the
+ * regset, and @get_size must point to a function that returns the
+ * current regset size.
*
- * These functions must be called only on the current thread or on a
- * thread that is in %TASK_STOPPED or %TASK_TRACED state, that we are
- * guaranteed will not be woken up and return to user mode, and that we
- * have called wait_task_inactive() on. (The target thread always might
- * wake up for SIGKILL while these functions are working, in which case
- * that thread's user_regset state might be scrambled.)
+ * Callers that need to know only the current size of the regset and do
+ * not care about its internal structure should call regset_size()
+ * instead of inspecting @n or calling @get_size.
+ *
+ * For backward compatibility, the @get and @set methods must pad to, or
+ * accept, @n * @size bytes, even if the current regset size is smaller.
+ * The precise semantics of these operations depend on the regset being
+ * accessed.
+ *
+ * The functions to which &struct user_regset members point must be
+ * called only on the current thread or on a thread that is in
+ * %TASK_STOPPED or %TASK_TRACED state, that we are guaranteed will not
+ * be woken up and return to user mode, and that we have called
+ * wait_task_inactive() on. (The target thread always might wake up for
+ * SIGKILL while these functions are working, in which case that
+ * thread's user_regset state might be scrambled.)
*
* The @pos argument must be aligned according to @align; the @count
* argument must be a multiple of @size. These functions are not
@@ -156,6 +192,7 @@ struct user_regset {
user_regset_set_fn *set;
user_regset_active_fn *active;
user_regset_writeback_fn *writeback;
+ user_regset_get_size_fn *get_size;
unsigned int n;
unsigned int size;
unsigned int align;
@@ -371,5 +408,21 @@ static inline int copy_regset_from_user(struct task_struct *target,
return regset->set(target, regset, offset, size, NULL, data);
}
+/**
+ * regset_size - determine the current size of a regset
+ * @target: thread to be examined
+ * @regset: regset to be examined
+ *
+ * Note that the returned size is valid only until the next time
+ * (if any) @regset is modified for @target.
+ */
+static inline unsigned int regset_size(struct task_struct *target,
+ const struct user_regset *regset)
+{
+ if (!regset->get_size)
+ return regset->n * regset->size;
+ else
+ return regset->get_size(target, regset);
+}
#endif /* <linux/regset.h> */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Marc Zyngier
Currently, a guest kernel sees the true CPU feature registers
(ID_*_EL1) when it reads them using MRS instructions. This means
that the guest will observe features that are present in the
hardware but the host doesn't understand or doesn't provide support
for. A guest may legimitately try to use such a feature as per the
architecture, but use of the feature may trap instead of working
normally, triggering undef injection into the guest.
This is not a problem for the host, but the guest may go wrong when
running on newer hardware than the host knows about.
This patch hides from guest VMs any AArch64-specific CPU features
that the host doesn't support, by exposing to the guest the
sanitised versions of the registers computed by the cpufeatures
framework, instead of the true hardware registers. To achieve
this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
code is added to KVM to report the sanitised versions of the
affected registers in response to MRS and register reads from
userspace.
The affected registers are removed from invariant_sys_regs[] (since
the invariant_sys_regs handling is no longer quite correct for
them) and added to sys_reg_desgs[], with appropriate access(),
get_user() and set_user() methods. No runtime vcpu storage is
allocated for the registers: instead, they are read on demand from
the cpufeatures framework. This may need modification in the
future if there is a need for userspace to customise the features
visible to the guest.
Attempts by userspace to write the registers are handled similarly
to the current invariant_sys_regs handling: writes are permitted,
but only if they don't attempt to change the value. This is
sufficient to support VM snapshot/restore from userspace.
Because of the additional registers, restoring a VM on an older
kernel may not work unless userspace knows how to handle the extra
VM registers exposed to the KVM user ABI by this patch.
Under the principle of least damage, this patch makes no attempt to
handle any of the other registers currently in
invariant_sys_regs[], or to emulate registers for AArch32: however,
these could be handled in a similar way in future, as necessary.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
---
arch/arm64/include/asm/sysreg.h | 3 +
arch/arm64/kvm/hyp/switch.c | 6 +
arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
3 files changed, 246 insertions(+), 45 deletions(-)
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index f707fed..480ecd6 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -149,6 +149,9 @@
#define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
#define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
+#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
+#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
+
#define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
#define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
index 945e79c..35a90b8 100644
--- a/arch/arm64/kvm/hyp/switch.c
+++ b/arch/arm64/kvm/hyp/switch.c
@@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
* it will cause an exception.
*/
val = vcpu->arch.hcr_el2;
+
if (!(val & HCR_RW) && system_supports_fpsimd()) {
write_sysreg(1 << 30, fpexc32_el2);
isb();
}
+
+ if (val & HCR_RW) /* for AArch64 only: */
+ val |= HCR_TID3; /* TID3: trap feature register accesses */
+
write_sysreg(val, hcr_el2);
+
/* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
write_sysreg(1 << 15, hstr_el2);
/*
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 2e070d3..b1f7552 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
return true;
}
+/* Read a sanitised cpufeature ID register by sys_reg_desc */
+static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
+{
+ u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
+ (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
+
+ return raz ? 0 : read_sanitised_ftr_reg(id);
+}
+
+/* cpufeature ID register access trap handlers */
+
+static bool __access_id_reg(struct kvm_vcpu *vcpu,
+ struct sys_reg_params *p,
+ const struct sys_reg_desc *r,
+ bool raz)
+{
+ if (p->is_write)
+ return write_to_read_only(vcpu, p, r);
+
+ p->regval = read_id_reg(r, raz);
+ return true;
+}
+
+static bool access_id_reg(struct kvm_vcpu *vcpu,
+ struct sys_reg_params *p,
+ const struct sys_reg_desc *r)
+{
+ return __access_id_reg(vcpu, p, r, false);
+}
+
+static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
+ struct sys_reg_params *p,
+ const struct sys_reg_desc *r)
+{
+ return __access_id_reg(vcpu, p, r, true);
+}
+
+static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
+static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
+static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
+
+/*
+ * cpufeature ID register user accessors
+ *
+ * For now, these registers are immutable for userspace, so no values
+ * are stored, and for set_id_reg() we don't allow the effective value
+ * to be changed.
+ */
+static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
+ bool raz)
+{
+ const u64 id = sys_reg_to_index(rd);
+ const u64 val = read_id_reg(rd, raz);
+
+ return reg_to_user(uaddr, &val, id);
+}
+
+static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
+ bool raz)
+{
+ const u64 id = sys_reg_to_index(rd);
+ int err;
+ u64 val;
+
+ err = reg_from_user(&val, uaddr, id);
+ if (err)
+ return err;
+
+ /* This is what we mean by invariant: you can't change it. */
+ if (val != read_id_reg(rd, raz))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
+ const struct kvm_one_reg *reg, void __user *uaddr)
+{
+ return __get_id_reg(rd, uaddr, false);
+}
+
+static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
+ const struct kvm_one_reg *reg, void __user *uaddr)
+{
+ return __set_id_reg(rd, uaddr, false);
+}
+
+static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
+ const struct kvm_one_reg *reg, void __user *uaddr)
+{
+ return __get_id_reg(rd, uaddr, true);
+}
+
+static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
+ const struct kvm_one_reg *reg, void __user *uaddr)
+{
+ return __set_id_reg(rd, uaddr, true);
+}
+
+/* sys_reg_desc initialiser for known cpufeature ID registers */
+#define ID_SANITISED(name) { \
+ SYS_DESC(SYS_##name), \
+ .access = access_id_reg, \
+ .get_user = get_id_reg, \
+ .set_user = set_id_reg, \
+}
+
+/*
+ * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
+ * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
+ * (1 <= crm < 8, 0 <= Op2 < 8).
+ */
+#define ID_UNALLOCATED(crm, op2) { \
+ Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
+ .access = access_raz_id_reg, \
+ .get_user = get_raz_id_reg, \
+ .set_user = set_raz_id_reg, \
+}
+
+/*
+ * sys_reg_desc initialiser for known ID registers that we hide from guests.
+ * For now, these are exposed just like unallocated ID regs: they appear
+ * RAZ for the guest.
+ */
+#define ID_HIDDEN(name) { \
+ SYS_DESC(SYS_##name), \
+ .access = access_raz_id_reg, \
+ .get_user = get_raz_id_reg, \
+ .set_user = set_raz_id_reg, \
+}
+
/*
* Architected system registers.
* Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2
@@ -944,6 +1075,84 @@ static const struct sys_reg_desc sys_reg_descs[] = {
{ SYS_DESC(SYS_DBGVCR32_EL2), NULL, reset_val, DBGVCR32_EL2, 0 },
{ SYS_DESC(SYS_MPIDR_EL1), NULL, reset_mpidr, MPIDR_EL1 },
+
+ /*
+ * ID regs: all ID_SANITISED() entries here must have corresponding
+ * entries in arm64_ftr_regs[].
+ */
+
+ /* AArch64 mappings of the AArch32 ID registers */
+ /* CRm=1 */
+ ID_SANITISED(ID_PFR0_EL1),
+ ID_SANITISED(ID_PFR1_EL1),
+ ID_SANITISED(ID_DFR0_EL1),
+ ID_HIDDEN(ID_AFR0_EL1),
+ ID_SANITISED(ID_MMFR0_EL1),
+ ID_SANITISED(ID_MMFR1_EL1),
+ ID_SANITISED(ID_MMFR2_EL1),
+ ID_SANITISED(ID_MMFR3_EL1),
+
+ /* CRm=2 */
+ ID_SANITISED(ID_ISAR0_EL1),
+ ID_SANITISED(ID_ISAR1_EL1),
+ ID_SANITISED(ID_ISAR2_EL1),
+ ID_SANITISED(ID_ISAR3_EL1),
+ ID_SANITISED(ID_ISAR4_EL1),
+ ID_SANITISED(ID_ISAR5_EL1),
+ ID_SANITISED(ID_MMFR4_EL1),
+ ID_UNALLOCATED(2,7),
+
+ /* CRm=3 */
+ ID_SANITISED(MVFR0_EL1),
+ ID_SANITISED(MVFR1_EL1),
+ ID_SANITISED(MVFR2_EL1),
+ ID_UNALLOCATED(3,3),
+ ID_UNALLOCATED(3,4),
+ ID_UNALLOCATED(3,5),
+ ID_UNALLOCATED(3,6),
+ ID_UNALLOCATED(3,7),
+
+ /* AArch64 ID registers */
+ /* CRm=4 */
+ ID_SANITISED(ID_AA64PFR0_EL1),
+ ID_SANITISED(ID_AA64PFR1_EL1),
+ ID_UNALLOCATED(4,2),
+ ID_UNALLOCATED(4,3),
+ ID_UNALLOCATED(4,4),
+ ID_UNALLOCATED(4,5),
+ ID_UNALLOCATED(4,6),
+ ID_UNALLOCATED(4,7),
+
+ /* CRm=5 */
+ ID_SANITISED(ID_AA64DFR0_EL1),
+ ID_SANITISED(ID_AA64DFR1_EL1),
+ ID_UNALLOCATED(5,2),
+ ID_UNALLOCATED(5,3),
+ ID_HIDDEN(ID_AA64AFR0_EL1),
+ ID_HIDDEN(ID_AA64AFR1_EL1),
+ ID_UNALLOCATED(5,6),
+ ID_UNALLOCATED(5,7),
+
+ /* CRm=6 */
+ ID_SANITISED(ID_AA64ISAR0_EL1),
+ ID_SANITISED(ID_AA64ISAR1_EL1),
+ ID_UNALLOCATED(6,2),
+ ID_UNALLOCATED(6,3),
+ ID_UNALLOCATED(6,4),
+ ID_UNALLOCATED(6,5),
+ ID_UNALLOCATED(6,6),
+ ID_UNALLOCATED(6,7),
+
+ /* CRm=7 */
+ ID_SANITISED(ID_AA64MMFR0_EL1),
+ ID_SANITISED(ID_AA64MMFR1_EL1),
+ ID_SANITISED(ID_AA64MMFR2_EL1),
+ ID_UNALLOCATED(7,3),
+ ID_UNALLOCATED(7,4),
+ ID_UNALLOCATED(7,5),
+ ID_UNALLOCATED(7,6),
+ ID_UNALLOCATED(7,7),
+
{ SYS_DESC(SYS_SCTLR_EL1), access_vm_reg, reset_val, SCTLR_EL1, 0x00C50078 },
{ SYS_DESC(SYS_CPACR_EL1), NULL, reset_val, CPACR_EL1, 0 },
{ SYS_DESC(SYS_TTBR0_EL1), access_vm_reg, reset_unknown, TTBR0_EL1 },
@@ -1790,8 +1999,8 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
if (!r)
r = find_reg(¶ms, sys_reg_descs, ARRAY_SIZE(sys_reg_descs));
- /* Not saved in the sys_reg array? */
- if (r && !r->reg)
+ /* Not saved in the sys_reg array and not otherwise accessible? */
+ if (r && !(r->reg || r->get_user))
r = NULL;
return r;
@@ -1815,20 +2024,6 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
FUNCTION_INVARIANT(midr_el1)
FUNCTION_INVARIANT(ctr_el0)
FUNCTION_INVARIANT(revidr_el1)
-FUNCTION_INVARIANT(id_pfr0_el1)
-FUNCTION_INVARIANT(id_pfr1_el1)
-FUNCTION_INVARIANT(id_dfr0_el1)
-FUNCTION_INVARIANT(id_afr0_el1)
-FUNCTION_INVARIANT(id_mmfr0_el1)
-FUNCTION_INVARIANT(id_mmfr1_el1)
-FUNCTION_INVARIANT(id_mmfr2_el1)
-FUNCTION_INVARIANT(id_mmfr3_el1)
-FUNCTION_INVARIANT(id_isar0_el1)
-FUNCTION_INVARIANT(id_isar1_el1)
-FUNCTION_INVARIANT(id_isar2_el1)
-FUNCTION_INVARIANT(id_isar3_el1)
-FUNCTION_INVARIANT(id_isar4_el1)
-FUNCTION_INVARIANT(id_isar5_el1)
FUNCTION_INVARIANT(clidr_el1)
FUNCTION_INVARIANT(aidr_el1)
@@ -1836,20 +2031,6 @@ FUNCTION_INVARIANT(aidr_el1)
static struct sys_reg_desc invariant_sys_regs[] = {
{ SYS_DESC(SYS_MIDR_EL1), NULL, get_midr_el1 },
{ SYS_DESC(SYS_REVIDR_EL1), NULL, get_revidr_el1 },
- { SYS_DESC(SYS_ID_PFR0_EL1), NULL, get_id_pfr0_el1 },
- { SYS_DESC(SYS_ID_PFR1_EL1), NULL, get_id_pfr1_el1 },
- { SYS_DESC(SYS_ID_DFR0_EL1), NULL, get_id_dfr0_el1 },
- { SYS_DESC(SYS_ID_AFR0_EL1), NULL, get_id_afr0_el1 },
- { SYS_DESC(SYS_ID_MMFR0_EL1), NULL, get_id_mmfr0_el1 },
- { SYS_DESC(SYS_ID_MMFR1_EL1), NULL, get_id_mmfr1_el1 },
- { SYS_DESC(SYS_ID_MMFR2_EL1), NULL, get_id_mmfr2_el1 },
- { SYS_DESC(SYS_ID_MMFR3_EL1), NULL, get_id_mmfr3_el1 },
- { SYS_DESC(SYS_ID_ISAR0_EL1), NULL, get_id_isar0_el1 },
- { SYS_DESC(SYS_ID_ISAR1_EL1), NULL, get_id_isar1_el1 },
- { SYS_DESC(SYS_ID_ISAR2_EL1), NULL, get_id_isar2_el1 },
- { SYS_DESC(SYS_ID_ISAR3_EL1), NULL, get_id_isar3_el1 },
- { SYS_DESC(SYS_ID_ISAR4_EL1), NULL, get_id_isar4_el1 },
- { SYS_DESC(SYS_ID_ISAR5_EL1), NULL, get_id_isar5_el1 },
{ SYS_DESC(SYS_CLIDR_EL1), NULL, get_clidr_el1 },
{ SYS_DESC(SYS_AIDR_EL1), NULL, get_aidr_el1 },
{ SYS_DESC(SYS_CTR_EL0), NULL, get_ctr_el0 },
@@ -2079,12 +2260,31 @@ static bool copy_reg_to_user(const struct sys_reg_desc *reg, u64 __user **uind)
return true;
}
+static int walk_one_sys_reg(const struct sys_reg_desc *rd,
+ u64 __user **uind,
+ unsigned int *total)
+{
+ /*
+ * Ignore registers we trap but don't save,
+ * and for which no custom user accessor is provided.
+ */
+ if (!(rd->reg || rd->get_user))
+ return 0;
+
+ if (!copy_reg_to_user(rd, uind))
+ return -EFAULT;
+
+ (*total)++;
+ return 0;
+}
+
/* Assumed ordered tables, see kvm_sys_reg_table_init. */
static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
{
const struct sys_reg_desc *i1, *i2, *end1, *end2;
unsigned int total = 0;
size_t num;
+ int err;
/* We check for duplicates here, to allow arch-specific overrides. */
i1 = get_target_table(vcpu->arch.target, true, &num);
@@ -2098,21 +2298,13 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
while (i1 || i2) {
int cmp = cmp_sys_reg(i1, i2);
/* target-specific overrides generic entry. */
- if (cmp <= 0) {
- /* Ignore registers we trap but don't save. */
- if (i1->reg) {
- if (!copy_reg_to_user(i1, &uind))
- return -EFAULT;
- total++;
- }
- } else {
- /* Ignore registers we trap but don't save. */
- if (i2->reg) {
- if (!copy_reg_to_user(i2, &uind))
- return -EFAULT;
- total++;
- }
- }
+ if (cmp <= 0)
+ err = walk_one_sys_reg(i1, &uind, &total);
+ else
+ err = walk_one_sys_reg(i2, &uind, &total);
+
+ if (err)
+ return err;
if (cmp <= 0 && ++i1 == end1)
i1 = NULL;
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Currently, a guest kernel sees the true CPU feature registers
(ID_*_EL1) when it reads them using MRS instructions. This means
that the guest will observe features that are present in the
hardware but the host doesn't understand or doesn't provide support
for. A guest may legimitately try to use such a feature as per the
architecture, but use of the feature may trap instead of working
normally, triggering undef injection into the guest.
This is not a problem for the host, but the guest may go wrong when
running on newer hardware than the host knows about.
This patch hides from guest VMs any AArch64-specific CPU features
that the host doesn't support, by exposing to the guest the
sanitised versions of the registers computed by the cpufeatures
framework, instead of the true hardware registers. To achieve
this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
code is added to KVM to report the sanitised versions of the
affected registers in response to MRS and register reads from
userspace.
The affected registers are removed from invariant_sys_regs[] (since
the invariant_sys_regs handling is no longer quite correct for
them) and added to sys_reg_desgs[], with appropriate access(),
get_user() and set_user() methods. No runtime vcpu storage is
allocated for the registers: instead, they are read on demand from
the cpufeatures framework. This may need modification in the
future if there is a need for userspace to customise the features
visible to the guest.
Attempts by userspace to write the registers are handled similarly
to the current invariant_sys_regs handling: writes are permitted,
but only if they don't attempt to change the value. This is
sufficient to support VM snapshot/restore from userspace.
Because of the additional registers, restoring a VM on an older
kernel may not work unless userspace knows how to handle the extra
VM registers exposed to the KVM user ABI by this patch.
Under the principle of least damage, this patch makes no attempt to
handle any of the other registers currently in
invariant_sys_regs[], or to emulate registers for AArch32: however,
these could be handled in a similar way in future, as necessary.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
---
arch/arm64/include/asm/sysreg.h | 3 +
arch/arm64/kvm/hyp/switch.c | 6 +
arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
3 files changed, 246 insertions(+), 45 deletions(-)
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index f707fed..480ecd6 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -149,6 +149,9 @@
#define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
#define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
+#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
+#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
+
#define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
#define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
index 945e79c..35a90b8 100644
--- a/arch/arm64/kvm/hyp/switch.c
+++ b/arch/arm64/kvm/hyp/switch.c
@@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
* it will cause an exception.
*/
val = vcpu->arch.hcr_el2;
+
if (!(val & HCR_RW) && system_supports_fpsimd()) {
write_sysreg(1 << 30, fpexc32_el2);
isb();
}
+
+ if (val & HCR_RW) /* for AArch64 only: */
+ val |= HCR_TID3; /* TID3: trap feature register accesses */
+
write_sysreg(val, hcr_el2);
+
/* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
write_sysreg(1 << 15, hstr_el2);
/*
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 2e070d3..b1f7552 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
return true;
}
+/* Read a sanitised cpufeature ID register by sys_reg_desc */
+static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
+{
+ u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
+ (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
+
+ return raz ? 0 : read_sanitised_ftr_reg(id);
+}
+
+/* cpufeature ID register access trap handlers */
+
+static bool __access_id_reg(struct kvm_vcpu *vcpu,
+ struct sys_reg_params *p,
+ const struct sys_reg_desc *r,
+ bool raz)
+{
+ if (p->is_write)
+ return write_to_read_only(vcpu, p, r);
+
+ p->regval = read_id_reg(r, raz);
+ return true;
+}
+
+static bool access_id_reg(struct kvm_vcpu *vcpu,
+ struct sys_reg_params *p,
+ const struct sys_reg_desc *r)
+{
+ return __access_id_reg(vcpu, p, r, false);
+}
+
+static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
+ struct sys_reg_params *p,
+ const struct sys_reg_desc *r)
+{
+ return __access_id_reg(vcpu, p, r, true);
+}
+
+static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
+static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
+static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
+
+/*
+ * cpufeature ID register user accessors
+ *
+ * For now, these registers are immutable for userspace, so no values
+ * are stored, and for set_id_reg() we don't allow the effective value
+ * to be changed.
+ */
+static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
+ bool raz)
+{
+ const u64 id = sys_reg_to_index(rd);
+ const u64 val = read_id_reg(rd, raz);
+
+ return reg_to_user(uaddr, &val, id);
+}
+
+static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
+ bool raz)
+{
+ const u64 id = sys_reg_to_index(rd);
+ int err;
+ u64 val;
+
+ err = reg_from_user(&val, uaddr, id);
+ if (err)
+ return err;
+
+ /* This is what we mean by invariant: you can't change it. */
+ if (val != read_id_reg(rd, raz))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
+ const struct kvm_one_reg *reg, void __user *uaddr)
+{
+ return __get_id_reg(rd, uaddr, false);
+}
+
+static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
+ const struct kvm_one_reg *reg, void __user *uaddr)
+{
+ return __set_id_reg(rd, uaddr, false);
+}
+
+static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
+ const struct kvm_one_reg *reg, void __user *uaddr)
+{
+ return __get_id_reg(rd, uaddr, true);
+}
+
+static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
+ const struct kvm_one_reg *reg, void __user *uaddr)
+{
+ return __set_id_reg(rd, uaddr, true);
+}
+
+/* sys_reg_desc initialiser for known cpufeature ID registers */
+#define ID_SANITISED(name) { \
+ SYS_DESC(SYS_##name), \
+ .access = access_id_reg, \
+ .get_user = get_id_reg, \
+ .set_user = set_id_reg, \
+}
+
+/*
+ * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
+ * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
+ * (1 <= crm < 8, 0 <= Op2 < 8).
+ */
+#define ID_UNALLOCATED(crm, op2) { \
+ Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
+ .access = access_raz_id_reg, \
+ .get_user = get_raz_id_reg, \
+ .set_user = set_raz_id_reg, \
+}
+
+/*
+ * sys_reg_desc initialiser for known ID registers that we hide from guests.
+ * For now, these are exposed just like unallocated ID regs: they appear
+ * RAZ for the guest.
+ */
+#define ID_HIDDEN(name) { \
+ SYS_DESC(SYS_##name), \
+ .access = access_raz_id_reg, \
+ .get_user = get_raz_id_reg, \
+ .set_user = set_raz_id_reg, \
+}
+
/*
* Architected system registers.
* Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2
@@ -944,6 +1075,84 @@ static const struct sys_reg_desc sys_reg_descs[] = {
{ SYS_DESC(SYS_DBGVCR32_EL2), NULL, reset_val, DBGVCR32_EL2, 0 },
{ SYS_DESC(SYS_MPIDR_EL1), NULL, reset_mpidr, MPIDR_EL1 },
+
+ /*
+ * ID regs: all ID_SANITISED() entries here must have corresponding
+ * entries in arm64_ftr_regs[].
+ */
+
+ /* AArch64 mappings of the AArch32 ID registers */
+ /* CRm=1 */
+ ID_SANITISED(ID_PFR0_EL1),
+ ID_SANITISED(ID_PFR1_EL1),
+ ID_SANITISED(ID_DFR0_EL1),
+ ID_HIDDEN(ID_AFR0_EL1),
+ ID_SANITISED(ID_MMFR0_EL1),
+ ID_SANITISED(ID_MMFR1_EL1),
+ ID_SANITISED(ID_MMFR2_EL1),
+ ID_SANITISED(ID_MMFR3_EL1),
+
+ /* CRm=2 */
+ ID_SANITISED(ID_ISAR0_EL1),
+ ID_SANITISED(ID_ISAR1_EL1),
+ ID_SANITISED(ID_ISAR2_EL1),
+ ID_SANITISED(ID_ISAR3_EL1),
+ ID_SANITISED(ID_ISAR4_EL1),
+ ID_SANITISED(ID_ISAR5_EL1),
+ ID_SANITISED(ID_MMFR4_EL1),
+ ID_UNALLOCATED(2,7),
+
+ /* CRm=3 */
+ ID_SANITISED(MVFR0_EL1),
+ ID_SANITISED(MVFR1_EL1),
+ ID_SANITISED(MVFR2_EL1),
+ ID_UNALLOCATED(3,3),
+ ID_UNALLOCATED(3,4),
+ ID_UNALLOCATED(3,5),
+ ID_UNALLOCATED(3,6),
+ ID_UNALLOCATED(3,7),
+
+ /* AArch64 ID registers */
+ /* CRm=4 */
+ ID_SANITISED(ID_AA64PFR0_EL1),
+ ID_SANITISED(ID_AA64PFR1_EL1),
+ ID_UNALLOCATED(4,2),
+ ID_UNALLOCATED(4,3),
+ ID_UNALLOCATED(4,4),
+ ID_UNALLOCATED(4,5),
+ ID_UNALLOCATED(4,6),
+ ID_UNALLOCATED(4,7),
+
+ /* CRm=5 */
+ ID_SANITISED(ID_AA64DFR0_EL1),
+ ID_SANITISED(ID_AA64DFR1_EL1),
+ ID_UNALLOCATED(5,2),
+ ID_UNALLOCATED(5,3),
+ ID_HIDDEN(ID_AA64AFR0_EL1),
+ ID_HIDDEN(ID_AA64AFR1_EL1),
+ ID_UNALLOCATED(5,6),
+ ID_UNALLOCATED(5,7),
+
+ /* CRm=6 */
+ ID_SANITISED(ID_AA64ISAR0_EL1),
+ ID_SANITISED(ID_AA64ISAR1_EL1),
+ ID_UNALLOCATED(6,2),
+ ID_UNALLOCATED(6,3),
+ ID_UNALLOCATED(6,4),
+ ID_UNALLOCATED(6,5),
+ ID_UNALLOCATED(6,6),
+ ID_UNALLOCATED(6,7),
+
+ /* CRm=7 */
+ ID_SANITISED(ID_AA64MMFR0_EL1),
+ ID_SANITISED(ID_AA64MMFR1_EL1),
+ ID_SANITISED(ID_AA64MMFR2_EL1),
+ ID_UNALLOCATED(7,3),
+ ID_UNALLOCATED(7,4),
+ ID_UNALLOCATED(7,5),
+ ID_UNALLOCATED(7,6),
+ ID_UNALLOCATED(7,7),
+
{ SYS_DESC(SYS_SCTLR_EL1), access_vm_reg, reset_val, SCTLR_EL1, 0x00C50078 },
{ SYS_DESC(SYS_CPACR_EL1), NULL, reset_val, CPACR_EL1, 0 },
{ SYS_DESC(SYS_TTBR0_EL1), access_vm_reg, reset_unknown, TTBR0_EL1 },
@@ -1790,8 +1999,8 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
if (!r)
r = find_reg(¶ms, sys_reg_descs, ARRAY_SIZE(sys_reg_descs));
- /* Not saved in the sys_reg array? */
- if (r && !r->reg)
+ /* Not saved in the sys_reg array and not otherwise accessible? */
+ if (r && !(r->reg || r->get_user))
r = NULL;
return r;
@@ -1815,20 +2024,6 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
FUNCTION_INVARIANT(midr_el1)
FUNCTION_INVARIANT(ctr_el0)
FUNCTION_INVARIANT(revidr_el1)
-FUNCTION_INVARIANT(id_pfr0_el1)
-FUNCTION_INVARIANT(id_pfr1_el1)
-FUNCTION_INVARIANT(id_dfr0_el1)
-FUNCTION_INVARIANT(id_afr0_el1)
-FUNCTION_INVARIANT(id_mmfr0_el1)
-FUNCTION_INVARIANT(id_mmfr1_el1)
-FUNCTION_INVARIANT(id_mmfr2_el1)
-FUNCTION_INVARIANT(id_mmfr3_el1)
-FUNCTION_INVARIANT(id_isar0_el1)
-FUNCTION_INVARIANT(id_isar1_el1)
-FUNCTION_INVARIANT(id_isar2_el1)
-FUNCTION_INVARIANT(id_isar3_el1)
-FUNCTION_INVARIANT(id_isar4_el1)
-FUNCTION_INVARIANT(id_isar5_el1)
FUNCTION_INVARIANT(clidr_el1)
FUNCTION_INVARIANT(aidr_el1)
@@ -1836,20 +2031,6 @@ FUNCTION_INVARIANT(aidr_el1)
static struct sys_reg_desc invariant_sys_regs[] = {
{ SYS_DESC(SYS_MIDR_EL1), NULL, get_midr_el1 },
{ SYS_DESC(SYS_REVIDR_EL1), NULL, get_revidr_el1 },
- { SYS_DESC(SYS_ID_PFR0_EL1), NULL, get_id_pfr0_el1 },
- { SYS_DESC(SYS_ID_PFR1_EL1), NULL, get_id_pfr1_el1 },
- { SYS_DESC(SYS_ID_DFR0_EL1), NULL, get_id_dfr0_el1 },
- { SYS_DESC(SYS_ID_AFR0_EL1), NULL, get_id_afr0_el1 },
- { SYS_DESC(SYS_ID_MMFR0_EL1), NULL, get_id_mmfr0_el1 },
- { SYS_DESC(SYS_ID_MMFR1_EL1), NULL, get_id_mmfr1_el1 },
- { SYS_DESC(SYS_ID_MMFR2_EL1), NULL, get_id_mmfr2_el1 },
- { SYS_DESC(SYS_ID_MMFR3_EL1), NULL, get_id_mmfr3_el1 },
- { SYS_DESC(SYS_ID_ISAR0_EL1), NULL, get_id_isar0_el1 },
- { SYS_DESC(SYS_ID_ISAR1_EL1), NULL, get_id_isar1_el1 },
- { SYS_DESC(SYS_ID_ISAR2_EL1), NULL, get_id_isar2_el1 },
- { SYS_DESC(SYS_ID_ISAR3_EL1), NULL, get_id_isar3_el1 },
- { SYS_DESC(SYS_ID_ISAR4_EL1), NULL, get_id_isar4_el1 },
- { SYS_DESC(SYS_ID_ISAR5_EL1), NULL, get_id_isar5_el1 },
{ SYS_DESC(SYS_CLIDR_EL1), NULL, get_clidr_el1 },
{ SYS_DESC(SYS_AIDR_EL1), NULL, get_aidr_el1 },
{ SYS_DESC(SYS_CTR_EL0), NULL, get_ctr_el0 },
@@ -2079,12 +2260,31 @@ static bool copy_reg_to_user(const struct sys_reg_desc *reg, u64 __user **uind)
return true;
}
+static int walk_one_sys_reg(const struct sys_reg_desc *rd,
+ u64 __user **uind,
+ unsigned int *total)
+{
+ /*
+ * Ignore registers we trap but don't save,
+ * and for which no custom user accessor is provided.
+ */
+ if (!(rd->reg || rd->get_user))
+ return 0;
+
+ if (!copy_reg_to_user(rd, uind))
+ return -EFAULT;
+
+ (*total)++;
+ return 0;
+}
+
/* Assumed ordered tables, see kvm_sys_reg_table_init. */
static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
{
const struct sys_reg_desc *i1, *i2, *end1, *end2;
unsigned int total = 0;
size_t num;
+ int err;
/* We check for duplicates here, to allow arch-specific overrides. */
i1 = get_target_table(vcpu->arch.target, true, &num);
@@ -2098,21 +2298,13 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
while (i1 || i2) {
int cmp = cmp_sys_reg(i1, i2);
/* target-specific overrides generic entry. */
- if (cmp <= 0) {
- /* Ignore registers we trap but don't save. */
- if (i1->reg) {
- if (!copy_reg_to_user(i1, &uind))
- return -EFAULT;
- total++;
- }
- } else {
- /* Ignore registers we trap but don't save. */
- if (i2->reg) {
- if (!copy_reg_to_user(i2, &uind))
- return -EFAULT;
- total++;
- }
- }
+ if (cmp <= 0)
+ err = walk_one_sys_reg(i1, &uind, &total);
+ else
+ err = walk_one_sys_reg(i2, &uind, &total);
+
+ if (err)
+ return err;
if (cmp <= 0 && ++i1 == end1)
i1 = NULL;
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 03/28] arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
The EFI runtime services ABI permits calls to EFI to clobber
certain FPSIMD/NEON registers, as per the AArch64 procedure call
standard.
Saving/restoring the clobbered registers around such calls needs
KERNEL_MODE_NEON, but the dependency is missing from Kconfig.
This patch adds the missing dependency.
This will aid bisection of the patches implementing support for the
ARM Scalable Vector Extension (SVE).
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 0df64a6..ca711ac 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1063,6 +1063,7 @@ config EFI_STUB
config EFI
bool "UEFI runtime support"
depends on OF && !CPU_BIG_ENDIAN
+ depends on KERNEL_MODE_NEON
select LIBFDT
select UCS2_STRING
select EFI_PARAMS_FROM_FDT
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 03/28] arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
The EFI runtime services ABI permits calls to EFI to clobber
certain FPSIMD/NEON registers, as per the AArch64 procedure call
standard.
Saving/restoring the clobbered registers around such calls needs
KERNEL_MODE_NEON, but the dependency is missing from Kconfig.
This patch adds the missing dependency.
This will aid bisection of the patches implementing support for the
ARM Scalable Vector Extension (SVE).
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 0df64a6..ca711ac 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1063,6 +1063,7 @@ config EFI_STUB
config EFI
bool "UEFI runtime support"
depends on OF && !CPU_BIG_ENDIAN
+ depends on KERNEL_MODE_NEON
select LIBFDT
select UCS2_STRING
select EFI_PARAMS_FROM_FDT
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 04/28] arm64: Port deprecated instruction emulation to new sysctl interface
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
Currently, armv8_deprected.c takes charge of the "abi" sysctl
directory, which makes life difficult for other code that wants to
register sysctls in the same directory.
There is a "new" [1] sysctl registration interface that removes the
need to define ctl_tables for parent directories explicitly, which
is ideal here.
This patch ports register_insn_emulation_sysctl() over to the
register_sysctl() interface and removes the redundant ctl_table for
"abi".
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
[1] fea478d4101a (sysctl: Add register_sysctl for normal sysctl
users)
The commit message notes an intent to port users of the
pre-existing interfaces over to register_sysctl(), though the
number of users of the new interface currently appears negligible.
---
arch/arm64/kernel/armv8_deprecated.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8_deprecated.c
index d06fbe4..f6e828d 100644
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -228,15 +228,7 @@ static int emulation_proc_handler(struct ctl_table *table, int write,
return ret;
}
-static struct ctl_table ctl_abi[] = {
- {
- .procname = "abi",
- .mode = 0555,
- },
- { }
-};
-
-static void __init register_insn_emulation_sysctl(struct ctl_table *table)
+static void __init register_insn_emulation_sysctl(void)
{
unsigned long flags;
int i = 0;
@@ -262,8 +254,7 @@ static void __init register_insn_emulation_sysctl(struct ctl_table *table)
}
raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
- table->child = insns_sysctl;
- register_sysctl_table(table);
+ register_sysctl("abi", insns_sysctl);
}
/*
@@ -644,7 +635,7 @@ static int __init armv8_deprecated_init(void)
cpuhp_setup_state_nocalls(CPUHP_AP_ARM64_ISNDEP_STARTING,
"arm64/isndep:starting",
run_all_insn_set_hw_mode, NULL);
- register_insn_emulation_sysctl(ctl_abi);
+ register_insn_emulation_sysctl();
return 0;
}
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 04/28] arm64: Port deprecated instruction emulation to new sysctl interface
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Currently, armv8_deprected.c takes charge of the "abi" sysctl
directory, which makes life difficult for other code that wants to
register sysctls in the same directory.
There is a "new" [1] sysctl registration interface that removes the
need to define ctl_tables for parent directories explicitly, which
is ideal here.
This patch ports register_insn_emulation_sysctl() over to the
register_sysctl() interface and removes the redundant ctl_table for
"abi".
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
[1] fea478d4101a (sysctl: Add register_sysctl for normal sysctl
users)
The commit message notes an intent to port users of the
pre-existing interfaces over to register_sysctl(), though the
number of users of the new interface currently appears negligible.
---
arch/arm64/kernel/armv8_deprecated.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8_deprecated.c
index d06fbe4..f6e828d 100644
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -228,15 +228,7 @@ static int emulation_proc_handler(struct ctl_table *table, int write,
return ret;
}
-static struct ctl_table ctl_abi[] = {
- {
- .procname = "abi",
- .mode = 0555,
- },
- { }
-};
-
-static void __init register_insn_emulation_sysctl(struct ctl_table *table)
+static void __init register_insn_emulation_sysctl(void)
{
unsigned long flags;
int i = 0;
@@ -262,8 +254,7 @@ static void __init register_insn_emulation_sysctl(struct ctl_table *table)
}
raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
- table->child = insns_sysctl;
- register_sysctl_table(table);
+ register_sysctl("abi", insns_sysctl);
}
/*
@@ -644,7 +635,7 @@ static int __init armv8_deprecated_init(void)
cpuhp_setup_state_nocalls(CPUHP_AP_ARM64_ISNDEP_STARTING,
"arm64/isndep:starting",
run_all_insn_set_hw_mode, NULL);
- register_insn_emulation_sysctl(ctl_abi);
+ register_insn_emulation_sysctl();
return 0;
}
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set, clear}_ti_thread_flag()
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
The existing FPSIMD context switch code contains a couple of
instances of {set,clear}_ti_thread(task_thread_info(task)). Since
there are thread flag manipulators that operate directly on
task_struct, this verbosity isn't strictly needed.
For consistency, this patch simplifies the affected calls. This
should have no impact on behaviour.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 5d547de..7a865c8 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -159,11 +159,9 @@ void fpsimd_thread_switch(struct task_struct *next)
if (__this_cpu_read(fpsimd_last_state) == st
&& st->cpu == smp_processor_id())
- clear_ti_thread_flag(task_thread_info(next),
- TIF_FOREIGN_FPSTATE);
+ clear_tsk_thread_flag(next, TIF_FOREIGN_FPSTATE);
else
- set_ti_thread_flag(task_thread_info(next),
- TIF_FOREIGN_FPSTATE);
+ set_tsk_thread_flag(next, TIF_FOREIGN_FPSTATE);
}
}
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag()
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
The existing FPSIMD context switch code contains a couple of
instances of {set,clear}_ti_thread(task_thread_info(task)). Since
there are thread flag manipulators that operate directly on
task_struct, this verbosity isn't strictly needed.
For consistency, this patch simplifies the affected calls. This
should have no impact on behaviour.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 5d547de..7a865c8 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -159,11 +159,9 @@ void fpsimd_thread_switch(struct task_struct *next)
if (__this_cpu_read(fpsimd_last_state) == st
&& st->cpu == smp_processor_id())
- clear_ti_thread_flag(task_thread_info(next),
- TIF_FOREIGN_FPSTATE);
+ clear_tsk_thread_flag(next, TIF_FOREIGN_FPSTATE);
else
- set_ti_thread_flag(task_thread_info(next),
- TIF_FOREIGN_FPSTATE);
+ set_tsk_thread_flag(next, TIF_FOREIGN_FPSTATE);
}
}
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set, clear}_ti_thread_flag()
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
The existing FPSIMD context switch code contains a couple of
instances of {set,clear}_ti_thread(task_thread_info(task)). Since
there are thread flag manipulators that operate directly on
task_struct, this verbosity isn't strictly needed.
For consistency, this patch simplifies the affected calls. This
should have no impact on behaviour.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 5d547de..7a865c8 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -159,11 +159,9 @@ void fpsimd_thread_switch(struct task_struct *next)
if (__this_cpu_read(fpsimd_last_state) == st
&& st->cpu == smp_processor_id())
- clear_ti_thread_flag(task_thread_info(next),
- TIF_FOREIGN_FPSTATE);
+ clear_tsk_thread_flag(next, TIF_FOREIGN_FPSTATE);
else
- set_ti_thread_flag(task_thread_info(next),
- TIF_FOREIGN_FPSTATE);
+ set_tsk_thread_flag(next, TIF_FOREIGN_FPSTATE);
}
}
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 06/28] arm64/sve: System register and exception syndrome definitions
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
The SVE architecture adds some system registers, ID register fields
and a dedicated ESR exception class.
This patch adds the appropriate definitions that will be needed by
the kernel.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/include/asm/esr.h | 3 ++-
arch/arm64/include/asm/kvm_arm.h | 1 +
arch/arm64/include/asm/sysreg.h | 21 +++++++++++++++++++++
arch/arm64/kernel/traps.c | 1 +
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h
index 66ed8b6..014d7d8 100644
--- a/arch/arm64/include/asm/esr.h
+++ b/arch/arm64/include/asm/esr.h
@@ -43,7 +43,8 @@
#define ESR_ELx_EC_HVC64 (0x16)
#define ESR_ELx_EC_SMC64 (0x17)
#define ESR_ELx_EC_SYS64 (0x18)
-/* Unallocated EC: 0x19 - 0x1E */
+#define ESR_ELx_EC_SVE (0x19)
+/* Unallocated EC: 0x1A - 0x1E */
#define ESR_ELx_EC_IMP_DEF (0x1f)
#define ESR_ELx_EC_IABT_LOW (0x20)
#define ESR_ELx_EC_IABT_CUR (0x21)
diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
index 61d694c..dbf0537 100644
--- a/arch/arm64/include/asm/kvm_arm.h
+++ b/arch/arm64/include/asm/kvm_arm.h
@@ -185,6 +185,7 @@
#define CPTR_EL2_TCPAC (1 << 31)
#define CPTR_EL2_TTA (1 << 20)
#define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
+#define CPTR_EL2_TZ (1 << 8)
#define CPTR_EL2_DEFAULT 0x000033ff
/* Hyp Debug Configuration Register bits */
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index 480ecd6..36fe2ae 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -145,6 +145,7 @@
#define SYS_ID_AA64PFR0_EL1 sys_reg(3, 0, 0, 4, 0)
#define SYS_ID_AA64PFR1_EL1 sys_reg(3, 0, 0, 4, 1)
+#define SYS_ID_AA64ZFR0_EL1 sys_reg(3, 0, 0, 4, 4)
#define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
#define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
@@ -163,6 +164,8 @@
#define SYS_ACTLR_EL1 sys_reg(3, 0, 1, 0, 1)
#define SYS_CPACR_EL1 sys_reg(3, 0, 1, 0, 2)
+#define SYS_ZCR_EL1 sys_reg(3, 0, 1, 2, 0)
+
#define SYS_TTBR0_EL1 sys_reg(3, 0, 2, 0, 0)
#define SYS_TTBR1_EL1 sys_reg(3, 0, 2, 0, 1)
#define SYS_TCR_EL1 sys_reg(3, 0, 2, 0, 2)
@@ -253,6 +256,8 @@
#define SYS_PMCCFILTR_EL0 sys_reg (3, 3, 14, 15, 7)
+#define SYS_ZCR_EL2 sys_reg(3, 4, 1, 2, 0)
+
#define SYS_DACR32_EL2 sys_reg(3, 4, 3, 0, 0)
#define SYS_IFSR32_EL2 sys_reg(3, 4, 5, 0, 1)
#define SYS_FPEXC32_EL2 sys_reg(3, 4, 5, 3, 0)
@@ -335,6 +340,7 @@
#define ID_AA64ISAR1_DPB_SHIFT 0
/* id_aa64pfr0 */
+#define ID_AA64PFR0_SVE_SHIFT 32
#define ID_AA64PFR0_GIC_SHIFT 24
#define ID_AA64PFR0_ASIMD_SHIFT 20
#define ID_AA64PFR0_FP_SHIFT 16
@@ -343,6 +349,7 @@
#define ID_AA64PFR0_EL1_SHIFT 4
#define ID_AA64PFR0_EL0_SHIFT 0
+#define ID_AA64PFR0_SVE 0x1
#define ID_AA64PFR0_FP_NI 0xf
#define ID_AA64PFR0_FP_SUPPORTED 0x0
#define ID_AA64PFR0_ASIMD_NI 0xf
@@ -444,6 +451,20 @@
#endif
+/*
+ * The ZCR_ELx_LEN_* definitions intentionally include bits [8:4] which
+ * are reserved by the SVE architecture for future expansion of the LEN
+ * field, with compatible semantics.
+ */
+#define ZCR_ELx_LEN_SHIFT 0
+#define ZCR_ELx_LEN_SIZE 9
+#define ZCR_ELx_LEN_MASK 0x1ff
+
+#define CPACR_EL1_ZEN_EL1EN (1 << 16) /* enable EL1 access */
+#define CPACR_EL1_ZEN_EL0EN (1 << 17) /* enable EL0 access, if EL1EN set */
+#define CPACR_EL1_ZEN (CPACR_EL1_ZEN_EL1EN | CPACR_EL1_ZEN_EL0EN)
+
+
/* Safe value for MPIDR_EL1: Bit31:RES1, Bit30:U:0, Bit24:MT:0 */
#define SYS_MPIDR_SAFE_VAL (1UL << 31)
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index 5ea4b85..f202932 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -603,6 +603,7 @@ static const char *esr_class_str[] = {
[ESR_ELx_EC_HVC64] = "HVC (AArch64)",
[ESR_ELx_EC_SMC64] = "SMC (AArch64)",
[ESR_ELx_EC_SYS64] = "MSR/MRS (AArch64)",
+ [ESR_ELx_EC_SVE] = "SVE",
[ESR_ELx_EC_IMP_DEF] = "EL3 IMP DEF",
[ESR_ELx_EC_IABT_LOW] = "IABT (lower EL)",
[ESR_ELx_EC_IABT_CUR] = "IABT (current EL)",
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 06/28] arm64/sve: System register and exception syndrome definitions
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
The SVE architecture adds some system registers, ID register fields
and a dedicated ESR exception class.
This patch adds the appropriate definitions that will be needed by
the kernel.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/include/asm/esr.h | 3 ++-
arch/arm64/include/asm/kvm_arm.h | 1 +
arch/arm64/include/asm/sysreg.h | 21 +++++++++++++++++++++
arch/arm64/kernel/traps.c | 1 +
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h
index 66ed8b6..014d7d8 100644
--- a/arch/arm64/include/asm/esr.h
+++ b/arch/arm64/include/asm/esr.h
@@ -43,7 +43,8 @@
#define ESR_ELx_EC_HVC64 (0x16)
#define ESR_ELx_EC_SMC64 (0x17)
#define ESR_ELx_EC_SYS64 (0x18)
-/* Unallocated EC: 0x19 - 0x1E */
+#define ESR_ELx_EC_SVE (0x19)
+/* Unallocated EC: 0x1A - 0x1E */
#define ESR_ELx_EC_IMP_DEF (0x1f)
#define ESR_ELx_EC_IABT_LOW (0x20)
#define ESR_ELx_EC_IABT_CUR (0x21)
diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
index 61d694c..dbf0537 100644
--- a/arch/arm64/include/asm/kvm_arm.h
+++ b/arch/arm64/include/asm/kvm_arm.h
@@ -185,6 +185,7 @@
#define CPTR_EL2_TCPAC (1 << 31)
#define CPTR_EL2_TTA (1 << 20)
#define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
+#define CPTR_EL2_TZ (1 << 8)
#define CPTR_EL2_DEFAULT 0x000033ff
/* Hyp Debug Configuration Register bits */
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index 480ecd6..36fe2ae 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -145,6 +145,7 @@
#define SYS_ID_AA64PFR0_EL1 sys_reg(3, 0, 0, 4, 0)
#define SYS_ID_AA64PFR1_EL1 sys_reg(3, 0, 0, 4, 1)
+#define SYS_ID_AA64ZFR0_EL1 sys_reg(3, 0, 0, 4, 4)
#define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
#define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
@@ -163,6 +164,8 @@
#define SYS_ACTLR_EL1 sys_reg(3, 0, 1, 0, 1)
#define SYS_CPACR_EL1 sys_reg(3, 0, 1, 0, 2)
+#define SYS_ZCR_EL1 sys_reg(3, 0, 1, 2, 0)
+
#define SYS_TTBR0_EL1 sys_reg(3, 0, 2, 0, 0)
#define SYS_TTBR1_EL1 sys_reg(3, 0, 2, 0, 1)
#define SYS_TCR_EL1 sys_reg(3, 0, 2, 0, 2)
@@ -253,6 +256,8 @@
#define SYS_PMCCFILTR_EL0 sys_reg (3, 3, 14, 15, 7)
+#define SYS_ZCR_EL2 sys_reg(3, 4, 1, 2, 0)
+
#define SYS_DACR32_EL2 sys_reg(3, 4, 3, 0, 0)
#define SYS_IFSR32_EL2 sys_reg(3, 4, 5, 0, 1)
#define SYS_FPEXC32_EL2 sys_reg(3, 4, 5, 3, 0)
@@ -335,6 +340,7 @@
#define ID_AA64ISAR1_DPB_SHIFT 0
/* id_aa64pfr0 */
+#define ID_AA64PFR0_SVE_SHIFT 32
#define ID_AA64PFR0_GIC_SHIFT 24
#define ID_AA64PFR0_ASIMD_SHIFT 20
#define ID_AA64PFR0_FP_SHIFT 16
@@ -343,6 +349,7 @@
#define ID_AA64PFR0_EL1_SHIFT 4
#define ID_AA64PFR0_EL0_SHIFT 0
+#define ID_AA64PFR0_SVE 0x1
#define ID_AA64PFR0_FP_NI 0xf
#define ID_AA64PFR0_FP_SUPPORTED 0x0
#define ID_AA64PFR0_ASIMD_NI 0xf
@@ -444,6 +451,20 @@
#endif
+/*
+ * The ZCR_ELx_LEN_* definitions intentionally include bits [8:4] which
+ * are reserved by the SVE architecture for future expansion of the LEN
+ * field, with compatible semantics.
+ */
+#define ZCR_ELx_LEN_SHIFT 0
+#define ZCR_ELx_LEN_SIZE 9
+#define ZCR_ELx_LEN_MASK 0x1ff
+
+#define CPACR_EL1_ZEN_EL1EN (1 << 16) /* enable EL1 access */
+#define CPACR_EL1_ZEN_EL0EN (1 << 17) /* enable EL0 access, if EL1EN set */
+#define CPACR_EL1_ZEN (CPACR_EL1_ZEN_EL1EN | CPACR_EL1_ZEN_EL0EN)
+
+
/* Safe value for MPIDR_EL1: Bit31:RES1, Bit30:U:0, Bit24:MT:0 */
#define SYS_MPIDR_SAFE_VAL (1UL << 31)
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index 5ea4b85..f202932 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -603,6 +603,7 @@ static const char *esr_class_str[] = {
[ESR_ELx_EC_HVC64] = "HVC (AArch64)",
[ESR_ELx_EC_SMC64] = "SMC (AArch64)",
[ESR_ELx_EC_SYS64] = "MSR/MRS (AArch64)",
+ [ESR_ELx_EC_SVE] = "SVE",
[ESR_ELx_EC_IMP_DEF] = "EL3 IMP DEF",
[ESR_ELx_EC_IABT_LOW] = "IABT (lower EL)",
[ESR_ELx_EC_IABT_CUR] = "IABT (current EL)",
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 07/28] arm64/sve: Low-level SVE architectural state manipulation functions
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
Manipulating the SVE architectural state, including the vector and
predicate registers, first-fault register and the vector length,
requires the use of dedicated instructions added by SVE.
This patch adds suitable assembly functions for saving and
restoring the SVE registers and querying the vector length.
Setting of the vector length is done as part of register restore.
Since people building kernels may not all get an SVE-enabled
toolchain for a while, this patch uses macros that generate
explicit opcodes in place of assembler mnemonics.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/include/asm/fpsimd.h | 5 ++
arch/arm64/include/asm/fpsimdmacros.h | 148 ++++++++++++++++++++++++++++++++++
arch/arm64/kernel/entry-fpsimd.S | 17 ++++
3 files changed, 170 insertions(+)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 410c481..026a7c7 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -67,6 +67,11 @@ extern void fpsimd_update_current_state(struct fpsimd_state *state);
extern void fpsimd_flush_task_state(struct task_struct *target);
+extern void sve_save_state(void *state, u32 *pfpsr);
+extern void sve_load_state(void const *state, u32 const *pfpsr,
+ unsigned long vq_minus_1);
+extern unsigned int sve_get_vl(void);
+
/* For use by EFI runtime services calls only */
extern void __efi_fpsimd_begin(void);
extern void __efi_fpsimd_end(void);
diff --git a/arch/arm64/include/asm/fpsimdmacros.h b/arch/arm64/include/asm/fpsimdmacros.h
index 0f5fdd3..e050d76 100644
--- a/arch/arm64/include/asm/fpsimdmacros.h
+++ b/arch/arm64/include/asm/fpsimdmacros.h
@@ -75,3 +75,151 @@
ldr w\tmpnr, [\state, #16 * 2 + 4]
fpsimd_restore_fpcr x\tmpnr, \state
.endm
+
+/* Sanity-check macros to help avoid encoding garbage instructions */
+
+.macro _check_general_reg nr
+ .if (\nr) < 0 || (\nr) > 30
+ .error "Bad register number \nr."
+ .endif
+.endm
+
+.macro _sve_check_zreg znr
+ .if (\znr) < 0 || (\znr) > 31
+ .error "Bad Scalable Vector Extension vector register number \znr."
+ .endif
+.endm
+
+.macro _sve_check_preg pnr
+ .if (\pnr) < 0 || (\pnr) > 15
+ .error "Bad Scalable Vector Extension predicate register number \pnr."
+ .endif
+.endm
+
+.macro _check_num n, min, max
+ .if (\n) < (\min) || (\n) > (\max)
+ .error "Number \n out of range [\min,\max]"
+ .endif
+.endm
+
+/* SVE instruction encodings for non-SVE-capable assemblers */
+
+/* STR (vector): STR Z\nz, [X\nxbase, #\offset, MUL VL] */
+.macro _sve_str_v nz, nxbase, offset=0
+ _sve_check_zreg \nz
+ _check_general_reg \nxbase
+ _check_num (\offset), -0x100, 0xff
+ .inst 0xe5804000 \
+ | (\nz) \
+ | ((\nxbase) << 5) \
+ | (((\offset) & 7) << 10) \
+ | (((\offset) & 0x1f8) << 13)
+.endm
+
+/* LDR (vector): LDR Z\nz, [X\nxbase, #\offset, MUL VL] */
+.macro _sve_ldr_v nz, nxbase, offset=0
+ _sve_check_zreg \nz
+ _check_general_reg \nxbase
+ _check_num (\offset), -0x100, 0xff
+ .inst 0x85804000 \
+ | (\nz) \
+ | ((\nxbase) << 5) \
+ | (((\offset) & 7) << 10) \
+ | (((\offset) & 0x1f8) << 13)
+.endm
+
+/* STR (predicate): STR P\np, [X\nxbase, #\offset, MUL VL] */
+.macro _sve_str_p np, nxbase, offset=0
+ _sve_check_preg \np
+ _check_general_reg \nxbase
+ _check_num (\offset), -0x100, 0xff
+ .inst 0xe5800000 \
+ | (\np) \
+ | ((\nxbase) << 5) \
+ | (((\offset) & 7) << 10) \
+ | (((\offset) & 0x1f8) << 13)
+.endm
+
+/* LDR (predicate): LDR P\np, [X\nxbase, #\offset, MUL VL] */
+.macro _sve_ldr_p np, nxbase, offset=0
+ _sve_check_preg \np
+ _check_general_reg \nxbase
+ _check_num (\offset), -0x100, 0xff
+ .inst 0x85800000 \
+ | (\np) \
+ | ((\nxbase) << 5) \
+ | (((\offset) & 7) << 10) \
+ | (((\offset) & 0x1f8) << 13)
+.endm
+
+/* RDVL X\nx, #\imm */
+.macro _sve_rdvl nx, imm
+ _check_general_reg \nx
+ _check_num (\imm), -0x20, 0x1f
+ .inst 0x04bf5000 \
+ | (\nx) \
+ | (((\imm) & 0x3f) << 5)
+.endm
+
+/* RDFFR (unpredicated): RDFFR P\np.B */
+.macro _sve_rdffr np
+ _sve_check_preg \np
+ .inst 0x2519f000 \
+ | (\np)
+.endm
+
+/* WRFFR P\np.B */
+.macro _sve_wrffr np
+ _sve_check_preg \np
+ .inst 0x25289000 \
+ | ((\np) << 5)
+.endm
+
+.macro __for from:req, to:req
+ .if (\from) == (\to)
+ _for__body \from
+ .else
+ __for \from, (\from) + ((\to) - (\from)) / 2
+ __for (\from) + ((\to) - (\from)) / 2 + 1, \to
+ .endif
+.endm
+
+.macro _for var:req, from:req, to:req, insn:vararg
+ .macro _for__body \var:req
+ \insn
+ .endm
+
+ __for \from, \to
+
+ .purgem _for__body
+.endm
+
+.macro sve_save nxbase, xpfpsr, nxtmp
+ _for n, 0, 31, _sve_str_v \n, \nxbase, \n - 34
+ _for n, 0, 15, _sve_str_p \n, \nxbase, \n - 16
+ _sve_rdffr 0
+ _sve_str_p 0, \nxbase
+ _sve_ldr_p 0, \nxbase, -16
+
+ mrs x\nxtmp, fpsr
+ str w\nxtmp, [\xpfpsr]
+ mrs x\nxtmp, fpcr
+ str w\nxtmp, [\xpfpsr, #4]
+.endm
+
+.macro sve_load nxbase, xpfpsr, xvqminus1, nxtmp
+ mrs_s x\nxtmp, SYS_ZCR_EL1
+ bic x\nxtmp, x\nxtmp, ZCR_ELx_LEN_MASK
+ orr x\nxtmp, x\nxtmp, \xvqminus1
+ msr_s SYS_ZCR_EL1, x\nxtmp // self-synchronising
+
+ _for n, 0, 31, _sve_ldr_v \n, \nxbase, \n - 34
+ _sve_ldr_p 0, \nxbase
+ _sve_wrffr 0
+ _for n, 0, 15, _sve_ldr_p \n, \nxbase, \n - 16
+
+ ldr w\nxtmp, [\xpfpsr]
+ msr fpsr, x\nxtmp
+ ldr w\nxtmp, [\xpfpsr, #4]
+ msr fpcr, x\nxtmp
+.endm
diff --git a/arch/arm64/kernel/entry-fpsimd.S b/arch/arm64/kernel/entry-fpsimd.S
index 6a27cd6..73f17bf 100644
--- a/arch/arm64/kernel/entry-fpsimd.S
+++ b/arch/arm64/kernel/entry-fpsimd.S
@@ -41,3 +41,20 @@ ENTRY(fpsimd_load_state)
fpsimd_restore x0, 8
ret
ENDPROC(fpsimd_load_state)
+
+#ifdef CONFIG_ARM64_SVE
+ENTRY(sve_save_state)
+ sve_save 0, x1, 2
+ ret
+ENDPROC(sve_save_state)
+
+ENTRY(sve_load_state)
+ sve_load 0, x1, x2, 3
+ ret
+ENDPROC(sve_load_state)
+
+ENTRY(sve_get_vl)
+ _sve_rdvl 0, 1
+ ret
+ENDPROC(sve_get_vl)
+#endif /* CONFIG_ARM64_SVE */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 07/28] arm64/sve: Low-level SVE architectural state manipulation functions
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Manipulating the SVE architectural state, including the vector and
predicate registers, first-fault register and the vector length,
requires the use of dedicated instructions added by SVE.
This patch adds suitable assembly functions for saving and
restoring the SVE registers and querying the vector length.
Setting of the vector length is done as part of register restore.
Since people building kernels may not all get an SVE-enabled
toolchain for a while, this patch uses macros that generate
explicit opcodes in place of assembler mnemonics.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/include/asm/fpsimd.h | 5 ++
arch/arm64/include/asm/fpsimdmacros.h | 148 ++++++++++++++++++++++++++++++++++
arch/arm64/kernel/entry-fpsimd.S | 17 ++++
3 files changed, 170 insertions(+)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 410c481..026a7c7 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -67,6 +67,11 @@ extern void fpsimd_update_current_state(struct fpsimd_state *state);
extern void fpsimd_flush_task_state(struct task_struct *target);
+extern void sve_save_state(void *state, u32 *pfpsr);
+extern void sve_load_state(void const *state, u32 const *pfpsr,
+ unsigned long vq_minus_1);
+extern unsigned int sve_get_vl(void);
+
/* For use by EFI runtime services calls only */
extern void __efi_fpsimd_begin(void);
extern void __efi_fpsimd_end(void);
diff --git a/arch/arm64/include/asm/fpsimdmacros.h b/arch/arm64/include/asm/fpsimdmacros.h
index 0f5fdd3..e050d76 100644
--- a/arch/arm64/include/asm/fpsimdmacros.h
+++ b/arch/arm64/include/asm/fpsimdmacros.h
@@ -75,3 +75,151 @@
ldr w\tmpnr, [\state, #16 * 2 + 4]
fpsimd_restore_fpcr x\tmpnr, \state
.endm
+
+/* Sanity-check macros to help avoid encoding garbage instructions */
+
+.macro _check_general_reg nr
+ .if (\nr) < 0 || (\nr) > 30
+ .error "Bad register number \nr."
+ .endif
+.endm
+
+.macro _sve_check_zreg znr
+ .if (\znr) < 0 || (\znr) > 31
+ .error "Bad Scalable Vector Extension vector register number \znr."
+ .endif
+.endm
+
+.macro _sve_check_preg pnr
+ .if (\pnr) < 0 || (\pnr) > 15
+ .error "Bad Scalable Vector Extension predicate register number \pnr."
+ .endif
+.endm
+
+.macro _check_num n, min, max
+ .if (\n) < (\min) || (\n) > (\max)
+ .error "Number \n out of range [\min,\max]"
+ .endif
+.endm
+
+/* SVE instruction encodings for non-SVE-capable assemblers */
+
+/* STR (vector): STR Z\nz, [X\nxbase, #\offset, MUL VL] */
+.macro _sve_str_v nz, nxbase, offset=0
+ _sve_check_zreg \nz
+ _check_general_reg \nxbase
+ _check_num (\offset), -0x100, 0xff
+ .inst 0xe5804000 \
+ | (\nz) \
+ | ((\nxbase) << 5) \
+ | (((\offset) & 7) << 10) \
+ | (((\offset) & 0x1f8) << 13)
+.endm
+
+/* LDR (vector): LDR Z\nz, [X\nxbase, #\offset, MUL VL] */
+.macro _sve_ldr_v nz, nxbase, offset=0
+ _sve_check_zreg \nz
+ _check_general_reg \nxbase
+ _check_num (\offset), -0x100, 0xff
+ .inst 0x85804000 \
+ | (\nz) \
+ | ((\nxbase) << 5) \
+ | (((\offset) & 7) << 10) \
+ | (((\offset) & 0x1f8) << 13)
+.endm
+
+/* STR (predicate): STR P\np, [X\nxbase, #\offset, MUL VL] */
+.macro _sve_str_p np, nxbase, offset=0
+ _sve_check_preg \np
+ _check_general_reg \nxbase
+ _check_num (\offset), -0x100, 0xff
+ .inst 0xe5800000 \
+ | (\np) \
+ | ((\nxbase) << 5) \
+ | (((\offset) & 7) << 10) \
+ | (((\offset) & 0x1f8) << 13)
+.endm
+
+/* LDR (predicate): LDR P\np, [X\nxbase, #\offset, MUL VL] */
+.macro _sve_ldr_p np, nxbase, offset=0
+ _sve_check_preg \np
+ _check_general_reg \nxbase
+ _check_num (\offset), -0x100, 0xff
+ .inst 0x85800000 \
+ | (\np) \
+ | ((\nxbase) << 5) \
+ | (((\offset) & 7) << 10) \
+ | (((\offset) & 0x1f8) << 13)
+.endm
+
+/* RDVL X\nx, #\imm */
+.macro _sve_rdvl nx, imm
+ _check_general_reg \nx
+ _check_num (\imm), -0x20, 0x1f
+ .inst 0x04bf5000 \
+ | (\nx) \
+ | (((\imm) & 0x3f) << 5)
+.endm
+
+/* RDFFR (unpredicated): RDFFR P\np.B */
+.macro _sve_rdffr np
+ _sve_check_preg \np
+ .inst 0x2519f000 \
+ | (\np)
+.endm
+
+/* WRFFR P\np.B */
+.macro _sve_wrffr np
+ _sve_check_preg \np
+ .inst 0x25289000 \
+ | ((\np) << 5)
+.endm
+
+.macro __for from:req, to:req
+ .if (\from) == (\to)
+ _for__body \from
+ .else
+ __for \from, (\from) + ((\to) - (\from)) / 2
+ __for (\from) + ((\to) - (\from)) / 2 + 1, \to
+ .endif
+.endm
+
+.macro _for var:req, from:req, to:req, insn:vararg
+ .macro _for__body \var:req
+ \insn
+ .endm
+
+ __for \from, \to
+
+ .purgem _for__body
+.endm
+
+.macro sve_save nxbase, xpfpsr, nxtmp
+ _for n, 0, 31, _sve_str_v \n, \nxbase, \n - 34
+ _for n, 0, 15, _sve_str_p \n, \nxbase, \n - 16
+ _sve_rdffr 0
+ _sve_str_p 0, \nxbase
+ _sve_ldr_p 0, \nxbase, -16
+
+ mrs x\nxtmp, fpsr
+ str w\nxtmp, [\xpfpsr]
+ mrs x\nxtmp, fpcr
+ str w\nxtmp, [\xpfpsr, #4]
+.endm
+
+.macro sve_load nxbase, xpfpsr, xvqminus1, nxtmp
+ mrs_s x\nxtmp, SYS_ZCR_EL1
+ bic x\nxtmp, x\nxtmp, ZCR_ELx_LEN_MASK
+ orr x\nxtmp, x\nxtmp, \xvqminus1
+ msr_s SYS_ZCR_EL1, x\nxtmp // self-synchronising
+
+ _for n, 0, 31, _sve_ldr_v \n, \nxbase, \n - 34
+ _sve_ldr_p 0, \nxbase
+ _sve_wrffr 0
+ _for n, 0, 15, _sve_ldr_p \n, \nxbase, \n - 16
+
+ ldr w\nxtmp, [\xpfpsr]
+ msr fpsr, x\nxtmp
+ ldr w\nxtmp, [\xpfpsr, #4]
+ msr fpcr, x\nxtmp
+.endm
diff --git a/arch/arm64/kernel/entry-fpsimd.S b/arch/arm64/kernel/entry-fpsimd.S
index 6a27cd6..73f17bf 100644
--- a/arch/arm64/kernel/entry-fpsimd.S
+++ b/arch/arm64/kernel/entry-fpsimd.S
@@ -41,3 +41,20 @@ ENTRY(fpsimd_load_state)
fpsimd_restore x0, 8
ret
ENDPROC(fpsimd_load_state)
+
+#ifdef CONFIG_ARM64_SVE
+ENTRY(sve_save_state)
+ sve_save 0, x1, 2
+ ret
+ENDPROC(sve_save_state)
+
+ENTRY(sve_load_state)
+ sve_load 0, x1, x2, 3
+ ret
+ENDPROC(sve_load_state)
+
+ENTRY(sve_get_vl)
+ _sve_rdvl 0, 1
+ ret
+ENDPROC(sve_get_vl)
+#endif /* CONFIG_ARM64_SVE */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 08/28] arm64/sve: Kconfig update and conditional compilation support
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
This patch adds CONFIG_ARM64_SVE to control building of SVE support
into the kernel, and adds a stub predicate system_supports_sve() to
control conditional compilation and runtime SVE support.
system_supports_sve() just returns false for now: it will be
replaced with a non-trivial implementation in a later patch, once
SVE support is complete enough to be enabled safely.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/Kconfig | 11 +++++++++++
arch/arm64/include/asm/cpufeature.h | 5 +++++
2 files changed, 16 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index ca711ac..9b3a50e 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -975,6 +975,17 @@ config ARM64_PMEM
endmenu
+config ARM64_SVE
+ bool "ARM Scalable Vector Extension support"
+ default y
+ help
+ The Scalable Vector Extension (SVE) is an extension to the AArch64
+ execution state which complements and extends the SIMD functionality
+ of the base architecture to support much larger vectors and to enable
+ additional vectorisation opportunities.
+
+ To enable use of this extension on CPUs that implement it, say Y.
+
config ARM64_MODULE_CMODEL_LARGE
bool
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 428ee1f..4ea3441 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -262,6 +262,11 @@ static inline bool system_uses_ttbr0_pan(void)
!cpus_have_const_cap(ARM64_HAS_PAN);
}
+static inline bool system_supports_sve(void)
+{
+ return false;
+}
+
#endif /* __ASSEMBLY__ */
#endif
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 08/28] arm64/sve: Kconfig update and conditional compilation support
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
This patch adds CONFIG_ARM64_SVE to control building of SVE support
into the kernel, and adds a stub predicate system_supports_sve() to
control conditional compilation and runtime SVE support.
system_supports_sve() just returns false for now: it will be
replaced with a non-trivial implementation in a later patch, once
SVE support is complete enough to be enabled safely.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/Kconfig | 11 +++++++++++
arch/arm64/include/asm/cpufeature.h | 5 +++++
2 files changed, 16 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index ca711ac..9b3a50e 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -975,6 +975,17 @@ config ARM64_PMEM
endmenu
+config ARM64_SVE
+ bool "ARM Scalable Vector Extension support"
+ default y
+ help
+ The Scalable Vector Extension (SVE) is an extension to the AArch64
+ execution state which complements and extends the SIMD functionality
+ of the base architecture to support much larger vectors and to enable
+ additional vectorisation opportunities.
+
+ To enable use of this extension on CPUs that implement it, say Y.
+
config ARM64_MODULE_CMODEL_LARGE
bool
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 428ee1f..4ea3441 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -262,6 +262,11 @@ static inline bool system_uses_ttbr0_pan(void)
!cpus_have_const_cap(ARM64_HAS_PAN);
}
+static inline bool system_supports_sve(void)
+{
+ return false;
+}
+
#endif /* __ASSEMBLY__ */
#endif
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 08/28] arm64/sve: Kconfig update and conditional compilation support
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch adds CONFIG_ARM64_SVE to control building of SVE support
into the kernel, and adds a stub predicate system_supports_sve() to
control conditional compilation and runtime SVE support.
system_supports_sve() just returns false for now: it will be
replaced with a non-trivial implementation in a later patch, once
SVE support is complete enough to be enabled safely.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/Kconfig | 11 +++++++++++
arch/arm64/include/asm/cpufeature.h | 5 +++++
2 files changed, 16 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index ca711ac..9b3a50e 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -975,6 +975,17 @@ config ARM64_PMEM
endmenu
+config ARM64_SVE
+ bool "ARM Scalable Vector Extension support"
+ default y
+ help
+ The Scalable Vector Extension (SVE) is an extension to the AArch64
+ execution state which complements and extends the SIMD functionality
+ of the base architecture to support much larger vectors and to enable
+ additional vectorisation opportunities.
+
+ To enable use of this extension on CPUs that implement it, say Y.
+
config ARM64_MODULE_CMODEL_LARGE
bool
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 428ee1f..4ea3441 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -262,6 +262,11 @@ static inline bool system_uses_ttbr0_pan(void)
!cpus_have_const_cap(ARM64_HAS_PAN);
}
+static inline bool system_supports_sve(void)
+{
+ return false;
+}
+
#endif /* __ASSEMBLY__ */
#endif
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 09/28] arm64/sve: Signal frame and context structure definition
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
This patch defines the representation that will be used for the SVE
register state in the signal frame, and implements support for
saving and restoring the SVE registers around signals.
The same layout will also be used for the in-kernel task state.
Due to the variability of the SVE vector length, it is not possible
to define a fixed C struct to describe all the registers. Instead,
Macros are defined in sigcontext.h to facilitate access to the
parts of the structure.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
Changes since v2
----------------
Requested by Catalin Marinas:
* Rewrite the SVE_VQ_BYTES and SVE_VQ_MAX definitions in decimal, to
avoid any resemblance to masks or bitfields.
---
arch/arm64/include/uapi/asm/sigcontext.h | 117 ++++++++++++++++++++++++++++++-
1 file changed, 116 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h
index f0a76b9..7654a81 100644
--- a/arch/arm64/include/uapi/asm/sigcontext.h
+++ b/arch/arm64/include/uapi/asm/sigcontext.h
@@ -16,6 +16,8 @@
#ifndef _UAPI__ASM_SIGCONTEXT_H
#define _UAPI__ASM_SIGCONTEXT_H
+#ifndef __ASSEMBLY__
+
#include <linux/types.h>
/*
@@ -41,10 +43,11 @@ struct sigcontext {
*
* 0x210 fpsimd_context
* 0x10 esr_context
+ * 0x8a0 sve_context (vl <= 64) (optional)
* 0x20 extra_context (optional)
* 0x10 terminator (null _aarch64_ctx)
*
- * 0xdb0 (reserved for future allocation)
+ * 0x510 (reserved for future allocation)
*
* New records that can exceed this space need to be opt-in for userspace, so
* that an expanded signal frame is not generated unexpectedly. The mechanism
@@ -116,4 +119,116 @@ struct extra_context {
__u32 __reserved[3];
};
+#define SVE_MAGIC 0x53564501
+
+struct sve_context {
+ struct _aarch64_ctx head;
+ __u16 vl;
+ __u16 __reserved[3];
+};
+
+#endif /* !__ASSEMBLY__ */
+
+/*
+ * The SVE architecture leaves space for future expansion of the
+ * vector length beyond its initial architectural limit of 2048 bits
+ * (16 quadwords).
+ */
+#define SVE_VQ_BYTES 16 /* number of bytes per quadword */
+
+#define SVE_VQ_MIN 1
+#define SVE_VQ_MAX 512
+
+#define SVE_VL_MIN (SVE_VQ_MIN * SVE_VQ_BYTES)
+#define SVE_VL_MAX (SVE_VQ_MAX * SVE_VQ_BYTES)
+
+#define SVE_NUM_ZREGS 32
+#define SVE_NUM_PREGS 16
+
+#define sve_vl_valid(vl) \
+ ((vl) % SVE_VQ_BYTES == 0 && (vl) >= SVE_VL_MIN && (vl) <= SVE_VL_MAX)
+#define sve_vq_from_vl(vl) ((vl) / SVE_VQ_BYTES)
+#define sve_vl_from_vq(vq) ((vq) * SVE_VQ_BYTES)
+
+/*
+ * If the SVE registers are currently live for the thread at signal delivery,
+ * sve_context.head.size >=
+ * SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl))
+ * and the register data may be accessed using the SVE_SIG_*() macros.
+ *
+ * If sve_context.head.size <
+ * SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)),
+ * the SVE registers were not live for the thread and no register data
+ * is included: in this case, the SVE_SIG_*() macros should not be
+ * used except for this check.
+ *
+ * The same convention applies when returning from a signal: a caller
+ * will need to remove or resize the sve_context block if it wants to
+ * make the SVE registers live when they were previously non-live or
+ * vice-versa. This may require the the caller to allocate fresh
+ * memory and/or move other context blocks in the signal frame.
+ *
+ * Changing the vector length during signal return is not permitted:
+ * sve_context.vl must equal the thread's current vector length when
+ * doing a sigreturn.
+ *
+ *
+ * Note: for all these macros, the "vq" argument denotes the SVE
+ * vector length in quadwords (i.e., units of 128 bits).
+ *
+ * The correct way to obtain vq is to use sve_vq_from_vl(vl). The
+ * result is valid if and only if sve_vl_valid(vl) is true. This is
+ * guaranteed for a struct sve_context written by the kernel.
+ *
+ *
+ * Additional macros describe the contents and layout of the payload.
+ * For each, SVE_SIG_x_OFFSET(args) is the start offset relative to
+ * the start of struct sve_context, and SVE_SIG_x_SIZE(args) is the
+ * size in bytes:
+ *
+ * x type description
+ * - ---- -----------
+ * REGS the entire SVE context
+ *
+ * ZREGS __uint128_t[SVE_NUM_ZREGS][vq] all Z-registers
+ * ZREG __uint128_t[vq] individual Z-register Zn
+ *
+ * PREGS uint16_t[SVE_NUM_PREGS][vq] all P-registers
+ * PREG uint16_t[vq] individual P-register Pn
+ *
+ * FFR uint16_t[vq] first-fault status register
+ *
+ * Additional data might be appended in the future.
+ */
+
+#define SVE_SIG_ZREG_SIZE(vq) ((__u32)(vq) * SVE_VQ_BYTES)
+#define SVE_SIG_PREG_SIZE(vq) ((__u32)(vq) * (SVE_VQ_BYTES / 8))
+#define SVE_SIG_FFR_SIZE(vq) SVE_SIG_PREG_SIZE(vq)
+
+#define SVE_SIG_REGS_OFFSET \
+ ((sizeof(struct sve_context) + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+#define SVE_SIG_ZREGS_OFFSET SVE_SIG_REGS_OFFSET
+#define SVE_SIG_ZREG_OFFSET(vq, n) \
+ (SVE_SIG_ZREGS_OFFSET + SVE_SIG_ZREG_SIZE(vq) * (n))
+#define SVE_SIG_ZREGS_SIZE(vq) \
+ (SVE_SIG_ZREG_OFFSET(vq, SVE_NUM_ZREGS) - SVE_SIG_ZREGS_OFFSET)
+
+#define SVE_SIG_PREGS_OFFSET(vq) \
+ (SVE_SIG_ZREGS_OFFSET + SVE_SIG_ZREGS_SIZE(vq))
+#define SVE_SIG_PREG_OFFSET(vq, n) \
+ (SVE_SIG_PREGS_OFFSET(vq) + SVE_SIG_PREG_SIZE(vq) * (n))
+#define SVE_SIG_PREGS_SIZE(vq) \
+ (SVE_SIG_PREG_OFFSET(vq, SVE_NUM_PREGS) - SVE_SIG_PREGS_OFFSET(vq))
+
+#define SVE_SIG_FFR_OFFSET(vq) \
+ (SVE_SIG_PREGS_OFFSET(vq) + SVE_SIG_PREGS_SIZE(vq))
+
+#define SVE_SIG_REGS_SIZE(vq) \
+ (SVE_SIG_FFR_OFFSET(vq) + SVE_SIG_FFR_SIZE(vq) - SVE_SIG_REGS_OFFSET)
+
+#define SVE_SIG_CONTEXT_SIZE(vq) (SVE_SIG_REGS_OFFSET + SVE_SIG_REGS_SIZE(vq))
+
+
#endif /* _UAPI__ASM_SIGCONTEXT_H */
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 09/28] arm64/sve: Signal frame and context structure definition
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
This patch defines the representation that will be used for the SVE
register state in the signal frame, and implements support for
saving and restoring the SVE registers around signals.
The same layout will also be used for the in-kernel task state.
Due to the variability of the SVE vector length, it is not possible
to define a fixed C struct to describe all the registers. Instead,
Macros are defined in sigcontext.h to facilitate access to the
parts of the structure.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
Changes since v2
----------------
Requested by Catalin Marinas:
* Rewrite the SVE_VQ_BYTES and SVE_VQ_MAX definitions in decimal, to
avoid any resemblance to masks or bitfields.
---
arch/arm64/include/uapi/asm/sigcontext.h | 117 ++++++++++++++++++++++++++++++-
1 file changed, 116 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h
index f0a76b9..7654a81 100644
--- a/arch/arm64/include/uapi/asm/sigcontext.h
+++ b/arch/arm64/include/uapi/asm/sigcontext.h
@@ -16,6 +16,8 @@
#ifndef _UAPI__ASM_SIGCONTEXT_H
#define _UAPI__ASM_SIGCONTEXT_H
+#ifndef __ASSEMBLY__
+
#include <linux/types.h>
/*
@@ -41,10 +43,11 @@ struct sigcontext {
*
* 0x210 fpsimd_context
* 0x10 esr_context
+ * 0x8a0 sve_context (vl <= 64) (optional)
* 0x20 extra_context (optional)
* 0x10 terminator (null _aarch64_ctx)
*
- * 0xdb0 (reserved for future allocation)
+ * 0x510 (reserved for future allocation)
*
* New records that can exceed this space need to be opt-in for userspace, so
* that an expanded signal frame is not generated unexpectedly. The mechanism
@@ -116,4 +119,116 @@ struct extra_context {
__u32 __reserved[3];
};
+#define SVE_MAGIC 0x53564501
+
+struct sve_context {
+ struct _aarch64_ctx head;
+ __u16 vl;
+ __u16 __reserved[3];
+};
+
+#endif /* !__ASSEMBLY__ */
+
+/*
+ * The SVE architecture leaves space for future expansion of the
+ * vector length beyond its initial architectural limit of 2048 bits
+ * (16 quadwords).
+ */
+#define SVE_VQ_BYTES 16 /* number of bytes per quadword */
+
+#define SVE_VQ_MIN 1
+#define SVE_VQ_MAX 512
+
+#define SVE_VL_MIN (SVE_VQ_MIN * SVE_VQ_BYTES)
+#define SVE_VL_MAX (SVE_VQ_MAX * SVE_VQ_BYTES)
+
+#define SVE_NUM_ZREGS 32
+#define SVE_NUM_PREGS 16
+
+#define sve_vl_valid(vl) \
+ ((vl) % SVE_VQ_BYTES == 0 && (vl) >= SVE_VL_MIN && (vl) <= SVE_VL_MAX)
+#define sve_vq_from_vl(vl) ((vl) / SVE_VQ_BYTES)
+#define sve_vl_from_vq(vq) ((vq) * SVE_VQ_BYTES)
+
+/*
+ * If the SVE registers are currently live for the thread at signal delivery,
+ * sve_context.head.size >=
+ * SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl))
+ * and the register data may be accessed using the SVE_SIG_*() macros.
+ *
+ * If sve_context.head.size <
+ * SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)),
+ * the SVE registers were not live for the thread and no register data
+ * is included: in this case, the SVE_SIG_*() macros should not be
+ * used except for this check.
+ *
+ * The same convention applies when returning from a signal: a caller
+ * will need to remove or resize the sve_context block if it wants to
+ * make the SVE registers live when they were previously non-live or
+ * vice-versa. This may require the the caller to allocate fresh
+ * memory and/or move other context blocks in the signal frame.
+ *
+ * Changing the vector length during signal return is not permitted:
+ * sve_context.vl must equal the thread's current vector length when
+ * doing a sigreturn.
+ *
+ *
+ * Note: for all these macros, the "vq" argument denotes the SVE
+ * vector length in quadwords (i.e., units of 128 bits).
+ *
+ * The correct way to obtain vq is to use sve_vq_from_vl(vl). The
+ * result is valid if and only if sve_vl_valid(vl) is true. This is
+ * guaranteed for a struct sve_context written by the kernel.
+ *
+ *
+ * Additional macros describe the contents and layout of the payload.
+ * For each, SVE_SIG_x_OFFSET(args) is the start offset relative to
+ * the start of struct sve_context, and SVE_SIG_x_SIZE(args) is the
+ * size in bytes:
+ *
+ * x type description
+ * - ---- -----------
+ * REGS the entire SVE context
+ *
+ * ZREGS __uint128_t[SVE_NUM_ZREGS][vq] all Z-registers
+ * ZREG __uint128_t[vq] individual Z-register Zn
+ *
+ * PREGS uint16_t[SVE_NUM_PREGS][vq] all P-registers
+ * PREG uint16_t[vq] individual P-register Pn
+ *
+ * FFR uint16_t[vq] first-fault status register
+ *
+ * Additional data might be appended in the future.
+ */
+
+#define SVE_SIG_ZREG_SIZE(vq) ((__u32)(vq) * SVE_VQ_BYTES)
+#define SVE_SIG_PREG_SIZE(vq) ((__u32)(vq) * (SVE_VQ_BYTES / 8))
+#define SVE_SIG_FFR_SIZE(vq) SVE_SIG_PREG_SIZE(vq)
+
+#define SVE_SIG_REGS_OFFSET \
+ ((sizeof(struct sve_context) + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+#define SVE_SIG_ZREGS_OFFSET SVE_SIG_REGS_OFFSET
+#define SVE_SIG_ZREG_OFFSET(vq, n) \
+ (SVE_SIG_ZREGS_OFFSET + SVE_SIG_ZREG_SIZE(vq) * (n))
+#define SVE_SIG_ZREGS_SIZE(vq) \
+ (SVE_SIG_ZREG_OFFSET(vq, SVE_NUM_ZREGS) - SVE_SIG_ZREGS_OFFSET)
+
+#define SVE_SIG_PREGS_OFFSET(vq) \
+ (SVE_SIG_ZREGS_OFFSET + SVE_SIG_ZREGS_SIZE(vq))
+#define SVE_SIG_PREG_OFFSET(vq, n) \
+ (SVE_SIG_PREGS_OFFSET(vq) + SVE_SIG_PREG_SIZE(vq) * (n))
+#define SVE_SIG_PREGS_SIZE(vq) \
+ (SVE_SIG_PREG_OFFSET(vq, SVE_NUM_PREGS) - SVE_SIG_PREGS_OFFSET(vq))
+
+#define SVE_SIG_FFR_OFFSET(vq) \
+ (SVE_SIG_PREGS_OFFSET(vq) + SVE_SIG_PREGS_SIZE(vq))
+
+#define SVE_SIG_REGS_SIZE(vq) \
+ (SVE_SIG_FFR_OFFSET(vq) + SVE_SIG_FFR_SIZE(vq) - SVE_SIG_REGS_OFFSET)
+
+#define SVE_SIG_CONTEXT_SIZE(vq) (SVE_SIG_REGS_OFFSET + SVE_SIG_REGS_SIZE(vq))
+
+
#endif /* _UAPI__ASM_SIGCONTEXT_H */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 09/28] arm64/sve: Signal frame and context structure definition
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch defines the representation that will be used for the SVE
register state in the signal frame, and implements support for
saving and restoring the SVE registers around signals.
The same layout will also be used for the in-kernel task state.
Due to the variability of the SVE vector length, it is not possible
to define a fixed C struct to describe all the registers. Instead,
Macros are defined in sigcontext.h to facilitate access to the
parts of the structure.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Benn?e <alex.bennee@linaro.org>
---
Changes since v2
----------------
Requested by Catalin Marinas:
* Rewrite the SVE_VQ_BYTES and SVE_VQ_MAX definitions in decimal, to
avoid any resemblance to masks or bitfields.
---
arch/arm64/include/uapi/asm/sigcontext.h | 117 ++++++++++++++++++++++++++++++-
1 file changed, 116 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h
index f0a76b9..7654a81 100644
--- a/arch/arm64/include/uapi/asm/sigcontext.h
+++ b/arch/arm64/include/uapi/asm/sigcontext.h
@@ -16,6 +16,8 @@
#ifndef _UAPI__ASM_SIGCONTEXT_H
#define _UAPI__ASM_SIGCONTEXT_H
+#ifndef __ASSEMBLY__
+
#include <linux/types.h>
/*
@@ -41,10 +43,11 @@ struct sigcontext {
*
* 0x210 fpsimd_context
* 0x10 esr_context
+ * 0x8a0 sve_context (vl <= 64) (optional)
* 0x20 extra_context (optional)
* 0x10 terminator (null _aarch64_ctx)
*
- * 0xdb0 (reserved for future allocation)
+ * 0x510 (reserved for future allocation)
*
* New records that can exceed this space need to be opt-in for userspace, so
* that an expanded signal frame is not generated unexpectedly. The mechanism
@@ -116,4 +119,116 @@ struct extra_context {
__u32 __reserved[3];
};
+#define SVE_MAGIC 0x53564501
+
+struct sve_context {
+ struct _aarch64_ctx head;
+ __u16 vl;
+ __u16 __reserved[3];
+};
+
+#endif /* !__ASSEMBLY__ */
+
+/*
+ * The SVE architecture leaves space for future expansion of the
+ * vector length beyond its initial architectural limit of 2048 bits
+ * (16 quadwords).
+ */
+#define SVE_VQ_BYTES 16 /* number of bytes per quadword */
+
+#define SVE_VQ_MIN 1
+#define SVE_VQ_MAX 512
+
+#define SVE_VL_MIN (SVE_VQ_MIN * SVE_VQ_BYTES)
+#define SVE_VL_MAX (SVE_VQ_MAX * SVE_VQ_BYTES)
+
+#define SVE_NUM_ZREGS 32
+#define SVE_NUM_PREGS 16
+
+#define sve_vl_valid(vl) \
+ ((vl) % SVE_VQ_BYTES == 0 && (vl) >= SVE_VL_MIN && (vl) <= SVE_VL_MAX)
+#define sve_vq_from_vl(vl) ((vl) / SVE_VQ_BYTES)
+#define sve_vl_from_vq(vq) ((vq) * SVE_VQ_BYTES)
+
+/*
+ * If the SVE registers are currently live for the thread@signal delivery,
+ * sve_context.head.size >=
+ * SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl))
+ * and the register data may be accessed using the SVE_SIG_*() macros.
+ *
+ * If sve_context.head.size <
+ * SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)),
+ * the SVE registers were not live for the thread and no register data
+ * is included: in this case, the SVE_SIG_*() macros should not be
+ * used except for this check.
+ *
+ * The same convention applies when returning from a signal: a caller
+ * will need to remove or resize the sve_context block if it wants to
+ * make the SVE registers live when they were previously non-live or
+ * vice-versa. This may require the the caller to allocate fresh
+ * memory and/or move other context blocks in the signal frame.
+ *
+ * Changing the vector length during signal return is not permitted:
+ * sve_context.vl must equal the thread's current vector length when
+ * doing a sigreturn.
+ *
+ *
+ * Note: for all these macros, the "vq" argument denotes the SVE
+ * vector length in quadwords (i.e., units of 128 bits).
+ *
+ * The correct way to obtain vq is to use sve_vq_from_vl(vl). The
+ * result is valid if and only if sve_vl_valid(vl) is true. This is
+ * guaranteed for a struct sve_context written by the kernel.
+ *
+ *
+ * Additional macros describe the contents and layout of the payload.
+ * For each, SVE_SIG_x_OFFSET(args) is the start offset relative to
+ * the start of struct sve_context, and SVE_SIG_x_SIZE(args) is the
+ * size in bytes:
+ *
+ * x type description
+ * - ---- -----------
+ * REGS the entire SVE context
+ *
+ * ZREGS __uint128_t[SVE_NUM_ZREGS][vq] all Z-registers
+ * ZREG __uint128_t[vq] individual Z-register Zn
+ *
+ * PREGS uint16_t[SVE_NUM_PREGS][vq] all P-registers
+ * PREG uint16_t[vq] individual P-register Pn
+ *
+ * FFR uint16_t[vq] first-fault status register
+ *
+ * Additional data might be appended in the future.
+ */
+
+#define SVE_SIG_ZREG_SIZE(vq) ((__u32)(vq) * SVE_VQ_BYTES)
+#define SVE_SIG_PREG_SIZE(vq) ((__u32)(vq) * (SVE_VQ_BYTES / 8))
+#define SVE_SIG_FFR_SIZE(vq) SVE_SIG_PREG_SIZE(vq)
+
+#define SVE_SIG_REGS_OFFSET \
+ ((sizeof(struct sve_context) + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+#define SVE_SIG_ZREGS_OFFSET SVE_SIG_REGS_OFFSET
+#define SVE_SIG_ZREG_OFFSET(vq, n) \
+ (SVE_SIG_ZREGS_OFFSET + SVE_SIG_ZREG_SIZE(vq) * (n))
+#define SVE_SIG_ZREGS_SIZE(vq) \
+ (SVE_SIG_ZREG_OFFSET(vq, SVE_NUM_ZREGS) - SVE_SIG_ZREGS_OFFSET)
+
+#define SVE_SIG_PREGS_OFFSET(vq) \
+ (SVE_SIG_ZREGS_OFFSET + SVE_SIG_ZREGS_SIZE(vq))
+#define SVE_SIG_PREG_OFFSET(vq, n) \
+ (SVE_SIG_PREGS_OFFSET(vq) + SVE_SIG_PREG_SIZE(vq) * (n))
+#define SVE_SIG_PREGS_SIZE(vq) \
+ (SVE_SIG_PREG_OFFSET(vq, SVE_NUM_PREGS) - SVE_SIG_PREGS_OFFSET(vq))
+
+#define SVE_SIG_FFR_OFFSET(vq) \
+ (SVE_SIG_PREGS_OFFSET(vq) + SVE_SIG_PREGS_SIZE(vq))
+
+#define SVE_SIG_REGS_SIZE(vq) \
+ (SVE_SIG_FFR_OFFSET(vq) + SVE_SIG_FFR_SIZE(vq) - SVE_SIG_REGS_OFFSET)
+
+#define SVE_SIG_CONTEXT_SIZE(vq) (SVE_SIG_REGS_OFFSET + SVE_SIG_REGS_SIZE(vq))
+
+
#endif /* _UAPI__ASM_SIGCONTEXT_H */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 10/28] arm64/sve: Low-level CPU setup
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
To enable the kernel to use SVE, SVE traps from EL1 to EL2 must be
disabled. To take maximum advantage of the hardware, the full
available vector length also needs to be enabled for EL1 by
programming ZCR_EL2.LEN. (The kernel will program ZCR_EL1.LEN as
required, but this cannot override the limit set by ZCR_EL2.)
Traps from EL0 to EL1 are also left enabled by virtue of setting
the relevant CPACR bit at its default (RES0) value.
This patch makes the appropriate changes to the primary and
secondary CPU initialisation code.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
Dropped Alex Bennée's Reviewed-by, since there is a non-trivial change
to the logic here.
Changes since v2
----------------
Requested by Catalin Marinas:
* Removed the asm logic to enable SVE for EL1 from __cpu_setup, since
the kernel doesn't need SVE so early.
Instead, this logic is moved to C code called via cpufeatures in
"arm64/sve: Probe SVE capabilities and usable vector lengths"
and wired up for the arm64_cpu_capabilities enable() method in
"arm64/sve: Detect SVE and activate runtime support".
---
arch/arm64/kernel/head.S | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index 0b243ec..bb6e3f2 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -517,8 +517,19 @@ CPU_LE( movk x0, #0x30d0, lsl #16 ) // Clear EE and E0E on LE systems
mov x0, #0x33ff
msr cptr_el2, x0 // Disable copro. traps to EL2
+ /* SVE register access */
+ mrs x1, id_aa64pfr0_el1
+ ubfx x1, x1, #ID_AA64PFR0_SVE_SHIFT, #4
+ cbz x1, 7f
+
+ bic x0, x0, #CPTR_EL2_TZ // Also disable SVE traps
+ msr cptr_el2, x0 // Disable copro. traps to EL2
+ isb
+ mov x1, #ZCR_ELx_LEN_MASK // SVE: Enable full vector
+ msr_s SYS_ZCR_EL2, x1 // length for EL1.
+
/* Hypervisor stub */
- adr_l x0, __hyp_stub_vectors
+7: adr_l x0, __hyp_stub_vectors
msr vbar_el2, x0
/* spsr */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 10/28] arm64/sve: Low-level CPU setup
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
To enable the kernel to use SVE, SVE traps from EL1 to EL2 must be
disabled. To take maximum advantage of the hardware, the full
available vector length also needs to be enabled for EL1 by
programming ZCR_EL2.LEN. (The kernel will program ZCR_EL1.LEN as
required, but this cannot override the limit set by ZCR_EL2.)
Traps from EL0 to EL1 are also left enabled by virtue of setting
the relevant CPACR bit at its default (RES0) value.
This patch makes the appropriate changes to the primary and
secondary CPU initialisation code.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Alex Benn?e <alex.bennee@linaro.org>
---
Dropped Alex Benn?e's Reviewed-by, since there is a non-trivial change
to the logic here.
Changes since v2
----------------
Requested by Catalin Marinas:
* Removed the asm logic to enable SVE for EL1 from __cpu_setup, since
the kernel doesn't need SVE so early.
Instead, this logic is moved to C code called via cpufeatures in
"arm64/sve: Probe SVE capabilities and usable vector lengths"
and wired up for the arm64_cpu_capabilities enable() method in
"arm64/sve: Detect SVE and activate runtime support".
---
arch/arm64/kernel/head.S | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index 0b243ec..bb6e3f2 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -517,8 +517,19 @@ CPU_LE( movk x0, #0x30d0, lsl #16 ) // Clear EE and E0E on LE systems
mov x0, #0x33ff
msr cptr_el2, x0 // Disable copro. traps to EL2
+ /* SVE register access */
+ mrs x1, id_aa64pfr0_el1
+ ubfx x1, x1, #ID_AA64PFR0_SVE_SHIFT, #4
+ cbz x1, 7f
+
+ bic x0, x0, #CPTR_EL2_TZ // Also disable SVE traps
+ msr cptr_el2, x0 // Disable copro. traps to EL2
+ isb
+ mov x1, #ZCR_ELx_LEN_MASK // SVE: Enable full vector
+ msr_s SYS_ZCR_EL2, x1 // length for EL1.
+
/* Hypervisor stub */
- adr_l x0, __hyp_stub_vectors
+7: adr_l x0, __hyp_stub_vectors
msr vbar_el2, x0
/* spsr */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 11/28] arm64/sve: Core task context handling
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
This patch adds the core support for switching and managing the SVE
architectural state of user tasks.
Calls to the existing FPSIMD low-level save/restore functions are
factored out as new functions task_fpsimd_{save,load}(), since SVE
now dynamically may or may not need to be handled at these points
depending on the kernel configuration, hardware features discovered
at boot, and the runtime state of the task. To make these
decisions as fast as possible, const cpucaps are used where
feasible, via the system_supports_sve() helper.
The SVE registers are only tracked for threads that have explicitly
used SVE, indicated by the new thread flag TIF_SVE. Otherwise, the
FPSIMD view of the architectural state is stored in
thread.fpsimd_state as usual.
When in use, the SVE registers are not stored directly in
thread_struct due to their potentially large and variable size.
Because the task_struct slab allocator must be configured very
early during kernel boot, it is also tricky to configure it
correctly to match the maximum vector length provided by the
hardware, since this depends on examining secondary CPUs as well as
the primary. Instead, a pointer sve_state in thread_struct points
to a dynamically allocated buffer containing the SVE register data,
and code is added to allocate, duplicate and free this buffer at
appropriate times.
TIF_SVE is set when taking an SVE access trap from userspace, if
suitable hardware support has been detected. This enables SVE for
the thread: a subsequent return to userspace will disable the trap
accordingly. If such a trap is taken without sufficient hardware
support, SIGILL is sent to the thread instead as if an undefined
instruction had been executed: this may happen if userspace tries
to use SVE in a system where not all CPUs support it for example.
The kernel may clear TIF_SVE and disable SVE for the thread
whenever an explicit syscall is made by userspace, though this is
considered an optimisation opportunity rather than a deterministic
guarantee: the kernel may not do this on every syscall, but it is
permitted to do so. For backwards compatibility reasons and
conformance with the spirit of the base AArch64 procedure call
standard, the subset of the SVE register state that aliases the
FPSIMD registers is still preserved across a syscall even if this
happens.
TIF_SVE is also cleared, and SVE disabled, on exec: this is an
obvious slow path and a hint that we are running a new binary that
may not use SVE.
Code is added to sync data between thread.fpsimd_state and
thread.sve_state whenever enabling/disabling SVE, in a manner
consistent with the SVE architectural programmer's model.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
Changes since v2
----------------
Changes requested by Catalin Marinas:
* [bugfix] Enabled IRQs during SVE access traps
There is no special reason why interrupts have to be disabled in
do_sve_acc(), and the original intention was to enable them --
I missed this while developing the series.
This patch avoids IRQ blackout while allocating thread.sve_state and
saving/restoring.
This also protects us against kzalloc() sleeping, which was a bug
here previously since this function was running in atomic context.
Relying on GFP_ATOMIC here doen't seem justifiable.
The code is currently suboptimal in the case where no context switch
occurs, since it adds a store-reload roundtrip that is not strictly
necessary. However, avoiding this leads to violation of some
assumptions which would require additional refactoring or code
duplication to resolve, particularly regarding the setting of
ZCR_EL1.LEN.
For now, I prefer to have code that works initially, and let the
dust settle for a bit.
This may be refactored better later.
* Added WARN_ON(in_softirq() && !irqs_disabled()) to
task_fpsimd_{load,save}(), to flag up attempts to call these
functions when softirqs could occur. This is far from being
everything we could check, but masking of softirqs is the most
crucial requirement.
This will guard against maintenance accidents that call these
functions in inappropriate situations.
* Provided an explicit helper
fpsimd_preserve_current_state_discard_sve() to ensure that task
vector state is stored to memory and unconditionally discard sve.
This gets the parent task into the right state such that fork just
requires a memcpy of thread_struct followed by NULLing dst->
thread.sve_state.
With this, fpsimd_dup_sve() has nothing to do any more, so this
function has been deleted from the patch.
task_fpsimd_save() is factored out with a backend
__task_fpsimd_save(bool force_discard), which is used in the few
places where it is appropriate.
For now, this breaks fpsimd_preserve_current_state() for SVE tasks,
but there is no way for SVE tasks to exist yet: so just WARN().
This issue is resolved by "arm64/sve: Signal handling support".
Miscellaneous:
* Added comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
* Added comments explaining the role of TIF_SVE.
* Added a WARN_ON() check in task_fpsimd_save to confirm that the
VL currently configured in ZCR_EL1.LEN is correct for current.
This was identified as a maintenance risk when working on enabling
IRQs in do_sve_acc().
The new logic flags and avoids potential buffer overruns on
sve_state that could otherwise occur if the VL is wrong. In this
case, we simply skip the save. The task state will be corrupted, but
that's better than corrupting kernel memory.
Since the task state is now wrong, it can't resume: just inject a
SIGKILL instead. We can't BUG(), since this problem may be detected
in softirq context where BUG() panics the kernel -- so
force_signal_inject() is called instead. "bad mode" is a confusing
thing to print for this, so force_signal_inject() is updated to print
the more general "unknown or unrecoverable error" for such signals:
there is no other call to force_signal_inject() with signal==SIGKILL
today.
---
arch/arm64/include/asm/fpsimd.h | 17 ++
arch/arm64/include/asm/processor.h | 2 +
arch/arm64/include/asm/thread_info.h | 1 +
arch/arm64/include/asm/traps.h | 2 +
arch/arm64/kernel/entry.S | 14 +-
arch/arm64/kernel/fpsimd.c | 342 ++++++++++++++++++++++++++++++++++-
arch/arm64/kernel/process.c | 14 +-
arch/arm64/kernel/traps.c | 6 +-
8 files changed, 388 insertions(+), 10 deletions(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 026a7c7..b1409de 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -20,6 +20,8 @@
#ifndef __ASSEMBLY__
+#include <linux/stddef.h>
+
/*
* FP/SIMD storage area has:
* - FPSR and FPCR
@@ -62,6 +64,7 @@ extern void fpsimd_thread_switch(struct task_struct *next);
extern void fpsimd_flush_thread(void);
extern void fpsimd_preserve_current_state(void);
+extern void fpsimd_preserve_current_state_discard_sve(void);
extern void fpsimd_restore_current_state(void);
extern void fpsimd_update_current_state(struct fpsimd_state *state);
@@ -72,6 +75,20 @@ extern void sve_load_state(void const *state, u32 const *pfpsr,
unsigned long vq_minus_1);
extern unsigned int sve_get_vl(void);
+#ifdef CONFIG_ARM64_SVE
+
+extern size_t sve_state_size(struct task_struct const *task);
+
+extern void sve_alloc(struct task_struct *task);
+extern void fpsimd_release_thread(struct task_struct *task);
+
+#else /* ! CONFIG_ARM64_SVE */
+
+static void __maybe_unused sve_alloc(struct task_struct *task) { }
+static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
+
+#endif /* ! CONFIG_ARM64_SVE */
+
/* For use by EFI runtime services calls only */
extern void __efi_fpsimd_begin(void);
extern void __efi_fpsimd_end(void);
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 29adab8..4831d28 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -85,6 +85,8 @@ struct thread_struct {
unsigned long tp2_value;
#endif
struct fpsimd_state fpsimd_state;
+ void *sve_state; /* SVE registers, if any */
+ unsigned int sve_vl; /* SVE vector length */
unsigned long fault_address; /* fault info */
unsigned long fault_code; /* ESR_EL1 value */
struct debug_info debug; /* debugging */
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
index ddded64..04dbf50 100644
--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@ -92,6 +92,7 @@ void arch_setup_new_exec(void);
#define TIF_RESTORE_SIGMASK 20
#define TIF_SINGLESTEP 21
#define TIF_32BIT 22 /* 32bit process */
+#define TIF_SVE 23 /* Scalable Vector Extension in use */
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
diff --git a/arch/arm64/include/asm/traps.h b/arch/arm64/include/asm/traps.h
index d131501..69e1aaf 100644
--- a/arch/arm64/include/asm/traps.h
+++ b/arch/arm64/include/asm/traps.h
@@ -34,6 +34,8 @@ struct undef_hook {
void register_undef_hook(struct undef_hook *hook);
void unregister_undef_hook(struct undef_hook *hook);
+void force_signal_inject(int signal, int code, struct pt_regs *regs,
+ unsigned long address);
void arm64_notify_segfault(struct pt_regs *regs, unsigned long addr);
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index e1c59d4..6718780 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -607,6 +607,8 @@ el0_sync:
b.eq el0_ia
cmp x24, #ESR_ELx_EC_FP_ASIMD // FP/ASIMD access
b.eq el0_fpsimd_acc
+ cmp x24, #ESR_ELx_EC_SVE // SVE access
+ b.eq el0_sve_acc
cmp x24, #ESR_ELx_EC_FP_EXC64 // FP/ASIMD exception
b.eq el0_fpsimd_exc
cmp x24, #ESR_ELx_EC_SYS64 // configurable trap
@@ -705,9 +707,19 @@ el0_fpsimd_acc:
mov x1, sp
bl do_fpsimd_acc
b ret_to_user
+el0_sve_acc:
+ /*
+ * Scalable Vector Extension access
+ */
+ enable_dbg_and_irq
+ ct_user_exit
+ mov x0, x25
+ mov x1, sp
+ bl do_sve_acc
+ b ret_to_user
el0_fpsimd_exc:
/*
- * Floating Point or Advanced SIMD exception
+ * Floating Point, Advanced SIMD or SVE exception
*/
enable_dbg
ct_user_exit
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 7a865c8..e60d451 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -18,18 +18,26 @@
*/
#include <linux/bottom_half.h>
+#include <linux/bug.h>
+#include <linux/compat.h>
#include <linux/cpu.h>
#include <linux/cpu_pm.h>
#include <linux/kernel.h>
+#include <linux/irqflags.h>
#include <linux/init.h>
#include <linux/percpu.h>
#include <linux/preempt.h>
+#include <linux/ptrace.h>
#include <linux/sched/signal.h>
#include <linux/signal.h>
+#include <linux/slab.h>
#include <asm/fpsimd.h>
#include <asm/cputype.h>
#include <asm/simd.h>
+#include <asm/sigcontext.h>
+#include <asm/sysreg.h>
+#include <asm/traps.h>
#define FPEXC_IOF (1 << 0)
#define FPEXC_DZF (1 << 1)
@@ -39,6 +47,8 @@
#define FPEXC_IDF (1 << 7)
/*
+ * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
+ *
* In order to reduce the number of times the FPSIMD state is needlessly saved
* and restored, we need to keep track of two things:
* (a) for each task, we need to remember which CPU was the last one to have
@@ -99,6 +109,287 @@
*/
static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
+static void sve_free(struct task_struct *task)
+{
+ kfree(task->thread.sve_state);
+ task->thread.sve_state = NULL;
+}
+
+/* Offset of FFR in the SVE register dump */
+static size_t sve_ffr_offset(int vl)
+{
+ return SVE_SIG_FFR_OFFSET(sve_vq_from_vl(vl)) - SVE_SIG_REGS_OFFSET;
+}
+
+static void *sve_pffr(struct task_struct *task)
+{
+ return (char *)task->thread.sve_state +
+ sve_ffr_offset(task->thread.sve_vl);
+}
+
+static void change_cpacr(u64 val, u64 mask)
+{
+ u64 cpacr = read_sysreg(CPACR_EL1);
+ u64 new = (cpacr & ~mask) | val;
+
+ if (new != cpacr)
+ write_sysreg(new, CPACR_EL1);
+}
+
+static void sve_user_disable(void)
+{
+ change_cpacr(0, CPACR_EL1_ZEN_EL0EN);
+}
+
+static void sve_user_enable(void)
+{
+ change_cpacr(CPACR_EL1_ZEN_EL0EN, CPACR_EL1_ZEN_EL0EN);
+}
+
+/*
+ * TIF_SVE controls whether a task can use SVE without trapping while
+ * in userspace, and also the way a task's FPSIMD/SVE state is stored
+ * in thread_struct.
+ *
+ * The kernel uses this flag to track whether a user task is actively
+ * using SVE, and therefore whether full SVE register state needs to
+ * be tracked. If not, the cheaper FPSIMD context handling code can
+ * be used instead of the more costly SVE equivalents.
+ *
+ * * TIF_SVE set:
+ *
+ * The task can execute SVE instructions while in userspace without
+ * trapping to the kernel.
+ *
+ * When stored, Z0-Z31 (incorporating Vn in bits[127:0] or the
+ * corresponding Zn), P0-P15 and FFR are encoded in in
+ * task->thread.sve_state, formatted appropriately for vector
+ * length task->thread.sve_vl.
+ *
+ * task->thread.sve_state must point to a valid buffer at least
+ * sve_state_size(task) bytes in size.
+ *
+ * During any syscall, the kernel may optionally clear TIF_SVE and
+ * discard the vector state except for the FPSIMD subset.
+ *
+ * * TIF_SVE clear:
+ *
+ * An attempt by the user task to execute an SVE instruction causes
+ * do_sve_acc() to be called, which does some preparation and then
+ * sets TIF_SVE.
+ *
+ * When stored, FPSIMD registers V0-V31 are encoded in
+ * task->fpsimd_state; bits [max : 128] for each of Z0-Z31 are
+ * logically zero but not stored anywhere; P0-P15 and FFR are not
+ * stored and have unspecified values from userspace's point of
+ * view. For hygiene purposes, the kernel zeroes them on next use,
+ * but userspace is discouraged from relying on this.
+ *
+ * task->thread.sve_state does not need to be non-NULL, valid or any
+ * particular size: it must not be dereferenced.
+ *
+ * * FPSR and FPCR are always stored in task->fpsimd_state irrespctive of
+ * whether TIF_SVE is clear or set, since these are not vector length
+ * dependent.
+ */
+
+/*
+ * Update current's FPSIMD/SVE registers from thread_struct.
+ *
+ * This function should be called only when the FPSIMD/SVE state in
+ * thread_struct is known to be up to date, when preparing to enter
+ * userspace.
+ *
+ * Softirqs (and preemption) must be disabled.
+ */
+static void task_fpsimd_load(void)
+{
+ WARN_ON(!in_softirq() && !irqs_disabled());
+
+ if (system_supports_sve() && test_thread_flag(TIF_SVE))
+ sve_load_state(sve_pffr(current),
+ ¤t->thread.fpsimd_state.fpsr,
+ sve_vq_from_vl(current->thread.sve_vl) - 1);
+ else
+ fpsimd_load_state(¤t->thread.fpsimd_state);
+
+ if (system_supports_sve()) {
+ /* Toggle SVE trapping for userspace if needed */
+ if (test_thread_flag(TIF_SVE))
+ sve_user_enable();
+ else
+ sve_user_disable();
+
+ /* Serialised by exception return to user */
+ }
+}
+
+/*
+ * Ensure current's FPSIMD/SVE storage in thread_struct is up to date
+ * with respect to the CPU registers.
+ *
+ * Softirqs (and preemption) must be disabled.
+ *
+ * As an optimisation, this function may skip the cost of saving the
+ * full SVE state if called in syscall context: this is permitted
+ * because the syscall ABI does not require the SVE registers to be
+ * preserved across system calls except for the subset shared with
+ * FPSIMD. However, don't _assume_ that this will occur. In the
+ * future, discarding of SVE state may be avoided for tasks that
+ * appear to use SVE heavily.
+ *
+ * SVE state may be discarded if in a syscall.
+ * To force SVE discard unconditionally, pass force_discard==true.
+ */
+static void __task_fpsimd_save(bool force_discard)
+{
+ WARN_ON(!in_softirq() && !irqs_disabled());
+
+ if (system_supports_sve() && test_thread_flag(TIF_SVE))
+ if (force_discard || in_syscall(current_pt_regs())) {
+ clear_thread_flag(TIF_SVE);
+
+ /* Trap if the task tries to use SVE again: */
+ sve_user_disable();
+ }
+
+ if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {
+ if (system_supports_sve() && test_thread_flag(TIF_SVE)) {
+ if (WARN_ON(sve_get_vl() != current->thread.sve_vl)) {
+ /*
+ * Can't save the user regs, so current would
+ * re-enter user with corrupt state.
+ * There's no way to recover, so kill it:
+ */
+ force_signal_inject(
+ SIGKILL, 0, current_pt_regs(), 0);
+ return;
+ }
+
+ sve_save_state(sve_pffr(current),
+ ¤t->thread.fpsimd_state.fpsr);
+ } else
+ fpsimd_save_state(¤t->thread.fpsimd_state);
+ }
+}
+
+static void task_fpsimd_save(void)
+{
+ __task_fpsimd_save(false);
+}
+
+#define ZREG(sve_state, vq, n) ((char *)(sve_state) + \
+ (SVE_SIG_ZREG_OFFSET(vq, n) - SVE_SIG_REGS_OFFSET))
+
+/*
+ * Transfer the FPSIMD state in task->thread.fpsimd_state to
+ * task->thread.sve_state.
+ *
+ * Task can be a non-runnable task, or current. In the latter case,
+ * softirqs (and preemption) must be disabled.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ * task->thread.fpsimd_state must be up to date before calling this function.
+ */
+static void fpsimd_to_sve(struct task_struct *task)
+{
+ unsigned int vq;
+ void *sst = task->thread.sve_state;
+ struct fpsimd_state const *fst = &task->thread.fpsimd_state;
+ unsigned int i;
+
+ if (!system_supports_sve())
+ return;
+
+ vq = sve_vq_from_vl(task->thread.sve_vl);
+ for (i = 0; i < 32; ++i)
+ memcpy(ZREG(sst, vq, i), &fst->vregs[i],
+ sizeof(fst->vregs[i]));
+}
+
+#ifdef CONFIG_ARM64_SVE
+
+/*
+ * Return how many bytes of memory are required to store the full SVE
+ * state for task, given task's currently configured vector length.
+ */
+size_t sve_state_size(struct task_struct const *task)
+{
+ return SVE_SIG_REGS_SIZE(sve_vq_from_vl(task->thread.sve_vl));
+}
+
+/*
+ * Ensure that task->thread.sve_state is allocated and sufficiently large.
+ *
+ * This function should be used only in preparation for replacing
+ * task->thread.sve_state with new data. The memory is always zeroed
+ * here to prevent stale data from showing through: this is done in
+ * the interest of testability and predictability: except in the
+ * do_sve_acc() case, there is no ABI requirement to hide stale data
+ * written previously be task.
+ */
+void sve_alloc(struct task_struct *task)
+{
+ if (task->thread.sve_state) {
+ memset(task->thread.sve_state, 0, sve_state_size(current));
+ return;
+ }
+
+ /* This is a small allocation (maximum ~8KB) and Should Not Fail. */
+ task->thread.sve_state =
+ kzalloc(sve_state_size(task), GFP_KERNEL);
+
+ /*
+ * If future SVE revisions can have larger vectors though,
+ * this may cease to be true:
+ */
+ BUG_ON(!task->thread.sve_state);
+}
+
+void fpsimd_release_thread(struct task_struct *dead_task)
+{
+ sve_free(dead_task);
+}
+
+#endif /* CONFIG_ARM64_SVE */
+
+/*
+ * Trapped SVE access
+ *
+ * Storage is allocated for the full SVE state, the current FPSIMD
+ * register contents are migrated across, and TIF_SVE is set so that
+ * the SVE access trap will be disabled the next time this task
+ * reaches ret_to_user.
+ *
+ * TIF_SVE should be clear on entry: otherwise, task_fpsimd_load()
+ * would have disabled the SVE access trap for userspace during
+ * ret_to_user, making an SVE access trap impossible in that case.
+ */
+void do_sve_acc(unsigned int esr, struct pt_regs *regs)
+{
+ /* Even if we chose not to use SVE, the hardware could still trap: */
+ if (unlikely(!system_supports_sve()) || WARN_ON(is_compat_task())) {
+ force_signal_inject(SIGILL, ILL_ILLOPC, regs, 0);
+ return;
+ }
+
+ sve_alloc(current);
+
+ local_bh_disable();
+
+ task_fpsimd_save();
+ fpsimd_to_sve(current);
+
+ /* Force ret_to_user to reload the registers: */
+ fpsimd_flush_task_state(current);
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+
+ if (test_and_set_thread_flag(TIF_SVE))
+ WARN_ON(1); /* SVE access shouldn't have trapped */
+
+ local_bh_enable();
+}
+
/*
* Trapped FP/ASIMD access.
*/
@@ -144,8 +435,8 @@ void fpsimd_thread_switch(struct task_struct *next)
* the registers is in fact the most recent userland FPSIMD state of
* 'current'.
*/
- if (current->mm && !test_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
+ if (current->mm)
+ task_fpsimd_save();
if (next->mm) {
/*
@@ -167,6 +458,8 @@ void fpsimd_thread_switch(struct task_struct *next)
void fpsimd_flush_thread(void)
{
+ int vl;
+
if (!system_supports_fpsimd())
return;
@@ -174,6 +467,30 @@ void fpsimd_flush_thread(void)
memset(¤t->thread.fpsimd_state, 0, sizeof(struct fpsimd_state));
fpsimd_flush_task_state(current);
+
+ if (system_supports_sve()) {
+ clear_thread_flag(TIF_SVE);
+ sve_free(current);
+
+ /*
+ * Reset the task vector length as required.
+ * This is where we ensure that all user tasks have a valid
+ * vector length configured: no kernel task can become a user
+ * task without an exec and hence a call to this function.
+ * If a bug causes this to go wrong, we make some noise and
+ * try to fudge thread.sve_vl to a safe value here.
+ */
+ vl = current->thread.sve_vl;
+
+ if (vl == 0)
+ vl = SVE_VL_MIN;
+
+ if (WARN_ON(!sve_vl_valid(vl)))
+ vl = SVE_VL_MIN;
+
+ current->thread.sve_vl = vl;
+ }
+
set_thread_flag(TIF_FOREIGN_FPSTATE);
local_bh_enable();
@@ -182,6 +499,10 @@ void fpsimd_flush_thread(void)
/*
* Save the userland FPSIMD state of 'current' to memory, but only if the state
* currently held in the registers does in fact belong to 'current'
+ *
+ * SVE state is currently discarded, but this will not be the case in future
+ * because it would violate the user ABI for SVE in some situations.
+ * Currently, SVE tasks can't exist, so just WARN in that case.
*/
void fpsimd_preserve_current_state(void)
{
@@ -193,10 +514,21 @@ void fpsimd_preserve_current_state(void)
if (!test_thread_flag(TIF_FOREIGN_FPSTATE))
fpsimd_save_state(¤t->thread.fpsimd_state);
+ WARN_ON_ONCE(test_and_clear_thread_flag(TIF_SVE));
+
local_bh_enable();
}
/*
+ * Like fpsimd_preserve_current_state_discard_sve(), but explicitly discard SVE
+ * state.
+ */
+void fpsimd_preserve_current_state_discard_sve(void)
+{
+ fpsimd_preserve_current_state();
+}
+
+/*
* Load the userland FPSIMD state of 'current' from memory, but only if the
* FPSIMD state already held in the registers is /not/ the most recent FPSIMD
* state of 'current'
@@ -211,7 +543,7 @@ void fpsimd_restore_current_state(void)
if (test_and_clear_thread_flag(TIF_FOREIGN_FPSTATE)) {
struct fpsimd_state *st = ¤t->thread.fpsimd_state;
- fpsimd_load_state(st);
+ task_fpsimd_load();
__this_cpu_write(fpsimd_last_state, st);
st->cpu = smp_processor_id();
}
@@ -380,8 +712,8 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
{
switch (cmd) {
case CPU_PM_ENTER:
- if (current->mm && !test_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
+ if (current->mm)
+ task_fpsimd_save();
this_cpu_write(fpsimd_last_state, NULL);
break;
case CPU_PM_EXIT:
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 2dc0f84..8195682 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -239,13 +239,25 @@ void flush_thread(void)
void release_thread(struct task_struct *dead_task)
{
+ fpsimd_release_thread(dead_task);
}
int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
{
+ /*
+ * For SVE, dst and src must not end up with aliases of the same
+ * sve_state. Because we are definitely in a syscall here, SVE state
+ * can be discarded unconditionally without violating the user ABI.
+ * dst's sve_state pointer can then be zapped with no ill effects.
+ *
+ * src can safely retain its sve_state memory for later use.
+ */
if (current->mm)
- fpsimd_preserve_current_state();
+ fpsimd_preserve_current_state_discard_sve();
*dst = *src;
+
+ dst->thread.sve_state = NULL;
+
return 0;
}
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index f202932..bf54885 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -358,8 +358,8 @@ static int call_undef_hook(struct pt_regs *regs)
return fn ? fn(regs, instr) : 1;
}
-static void force_signal_inject(int signal, int code, struct pt_regs *regs,
- unsigned long address)
+void force_signal_inject(int signal, int code, struct pt_regs *regs,
+ unsigned long address)
{
siginfo_t info;
void __user *pc = (void __user *)instruction_pointer(regs);
@@ -373,7 +373,7 @@ static void force_signal_inject(int signal, int code, struct pt_regs *regs,
desc = "illegal memory access";
break;
default:
- desc = "bad mode";
+ desc = "unknown or unrecoverable error";
break;
}
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 11/28] arm64/sve: Core task context handling
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch adds the core support for switching and managing the SVE
architectural state of user tasks.
Calls to the existing FPSIMD low-level save/restore functions are
factored out as new functions task_fpsimd_{save,load}(), since SVE
now dynamically may or may not need to be handled at these points
depending on the kernel configuration, hardware features discovered
at boot, and the runtime state of the task. To make these
decisions as fast as possible, const cpucaps are used where
feasible, via the system_supports_sve() helper.
The SVE registers are only tracked for threads that have explicitly
used SVE, indicated by the new thread flag TIF_SVE. Otherwise, the
FPSIMD view of the architectural state is stored in
thread.fpsimd_state as usual.
When in use, the SVE registers are not stored directly in
thread_struct due to their potentially large and variable size.
Because the task_struct slab allocator must be configured very
early during kernel boot, it is also tricky to configure it
correctly to match the maximum vector length provided by the
hardware, since this depends on examining secondary CPUs as well as
the primary. Instead, a pointer sve_state in thread_struct points
to a dynamically allocated buffer containing the SVE register data,
and code is added to allocate, duplicate and free this buffer at
appropriate times.
TIF_SVE is set when taking an SVE access trap from userspace, if
suitable hardware support has been detected. This enables SVE for
the thread: a subsequent return to userspace will disable the trap
accordingly. If such a trap is taken without sufficient hardware
support, SIGILL is sent to the thread instead as if an undefined
instruction had been executed: this may happen if userspace tries
to use SVE in a system where not all CPUs support it for example.
The kernel may clear TIF_SVE and disable SVE for the thread
whenever an explicit syscall is made by userspace, though this is
considered an optimisation opportunity rather than a deterministic
guarantee: the kernel may not do this on every syscall, but it is
permitted to do so. For backwards compatibility reasons and
conformance with the spirit of the base AArch64 procedure call
standard, the subset of the SVE register state that aliases the
FPSIMD registers is still preserved across a syscall even if this
happens.
TIF_SVE is also cleared, and SVE disabled, on exec: this is an
obvious slow path and a hint that we are running a new binary that
may not use SVE.
Code is added to sync data between thread.fpsimd_state and
thread.sve_state whenever enabling/disabling SVE, in a manner
consistent with the SVE architectural programmer's model.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Alex Benn?e <alex.bennee@linaro.org>
---
Changes since v2
----------------
Changes requested by Catalin Marinas:
* [bugfix] Enabled IRQs during SVE access traps
There is no special reason why interrupts have to be disabled in
do_sve_acc(), and the original intention was to enable them --
I missed this while developing the series.
This patch avoids IRQ blackout while allocating thread.sve_state and
saving/restoring.
This also protects us against kzalloc() sleeping, which was a bug
here previously since this function was running in atomic context.
Relying on GFP_ATOMIC here doen't seem justifiable.
The code is currently suboptimal in the case where no context switch
occurs, since it adds a store-reload roundtrip that is not strictly
necessary. However, avoiding this leads to violation of some
assumptions which would require additional refactoring or code
duplication to resolve, particularly regarding the setting of
ZCR_EL1.LEN.
For now, I prefer to have code that works initially, and let the
dust settle for a bit.
This may be refactored better later.
* Added WARN_ON(in_softirq() && !irqs_disabled()) to
task_fpsimd_{load,save}(), to flag up attempts to call these
functions when softirqs could occur. This is far from being
everything we could check, but masking of softirqs is the most
crucial requirement.
This will guard against maintenance accidents that call these
functions in inappropriate situations.
* Provided an explicit helper
fpsimd_preserve_current_state_discard_sve() to ensure that task
vector state is stored to memory and unconditionally discard sve.
This gets the parent task into the right state such that fork just
requires a memcpy of thread_struct followed by NULLing dst->
thread.sve_state.
With this, fpsimd_dup_sve() has nothing to do any more, so this
function has been deleted from the patch.
task_fpsimd_save() is factored out with a backend
__task_fpsimd_save(bool force_discard), which is used in the few
places where it is appropriate.
For now, this breaks fpsimd_preserve_current_state() for SVE tasks,
but there is no way for SVE tasks to exist yet: so just WARN().
This issue is resolved by "arm64/sve: Signal handling support".
Miscellaneous:
* Added comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
* Added comments explaining the role of TIF_SVE.
* Added a WARN_ON() check in task_fpsimd_save to confirm that the
VL currently configured in ZCR_EL1.LEN is correct for current.
This was identified as a maintenance risk when working on enabling
IRQs in do_sve_acc().
The new logic flags and avoids potential buffer overruns on
sve_state that could otherwise occur if the VL is wrong. In this
case, we simply skip the save. The task state will be corrupted, but
that's better than corrupting kernel memory.
Since the task state is now wrong, it can't resume: just inject a
SIGKILL instead. We can't BUG(), since this problem may be detected
in softirq context where BUG() panics the kernel -- so
force_signal_inject() is called instead. "bad mode" is a confusing
thing to print for this, so force_signal_inject() is updated to print
the more general "unknown or unrecoverable error" for such signals:
there is no other call to force_signal_inject() with signal==SIGKILL
today.
---
arch/arm64/include/asm/fpsimd.h | 17 ++
arch/arm64/include/asm/processor.h | 2 +
arch/arm64/include/asm/thread_info.h | 1 +
arch/arm64/include/asm/traps.h | 2 +
arch/arm64/kernel/entry.S | 14 +-
arch/arm64/kernel/fpsimd.c | 342 ++++++++++++++++++++++++++++++++++-
arch/arm64/kernel/process.c | 14 +-
arch/arm64/kernel/traps.c | 6 +-
8 files changed, 388 insertions(+), 10 deletions(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 026a7c7..b1409de 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -20,6 +20,8 @@
#ifndef __ASSEMBLY__
+#include <linux/stddef.h>
+
/*
* FP/SIMD storage area has:
* - FPSR and FPCR
@@ -62,6 +64,7 @@ extern void fpsimd_thread_switch(struct task_struct *next);
extern void fpsimd_flush_thread(void);
extern void fpsimd_preserve_current_state(void);
+extern void fpsimd_preserve_current_state_discard_sve(void);
extern void fpsimd_restore_current_state(void);
extern void fpsimd_update_current_state(struct fpsimd_state *state);
@@ -72,6 +75,20 @@ extern void sve_load_state(void const *state, u32 const *pfpsr,
unsigned long vq_minus_1);
extern unsigned int sve_get_vl(void);
+#ifdef CONFIG_ARM64_SVE
+
+extern size_t sve_state_size(struct task_struct const *task);
+
+extern void sve_alloc(struct task_struct *task);
+extern void fpsimd_release_thread(struct task_struct *task);
+
+#else /* ! CONFIG_ARM64_SVE */
+
+static void __maybe_unused sve_alloc(struct task_struct *task) { }
+static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
+
+#endif /* ! CONFIG_ARM64_SVE */
+
/* For use by EFI runtime services calls only */
extern void __efi_fpsimd_begin(void);
extern void __efi_fpsimd_end(void);
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 29adab8..4831d28 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -85,6 +85,8 @@ struct thread_struct {
unsigned long tp2_value;
#endif
struct fpsimd_state fpsimd_state;
+ void *sve_state; /* SVE registers, if any */
+ unsigned int sve_vl; /* SVE vector length */
unsigned long fault_address; /* fault info */
unsigned long fault_code; /* ESR_EL1 value */
struct debug_info debug; /* debugging */
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
index ddded64..04dbf50 100644
--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@ -92,6 +92,7 @@ void arch_setup_new_exec(void);
#define TIF_RESTORE_SIGMASK 20
#define TIF_SINGLESTEP 21
#define TIF_32BIT 22 /* 32bit process */
+#define TIF_SVE 23 /* Scalable Vector Extension in use */
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
diff --git a/arch/arm64/include/asm/traps.h b/arch/arm64/include/asm/traps.h
index d131501..69e1aaf 100644
--- a/arch/arm64/include/asm/traps.h
+++ b/arch/arm64/include/asm/traps.h
@@ -34,6 +34,8 @@ struct undef_hook {
void register_undef_hook(struct undef_hook *hook);
void unregister_undef_hook(struct undef_hook *hook);
+void force_signal_inject(int signal, int code, struct pt_regs *regs,
+ unsigned long address);
void arm64_notify_segfault(struct pt_regs *regs, unsigned long addr);
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index e1c59d4..6718780 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -607,6 +607,8 @@ el0_sync:
b.eq el0_ia
cmp x24, #ESR_ELx_EC_FP_ASIMD // FP/ASIMD access
b.eq el0_fpsimd_acc
+ cmp x24, #ESR_ELx_EC_SVE // SVE access
+ b.eq el0_sve_acc
cmp x24, #ESR_ELx_EC_FP_EXC64 // FP/ASIMD exception
b.eq el0_fpsimd_exc
cmp x24, #ESR_ELx_EC_SYS64 // configurable trap
@@ -705,9 +707,19 @@ el0_fpsimd_acc:
mov x1, sp
bl do_fpsimd_acc
b ret_to_user
+el0_sve_acc:
+ /*
+ * Scalable Vector Extension access
+ */
+ enable_dbg_and_irq
+ ct_user_exit
+ mov x0, x25
+ mov x1, sp
+ bl do_sve_acc
+ b ret_to_user
el0_fpsimd_exc:
/*
- * Floating Point or Advanced SIMD exception
+ * Floating Point, Advanced SIMD or SVE exception
*/
enable_dbg
ct_user_exit
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 7a865c8..e60d451 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -18,18 +18,26 @@
*/
#include <linux/bottom_half.h>
+#include <linux/bug.h>
+#include <linux/compat.h>
#include <linux/cpu.h>
#include <linux/cpu_pm.h>
#include <linux/kernel.h>
+#include <linux/irqflags.h>
#include <linux/init.h>
#include <linux/percpu.h>
#include <linux/preempt.h>
+#include <linux/ptrace.h>
#include <linux/sched/signal.h>
#include <linux/signal.h>
+#include <linux/slab.h>
#include <asm/fpsimd.h>
#include <asm/cputype.h>
#include <asm/simd.h>
+#include <asm/sigcontext.h>
+#include <asm/sysreg.h>
+#include <asm/traps.h>
#define FPEXC_IOF (1 << 0)
#define FPEXC_DZF (1 << 1)
@@ -39,6 +47,8 @@
#define FPEXC_IDF (1 << 7)
/*
+ * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
+ *
* In order to reduce the number of times the FPSIMD state is needlessly saved
* and restored, we need to keep track of two things:
* (a) for each task, we need to remember which CPU was the last one to have
@@ -99,6 +109,287 @@
*/
static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
+static void sve_free(struct task_struct *task)
+{
+ kfree(task->thread.sve_state);
+ task->thread.sve_state = NULL;
+}
+
+/* Offset of FFR in the SVE register dump */
+static size_t sve_ffr_offset(int vl)
+{
+ return SVE_SIG_FFR_OFFSET(sve_vq_from_vl(vl)) - SVE_SIG_REGS_OFFSET;
+}
+
+static void *sve_pffr(struct task_struct *task)
+{
+ return (char *)task->thread.sve_state +
+ sve_ffr_offset(task->thread.sve_vl);
+}
+
+static void change_cpacr(u64 val, u64 mask)
+{
+ u64 cpacr = read_sysreg(CPACR_EL1);
+ u64 new = (cpacr & ~mask) | val;
+
+ if (new != cpacr)
+ write_sysreg(new, CPACR_EL1);
+}
+
+static void sve_user_disable(void)
+{
+ change_cpacr(0, CPACR_EL1_ZEN_EL0EN);
+}
+
+static void sve_user_enable(void)
+{
+ change_cpacr(CPACR_EL1_ZEN_EL0EN, CPACR_EL1_ZEN_EL0EN);
+}
+
+/*
+ * TIF_SVE controls whether a task can use SVE without trapping while
+ * in userspace, and also the way a task's FPSIMD/SVE state is stored
+ * in thread_struct.
+ *
+ * The kernel uses this flag to track whether a user task is actively
+ * using SVE, and therefore whether full SVE register state needs to
+ * be tracked. If not, the cheaper FPSIMD context handling code can
+ * be used instead of the more costly SVE equivalents.
+ *
+ * * TIF_SVE set:
+ *
+ * The task can execute SVE instructions while in userspace without
+ * trapping to the kernel.
+ *
+ * When stored, Z0-Z31 (incorporating Vn in bits[127:0] or the
+ * corresponding Zn), P0-P15 and FFR are encoded in in
+ * task->thread.sve_state, formatted appropriately for vector
+ * length task->thread.sve_vl.
+ *
+ * task->thread.sve_state must point to a valid buffer at least
+ * sve_state_size(task) bytes in size.
+ *
+ * During any syscall, the kernel may optionally clear TIF_SVE and
+ * discard the vector state except for the FPSIMD subset.
+ *
+ * * TIF_SVE clear:
+ *
+ * An attempt by the user task to execute an SVE instruction causes
+ * do_sve_acc() to be called, which does some preparation and then
+ * sets TIF_SVE.
+ *
+ * When stored, FPSIMD registers V0-V31 are encoded in
+ * task->fpsimd_state; bits [max : 128] for each of Z0-Z31 are
+ * logically zero but not stored anywhere; P0-P15 and FFR are not
+ * stored and have unspecified values from userspace's point of
+ * view. For hygiene purposes, the kernel zeroes them on next use,
+ * but userspace is discouraged from relying on this.
+ *
+ * task->thread.sve_state does not need to be non-NULL, valid or any
+ * particular size: it must not be dereferenced.
+ *
+ * * FPSR and FPCR are always stored in task->fpsimd_state irrespctive of
+ * whether TIF_SVE is clear or set, since these are not vector length
+ * dependent.
+ */
+
+/*
+ * Update current's FPSIMD/SVE registers from thread_struct.
+ *
+ * This function should be called only when the FPSIMD/SVE state in
+ * thread_struct is known to be up to date, when preparing to enter
+ * userspace.
+ *
+ * Softirqs (and preemption) must be disabled.
+ */
+static void task_fpsimd_load(void)
+{
+ WARN_ON(!in_softirq() && !irqs_disabled());
+
+ if (system_supports_sve() && test_thread_flag(TIF_SVE))
+ sve_load_state(sve_pffr(current),
+ ¤t->thread.fpsimd_state.fpsr,
+ sve_vq_from_vl(current->thread.sve_vl) - 1);
+ else
+ fpsimd_load_state(¤t->thread.fpsimd_state);
+
+ if (system_supports_sve()) {
+ /* Toggle SVE trapping for userspace if needed */
+ if (test_thread_flag(TIF_SVE))
+ sve_user_enable();
+ else
+ sve_user_disable();
+
+ /* Serialised by exception return to user */
+ }
+}
+
+/*
+ * Ensure current's FPSIMD/SVE storage in thread_struct is up to date
+ * with respect to the CPU registers.
+ *
+ * Softirqs (and preemption) must be disabled.
+ *
+ * As an optimisation, this function may skip the cost of saving the
+ * full SVE state if called in syscall context: this is permitted
+ * because the syscall ABI does not require the SVE registers to be
+ * preserved across system calls except for the subset shared with
+ * FPSIMD. However, don't _assume_ that this will occur. In the
+ * future, discarding of SVE state may be avoided for tasks that
+ * appear to use SVE heavily.
+ *
+ * SVE state may be discarded if in a syscall.
+ * To force SVE discard unconditionally, pass force_discard==true.
+ */
+static void __task_fpsimd_save(bool force_discard)
+{
+ WARN_ON(!in_softirq() && !irqs_disabled());
+
+ if (system_supports_sve() && test_thread_flag(TIF_SVE))
+ if (force_discard || in_syscall(current_pt_regs())) {
+ clear_thread_flag(TIF_SVE);
+
+ /* Trap if the task tries to use SVE again: */
+ sve_user_disable();
+ }
+
+ if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {
+ if (system_supports_sve() && test_thread_flag(TIF_SVE)) {
+ if (WARN_ON(sve_get_vl() != current->thread.sve_vl)) {
+ /*
+ * Can't save the user regs, so current would
+ * re-enter user with corrupt state.
+ * There's no way to recover, so kill it:
+ */
+ force_signal_inject(
+ SIGKILL, 0, current_pt_regs(), 0);
+ return;
+ }
+
+ sve_save_state(sve_pffr(current),
+ ¤t->thread.fpsimd_state.fpsr);
+ } else
+ fpsimd_save_state(¤t->thread.fpsimd_state);
+ }
+}
+
+static void task_fpsimd_save(void)
+{
+ __task_fpsimd_save(false);
+}
+
+#define ZREG(sve_state, vq, n) ((char *)(sve_state) + \
+ (SVE_SIG_ZREG_OFFSET(vq, n) - SVE_SIG_REGS_OFFSET))
+
+/*
+ * Transfer the FPSIMD state in task->thread.fpsimd_state to
+ * task->thread.sve_state.
+ *
+ * Task can be a non-runnable task, or current. In the latter case,
+ * softirqs (and preemption) must be disabled.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ * task->thread.fpsimd_state must be up to date before calling this function.
+ */
+static void fpsimd_to_sve(struct task_struct *task)
+{
+ unsigned int vq;
+ void *sst = task->thread.sve_state;
+ struct fpsimd_state const *fst = &task->thread.fpsimd_state;
+ unsigned int i;
+
+ if (!system_supports_sve())
+ return;
+
+ vq = sve_vq_from_vl(task->thread.sve_vl);
+ for (i = 0; i < 32; ++i)
+ memcpy(ZREG(sst, vq, i), &fst->vregs[i],
+ sizeof(fst->vregs[i]));
+}
+
+#ifdef CONFIG_ARM64_SVE
+
+/*
+ * Return how many bytes of memory are required to store the full SVE
+ * state for task, given task's currently configured vector length.
+ */
+size_t sve_state_size(struct task_struct const *task)
+{
+ return SVE_SIG_REGS_SIZE(sve_vq_from_vl(task->thread.sve_vl));
+}
+
+/*
+ * Ensure that task->thread.sve_state is allocated and sufficiently large.
+ *
+ * This function should be used only in preparation for replacing
+ * task->thread.sve_state with new data. The memory is always zeroed
+ * here to prevent stale data from showing through: this is done in
+ * the interest of testability and predictability: except in the
+ * do_sve_acc() case, there is no ABI requirement to hide stale data
+ * written previously be task.
+ */
+void sve_alloc(struct task_struct *task)
+{
+ if (task->thread.sve_state) {
+ memset(task->thread.sve_state, 0, sve_state_size(current));
+ return;
+ }
+
+ /* This is a small allocation (maximum ~8KB) and Should Not Fail. */
+ task->thread.sve_state =
+ kzalloc(sve_state_size(task), GFP_KERNEL);
+
+ /*
+ * If future SVE revisions can have larger vectors though,
+ * this may cease to be true:
+ */
+ BUG_ON(!task->thread.sve_state);
+}
+
+void fpsimd_release_thread(struct task_struct *dead_task)
+{
+ sve_free(dead_task);
+}
+
+#endif /* CONFIG_ARM64_SVE */
+
+/*
+ * Trapped SVE access
+ *
+ * Storage is allocated for the full SVE state, the current FPSIMD
+ * register contents are migrated across, and TIF_SVE is set so that
+ * the SVE access trap will be disabled the next time this task
+ * reaches ret_to_user.
+ *
+ * TIF_SVE should be clear on entry: otherwise, task_fpsimd_load()
+ * would have disabled the SVE access trap for userspace during
+ * ret_to_user, making an SVE access trap impossible in that case.
+ */
+void do_sve_acc(unsigned int esr, struct pt_regs *regs)
+{
+ /* Even if we chose not to use SVE, the hardware could still trap: */
+ if (unlikely(!system_supports_sve()) || WARN_ON(is_compat_task())) {
+ force_signal_inject(SIGILL, ILL_ILLOPC, regs, 0);
+ return;
+ }
+
+ sve_alloc(current);
+
+ local_bh_disable();
+
+ task_fpsimd_save();
+ fpsimd_to_sve(current);
+
+ /* Force ret_to_user to reload the registers: */
+ fpsimd_flush_task_state(current);
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+
+ if (test_and_set_thread_flag(TIF_SVE))
+ WARN_ON(1); /* SVE access shouldn't have trapped */
+
+ local_bh_enable();
+}
+
/*
* Trapped FP/ASIMD access.
*/
@@ -144,8 +435,8 @@ void fpsimd_thread_switch(struct task_struct *next)
* the registers is in fact the most recent userland FPSIMD state of
* 'current'.
*/
- if (current->mm && !test_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
+ if (current->mm)
+ task_fpsimd_save();
if (next->mm) {
/*
@@ -167,6 +458,8 @@ void fpsimd_thread_switch(struct task_struct *next)
void fpsimd_flush_thread(void)
{
+ int vl;
+
if (!system_supports_fpsimd())
return;
@@ -174,6 +467,30 @@ void fpsimd_flush_thread(void)
memset(¤t->thread.fpsimd_state, 0, sizeof(struct fpsimd_state));
fpsimd_flush_task_state(current);
+
+ if (system_supports_sve()) {
+ clear_thread_flag(TIF_SVE);
+ sve_free(current);
+
+ /*
+ * Reset the task vector length as required.
+ * This is where we ensure that all user tasks have a valid
+ * vector length configured: no kernel task can become a user
+ * task without an exec and hence a call to this function.
+ * If a bug causes this to go wrong, we make some noise and
+ * try to fudge thread.sve_vl to a safe value here.
+ */
+ vl = current->thread.sve_vl;
+
+ if (vl == 0)
+ vl = SVE_VL_MIN;
+
+ if (WARN_ON(!sve_vl_valid(vl)))
+ vl = SVE_VL_MIN;
+
+ current->thread.sve_vl = vl;
+ }
+
set_thread_flag(TIF_FOREIGN_FPSTATE);
local_bh_enable();
@@ -182,6 +499,10 @@ void fpsimd_flush_thread(void)
/*
* Save the userland FPSIMD state of 'current' to memory, but only if the state
* currently held in the registers does in fact belong to 'current'
+ *
+ * SVE state is currently discarded, but this will not be the case in future
+ * because it would violate the user ABI for SVE in some situations.
+ * Currently, SVE tasks can't exist, so just WARN in that case.
*/
void fpsimd_preserve_current_state(void)
{
@@ -193,10 +514,21 @@ void fpsimd_preserve_current_state(void)
if (!test_thread_flag(TIF_FOREIGN_FPSTATE))
fpsimd_save_state(¤t->thread.fpsimd_state);
+ WARN_ON_ONCE(test_and_clear_thread_flag(TIF_SVE));
+
local_bh_enable();
}
/*
+ * Like fpsimd_preserve_current_state_discard_sve(), but explicitly discard SVE
+ * state.
+ */
+void fpsimd_preserve_current_state_discard_sve(void)
+{
+ fpsimd_preserve_current_state();
+}
+
+/*
* Load the userland FPSIMD state of 'current' from memory, but only if the
* FPSIMD state already held in the registers is /not/ the most recent FPSIMD
* state of 'current'
@@ -211,7 +543,7 @@ void fpsimd_restore_current_state(void)
if (test_and_clear_thread_flag(TIF_FOREIGN_FPSTATE)) {
struct fpsimd_state *st = ¤t->thread.fpsimd_state;
- fpsimd_load_state(st);
+ task_fpsimd_load();
__this_cpu_write(fpsimd_last_state, st);
st->cpu = smp_processor_id();
}
@@ -380,8 +712,8 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
{
switch (cmd) {
case CPU_PM_ENTER:
- if (current->mm && !test_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
+ if (current->mm)
+ task_fpsimd_save();
this_cpu_write(fpsimd_last_state, NULL);
break;
case CPU_PM_EXIT:
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 2dc0f84..8195682 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -239,13 +239,25 @@ void flush_thread(void)
void release_thread(struct task_struct *dead_task)
{
+ fpsimd_release_thread(dead_task);
}
int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
{
+ /*
+ * For SVE, dst and src must not end up with aliases of the same
+ * sve_state. Because we are definitely in a syscall here, SVE state
+ * can be discarded unconditionally without violating the user ABI.
+ * dst's sve_state pointer can then be zapped with no ill effects.
+ *
+ * src can safely retain its sve_state memory for later use.
+ */
if (current->mm)
- fpsimd_preserve_current_state();
+ fpsimd_preserve_current_state_discard_sve();
*dst = *src;
+
+ dst->thread.sve_state = NULL;
+
return 0;
}
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index f202932..bf54885 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -358,8 +358,8 @@ static int call_undef_hook(struct pt_regs *regs)
return fn ? fn(regs, instr) : 1;
}
-static void force_signal_inject(int signal, int code, struct pt_regs *regs,
- unsigned long address)
+void force_signal_inject(int signal, int code, struct pt_regs *regs,
+ unsigned long address)
{
siginfo_t info;
void __user *pc = (void __user *)instruction_pointer(regs);
@@ -373,7 +373,7 @@ static void force_signal_inject(int signal, int code, struct pt_regs *regs,
desc = "illegal memory access";
break;
default:
- desc = "bad mode";
+ desc = "unknown or unrecoverable error";
break;
}
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 12/28] arm64/sve: Support vector length resetting for new processes
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
It's desirable to be able to reset the vector length to some sane
default for new processes, since the new binary and its libraries
processes may or may not be SVE-aware.
This patch tracks the desired post-exec vector length (if any) in a
new thread member sve_vl_onexec, and adds a new thread flag
TIF_SVE_VL_INHERIT to control whether to inherit or reset the
vector length. Currently these are inactive. Subsequent patches
will provide the capability to configure them.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/include/asm/processor.h | 1 +
arch/arm64/include/asm/thread_info.h | 1 +
arch/arm64/kernel/fpsimd.c | 16 ++++++++++++----
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 4831d28..3faceac 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -87,6 +87,7 @@ struct thread_struct {
struct fpsimd_state fpsimd_state;
void *sve_state; /* SVE registers, if any */
unsigned int sve_vl; /* SVE vector length */
+ unsigned int sve_vl_onexec; /* SVE vl after next exec */
unsigned long fault_address; /* fault info */
unsigned long fault_code; /* ESR_EL1 value */
struct debug_info debug; /* debugging */
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
index 04dbf50..c6400fc 100644
--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@ -93,6 +93,7 @@ void arch_setup_new_exec(void);
#define TIF_SINGLESTEP 21
#define TIF_32BIT 22 /* 32bit process */
#define TIF_SVE 23 /* Scalable Vector Extension in use */
+#define TIF_SVE_VL_INHERIT 24 /* Inherit sve_vl_onexec across exec */
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index e60d451..aabeaee 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -109,6 +109,9 @@
*/
static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
+/* Default VL for tasks that don't set it explicitly: */
+static int sve_default_vl = SVE_VL_MIN;
+
static void sve_free(struct task_struct *task)
{
kfree(task->thread.sve_state);
@@ -480,15 +483,20 @@ void fpsimd_flush_thread(void)
* If a bug causes this to go wrong, we make some noise and
* try to fudge thread.sve_vl to a safe value here.
*/
- vl = current->thread.sve_vl;
-
- if (vl == 0)
- vl = SVE_VL_MIN;
+ vl = current->thread.sve_vl_onexec ?
+ current->thread.sve_vl_onexec : sve_default_vl;
if (WARN_ON(!sve_vl_valid(vl)))
vl = SVE_VL_MIN;
current->thread.sve_vl = vl;
+
+ /*
+ * If the task is not set to inherit, ensure that the vector
+ * length will be reset by a subsequent exec:
+ */
+ if (!test_thread_flag(TIF_SVE_VL_INHERIT))
+ current->thread.sve_vl_onexec = 0;
}
set_thread_flag(TIF_FOREIGN_FPSTATE);
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 12/28] arm64/sve: Support vector length resetting for new processes
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
It's desirable to be able to reset the vector length to some sane
default for new processes, since the new binary and its libraries
processes may or may not be SVE-aware.
This patch tracks the desired post-exec vector length (if any) in a
new thread member sve_vl_onexec, and adds a new thread flag
TIF_SVE_VL_INHERIT to control whether to inherit or reset the
vector length. Currently these are inactive. Subsequent patches
will provide the capability to configure them.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/include/asm/processor.h | 1 +
arch/arm64/include/asm/thread_info.h | 1 +
arch/arm64/kernel/fpsimd.c | 16 ++++++++++++----
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 4831d28..3faceac 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -87,6 +87,7 @@ struct thread_struct {
struct fpsimd_state fpsimd_state;
void *sve_state; /* SVE registers, if any */
unsigned int sve_vl; /* SVE vector length */
+ unsigned int sve_vl_onexec; /* SVE vl after next exec */
unsigned long fault_address; /* fault info */
unsigned long fault_code; /* ESR_EL1 value */
struct debug_info debug; /* debugging */
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
index 04dbf50..c6400fc 100644
--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@ -93,6 +93,7 @@ void arch_setup_new_exec(void);
#define TIF_SINGLESTEP 21
#define TIF_32BIT 22 /* 32bit process */
#define TIF_SVE 23 /* Scalable Vector Extension in use */
+#define TIF_SVE_VL_INHERIT 24 /* Inherit sve_vl_onexec across exec */
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index e60d451..aabeaee 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -109,6 +109,9 @@
*/
static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
+/* Default VL for tasks that don't set it explicitly: */
+static int sve_default_vl = SVE_VL_MIN;
+
static void sve_free(struct task_struct *task)
{
kfree(task->thread.sve_state);
@@ -480,15 +483,20 @@ void fpsimd_flush_thread(void)
* If a bug causes this to go wrong, we make some noise and
* try to fudge thread.sve_vl to a safe value here.
*/
- vl = current->thread.sve_vl;
-
- if (vl == 0)
- vl = SVE_VL_MIN;
+ vl = current->thread.sve_vl_onexec ?
+ current->thread.sve_vl_onexec : sve_default_vl;
if (WARN_ON(!sve_vl_valid(vl)))
vl = SVE_VL_MIN;
current->thread.sve_vl = vl;
+
+ /*
+ * If the task is not set to inherit, ensure that the vector
+ * length will be reset by a subsequent exec:
+ */
+ if (!test_thread_flag(TIF_SVE_VL_INHERIT))
+ current->thread.sve_vl_onexec = 0;
}
set_thread_flag(TIF_FOREIGN_FPSTATE);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 12/28] arm64/sve: Support vector length resetting for new processes
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
It's desirable to be able to reset the vector length to some sane
default for new processes, since the new binary and its libraries
processes may or may not be SVE-aware.
This patch tracks the desired post-exec vector length (if any) in a
new thread member sve_vl_onexec, and adds a new thread flag
TIF_SVE_VL_INHERIT to control whether to inherit or reset the
vector length. Currently these are inactive. Subsequent patches
will provide the capability to configure them.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/include/asm/processor.h | 1 +
arch/arm64/include/asm/thread_info.h | 1 +
arch/arm64/kernel/fpsimd.c | 16 ++++++++++++----
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 4831d28..3faceac 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -87,6 +87,7 @@ struct thread_struct {
struct fpsimd_state fpsimd_state;
void *sve_state; /* SVE registers, if any */
unsigned int sve_vl; /* SVE vector length */
+ unsigned int sve_vl_onexec; /* SVE vl after next exec */
unsigned long fault_address; /* fault info */
unsigned long fault_code; /* ESR_EL1 value */
struct debug_info debug; /* debugging */
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
index 04dbf50..c6400fc 100644
--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@ -93,6 +93,7 @@ void arch_setup_new_exec(void);
#define TIF_SINGLESTEP 21
#define TIF_32BIT 22 /* 32bit process */
#define TIF_SVE 23 /* Scalable Vector Extension in use */
+#define TIF_SVE_VL_INHERIT 24 /* Inherit sve_vl_onexec across exec */
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index e60d451..aabeaee 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -109,6 +109,9 @@
*/
static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
+/* Default VL for tasks that don't set it explicitly: */
+static int sve_default_vl = SVE_VL_MIN;
+
static void sve_free(struct task_struct *task)
{
kfree(task->thread.sve_state);
@@ -480,15 +483,20 @@ void fpsimd_flush_thread(void)
* If a bug causes this to go wrong, we make some noise and
* try to fudge thread.sve_vl to a safe value here.
*/
- vl = current->thread.sve_vl;
-
- if (vl == 0)
- vl = SVE_VL_MIN;
+ vl = current->thread.sve_vl_onexec ?
+ current->thread.sve_vl_onexec : sve_default_vl;
if (WARN_ON(!sve_vl_valid(vl)))
vl = SVE_VL_MIN;
current->thread.sve_vl = vl;
+
+ /*
+ * If the task is not set to inherit, ensure that the vector
+ * length will be reset by a subsequent exec:
+ */
+ if (!test_thread_flag(TIF_SVE_VL_INHERIT))
+ current->thread.sve_vl_onexec = 0;
}
set_thread_flag(TIF_FOREIGN_FPSTATE);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 13/28] arm64/sve: Signal handling support
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
This patch implements support for saving and restoring the SVE
registers around signals.
A fixed-size header struct sve_context is always included in the
signal frame encoding the thread's vector length at the time of
signal delivery, optionally followed by a variable-layout structure
encoding the SVE registers.
Because of the need to preserve backwards compatibility, the FPSIMD
view of the SVE registers is always dumped as a struct
fpsimd_context in the usual way, in addition to any sve_context.
The SVE vector registers are dumped in full, including bits 127:0
of each register which alias the corresponding FPSIMD vector
registers in the hardware. To avoid any ambiguity about which
alias to restore during sigreturn, the kernel always restores bits
127:0 of each SVE vector register from the fpsimd_context in the
signal frame (which must be present): userspace needs to take this
into account if it wants to modify the SVE vector register contents
on return from a signal.
FPSR and FPCR, which are used by both FPSIMD and SVE, are not
included in sve_context because they are always present in
fpsimd_context anyway.
For signal delivery, a new helper
fpsimd_signal_preserve_current_state() is added to update _both_
the FPSIMD and SVE views in the task struct, to make it easier to
populate this information into the signal frame. Because of the
redundancy between the two views of the state, only one is updated
otherwise. In order to avoid racing with a pending discard of the
SVE state, this flush is hoisted before the sigframe layout phase,
so that the layout and population phases see a consistent view of
the thread.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Dropped Alex Bennée's Reviewed-by due to refactoring that affects this
patch. The changes are straightforward here, but deserve a second look.
Changes since v2
----------------
* fpsimd_preserve_current_state() family of functions refactored
to allow arch_dup_task_struct() to forcibly discard the SVE state.
This change shouldn't affect signal handling behviour.
---
arch/arm64/include/asm/fpsimd.h | 1 +
arch/arm64/kernel/fpsimd.c | 66 ++++++++++++---
arch/arm64/kernel/signal.c | 173 ++++++++++++++++++++++++++++++++++++++--
arch/arm64/kernel/signal32.c | 2 +-
4 files changed, 221 insertions(+), 21 deletions(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index b1409de..52e01c5 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -63,6 +63,7 @@ extern void fpsimd_load_state(struct fpsimd_state *state);
extern void fpsimd_thread_switch(struct task_struct *next);
extern void fpsimd_flush_thread(void);
+extern void fpsimd_signal_preserve_current_state(void);
extern void fpsimd_preserve_current_state(void);
extern void fpsimd_preserve_current_state_discard_sve(void);
extern void fpsimd_restore_current_state(void);
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index aabeaee..fa4ed34 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
sizeof(fst->vregs[i]));
}
+/*
+ * Transfer the SVE state in task->thread.sve_state to
+ * task->thread.fpsimd_state.
+ *
+ * Task can be a non-runnable task, or current. In the latter case,
+ * softirqs (and preemption) must be disabled.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ * task->thread.sve_state must be up to date before calling this function.
+ */
+static void sve_to_fpsimd(struct task_struct *task)
+{
+ unsigned int vq;
+ void const *sst = task->thread.sve_state;
+ struct fpsimd_state *fst = &task->thread.fpsimd_state;
+ unsigned int i;
+
+ if (!system_supports_sve())
+ return;
+
+ vq = sve_vq_from_vl(task->thread.sve_vl);
+ for (i = 0; i < 32; ++i)
+ memcpy(&fst->vregs[i], ZREG(sst, vq, i),
+ sizeof(fst->vregs[i]));
+}
+
#ifdef CONFIG_ARM64_SVE
/*
@@ -508,32 +534,43 @@ void fpsimd_flush_thread(void)
* Save the userland FPSIMD state of 'current' to memory, but only if the state
* currently held in the registers does in fact belong to 'current'
*
- * SVE state is currently discarded, but this will not be the case in future
- * because it would violate the user ABI for SVE in some situations.
- * Currently, SVE tasks can't exist, so just WARN in that case.
+ * SVE state may be discarded if in a syscall.
+ * To force SVE discard unconditionally, pass force_discard==true.
*/
-void fpsimd_preserve_current_state(void)
+static void __fpsimd_preserve_current_state(bool force_discard)
{
if (!system_supports_fpsimd())
return;
local_bh_disable();
-
- if (!test_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
-
- WARN_ON_ONCE(test_and_clear_thread_flag(TIF_SVE));
-
+ __task_fpsimd_save(force_discard);
local_bh_enable();
}
+void fpsimd_preserve_current_state(void)
+{
+ __fpsimd_preserve_current_state(false);
+}
+
/*
- * Like fpsimd_preserve_current_state_discard_sve(), but explicitly discard SVE
+ * Like fpsimd_preserve_current_state(), but explicitly discard SVE
* state.
*/
void fpsimd_preserve_current_state_discard_sve(void)
{
+ __fpsimd_preserve_current_state(true);
+}
+
+/*
+ * Like fpsimd_preserve_current_state(), but ensure that
+ * current->thread.fpsimd_state is updated so that it can be copied to
+ * the signal frame.
+ */
+void fpsimd_signal_preserve_current_state(void)
+{
fpsimd_preserve_current_state();
+ if (system_supports_sve() && test_thread_flag(TIF_SVE))
+ sve_to_fpsimd(current);
}
/*
@@ -571,7 +608,12 @@ void fpsimd_update_current_state(struct fpsimd_state *state)
local_bh_disable();
- fpsimd_load_state(state);
+ if (system_supports_sve() && test_thread_flag(TIF_SVE)) {
+ current->thread.fpsimd_state = *state;
+ fpsimd_to_sve(current);
+ }
+ task_fpsimd_load();
+
if (test_and_clear_thread_flag(TIF_FOREIGN_FPSTATE)) {
struct fpsimd_state *st = ¤t->thread.fpsimd_state;
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 0bdc96c..0d7a71e 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -63,6 +63,7 @@ struct rt_sigframe_user_layout {
unsigned long fpsimd_offset;
unsigned long esr_offset;
+ unsigned long sve_offset;
unsigned long extra_offset;
unsigned long end_offset;
};
@@ -179,9 +180,6 @@ static int preserve_fpsimd_context(struct fpsimd_context __user *ctx)
struct fpsimd_state *fpsimd = ¤t->thread.fpsimd_state;
int err;
- /* dump the hardware registers to the fpsimd_state structure */
- fpsimd_preserve_current_state();
-
/* copy the FP and status/control registers */
err = __copy_to_user(ctx->vregs, fpsimd->vregs, sizeof(fpsimd->vregs));
__put_user_error(fpsimd->fpsr, &ctx->fpsr, err);
@@ -214,6 +212,8 @@ static int restore_fpsimd_context(struct fpsimd_context __user *ctx)
__get_user_error(fpsimd.fpsr, &ctx->fpsr, err);
__get_user_error(fpsimd.fpcr, &ctx->fpcr, err);
+ clear_thread_flag(TIF_SVE);
+
/* load the hardware registers from the fpsimd_state structure */
if (!err)
fpsimd_update_current_state(&fpsimd);
@@ -221,10 +221,118 @@ static int restore_fpsimd_context(struct fpsimd_context __user *ctx)
return err ? -EFAULT : 0;
}
+
struct user_ctxs {
struct fpsimd_context __user *fpsimd;
+ struct sve_context __user *sve;
};
+#ifdef CONFIG_ARM64_SVE
+
+static int preserve_sve_context(struct sve_context __user *ctx)
+{
+ int err = 0;
+ u16 reserved[ARRAY_SIZE(ctx->__reserved)];
+ unsigned int vl = current->thread.sve_vl;
+ unsigned int vq = 0;
+
+ if (test_thread_flag(TIF_SVE))
+ vq = sve_vq_from_vl(vl);
+
+ memset(reserved, 0, sizeof(reserved));
+
+ __put_user_error(SVE_MAGIC, &ctx->head.magic, err);
+ __put_user_error(round_up(SVE_SIG_CONTEXT_SIZE(vq), 16),
+ &ctx->head.size, err);
+ __put_user_error(vl, &ctx->vl, err);
+ BUILD_BUG_ON(sizeof(ctx->__reserved) != sizeof(reserved));
+ err |= copy_to_user(&ctx->__reserved, reserved, sizeof(reserved));
+
+ if (vq) {
+ /*
+ * This assumes that the SVE state has already been saved to
+ * the task struct by calling preserve_fpsimd_context().
+ */
+ err |= copy_to_user((char __user *)ctx + SVE_SIG_REGS_OFFSET,
+ current->thread.sve_state,
+ SVE_SIG_REGS_SIZE(vq));
+ }
+
+ return err ? -EFAULT : 0;
+}
+
+static int restore_sve_fpsimd_context(struct user_ctxs *user)
+{
+ int err;
+ unsigned int vq;
+ struct fpsimd_state fpsimd;
+ struct sve_context sve;
+
+ if (__copy_from_user(&sve, user->sve, sizeof(sve)))
+ return -EFAULT;
+
+ if (sve.vl != current->thread.sve_vl)
+ return -EINVAL;
+
+ if (sve.head.size <= sizeof(*user->sve)) {
+ clear_thread_flag(TIF_SVE);
+ goto fpsimd_only;
+ }
+
+ vq = sve_vq_from_vl(sve.vl);
+
+ if (sve.head.size < SVE_SIG_CONTEXT_SIZE(vq))
+ return -EINVAL;
+
+ /*
+ * Careful: we are about __copy_from_user() directly into
+ * thread.sve_state with preemption enabled, so protection is
+ * needed to prevent a racing context switch from writing stale
+ * registers back over the new data.
+ */
+
+ fpsimd_flush_task_state(current);
+ barrier();
+ /* From now, fpsimd_thread_switch() won't clear TIF_FOREIGN_FPSTATE */
+
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ barrier();
+ /* From now, fpsimd_thread_switch() won't touch thread.sve_state */
+
+ sve_alloc(current);
+ err = __copy_from_user(current->thread.sve_state,
+ (char __user const *)user->sve +
+ SVE_SIG_REGS_OFFSET,
+ SVE_SIG_REGS_SIZE(vq));
+ if (err)
+ return err;
+
+ set_thread_flag(TIF_SVE);
+
+fpsimd_only:
+ /* copy the FP and status/control registers */
+ /* restore_sigframe() already checked that user->fpsimd != NULL. */
+ err = __copy_from_user(fpsimd.vregs, user->fpsimd->vregs,
+ sizeof(fpsimd.vregs));
+ __get_user_error(fpsimd.fpsr, &user->fpsimd->fpsr, err);
+ __get_user_error(fpsimd.fpcr, &user->fpsimd->fpcr, err);
+
+ /* load the hardware registers from the fpsimd_state structure */
+ if (!err)
+ fpsimd_update_current_state(&fpsimd);
+
+ return err;
+}
+
+#else /* ! CONFIG_ARM64_SVE */
+
+/* Turn any non-optimised out attempts to use these into a link error: */
+extern int preserve_sve_context(void __user *ctx);
+extern int restore_sve_fpsimd_context(struct user_ctxs *user);
+
+#endif /* ! CONFIG_ARM64_SVE */
+
+
static int parse_user_sigframe(struct user_ctxs *user,
struct rt_sigframe __user *sf)
{
@@ -237,6 +345,7 @@ static int parse_user_sigframe(struct user_ctxs *user,
char const __user *const sfp = (char const __user *)sf;
user->fpsimd = NULL;
+ user->sve = NULL;
if (!IS_ALIGNED((unsigned long)base, 16))
goto invalid;
@@ -287,6 +396,19 @@ static int parse_user_sigframe(struct user_ctxs *user,
/* ignore */
break;
+ case SVE_MAGIC:
+ if (!system_supports_sve())
+ goto invalid;
+
+ if (user->sve)
+ goto invalid;
+
+ if (size < sizeof(*user->sve))
+ goto invalid;
+
+ user->sve = (struct sve_context __user *)head;
+ break;
+
case EXTRA_MAGIC:
if (have_extra_context)
goto invalid;
@@ -359,9 +481,6 @@ static int parse_user_sigframe(struct user_ctxs *user,
}
done:
- if (!user->fpsimd)
- goto invalid;
-
return 0;
invalid:
@@ -395,8 +514,19 @@ static int restore_sigframe(struct pt_regs *regs,
if (err == 0)
err = parse_user_sigframe(&user, sf);
- if (err == 0)
- err = restore_fpsimd_context(user.fpsimd);
+ if (err == 0) {
+ if (!user.fpsimd)
+ return -EINVAL;
+
+ if (user.sve) {
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ err = restore_sve_fpsimd_context(&user);
+ } else {
+ err = restore_fpsimd_context(user.fpsimd);
+ }
+ }
return err;
}
@@ -455,6 +585,18 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
return err;
}
+ if (system_supports_sve()) {
+ unsigned int vq = 0;
+
+ if (test_thread_flag(TIF_SVE))
+ vq = sve_vq_from_vl(current->thread.sve_vl);
+
+ err = sigframe_alloc(user, &user->sve_offset,
+ SVE_SIG_CONTEXT_SIZE(vq));
+ if (err)
+ return err;
+ }
+
return sigframe_alloc_end(user);
}
@@ -496,6 +638,13 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user,
__put_user_error(current->thread.fault_code, &esr_ctx->esr, err);
}
+ /* Scalable Vector Extension state, if present */
+ if (system_supports_sve() && err == 0 && user->sve_offset) {
+ struct sve_context __user *sve_ctx =
+ apply_user_offset(user, user->sve_offset);
+ err |= preserve_sve_context(sve_ctx);
+ }
+
if (err == 0 && user->extra_offset) {
char __user *sfp = (char __user *)user->sigframe;
char __user *userp =
@@ -595,6 +744,14 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set,
struct rt_sigframe __user *frame;
int err = 0;
+ /*
+ * Ensure FPSIMD/SVE state in task_struct is up-to-date.
+ * This is needed here in order to complete any pending SVE discard:
+ * otherwise, discard may occur between deciding on the sigframe
+ * layout and dumping the register data.
+ */
+ fpsimd_signal_preserve_current_state();
+
if (get_sigframe(&user, ksig, regs))
return 1;
diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c
index e09bf5d..22711ee 100644
--- a/arch/arm64/kernel/signal32.c
+++ b/arch/arm64/kernel/signal32.c
@@ -239,7 +239,7 @@ static int compat_preserve_vfp_context(struct compat_vfp_sigframe __user *frame)
* Note that this also saves V16-31, which aren't visible
* in AArch32.
*/
- fpsimd_preserve_current_state();
+ fpsimd_signal_preserve_current_state();
/* Place structure header on the stack */
__put_user_error(magic, &frame->magic, err);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 13/28] arm64/sve: Signal handling support
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch implements support for saving and restoring the SVE
registers around signals.
A fixed-size header struct sve_context is always included in the
signal frame encoding the thread's vector length at the time of
signal delivery, optionally followed by a variable-layout structure
encoding the SVE registers.
Because of the need to preserve backwards compatibility, the FPSIMD
view of the SVE registers is always dumped as a struct
fpsimd_context in the usual way, in addition to any sve_context.
The SVE vector registers are dumped in full, including bits 127:0
of each register which alias the corresponding FPSIMD vector
registers in the hardware. To avoid any ambiguity about which
alias to restore during sigreturn, the kernel always restores bits
127:0 of each SVE vector register from the fpsimd_context in the
signal frame (which must be present): userspace needs to take this
into account if it wants to modify the SVE vector register contents
on return from a signal.
FPSR and FPCR, which are used by both FPSIMD and SVE, are not
included in sve_context because they are always present in
fpsimd_context anyway.
For signal delivery, a new helper
fpsimd_signal_preserve_current_state() is added to update _both_
the FPSIMD and SVE views in the task struct, to make it easier to
populate this information into the signal frame. Because of the
redundancy between the two views of the state, only one is updated
otherwise. In order to avoid racing with a pending discard of the
SVE state, this flush is hoisted before the sigframe layout phase,
so that the layout and population phases see a consistent view of
the thread.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Benn?e <alex.bennee@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Dropped Alex Benn?e's Reviewed-by due to refactoring that affects this
patch. The changes are straightforward here, but deserve a second look.
Changes since v2
----------------
* fpsimd_preserve_current_state() family of functions refactored
to allow arch_dup_task_struct() to forcibly discard the SVE state.
This change shouldn't affect signal handling behviour.
---
arch/arm64/include/asm/fpsimd.h | 1 +
arch/arm64/kernel/fpsimd.c | 66 ++++++++++++---
arch/arm64/kernel/signal.c | 173 ++++++++++++++++++++++++++++++++++++++--
arch/arm64/kernel/signal32.c | 2 +-
4 files changed, 221 insertions(+), 21 deletions(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index b1409de..52e01c5 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -63,6 +63,7 @@ extern void fpsimd_load_state(struct fpsimd_state *state);
extern void fpsimd_thread_switch(struct task_struct *next);
extern void fpsimd_flush_thread(void);
+extern void fpsimd_signal_preserve_current_state(void);
extern void fpsimd_preserve_current_state(void);
extern void fpsimd_preserve_current_state_discard_sve(void);
extern void fpsimd_restore_current_state(void);
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index aabeaee..fa4ed34 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
sizeof(fst->vregs[i]));
}
+/*
+ * Transfer the SVE state in task->thread.sve_state to
+ * task->thread.fpsimd_state.
+ *
+ * Task can be a non-runnable task, or current. In the latter case,
+ * softirqs (and preemption) must be disabled.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ * task->thread.sve_state must be up to date before calling this function.
+ */
+static void sve_to_fpsimd(struct task_struct *task)
+{
+ unsigned int vq;
+ void const *sst = task->thread.sve_state;
+ struct fpsimd_state *fst = &task->thread.fpsimd_state;
+ unsigned int i;
+
+ if (!system_supports_sve())
+ return;
+
+ vq = sve_vq_from_vl(task->thread.sve_vl);
+ for (i = 0; i < 32; ++i)
+ memcpy(&fst->vregs[i], ZREG(sst, vq, i),
+ sizeof(fst->vregs[i]));
+}
+
#ifdef CONFIG_ARM64_SVE
/*
@@ -508,32 +534,43 @@ void fpsimd_flush_thread(void)
* Save the userland FPSIMD state of 'current' to memory, but only if the state
* currently held in the registers does in fact belong to 'current'
*
- * SVE state is currently discarded, but this will not be the case in future
- * because it would violate the user ABI for SVE in some situations.
- * Currently, SVE tasks can't exist, so just WARN in that case.
+ * SVE state may be discarded if in a syscall.
+ * To force SVE discard unconditionally, pass force_discard==true.
*/
-void fpsimd_preserve_current_state(void)
+static void __fpsimd_preserve_current_state(bool force_discard)
{
if (!system_supports_fpsimd())
return;
local_bh_disable();
-
- if (!test_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
-
- WARN_ON_ONCE(test_and_clear_thread_flag(TIF_SVE));
-
+ __task_fpsimd_save(force_discard);
local_bh_enable();
}
+void fpsimd_preserve_current_state(void)
+{
+ __fpsimd_preserve_current_state(false);
+}
+
/*
- * Like fpsimd_preserve_current_state_discard_sve(), but explicitly discard SVE
+ * Like fpsimd_preserve_current_state(), but explicitly discard SVE
* state.
*/
void fpsimd_preserve_current_state_discard_sve(void)
{
+ __fpsimd_preserve_current_state(true);
+}
+
+/*
+ * Like fpsimd_preserve_current_state(), but ensure that
+ * current->thread.fpsimd_state is updated so that it can be copied to
+ * the signal frame.
+ */
+void fpsimd_signal_preserve_current_state(void)
+{
fpsimd_preserve_current_state();
+ if (system_supports_sve() && test_thread_flag(TIF_SVE))
+ sve_to_fpsimd(current);
}
/*
@@ -571,7 +608,12 @@ void fpsimd_update_current_state(struct fpsimd_state *state)
local_bh_disable();
- fpsimd_load_state(state);
+ if (system_supports_sve() && test_thread_flag(TIF_SVE)) {
+ current->thread.fpsimd_state = *state;
+ fpsimd_to_sve(current);
+ }
+ task_fpsimd_load();
+
if (test_and_clear_thread_flag(TIF_FOREIGN_FPSTATE)) {
struct fpsimd_state *st = ¤t->thread.fpsimd_state;
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 0bdc96c..0d7a71e 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -63,6 +63,7 @@ struct rt_sigframe_user_layout {
unsigned long fpsimd_offset;
unsigned long esr_offset;
+ unsigned long sve_offset;
unsigned long extra_offset;
unsigned long end_offset;
};
@@ -179,9 +180,6 @@ static int preserve_fpsimd_context(struct fpsimd_context __user *ctx)
struct fpsimd_state *fpsimd = ¤t->thread.fpsimd_state;
int err;
- /* dump the hardware registers to the fpsimd_state structure */
- fpsimd_preserve_current_state();
-
/* copy the FP and status/control registers */
err = __copy_to_user(ctx->vregs, fpsimd->vregs, sizeof(fpsimd->vregs));
__put_user_error(fpsimd->fpsr, &ctx->fpsr, err);
@@ -214,6 +212,8 @@ static int restore_fpsimd_context(struct fpsimd_context __user *ctx)
__get_user_error(fpsimd.fpsr, &ctx->fpsr, err);
__get_user_error(fpsimd.fpcr, &ctx->fpcr, err);
+ clear_thread_flag(TIF_SVE);
+
/* load the hardware registers from the fpsimd_state structure */
if (!err)
fpsimd_update_current_state(&fpsimd);
@@ -221,10 +221,118 @@ static int restore_fpsimd_context(struct fpsimd_context __user *ctx)
return err ? -EFAULT : 0;
}
+
struct user_ctxs {
struct fpsimd_context __user *fpsimd;
+ struct sve_context __user *sve;
};
+#ifdef CONFIG_ARM64_SVE
+
+static int preserve_sve_context(struct sve_context __user *ctx)
+{
+ int err = 0;
+ u16 reserved[ARRAY_SIZE(ctx->__reserved)];
+ unsigned int vl = current->thread.sve_vl;
+ unsigned int vq = 0;
+
+ if (test_thread_flag(TIF_SVE))
+ vq = sve_vq_from_vl(vl);
+
+ memset(reserved, 0, sizeof(reserved));
+
+ __put_user_error(SVE_MAGIC, &ctx->head.magic, err);
+ __put_user_error(round_up(SVE_SIG_CONTEXT_SIZE(vq), 16),
+ &ctx->head.size, err);
+ __put_user_error(vl, &ctx->vl, err);
+ BUILD_BUG_ON(sizeof(ctx->__reserved) != sizeof(reserved));
+ err |= copy_to_user(&ctx->__reserved, reserved, sizeof(reserved));
+
+ if (vq) {
+ /*
+ * This assumes that the SVE state has already been saved to
+ * the task struct by calling preserve_fpsimd_context().
+ */
+ err |= copy_to_user((char __user *)ctx + SVE_SIG_REGS_OFFSET,
+ current->thread.sve_state,
+ SVE_SIG_REGS_SIZE(vq));
+ }
+
+ return err ? -EFAULT : 0;
+}
+
+static int restore_sve_fpsimd_context(struct user_ctxs *user)
+{
+ int err;
+ unsigned int vq;
+ struct fpsimd_state fpsimd;
+ struct sve_context sve;
+
+ if (__copy_from_user(&sve, user->sve, sizeof(sve)))
+ return -EFAULT;
+
+ if (sve.vl != current->thread.sve_vl)
+ return -EINVAL;
+
+ if (sve.head.size <= sizeof(*user->sve)) {
+ clear_thread_flag(TIF_SVE);
+ goto fpsimd_only;
+ }
+
+ vq = sve_vq_from_vl(sve.vl);
+
+ if (sve.head.size < SVE_SIG_CONTEXT_SIZE(vq))
+ return -EINVAL;
+
+ /*
+ * Careful: we are about __copy_from_user() directly into
+ * thread.sve_state with preemption enabled, so protection is
+ * needed to prevent a racing context switch from writing stale
+ * registers back over the new data.
+ */
+
+ fpsimd_flush_task_state(current);
+ barrier();
+ /* From now, fpsimd_thread_switch() won't clear TIF_FOREIGN_FPSTATE */
+
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ barrier();
+ /* From now, fpsimd_thread_switch() won't touch thread.sve_state */
+
+ sve_alloc(current);
+ err = __copy_from_user(current->thread.sve_state,
+ (char __user const *)user->sve +
+ SVE_SIG_REGS_OFFSET,
+ SVE_SIG_REGS_SIZE(vq));
+ if (err)
+ return err;
+
+ set_thread_flag(TIF_SVE);
+
+fpsimd_only:
+ /* copy the FP and status/control registers */
+ /* restore_sigframe() already checked that user->fpsimd != NULL. */
+ err = __copy_from_user(fpsimd.vregs, user->fpsimd->vregs,
+ sizeof(fpsimd.vregs));
+ __get_user_error(fpsimd.fpsr, &user->fpsimd->fpsr, err);
+ __get_user_error(fpsimd.fpcr, &user->fpsimd->fpcr, err);
+
+ /* load the hardware registers from the fpsimd_state structure */
+ if (!err)
+ fpsimd_update_current_state(&fpsimd);
+
+ return err;
+}
+
+#else /* ! CONFIG_ARM64_SVE */
+
+/* Turn any non-optimised out attempts to use these into a link error: */
+extern int preserve_sve_context(void __user *ctx);
+extern int restore_sve_fpsimd_context(struct user_ctxs *user);
+
+#endif /* ! CONFIG_ARM64_SVE */
+
+
static int parse_user_sigframe(struct user_ctxs *user,
struct rt_sigframe __user *sf)
{
@@ -237,6 +345,7 @@ static int parse_user_sigframe(struct user_ctxs *user,
char const __user *const sfp = (char const __user *)sf;
user->fpsimd = NULL;
+ user->sve = NULL;
if (!IS_ALIGNED((unsigned long)base, 16))
goto invalid;
@@ -287,6 +396,19 @@ static int parse_user_sigframe(struct user_ctxs *user,
/* ignore */
break;
+ case SVE_MAGIC:
+ if (!system_supports_sve())
+ goto invalid;
+
+ if (user->sve)
+ goto invalid;
+
+ if (size < sizeof(*user->sve))
+ goto invalid;
+
+ user->sve = (struct sve_context __user *)head;
+ break;
+
case EXTRA_MAGIC:
if (have_extra_context)
goto invalid;
@@ -359,9 +481,6 @@ static int parse_user_sigframe(struct user_ctxs *user,
}
done:
- if (!user->fpsimd)
- goto invalid;
-
return 0;
invalid:
@@ -395,8 +514,19 @@ static int restore_sigframe(struct pt_regs *regs,
if (err == 0)
err = parse_user_sigframe(&user, sf);
- if (err == 0)
- err = restore_fpsimd_context(user.fpsimd);
+ if (err == 0) {
+ if (!user.fpsimd)
+ return -EINVAL;
+
+ if (user.sve) {
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ err = restore_sve_fpsimd_context(&user);
+ } else {
+ err = restore_fpsimd_context(user.fpsimd);
+ }
+ }
return err;
}
@@ -455,6 +585,18 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
return err;
}
+ if (system_supports_sve()) {
+ unsigned int vq = 0;
+
+ if (test_thread_flag(TIF_SVE))
+ vq = sve_vq_from_vl(current->thread.sve_vl);
+
+ err = sigframe_alloc(user, &user->sve_offset,
+ SVE_SIG_CONTEXT_SIZE(vq));
+ if (err)
+ return err;
+ }
+
return sigframe_alloc_end(user);
}
@@ -496,6 +638,13 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user,
__put_user_error(current->thread.fault_code, &esr_ctx->esr, err);
}
+ /* Scalable Vector Extension state, if present */
+ if (system_supports_sve() && err == 0 && user->sve_offset) {
+ struct sve_context __user *sve_ctx =
+ apply_user_offset(user, user->sve_offset);
+ err |= preserve_sve_context(sve_ctx);
+ }
+
if (err == 0 && user->extra_offset) {
char __user *sfp = (char __user *)user->sigframe;
char __user *userp =
@@ -595,6 +744,14 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set,
struct rt_sigframe __user *frame;
int err = 0;
+ /*
+ * Ensure FPSIMD/SVE state in task_struct is up-to-date.
+ * This is needed here in order to complete any pending SVE discard:
+ * otherwise, discard may occur between deciding on the sigframe
+ * layout and dumping the register data.
+ */
+ fpsimd_signal_preserve_current_state();
+
if (get_sigframe(&user, ksig, regs))
return 1;
diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c
index e09bf5d..22711ee 100644
--- a/arch/arm64/kernel/signal32.c
+++ b/arch/arm64/kernel/signal32.c
@@ -239,7 +239,7 @@ static int compat_preserve_vfp_context(struct compat_vfp_sigframe __user *frame)
* Note that this also saves V16-31, which aren't visible
* in AArch32.
*/
- fpsimd_preserve_current_state();
+ fpsimd_signal_preserve_current_state();
/* Place structure header on the stack */
__put_user_error(magic, &frame->magic, err);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 14/28] arm64/sve: Backend logic for setting the vector length
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
This patch implements the core logic for changing a task's vector
length on request from userspace. This will be used by the ptrace
and prctl frontends that are implemented in later patches.
The SVE architecture permits, but does not require, implementations
to support vector lengths that are not a power of two. To handle
this, logic is added to check a requested vector length against a
possibly sparse bitmap of available vector lengths at runtime, so
that the best supported value can be chosen.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
Changes since v2
----------------
Bug fixes:
* sve_set_vector_length() sets or clears TIF_SVE_VL_INHERIT based
on the incoming flags, but it is erroneously always set/cleared
for current, instead of for the requested task.
Fixed these operations to operate on the target task.
Without this fix, a PTRACE_SETREGSET for NT_ARM_SVE will change
the vector length inheritance mode of the caller instead of that
of the target task.
* Fixed sve_set_vector_length() to guard against softirq instead of just
preemption. This is now done by sve_set_vector_length() itself
instead of its caller, not least because sve_free() should probably
not be called from atomic context.
(Bug detected by the extra WARN_ON()s in task_fpsimd_{load,save}().)
Miscellaneous:
* Add comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/fpsimd.h | 8 +++
arch/arm64/kernel/fpsimd.c | 137 +++++++++++++++++++++++++++++++++++++++-
include/uapi/linux/prctl.h | 5 ++
3 files changed, 149 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 52e01c5..7dd3939 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -20,6 +20,7 @@
#ifndef __ASSEMBLY__
+#include <linux/cache.h>
#include <linux/stddef.h>
/*
@@ -71,17 +72,24 @@ extern void fpsimd_update_current_state(struct fpsimd_state *state);
extern void fpsimd_flush_task_state(struct task_struct *target);
+/* Maximum VL that SVE VL-agnostic software can transparently support */
+#define SVE_VL_ARCH_MAX 0x100
+
extern void sve_save_state(void *state, u32 *pfpsr);
extern void sve_load_state(void const *state, u32 const *pfpsr,
unsigned long vq_minus_1);
extern unsigned int sve_get_vl(void);
+extern int __ro_after_init sve_max_vl;
+
#ifdef CONFIG_ARM64_SVE
extern size_t sve_state_size(struct task_struct const *task);
extern void sve_alloc(struct task_struct *task);
extern void fpsimd_release_thread(struct task_struct *task);
+extern int sve_set_vector_length(struct task_struct *task,
+ unsigned long vl, unsigned long flags);
#else /* ! CONFIG_ARM64_SVE */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index fa4ed34..324c112 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -17,8 +17,10 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <linux/bitmap.h>
#include <linux/bottom_half.h>
#include <linux/bug.h>
+#include <linux/cache.h>
#include <linux/compat.h>
#include <linux/cpu.h>
#include <linux/cpu_pm.h>
@@ -27,6 +29,7 @@
#include <linux/init.h>
#include <linux/percpu.h>
#include <linux/preempt.h>
+#include <linux/prctl.h>
#include <linux/ptrace.h>
#include <linux/sched/signal.h>
#include <linux/signal.h>
@@ -112,6 +115,20 @@ static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
/* Default VL for tasks that don't set it explicitly: */
static int sve_default_vl = SVE_VL_MIN;
+#ifdef CONFIG_ARM64_SVE
+
+/* Maximum supported vector length across all CPUs (initially poisoned) */
+int __ro_after_init sve_max_vl = -1;
+/* Set of available vector lengths, as vq_to_bit(vq): */
+static DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+
+#else /* ! CONFIG_ARM64_SVE */
+
+/* Dummy declaration for code that will be optimised out: */
+extern DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+
+#endif /* ! CONFIG_ARM64_SVE */
+
static void sve_free(struct task_struct *task)
{
kfree(task->thread.sve_state);
@@ -281,6 +298,50 @@ static void task_fpsimd_save(void)
__task_fpsimd_save(false);
}
+/*
+ * Helpers to translate bit indices in sve_vq_map to VQ values (and
+ * vice versa). This allows find_next_bit() to be used to find the
+ * _maximum_ VQ not exceeding a certain value.
+ */
+
+static unsigned int vq_to_bit(unsigned int vq)
+{
+ return SVE_VQ_MAX - vq;
+}
+
+static unsigned int bit_to_vq(unsigned int bit)
+{
+ if (WARN_ON(bit >= SVE_VQ_MAX))
+ bit = SVE_VQ_MAX - 1;
+
+ return SVE_VQ_MAX - bit;
+}
+
+/*
+ * All vector length selection from userspace comes through here.
+ * We're on a slow path, so some sanity-checks are included.
+ * If things go wrong there's a bug somewhere, but try to fall back to a
+ * safe choice.
+ */
+static unsigned int find_supported_vector_length(unsigned int vl)
+{
+ int bit;
+ int max_vl = sve_max_vl;
+
+ if (WARN_ON(!sve_vl_valid(vl)))
+ vl = SVE_VL_MIN;
+
+ if (WARN_ON(!sve_vl_valid(max_vl)))
+ max_vl = SVE_VL_MIN;
+
+ if (vl > max_vl)
+ vl = max_vl;
+
+ bit = find_next_bit(sve_vq_map, SVE_VQ_MAX,
+ vq_to_bit(sve_vq_from_vl(vl)));
+ return sve_vl_from_vq(bit_to_vq(bit));
+}
+
#define ZREG(sve_state, vq, n) ((char *)(sve_state) + \
(SVE_SIG_ZREG_OFFSET(vq, n) - SVE_SIG_REGS_OFFSET))
@@ -375,6 +436,76 @@ void sve_alloc(struct task_struct *task)
BUG_ON(!task->thread.sve_state);
}
+int sve_set_vector_length(struct task_struct *task,
+ unsigned long vl, unsigned long flags)
+{
+ if (flags & ~(unsigned long)(PR_SVE_VL_INHERIT |
+ PR_SVE_SET_VL_ONEXEC))
+ return -EINVAL;
+
+ if (!sve_vl_valid(vl))
+ return -EINVAL;
+
+ /*
+ * Clamp to the maximum vector length that VL-agnostic SVE code can
+ * work with. A flag may be assigned in the future to allow setting
+ * of larger vector lengths without confusing older software.
+ */
+ if (vl > SVE_VL_ARCH_MAX)
+ vl = SVE_VL_ARCH_MAX;
+
+ vl = find_supported_vector_length(vl);
+
+ if (flags & (PR_SVE_VL_INHERIT |
+ PR_SVE_SET_VL_ONEXEC))
+ task->thread.sve_vl_onexec = vl;
+ else
+ /* Reset VL to system default on next exec: */
+ task->thread.sve_vl_onexec = 0;
+
+ /* Only actually set the VL if not deferred: */
+ if (flags & PR_SVE_SET_VL_ONEXEC)
+ goto out;
+
+ if (vl == task->thread.sve_vl)
+ goto out;
+
+ /*
+ * To ensure the FPSIMD bits of the SVE vector registers are preserved,
+ * write any live register state back to task_struct, and convert to a
+ * non-SVE thread.
+ */
+ if (task == current) {
+ local_bh_disable();
+
+ task_fpsimd_save();
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ }
+
+ fpsimd_flush_task_state(task);
+ if (test_and_clear_tsk_thread_flag(task, TIF_SVE))
+ sve_to_fpsimd(task);
+
+ if (task == current)
+ local_bh_enable();
+
+ /*
+ * Force reallocation of task SVE state to the correct size
+ * on next use:
+ */
+ sve_free(task);
+
+ task->thread.sve_vl = vl;
+
+out:
+ if (flags & PR_SVE_VL_INHERIT)
+ set_tsk_thread_flag(task, TIF_SVE_VL_INHERIT);
+ else
+ clear_tsk_thread_flag(task, TIF_SVE_VL_INHERIT);
+
+ return 0;
+}
+
void fpsimd_release_thread(struct task_struct *dead_task)
{
sve_free(dead_task);
@@ -487,7 +618,7 @@ void fpsimd_thread_switch(struct task_struct *next)
void fpsimd_flush_thread(void)
{
- int vl;
+ int vl, supported_vl;
if (!system_supports_fpsimd())
return;
@@ -515,6 +646,10 @@ void fpsimd_flush_thread(void)
if (WARN_ON(!sve_vl_valid(vl)))
vl = SVE_VL_MIN;
+ supported_vl = find_supported_vector_length(vl);
+ if (WARN_ON(supported_vl != vl))
+ vl = supported_vl;
+
current->thread.sve_vl = vl;
/*
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index a8d0759..1b64901 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -197,4 +197,9 @@ struct prctl_mm_map {
# define PR_CAP_AMBIENT_LOWER 3
# define PR_CAP_AMBIENT_CLEAR_ALL 4
+/* arm64 Scalable Vector Extension controls */
+# define PR_SVE_SET_VL_ONEXEC (1 << 18) /* defer effect until exec */
+# define PR_SVE_VL_LEN_MASK 0xffff
+# define PR_SVE_VL_INHERIT (1 << 17) /* inherit across exec */
+
#endif /* _LINUX_PRCTL_H */
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 14/28] arm64/sve: Backend logic for setting the vector length
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
This patch implements the core logic for changing a task's vector
length on request from userspace. This will be used by the ptrace
and prctl frontends that are implemented in later patches.
The SVE architecture permits, but does not require, implementations
to support vector lengths that are not a power of two. To handle
this, logic is added to check a requested vector length against a
possibly sparse bitmap of available vector lengths at runtime, so
that the best supported value can be chosen.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
Changes since v2
----------------
Bug fixes:
* sve_set_vector_length() sets or clears TIF_SVE_VL_INHERIT based
on the incoming flags, but it is erroneously always set/cleared
for current, instead of for the requested task.
Fixed these operations to operate on the target task.
Without this fix, a PTRACE_SETREGSET for NT_ARM_SVE will change
the vector length inheritance mode of the caller instead of that
of the target task.
* Fixed sve_set_vector_length() to guard against softirq instead of just
preemption. This is now done by sve_set_vector_length() itself
instead of its caller, not least because sve_free() should probably
not be called from atomic context.
(Bug detected by the extra WARN_ON()s in task_fpsimd_{load,save}().)
Miscellaneous:
* Add comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/fpsimd.h | 8 +++
arch/arm64/kernel/fpsimd.c | 137 +++++++++++++++++++++++++++++++++++++++-
include/uapi/linux/prctl.h | 5 ++
3 files changed, 149 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 52e01c5..7dd3939 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -20,6 +20,7 @@
#ifndef __ASSEMBLY__
+#include <linux/cache.h>
#include <linux/stddef.h>
/*
@@ -71,17 +72,24 @@ extern void fpsimd_update_current_state(struct fpsimd_state *state);
extern void fpsimd_flush_task_state(struct task_struct *target);
+/* Maximum VL that SVE VL-agnostic software can transparently support */
+#define SVE_VL_ARCH_MAX 0x100
+
extern void sve_save_state(void *state, u32 *pfpsr);
extern void sve_load_state(void const *state, u32 const *pfpsr,
unsigned long vq_minus_1);
extern unsigned int sve_get_vl(void);
+extern int __ro_after_init sve_max_vl;
+
#ifdef CONFIG_ARM64_SVE
extern size_t sve_state_size(struct task_struct const *task);
extern void sve_alloc(struct task_struct *task);
extern void fpsimd_release_thread(struct task_struct *task);
+extern int sve_set_vector_length(struct task_struct *task,
+ unsigned long vl, unsigned long flags);
#else /* ! CONFIG_ARM64_SVE */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index fa4ed34..324c112 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -17,8 +17,10 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <linux/bitmap.h>
#include <linux/bottom_half.h>
#include <linux/bug.h>
+#include <linux/cache.h>
#include <linux/compat.h>
#include <linux/cpu.h>
#include <linux/cpu_pm.h>
@@ -27,6 +29,7 @@
#include <linux/init.h>
#include <linux/percpu.h>
#include <linux/preempt.h>
+#include <linux/prctl.h>
#include <linux/ptrace.h>
#include <linux/sched/signal.h>
#include <linux/signal.h>
@@ -112,6 +115,20 @@ static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
/* Default VL for tasks that don't set it explicitly: */
static int sve_default_vl = SVE_VL_MIN;
+#ifdef CONFIG_ARM64_SVE
+
+/* Maximum supported vector length across all CPUs (initially poisoned) */
+int __ro_after_init sve_max_vl = -1;
+/* Set of available vector lengths, as vq_to_bit(vq): */
+static DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+
+#else /* ! CONFIG_ARM64_SVE */
+
+/* Dummy declaration for code that will be optimised out: */
+extern DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+
+#endif /* ! CONFIG_ARM64_SVE */
+
static void sve_free(struct task_struct *task)
{
kfree(task->thread.sve_state);
@@ -281,6 +298,50 @@ static void task_fpsimd_save(void)
__task_fpsimd_save(false);
}
+/*
+ * Helpers to translate bit indices in sve_vq_map to VQ values (and
+ * vice versa). This allows find_next_bit() to be used to find the
+ * _maximum_ VQ not exceeding a certain value.
+ */
+
+static unsigned int vq_to_bit(unsigned int vq)
+{
+ return SVE_VQ_MAX - vq;
+}
+
+static unsigned int bit_to_vq(unsigned int bit)
+{
+ if (WARN_ON(bit >= SVE_VQ_MAX))
+ bit = SVE_VQ_MAX - 1;
+
+ return SVE_VQ_MAX - bit;
+}
+
+/*
+ * All vector length selection from userspace comes through here.
+ * We're on a slow path, so some sanity-checks are included.
+ * If things go wrong there's a bug somewhere, but try to fall back to a
+ * safe choice.
+ */
+static unsigned int find_supported_vector_length(unsigned int vl)
+{
+ int bit;
+ int max_vl = sve_max_vl;
+
+ if (WARN_ON(!sve_vl_valid(vl)))
+ vl = SVE_VL_MIN;
+
+ if (WARN_ON(!sve_vl_valid(max_vl)))
+ max_vl = SVE_VL_MIN;
+
+ if (vl > max_vl)
+ vl = max_vl;
+
+ bit = find_next_bit(sve_vq_map, SVE_VQ_MAX,
+ vq_to_bit(sve_vq_from_vl(vl)));
+ return sve_vl_from_vq(bit_to_vq(bit));
+}
+
#define ZREG(sve_state, vq, n) ((char *)(sve_state) + \
(SVE_SIG_ZREG_OFFSET(vq, n) - SVE_SIG_REGS_OFFSET))
@@ -375,6 +436,76 @@ void sve_alloc(struct task_struct *task)
BUG_ON(!task->thread.sve_state);
}
+int sve_set_vector_length(struct task_struct *task,
+ unsigned long vl, unsigned long flags)
+{
+ if (flags & ~(unsigned long)(PR_SVE_VL_INHERIT |
+ PR_SVE_SET_VL_ONEXEC))
+ return -EINVAL;
+
+ if (!sve_vl_valid(vl))
+ return -EINVAL;
+
+ /*
+ * Clamp to the maximum vector length that VL-agnostic SVE code can
+ * work with. A flag may be assigned in the future to allow setting
+ * of larger vector lengths without confusing older software.
+ */
+ if (vl > SVE_VL_ARCH_MAX)
+ vl = SVE_VL_ARCH_MAX;
+
+ vl = find_supported_vector_length(vl);
+
+ if (flags & (PR_SVE_VL_INHERIT |
+ PR_SVE_SET_VL_ONEXEC))
+ task->thread.sve_vl_onexec = vl;
+ else
+ /* Reset VL to system default on next exec: */
+ task->thread.sve_vl_onexec = 0;
+
+ /* Only actually set the VL if not deferred: */
+ if (flags & PR_SVE_SET_VL_ONEXEC)
+ goto out;
+
+ if (vl == task->thread.sve_vl)
+ goto out;
+
+ /*
+ * To ensure the FPSIMD bits of the SVE vector registers are preserved,
+ * write any live register state back to task_struct, and convert to a
+ * non-SVE thread.
+ */
+ if (task == current) {
+ local_bh_disable();
+
+ task_fpsimd_save();
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ }
+
+ fpsimd_flush_task_state(task);
+ if (test_and_clear_tsk_thread_flag(task, TIF_SVE))
+ sve_to_fpsimd(task);
+
+ if (task == current)
+ local_bh_enable();
+
+ /*
+ * Force reallocation of task SVE state to the correct size
+ * on next use:
+ */
+ sve_free(task);
+
+ task->thread.sve_vl = vl;
+
+out:
+ if (flags & PR_SVE_VL_INHERIT)
+ set_tsk_thread_flag(task, TIF_SVE_VL_INHERIT);
+ else
+ clear_tsk_thread_flag(task, TIF_SVE_VL_INHERIT);
+
+ return 0;
+}
+
void fpsimd_release_thread(struct task_struct *dead_task)
{
sve_free(dead_task);
@@ -487,7 +618,7 @@ void fpsimd_thread_switch(struct task_struct *next)
void fpsimd_flush_thread(void)
{
- int vl;
+ int vl, supported_vl;
if (!system_supports_fpsimd())
return;
@@ -515,6 +646,10 @@ void fpsimd_flush_thread(void)
if (WARN_ON(!sve_vl_valid(vl)))
vl = SVE_VL_MIN;
+ supported_vl = find_supported_vector_length(vl);
+ if (WARN_ON(supported_vl != vl))
+ vl = supported_vl;
+
current->thread.sve_vl = vl;
/*
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index a8d0759..1b64901 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -197,4 +197,9 @@ struct prctl_mm_map {
# define PR_CAP_AMBIENT_LOWER 3
# define PR_CAP_AMBIENT_CLEAR_ALL 4
+/* arm64 Scalable Vector Extension controls */
+# define PR_SVE_SET_VL_ONEXEC (1 << 18) /* defer effect until exec */
+# define PR_SVE_VL_LEN_MASK 0xffff
+# define PR_SVE_VL_INHERIT (1 << 17) /* inherit across exec */
+
#endif /* _LINUX_PRCTL_H */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 14/28] arm64/sve: Backend logic for setting the vector length
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch implements the core logic for changing a task's vector
length on request from userspace. This will be used by the ptrace
and prctl frontends that are implemented in later patches.
The SVE architecture permits, but does not require, implementations
to support vector lengths that are not a power of two. To handle
this, logic is added to check a requested vector length against a
possibly sparse bitmap of available vector lengths at runtime, so
that the best supported value can be chosen.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Benn?e <alex.bennee@linaro.org>
---
Changes since v2
----------------
Bug fixes:
* sve_set_vector_length() sets or clears TIF_SVE_VL_INHERIT based
on the incoming flags, but it is erroneously always set/cleared
for current, instead of for the requested task.
Fixed these operations to operate on the target task.
Without this fix, a PTRACE_SETREGSET for NT_ARM_SVE will change
the vector length inheritance mode of the caller instead of that
of the target task.
* Fixed sve_set_vector_length() to guard against softirq instead of just
preemption. This is now done by sve_set_vector_length() itself
instead of its caller, not least because sve_free() should probably
not be called from atomic context.
(Bug detected by the extra WARN_ON()s in task_fpsimd_{load,save}().)
Miscellaneous:
* Add comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/fpsimd.h | 8 +++
arch/arm64/kernel/fpsimd.c | 137 +++++++++++++++++++++++++++++++++++++++-
include/uapi/linux/prctl.h | 5 ++
3 files changed, 149 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 52e01c5..7dd3939 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -20,6 +20,7 @@
#ifndef __ASSEMBLY__
+#include <linux/cache.h>
#include <linux/stddef.h>
/*
@@ -71,17 +72,24 @@ extern void fpsimd_update_current_state(struct fpsimd_state *state);
extern void fpsimd_flush_task_state(struct task_struct *target);
+/* Maximum VL that SVE VL-agnostic software can transparently support */
+#define SVE_VL_ARCH_MAX 0x100
+
extern void sve_save_state(void *state, u32 *pfpsr);
extern void sve_load_state(void const *state, u32 const *pfpsr,
unsigned long vq_minus_1);
extern unsigned int sve_get_vl(void);
+extern int __ro_after_init sve_max_vl;
+
#ifdef CONFIG_ARM64_SVE
extern size_t sve_state_size(struct task_struct const *task);
extern void sve_alloc(struct task_struct *task);
extern void fpsimd_release_thread(struct task_struct *task);
+extern int sve_set_vector_length(struct task_struct *task,
+ unsigned long vl, unsigned long flags);
#else /* ! CONFIG_ARM64_SVE */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index fa4ed34..324c112 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -17,8 +17,10 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <linux/bitmap.h>
#include <linux/bottom_half.h>
#include <linux/bug.h>
+#include <linux/cache.h>
#include <linux/compat.h>
#include <linux/cpu.h>
#include <linux/cpu_pm.h>
@@ -27,6 +29,7 @@
#include <linux/init.h>
#include <linux/percpu.h>
#include <linux/preempt.h>
+#include <linux/prctl.h>
#include <linux/ptrace.h>
#include <linux/sched/signal.h>
#include <linux/signal.h>
@@ -112,6 +115,20 @@ static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
/* Default VL for tasks that don't set it explicitly: */
static int sve_default_vl = SVE_VL_MIN;
+#ifdef CONFIG_ARM64_SVE
+
+/* Maximum supported vector length across all CPUs (initially poisoned) */
+int __ro_after_init sve_max_vl = -1;
+/* Set of available vector lengths, as vq_to_bit(vq): */
+static DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+
+#else /* ! CONFIG_ARM64_SVE */
+
+/* Dummy declaration for code that will be optimised out: */
+extern DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+
+#endif /* ! CONFIG_ARM64_SVE */
+
static void sve_free(struct task_struct *task)
{
kfree(task->thread.sve_state);
@@ -281,6 +298,50 @@ static void task_fpsimd_save(void)
__task_fpsimd_save(false);
}
+/*
+ * Helpers to translate bit indices in sve_vq_map to VQ values (and
+ * vice versa). This allows find_next_bit() to be used to find the
+ * _maximum_ VQ not exceeding a certain value.
+ */
+
+static unsigned int vq_to_bit(unsigned int vq)
+{
+ return SVE_VQ_MAX - vq;
+}
+
+static unsigned int bit_to_vq(unsigned int bit)
+{
+ if (WARN_ON(bit >= SVE_VQ_MAX))
+ bit = SVE_VQ_MAX - 1;
+
+ return SVE_VQ_MAX - bit;
+}
+
+/*
+ * All vector length selection from userspace comes through here.
+ * We're on a slow path, so some sanity-checks are included.
+ * If things go wrong there's a bug somewhere, but try to fall back to a
+ * safe choice.
+ */
+static unsigned int find_supported_vector_length(unsigned int vl)
+{
+ int bit;
+ int max_vl = sve_max_vl;
+
+ if (WARN_ON(!sve_vl_valid(vl)))
+ vl = SVE_VL_MIN;
+
+ if (WARN_ON(!sve_vl_valid(max_vl)))
+ max_vl = SVE_VL_MIN;
+
+ if (vl > max_vl)
+ vl = max_vl;
+
+ bit = find_next_bit(sve_vq_map, SVE_VQ_MAX,
+ vq_to_bit(sve_vq_from_vl(vl)));
+ return sve_vl_from_vq(bit_to_vq(bit));
+}
+
#define ZREG(sve_state, vq, n) ((char *)(sve_state) + \
(SVE_SIG_ZREG_OFFSET(vq, n) - SVE_SIG_REGS_OFFSET))
@@ -375,6 +436,76 @@ void sve_alloc(struct task_struct *task)
BUG_ON(!task->thread.sve_state);
}
+int sve_set_vector_length(struct task_struct *task,
+ unsigned long vl, unsigned long flags)
+{
+ if (flags & ~(unsigned long)(PR_SVE_VL_INHERIT |
+ PR_SVE_SET_VL_ONEXEC))
+ return -EINVAL;
+
+ if (!sve_vl_valid(vl))
+ return -EINVAL;
+
+ /*
+ * Clamp to the maximum vector length that VL-agnostic SVE code can
+ * work with. A flag may be assigned in the future to allow setting
+ * of larger vector lengths without confusing older software.
+ */
+ if (vl > SVE_VL_ARCH_MAX)
+ vl = SVE_VL_ARCH_MAX;
+
+ vl = find_supported_vector_length(vl);
+
+ if (flags & (PR_SVE_VL_INHERIT |
+ PR_SVE_SET_VL_ONEXEC))
+ task->thread.sve_vl_onexec = vl;
+ else
+ /* Reset VL to system default on next exec: */
+ task->thread.sve_vl_onexec = 0;
+
+ /* Only actually set the VL if not deferred: */
+ if (flags & PR_SVE_SET_VL_ONEXEC)
+ goto out;
+
+ if (vl == task->thread.sve_vl)
+ goto out;
+
+ /*
+ * To ensure the FPSIMD bits of the SVE vector registers are preserved,
+ * write any live register state back to task_struct, and convert to a
+ * non-SVE thread.
+ */
+ if (task == current) {
+ local_bh_disable();
+
+ task_fpsimd_save();
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ }
+
+ fpsimd_flush_task_state(task);
+ if (test_and_clear_tsk_thread_flag(task, TIF_SVE))
+ sve_to_fpsimd(task);
+
+ if (task == current)
+ local_bh_enable();
+
+ /*
+ * Force reallocation of task SVE state to the correct size
+ * on next use:
+ */
+ sve_free(task);
+
+ task->thread.sve_vl = vl;
+
+out:
+ if (flags & PR_SVE_VL_INHERIT)
+ set_tsk_thread_flag(task, TIF_SVE_VL_INHERIT);
+ else
+ clear_tsk_thread_flag(task, TIF_SVE_VL_INHERIT);
+
+ return 0;
+}
+
void fpsimd_release_thread(struct task_struct *dead_task)
{
sve_free(dead_task);
@@ -487,7 +618,7 @@ void fpsimd_thread_switch(struct task_struct *next)
void fpsimd_flush_thread(void)
{
- int vl;
+ int vl, supported_vl;
if (!system_supports_fpsimd())
return;
@@ -515,6 +646,10 @@ void fpsimd_flush_thread(void)
if (WARN_ON(!sve_vl_valid(vl)))
vl = SVE_VL_MIN;
+ supported_vl = find_supported_vector_length(vl);
+ if (WARN_ON(supported_vl != vl))
+ vl = supported_vl;
+
current->thread.sve_vl = vl;
/*
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index a8d0759..1b64901 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -197,4 +197,9 @@ struct prctl_mm_map {
# define PR_CAP_AMBIENT_LOWER 3
# define PR_CAP_AMBIENT_CLEAR_ALL 4
+/* arm64 Scalable Vector Extension controls */
+# define PR_SVE_SET_VL_ONEXEC (1 << 18) /* defer effect until exec */
+# define PR_SVE_VL_LEN_MASK 0xffff
+# define PR_SVE_VL_INHERIT (1 << 17) /* inherit across exec */
+
#endif /* _LINUX_PRCTL_H */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 15/28] arm64: cpufeature: Move sys_caps_initialised declarations
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
update_cpu_features() currently cannot tell whether it is being
called during early or late secondary boot. This doesn't
desperately matter for anything it currently does.
However, SVE will need to know here whether the set of available
vector lengths is fixed of still to be determined when booting a
CPU so that it can be updated appropriately.
This patch simply moves the sys_caps_initialised stuff to the top
of the file so that it can be more widely. There doesn't seem to
be a more obvious place to put it.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
arch/arm64/kernel/cpufeature.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 21e2c95..92a9502 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -51,6 +51,21 @@ unsigned int compat_elf_hwcap2 __read_mostly;
DECLARE_BITMAP(cpu_hwcaps, ARM64_NCAPS);
EXPORT_SYMBOL(cpu_hwcaps);
+/*
+ * Flag to indicate if we have computed the system wide
+ * capabilities based on the boot time active CPUs. This
+ * will be used to determine if a new booting CPU should
+ * go through the verification process to make sure that it
+ * supports the system capabilities, without using a hotplug
+ * notifier.
+ */
+static bool sys_caps_initialised;
+
+static inline void set_sys_caps_initialised(void)
+{
+ sys_caps_initialised = true;
+}
+
static int dump_cpu_hwcaps(struct notifier_block *self, unsigned long v, void *p)
{
/* file-wide pr_fmt adds "CPU features: " prefix */
@@ -1041,21 +1056,6 @@ void __init enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps)
}
/*
- * Flag to indicate if we have computed the system wide
- * capabilities based on the boot time active CPUs. This
- * will be used to determine if a new booting CPU should
- * go through the verification process to make sure that it
- * supports the system capabilities, without using a hotplug
- * notifier.
- */
-static bool sys_caps_initialised;
-
-static inline void set_sys_caps_initialised(void)
-{
- sys_caps_initialised = true;
-}
-
-/*
* Check for CPU features that are used in early boot
* based on the Boot CPU value.
*/
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 15/28] arm64: cpufeature: Move sys_caps_initialised declarations
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
update_cpu_features() currently cannot tell whether it is being
called during early or late secondary boot. This doesn't
desperately matter for anything it currently does.
However, SVE will need to know here whether the set of available
vector lengths is fixed of still to be determined when booting a
CPU so that it can be updated appropriately.
This patch simply moves the sys_caps_initialised stuff to the top
of the file so that it can be more widely. There doesn't seem to
be a more obvious place to put it.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
arch/arm64/kernel/cpufeature.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 21e2c95..92a9502 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -51,6 +51,21 @@ unsigned int compat_elf_hwcap2 __read_mostly;
DECLARE_BITMAP(cpu_hwcaps, ARM64_NCAPS);
EXPORT_SYMBOL(cpu_hwcaps);
+/*
+ * Flag to indicate if we have computed the system wide
+ * capabilities based on the boot time active CPUs. This
+ * will be used to determine if a new booting CPU should
+ * go through the verification process to make sure that it
+ * supports the system capabilities, without using a hotplug
+ * notifier.
+ */
+static bool sys_caps_initialised;
+
+static inline void set_sys_caps_initialised(void)
+{
+ sys_caps_initialised = true;
+}
+
static int dump_cpu_hwcaps(struct notifier_block *self, unsigned long v, void *p)
{
/* file-wide pr_fmt adds "CPU features: " prefix */
@@ -1041,21 +1056,6 @@ void __init enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps)
}
/*
- * Flag to indicate if we have computed the system wide
- * capabilities based on the boot time active CPUs. This
- * will be used to determine if a new booting CPU should
- * go through the verification process to make sure that it
- * supports the system capabilities, without using a hotplug
- * notifier.
- */
-static bool sys_caps_initialised;
-
-static inline void set_sys_caps_initialised(void)
-{
- sys_caps_initialised = true;
-}
-
-/*
* Check for CPU features that are used in early boot
* based on the Boot CPU value.
*/
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 15/28] arm64: cpufeature: Move sys_caps_initialised declarations
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
update_cpu_features() currently cannot tell whether it is being
called during early or late secondary boot. This doesn't
desperately matter for anything it currently does.
However, SVE will need to know here whether the set of available
vector lengths is fixed of still to be determined when booting a
CPU so that it can be updated appropriately.
This patch simply moves the sys_caps_initialised stuff to the top
of the file so that it can be more widely. There doesn't seem to
be a more obvious place to put it.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
arch/arm64/kernel/cpufeature.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 21e2c95..92a9502 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -51,6 +51,21 @@ unsigned int compat_elf_hwcap2 __read_mostly;
DECLARE_BITMAP(cpu_hwcaps, ARM64_NCAPS);
EXPORT_SYMBOL(cpu_hwcaps);
+/*
+ * Flag to indicate if we have computed the system wide
+ * capabilities based on the boot time active CPUs. This
+ * will be used to determine if a new booting CPU should
+ * go through the verification process to make sure that it
+ * supports the system capabilities, without using a hotplug
+ * notifier.
+ */
+static bool sys_caps_initialised;
+
+static inline void set_sys_caps_initialised(void)
+{
+ sys_caps_initialised = true;
+}
+
static int dump_cpu_hwcaps(struct notifier_block *self, unsigned long v, void *p)
{
/* file-wide pr_fmt adds "CPU features: " prefix */
@@ -1041,21 +1056,6 @@ void __init enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps)
}
/*
- * Flag to indicate if we have computed the system wide
- * capabilities based on the boot time active CPUs. This
- * will be used to determine if a new booting CPU should
- * go through the verification process to make sure that it
- * supports the system capabilities, without using a hotplug
- * notifier.
- */
-static bool sys_caps_initialised;
-
-static inline void set_sys_caps_initialised(void)
-{
- sys_caps_initialised = true;
-}
-
-/*
* Check for CPU features that are used in early boot
* based on the Boot CPU value.
*/
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
This patch uses the cpufeatures framework to determine common SVE
capabilities and vector lengths, and configures the runtime SVE
support code appropriately.
ZCR_ELx is not really a feature register, but it is convenient to
use it as a template for recording the maximum vector length
supported by a CPU, using the LEN field. This field is similar to
a feature field in that it is a contiguous bitfield for which we
want to determine the minimum system-wide value. This patch adds
ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
custom code to populate it. Finding the minimum supported value of
the LEN field is left to the cpufeatures framework in the usual
way.
The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
so for now we just require it to be zero.
Note that much of this code is dormant and SVE still won't be used
yet, since system_supports_sve() remains hardwired to false.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
---
Dropped Alex Bennée's Reviewed-by, since there is new logic in this
patch.
Changes since v2
----------------
Bug fixes:
* Got rid of dynamic allocation of the shadow vector length map during
secondary boot. Secondary CPU boot takes place in atomic context,
and relying on GFP_ATOMIC here doesn't seem justified.
Instead, the needed additional bitmap is allocated statically. Only
one shadow map is needed, because CPUs don't boot concurrently.
Requested by Alex Bennée:
* Reflowed untidy comment above read_zcr_features()
* Added comments to read_zcr_features() to explain what it's trying to do
(which is otherwise not readily apparent).
Requested by Catalin Marinas:
* Moved disabling of the EL1 SVE trap to the cpufeatures C code.
This allows addition of new assembler in __cpu_setup to be
avoided.
Miscellaneous:
* Added comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/cpu.h | 4 ++
arch/arm64/include/asm/cpufeature.h | 36 ++++++++++++
arch/arm64/include/asm/fpsimd.h | 14 +++++
arch/arm64/kernel/cpufeature.c | 50 ++++++++++++++++
arch/arm64/kernel/cpuinfo.c | 6 ++
arch/arm64/kernel/fpsimd.c | 114 +++++++++++++++++++++++++++++++++++-
6 files changed, 221 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/include/asm/cpu.h b/arch/arm64/include/asm/cpu.h
index 889226b..8839227 100644
--- a/arch/arm64/include/asm/cpu.h
+++ b/arch/arm64/include/asm/cpu.h
@@ -41,6 +41,7 @@ struct cpuinfo_arm64 {
u64 reg_id_aa64mmfr2;
u64 reg_id_aa64pfr0;
u64 reg_id_aa64pfr1;
+ u64 reg_id_aa64zfr0;
u32 reg_id_dfr0;
u32 reg_id_isar0;
@@ -59,6 +60,9 @@ struct cpuinfo_arm64 {
u32 reg_mvfr0;
u32 reg_mvfr1;
u32 reg_mvfr2;
+
+ /* pseudo-ZCR for recording maximum ZCR_EL1 LEN value: */
+ u64 reg_zcr;
};
DECLARE_PER_CPU(struct cpuinfo_arm64, cpu_data);
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 4ea3441..51be8e8 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -10,7 +10,9 @@
#define __ASM_CPUFEATURE_H
#include <asm/cpucaps.h>
+#include <asm/fpsimd.h>
#include <asm/hwcap.h>
+#include <asm/sigcontext.h>
#include <asm/sysreg.h>
/*
@@ -223,6 +225,13 @@ static inline bool id_aa64pfr0_32bit_el0(u64 pfr0)
return val == ID_AA64PFR0_EL0_32BIT_64BIT;
}
+static inline bool id_aa64pfr0_sve(u64 pfr0)
+{
+ u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_SVE_SHIFT);
+
+ return val > 0;
+}
+
void __init setup_cpu_features(void);
void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
@@ -267,6 +276,33 @@ static inline bool system_supports_sve(void)
return false;
}
+/*
+ * Read the pseudo-ZCR used by cpufeatures to identify the supported SVE
+ * vector length.
+ *
+ * Use only if SVE is present.
+ * This function clobbers the SVE vector length.
+ */
+static u64 __maybe_unused read_zcr_features(void)
+{
+ u64 zcr;
+ unsigned int vq_max;
+
+ /*
+ * Set the maximum possible VL, and write zeroes to all other
+ * bits to see if they stick.
+ */
+ sve_kernel_enable(NULL);
+ write_sysreg_s(ZCR_ELx_LEN_MASK, SYS_ZCR_EL1);
+
+ zcr = read_sysreg_s(SYS_ZCR_EL1);
+ zcr &= ~(u64)ZCR_ELx_LEN_MASK; /* find sticky 1s outside LEN field */
+ vq_max = sve_vq_from_vl(sve_get_vl());
+ zcr |= vq_max - 1; /* set LEN field to maximum effective value */
+
+ return zcr;
+}
+
#endif /* __ASSEMBLY__ */
#endif
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 7dd3939..bad72fd 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -79,6 +79,7 @@ extern void sve_save_state(void *state, u32 *pfpsr);
extern void sve_load_state(void const *state, u32 const *pfpsr,
unsigned long vq_minus_1);
extern unsigned int sve_get_vl(void);
+extern int sve_kernel_enable(void *);
extern int __ro_after_init sve_max_vl;
@@ -91,10 +92,23 @@ extern void fpsimd_release_thread(struct task_struct *task);
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
+/*
+ * Probing and setup functions.
+ * Calls to these functions must be serialised with one another.
+ */
+extern void __init sve_init_vq_map(void);
+extern void sve_update_vq_map(void);
+extern int sve_verify_vq_map(void);
+extern void __init sve_setup(void);
+
#else /* ! CONFIG_ARM64_SVE */
static void __maybe_unused sve_alloc(struct task_struct *task) { }
static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
+static void __maybe_unused sve_init_vq_map(void) { }
+static void __maybe_unused sve_update_vq_map(void) { }
+static int __maybe_unused sve_verify_vq_map(void) { return 0; }
+static void __maybe_unused sve_setup(void) { }
#endif /* ! CONFIG_ARM64_SVE */
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 92a9502..c5acf38 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -27,6 +27,7 @@
#include <asm/cpu.h>
#include <asm/cpufeature.h>
#include <asm/cpu_ops.h>
+#include <asm/fpsimd.h>
#include <asm/mmu_context.h>
#include <asm/processor.h>
#include <asm/sysreg.h>
@@ -283,6 +284,12 @@ static const struct arm64_ftr_bits ftr_id_dfr0[] = {
ARM64_FTR_END,
};
+static const struct arm64_ftr_bits ftr_zcr[] = {
+ ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE,
+ ZCR_ELx_LEN_SHIFT, ZCR_ELx_LEN_SIZE, 0), /* LEN */
+ ARM64_FTR_END,
+};
+
/*
* Common ftr bits for a 32bit register with all hidden, strict
* attributes, with 4bit feature fields and a default safe value of
@@ -349,6 +356,7 @@ static const struct __ftr_reg_entry {
/* Op1 = 0, CRn = 0, CRm = 4 */
ARM64_FTR_REG(SYS_ID_AA64PFR0_EL1, ftr_id_aa64pfr0),
ARM64_FTR_REG(SYS_ID_AA64PFR1_EL1, ftr_raz),
+ ARM64_FTR_REG(SYS_ID_AA64ZFR0_EL1, ftr_raz),
/* Op1 = 0, CRn = 0, CRm = 5 */
ARM64_FTR_REG(SYS_ID_AA64DFR0_EL1, ftr_id_aa64dfr0),
@@ -363,6 +371,9 @@ static const struct __ftr_reg_entry {
ARM64_FTR_REG(SYS_ID_AA64MMFR1_EL1, ftr_id_aa64mmfr1),
ARM64_FTR_REG(SYS_ID_AA64MMFR2_EL1, ftr_id_aa64mmfr2),
+ /* Op1 = 0, CRn = 1, CRm = 2 */
+ ARM64_FTR_REG(SYS_ZCR_EL1, ftr_zcr),
+
/* Op1 = 3, CRn = 0, CRm = 0 */
{ SYS_CTR_EL0, &arm64_ftr_reg_ctrel0 },
ARM64_FTR_REG(SYS_DCZID_EL0, ftr_dczid),
@@ -500,6 +511,7 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
init_cpu_ftr_reg(SYS_ID_AA64MMFR2_EL1, info->reg_id_aa64mmfr2);
init_cpu_ftr_reg(SYS_ID_AA64PFR0_EL1, info->reg_id_aa64pfr0);
init_cpu_ftr_reg(SYS_ID_AA64PFR1_EL1, info->reg_id_aa64pfr1);
+ init_cpu_ftr_reg(SYS_ID_AA64ZFR0_EL1, info->reg_id_aa64zfr0);
if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) {
init_cpu_ftr_reg(SYS_ID_DFR0_EL1, info->reg_id_dfr0);
@@ -520,6 +532,10 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
init_cpu_ftr_reg(SYS_MVFR2_EL1, info->reg_mvfr2);
}
+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
+ init_cpu_ftr_reg(SYS_ZCR_EL1, info->reg_zcr);
+ sve_init_vq_map();
+ }
}
static void update_cpu_ftr_reg(struct arm64_ftr_reg *reg, u64 new)
@@ -623,6 +639,9 @@ void update_cpu_features(int cpu,
taint |= check_update_ftr_reg(SYS_ID_AA64PFR1_EL1, cpu,
info->reg_id_aa64pfr1, boot->reg_id_aa64pfr1);
+ taint |= check_update_ftr_reg(SYS_ID_AA64ZFR0_EL1, cpu,
+ info->reg_id_aa64zfr0, boot->reg_id_aa64zfr0);
+
/*
* If we have AArch32, we care about 32-bit features for compat.
* If the system doesn't support AArch32, don't update them.
@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
info->reg_mvfr2, boot->reg_mvfr2);
}
+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
+ info->reg_zcr, boot->reg_zcr);
+
+ if (!sys_caps_initialised)
+ sve_update_vq_map();
+ }
+
/*
* Mismatched CPU features are a recipe for disaster. Don't even
* pretend to support them.
@@ -1097,6 +1124,23 @@ verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
}
}
+static void verify_sve_features(void)
+{
+ u64 safe_zcr = read_sanitised_ftr_reg(SYS_ZCR_EL1);
+ u64 zcr = read_zcr_features();
+
+ unsigned int safe_len = safe_zcr & ZCR_ELx_LEN_MASK;
+ unsigned int len = zcr & ZCR_ELx_LEN_MASK;
+
+ if (len < safe_len || sve_verify_vq_map()) {
+ pr_crit("CPU%d: SVE: required vector length(s) missing\n",
+ smp_processor_id());
+ cpu_die_early();
+ }
+
+ /* Add checks on other ZCR bits here if necessary */
+}
+
/*
* Run through the enabled system capabilities and enable() it on this CPU.
* The capabilities were decided based on the available CPUs at the boot time.
@@ -1110,8 +1154,12 @@ static void verify_local_cpu_capabilities(void)
verify_local_cpu_errata_workarounds();
verify_local_cpu_features(arm64_features);
verify_local_elf_hwcaps(arm64_elf_hwcaps);
+
if (system_supports_32bit_el0())
verify_local_elf_hwcaps(compat_elf_hwcaps);
+
+ if (system_supports_sve())
+ verify_sve_features();
}
void check_local_cpu_capabilities(void)
@@ -1189,6 +1237,8 @@ void __init setup_cpu_features(void)
if (system_supports_32bit_el0())
setup_elf_hwcaps(compat_elf_hwcaps);
+ sve_setup();
+
/* Advertise that we have computed the system capabilities */
set_sys_caps_initialised();
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index 3118859..be260e8 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -19,6 +19,7 @@
#include <asm/cpu.h>
#include <asm/cputype.h>
#include <asm/cpufeature.h>
+#include <asm/fpsimd.h>
#include <linux/bitops.h>
#include <linux/bug.h>
@@ -326,6 +327,7 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
info->reg_id_aa64mmfr2 = read_cpuid(ID_AA64MMFR2_EL1);
info->reg_id_aa64pfr0 = read_cpuid(ID_AA64PFR0_EL1);
info->reg_id_aa64pfr1 = read_cpuid(ID_AA64PFR1_EL1);
+ info->reg_id_aa64zfr0 = read_cpuid(ID_AA64ZFR0_EL1);
/* Update the 32bit ID registers only if AArch32 is implemented */
if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) {
@@ -348,6 +350,10 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
info->reg_mvfr2 = read_cpuid(MVFR2_EL1);
}
+ if (IS_ENABLED(CONFIG_ARM64_SVE) &&
+ id_aa64pfr0_sve(info->reg_id_aa64pfr0))
+ info->reg_zcr = read_zcr_features();
+
cpuinfo_detect_icache_policy(info);
}
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 324c112..5673f50 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -113,19 +113,19 @@
static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
/* Default VL for tasks that don't set it explicitly: */
-static int sve_default_vl = SVE_VL_MIN;
+static int sve_default_vl = -1;
#ifdef CONFIG_ARM64_SVE
/* Maximum supported vector length across all CPUs (initially poisoned) */
int __ro_after_init sve_max_vl = -1;
/* Set of available vector lengths, as vq_to_bit(vq): */
-static DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+static __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
#else /* ! CONFIG_ARM64_SVE */
/* Dummy declaration for code that will be optimised out: */
-extern DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+extern __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
#endif /* ! CONFIG_ARM64_SVE */
@@ -506,6 +506,111 @@ int sve_set_vector_length(struct task_struct *task,
return 0;
}
+/*
+ * Bitmap for temporary storage of the per-CPU set of supported vector lengths
+ * during secondary boot.
+ */
+static DECLARE_BITMAP(sve_secondary_vq_map, SVE_VQ_MAX);
+
+static void sve_probe_vqs(DECLARE_BITMAP(map, SVE_VQ_MAX))
+{
+ unsigned int vq, vl;
+ unsigned long zcr;
+
+ bitmap_zero(map, SVE_VQ_MAX);
+
+ zcr = ZCR_ELx_LEN_MASK;
+ zcr = read_sysreg_s(SYS_ZCR_EL1) & ~zcr;
+
+ for (vq = SVE_VQ_MAX; vq >= SVE_VQ_MIN; --vq) {
+ write_sysreg_s(zcr | (vq - 1), SYS_ZCR_EL1); /* self-syncing */
+ vl = sve_get_vl();
+ vq = sve_vq_from_vl(vl); /* skip intervening lengths */
+ set_bit(vq_to_bit(vq), map);
+ }
+}
+
+void __init sve_init_vq_map(void)
+{
+ sve_probe_vqs(sve_vq_map);
+}
+
+/*
+ * If we haven't committed to the set of supported VQs yet, filter out
+ * those not supported by the current CPU.
+ */
+void sve_update_vq_map(void)
+{
+ sve_probe_vqs(sve_secondary_vq_map);
+ bitmap_and(sve_vq_map, sve_vq_map, sve_secondary_vq_map, SVE_VQ_MAX);
+}
+
+/* Check whether the current CPU supports all VQs in the committed set */
+int sve_verify_vq_map(void)
+{
+ int ret = 0;
+
+ sve_probe_vqs(sve_secondary_vq_map);
+ bitmap_andnot(sve_secondary_vq_map, sve_vq_map, sve_secondary_vq_map,
+ SVE_VQ_MAX);
+ if (!bitmap_empty(sve_secondary_vq_map, SVE_VQ_MAX)) {
+ pr_warn("SVE: cpu%d: Required vector length(s) missing\n",
+ smp_processor_id());
+ ret = -EINVAL;
+ }
+
+ return ret;
+}
+
+/*
+ * Enable SVE for EL1.
+ * Intended for use by the cpufeatures code during CPU boot.
+ */
+int sve_kernel_enable(void *__always_unused p)
+{
+ write_sysreg(read_sysreg(CPACR_EL1) | CPACR_EL1_ZEN_EL1EN, CPACR_EL1);
+ isb();
+
+ return 0;
+}
+
+void __init sve_setup(void)
+{
+ u64 zcr;
+
+ if (!system_supports_sve())
+ return;
+
+ /*
+ * The SVE architecture mandates support for 128-bit vectors,
+ * so sve_vq_map must have at least SVE_VQ_MIN set.
+ * If something went wrong, at least try to patch it up:
+ */
+ if (WARN_ON(!test_bit(vq_to_bit(SVE_VQ_MIN), sve_vq_map)))
+ set_bit(vq_to_bit(SVE_VQ_MIN), sve_vq_map);
+
+ zcr = read_sanitised_ftr_reg(SYS_ZCR_EL1);
+ sve_max_vl = sve_vl_from_vq((zcr & ZCR_ELx_LEN_MASK) + 1);
+
+ /*
+ * Sanity-check that the max VL we determined through CPU features
+ * corresponds properly to sve_vq_map. If not, do our best:
+ */
+ if (WARN_ON(sve_max_vl != find_supported_vector_length(sve_max_vl)))
+ sve_max_vl = find_supported_vector_length(sve_max_vl);
+
+ /*
+ * For the default VL, pick the maximum supported value <= 64.
+ * VL == 64 is guaranteed not to grow the signal frame.
+ */
+ sve_default_vl = find_supported_vector_length(64);
+
+ pr_info("SVE: maximum available vector length %u bytes per vector\n",
+ sve_max_vl);
+ pr_info("SVE: default vector length %u bytes per vector\n",
+ sve_default_vl);
+}
+
void fpsimd_release_thread(struct task_struct *dead_task)
{
sve_free(dead_task);
@@ -637,6 +742,9 @@ void fpsimd_flush_thread(void)
* This is where we ensure that all user tasks have a valid
* vector length configured: no kernel task can become a user
* task without an exec and hence a call to this function.
+ * By the time the first call to this function is made, all
+ * early hardware probing is complete, so sve_default_vl
+ * should be valid.
* If a bug causes this to go wrong, we make some noise and
* try to fudge thread.sve_vl to a safe value here.
*/
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Suzuki K Poulose
This patch uses the cpufeatures framework to determine common SVE
capabilities and vector lengths, and configures the runtime SVE
support code appropriately.
ZCR_ELx is not really a feature register, but it is convenient to
use it as a template for recording the maximum vector length
supported by a CPU, using the LEN field. This field is similar to
a feature field in that it is a contiguous bitfield for which we
want to determine the minimum system-wide value. This patch adds
ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
custom code to populate it. Finding the minimum supported value of
the LEN field is left to the cpufeatures framework in the usual
way.
The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
so for now we just require it to be zero.
Note that much of this code is dormant and SVE still won't be used
yet, since system_supports_sve() remains hardwired to false.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
---
Dropped Alex Bennée's Reviewed-by, since there is new logic in this
patch.
Changes since v2
----------------
Bug fixes:
* Got rid of dynamic allocation of the shadow vector length map during
secondary boot. Secondary CPU boot takes place in atomic context,
and relying on GFP_ATOMIC here doesn't seem justified.
Instead, the needed additional bitmap is allocated statically. Only
one shadow map is needed, because CPUs don't boot concurrently.
Requested by Alex Bennée:
* Reflowed untidy comment above read_zcr_features()
* Added comments to read_zcr_features() to explain what it's trying to do
(which is otherwise not readily apparent).
Requested by Catalin Marinas:
* Moved disabling of the EL1 SVE trap to the cpufeatures C code.
This allows addition of new assembler in __cpu_setup to be
avoided.
Miscellaneous:
* Added comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/cpu.h | 4 ++
arch/arm64/include/asm/cpufeature.h | 36 ++++++++++++
arch/arm64/include/asm/fpsimd.h | 14 +++++
arch/arm64/kernel/cpufeature.c | 50 ++++++++++++++++
arch/arm64/kernel/cpuinfo.c | 6 ++
arch/arm64/kernel/fpsimd.c | 114 +++++++++++++++++++++++++++++++++++-
6 files changed, 221 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/include/asm/cpu.h b/arch/arm64/include/asm/cpu.h
index 889226b..8839227 100644
--- a/arch/arm64/include/asm/cpu.h
+++ b/arch/arm64/include/asm/cpu.h
@@ -41,6 +41,7 @@ struct cpuinfo_arm64 {
u64 reg_id_aa64mmfr2;
u64 reg_id_aa64pfr0;
u64 reg_id_aa64pfr1;
+ u64 reg_id_aa64zfr0;
u32 reg_id_dfr0;
u32 reg_id_isar0;
@@ -59,6 +60,9 @@ struct cpuinfo_arm64 {
u32 reg_mvfr0;
u32 reg_mvfr1;
u32 reg_mvfr2;
+
+ /* pseudo-ZCR for recording maximum ZCR_EL1 LEN value: */
+ u64 reg_zcr;
};
DECLARE_PER_CPU(struct cpuinfo_arm64, cpu_data);
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 4ea3441..51be8e8 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -10,7 +10,9 @@
#define __ASM_CPUFEATURE_H
#include <asm/cpucaps.h>
+#include <asm/fpsimd.h>
#include <asm/hwcap.h>
+#include <asm/sigcontext.h>
#include <asm/sysreg.h>
/*
@@ -223,6 +225,13 @@ static inline bool id_aa64pfr0_32bit_el0(u64 pfr0)
return val == ID_AA64PFR0_EL0_32BIT_64BIT;
}
+static inline bool id_aa64pfr0_sve(u64 pfr0)
+{
+ u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_SVE_SHIFT);
+
+ return val > 0;
+}
+
void __init setup_cpu_features(void);
void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
@@ -267,6 +276,33 @@ static inline bool system_supports_sve(void)
return false;
}
+/*
+ * Read the pseudo-ZCR used by cpufeatures to identify the supported SVE
+ * vector length.
+ *
+ * Use only if SVE is present.
+ * This function clobbers the SVE vector length.
+ */
+static u64 __maybe_unused read_zcr_features(void)
+{
+ u64 zcr;
+ unsigned int vq_max;
+
+ /*
+ * Set the maximum possible VL, and write zeroes to all other
+ * bits to see if they stick.
+ */
+ sve_kernel_enable(NULL);
+ write_sysreg_s(ZCR_ELx_LEN_MASK, SYS_ZCR_EL1);
+
+ zcr = read_sysreg_s(SYS_ZCR_EL1);
+ zcr &= ~(u64)ZCR_ELx_LEN_MASK; /* find sticky 1s outside LEN field */
+ vq_max = sve_vq_from_vl(sve_get_vl());
+ zcr |= vq_max - 1; /* set LEN field to maximum effective value */
+
+ return zcr;
+}
+
#endif /* __ASSEMBLY__ */
#endif
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 7dd3939..bad72fd 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -79,6 +79,7 @@ extern void sve_save_state(void *state, u32 *pfpsr);
extern void sve_load_state(void const *state, u32 const *pfpsr,
unsigned long vq_minus_1);
extern unsigned int sve_get_vl(void);
+extern int sve_kernel_enable(void *);
extern int __ro_after_init sve_max_vl;
@@ -91,10 +92,23 @@ extern void fpsimd_release_thread(struct task_struct *task);
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
+/*
+ * Probing and setup functions.
+ * Calls to these functions must be serialised with one another.
+ */
+extern void __init sve_init_vq_map(void);
+extern void sve_update_vq_map(void);
+extern int sve_verify_vq_map(void);
+extern void __init sve_setup(void);
+
#else /* ! CONFIG_ARM64_SVE */
static void __maybe_unused sve_alloc(struct task_struct *task) { }
static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
+static void __maybe_unused sve_init_vq_map(void) { }
+static void __maybe_unused sve_update_vq_map(void) { }
+static int __maybe_unused sve_verify_vq_map(void) { return 0; }
+static void __maybe_unused sve_setup(void) { }
#endif /* ! CONFIG_ARM64_SVE */
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 92a9502..c5acf38 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -27,6 +27,7 @@
#include <asm/cpu.h>
#include <asm/cpufeature.h>
#include <asm/cpu_ops.h>
+#include <asm/fpsimd.h>
#include <asm/mmu_context.h>
#include <asm/processor.h>
#include <asm/sysreg.h>
@@ -283,6 +284,12 @@ static const struct arm64_ftr_bits ftr_id_dfr0[] = {
ARM64_FTR_END,
};
+static const struct arm64_ftr_bits ftr_zcr[] = {
+ ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE,
+ ZCR_ELx_LEN_SHIFT, ZCR_ELx_LEN_SIZE, 0), /* LEN */
+ ARM64_FTR_END,
+};
+
/*
* Common ftr bits for a 32bit register with all hidden, strict
* attributes, with 4bit feature fields and a default safe value of
@@ -349,6 +356,7 @@ static const struct __ftr_reg_entry {
/* Op1 = 0, CRn = 0, CRm = 4 */
ARM64_FTR_REG(SYS_ID_AA64PFR0_EL1, ftr_id_aa64pfr0),
ARM64_FTR_REG(SYS_ID_AA64PFR1_EL1, ftr_raz),
+ ARM64_FTR_REG(SYS_ID_AA64ZFR0_EL1, ftr_raz),
/* Op1 = 0, CRn = 0, CRm = 5 */
ARM64_FTR_REG(SYS_ID_AA64DFR0_EL1, ftr_id_aa64dfr0),
@@ -363,6 +371,9 @@ static const struct __ftr_reg_entry {
ARM64_FTR_REG(SYS_ID_AA64MMFR1_EL1, ftr_id_aa64mmfr1),
ARM64_FTR_REG(SYS_ID_AA64MMFR2_EL1, ftr_id_aa64mmfr2),
+ /* Op1 = 0, CRn = 1, CRm = 2 */
+ ARM64_FTR_REG(SYS_ZCR_EL1, ftr_zcr),
+
/* Op1 = 3, CRn = 0, CRm = 0 */
{ SYS_CTR_EL0, &arm64_ftr_reg_ctrel0 },
ARM64_FTR_REG(SYS_DCZID_EL0, ftr_dczid),
@@ -500,6 +511,7 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
init_cpu_ftr_reg(SYS_ID_AA64MMFR2_EL1, info->reg_id_aa64mmfr2);
init_cpu_ftr_reg(SYS_ID_AA64PFR0_EL1, info->reg_id_aa64pfr0);
init_cpu_ftr_reg(SYS_ID_AA64PFR1_EL1, info->reg_id_aa64pfr1);
+ init_cpu_ftr_reg(SYS_ID_AA64ZFR0_EL1, info->reg_id_aa64zfr0);
if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) {
init_cpu_ftr_reg(SYS_ID_DFR0_EL1, info->reg_id_dfr0);
@@ -520,6 +532,10 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
init_cpu_ftr_reg(SYS_MVFR2_EL1, info->reg_mvfr2);
}
+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
+ init_cpu_ftr_reg(SYS_ZCR_EL1, info->reg_zcr);
+ sve_init_vq_map();
+ }
}
static void update_cpu_ftr_reg(struct arm64_ftr_reg *reg, u64 new)
@@ -623,6 +639,9 @@ void update_cpu_features(int cpu,
taint |= check_update_ftr_reg(SYS_ID_AA64PFR1_EL1, cpu,
info->reg_id_aa64pfr1, boot->reg_id_aa64pfr1);
+ taint |= check_update_ftr_reg(SYS_ID_AA64ZFR0_EL1, cpu,
+ info->reg_id_aa64zfr0, boot->reg_id_aa64zfr0);
+
/*
* If we have AArch32, we care about 32-bit features for compat.
* If the system doesn't support AArch32, don't update them.
@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
info->reg_mvfr2, boot->reg_mvfr2);
}
+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
+ info->reg_zcr, boot->reg_zcr);
+
+ if (!sys_caps_initialised)
+ sve_update_vq_map();
+ }
+
/*
* Mismatched CPU features are a recipe for disaster. Don't even
* pretend to support them.
@@ -1097,6 +1124,23 @@ verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
}
}
+static void verify_sve_features(void)
+{
+ u64 safe_zcr = read_sanitised_ftr_reg(SYS_ZCR_EL1);
+ u64 zcr = read_zcr_features();
+
+ unsigned int safe_len = safe_zcr & ZCR_ELx_LEN_MASK;
+ unsigned int len = zcr & ZCR_ELx_LEN_MASK;
+
+ if (len < safe_len || sve_verify_vq_map()) {
+ pr_crit("CPU%d: SVE: required vector length(s) missing\n",
+ smp_processor_id());
+ cpu_die_early();
+ }
+
+ /* Add checks on other ZCR bits here if necessary */
+}
+
/*
* Run through the enabled system capabilities and enable() it on this CPU.
* The capabilities were decided based on the available CPUs at the boot time.
@@ -1110,8 +1154,12 @@ static void verify_local_cpu_capabilities(void)
verify_local_cpu_errata_workarounds();
verify_local_cpu_features(arm64_features);
verify_local_elf_hwcaps(arm64_elf_hwcaps);
+
if (system_supports_32bit_el0())
verify_local_elf_hwcaps(compat_elf_hwcaps);
+
+ if (system_supports_sve())
+ verify_sve_features();
}
void check_local_cpu_capabilities(void)
@@ -1189,6 +1237,8 @@ void __init setup_cpu_features(void)
if (system_supports_32bit_el0())
setup_elf_hwcaps(compat_elf_hwcaps);
+ sve_setup();
+
/* Advertise that we have computed the system capabilities */
set_sys_caps_initialised();
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index 3118859..be260e8 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -19,6 +19,7 @@
#include <asm/cpu.h>
#include <asm/cputype.h>
#include <asm/cpufeature.h>
+#include <asm/fpsimd.h>
#include <linux/bitops.h>
#include <linux/bug.h>
@@ -326,6 +327,7 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
info->reg_id_aa64mmfr2 = read_cpuid(ID_AA64MMFR2_EL1);
info->reg_id_aa64pfr0 = read_cpuid(ID_AA64PFR0_EL1);
info->reg_id_aa64pfr1 = read_cpuid(ID_AA64PFR1_EL1);
+ info->reg_id_aa64zfr0 = read_cpuid(ID_AA64ZFR0_EL1);
/* Update the 32bit ID registers only if AArch32 is implemented */
if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) {
@@ -348,6 +350,10 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
info->reg_mvfr2 = read_cpuid(MVFR2_EL1);
}
+ if (IS_ENABLED(CONFIG_ARM64_SVE) &&
+ id_aa64pfr0_sve(info->reg_id_aa64pfr0))
+ info->reg_zcr = read_zcr_features();
+
cpuinfo_detect_icache_policy(info);
}
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 324c112..5673f50 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -113,19 +113,19 @@
static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
/* Default VL for tasks that don't set it explicitly: */
-static int sve_default_vl = SVE_VL_MIN;
+static int sve_default_vl = -1;
#ifdef CONFIG_ARM64_SVE
/* Maximum supported vector length across all CPUs (initially poisoned) */
int __ro_after_init sve_max_vl = -1;
/* Set of available vector lengths, as vq_to_bit(vq): */
-static DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+static __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
#else /* ! CONFIG_ARM64_SVE */
/* Dummy declaration for code that will be optimised out: */
-extern DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+extern __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
#endif /* ! CONFIG_ARM64_SVE */
@@ -506,6 +506,111 @@ int sve_set_vector_length(struct task_struct *task,
return 0;
}
+/*
+ * Bitmap for temporary storage of the per-CPU set of supported vector lengths
+ * during secondary boot.
+ */
+static DECLARE_BITMAP(sve_secondary_vq_map, SVE_VQ_MAX);
+
+static void sve_probe_vqs(DECLARE_BITMAP(map, SVE_VQ_MAX))
+{
+ unsigned int vq, vl;
+ unsigned long zcr;
+
+ bitmap_zero(map, SVE_VQ_MAX);
+
+ zcr = ZCR_ELx_LEN_MASK;
+ zcr = read_sysreg_s(SYS_ZCR_EL1) & ~zcr;
+
+ for (vq = SVE_VQ_MAX; vq >= SVE_VQ_MIN; --vq) {
+ write_sysreg_s(zcr | (vq - 1), SYS_ZCR_EL1); /* self-syncing */
+ vl = sve_get_vl();
+ vq = sve_vq_from_vl(vl); /* skip intervening lengths */
+ set_bit(vq_to_bit(vq), map);
+ }
+}
+
+void __init sve_init_vq_map(void)
+{
+ sve_probe_vqs(sve_vq_map);
+}
+
+/*
+ * If we haven't committed to the set of supported VQs yet, filter out
+ * those not supported by the current CPU.
+ */
+void sve_update_vq_map(void)
+{
+ sve_probe_vqs(sve_secondary_vq_map);
+ bitmap_and(sve_vq_map, sve_vq_map, sve_secondary_vq_map, SVE_VQ_MAX);
+}
+
+/* Check whether the current CPU supports all VQs in the committed set */
+int sve_verify_vq_map(void)
+{
+ int ret = 0;
+
+ sve_probe_vqs(sve_secondary_vq_map);
+ bitmap_andnot(sve_secondary_vq_map, sve_vq_map, sve_secondary_vq_map,
+ SVE_VQ_MAX);
+ if (!bitmap_empty(sve_secondary_vq_map, SVE_VQ_MAX)) {
+ pr_warn("SVE: cpu%d: Required vector length(s) missing\n",
+ smp_processor_id());
+ ret = -EINVAL;
+ }
+
+ return ret;
+}
+
+/*
+ * Enable SVE for EL1.
+ * Intended for use by the cpufeatures code during CPU boot.
+ */
+int sve_kernel_enable(void *__always_unused p)
+{
+ write_sysreg(read_sysreg(CPACR_EL1) | CPACR_EL1_ZEN_EL1EN, CPACR_EL1);
+ isb();
+
+ return 0;
+}
+
+void __init sve_setup(void)
+{
+ u64 zcr;
+
+ if (!system_supports_sve())
+ return;
+
+ /*
+ * The SVE architecture mandates support for 128-bit vectors,
+ * so sve_vq_map must have at least SVE_VQ_MIN set.
+ * If something went wrong, at least try to patch it up:
+ */
+ if (WARN_ON(!test_bit(vq_to_bit(SVE_VQ_MIN), sve_vq_map)))
+ set_bit(vq_to_bit(SVE_VQ_MIN), sve_vq_map);
+
+ zcr = read_sanitised_ftr_reg(SYS_ZCR_EL1);
+ sve_max_vl = sve_vl_from_vq((zcr & ZCR_ELx_LEN_MASK) + 1);
+
+ /*
+ * Sanity-check that the max VL we determined through CPU features
+ * corresponds properly to sve_vq_map. If not, do our best:
+ */
+ if (WARN_ON(sve_max_vl != find_supported_vector_length(sve_max_vl)))
+ sve_max_vl = find_supported_vector_length(sve_max_vl);
+
+ /*
+ * For the default VL, pick the maximum supported value <= 64.
+ * VL == 64 is guaranteed not to grow the signal frame.
+ */
+ sve_default_vl = find_supported_vector_length(64);
+
+ pr_info("SVE: maximum available vector length %u bytes per vector\n",
+ sve_max_vl);
+ pr_info("SVE: default vector length %u bytes per vector\n",
+ sve_default_vl);
+}
+
void fpsimd_release_thread(struct task_struct *dead_task)
{
sve_free(dead_task);
@@ -637,6 +742,9 @@ void fpsimd_flush_thread(void)
* This is where we ensure that all user tasks have a valid
* vector length configured: no kernel task can become a user
* task without an exec and hence a call to this function.
+ * By the time the first call to this function is made, all
+ * early hardware probing is complete, so sve_default_vl
+ * should be valid.
* If a bug causes this to go wrong, we make some noise and
* try to fudge thread.sve_vl to a safe value here.
*/
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch uses the cpufeatures framework to determine common SVE
capabilities and vector lengths, and configures the runtime SVE
support code appropriately.
ZCR_ELx is not really a feature register, but it is convenient to
use it as a template for recording the maximum vector length
supported by a CPU, using the LEN field. This field is similar to
a feature field in that it is a contiguous bitfield for which we
want to determine the minimum system-wide value. This patch adds
ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
custom code to populate it. Finding the minimum supported value of
the LEN field is left to the cpufeatures framework in the usual
way.
The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
so for now we just require it to be zero.
Note that much of this code is dormant and SVE still won't be used
yet, since system_supports_sve() remains hardwired to false.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Benn?e <alex.bennee@linaro.org>
Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
---
Dropped Alex Benn?e's Reviewed-by, since there is new logic in this
patch.
Changes since v2
----------------
Bug fixes:
* Got rid of dynamic allocation of the shadow vector length map during
secondary boot. Secondary CPU boot takes place in atomic context,
and relying on GFP_ATOMIC here doesn't seem justified.
Instead, the needed additional bitmap is allocated statically. Only
one shadow map is needed, because CPUs don't boot concurrently.
Requested by Alex Benn?e:
* Reflowed untidy comment above read_zcr_features()
* Added comments to read_zcr_features() to explain what it's trying to do
(which is otherwise not readily apparent).
Requested by Catalin Marinas:
* Moved disabling of the EL1 SVE trap to the cpufeatures C code.
This allows addition of new assembler in __cpu_setup to be
avoided.
Miscellaneous:
* Added comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/cpu.h | 4 ++
arch/arm64/include/asm/cpufeature.h | 36 ++++++++++++
arch/arm64/include/asm/fpsimd.h | 14 +++++
arch/arm64/kernel/cpufeature.c | 50 ++++++++++++++++
arch/arm64/kernel/cpuinfo.c | 6 ++
arch/arm64/kernel/fpsimd.c | 114 +++++++++++++++++++++++++++++++++++-
6 files changed, 221 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/include/asm/cpu.h b/arch/arm64/include/asm/cpu.h
index 889226b..8839227 100644
--- a/arch/arm64/include/asm/cpu.h
+++ b/arch/arm64/include/asm/cpu.h
@@ -41,6 +41,7 @@ struct cpuinfo_arm64 {
u64 reg_id_aa64mmfr2;
u64 reg_id_aa64pfr0;
u64 reg_id_aa64pfr1;
+ u64 reg_id_aa64zfr0;
u32 reg_id_dfr0;
u32 reg_id_isar0;
@@ -59,6 +60,9 @@ struct cpuinfo_arm64 {
u32 reg_mvfr0;
u32 reg_mvfr1;
u32 reg_mvfr2;
+
+ /* pseudo-ZCR for recording maximum ZCR_EL1 LEN value: */
+ u64 reg_zcr;
};
DECLARE_PER_CPU(struct cpuinfo_arm64, cpu_data);
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 4ea3441..51be8e8 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -10,7 +10,9 @@
#define __ASM_CPUFEATURE_H
#include <asm/cpucaps.h>
+#include <asm/fpsimd.h>
#include <asm/hwcap.h>
+#include <asm/sigcontext.h>
#include <asm/sysreg.h>
/*
@@ -223,6 +225,13 @@ static inline bool id_aa64pfr0_32bit_el0(u64 pfr0)
return val == ID_AA64PFR0_EL0_32BIT_64BIT;
}
+static inline bool id_aa64pfr0_sve(u64 pfr0)
+{
+ u32 val = cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_SVE_SHIFT);
+
+ return val > 0;
+}
+
void __init setup_cpu_features(void);
void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
@@ -267,6 +276,33 @@ static inline bool system_supports_sve(void)
return false;
}
+/*
+ * Read the pseudo-ZCR used by cpufeatures to identify the supported SVE
+ * vector length.
+ *
+ * Use only if SVE is present.
+ * This function clobbers the SVE vector length.
+ */
+static u64 __maybe_unused read_zcr_features(void)
+{
+ u64 zcr;
+ unsigned int vq_max;
+
+ /*
+ * Set the maximum possible VL, and write zeroes to all other
+ * bits to see if they stick.
+ */
+ sve_kernel_enable(NULL);
+ write_sysreg_s(ZCR_ELx_LEN_MASK, SYS_ZCR_EL1);
+
+ zcr = read_sysreg_s(SYS_ZCR_EL1);
+ zcr &= ~(u64)ZCR_ELx_LEN_MASK; /* find sticky 1s outside LEN field */
+ vq_max = sve_vq_from_vl(sve_get_vl());
+ zcr |= vq_max - 1; /* set LEN field to maximum effective value */
+
+ return zcr;
+}
+
#endif /* __ASSEMBLY__ */
#endif
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 7dd3939..bad72fd 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -79,6 +79,7 @@ extern void sve_save_state(void *state, u32 *pfpsr);
extern void sve_load_state(void const *state, u32 const *pfpsr,
unsigned long vq_minus_1);
extern unsigned int sve_get_vl(void);
+extern int sve_kernel_enable(void *);
extern int __ro_after_init sve_max_vl;
@@ -91,10 +92,23 @@ extern void fpsimd_release_thread(struct task_struct *task);
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
+/*
+ * Probing and setup functions.
+ * Calls to these functions must be serialised with one another.
+ */
+extern void __init sve_init_vq_map(void);
+extern void sve_update_vq_map(void);
+extern int sve_verify_vq_map(void);
+extern void __init sve_setup(void);
+
#else /* ! CONFIG_ARM64_SVE */
static void __maybe_unused sve_alloc(struct task_struct *task) { }
static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
+static void __maybe_unused sve_init_vq_map(void) { }
+static void __maybe_unused sve_update_vq_map(void) { }
+static int __maybe_unused sve_verify_vq_map(void) { return 0; }
+static void __maybe_unused sve_setup(void) { }
#endif /* ! CONFIG_ARM64_SVE */
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 92a9502..c5acf38 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -27,6 +27,7 @@
#include <asm/cpu.h>
#include <asm/cpufeature.h>
#include <asm/cpu_ops.h>
+#include <asm/fpsimd.h>
#include <asm/mmu_context.h>
#include <asm/processor.h>
#include <asm/sysreg.h>
@@ -283,6 +284,12 @@ static const struct arm64_ftr_bits ftr_id_dfr0[] = {
ARM64_FTR_END,
};
+static const struct arm64_ftr_bits ftr_zcr[] = {
+ ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE,
+ ZCR_ELx_LEN_SHIFT, ZCR_ELx_LEN_SIZE, 0), /* LEN */
+ ARM64_FTR_END,
+};
+
/*
* Common ftr bits for a 32bit register with all hidden, strict
* attributes, with 4bit feature fields and a default safe value of
@@ -349,6 +356,7 @@ static const struct __ftr_reg_entry {
/* Op1 = 0, CRn = 0, CRm = 4 */
ARM64_FTR_REG(SYS_ID_AA64PFR0_EL1, ftr_id_aa64pfr0),
ARM64_FTR_REG(SYS_ID_AA64PFR1_EL1, ftr_raz),
+ ARM64_FTR_REG(SYS_ID_AA64ZFR0_EL1, ftr_raz),
/* Op1 = 0, CRn = 0, CRm = 5 */
ARM64_FTR_REG(SYS_ID_AA64DFR0_EL1, ftr_id_aa64dfr0),
@@ -363,6 +371,9 @@ static const struct __ftr_reg_entry {
ARM64_FTR_REG(SYS_ID_AA64MMFR1_EL1, ftr_id_aa64mmfr1),
ARM64_FTR_REG(SYS_ID_AA64MMFR2_EL1, ftr_id_aa64mmfr2),
+ /* Op1 = 0, CRn = 1, CRm = 2 */
+ ARM64_FTR_REG(SYS_ZCR_EL1, ftr_zcr),
+
/* Op1 = 3, CRn = 0, CRm = 0 */
{ SYS_CTR_EL0, &arm64_ftr_reg_ctrel0 },
ARM64_FTR_REG(SYS_DCZID_EL0, ftr_dczid),
@@ -500,6 +511,7 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
init_cpu_ftr_reg(SYS_ID_AA64MMFR2_EL1, info->reg_id_aa64mmfr2);
init_cpu_ftr_reg(SYS_ID_AA64PFR0_EL1, info->reg_id_aa64pfr0);
init_cpu_ftr_reg(SYS_ID_AA64PFR1_EL1, info->reg_id_aa64pfr1);
+ init_cpu_ftr_reg(SYS_ID_AA64ZFR0_EL1, info->reg_id_aa64zfr0);
if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) {
init_cpu_ftr_reg(SYS_ID_DFR0_EL1, info->reg_id_dfr0);
@@ -520,6 +532,10 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
init_cpu_ftr_reg(SYS_MVFR2_EL1, info->reg_mvfr2);
}
+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
+ init_cpu_ftr_reg(SYS_ZCR_EL1, info->reg_zcr);
+ sve_init_vq_map();
+ }
}
static void update_cpu_ftr_reg(struct arm64_ftr_reg *reg, u64 new)
@@ -623,6 +639,9 @@ void update_cpu_features(int cpu,
taint |= check_update_ftr_reg(SYS_ID_AA64PFR1_EL1, cpu,
info->reg_id_aa64pfr1, boot->reg_id_aa64pfr1);
+ taint |= check_update_ftr_reg(SYS_ID_AA64ZFR0_EL1, cpu,
+ info->reg_id_aa64zfr0, boot->reg_id_aa64zfr0);
+
/*
* If we have AArch32, we care about 32-bit features for compat.
* If the system doesn't support AArch32, don't update them.
@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
info->reg_mvfr2, boot->reg_mvfr2);
}
+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
+ info->reg_zcr, boot->reg_zcr);
+
+ if (!sys_caps_initialised)
+ sve_update_vq_map();
+ }
+
/*
* Mismatched CPU features are a recipe for disaster. Don't even
* pretend to support them.
@@ -1097,6 +1124,23 @@ verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
}
}
+static void verify_sve_features(void)
+{
+ u64 safe_zcr = read_sanitised_ftr_reg(SYS_ZCR_EL1);
+ u64 zcr = read_zcr_features();
+
+ unsigned int safe_len = safe_zcr & ZCR_ELx_LEN_MASK;
+ unsigned int len = zcr & ZCR_ELx_LEN_MASK;
+
+ if (len < safe_len || sve_verify_vq_map()) {
+ pr_crit("CPU%d: SVE: required vector length(s) missing\n",
+ smp_processor_id());
+ cpu_die_early();
+ }
+
+ /* Add checks on other ZCR bits here if necessary */
+}
+
/*
* Run through the enabled system capabilities and enable() it on this CPU.
* The capabilities were decided based on the available CPUs@the boot time.
@@ -1110,8 +1154,12 @@ static void verify_local_cpu_capabilities(void)
verify_local_cpu_errata_workarounds();
verify_local_cpu_features(arm64_features);
verify_local_elf_hwcaps(arm64_elf_hwcaps);
+
if (system_supports_32bit_el0())
verify_local_elf_hwcaps(compat_elf_hwcaps);
+
+ if (system_supports_sve())
+ verify_sve_features();
}
void check_local_cpu_capabilities(void)
@@ -1189,6 +1237,8 @@ void __init setup_cpu_features(void)
if (system_supports_32bit_el0())
setup_elf_hwcaps(compat_elf_hwcaps);
+ sve_setup();
+
/* Advertise that we have computed the system capabilities */
set_sys_caps_initialised();
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index 3118859..be260e8 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -19,6 +19,7 @@
#include <asm/cpu.h>
#include <asm/cputype.h>
#include <asm/cpufeature.h>
+#include <asm/fpsimd.h>
#include <linux/bitops.h>
#include <linux/bug.h>
@@ -326,6 +327,7 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
info->reg_id_aa64mmfr2 = read_cpuid(ID_AA64MMFR2_EL1);
info->reg_id_aa64pfr0 = read_cpuid(ID_AA64PFR0_EL1);
info->reg_id_aa64pfr1 = read_cpuid(ID_AA64PFR1_EL1);
+ info->reg_id_aa64zfr0 = read_cpuid(ID_AA64ZFR0_EL1);
/* Update the 32bit ID registers only if AArch32 is implemented */
if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0)) {
@@ -348,6 +350,10 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
info->reg_mvfr2 = read_cpuid(MVFR2_EL1);
}
+ if (IS_ENABLED(CONFIG_ARM64_SVE) &&
+ id_aa64pfr0_sve(info->reg_id_aa64pfr0))
+ info->reg_zcr = read_zcr_features();
+
cpuinfo_detect_icache_policy(info);
}
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 324c112..5673f50 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -113,19 +113,19 @@
static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
/* Default VL for tasks that don't set it explicitly: */
-static int sve_default_vl = SVE_VL_MIN;
+static int sve_default_vl = -1;
#ifdef CONFIG_ARM64_SVE
/* Maximum supported vector length across all CPUs (initially poisoned) */
int __ro_after_init sve_max_vl = -1;
/* Set of available vector lengths, as vq_to_bit(vq): */
-static DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+static __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
#else /* ! CONFIG_ARM64_SVE */
/* Dummy declaration for code that will be optimised out: */
-extern DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+extern __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
#endif /* ! CONFIG_ARM64_SVE */
@@ -506,6 +506,111 @@ int sve_set_vector_length(struct task_struct *task,
return 0;
}
+/*
+ * Bitmap for temporary storage of the per-CPU set of supported vector lengths
+ * during secondary boot.
+ */
+static DECLARE_BITMAP(sve_secondary_vq_map, SVE_VQ_MAX);
+
+static void sve_probe_vqs(DECLARE_BITMAP(map, SVE_VQ_MAX))
+{
+ unsigned int vq, vl;
+ unsigned long zcr;
+
+ bitmap_zero(map, SVE_VQ_MAX);
+
+ zcr = ZCR_ELx_LEN_MASK;
+ zcr = read_sysreg_s(SYS_ZCR_EL1) & ~zcr;
+
+ for (vq = SVE_VQ_MAX; vq >= SVE_VQ_MIN; --vq) {
+ write_sysreg_s(zcr | (vq - 1), SYS_ZCR_EL1); /* self-syncing */
+ vl = sve_get_vl();
+ vq = sve_vq_from_vl(vl); /* skip intervening lengths */
+ set_bit(vq_to_bit(vq), map);
+ }
+}
+
+void __init sve_init_vq_map(void)
+{
+ sve_probe_vqs(sve_vq_map);
+}
+
+/*
+ * If we haven't committed to the set of supported VQs yet, filter out
+ * those not supported by the current CPU.
+ */
+void sve_update_vq_map(void)
+{
+ sve_probe_vqs(sve_secondary_vq_map);
+ bitmap_and(sve_vq_map, sve_vq_map, sve_secondary_vq_map, SVE_VQ_MAX);
+}
+
+/* Check whether the current CPU supports all VQs in the committed set */
+int sve_verify_vq_map(void)
+{
+ int ret = 0;
+
+ sve_probe_vqs(sve_secondary_vq_map);
+ bitmap_andnot(sve_secondary_vq_map, sve_vq_map, sve_secondary_vq_map,
+ SVE_VQ_MAX);
+ if (!bitmap_empty(sve_secondary_vq_map, SVE_VQ_MAX)) {
+ pr_warn("SVE: cpu%d: Required vector length(s) missing\n",
+ smp_processor_id());
+ ret = -EINVAL;
+ }
+
+ return ret;
+}
+
+/*
+ * Enable SVE for EL1.
+ * Intended for use by the cpufeatures code during CPU boot.
+ */
+int sve_kernel_enable(void *__always_unused p)
+{
+ write_sysreg(read_sysreg(CPACR_EL1) | CPACR_EL1_ZEN_EL1EN, CPACR_EL1);
+ isb();
+
+ return 0;
+}
+
+void __init sve_setup(void)
+{
+ u64 zcr;
+
+ if (!system_supports_sve())
+ return;
+
+ /*
+ * The SVE architecture mandates support for 128-bit vectors,
+ * so sve_vq_map must have at least SVE_VQ_MIN set.
+ * If something went wrong, at least try to patch it up:
+ */
+ if (WARN_ON(!test_bit(vq_to_bit(SVE_VQ_MIN), sve_vq_map)))
+ set_bit(vq_to_bit(SVE_VQ_MIN), sve_vq_map);
+
+ zcr = read_sanitised_ftr_reg(SYS_ZCR_EL1);
+ sve_max_vl = sve_vl_from_vq((zcr & ZCR_ELx_LEN_MASK) + 1);
+
+ /*
+ * Sanity-check that the max VL we determined through CPU features
+ * corresponds properly to sve_vq_map. If not, do our best:
+ */
+ if (WARN_ON(sve_max_vl != find_supported_vector_length(sve_max_vl)))
+ sve_max_vl = find_supported_vector_length(sve_max_vl);
+
+ /*
+ * For the default VL, pick the maximum supported value <= 64.
+ * VL == 64 is guaranteed not to grow the signal frame.
+ */
+ sve_default_vl = find_supported_vector_length(64);
+
+ pr_info("SVE: maximum available vector length %u bytes per vector\n",
+ sve_max_vl);
+ pr_info("SVE: default vector length %u bytes per vector\n",
+ sve_default_vl);
+}
+
void fpsimd_release_thread(struct task_struct *dead_task)
{
sve_free(dead_task);
@@ -637,6 +742,9 @@ void fpsimd_flush_thread(void)
* This is where we ensure that all user tasks have a valid
* vector length configured: no kernel task can become a user
* task without an exec and hence a call to this function.
+ * By the time the first call to this function is made, all
+ * early hardware probing is complete, so sve_default_vl
+ * should be valid.
* If a bug causes this to go wrong, we make some noise and
* try to fudge thread.sve_vl to a safe value here.
*/
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 17/28] arm64/sve: Preserve SVE registers around kernel-mode NEON use
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
Kernel-mode NEON will corrupt the SVE vector registers, due to the
way they alias the FPSIMD vector registers in the hardware.
This patch ensures that any live SVE register content for the task
is saved by kernel_neon_begin(). The data will be restored in the
usual way on return to userspace.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 5673f50..b1d383a 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -909,8 +909,10 @@ void kernel_neon_begin(void)
__this_cpu_write(kernel_neon_busy, true);
/* Save unsaved task fpsimd state, if any: */
- if (current->mm && !test_and_set_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
+ if (current->mm) {
+ task_fpsimd_save();
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ }
/* Invalidate any task state remaining in the fpsimd regs: */
__this_cpu_write(fpsimd_last_state, NULL);
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 17/28] arm64/sve: Preserve SVE registers around kernel-mode NEON use
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
Kernel-mode NEON will corrupt the SVE vector registers, due to the
way they alias the FPSIMD vector registers in the hardware.
This patch ensures that any live SVE register content for the task
is saved by kernel_neon_begin(). The data will be restored in the
usual way on return to userspace.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 5673f50..b1d383a 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -909,8 +909,10 @@ void kernel_neon_begin(void)
__this_cpu_write(kernel_neon_busy, true);
/* Save unsaved task fpsimd state, if any: */
- if (current->mm && !test_and_set_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
+ if (current->mm) {
+ task_fpsimd_save();
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ }
/* Invalidate any task state remaining in the fpsimd regs: */
__this_cpu_write(fpsimd_last_state, NULL);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 17/28] arm64/sve: Preserve SVE registers around kernel-mode NEON use
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Kernel-mode NEON will corrupt the SVE vector registers, due to the
way they alias the FPSIMD vector registers in the hardware.
This patch ensures that any live SVE register content for the task
is saved by kernel_neon_begin(). The data will be restored in the
usual way on return to userspace.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 5673f50..b1d383a 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -909,8 +909,10 @@ void kernel_neon_begin(void)
__this_cpu_write(kernel_neon_busy, true);
/* Save unsaved task fpsimd state, if any: */
- if (current->mm && !test_and_set_thread_flag(TIF_FOREIGN_FPSTATE))
- fpsimd_save_state(¤t->thread.fpsimd_state);
+ if (current->mm) {
+ task_fpsimd_save();
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ }
/* Invalidate any task state remaining in the fpsimd regs: */
__this_cpu_write(fpsimd_last_state, NULL);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 18/28] arm64/sve: Preserve SVE registers around EFI runtime service calls
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
The EFI runtime services ABI allows EFI to make free use of the
FPSIMD registers during EFI runtime service calls, subject to the
callee-save requirements of the AArch64 procedure call standard.
However, the SVE architecture allows upper bits of the SVE vector
registers to be zeroed as a side-effect of FPSIMD V-register
writes. This means that the SVE vector registers must be saved in
their entirety in order to avoid data loss: non-SVE-aware EFI
implementations cannot restore them correctly.
The non-IRQ case is already handled gracefully by
kernel_neon_begin(). For the IRQ case, this patch allocates a
suitable per-CPU stash buffer for the full SVE register state and
uses it to preserve the affected registers around EFI calls. It is
currently unclear how the EFI runtime services ABI will be
clarified with respect to SVE, so it safest to assume that the
predicate registers and FFR must be saved and restored too.
No attempt is made to restore the restore the vector length after
a call, for now. It is deemed rather insane for EFI to change it,
and contemporary EFI implementations certainly won't.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Changes since v2
----------------
Miscellaneous:
* Applied a BUG_ON removal that was split into the wrong patch in v2.
* Fixed overindentation of panic() call in sve_efi_setup().
---
arch/arm64/kernel/fpsimd.c | 67 +++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 61 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index b1d383a..c194627 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -121,11 +121,13 @@ static int sve_default_vl = -1;
int __ro_after_init sve_max_vl = -1;
/* Set of available vector lengths, as vq_to_bit(vq): */
static __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+static void __percpu *efi_sve_state;
#else /* ! CONFIG_ARM64_SVE */
/* Dummy declaration for code that will be optimised out: */
extern __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+extern void __percpu *efi_sve_state;
#endif /* ! CONFIG_ARM64_SVE */
@@ -562,6 +564,30 @@ int sve_verify_vq_map(void)
return ret;
}
+static void __init sve_efi_setup(void)
+{
+ if (!IS_ENABLED(CONFIG_EFI))
+ return;
+
+ /*
+ * alloc_percpu() warns and prints a backtrace if this goes wrong.
+ * This is evidence of a crippled system and we are returning void,
+ * so no attempt is made to handle this situation here.
+ */
+ if (!sve_vl_valid(sve_max_vl))
+ goto fail;
+
+ efi_sve_state = __alloc_percpu(
+ SVE_SIG_REGS_SIZE(sve_vq_from_vl(sve_max_vl)), SVE_VQ_BYTES);
+ if (!efi_sve_state)
+ goto fail;
+
+ return;
+
+fail:
+ panic("Cannot allocate percpu memory for EFI SVE save/restore");
+}
+
/*
* Enable SVE for EL1.
* Intended for use by the cpufeatures code during CPU boot.
@@ -609,6 +635,8 @@ void __init sve_setup(void)
sve_max_vl);
pr_info("SVE: default vector length %u bytes per vector\n",
sve_default_vl);
+
+ sve_efi_setup();
}
void fpsimd_release_thread(struct task_struct *dead_task)
@@ -950,6 +978,7 @@ EXPORT_SYMBOL(kernel_neon_end);
static DEFINE_PER_CPU(struct fpsimd_state, efi_fpsimd_state);
static DEFINE_PER_CPU(bool, efi_fpsimd_state_used);
+static DEFINE_PER_CPU(bool, efi_sve_state_used);
/*
* EFI runtime services support functions
@@ -975,10 +1004,24 @@ void __efi_fpsimd_begin(void)
WARN_ON(preemptible());
- if (may_use_simd())
+ if (may_use_simd()) {
kernel_neon_begin();
- else {
- fpsimd_save_state(this_cpu_ptr(&efi_fpsimd_state));
+ } else {
+ /*
+ * If !efi_sve_state, SVE can't be in use yet and doesn't need
+ * preserving:
+ */
+ if (system_supports_sve() && likely(efi_sve_state)) {
+ char *sve_state = this_cpu_ptr(efi_sve_state);
+
+ __this_cpu_write(efi_sve_state_used, true);
+
+ sve_save_state(sve_state + sve_ffr_offset(sve_max_vl),
+ &this_cpu_ptr(&efi_fpsimd_state)->fpsr);
+ } else {
+ fpsimd_save_state(this_cpu_ptr(&efi_fpsimd_state));
+ }
+
__this_cpu_write(efi_fpsimd_state_used, true);
}
}
@@ -991,10 +1034,22 @@ void __efi_fpsimd_end(void)
if (!system_supports_fpsimd())
return;
- if (__this_cpu_xchg(efi_fpsimd_state_used, false))
- fpsimd_load_state(this_cpu_ptr(&efi_fpsimd_state));
- else
+ if (!__this_cpu_xchg(efi_fpsimd_state_used, false)) {
kernel_neon_end();
+ } else {
+ if (system_supports_sve() &&
+ likely(__this_cpu_read(efi_sve_state_used))) {
+ char const *sve_state = this_cpu_ptr(efi_sve_state);
+
+ sve_load_state(sve_state + sve_ffr_offset(sve_max_vl),
+ &this_cpu_ptr(&efi_fpsimd_state)->fpsr,
+ sve_vq_from_vl(sve_get_vl()) - 1);
+
+ __this_cpu_write(efi_sve_state_used, false);
+ } else {
+ fpsimd_load_state(this_cpu_ptr(&efi_fpsimd_state));
+ }
+ }
}
#endif /* CONFIG_EFI */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 18/28] arm64/sve: Preserve SVE registers around EFI runtime service calls
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
The EFI runtime services ABI allows EFI to make free use of the
FPSIMD registers during EFI runtime service calls, subject to the
callee-save requirements of the AArch64 procedure call standard.
However, the SVE architecture allows upper bits of the SVE vector
registers to be zeroed as a side-effect of FPSIMD V-register
writes. This means that the SVE vector registers must be saved in
their entirety in order to avoid data loss: non-SVE-aware EFI
implementations cannot restore them correctly.
The non-IRQ case is already handled gracefully by
kernel_neon_begin(). For the IRQ case, this patch allocates a
suitable per-CPU stash buffer for the full SVE register state and
uses it to preserve the affected registers around EFI calls. It is
currently unclear how the EFI runtime services ABI will be
clarified with respect to SVE, so it safest to assume that the
predicate registers and FFR must be saved and restored too.
No attempt is made to restore the restore the vector length after
a call, for now. It is deemed rather insane for EFI to change it,
and contemporary EFI implementations certainly won't.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Changes since v2
----------------
Miscellaneous:
* Applied a BUG_ON removal that was split into the wrong patch in v2.
* Fixed overindentation of panic() call in sve_efi_setup().
---
arch/arm64/kernel/fpsimd.c | 67 +++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 61 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index b1d383a..c194627 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -121,11 +121,13 @@ static int sve_default_vl = -1;
int __ro_after_init sve_max_vl = -1;
/* Set of available vector lengths, as vq_to_bit(vq): */
static __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+static void __percpu *efi_sve_state;
#else /* ! CONFIG_ARM64_SVE */
/* Dummy declaration for code that will be optimised out: */
extern __ro_after_init DECLARE_BITMAP(sve_vq_map, SVE_VQ_MAX);
+extern void __percpu *efi_sve_state;
#endif /* ! CONFIG_ARM64_SVE */
@@ -562,6 +564,30 @@ int sve_verify_vq_map(void)
return ret;
}
+static void __init sve_efi_setup(void)
+{
+ if (!IS_ENABLED(CONFIG_EFI))
+ return;
+
+ /*
+ * alloc_percpu() warns and prints a backtrace if this goes wrong.
+ * This is evidence of a crippled system and we are returning void,
+ * so no attempt is made to handle this situation here.
+ */
+ if (!sve_vl_valid(sve_max_vl))
+ goto fail;
+
+ efi_sve_state = __alloc_percpu(
+ SVE_SIG_REGS_SIZE(sve_vq_from_vl(sve_max_vl)), SVE_VQ_BYTES);
+ if (!efi_sve_state)
+ goto fail;
+
+ return;
+
+fail:
+ panic("Cannot allocate percpu memory for EFI SVE save/restore");
+}
+
/*
* Enable SVE for EL1.
* Intended for use by the cpufeatures code during CPU boot.
@@ -609,6 +635,8 @@ void __init sve_setup(void)
sve_max_vl);
pr_info("SVE: default vector length %u bytes per vector\n",
sve_default_vl);
+
+ sve_efi_setup();
}
void fpsimd_release_thread(struct task_struct *dead_task)
@@ -950,6 +978,7 @@ EXPORT_SYMBOL(kernel_neon_end);
static DEFINE_PER_CPU(struct fpsimd_state, efi_fpsimd_state);
static DEFINE_PER_CPU(bool, efi_fpsimd_state_used);
+static DEFINE_PER_CPU(bool, efi_sve_state_used);
/*
* EFI runtime services support functions
@@ -975,10 +1004,24 @@ void __efi_fpsimd_begin(void)
WARN_ON(preemptible());
- if (may_use_simd())
+ if (may_use_simd()) {
kernel_neon_begin();
- else {
- fpsimd_save_state(this_cpu_ptr(&efi_fpsimd_state));
+ } else {
+ /*
+ * If !efi_sve_state, SVE can't be in use yet and doesn't need
+ * preserving:
+ */
+ if (system_supports_sve() && likely(efi_sve_state)) {
+ char *sve_state = this_cpu_ptr(efi_sve_state);
+
+ __this_cpu_write(efi_sve_state_used, true);
+
+ sve_save_state(sve_state + sve_ffr_offset(sve_max_vl),
+ &this_cpu_ptr(&efi_fpsimd_state)->fpsr);
+ } else {
+ fpsimd_save_state(this_cpu_ptr(&efi_fpsimd_state));
+ }
+
__this_cpu_write(efi_fpsimd_state_used, true);
}
}
@@ -991,10 +1034,22 @@ void __efi_fpsimd_end(void)
if (!system_supports_fpsimd())
return;
- if (__this_cpu_xchg(efi_fpsimd_state_used, false))
- fpsimd_load_state(this_cpu_ptr(&efi_fpsimd_state));
- else
+ if (!__this_cpu_xchg(efi_fpsimd_state_used, false)) {
kernel_neon_end();
+ } else {
+ if (system_supports_sve() &&
+ likely(__this_cpu_read(efi_sve_state_used))) {
+ char const *sve_state = this_cpu_ptr(efi_sve_state);
+
+ sve_load_state(sve_state + sve_ffr_offset(sve_max_vl),
+ &this_cpu_ptr(&efi_fpsimd_state)->fpsr,
+ sve_vq_from_vl(sve_get_vl()) - 1);
+
+ __this_cpu_write(efi_sve_state_used, false);
+ } else {
+ fpsimd_load_state(this_cpu_ptr(&efi_fpsimd_state));
+ }
+ }
}
#endif /* CONFIG_EFI */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Alan Hayward, Will Deacon,
Richard Sandiford, kvmarm
This patch defines and implements a new regset NT_ARM_SVE, which
describes a thread's SVE register state. This allows a debugger to
manipulate the SVE state, as well as being included in ELF
coredumps for post-mortem debugging.
Because the regset size and layout are dependent on the thread's
current vector length, it is not possible to define a C struct to
describe the regset contents as is done for existing regsets.
Instead, and for the same reasons, NT_ARM_SVE is based on the
freeform variable-layout approach used for the SVE signal frame.
Additionally, to reduce debug overhead when debugging threads that
might or might not have live SVE register state, NT_ARM_SVE may be
presented in one of two different formats: the old struct
user_fpsimd_state format is embedded for describing the state of a
thread with no live SVE state, whereas a new variable-layout
structure is embedded for describing live SVE state. This avoids a
debugger needing to poll NT_PRFPREG in addition to NT_ARM_SVE, and
allows existing userspace code to handle the non-SVE case without
too much modification.
For this to work, NT_ARM_SVE is defined with a fixed-format header
of type struct user_sve_header, which the recipient can use to
figure out the content, size and layout of the reset of the regset.
Accessor macros are defined to allow the vector-length-dependent
parts of the regset to be manipulated.
Signed-off-by: Alan Hayward <alan.hayward@arm.com>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
Cc: Okamoto Takayuki <tokamoto@jp.fujitsu.com>
---
Dropped Alex Bennée's reviewed-by, since bug fixes have been applied.
Changes since v2
----------------
Bug fixes:
* Initialised user_sve_header.sve_max_vl properly in
sve_init_header_from_task(). (Reported by Okamoto Takayuki.)
This bug was introduced by the refactoring since v1 to remove
BUG_ON()s. A WARN_ON() was introduced to fix up the error case
here, but the code for the non-error case was lost.
This resulted in userspace seeing max_size == 0 when reading
NT_ARM_SVE with PTRACE_GETREGSET. NT_ARM_SVE would also get
truncated in coredmups (though I've not tested that).
This fix ensures that max_size is initialised, and only overrides
the value written if it would be garbage.
* In sve_set(), the flags for sve_set_vector_length() are shifted
into the correct position. Without this, a PTRACE_SETREGSET for
NT_ARM_SVE may reject valid flags (including flags read via
PTRACE_GETREGSET) with -EINVAL: thus, legitimate uses including
save/restore may not work.
Miscellaneous:
* Clarified comment in ptrace.h about keeping flags in sync with
prctl.h so that it won't be misinterpreted as applying to
SVE_PT_REGS_{MASK, FPSIMD,SVE} (which deliberately have no prctl
equivalent).
* Added comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/fpsimd.h | 13 +-
arch/arm64/include/uapi/asm/ptrace.h | 138 ++++++++++++++++++
arch/arm64/kernel/fpsimd.c | 60 ++++++++
arch/arm64/kernel/ptrace.c | 271 +++++++++++++++++++++++++++++++++--
include/uapi/linux/elf.h | 1 +
5 files changed, 474 insertions(+), 9 deletions(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index bad72fd..ee6db38 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -38,13 +38,16 @@ struct fpsimd_state {
__uint128_t vregs[32];
u32 fpsr;
u32 fpcr;
+ /*
+ * For ptrace compatibility, pad to next 128-bit
+ * boundary here if extending this struct.
+ */
};
};
/* the id of the last cpu to have restored this state */
unsigned int cpu;
};
-
#if defined(__KERNEL__) && defined(CONFIG_COMPAT)
/* Masks for extracting the FPSR and FPCR from the FPSCR */
#define VFP_FPSCR_STAT_MASK 0xf800009f
@@ -89,6 +92,10 @@ extern size_t sve_state_size(struct task_struct const *task);
extern void sve_alloc(struct task_struct *task);
extern void fpsimd_release_thread(struct task_struct *task);
+extern void fpsimd_sync_to_sve(struct task_struct *task);
+extern void sve_sync_to_fpsimd(struct task_struct *task);
+extern void sve_sync_from_fpsimd_zeropad(struct task_struct *task);
+
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
@@ -105,6 +112,10 @@ extern void __init sve_setup(void);
static void __maybe_unused sve_alloc(struct task_struct *task) { }
static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
+static void __maybe_unused sve_sync_to_fpsimd(struct task_struct *task) { }
+static void __maybe_unused sve_sync_from_fpsimd_zeropad(
+ struct task_struct *task) { }
+
static void __maybe_unused sve_init_vq_map(void) { }
static void __maybe_unused sve_update_vq_map(void) { }
static int __maybe_unused sve_verify_vq_map(void) { return 0; }
diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
index d1ff83d..a0fc6a8 100644
--- a/arch/arm64/include/uapi/asm/ptrace.h
+++ b/arch/arm64/include/uapi/asm/ptrace.h
@@ -22,6 +22,7 @@
#include <linux/types.h>
#include <asm/hwcap.h>
+#include <asm/sigcontext.h>
/*
@@ -63,6 +64,8 @@
#ifndef __ASSEMBLY__
+#include <linux/prctl.h>
+
/*
* User structures for general purpose, floating point and debug registers.
*/
@@ -90,6 +93,141 @@ struct user_hwdebug_state {
} dbg_regs[16];
};
+/* SVE/FP/SIMD state (NT_ARM_SVE) */
+
+struct user_sve_header {
+ __u32 size; /* total meaningful regset content in bytes */
+ __u32 max_size; /* maxmium possible size for this thread */
+ __u16 vl; /* current vector length */
+ __u16 max_vl; /* maximum possible vector length */
+ __u16 flags;
+ __u16 __reserved;
+};
+
+/* Definitions for user_sve_header.flags: */
+#define SVE_PT_REGS_MASK (1 << 0)
+
+#define SVE_PT_REGS_FPSIMD 0
+#define SVE_PT_REGS_SVE SVE_PT_REGS_MASK
+
+/*
+ * Common SVE_PT_* flags:
+ * These must be kept in sync with prctl interface in <linux/ptrace.h>
+ */
+#define SVE_PT_VL_INHERIT (PR_SVE_VL_INHERIT >> 16)
+#define SVE_PT_VL_ONEXEC (PR_SVE_SET_VL_ONEXEC >> 16)
+
+
+/*
+ * The remainder of the SVE state follows struct user_sve_header. The
+ * total size of the SVE state (including header) depends on the
+ * metadata in the header: SVE_PT_SIZE(vq, flags) gives the total size
+ * of the state in bytes, including the header.
+ *
+ * Refer to <asm/sigcontext.h> for details of how to pass the correct
+ * "vq" argument to these macros.
+ */
+
+/* Offset from the start of struct user_sve_header to the register data */
+#define SVE_PT_REGS_OFFSET \
+ ((sizeof(struct sve_context) + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+/*
+ * The register data content and layout depends on the value of the
+ * flags field.
+ */
+
+/*
+ * (flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD case:
+ *
+ * The payload starts at offset SVE_PT_FPSIMD_OFFSET, and is of type
+ * struct user_fpsimd_state. Additional data might be appended in the
+ * future: use SVE_PT_FPSIMD_SIZE(vq, flags) to compute the total size.
+ * SVE_PT_FPSIMD_SIZE(vq, flags) will never be less than
+ * sizeof(struct user_fpsimd_state).
+ */
+
+#define SVE_PT_FPSIMD_OFFSET SVE_PT_REGS_OFFSET
+
+#define SVE_PT_FPSIMD_SIZE(vq, flags) (sizeof(struct user_fpsimd_state))
+
+/*
+ * (flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_SVE case:
+ *
+ * The payload starts at offset SVE_PT_SVE_OFFSET, and is of size
+ * SVE_PT_SVE_SIZE(vq, flags).
+ *
+ * Additional macros describe the contents and layout of the payload.
+ * For each, SVE_PT_SVE_x_OFFSET(args) is the start offset relative to
+ * the start of struct user_sve_header, and SVE_PT_SVE_x_SIZE(args) is
+ * the size in bytes:
+ *
+ * x type description
+ * - ---- -----------
+ * ZREGS \
+ * ZREG |
+ * PREGS | refer to <asm/sigcontext.h>
+ * PREG |
+ * FFR /
+ *
+ * FPSR uint32_t FPSR
+ * FPCR uint32_t FPCR
+ *
+ * Additional data might be appended in the future.
+ */
+
+#define SVE_PT_SVE_ZREG_SIZE(vq) SVE_SIG_ZREG_SIZE(vq)
+#define SVE_PT_SVE_PREG_SIZE(vq) SVE_SIG_PREG_SIZE(vq)
+#define SVE_PT_SVE_FFR_SIZE(vq) SVE_SIG_FFR_SIZE(vq)
+#define SVE_PT_SVE_FPSR_SIZE sizeof(__u32)
+#define SVE_PT_SVE_FPCR_SIZE sizeof(__u32)
+
+#define __SVE_SIG_TO_PT(offset) \
+ ((offset) - SVE_SIG_REGS_OFFSET + SVE_PT_REGS_OFFSET)
+
+#define SVE_PT_SVE_OFFSET SVE_PT_REGS_OFFSET
+
+#define SVE_PT_SVE_ZREGS_OFFSET \
+ __SVE_SIG_TO_PT(SVE_SIG_ZREGS_OFFSET)
+#define SVE_PT_SVE_ZREG_OFFSET(vq, n) \
+ __SVE_SIG_TO_PT(SVE_SIG_ZREG_OFFSET(vq, n))
+#define SVE_PT_SVE_ZREGS_SIZE(vq) \
+ (SVE_PT_SVE_ZREG_OFFSET(vq, SVE_NUM_ZREGS) - SVE_PT_SVE_ZREGS_OFFSET)
+
+#define SVE_PT_SVE_PREGS_OFFSET(vq) \
+ __SVE_SIG_TO_PT(SVE_SIG_PREGS_OFFSET(vq))
+#define SVE_PT_SVE_PREG_OFFSET(vq, n) \
+ __SVE_SIG_TO_PT(SVE_SIG_PREG_OFFSET(vq, n))
+#define SVE_PT_SVE_PREGS_SIZE(vq) \
+ (SVE_PT_SVE_PREG_OFFSET(vq, SVE_NUM_PREGS) - \
+ SVE_PT_SVE_PREGS_OFFSET(vq))
+
+#define SVE_PT_SVE_FFR_OFFSET(vq) \
+ __SVE_SIG_TO_PT(SVE_SIG_FFR_OFFSET(vq))
+
+#define SVE_PT_SVE_FPSR_OFFSET(vq) \
+ ((SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq) + \
+ (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+#define SVE_PT_SVE_FPCR_OFFSET(vq) \
+ (SVE_PT_SVE_FPSR_OFFSET(vq) + SVE_PT_SVE_FPSR_SIZE)
+
+/*
+ * Any future extension appended after FPCR must be aligned to the next
+ * 128-bit boundary.
+ */
+
+#define SVE_PT_SVE_SIZE(vq, flags) \
+ ((SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE \
+ - SVE_PT_SVE_OFFSET + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+#define SVE_PT_SIZE(vq, flags) \
+ (((flags) & SVE_PT_REGS_MASK) == SVE_PT_REGS_SVE ? \
+ SVE_PT_SVE_OFFSET + SVE_PT_SVE_SIZE(vq, flags) \
+ : SVE_PT_FPSIMD_OFFSET + SVE_PT_FPSIMD_SIZE(vq, flags))
+
#endif /* __ASSEMBLY__ */
#endif /* _UAPI__ASM_PTRACE_H */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index c194627..6db9f30 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -438,6 +438,66 @@ void sve_alloc(struct task_struct *task)
BUG_ON(!task->thread.sve_state);
}
+
+/*
+ * Ensure that task->thread.sve_state is up to date with respect to
+ * the user task, irrespective of when SVE is in use or not.
+ *
+ * This should only be called by ptrace. task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ */
+void fpsimd_sync_to_sve(struct task_struct *task)
+{
+ if (!test_tsk_thread_flag(task, TIF_SVE))
+ fpsimd_to_sve(task);
+}
+
+/*
+ * Ensure that task->thread.fpsimd_state is up to date with respect to
+ * the user task, irrespective of whether SVE is in use or not.
+ *
+ * This should only be called by ptrace. task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ */
+void sve_sync_to_fpsimd(struct task_struct *task)
+{
+ if (test_tsk_thread_flag(task, TIF_SVE))
+ sve_to_fpsimd(task);
+}
+
+/*
+ * Ensure that task->thread.sve_state is up to date with respect to
+ * the task->thread.fpsimd_state.
+ *
+ * This should only be called by ptrace to merge new FPSIMD register
+ * values into a task for which SVE is currently active.
+ * task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ * task->thread.fpsimd_state must already have been initialised with
+ * the new FPSIMD register values to be merged in.
+ */
+void sve_sync_from_fpsimd_zeropad(struct task_struct *task)
+{
+ unsigned int vq;
+ void *sst = task->thread.sve_state;
+ struct fpsimd_state const *fst = &task->thread.fpsimd_state;
+ unsigned int i;
+
+ if (!test_tsk_thread_flag(task, TIF_SVE))
+ return;
+
+ vq = sve_vq_from_vl(task->thread.sve_vl);
+
+ memset(sst, 0, SVE_SIG_REGS_SIZE(vq));
+
+ for (i = 0; i < 32; ++i)
+ memcpy(ZREG(sst, vq, i), &fst->vregs[i],
+ sizeof(fst->vregs[i]));
+}
+
int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags)
{
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 9cbb612..7252209 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -32,6 +32,7 @@
#include <linux/security.h>
#include <linux/init.h>
#include <linux/signal.h>
+#include <linux/string.h>
#include <linux/uaccess.h>
#include <linux/perf_event.h>
#include <linux/hw_breakpoint.h>
@@ -40,6 +41,7 @@
#include <linux/elf.h>
#include <asm/compat.h>
+#include <asm/cpufeature.h>
#include <asm/debug-monitors.h>
#include <asm/pgtable.h>
#include <asm/stacktrace.h>
@@ -618,33 +620,66 @@ static int gpr_set(struct task_struct *target, const struct user_regset *regset,
/*
* TODO: update fp accessors for lazy context switching (sync/flush hwstate)
*/
-static int fpr_get(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
- void *kbuf, void __user *ubuf)
+static int __fpr_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf, unsigned int start_pos)
{
struct user_fpsimd_state *uregs;
+
+ sve_sync_to_fpsimd(target);
+
uregs = &target->thread.fpsimd_state.user_fpsimd;
+ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs,
+ start_pos, start_pos + sizeof(*uregs));
+}
+
+static int fpr_get(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+{
if (target == current)
fpsimd_preserve_current_state();
- return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0, -1);
+ return __fpr_get(target, regset, pos, count, kbuf, ubuf, 0);
}
-static int fpr_set(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
- const void *kbuf, const void __user *ubuf)
+static int __fpr_set(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf,
+ unsigned int start_pos)
{
int ret;
struct user_fpsimd_state newstate =
target->thread.fpsimd_state.user_fpsimd;
- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate, 0, -1);
+ sve_sync_to_fpsimd(target);
+
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
+ start_pos, start_pos + sizeof(newstate));
if (ret)
return ret;
target->thread.fpsimd_state.user_fpsimd = newstate;
+
+ return ret;
+}
+
+static int fpr_set(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+{
+ int ret;
+
+ ret = __fpr_set(target, regset, pos, count, kbuf, ubuf, 0);
+ if (ret)
+ return ret;
+
+ sve_sync_from_fpsimd_zeropad(target);
fpsimd_flush_task_state(target);
+
return ret;
}
@@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
return ret;
}
+#ifdef CONFIG_ARM64_SVE
+
+static void sve_init_header_from_task(struct user_sve_header *header,
+ struct task_struct *target)
+{
+ unsigned int vq;
+
+ memset(header, 0, sizeof(*header));
+
+ header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
+ SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
+ if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT))
+ header->flags |= SVE_PT_VL_INHERIT;
+
+ header->vl = target->thread.sve_vl;
+ vq = sve_vq_from_vl(header->vl);
+
+ header->max_vl = sve_max_vl;
+ if (WARN_ON(!sve_vl_valid(sve_max_vl)))
+ header->max_vl = header->vl;
+
+ header->size = SVE_PT_SIZE(vq, header->flags);
+ header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl),
+ SVE_PT_REGS_SVE);
+}
+
+static unsigned int sve_size_from_header(struct user_sve_header const *header)
+{
+ return ALIGN(header->size, SVE_VQ_BYTES);
+}
+
+static unsigned int sve_get_size(struct task_struct *target,
+ const struct user_regset *regset)
+{
+ struct user_sve_header header;
+
+ if (!system_supports_sve())
+ return 0;
+
+ sve_init_header_from_task(&header, target);
+ return sve_size_from_header(&header);
+}
+
+static int sve_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+{
+ int ret;
+ struct user_sve_header header;
+ unsigned int vq;
+ unsigned long start, end;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ /* Header */
+ sve_init_header_from_task(&header, target);
+ vq = sve_vq_from_vl(header.vl);
+
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &header,
+ 0, sizeof(header));
+ if (ret)
+ return ret;
+
+ if (target == current)
+ fpsimd_preserve_current_state();
+
+ /* Registers: FPSIMD-only case */
+
+ BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
+ if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD)
+ return __fpr_get(target, regset, pos, count, kbuf, ubuf,
+ SVE_PT_FPSIMD_OFFSET);
+
+ /* Otherwise: full SVE case */
+
+ BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header));
+ start = SVE_PT_SVE_OFFSET;
+ end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq);
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ target->thread.sve_state,
+ start, end);
+ if (ret)
+ return ret;
+
+ start = end;
+ end = SVE_PT_SVE_FPSR_OFFSET(vq);
+ ret = user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
+ start, end);
+ if (ret)
+ return ret;
+
+ /*
+ * Copy fpsr, and fpcr which must follow contiguously in
+ * struct fpsimd_state:
+ */
+ start = end;
+ end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE;
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ &target->thread.fpsimd_state.fpsr,
+ start, end);
+ if (ret)
+ return ret;
+
+ start = end;
+ end = sve_size_from_header(&header);
+ return user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
+ start, end);
+}
+
+static int sve_set(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+{
+ int ret;
+ struct user_sve_header header;
+ unsigned int vq;
+ unsigned long start, end;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ /* Header */
+ if (count < sizeof(header))
+ return -EINVAL;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header,
+ 0, sizeof(header));
+ if (ret)
+ goto out;
+
+ /*
+ * Apart from PT_SVE_REGS_MASK, all PT_SVE_* flags are consumed by
+ * sve_set_vector_length(), which will also validate them for us:
+ */
+ ret = sve_set_vector_length(target, header.vl,
+ ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16);
+ if (ret)
+ goto out;
+
+ /* Actual VL set may be less than the user asked for: */
+ vq = sve_vq_from_vl(target->thread.sve_vl);
+
+ /* Registers: FPSIMD-only case */
+
+ BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
+ if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
+ sve_sync_to_fpsimd(target);
+
+ ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
+ SVE_PT_FPSIMD_OFFSET);
+ clear_tsk_thread_flag(target, TIF_SVE);
+ goto out;
+ }
+
+ /* Otherwise: full SVE case */
+
+ /*
+ * If setting a different VL from the requested VL and there is
+ * register data, the data layout will be wrong: don't even
+ * try to set the registers in this case.
+ */
+ if (count && vq != sve_vq_from_vl(header.vl)) {
+ ret = -EIO;
+ goto out;
+ }
+
+ sve_alloc(target);
+ fpsimd_sync_to_sve(target);
+ set_tsk_thread_flag(target, TIF_SVE);
+
+ BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header));
+ start = SVE_PT_SVE_OFFSET;
+ end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq);
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ target->thread.sve_state,
+ start, end);
+ if (ret)
+ goto out;
+
+ start = end;
+ end = SVE_PT_SVE_FPSR_OFFSET(vq);
+ ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
+ start, end);
+ if (ret)
+ goto out;
+
+ /*
+ * Copy fpsr, and fpcr which must follow contiguously in
+ * struct fpsimd_state:
+ */
+ start = end;
+ end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ &target->thread.fpsimd_state.fpsr,
+ start, end);
+
+out:
+ fpsimd_flush_task_state(target);
+ return ret;
+}
+
+#endif /* CONFIG_ARM64_SVE */
+
enum aarch64_regset {
REGSET_GPR,
REGSET_FPR,
@@ -711,6 +951,9 @@ enum aarch64_regset {
REGSET_HW_WATCH,
#endif
REGSET_SYSTEM_CALL,
+#ifdef CONFIG_ARM64_SVE
+ REGSET_SVE,
+#endif
};
static const struct user_regset aarch64_regsets[] = {
@@ -768,6 +1011,18 @@ static const struct user_regset aarch64_regsets[] = {
.get = system_call_get,
.set = system_call_set,
},
+#ifdef CONFIG_ARM64_SVE
+ [REGSET_SVE] = { /* Scalable Vector Extension */
+ .core_note_type = NT_ARM_SVE,
+ .n = DIV_ROUND_UP(SVE_PT_SIZE(SVE_VQ_MAX, SVE_PT_REGS_SVE),
+ SVE_VQ_BYTES),
+ .size = SVE_VQ_BYTES,
+ .align = SVE_VQ_BYTES,
+ .get = sve_get,
+ .set = sve_set,
+ .get_size = sve_get_size,
+ },
+#endif
};
static const struct user_regset_view user_aarch64_view = {
diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
index b5280db..735b8f4 100644
--- a/include/uapi/linux/elf.h
+++ b/include/uapi/linux/elf.h
@@ -416,6 +416,7 @@ typedef struct elf64_shdr {
#define NT_ARM_HW_BREAK 0x402 /* ARM hardware breakpoint registers */
#define NT_ARM_HW_WATCH 0x403 /* ARM hardware watchpoint registers */
#define NT_ARM_SYSTEM_CALL 0x404 /* ARM system call number */
+#define NT_ARM_SVE 0x405 /* ARM Scalable Vector Extension registers */
#define NT_METAG_CBUF 0x500 /* Metag catch buffer registers */
#define NT_METAG_RPIPE 0x501 /* Metag read pipeline state */
#define NT_METAG_TLS 0x502 /* Metag TLS pointer */
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Alan Hayward
This patch defines and implements a new regset NT_ARM_SVE, which
describes a thread's SVE register state. This allows a debugger to
manipulate the SVE state, as well as being included in ELF
coredumps for post-mortem debugging.
Because the regset size and layout are dependent on the thread's
current vector length, it is not possible to define a C struct to
describe the regset contents as is done for existing regsets.
Instead, and for the same reasons, NT_ARM_SVE is based on the
freeform variable-layout approach used for the SVE signal frame.
Additionally, to reduce debug overhead when debugging threads that
might or might not have live SVE register state, NT_ARM_SVE may be
presented in one of two different formats: the old struct
user_fpsimd_state format is embedded for describing the state of a
thread with no live SVE state, whereas a new variable-layout
structure is embedded for describing live SVE state. This avoids a
debugger needing to poll NT_PRFPREG in addition to NT_ARM_SVE, and
allows existing userspace code to handle the non-SVE case without
too much modification.
For this to work, NT_ARM_SVE is defined with a fixed-format header
of type struct user_sve_header, which the recipient can use to
figure out the content, size and layout of the reset of the regset.
Accessor macros are defined to allow the vector-length-dependent
parts of the regset to be manipulated.
Signed-off-by: Alan Hayward <alan.hayward@arm.com>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
Cc: Okamoto Takayuki <tokamoto@jp.fujitsu.com>
---
Dropped Alex Bennée's reviewed-by, since bug fixes have been applied.
Changes since v2
----------------
Bug fixes:
* Initialised user_sve_header.sve_max_vl properly in
sve_init_header_from_task(). (Reported by Okamoto Takayuki.)
This bug was introduced by the refactoring since v1 to remove
BUG_ON()s. A WARN_ON() was introduced to fix up the error case
here, but the code for the non-error case was lost.
This resulted in userspace seeing max_size == 0 when reading
NT_ARM_SVE with PTRACE_GETREGSET. NT_ARM_SVE would also get
truncated in coredmups (though I've not tested that).
This fix ensures that max_size is initialised, and only overrides
the value written if it would be garbage.
* In sve_set(), the flags for sve_set_vector_length() are shifted
into the correct position. Without this, a PTRACE_SETREGSET for
NT_ARM_SVE may reject valid flags (including flags read via
PTRACE_GETREGSET) with -EINVAL: thus, legitimate uses including
save/restore may not work.
Miscellaneous:
* Clarified comment in ptrace.h about keeping flags in sync with
prctl.h so that it won't be misinterpreted as applying to
SVE_PT_REGS_{MASK, FPSIMD,SVE} (which deliberately have no prctl
equivalent).
* Added comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/fpsimd.h | 13 +-
arch/arm64/include/uapi/asm/ptrace.h | 138 ++++++++++++++++++
arch/arm64/kernel/fpsimd.c | 60 ++++++++
arch/arm64/kernel/ptrace.c | 271 +++++++++++++++++++++++++++++++++--
include/uapi/linux/elf.h | 1 +
5 files changed, 474 insertions(+), 9 deletions(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index bad72fd..ee6db38 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -38,13 +38,16 @@ struct fpsimd_state {
__uint128_t vregs[32];
u32 fpsr;
u32 fpcr;
+ /*
+ * For ptrace compatibility, pad to next 128-bit
+ * boundary here if extending this struct.
+ */
};
};
/* the id of the last cpu to have restored this state */
unsigned int cpu;
};
-
#if defined(__KERNEL__) && defined(CONFIG_COMPAT)
/* Masks for extracting the FPSR and FPCR from the FPSCR */
#define VFP_FPSCR_STAT_MASK 0xf800009f
@@ -89,6 +92,10 @@ extern size_t sve_state_size(struct task_struct const *task);
extern void sve_alloc(struct task_struct *task);
extern void fpsimd_release_thread(struct task_struct *task);
+extern void fpsimd_sync_to_sve(struct task_struct *task);
+extern void sve_sync_to_fpsimd(struct task_struct *task);
+extern void sve_sync_from_fpsimd_zeropad(struct task_struct *task);
+
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
@@ -105,6 +112,10 @@ extern void __init sve_setup(void);
static void __maybe_unused sve_alloc(struct task_struct *task) { }
static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
+static void __maybe_unused sve_sync_to_fpsimd(struct task_struct *task) { }
+static void __maybe_unused sve_sync_from_fpsimd_zeropad(
+ struct task_struct *task) { }
+
static void __maybe_unused sve_init_vq_map(void) { }
static void __maybe_unused sve_update_vq_map(void) { }
static int __maybe_unused sve_verify_vq_map(void) { return 0; }
diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
index d1ff83d..a0fc6a8 100644
--- a/arch/arm64/include/uapi/asm/ptrace.h
+++ b/arch/arm64/include/uapi/asm/ptrace.h
@@ -22,6 +22,7 @@
#include <linux/types.h>
#include <asm/hwcap.h>
+#include <asm/sigcontext.h>
/*
@@ -63,6 +64,8 @@
#ifndef __ASSEMBLY__
+#include <linux/prctl.h>
+
/*
* User structures for general purpose, floating point and debug registers.
*/
@@ -90,6 +93,141 @@ struct user_hwdebug_state {
} dbg_regs[16];
};
+/* SVE/FP/SIMD state (NT_ARM_SVE) */
+
+struct user_sve_header {
+ __u32 size; /* total meaningful regset content in bytes */
+ __u32 max_size; /* maxmium possible size for this thread */
+ __u16 vl; /* current vector length */
+ __u16 max_vl; /* maximum possible vector length */
+ __u16 flags;
+ __u16 __reserved;
+};
+
+/* Definitions for user_sve_header.flags: */
+#define SVE_PT_REGS_MASK (1 << 0)
+
+#define SVE_PT_REGS_FPSIMD 0
+#define SVE_PT_REGS_SVE SVE_PT_REGS_MASK
+
+/*
+ * Common SVE_PT_* flags:
+ * These must be kept in sync with prctl interface in <linux/ptrace.h>
+ */
+#define SVE_PT_VL_INHERIT (PR_SVE_VL_INHERIT >> 16)
+#define SVE_PT_VL_ONEXEC (PR_SVE_SET_VL_ONEXEC >> 16)
+
+
+/*
+ * The remainder of the SVE state follows struct user_sve_header. The
+ * total size of the SVE state (including header) depends on the
+ * metadata in the header: SVE_PT_SIZE(vq, flags) gives the total size
+ * of the state in bytes, including the header.
+ *
+ * Refer to <asm/sigcontext.h> for details of how to pass the correct
+ * "vq" argument to these macros.
+ */
+
+/* Offset from the start of struct user_sve_header to the register data */
+#define SVE_PT_REGS_OFFSET \
+ ((sizeof(struct sve_context) + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+/*
+ * The register data content and layout depends on the value of the
+ * flags field.
+ */
+
+/*
+ * (flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD case:
+ *
+ * The payload starts at offset SVE_PT_FPSIMD_OFFSET, and is of type
+ * struct user_fpsimd_state. Additional data might be appended in the
+ * future: use SVE_PT_FPSIMD_SIZE(vq, flags) to compute the total size.
+ * SVE_PT_FPSIMD_SIZE(vq, flags) will never be less than
+ * sizeof(struct user_fpsimd_state).
+ */
+
+#define SVE_PT_FPSIMD_OFFSET SVE_PT_REGS_OFFSET
+
+#define SVE_PT_FPSIMD_SIZE(vq, flags) (sizeof(struct user_fpsimd_state))
+
+/*
+ * (flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_SVE case:
+ *
+ * The payload starts at offset SVE_PT_SVE_OFFSET, and is of size
+ * SVE_PT_SVE_SIZE(vq, flags).
+ *
+ * Additional macros describe the contents and layout of the payload.
+ * For each, SVE_PT_SVE_x_OFFSET(args) is the start offset relative to
+ * the start of struct user_sve_header, and SVE_PT_SVE_x_SIZE(args) is
+ * the size in bytes:
+ *
+ * x type description
+ * - ---- -----------
+ * ZREGS \
+ * ZREG |
+ * PREGS | refer to <asm/sigcontext.h>
+ * PREG |
+ * FFR /
+ *
+ * FPSR uint32_t FPSR
+ * FPCR uint32_t FPCR
+ *
+ * Additional data might be appended in the future.
+ */
+
+#define SVE_PT_SVE_ZREG_SIZE(vq) SVE_SIG_ZREG_SIZE(vq)
+#define SVE_PT_SVE_PREG_SIZE(vq) SVE_SIG_PREG_SIZE(vq)
+#define SVE_PT_SVE_FFR_SIZE(vq) SVE_SIG_FFR_SIZE(vq)
+#define SVE_PT_SVE_FPSR_SIZE sizeof(__u32)
+#define SVE_PT_SVE_FPCR_SIZE sizeof(__u32)
+
+#define __SVE_SIG_TO_PT(offset) \
+ ((offset) - SVE_SIG_REGS_OFFSET + SVE_PT_REGS_OFFSET)
+
+#define SVE_PT_SVE_OFFSET SVE_PT_REGS_OFFSET
+
+#define SVE_PT_SVE_ZREGS_OFFSET \
+ __SVE_SIG_TO_PT(SVE_SIG_ZREGS_OFFSET)
+#define SVE_PT_SVE_ZREG_OFFSET(vq, n) \
+ __SVE_SIG_TO_PT(SVE_SIG_ZREG_OFFSET(vq, n))
+#define SVE_PT_SVE_ZREGS_SIZE(vq) \
+ (SVE_PT_SVE_ZREG_OFFSET(vq, SVE_NUM_ZREGS) - SVE_PT_SVE_ZREGS_OFFSET)
+
+#define SVE_PT_SVE_PREGS_OFFSET(vq) \
+ __SVE_SIG_TO_PT(SVE_SIG_PREGS_OFFSET(vq))
+#define SVE_PT_SVE_PREG_OFFSET(vq, n) \
+ __SVE_SIG_TO_PT(SVE_SIG_PREG_OFFSET(vq, n))
+#define SVE_PT_SVE_PREGS_SIZE(vq) \
+ (SVE_PT_SVE_PREG_OFFSET(vq, SVE_NUM_PREGS) - \
+ SVE_PT_SVE_PREGS_OFFSET(vq))
+
+#define SVE_PT_SVE_FFR_OFFSET(vq) \
+ __SVE_SIG_TO_PT(SVE_SIG_FFR_OFFSET(vq))
+
+#define SVE_PT_SVE_FPSR_OFFSET(vq) \
+ ((SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq) + \
+ (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+#define SVE_PT_SVE_FPCR_OFFSET(vq) \
+ (SVE_PT_SVE_FPSR_OFFSET(vq) + SVE_PT_SVE_FPSR_SIZE)
+
+/*
+ * Any future extension appended after FPCR must be aligned to the next
+ * 128-bit boundary.
+ */
+
+#define SVE_PT_SVE_SIZE(vq, flags) \
+ ((SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE \
+ - SVE_PT_SVE_OFFSET + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+#define SVE_PT_SIZE(vq, flags) \
+ (((flags) & SVE_PT_REGS_MASK) == SVE_PT_REGS_SVE ? \
+ SVE_PT_SVE_OFFSET + SVE_PT_SVE_SIZE(vq, flags) \
+ : SVE_PT_FPSIMD_OFFSET + SVE_PT_FPSIMD_SIZE(vq, flags))
+
#endif /* __ASSEMBLY__ */
#endif /* _UAPI__ASM_PTRACE_H */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index c194627..6db9f30 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -438,6 +438,66 @@ void sve_alloc(struct task_struct *task)
BUG_ON(!task->thread.sve_state);
}
+
+/*
+ * Ensure that task->thread.sve_state is up to date with respect to
+ * the user task, irrespective of when SVE is in use or not.
+ *
+ * This should only be called by ptrace. task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ */
+void fpsimd_sync_to_sve(struct task_struct *task)
+{
+ if (!test_tsk_thread_flag(task, TIF_SVE))
+ fpsimd_to_sve(task);
+}
+
+/*
+ * Ensure that task->thread.fpsimd_state is up to date with respect to
+ * the user task, irrespective of whether SVE is in use or not.
+ *
+ * This should only be called by ptrace. task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ */
+void sve_sync_to_fpsimd(struct task_struct *task)
+{
+ if (test_tsk_thread_flag(task, TIF_SVE))
+ sve_to_fpsimd(task);
+}
+
+/*
+ * Ensure that task->thread.sve_state is up to date with respect to
+ * the task->thread.fpsimd_state.
+ *
+ * This should only be called by ptrace to merge new FPSIMD register
+ * values into a task for which SVE is currently active.
+ * task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ * task->thread.fpsimd_state must already have been initialised with
+ * the new FPSIMD register values to be merged in.
+ */
+void sve_sync_from_fpsimd_zeropad(struct task_struct *task)
+{
+ unsigned int vq;
+ void *sst = task->thread.sve_state;
+ struct fpsimd_state const *fst = &task->thread.fpsimd_state;
+ unsigned int i;
+
+ if (!test_tsk_thread_flag(task, TIF_SVE))
+ return;
+
+ vq = sve_vq_from_vl(task->thread.sve_vl);
+
+ memset(sst, 0, SVE_SIG_REGS_SIZE(vq));
+
+ for (i = 0; i < 32; ++i)
+ memcpy(ZREG(sst, vq, i), &fst->vregs[i],
+ sizeof(fst->vregs[i]));
+}
+
int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags)
{
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 9cbb612..7252209 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -32,6 +32,7 @@
#include <linux/security.h>
#include <linux/init.h>
#include <linux/signal.h>
+#include <linux/string.h>
#include <linux/uaccess.h>
#include <linux/perf_event.h>
#include <linux/hw_breakpoint.h>
@@ -40,6 +41,7 @@
#include <linux/elf.h>
#include <asm/compat.h>
+#include <asm/cpufeature.h>
#include <asm/debug-monitors.h>
#include <asm/pgtable.h>
#include <asm/stacktrace.h>
@@ -618,33 +620,66 @@ static int gpr_set(struct task_struct *target, const struct user_regset *regset,
/*
* TODO: update fp accessors for lazy context switching (sync/flush hwstate)
*/
-static int fpr_get(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
- void *kbuf, void __user *ubuf)
+static int __fpr_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf, unsigned int start_pos)
{
struct user_fpsimd_state *uregs;
+
+ sve_sync_to_fpsimd(target);
+
uregs = &target->thread.fpsimd_state.user_fpsimd;
+ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs,
+ start_pos, start_pos + sizeof(*uregs));
+}
+
+static int fpr_get(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+{
if (target == current)
fpsimd_preserve_current_state();
- return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0, -1);
+ return __fpr_get(target, regset, pos, count, kbuf, ubuf, 0);
}
-static int fpr_set(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
- const void *kbuf, const void __user *ubuf)
+static int __fpr_set(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf,
+ unsigned int start_pos)
{
int ret;
struct user_fpsimd_state newstate =
target->thread.fpsimd_state.user_fpsimd;
- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate, 0, -1);
+ sve_sync_to_fpsimd(target);
+
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
+ start_pos, start_pos + sizeof(newstate));
if (ret)
return ret;
target->thread.fpsimd_state.user_fpsimd = newstate;
+
+ return ret;
+}
+
+static int fpr_set(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+{
+ int ret;
+
+ ret = __fpr_set(target, regset, pos, count, kbuf, ubuf, 0);
+ if (ret)
+ return ret;
+
+ sve_sync_from_fpsimd_zeropad(target);
fpsimd_flush_task_state(target);
+
return ret;
}
@@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
return ret;
}
+#ifdef CONFIG_ARM64_SVE
+
+static void sve_init_header_from_task(struct user_sve_header *header,
+ struct task_struct *target)
+{
+ unsigned int vq;
+
+ memset(header, 0, sizeof(*header));
+
+ header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
+ SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
+ if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT))
+ header->flags |= SVE_PT_VL_INHERIT;
+
+ header->vl = target->thread.sve_vl;
+ vq = sve_vq_from_vl(header->vl);
+
+ header->max_vl = sve_max_vl;
+ if (WARN_ON(!sve_vl_valid(sve_max_vl)))
+ header->max_vl = header->vl;
+
+ header->size = SVE_PT_SIZE(vq, header->flags);
+ header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl),
+ SVE_PT_REGS_SVE);
+}
+
+static unsigned int sve_size_from_header(struct user_sve_header const *header)
+{
+ return ALIGN(header->size, SVE_VQ_BYTES);
+}
+
+static unsigned int sve_get_size(struct task_struct *target,
+ const struct user_regset *regset)
+{
+ struct user_sve_header header;
+
+ if (!system_supports_sve())
+ return 0;
+
+ sve_init_header_from_task(&header, target);
+ return sve_size_from_header(&header);
+}
+
+static int sve_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+{
+ int ret;
+ struct user_sve_header header;
+ unsigned int vq;
+ unsigned long start, end;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ /* Header */
+ sve_init_header_from_task(&header, target);
+ vq = sve_vq_from_vl(header.vl);
+
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &header,
+ 0, sizeof(header));
+ if (ret)
+ return ret;
+
+ if (target == current)
+ fpsimd_preserve_current_state();
+
+ /* Registers: FPSIMD-only case */
+
+ BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
+ if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD)
+ return __fpr_get(target, regset, pos, count, kbuf, ubuf,
+ SVE_PT_FPSIMD_OFFSET);
+
+ /* Otherwise: full SVE case */
+
+ BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header));
+ start = SVE_PT_SVE_OFFSET;
+ end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq);
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ target->thread.sve_state,
+ start, end);
+ if (ret)
+ return ret;
+
+ start = end;
+ end = SVE_PT_SVE_FPSR_OFFSET(vq);
+ ret = user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
+ start, end);
+ if (ret)
+ return ret;
+
+ /*
+ * Copy fpsr, and fpcr which must follow contiguously in
+ * struct fpsimd_state:
+ */
+ start = end;
+ end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE;
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ &target->thread.fpsimd_state.fpsr,
+ start, end);
+ if (ret)
+ return ret;
+
+ start = end;
+ end = sve_size_from_header(&header);
+ return user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
+ start, end);
+}
+
+static int sve_set(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+{
+ int ret;
+ struct user_sve_header header;
+ unsigned int vq;
+ unsigned long start, end;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ /* Header */
+ if (count < sizeof(header))
+ return -EINVAL;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header,
+ 0, sizeof(header));
+ if (ret)
+ goto out;
+
+ /*
+ * Apart from PT_SVE_REGS_MASK, all PT_SVE_* flags are consumed by
+ * sve_set_vector_length(), which will also validate them for us:
+ */
+ ret = sve_set_vector_length(target, header.vl,
+ ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16);
+ if (ret)
+ goto out;
+
+ /* Actual VL set may be less than the user asked for: */
+ vq = sve_vq_from_vl(target->thread.sve_vl);
+
+ /* Registers: FPSIMD-only case */
+
+ BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
+ if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
+ sve_sync_to_fpsimd(target);
+
+ ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
+ SVE_PT_FPSIMD_OFFSET);
+ clear_tsk_thread_flag(target, TIF_SVE);
+ goto out;
+ }
+
+ /* Otherwise: full SVE case */
+
+ /*
+ * If setting a different VL from the requested VL and there is
+ * register data, the data layout will be wrong: don't even
+ * try to set the registers in this case.
+ */
+ if (count && vq != sve_vq_from_vl(header.vl)) {
+ ret = -EIO;
+ goto out;
+ }
+
+ sve_alloc(target);
+ fpsimd_sync_to_sve(target);
+ set_tsk_thread_flag(target, TIF_SVE);
+
+ BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header));
+ start = SVE_PT_SVE_OFFSET;
+ end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq);
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ target->thread.sve_state,
+ start, end);
+ if (ret)
+ goto out;
+
+ start = end;
+ end = SVE_PT_SVE_FPSR_OFFSET(vq);
+ ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
+ start, end);
+ if (ret)
+ goto out;
+
+ /*
+ * Copy fpsr, and fpcr which must follow contiguously in
+ * struct fpsimd_state:
+ */
+ start = end;
+ end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ &target->thread.fpsimd_state.fpsr,
+ start, end);
+
+out:
+ fpsimd_flush_task_state(target);
+ return ret;
+}
+
+#endif /* CONFIG_ARM64_SVE */
+
enum aarch64_regset {
REGSET_GPR,
REGSET_FPR,
@@ -711,6 +951,9 @@ enum aarch64_regset {
REGSET_HW_WATCH,
#endif
REGSET_SYSTEM_CALL,
+#ifdef CONFIG_ARM64_SVE
+ REGSET_SVE,
+#endif
};
static const struct user_regset aarch64_regsets[] = {
@@ -768,6 +1011,18 @@ static const struct user_regset aarch64_regsets[] = {
.get = system_call_get,
.set = system_call_set,
},
+#ifdef CONFIG_ARM64_SVE
+ [REGSET_SVE] = { /* Scalable Vector Extension */
+ .core_note_type = NT_ARM_SVE,
+ .n = DIV_ROUND_UP(SVE_PT_SIZE(SVE_VQ_MAX, SVE_PT_REGS_SVE),
+ SVE_VQ_BYTES),
+ .size = SVE_VQ_BYTES,
+ .align = SVE_VQ_BYTES,
+ .get = sve_get,
+ .set = sve_set,
+ .get_size = sve_get_size,
+ },
+#endif
};
static const struct user_regset_view user_aarch64_view = {
diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
index b5280db..735b8f4 100644
--- a/include/uapi/linux/elf.h
+++ b/include/uapi/linux/elf.h
@@ -416,6 +416,7 @@ typedef struct elf64_shdr {
#define NT_ARM_HW_BREAK 0x402 /* ARM hardware breakpoint registers */
#define NT_ARM_HW_WATCH 0x403 /* ARM hardware watchpoint registers */
#define NT_ARM_SYSTEM_CALL 0x404 /* ARM system call number */
+#define NT_ARM_SVE 0x405 /* ARM Scalable Vector Extension registers */
#define NT_METAG_CBUF 0x500 /* Metag catch buffer registers */
#define NT_METAG_RPIPE 0x501 /* Metag read pipeline state */
#define NT_METAG_TLS 0x502 /* Metag TLS pointer */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch defines and implements a new regset NT_ARM_SVE, which
describes a thread's SVE register state. This allows a debugger to
manipulate the SVE state, as well as being included in ELF
coredumps for post-mortem debugging.
Because the regset size and layout are dependent on the thread's
current vector length, it is not possible to define a C struct to
describe the regset contents as is done for existing regsets.
Instead, and for the same reasons, NT_ARM_SVE is based on the
freeform variable-layout approach used for the SVE signal frame.
Additionally, to reduce debug overhead when debugging threads that
might or might not have live SVE register state, NT_ARM_SVE may be
presented in one of two different formats: the old struct
user_fpsimd_state format is embedded for describing the state of a
thread with no live SVE state, whereas a new variable-layout
structure is embedded for describing live SVE state. This avoids a
debugger needing to poll NT_PRFPREG in addition to NT_ARM_SVE, and
allows existing userspace code to handle the non-SVE case without
too much modification.
For this to work, NT_ARM_SVE is defined with a fixed-format header
of type struct user_sve_header, which the recipient can use to
figure out the content, size and layout of the reset of the regset.
Accessor macros are defined to allow the vector-length-dependent
parts of the regset to be manipulated.
Signed-off-by: Alan Hayward <alan.hayward@arm.com>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Benn?e <alex.bennee@linaro.org>
Cc: Okamoto Takayuki <tokamoto@jp.fujitsu.com>
---
Dropped Alex Benn?e's reviewed-by, since bug fixes have been applied.
Changes since v2
----------------
Bug fixes:
* Initialised user_sve_header.sve_max_vl properly in
sve_init_header_from_task(). (Reported by Okamoto Takayuki.)
This bug was introduced by the refactoring since v1 to remove
BUG_ON()s. A WARN_ON() was introduced to fix up the error case
here, but the code for the non-error case was lost.
This resulted in userspace seeing max_size == 0 when reading
NT_ARM_SVE with PTRACE_GETREGSET. NT_ARM_SVE would also get
truncated in coredmups (though I've not tested that).
This fix ensures that max_size is initialised, and only overrides
the value written if it would be garbage.
* In sve_set(), the flags for sve_set_vector_length() are shifted
into the correct position. Without this, a PTRACE_SETREGSET for
NT_ARM_SVE may reject valid flags (including flags read via
PTRACE_GETREGSET) with -EINVAL: thus, legitimate uses including
save/restore may not work.
Miscellaneous:
* Clarified comment in ptrace.h about keeping flags in sync with
prctl.h so that it won't be misinterpreted as applying to
SVE_PT_REGS_{MASK, FPSIMD,SVE} (which deliberately have no prctl
equivalent).
* Added comments explaining the intent, purpose and basic constraints
for fpsimd.c helpers.
---
arch/arm64/include/asm/fpsimd.h | 13 +-
arch/arm64/include/uapi/asm/ptrace.h | 138 ++++++++++++++++++
arch/arm64/kernel/fpsimd.c | 60 ++++++++
arch/arm64/kernel/ptrace.c | 271 +++++++++++++++++++++++++++++++++--
include/uapi/linux/elf.h | 1 +
5 files changed, 474 insertions(+), 9 deletions(-)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index bad72fd..ee6db38 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -38,13 +38,16 @@ struct fpsimd_state {
__uint128_t vregs[32];
u32 fpsr;
u32 fpcr;
+ /*
+ * For ptrace compatibility, pad to next 128-bit
+ * boundary here if extending this struct.
+ */
};
};
/* the id of the last cpu to have restored this state */
unsigned int cpu;
};
-
#if defined(__KERNEL__) && defined(CONFIG_COMPAT)
/* Masks for extracting the FPSR and FPCR from the FPSCR */
#define VFP_FPSCR_STAT_MASK 0xf800009f
@@ -89,6 +92,10 @@ extern size_t sve_state_size(struct task_struct const *task);
extern void sve_alloc(struct task_struct *task);
extern void fpsimd_release_thread(struct task_struct *task);
+extern void fpsimd_sync_to_sve(struct task_struct *task);
+extern void sve_sync_to_fpsimd(struct task_struct *task);
+extern void sve_sync_from_fpsimd_zeropad(struct task_struct *task);
+
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
@@ -105,6 +112,10 @@ extern void __init sve_setup(void);
static void __maybe_unused sve_alloc(struct task_struct *task) { }
static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
+static void __maybe_unused sve_sync_to_fpsimd(struct task_struct *task) { }
+static void __maybe_unused sve_sync_from_fpsimd_zeropad(
+ struct task_struct *task) { }
+
static void __maybe_unused sve_init_vq_map(void) { }
static void __maybe_unused sve_update_vq_map(void) { }
static int __maybe_unused sve_verify_vq_map(void) { return 0; }
diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
index d1ff83d..a0fc6a8 100644
--- a/arch/arm64/include/uapi/asm/ptrace.h
+++ b/arch/arm64/include/uapi/asm/ptrace.h
@@ -22,6 +22,7 @@
#include <linux/types.h>
#include <asm/hwcap.h>
+#include <asm/sigcontext.h>
/*
@@ -63,6 +64,8 @@
#ifndef __ASSEMBLY__
+#include <linux/prctl.h>
+
/*
* User structures for general purpose, floating point and debug registers.
*/
@@ -90,6 +93,141 @@ struct user_hwdebug_state {
} dbg_regs[16];
};
+/* SVE/FP/SIMD state (NT_ARM_SVE) */
+
+struct user_sve_header {
+ __u32 size; /* total meaningful regset content in bytes */
+ __u32 max_size; /* maxmium possible size for this thread */
+ __u16 vl; /* current vector length */
+ __u16 max_vl; /* maximum possible vector length */
+ __u16 flags;
+ __u16 __reserved;
+};
+
+/* Definitions for user_sve_header.flags: */
+#define SVE_PT_REGS_MASK (1 << 0)
+
+#define SVE_PT_REGS_FPSIMD 0
+#define SVE_PT_REGS_SVE SVE_PT_REGS_MASK
+
+/*
+ * Common SVE_PT_* flags:
+ * These must be kept in sync with prctl interface in <linux/ptrace.h>
+ */
+#define SVE_PT_VL_INHERIT (PR_SVE_VL_INHERIT >> 16)
+#define SVE_PT_VL_ONEXEC (PR_SVE_SET_VL_ONEXEC >> 16)
+
+
+/*
+ * The remainder of the SVE state follows struct user_sve_header. The
+ * total size of the SVE state (including header) depends on the
+ * metadata in the header: SVE_PT_SIZE(vq, flags) gives the total size
+ * of the state in bytes, including the header.
+ *
+ * Refer to <asm/sigcontext.h> for details of how to pass the correct
+ * "vq" argument to these macros.
+ */
+
+/* Offset from the start of struct user_sve_header to the register data */
+#define SVE_PT_REGS_OFFSET \
+ ((sizeof(struct sve_context) + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+/*
+ * The register data content and layout depends on the value of the
+ * flags field.
+ */
+
+/*
+ * (flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD case:
+ *
+ * The payload starts at offset SVE_PT_FPSIMD_OFFSET, and is of type
+ * struct user_fpsimd_state. Additional data might be appended in the
+ * future: use SVE_PT_FPSIMD_SIZE(vq, flags) to compute the total size.
+ * SVE_PT_FPSIMD_SIZE(vq, flags) will never be less than
+ * sizeof(struct user_fpsimd_state).
+ */
+
+#define SVE_PT_FPSIMD_OFFSET SVE_PT_REGS_OFFSET
+
+#define SVE_PT_FPSIMD_SIZE(vq, flags) (sizeof(struct user_fpsimd_state))
+
+/*
+ * (flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_SVE case:
+ *
+ * The payload starts at offset SVE_PT_SVE_OFFSET, and is of size
+ * SVE_PT_SVE_SIZE(vq, flags).
+ *
+ * Additional macros describe the contents and layout of the payload.
+ * For each, SVE_PT_SVE_x_OFFSET(args) is the start offset relative to
+ * the start of struct user_sve_header, and SVE_PT_SVE_x_SIZE(args) is
+ * the size in bytes:
+ *
+ * x type description
+ * - ---- -----------
+ * ZREGS \
+ * ZREG |
+ * PREGS | refer to <asm/sigcontext.h>
+ * PREG |
+ * FFR /
+ *
+ * FPSR uint32_t FPSR
+ * FPCR uint32_t FPCR
+ *
+ * Additional data might be appended in the future.
+ */
+
+#define SVE_PT_SVE_ZREG_SIZE(vq) SVE_SIG_ZREG_SIZE(vq)
+#define SVE_PT_SVE_PREG_SIZE(vq) SVE_SIG_PREG_SIZE(vq)
+#define SVE_PT_SVE_FFR_SIZE(vq) SVE_SIG_FFR_SIZE(vq)
+#define SVE_PT_SVE_FPSR_SIZE sizeof(__u32)
+#define SVE_PT_SVE_FPCR_SIZE sizeof(__u32)
+
+#define __SVE_SIG_TO_PT(offset) \
+ ((offset) - SVE_SIG_REGS_OFFSET + SVE_PT_REGS_OFFSET)
+
+#define SVE_PT_SVE_OFFSET SVE_PT_REGS_OFFSET
+
+#define SVE_PT_SVE_ZREGS_OFFSET \
+ __SVE_SIG_TO_PT(SVE_SIG_ZREGS_OFFSET)
+#define SVE_PT_SVE_ZREG_OFFSET(vq, n) \
+ __SVE_SIG_TO_PT(SVE_SIG_ZREG_OFFSET(vq, n))
+#define SVE_PT_SVE_ZREGS_SIZE(vq) \
+ (SVE_PT_SVE_ZREG_OFFSET(vq, SVE_NUM_ZREGS) - SVE_PT_SVE_ZREGS_OFFSET)
+
+#define SVE_PT_SVE_PREGS_OFFSET(vq) \
+ __SVE_SIG_TO_PT(SVE_SIG_PREGS_OFFSET(vq))
+#define SVE_PT_SVE_PREG_OFFSET(vq, n) \
+ __SVE_SIG_TO_PT(SVE_SIG_PREG_OFFSET(vq, n))
+#define SVE_PT_SVE_PREGS_SIZE(vq) \
+ (SVE_PT_SVE_PREG_OFFSET(vq, SVE_NUM_PREGS) - \
+ SVE_PT_SVE_PREGS_OFFSET(vq))
+
+#define SVE_PT_SVE_FFR_OFFSET(vq) \
+ __SVE_SIG_TO_PT(SVE_SIG_FFR_OFFSET(vq))
+
+#define SVE_PT_SVE_FPSR_OFFSET(vq) \
+ ((SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq) + \
+ (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+#define SVE_PT_SVE_FPCR_OFFSET(vq) \
+ (SVE_PT_SVE_FPSR_OFFSET(vq) + SVE_PT_SVE_FPSR_SIZE)
+
+/*
+ * Any future extension appended after FPCR must be aligned to the next
+ * 128-bit boundary.
+ */
+
+#define SVE_PT_SVE_SIZE(vq, flags) \
+ ((SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE \
+ - SVE_PT_SVE_OFFSET + (SVE_VQ_BYTES - 1)) \
+ / SVE_VQ_BYTES * SVE_VQ_BYTES)
+
+#define SVE_PT_SIZE(vq, flags) \
+ (((flags) & SVE_PT_REGS_MASK) == SVE_PT_REGS_SVE ? \
+ SVE_PT_SVE_OFFSET + SVE_PT_SVE_SIZE(vq, flags) \
+ : SVE_PT_FPSIMD_OFFSET + SVE_PT_FPSIMD_SIZE(vq, flags))
+
#endif /* __ASSEMBLY__ */
#endif /* _UAPI__ASM_PTRACE_H */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index c194627..6db9f30 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -438,6 +438,66 @@ void sve_alloc(struct task_struct *task)
BUG_ON(!task->thread.sve_state);
}
+
+/*
+ * Ensure that task->thread.sve_state is up to date with respect to
+ * the user task, irrespective of when SVE is in use or not.
+ *
+ * This should only be called by ptrace. task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ */
+void fpsimd_sync_to_sve(struct task_struct *task)
+{
+ if (!test_tsk_thread_flag(task, TIF_SVE))
+ fpsimd_to_sve(task);
+}
+
+/*
+ * Ensure that task->thread.fpsimd_state is up to date with respect to
+ * the user task, irrespective of whether SVE is in use or not.
+ *
+ * This should only be called by ptrace. task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ */
+void sve_sync_to_fpsimd(struct task_struct *task)
+{
+ if (test_tsk_thread_flag(task, TIF_SVE))
+ sve_to_fpsimd(task);
+}
+
+/*
+ * Ensure that task->thread.sve_state is up to date with respect to
+ * the task->thread.fpsimd_state.
+ *
+ * This should only be called by ptrace to merge new FPSIMD register
+ * values into a task for which SVE is currently active.
+ * task must be non-runnable.
+ * task->thread.sve_state must point to at least sve_state_size(task)
+ * bytes of allocated kernel memory.
+ * task->thread.fpsimd_state must already have been initialised with
+ * the new FPSIMD register values to be merged in.
+ */
+void sve_sync_from_fpsimd_zeropad(struct task_struct *task)
+{
+ unsigned int vq;
+ void *sst = task->thread.sve_state;
+ struct fpsimd_state const *fst = &task->thread.fpsimd_state;
+ unsigned int i;
+
+ if (!test_tsk_thread_flag(task, TIF_SVE))
+ return;
+
+ vq = sve_vq_from_vl(task->thread.sve_vl);
+
+ memset(sst, 0, SVE_SIG_REGS_SIZE(vq));
+
+ for (i = 0; i < 32; ++i)
+ memcpy(ZREG(sst, vq, i), &fst->vregs[i],
+ sizeof(fst->vregs[i]));
+}
+
int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags)
{
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 9cbb612..7252209 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -32,6 +32,7 @@
#include <linux/security.h>
#include <linux/init.h>
#include <linux/signal.h>
+#include <linux/string.h>
#include <linux/uaccess.h>
#include <linux/perf_event.h>
#include <linux/hw_breakpoint.h>
@@ -40,6 +41,7 @@
#include <linux/elf.h>
#include <asm/compat.h>
+#include <asm/cpufeature.h>
#include <asm/debug-monitors.h>
#include <asm/pgtable.h>
#include <asm/stacktrace.h>
@@ -618,33 +620,66 @@ static int gpr_set(struct task_struct *target, const struct user_regset *regset,
/*
* TODO: update fp accessors for lazy context switching (sync/flush hwstate)
*/
-static int fpr_get(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
- void *kbuf, void __user *ubuf)
+static int __fpr_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf, unsigned int start_pos)
{
struct user_fpsimd_state *uregs;
+
+ sve_sync_to_fpsimd(target);
+
uregs = &target->thread.fpsimd_state.user_fpsimd;
+ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs,
+ start_pos, start_pos + sizeof(*uregs));
+}
+
+static int fpr_get(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+{
if (target == current)
fpsimd_preserve_current_state();
- return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0, -1);
+ return __fpr_get(target, regset, pos, count, kbuf, ubuf, 0);
}
-static int fpr_set(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
- const void *kbuf, const void __user *ubuf)
+static int __fpr_set(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf,
+ unsigned int start_pos)
{
int ret;
struct user_fpsimd_state newstate =
target->thread.fpsimd_state.user_fpsimd;
- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate, 0, -1);
+ sve_sync_to_fpsimd(target);
+
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
+ start_pos, start_pos + sizeof(newstate));
if (ret)
return ret;
target->thread.fpsimd_state.user_fpsimd = newstate;
+
+ return ret;
+}
+
+static int fpr_set(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+{
+ int ret;
+
+ ret = __fpr_set(target, regset, pos, count, kbuf, ubuf, 0);
+ if (ret)
+ return ret;
+
+ sve_sync_from_fpsimd_zeropad(target);
fpsimd_flush_task_state(target);
+
return ret;
}
@@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
return ret;
}
+#ifdef CONFIG_ARM64_SVE
+
+static void sve_init_header_from_task(struct user_sve_header *header,
+ struct task_struct *target)
+{
+ unsigned int vq;
+
+ memset(header, 0, sizeof(*header));
+
+ header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
+ SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
+ if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT))
+ header->flags |= SVE_PT_VL_INHERIT;
+
+ header->vl = target->thread.sve_vl;
+ vq = sve_vq_from_vl(header->vl);
+
+ header->max_vl = sve_max_vl;
+ if (WARN_ON(!sve_vl_valid(sve_max_vl)))
+ header->max_vl = header->vl;
+
+ header->size = SVE_PT_SIZE(vq, header->flags);
+ header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl),
+ SVE_PT_REGS_SVE);
+}
+
+static unsigned int sve_size_from_header(struct user_sve_header const *header)
+{
+ return ALIGN(header->size, SVE_VQ_BYTES);
+}
+
+static unsigned int sve_get_size(struct task_struct *target,
+ const struct user_regset *regset)
+{
+ struct user_sve_header header;
+
+ if (!system_supports_sve())
+ return 0;
+
+ sve_init_header_from_task(&header, target);
+ return sve_size_from_header(&header);
+}
+
+static int sve_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+{
+ int ret;
+ struct user_sve_header header;
+ unsigned int vq;
+ unsigned long start, end;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ /* Header */
+ sve_init_header_from_task(&header, target);
+ vq = sve_vq_from_vl(header.vl);
+
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &header,
+ 0, sizeof(header));
+ if (ret)
+ return ret;
+
+ if (target == current)
+ fpsimd_preserve_current_state();
+
+ /* Registers: FPSIMD-only case */
+
+ BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
+ if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD)
+ return __fpr_get(target, regset, pos, count, kbuf, ubuf,
+ SVE_PT_FPSIMD_OFFSET);
+
+ /* Otherwise: full SVE case */
+
+ BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header));
+ start = SVE_PT_SVE_OFFSET;
+ end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq);
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ target->thread.sve_state,
+ start, end);
+ if (ret)
+ return ret;
+
+ start = end;
+ end = SVE_PT_SVE_FPSR_OFFSET(vq);
+ ret = user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
+ start, end);
+ if (ret)
+ return ret;
+
+ /*
+ * Copy fpsr, and fpcr which must follow contiguously in
+ * struct fpsimd_state:
+ */
+ start = end;
+ end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE;
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ &target->thread.fpsimd_state.fpsr,
+ start, end);
+ if (ret)
+ return ret;
+
+ start = end;
+ end = sve_size_from_header(&header);
+ return user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
+ start, end);
+}
+
+static int sve_set(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+{
+ int ret;
+ struct user_sve_header header;
+ unsigned int vq;
+ unsigned long start, end;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ /* Header */
+ if (count < sizeof(header))
+ return -EINVAL;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header,
+ 0, sizeof(header));
+ if (ret)
+ goto out;
+
+ /*
+ * Apart from PT_SVE_REGS_MASK, all PT_SVE_* flags are consumed by
+ * sve_set_vector_length(), which will also validate them for us:
+ */
+ ret = sve_set_vector_length(target, header.vl,
+ ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16);
+ if (ret)
+ goto out;
+
+ /* Actual VL set may be less than the user asked for: */
+ vq = sve_vq_from_vl(target->thread.sve_vl);
+
+ /* Registers: FPSIMD-only case */
+
+ BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
+ if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
+ sve_sync_to_fpsimd(target);
+
+ ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
+ SVE_PT_FPSIMD_OFFSET);
+ clear_tsk_thread_flag(target, TIF_SVE);
+ goto out;
+ }
+
+ /* Otherwise: full SVE case */
+
+ /*
+ * If setting a different VL from the requested VL and there is
+ * register data, the data layout will be wrong: don't even
+ * try to set the registers in this case.
+ */
+ if (count && vq != sve_vq_from_vl(header.vl)) {
+ ret = -EIO;
+ goto out;
+ }
+
+ sve_alloc(target);
+ fpsimd_sync_to_sve(target);
+ set_tsk_thread_flag(target, TIF_SVE);
+
+ BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header));
+ start = SVE_PT_SVE_OFFSET;
+ end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq);
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ target->thread.sve_state,
+ start, end);
+ if (ret)
+ goto out;
+
+ start = end;
+ end = SVE_PT_SVE_FPSR_OFFSET(vq);
+ ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
+ start, end);
+ if (ret)
+ goto out;
+
+ /*
+ * Copy fpsr, and fpcr which must follow contiguously in
+ * struct fpsimd_state:
+ */
+ start = end;
+ end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ &target->thread.fpsimd_state.fpsr,
+ start, end);
+
+out:
+ fpsimd_flush_task_state(target);
+ return ret;
+}
+
+#endif /* CONFIG_ARM64_SVE */
+
enum aarch64_regset {
REGSET_GPR,
REGSET_FPR,
@@ -711,6 +951,9 @@ enum aarch64_regset {
REGSET_HW_WATCH,
#endif
REGSET_SYSTEM_CALL,
+#ifdef CONFIG_ARM64_SVE
+ REGSET_SVE,
+#endif
};
static const struct user_regset aarch64_regsets[] = {
@@ -768,6 +1011,18 @@ static const struct user_regset aarch64_regsets[] = {
.get = system_call_get,
.set = system_call_set,
},
+#ifdef CONFIG_ARM64_SVE
+ [REGSET_SVE] = { /* Scalable Vector Extension */
+ .core_note_type = NT_ARM_SVE,
+ .n = DIV_ROUND_UP(SVE_PT_SIZE(SVE_VQ_MAX, SVE_PT_REGS_SVE),
+ SVE_VQ_BYTES),
+ .size = SVE_VQ_BYTES,
+ .align = SVE_VQ_BYTES,
+ .get = sve_get,
+ .set = sve_set,
+ .get_size = sve_get_size,
+ },
+#endif
};
static const struct user_regset_view user_aarch64_view = {
diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
index b5280db..735b8f4 100644
--- a/include/uapi/linux/elf.h
+++ b/include/uapi/linux/elf.h
@@ -416,6 +416,7 @@ typedef struct elf64_shdr {
#define NT_ARM_HW_BREAK 0x402 /* ARM hardware breakpoint registers */
#define NT_ARM_HW_WATCH 0x403 /* ARM hardware watchpoint registers */
#define NT_ARM_SYSTEM_CALL 0x404 /* ARM system call number */
+#define NT_ARM_SVE 0x405 /* ARM Scalable Vector Extension registers */
#define NT_METAG_CBUF 0x500 /* Metag catch buffer registers */
#define NT_METAG_RPIPE 0x501 /* Metag read pipeline state */
#define NT_METAG_TLS 0x502 /* Metag TLS pointer */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 20/28] arm64/sve: Add prctl controls for userspace vector length management
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
This patch adds two arm64-specific prctls, to permit userspace to
control its vector length:
* PR_SVE_SET_VL: set the thread's SVE vector length and vector
length inheritance mode.
* PR_SVE_GET_VL: get the same information.
Although these calls shadow instruction set features in the SVE
architecture, these prctls provide additional control: the vector
length inheritance mode is Linux-specific and nothing to do with
the architecture, and the architecture does not permit EL0 to set
its own vector length directly. Both can be used in portable tools
without requiring the use of SVE instructions.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
Dropped Alex Bennée's Reviewed-by, since there are non-trivial changes
since v2.
Changes since v2
----------------
Bug fixes:
* Remove preempt_disable() from sve_set_current_vl(), since it's
(a) wrong, and (b) moved to sve_set_vector_length().
This was a legacy from before migration to allowing kernel_neon_begin()
in softirq.
ABI changes:
* Changed return value of PR_SVE_SET_VL to encode the vector length
deferred for the next exec, when PR_SVE_SET_VL_ONEXEC is passed.
This allows a caller to probe for supported VLs without
changing the current VL.
Without this change, the return value is not very informative
in this case, since the current VL doesn't change.
Without PR_SVE_SET_VL_ONEXEC, the new current VL is returned,
as in v2.
---
arch/arm64/include/asm/fpsimd.h | 14 +++++++++++
arch/arm64/include/asm/processor.h | 4 +++
arch/arm64/kernel/fpsimd.c | 50 ++++++++++++++++++++++++++++++++++++++
include/uapi/linux/prctl.h | 4 +++
kernel/sys.c | 12 +++++++++
5 files changed, 84 insertions(+)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index ee6db38..3cfdfbe 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -17,6 +17,7 @@
#define __ASM_FP_H
#include <asm/ptrace.h>
+#include <asm/errno.h>
#ifndef __ASSEMBLY__
@@ -99,6 +100,9 @@ extern void sve_sync_from_fpsimd_zeropad(struct task_struct *task);
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
+extern int sve_set_current_vl(unsigned long arg);
+extern int sve_get_current_vl(void);
+
/*
* Probing and setup functions.
* Calls to these functions must be serialised with one another.
@@ -116,6 +120,16 @@ static void __maybe_unused sve_sync_to_fpsimd(struct task_struct *task) { }
static void __maybe_unused sve_sync_from_fpsimd_zeropad(
struct task_struct *task) { }
+static int __maybe_unused sve_set_current_vl(unsigned long arg)
+{
+ return -EINVAL;
+}
+
+static int __maybe_unused sve_get_current_vl(void)
+{
+ return -EINVAL;
+}
+
static void __maybe_unused sve_init_vq_map(void) { }
static void __maybe_unused sve_update_vq_map(void) { }
static int __maybe_unused sve_verify_vq_map(void) { return 0; }
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 3faceac..df66452 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -197,4 +197,8 @@ static inline void spin_lock_prefetch(const void *ptr)
int cpu_enable_pan(void *__unused);
int cpu_enable_cache_maint_trap(void *__unused);
+/* Userspace interface for PR_SVE_{SET,GET}_VL prctl()s: */
+#define SVE_SET_VL(arg) sve_set_current_vl(arg)
+#define SVE_GET_VL() sve_get_current_vl()
+
#endif /* __ASM_PROCESSOR_H */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 6db9f30..2c23e4a 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -28,6 +28,7 @@
#include <linux/irqflags.h>
#include <linux/init.h>
#include <linux/percpu.h>
+#include <linux/prctl.h>
#include <linux/preempt.h>
#include <linux/prctl.h>
#include <linux/ptrace.h>
@@ -569,6 +570,55 @@ int sve_set_vector_length(struct task_struct *task,
}
/*
+ * Encode the current vector length and flags for return.
+ * This is only required for prctl(): ptrace has separate fields
+ *
+ * flags are as for sve_set_vector_length().
+ */
+static int sve_prctl_status(unsigned long flags)
+{
+ int ret;
+
+ if (flags & PR_SVE_SET_VL_ONEXEC)
+ ret = current->thread.sve_vl_onexec;
+ else
+ ret = current->thread.sve_vl;
+
+ if (test_thread_flag(TIF_SVE_VL_INHERIT))
+ ret |= PR_SVE_VL_INHERIT;
+
+ return ret;
+}
+
+/* PR_SVE_SET_VL */
+int sve_set_current_vl(unsigned long arg)
+{
+ unsigned long vl, flags;
+ int ret;
+
+ vl = arg & PR_SVE_VL_LEN_MASK;
+ flags = arg & ~vl;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ ret = sve_set_vector_length(current, vl, flags);
+ if (ret)
+ return ret;
+
+ return sve_prctl_status(flags);
+}
+
+/* PR_SVE_GET_VL */
+int sve_get_current_vl(void)
+{
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ return sve_prctl_status(0);
+}
+
+/*
* Bitmap for temporary storage of the per-CPU set of supported vector lengths
* during secondary boot.
*/
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 1b64901..1ef9370 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -198,7 +198,11 @@ struct prctl_mm_map {
# define PR_CAP_AMBIENT_CLEAR_ALL 4
/* arm64 Scalable Vector Extension controls */
+/* Flag values must be kept in sync with ptrace NT_ARM_SVE interface */
+#define PR_SVE_SET_VL 48 /* set task vector length */
# define PR_SVE_SET_VL_ONEXEC (1 << 18) /* defer effect until exec */
+#define PR_SVE_GET_VL 49 /* get task vector length */
+/* Bits common to PR_SVE_SET_VL and PR_SVE_GET_VL */
# define PR_SVE_VL_LEN_MASK 0xffff
# define PR_SVE_VL_INHERIT (1 << 17) /* inherit across exec */
diff --git a/kernel/sys.c b/kernel/sys.c
index 9aebc29..c541916 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -110,6 +110,12 @@
#ifndef SET_FP_MODE
# define SET_FP_MODE(a,b) (-EINVAL)
#endif
+#ifndef SVE_SET_VL
+# define SVE_SET_VL(a) (-EINVAL)
+#endif
+#ifndef SVE_GET_VL
+# define SVE_GET_VL() (-EINVAL)
+#endif
/*
* this is where the system-wide overflow UID and GID are defined, for
@@ -2385,6 +2391,12 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
case PR_GET_FP_MODE:
error = GET_FP_MODE(me);
break;
+ case PR_SVE_SET_VL:
+ error = SVE_SET_VL(arg2);
+ break;
+ case PR_SVE_GET_VL:
+ error = SVE_GET_VL();
+ break;
default:
error = -EINVAL;
break;
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 20/28] arm64/sve: Add prctl controls for userspace vector length management
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
This patch adds two arm64-specific prctls, to permit userspace to
control its vector length:
* PR_SVE_SET_VL: set the thread's SVE vector length and vector
length inheritance mode.
* PR_SVE_GET_VL: get the same information.
Although these calls shadow instruction set features in the SVE
architecture, these prctls provide additional control: the vector
length inheritance mode is Linux-specific and nothing to do with
the architecture, and the architecture does not permit EL0 to set
its own vector length directly. Both can be used in portable tools
without requiring the use of SVE instructions.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
Dropped Alex Bennée's Reviewed-by, since there are non-trivial changes
since v2.
Changes since v2
----------------
Bug fixes:
* Remove preempt_disable() from sve_set_current_vl(), since it's
(a) wrong, and (b) moved to sve_set_vector_length().
This was a legacy from before migration to allowing kernel_neon_begin()
in softirq.
ABI changes:
* Changed return value of PR_SVE_SET_VL to encode the vector length
deferred for the next exec, when PR_SVE_SET_VL_ONEXEC is passed.
This allows a caller to probe for supported VLs without
changing the current VL.
Without this change, the return value is not very informative
in this case, since the current VL doesn't change.
Without PR_SVE_SET_VL_ONEXEC, the new current VL is returned,
as in v2.
---
arch/arm64/include/asm/fpsimd.h | 14 +++++++++++
arch/arm64/include/asm/processor.h | 4 +++
arch/arm64/kernel/fpsimd.c | 50 ++++++++++++++++++++++++++++++++++++++
include/uapi/linux/prctl.h | 4 +++
kernel/sys.c | 12 +++++++++
5 files changed, 84 insertions(+)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index ee6db38..3cfdfbe 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -17,6 +17,7 @@
#define __ASM_FP_H
#include <asm/ptrace.h>
+#include <asm/errno.h>
#ifndef __ASSEMBLY__
@@ -99,6 +100,9 @@ extern void sve_sync_from_fpsimd_zeropad(struct task_struct *task);
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
+extern int sve_set_current_vl(unsigned long arg);
+extern int sve_get_current_vl(void);
+
/*
* Probing and setup functions.
* Calls to these functions must be serialised with one another.
@@ -116,6 +120,16 @@ static void __maybe_unused sve_sync_to_fpsimd(struct task_struct *task) { }
static void __maybe_unused sve_sync_from_fpsimd_zeropad(
struct task_struct *task) { }
+static int __maybe_unused sve_set_current_vl(unsigned long arg)
+{
+ return -EINVAL;
+}
+
+static int __maybe_unused sve_get_current_vl(void)
+{
+ return -EINVAL;
+}
+
static void __maybe_unused sve_init_vq_map(void) { }
static void __maybe_unused sve_update_vq_map(void) { }
static int __maybe_unused sve_verify_vq_map(void) { return 0; }
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 3faceac..df66452 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -197,4 +197,8 @@ static inline void spin_lock_prefetch(const void *ptr)
int cpu_enable_pan(void *__unused);
int cpu_enable_cache_maint_trap(void *__unused);
+/* Userspace interface for PR_SVE_{SET,GET}_VL prctl()s: */
+#define SVE_SET_VL(arg) sve_set_current_vl(arg)
+#define SVE_GET_VL() sve_get_current_vl()
+
#endif /* __ASM_PROCESSOR_H */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 6db9f30..2c23e4a 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -28,6 +28,7 @@
#include <linux/irqflags.h>
#include <linux/init.h>
#include <linux/percpu.h>
+#include <linux/prctl.h>
#include <linux/preempt.h>
#include <linux/prctl.h>
#include <linux/ptrace.h>
@@ -569,6 +570,55 @@ int sve_set_vector_length(struct task_struct *task,
}
/*
+ * Encode the current vector length and flags for return.
+ * This is only required for prctl(): ptrace has separate fields
+ *
+ * flags are as for sve_set_vector_length().
+ */
+static int sve_prctl_status(unsigned long flags)
+{
+ int ret;
+
+ if (flags & PR_SVE_SET_VL_ONEXEC)
+ ret = current->thread.sve_vl_onexec;
+ else
+ ret = current->thread.sve_vl;
+
+ if (test_thread_flag(TIF_SVE_VL_INHERIT))
+ ret |= PR_SVE_VL_INHERIT;
+
+ return ret;
+}
+
+/* PR_SVE_SET_VL */
+int sve_set_current_vl(unsigned long arg)
+{
+ unsigned long vl, flags;
+ int ret;
+
+ vl = arg & PR_SVE_VL_LEN_MASK;
+ flags = arg & ~vl;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ ret = sve_set_vector_length(current, vl, flags);
+ if (ret)
+ return ret;
+
+ return sve_prctl_status(flags);
+}
+
+/* PR_SVE_GET_VL */
+int sve_get_current_vl(void)
+{
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ return sve_prctl_status(0);
+}
+
+/*
* Bitmap for temporary storage of the per-CPU set of supported vector lengths
* during secondary boot.
*/
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 1b64901..1ef9370 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -198,7 +198,11 @@ struct prctl_mm_map {
# define PR_CAP_AMBIENT_CLEAR_ALL 4
/* arm64 Scalable Vector Extension controls */
+/* Flag values must be kept in sync with ptrace NT_ARM_SVE interface */
+#define PR_SVE_SET_VL 48 /* set task vector length */
# define PR_SVE_SET_VL_ONEXEC (1 << 18) /* defer effect until exec */
+#define PR_SVE_GET_VL 49 /* get task vector length */
+/* Bits common to PR_SVE_SET_VL and PR_SVE_GET_VL */
# define PR_SVE_VL_LEN_MASK 0xffff
# define PR_SVE_VL_INHERIT (1 << 17) /* inherit across exec */
diff --git a/kernel/sys.c b/kernel/sys.c
index 9aebc29..c541916 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -110,6 +110,12 @@
#ifndef SET_FP_MODE
# define SET_FP_MODE(a,b) (-EINVAL)
#endif
+#ifndef SVE_SET_VL
+# define SVE_SET_VL(a) (-EINVAL)
+#endif
+#ifndef SVE_GET_VL
+# define SVE_GET_VL() (-EINVAL)
+#endif
/*
* this is where the system-wide overflow UID and GID are defined, for
@@ -2385,6 +2391,12 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
case PR_GET_FP_MODE:
error = GET_FP_MODE(me);
break;
+ case PR_SVE_SET_VL:
+ error = SVE_SET_VL(arg2);
+ break;
+ case PR_SVE_GET_VL:
+ error = SVE_GET_VL();
+ break;
default:
error = -EINVAL;
break;
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 20/28] arm64/sve: Add prctl controls for userspace vector length management
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch adds two arm64-specific prctls, to permit userspace to
control its vector length:
* PR_SVE_SET_VL: set the thread's SVE vector length and vector
length inheritance mode.
* PR_SVE_GET_VL: get the same information.
Although these calls shadow instruction set features in the SVE
architecture, these prctls provide additional control: the vector
length inheritance mode is Linux-specific and nothing to do with
the architecture, and the architecture does not permit EL0 to set
its own vector length directly. Both can be used in portable tools
without requiring the use of SVE instructions.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Benn?e <alex.bennee@linaro.org>
---
Dropped Alex Benn?e's Reviewed-by, since there are non-trivial changes
since v2.
Changes since v2
----------------
Bug fixes:
* Remove preempt_disable() from sve_set_current_vl(), since it's
(a) wrong, and (b) moved to sve_set_vector_length().
This was a legacy from before migration to allowing kernel_neon_begin()
in softirq.
ABI changes:
* Changed return value of PR_SVE_SET_VL to encode the vector length
deferred for the next exec, when PR_SVE_SET_VL_ONEXEC is passed.
This allows a caller to probe for supported VLs without
changing the current VL.
Without this change, the return value is not very informative
in this case, since the current VL doesn't change.
Without PR_SVE_SET_VL_ONEXEC, the new current VL is returned,
as in v2.
---
arch/arm64/include/asm/fpsimd.h | 14 +++++++++++
arch/arm64/include/asm/processor.h | 4 +++
arch/arm64/kernel/fpsimd.c | 50 ++++++++++++++++++++++++++++++++++++++
include/uapi/linux/prctl.h | 4 +++
kernel/sys.c | 12 +++++++++
5 files changed, 84 insertions(+)
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index ee6db38..3cfdfbe 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -17,6 +17,7 @@
#define __ASM_FP_H
#include <asm/ptrace.h>
+#include <asm/errno.h>
#ifndef __ASSEMBLY__
@@ -99,6 +100,9 @@ extern void sve_sync_from_fpsimd_zeropad(struct task_struct *task);
extern int sve_set_vector_length(struct task_struct *task,
unsigned long vl, unsigned long flags);
+extern int sve_set_current_vl(unsigned long arg);
+extern int sve_get_current_vl(void);
+
/*
* Probing and setup functions.
* Calls to these functions must be serialised with one another.
@@ -116,6 +120,16 @@ static void __maybe_unused sve_sync_to_fpsimd(struct task_struct *task) { }
static void __maybe_unused sve_sync_from_fpsimd_zeropad(
struct task_struct *task) { }
+static int __maybe_unused sve_set_current_vl(unsigned long arg)
+{
+ return -EINVAL;
+}
+
+static int __maybe_unused sve_get_current_vl(void)
+{
+ return -EINVAL;
+}
+
static void __maybe_unused sve_init_vq_map(void) { }
static void __maybe_unused sve_update_vq_map(void) { }
static int __maybe_unused sve_verify_vq_map(void) { return 0; }
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 3faceac..df66452 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -197,4 +197,8 @@ static inline void spin_lock_prefetch(const void *ptr)
int cpu_enable_pan(void *__unused);
int cpu_enable_cache_maint_trap(void *__unused);
+/* Userspace interface for PR_SVE_{SET,GET}_VL prctl()s: */
+#define SVE_SET_VL(arg) sve_set_current_vl(arg)
+#define SVE_GET_VL() sve_get_current_vl()
+
#endif /* __ASM_PROCESSOR_H */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 6db9f30..2c23e4a 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -28,6 +28,7 @@
#include <linux/irqflags.h>
#include <linux/init.h>
#include <linux/percpu.h>
+#include <linux/prctl.h>
#include <linux/preempt.h>
#include <linux/prctl.h>
#include <linux/ptrace.h>
@@ -569,6 +570,55 @@ int sve_set_vector_length(struct task_struct *task,
}
/*
+ * Encode the current vector length and flags for return.
+ * This is only required for prctl(): ptrace has separate fields
+ *
+ * flags are as for sve_set_vector_length().
+ */
+static int sve_prctl_status(unsigned long flags)
+{
+ int ret;
+
+ if (flags & PR_SVE_SET_VL_ONEXEC)
+ ret = current->thread.sve_vl_onexec;
+ else
+ ret = current->thread.sve_vl;
+
+ if (test_thread_flag(TIF_SVE_VL_INHERIT))
+ ret |= PR_SVE_VL_INHERIT;
+
+ return ret;
+}
+
+/* PR_SVE_SET_VL */
+int sve_set_current_vl(unsigned long arg)
+{
+ unsigned long vl, flags;
+ int ret;
+
+ vl = arg & PR_SVE_VL_LEN_MASK;
+ flags = arg & ~vl;
+
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ ret = sve_set_vector_length(current, vl, flags);
+ if (ret)
+ return ret;
+
+ return sve_prctl_status(flags);
+}
+
+/* PR_SVE_GET_VL */
+int sve_get_current_vl(void)
+{
+ if (!system_supports_sve())
+ return -EINVAL;
+
+ return sve_prctl_status(0);
+}
+
+/*
* Bitmap for temporary storage of the per-CPU set of supported vector lengths
* during secondary boot.
*/
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 1b64901..1ef9370 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -198,7 +198,11 @@ struct prctl_mm_map {
# define PR_CAP_AMBIENT_CLEAR_ALL 4
/* arm64 Scalable Vector Extension controls */
+/* Flag values must be kept in sync with ptrace NT_ARM_SVE interface */
+#define PR_SVE_SET_VL 48 /* set task vector length */
# define PR_SVE_SET_VL_ONEXEC (1 << 18) /* defer effect until exec */
+#define PR_SVE_GET_VL 49 /* get task vector length */
+/* Bits common to PR_SVE_SET_VL and PR_SVE_GET_VL */
# define PR_SVE_VL_LEN_MASK 0xffff
# define PR_SVE_VL_INHERIT (1 << 17) /* inherit across exec */
diff --git a/kernel/sys.c b/kernel/sys.c
index 9aebc29..c541916 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -110,6 +110,12 @@
#ifndef SET_FP_MODE
# define SET_FP_MODE(a,b) (-EINVAL)
#endif
+#ifndef SVE_SET_VL
+# define SVE_SET_VL(a) (-EINVAL)
+#endif
+#ifndef SVE_GET_VL
+# define SVE_GET_VL() (-EINVAL)
+#endif
/*
* this is where the system-wide overflow UID and GID are defined, for
@@ -2385,6 +2391,12 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
case PR_GET_FP_MODE:
error = GET_FP_MODE(me);
break;
+ case PR_SVE_SET_VL:
+ error = SVE_SET_VL(arg2);
+ break;
+ case PR_SVE_GET_VL:
+ error = SVE_GET_VL();
+ break;
default:
error = -EINVAL;
break;
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 21/28] arm64/sve: Add sysctl to set the default vector length for new processes
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm
Because of the effect of SVE on the size of the signal frame, the
default vector length used for new processes involves a tradeoff
between performance of SVE-enabled software on the one hand, and
reliability of non-SVE-aware software on the other hand.
For this reason, the best choice depends on the repertoire of
userspace software in use and is thus best left up to distro
maintainers, sysadmins and developers.
If CONFIG_SYSCTL is enabled, this patch exposes the default vector
length in /proc/sys/abi/sve_default_vector_length, where boot
scripts or the adventurous can poke it.
In common with other arm64 ABI sysctls, this control is currently
global: setting it requires CAP_SYS_ADMIN in the root user
namespace, but the value set is effective for subsequent execs in
all namespaces. The control only affects _new_ processes, however:
changing it does not affect the vector length of any existing
process.
The intended usage model is that if userspace is known to be fully
SVE-tolerant (or a developer is curious to find out) then init
scripts can crank this up during startup.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 62 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 61 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 2c23e4a..a9cb794 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -35,6 +35,7 @@
#include <linux/sched/signal.h>
#include <linux/signal.h>
#include <linux/slab.h>
+#include <linux/sysctl.h>
#include <asm/fpsimd.h>
#include <asm/cputype.h>
@@ -345,6 +346,65 @@ static unsigned int find_supported_vector_length(unsigned int vl)
return sve_vl_from_vq(bit_to_vq(bit));
}
+#ifdef CONFIG_SYSCTL
+
+static int sve_proc_do_default_vl(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp,
+ loff_t *ppos)
+{
+ int ret;
+ int vl = sve_default_vl;
+ struct ctl_table tmp_table = {
+ .data = &vl,
+ .maxlen = sizeof(vl),
+ };
+
+ ret = proc_dointvec(&tmp_table, write, buffer, lenp, ppos);
+ if (ret || !write)
+ return ret;
+
+ /* Writing -1 has the special meaning "set to max": */
+ if (vl == -1) {
+ /* Fail safe if sve_max_vl wasn't initialised */
+ if (WARN_ON(!sve_vl_valid(sve_max_vl)))
+ vl = SVE_VL_MIN;
+ else
+ vl = sve_max_vl;
+
+ goto chosen;
+ }
+
+ if (!sve_vl_valid(vl))
+ return -EINVAL;
+
+ vl = find_supported_vector_length(vl);
+chosen:
+ sve_default_vl = vl;
+ return 0;
+}
+
+static struct ctl_table sve_default_vl_table[] = {
+ {
+ .procname = "sve_default_vector_length",
+ .mode = 0644,
+ .proc_handler = sve_proc_do_default_vl,
+ },
+ { }
+};
+
+static int __init sve_sysctl_init(void)
+{
+ if (system_supports_sve())
+ if (!register_sysctl("abi", sve_default_vl_table))
+ return -EINVAL;
+
+ return 0;
+}
+
+#else /* ! CONFIG_SYSCTL */
+static int __init sve_sysctl_init(void) { return 0; }
+#endif /* ! CONFIG_SYSCTL */
+
#define ZREG(sve_state, vq, n) ((char *)(sve_state) + \
(SVE_SIG_ZREG_OFFSET(vq, n) - SVE_SIG_REGS_OFFSET))
@@ -1232,6 +1292,6 @@ static int __init fpsimd_init(void)
if (!(elf_hwcap & HWCAP_ASIMD))
pr_notice("Advanced SIMD is not implemented\n");
- return 0;
+ return sve_sysctl_init();
}
core_initcall(fpsimd_init);
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 21/28] arm64/sve: Add sysctl to set the default vector length for new processes
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
Because of the effect of SVE on the size of the signal frame, the
default vector length used for new processes involves a tradeoff
between performance of SVE-enabled software on the one hand, and
reliability of non-SVE-aware software on the other hand.
For this reason, the best choice depends on the repertoire of
userspace software in use and is thus best left up to distro
maintainers, sysadmins and developers.
If CONFIG_SYSCTL is enabled, this patch exposes the default vector
length in /proc/sys/abi/sve_default_vector_length, where boot
scripts or the adventurous can poke it.
In common with other arm64 ABI sysctls, this control is currently
global: setting it requires CAP_SYS_ADMIN in the root user
namespace, but the value set is effective for subsequent execs in
all namespaces. The control only affects _new_ processes, however:
changing it does not affect the vector length of any existing
process.
The intended usage model is that if userspace is known to be fully
SVE-tolerant (or a developer is curious to find out) then init
scripts can crank this up during startup.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 62 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 61 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 2c23e4a..a9cb794 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -35,6 +35,7 @@
#include <linux/sched/signal.h>
#include <linux/signal.h>
#include <linux/slab.h>
+#include <linux/sysctl.h>
#include <asm/fpsimd.h>
#include <asm/cputype.h>
@@ -345,6 +346,65 @@ static unsigned int find_supported_vector_length(unsigned int vl)
return sve_vl_from_vq(bit_to_vq(bit));
}
+#ifdef CONFIG_SYSCTL
+
+static int sve_proc_do_default_vl(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp,
+ loff_t *ppos)
+{
+ int ret;
+ int vl = sve_default_vl;
+ struct ctl_table tmp_table = {
+ .data = &vl,
+ .maxlen = sizeof(vl),
+ };
+
+ ret = proc_dointvec(&tmp_table, write, buffer, lenp, ppos);
+ if (ret || !write)
+ return ret;
+
+ /* Writing -1 has the special meaning "set to max": */
+ if (vl == -1) {
+ /* Fail safe if sve_max_vl wasn't initialised */
+ if (WARN_ON(!sve_vl_valid(sve_max_vl)))
+ vl = SVE_VL_MIN;
+ else
+ vl = sve_max_vl;
+
+ goto chosen;
+ }
+
+ if (!sve_vl_valid(vl))
+ return -EINVAL;
+
+ vl = find_supported_vector_length(vl);
+chosen:
+ sve_default_vl = vl;
+ return 0;
+}
+
+static struct ctl_table sve_default_vl_table[] = {
+ {
+ .procname = "sve_default_vector_length",
+ .mode = 0644,
+ .proc_handler = sve_proc_do_default_vl,
+ },
+ { }
+};
+
+static int __init sve_sysctl_init(void)
+{
+ if (system_supports_sve())
+ if (!register_sysctl("abi", sve_default_vl_table))
+ return -EINVAL;
+
+ return 0;
+}
+
+#else /* ! CONFIG_SYSCTL */
+static int __init sve_sysctl_init(void) { return 0; }
+#endif /* ! CONFIG_SYSCTL */
+
#define ZREG(sve_state, vq, n) ((char *)(sve_state) + \
(SVE_SIG_ZREG_OFFSET(vq, n) - SVE_SIG_REGS_OFFSET))
@@ -1232,6 +1292,6 @@ static int __init fpsimd_init(void)
if (!(elf_hwcap & HWCAP_ASIMD))
pr_notice("Advanced SIMD is not implemented\n");
- return 0;
+ return sve_sysctl_init();
}
core_initcall(fpsimd_init);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 21/28] arm64/sve: Add sysctl to set the default vector length for new processes
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Because of the effect of SVE on the size of the signal frame, the
default vector length used for new processes involves a tradeoff
between performance of SVE-enabled software on the one hand, and
reliability of non-SVE-aware software on the other hand.
For this reason, the best choice depends on the repertoire of
userspace software in use and is thus best left up to distro
maintainers, sysadmins and developers.
If CONFIG_SYSCTL is enabled, this patch exposes the default vector
length in /proc/sys/abi/sve_default_vector_length, where boot
scripts or the adventurous can poke it.
In common with other arm64 ABI sysctls, this control is currently
global: setting it requires CAP_SYS_ADMIN in the root user
namespace, but the value set is effective for subsequent execs in
all namespaces. The control only affects _new_ processes, however:
changing it does not affect the vector length of any existing
process.
The intended usage model is that if userspace is known to be fully
SVE-tolerant (or a developer is curious to find out) then init
scripts can crank this up during startup.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/kernel/fpsimd.c | 62 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 61 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 2c23e4a..a9cb794 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -35,6 +35,7 @@
#include <linux/sched/signal.h>
#include <linux/signal.h>
#include <linux/slab.h>
+#include <linux/sysctl.h>
#include <asm/fpsimd.h>
#include <asm/cputype.h>
@@ -345,6 +346,65 @@ static unsigned int find_supported_vector_length(unsigned int vl)
return sve_vl_from_vq(bit_to_vq(bit));
}
+#ifdef CONFIG_SYSCTL
+
+static int sve_proc_do_default_vl(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp,
+ loff_t *ppos)
+{
+ int ret;
+ int vl = sve_default_vl;
+ struct ctl_table tmp_table = {
+ .data = &vl,
+ .maxlen = sizeof(vl),
+ };
+
+ ret = proc_dointvec(&tmp_table, write, buffer, lenp, ppos);
+ if (ret || !write)
+ return ret;
+
+ /* Writing -1 has the special meaning "set to max": */
+ if (vl == -1) {
+ /* Fail safe if sve_max_vl wasn't initialised */
+ if (WARN_ON(!sve_vl_valid(sve_max_vl)))
+ vl = SVE_VL_MIN;
+ else
+ vl = sve_max_vl;
+
+ goto chosen;
+ }
+
+ if (!sve_vl_valid(vl))
+ return -EINVAL;
+
+ vl = find_supported_vector_length(vl);
+chosen:
+ sve_default_vl = vl;
+ return 0;
+}
+
+static struct ctl_table sve_default_vl_table[] = {
+ {
+ .procname = "sve_default_vector_length",
+ .mode = 0644,
+ .proc_handler = sve_proc_do_default_vl,
+ },
+ { }
+};
+
+static int __init sve_sysctl_init(void)
+{
+ if (system_supports_sve())
+ if (!register_sysctl("abi", sve_default_vl_table))
+ return -EINVAL;
+
+ return 0;
+}
+
+#else /* ! CONFIG_SYSCTL */
+static int __init sve_sysctl_init(void) { return 0; }
+#endif /* ! CONFIG_SYSCTL */
+
#define ZREG(sve_state, vq, n) ((char *)(sve_state) + \
(SVE_SIG_ZREG_OFFSET(vq, n) - SVE_SIG_REGS_OFFSET))
@@ -1232,6 +1292,6 @@ static int __init fpsimd_init(void)
if (!(elf_hwcap & HWCAP_ASIMD))
pr_notice("Advanced SIMD is not implemented\n");
- return 0;
+ return sve_sysctl_init();
}
core_initcall(fpsimd_init);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Marc Zyngier
Until KVM has full SVE support, guests must not be allowed to
execute SVE instructions.
This patch enables the necessary traps, and also ensures that the
traps are disabled again on exit from the guest so that the host
can still use SVE if it wants to.
This patch introduces another instance of
__this_cpu_write(fpsimd_last_state, NULL), so this flush operation
is abstracted out as a separate helper fpsimd_flush_cpu_state().
Other instances are ported appropriately.
As a side effect of this refactoring, a this_cpu_write() in
fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
should be fine, since cpu_pm_enter() is supposed to be called only
with interrupts disabled.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm/include/asm/kvm_host.h | 3 +++
arch/arm64/include/asm/fpsimd.h | 1 +
arch/arm64/include/asm/kvm_arm.h | 4 +++-
arch/arm64/include/asm/kvm_host.h | 11 +++++++++++
arch/arm64/kernel/fpsimd.c | 31 +++++++++++++++++++++++++++++--
arch/arm64/kvm/hyp/switch.c | 6 +++---
virt/kvm/arm/arm.c | 3 +++
7 files changed, 53 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
index 4a879f6..242151e 100644
--- a/arch/arm/include/asm/kvm_host.h
+++ b/arch/arm/include/asm/kvm_host.h
@@ -293,4 +293,7 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,
int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
struct kvm_device_attr *attr);
+/* All host FP/SIMD state is restored on guest exit, so nothing to save: */
+static inline void kvm_fpsimd_flush_cpu_state(void) {}
+
#endif /* __ARM_KVM_HOST_H__ */
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 3cfdfbe..10b2824 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -75,6 +75,7 @@ extern void fpsimd_restore_current_state(void);
extern void fpsimd_update_current_state(struct fpsimd_state *state);
extern void fpsimd_flush_task_state(struct task_struct *target);
+extern void sve_flush_cpu_state(void);
/* Maximum VL that SVE VL-agnostic software can transparently support */
#define SVE_VL_ARCH_MAX 0x100
diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
index dbf0537..7f069ff 100644
--- a/arch/arm64/include/asm/kvm_arm.h
+++ b/arch/arm64/include/asm/kvm_arm.h
@@ -186,7 +186,8 @@
#define CPTR_EL2_TTA (1 << 20)
#define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
#define CPTR_EL2_TZ (1 << 8)
-#define CPTR_EL2_DEFAULT 0x000033ff
+#define CPTR_EL2_RES1 0x000032ff /* known RES1 bits in CPTR_EL2 */
+#define CPTR_EL2_DEFAULT CPTR_EL2_RES1
/* Hyp Debug Configuration Register bits */
#define MDCR_EL2_TPMS (1 << 14)
@@ -237,5 +238,6 @@
#define CPACR_EL1_FPEN (3 << 20)
#define CPACR_EL1_TTA (1 << 28)
+#define CPACR_EL1_DEFAULT (CPACR_EL1_FPEN | CPACR_EL1_ZEN_EL1EN)
#endif /* __ARM64_KVM_ARM_H__ */
diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index e923b58..674912d 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -25,6 +25,7 @@
#include <linux/types.h>
#include <linux/kvm_types.h>
#include <asm/cpufeature.h>
+#include <asm/fpsimd.h>
#include <asm/kvm.h>
#include <asm/kvm_asm.h>
#include <asm/kvm_mmio.h>
@@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
"PARange is %d bits, unsupported configuration!", parange);
}
+/*
+ * All host FP/SIMD state is restored on guest exit, so nothing needs
+ * doing here except in the SVE case:
+*/
+static inline void kvm_fpsimd_flush_cpu_state(void)
+{
+ if (system_supports_sve())
+ sve_flush_cpu_state();
+}
+
#endif /* __ARM64_KVM_HOST_H__ */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index a9cb794..6ae3703 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
t->thread.fpsimd_state.cpu = NR_CPUS;
}
+static inline void fpsimd_flush_cpu_state(void)
+{
+ __this_cpu_write(fpsimd_last_state, NULL);
+}
+
+/*
+ * Invalidate any task SVE state currently held in this CPU's regs.
+ *
+ * This is used to prevent the kernel from trying to reuse SVE register data
+ * that is detroyed by KVM guest enter/exit. This function should go away when
+ * KVM SVE support is implemented. Don't use it for anything else.
+ */
+#ifdef CONFIG_ARM64_SVE
+void sve_flush_cpu_state(void)
+{
+ struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
+ struct task_struct *tsk;
+
+ if (!fpstate)
+ return;
+
+ tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
+ if (test_tsk_thread_flag(tsk, TIF_SVE))
+ fpsimd_flush_cpu_state();
+}
+#endif /* CONFIG_ARM64_SVE */
+
#ifdef CONFIG_KERNEL_MODE_NEON
DEFINE_PER_CPU(bool, kernel_neon_busy);
@@ -1113,7 +1140,7 @@ void kernel_neon_begin(void)
}
/* Invalidate any task state remaining in the fpsimd regs: */
- __this_cpu_write(fpsimd_last_state, NULL);
+ fpsimd_flush_cpu_state();
preempt_disable();
@@ -1234,7 +1261,7 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
case CPU_PM_ENTER:
if (current->mm)
task_fpsimd_save();
- this_cpu_write(fpsimd_last_state, NULL);
+ fpsimd_flush_cpu_state();
break;
case CPU_PM_EXIT:
if (current->mm)
diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
index 35a90b8..951f3eb 100644
--- a/arch/arm64/kvm/hyp/switch.c
+++ b/arch/arm64/kvm/hyp/switch.c
@@ -48,7 +48,7 @@ static void __hyp_text __activate_traps_vhe(void)
val = read_sysreg(cpacr_el1);
val |= CPACR_EL1_TTA;
- val &= ~CPACR_EL1_FPEN;
+ val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);
write_sysreg(val, cpacr_el1);
write_sysreg(__kvm_hyp_vector, vbar_el1);
@@ -59,7 +59,7 @@ static void __hyp_text __activate_traps_nvhe(void)
u64 val;
val = CPTR_EL2_DEFAULT;
- val |= CPTR_EL2_TTA | CPTR_EL2_TFP;
+ val |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;
write_sysreg(val, cptr_el2);
}
@@ -117,7 +117,7 @@ static void __hyp_text __deactivate_traps_vhe(void)
write_sysreg(mdcr_el2, mdcr_el2);
write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);
- write_sysreg(CPACR_EL1_FPEN, cpacr_el1);
+ write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);
write_sysreg(vectors, vbar_el1);
}
diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
index b9f68e4..4d3cf9c 100644
--- a/virt/kvm/arm/arm.c
+++ b/virt/kvm/arm/arm.c
@@ -652,6 +652,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
*/
preempt_disable();
+ /* Flush FP/SIMD state that can't survive guest entry/exit */
+ kvm_fpsimd_flush_cpu_state();
+
kvm_pmu_flush_hwstate(vcpu);
kvm_timer_flush_hwstate(vcpu);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Until KVM has full SVE support, guests must not be allowed to
execute SVE instructions.
This patch enables the necessary traps, and also ensures that the
traps are disabled again on exit from the guest so that the host
can still use SVE if it wants to.
This patch introduces another instance of
__this_cpu_write(fpsimd_last_state, NULL), so this flush operation
is abstracted out as a separate helper fpsimd_flush_cpu_state().
Other instances are ported appropriately.
As a side effect of this refactoring, a this_cpu_write() in
fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
should be fine, since cpu_pm_enter() is supposed to be called only
with interrupts disabled.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm/include/asm/kvm_host.h | 3 +++
arch/arm64/include/asm/fpsimd.h | 1 +
arch/arm64/include/asm/kvm_arm.h | 4 +++-
arch/arm64/include/asm/kvm_host.h | 11 +++++++++++
arch/arm64/kernel/fpsimd.c | 31 +++++++++++++++++++++++++++++--
arch/arm64/kvm/hyp/switch.c | 6 +++---
virt/kvm/arm/arm.c | 3 +++
7 files changed, 53 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
index 4a879f6..242151e 100644
--- a/arch/arm/include/asm/kvm_host.h
+++ b/arch/arm/include/asm/kvm_host.h
@@ -293,4 +293,7 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,
int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
struct kvm_device_attr *attr);
+/* All host FP/SIMD state is restored on guest exit, so nothing to save: */
+static inline void kvm_fpsimd_flush_cpu_state(void) {}
+
#endif /* __ARM_KVM_HOST_H__ */
diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 3cfdfbe..10b2824 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -75,6 +75,7 @@ extern void fpsimd_restore_current_state(void);
extern void fpsimd_update_current_state(struct fpsimd_state *state);
extern void fpsimd_flush_task_state(struct task_struct *target);
+extern void sve_flush_cpu_state(void);
/* Maximum VL that SVE VL-agnostic software can transparently support */
#define SVE_VL_ARCH_MAX 0x100
diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
index dbf0537..7f069ff 100644
--- a/arch/arm64/include/asm/kvm_arm.h
+++ b/arch/arm64/include/asm/kvm_arm.h
@@ -186,7 +186,8 @@
#define CPTR_EL2_TTA (1 << 20)
#define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
#define CPTR_EL2_TZ (1 << 8)
-#define CPTR_EL2_DEFAULT 0x000033ff
+#define CPTR_EL2_RES1 0x000032ff /* known RES1 bits in CPTR_EL2 */
+#define CPTR_EL2_DEFAULT CPTR_EL2_RES1
/* Hyp Debug Configuration Register bits */
#define MDCR_EL2_TPMS (1 << 14)
@@ -237,5 +238,6 @@
#define CPACR_EL1_FPEN (3 << 20)
#define CPACR_EL1_TTA (1 << 28)
+#define CPACR_EL1_DEFAULT (CPACR_EL1_FPEN | CPACR_EL1_ZEN_EL1EN)
#endif /* __ARM64_KVM_ARM_H__ */
diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index e923b58..674912d 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -25,6 +25,7 @@
#include <linux/types.h>
#include <linux/kvm_types.h>
#include <asm/cpufeature.h>
+#include <asm/fpsimd.h>
#include <asm/kvm.h>
#include <asm/kvm_asm.h>
#include <asm/kvm_mmio.h>
@@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
"PARange is %d bits, unsupported configuration!", parange);
}
+/*
+ * All host FP/SIMD state is restored on guest exit, so nothing needs
+ * doing here except in the SVE case:
+*/
+static inline void kvm_fpsimd_flush_cpu_state(void)
+{
+ if (system_supports_sve())
+ sve_flush_cpu_state();
+}
+
#endif /* __ARM64_KVM_HOST_H__ */
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index a9cb794..6ae3703 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
t->thread.fpsimd_state.cpu = NR_CPUS;
}
+static inline void fpsimd_flush_cpu_state(void)
+{
+ __this_cpu_write(fpsimd_last_state, NULL);
+}
+
+/*
+ * Invalidate any task SVE state currently held in this CPU's regs.
+ *
+ * This is used to prevent the kernel from trying to reuse SVE register data
+ * that is detroyed by KVM guest enter/exit. This function should go away when
+ * KVM SVE support is implemented. Don't use it for anything else.
+ */
+#ifdef CONFIG_ARM64_SVE
+void sve_flush_cpu_state(void)
+{
+ struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
+ struct task_struct *tsk;
+
+ if (!fpstate)
+ return;
+
+ tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
+ if (test_tsk_thread_flag(tsk, TIF_SVE))
+ fpsimd_flush_cpu_state();
+}
+#endif /* CONFIG_ARM64_SVE */
+
#ifdef CONFIG_KERNEL_MODE_NEON
DEFINE_PER_CPU(bool, kernel_neon_busy);
@@ -1113,7 +1140,7 @@ void kernel_neon_begin(void)
}
/* Invalidate any task state remaining in the fpsimd regs: */
- __this_cpu_write(fpsimd_last_state, NULL);
+ fpsimd_flush_cpu_state();
preempt_disable();
@@ -1234,7 +1261,7 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
case CPU_PM_ENTER:
if (current->mm)
task_fpsimd_save();
- this_cpu_write(fpsimd_last_state, NULL);
+ fpsimd_flush_cpu_state();
break;
case CPU_PM_EXIT:
if (current->mm)
diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
index 35a90b8..951f3eb 100644
--- a/arch/arm64/kvm/hyp/switch.c
+++ b/arch/arm64/kvm/hyp/switch.c
@@ -48,7 +48,7 @@ static void __hyp_text __activate_traps_vhe(void)
val = read_sysreg(cpacr_el1);
val |= CPACR_EL1_TTA;
- val &= ~CPACR_EL1_FPEN;
+ val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);
write_sysreg(val, cpacr_el1);
write_sysreg(__kvm_hyp_vector, vbar_el1);
@@ -59,7 +59,7 @@ static void __hyp_text __activate_traps_nvhe(void)
u64 val;
val = CPTR_EL2_DEFAULT;
- val |= CPTR_EL2_TTA | CPTR_EL2_TFP;
+ val |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;
write_sysreg(val, cptr_el2);
}
@@ -117,7 +117,7 @@ static void __hyp_text __deactivate_traps_vhe(void)
write_sysreg(mdcr_el2, mdcr_el2);
write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);
- write_sysreg(CPACR_EL1_FPEN, cpacr_el1);
+ write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);
write_sysreg(vectors, vbar_el1);
}
diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
index b9f68e4..4d3cf9c 100644
--- a/virt/kvm/arm/arm.c
+++ b/virt/kvm/arm/arm.c
@@ -652,6 +652,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
*/
preempt_disable();
+ /* Flush FP/SIMD state that can't survive guest entry/exit */
+ kvm_fpsimd_flush_cpu_state();
+
kvm_pmu_flush_hwstate(vcpu);
kvm_timer_flush_hwstate(vcpu);
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 23/28] arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
When trapping forbidden attempts by a guest to use SVE, we want the
guest to see a trap consistent with SVE not being implemented.
This patch injects an undefined instruction exception into the
guest in response to such an exception.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/kvm/handle_exit.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
index 7debb74..b712479 100644
--- a/arch/arm64/kvm/handle_exit.c
+++ b/arch/arm64/kvm/handle_exit.c
@@ -147,6 +147,13 @@ static int kvm_handle_unknown_ec(struct kvm_vcpu *vcpu, struct kvm_run *run)
return 1;
}
+static int handle_sve(struct kvm_vcpu *vcpu, struct kvm_run *run)
+{
+ /* Until SVE is supported for guests: */
+ kvm_inject_undefined(vcpu);
+ return 1;
+}
+
static exit_handle_fn arm_exit_handlers[] = {
[0 ... ESR_ELx_EC_MAX] = kvm_handle_unknown_ec,
[ESR_ELx_EC_WFx] = kvm_handle_wfx,
@@ -160,6 +167,7 @@ static exit_handle_fn arm_exit_handlers[] = {
[ESR_ELx_EC_HVC64] = handle_hvc,
[ESR_ELx_EC_SMC64] = handle_smc,
[ESR_ELx_EC_SYS64] = kvm_handle_sys_reg,
+ [ESR_ELx_EC_SVE] = handle_sve,
[ESR_ELx_EC_IABT_LOW] = kvm_handle_guest_abort,
[ESR_ELx_EC_DABT_LOW] = kvm_handle_guest_abort,
[ESR_ELx_EC_SOFTSTP_LOW]= kvm_handle_guest_debug,
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 23/28] arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
When trapping forbidden attempts by a guest to use SVE, we want the
guest to see a trap consistent with SVE not being implemented.
This patch injects an undefined instruction exception into the
guest in response to such an exception.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/kvm/handle_exit.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
index 7debb74..b712479 100644
--- a/arch/arm64/kvm/handle_exit.c
+++ b/arch/arm64/kvm/handle_exit.c
@@ -147,6 +147,13 @@ static int kvm_handle_unknown_ec(struct kvm_vcpu *vcpu, struct kvm_run *run)
return 1;
}
+static int handle_sve(struct kvm_vcpu *vcpu, struct kvm_run *run)
+{
+ /* Until SVE is supported for guests: */
+ kvm_inject_undefined(vcpu);
+ return 1;
+}
+
static exit_handle_fn arm_exit_handlers[] = {
[0 ... ESR_ELx_EC_MAX] = kvm_handle_unknown_ec,
[ESR_ELx_EC_WFx] = kvm_handle_wfx,
@@ -160,6 +167,7 @@ static exit_handle_fn arm_exit_handlers[] = {
[ESR_ELx_EC_HVC64] = handle_hvc,
[ESR_ELx_EC_SMC64] = handle_smc,
[ESR_ELx_EC_SYS64] = kvm_handle_sys_reg,
+ [ESR_ELx_EC_SVE] = handle_sve,
[ESR_ELx_EC_IABT_LOW] = kvm_handle_guest_abort,
[ESR_ELx_EC_DABT_LOW] = kvm_handle_guest_abort,
[ESR_ELx_EC_SOFTSTP_LOW]= kvm_handle_guest_debug,
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Marc Zyngier,
Richard Sandiford, kvmarm
KVM guests cannot currently use SVE, because SVE is always
configured to trap to EL2.
However, a guest that sees SVE reported as present in
ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
use it. Instead of working, the guest will receive an injected
undef exception, which may cause the guest to oops or go into a
spin.
To avoid misleading the guest into believing that SVE will work,
this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
guest attempts to read this register. No support is explicitly
added for ID_AA64ZFR0_EL1 either, so that is still emulated as
reading as zero, which is consistent with SVE not being
implemented.
This is a temporary measure, and will be removed in a later series
when full KVM support for SVE is implemented.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
---
arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index b1f7552..a0ee9b0 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -23,6 +23,7 @@
#include <linux/bsearch.h>
#include <linux/kvm_host.h>
#include <linux/mm.h>
+#include <linux/printk.h>
#include <linux/uaccess.h>
#include <asm/cacheflush.h>
@@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
{
u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
(u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
+ u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
- return raz ? 0 : read_sanitised_ftr_reg(id);
+ if (id == SYS_ID_AA64PFR0_EL1) {
+ if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
+ pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
+ task_pid_nr(current));
+
+ val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
+ }
+
+ return val;
}
/* cpufeature ID register access trap handlers */
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Marc Zyngier
KVM guests cannot currently use SVE, because SVE is always
configured to trap to EL2.
However, a guest that sees SVE reported as present in
ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
use it. Instead of working, the guest will receive an injected
undef exception, which may cause the guest to oops or go into a
spin.
To avoid misleading the guest into believing that SVE will work,
this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
guest attempts to read this register. No support is explicitly
added for ID_AA64ZFR0_EL1 either, so that is still emulated as
reading as zero, which is consistent with SVE not being
implemented.
This is a temporary measure, and will be removed in a later series
when full KVM support for SVE is implemented.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
---
arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index b1f7552..a0ee9b0 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -23,6 +23,7 @@
#include <linux/bsearch.h>
#include <linux/kvm_host.h>
#include <linux/mm.h>
+#include <linux/printk.h>
#include <linux/uaccess.h>
#include <asm/cacheflush.h>
@@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
{
u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
(u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
+ u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
- return raz ? 0 : read_sanitised_ftr_reg(id);
+ if (id == SYS_ID_AA64PFR0_EL1) {
+ if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
+ pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
+ task_pid_nr(current));
+
+ val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
+ }
+
+ return val;
}
/* cpufeature ID register access trap handlers */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
KVM guests cannot currently use SVE, because SVE is always
configured to trap to EL2.
However, a guest that sees SVE reported as present in
ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
use it. Instead of working, the guest will receive an injected
undef exception, which may cause the guest to oops or go into a
spin.
To avoid misleading the guest into believing that SVE will work,
this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
guest attempts to read this register. No support is explicitly
added for ID_AA64ZFR0_EL1 either, so that is still emulated as
reading as zero, which is consistent with SVE not being
implemented.
This is a temporary measure, and will be removed in a later series
when full KVM support for SVE is implemented.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
---
arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index b1f7552..a0ee9b0 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -23,6 +23,7 @@
#include <linux/bsearch.h>
#include <linux/kvm_host.h>
#include <linux/mm.h>
+#include <linux/printk.h>
#include <linux/uaccess.h>
#include <asm/cacheflush.h>
@@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
{
u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
(u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
+ u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
- return raz ? 0 : read_sanitised_ftr_reg(id);
+ if (id == SYS_ID_AA64PFR0_EL1) {
+ if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
+ pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
+ task_pid_nr(current));
+
+ val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
+ }
+
+ return val;
}
/* cpufeature ID register access trap handlers */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 25/28] arm64/sve: Detect SVE and activate runtime support
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Suzuki K Poulose
This patch enables detection of hardware SVE support via the
cpufeatures framework, and reports its presence to the kernel and
userspace via the new ARM64_SVE cpucap and HWCAP_SVE hwcap
respectively.
Userspace can also detect SVE using ID_AA64PFR0_EL1, using the
cpufeatures MRS emulation.
When running on hardware that supports SVE, this enables runtime
kernel support for SVE, and allows user tasks to execute SVE
instructions and make of the of the SVE-specific user/kernel
interface extensions implemented by this series.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
---
Dropped Suzuki's Reviewed-by, since there are non-trivial changes.
Changes since v2
----------------
Requested by Catalin Marinas:
* Moved the EL1 SVE trap disable logic to cpufeatures.
This requires the trap to be disabled when the ARM64_SVE cpu
capability is detected on any booting cpu.
---
Documentation/arm64/cpu-feature-registers.txt | 6 +++++-
arch/arm64/include/asm/cpucaps.h | 3 ++-
arch/arm64/include/asm/cpufeature.h | 3 ++-
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/kernel/cpufeature.c | 17 +++++++++++++++++
arch/arm64/kernel/cpuinfo.c | 1 +
6 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/Documentation/arm64/cpu-feature-registers.txt b/Documentation/arm64/cpu-feature-registers.txt
index dad411d..d65504c 100644
--- a/Documentation/arm64/cpu-feature-registers.txt
+++ b/Documentation/arm64/cpu-feature-registers.txt
@@ -132,7 +132,11 @@ infrastructure:
x--------------------------------------------------x
| Name | bits | visible |
|--------------------------------------------------|
- | RES0 | [63-28] | n |
+ | RES0 | [63-36] | n |
+ |--------------------------------------------------|
+ | SVE | [35-32] | y |
+ |--------------------------------------------------|
+ | RES0 | [31-28] | n |
|--------------------------------------------------|
| GIC | [27-24] | n |
|--------------------------------------------------|
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 8da6216..2ff7c5e 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -40,7 +40,8 @@
#define ARM64_WORKAROUND_858921 19
#define ARM64_WORKAROUND_CAVIUM_30115 20
#define ARM64_HAS_DCPOP 21
+#define ARM64_SVE 22
-#define ARM64_NCAPS 22
+#define ARM64_NCAPS 23
#endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 51be8e8..9ac1418 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -273,7 +273,8 @@ static inline bool system_uses_ttbr0_pan(void)
static inline bool system_supports_sve(void)
{
- return false;
+ return IS_ENABLED(CONFIG_ARM64_SVE) &&
+ cpus_have_const_cap(ARM64_SVE);
}
/*
diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h
index 4b9344c..c6e1e45 100644
--- a/arch/arm64/include/uapi/asm/hwcap.h
+++ b/arch/arm64/include/uapi/asm/hwcap.h
@@ -36,5 +36,6 @@
#define HWCAP_FCMA (1 << 14)
#define HWCAP_LRCPC (1 << 15)
#define HWCAP_DCPOP (1 << 16)
+#define HWCAP_SVE (1 << 17)
#endif /* _UAPI__ASM_HWCAP_H */
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index c5acf38..06aa958 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -141,6 +141,7 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = {
};
static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
+ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SVE_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64PFR0_GIC_SHIFT, 4, 0),
S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI),
S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_FP_SHIFT, 4, ID_AA64PFR0_FP_NI),
@@ -942,6 +943,19 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.min_field_value = 1,
},
#endif
+#ifdef CONFIG_ARM64_SVE
+ {
+ .desc = "Scalable Vector Extension",
+ .capability = ARM64_SVE,
+ .def_scope = SCOPE_SYSTEM,
+ .sys_reg = SYS_ID_AA64PFR0_EL1,
+ .sign = FTR_UNSIGNED,
+ .field_pos = ID_AA64PFR0_SVE_SHIFT,
+ .min_field_value = ID_AA64PFR0_SVE,
+ .matches = has_cpuid_feature,
+ .enable = sve_kernel_enable,
+ },
+#endif /* CONFIG_ARM64_SVE */
{},
};
@@ -974,6 +988,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_JSCVT_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_JSCVT),
HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_FCMA_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_FCMA),
HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_LRCPC_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_LRCPC),
+#ifdef CONFIG_ARM64_SVE
+ HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_SVE_SHIFT, FTR_UNSIGNED, ID_AA64PFR0_SVE, CAP_HWCAP, HWCAP_SVE),
+#endif
{},
};
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index be260e8..9559dde 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -70,6 +70,7 @@ static const char *const hwcap_str[] = {
"fcma",
"lrcpc",
"dcpop",
+ "sve",
NULL
};
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 25/28] arm64/sve: Detect SVE and activate runtime support
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch enables detection of hardware SVE support via the
cpufeatures framework, and reports its presence to the kernel and
userspace via the new ARM64_SVE cpucap and HWCAP_SVE hwcap
respectively.
Userspace can also detect SVE using ID_AA64PFR0_EL1, using the
cpufeatures MRS emulation.
When running on hardware that supports SVE, this enables runtime
kernel support for SVE, and allows user tasks to execute SVE
instructions and make of the of the SVE-specific user/kernel
interface extensions implemented by this series.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
---
Dropped Suzuki's Reviewed-by, since there are non-trivial changes.
Changes since v2
----------------
Requested by Catalin Marinas:
* Moved the EL1 SVE trap disable logic to cpufeatures.
This requires the trap to be disabled when the ARM64_SVE cpu
capability is detected on any booting cpu.
---
Documentation/arm64/cpu-feature-registers.txt | 6 +++++-
arch/arm64/include/asm/cpucaps.h | 3 ++-
arch/arm64/include/asm/cpufeature.h | 3 ++-
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/kernel/cpufeature.c | 17 +++++++++++++++++
arch/arm64/kernel/cpuinfo.c | 1 +
6 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/Documentation/arm64/cpu-feature-registers.txt b/Documentation/arm64/cpu-feature-registers.txt
index dad411d..d65504c 100644
--- a/Documentation/arm64/cpu-feature-registers.txt
+++ b/Documentation/arm64/cpu-feature-registers.txt
@@ -132,7 +132,11 @@ infrastructure:
x--------------------------------------------------x
| Name | bits | visible |
|--------------------------------------------------|
- | RES0 | [63-28] | n |
+ | RES0 | [63-36] | n |
+ |--------------------------------------------------|
+ | SVE | [35-32] | y |
+ |--------------------------------------------------|
+ | RES0 | [31-28] | n |
|--------------------------------------------------|
| GIC | [27-24] | n |
|--------------------------------------------------|
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 8da6216..2ff7c5e 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -40,7 +40,8 @@
#define ARM64_WORKAROUND_858921 19
#define ARM64_WORKAROUND_CAVIUM_30115 20
#define ARM64_HAS_DCPOP 21
+#define ARM64_SVE 22
-#define ARM64_NCAPS 22
+#define ARM64_NCAPS 23
#endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 51be8e8..9ac1418 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -273,7 +273,8 @@ static inline bool system_uses_ttbr0_pan(void)
static inline bool system_supports_sve(void)
{
- return false;
+ return IS_ENABLED(CONFIG_ARM64_SVE) &&
+ cpus_have_const_cap(ARM64_SVE);
}
/*
diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h
index 4b9344c..c6e1e45 100644
--- a/arch/arm64/include/uapi/asm/hwcap.h
+++ b/arch/arm64/include/uapi/asm/hwcap.h
@@ -36,5 +36,6 @@
#define HWCAP_FCMA (1 << 14)
#define HWCAP_LRCPC (1 << 15)
#define HWCAP_DCPOP (1 << 16)
+#define HWCAP_SVE (1 << 17)
#endif /* _UAPI__ASM_HWCAP_H */
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index c5acf38..06aa958 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -141,6 +141,7 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = {
};
static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
+ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SVE_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64PFR0_GIC_SHIFT, 4, 0),
S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI),
S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_FP_SHIFT, 4, ID_AA64PFR0_FP_NI),
@@ -942,6 +943,19 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.min_field_value = 1,
},
#endif
+#ifdef CONFIG_ARM64_SVE
+ {
+ .desc = "Scalable Vector Extension",
+ .capability = ARM64_SVE,
+ .def_scope = SCOPE_SYSTEM,
+ .sys_reg = SYS_ID_AA64PFR0_EL1,
+ .sign = FTR_UNSIGNED,
+ .field_pos = ID_AA64PFR0_SVE_SHIFT,
+ .min_field_value = ID_AA64PFR0_SVE,
+ .matches = has_cpuid_feature,
+ .enable = sve_kernel_enable,
+ },
+#endif /* CONFIG_ARM64_SVE */
{},
};
@@ -974,6 +988,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_JSCVT_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_JSCVT),
HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_FCMA_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_FCMA),
HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_LRCPC_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_LRCPC),
+#ifdef CONFIG_ARM64_SVE
+ HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_SVE_SHIFT, FTR_UNSIGNED, ID_AA64PFR0_SVE, CAP_HWCAP, HWCAP_SVE),
+#endif
{},
};
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index be260e8..9559dde 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -70,6 +70,7 @@ static const char *const hwcap_str[] = {
"fcma",
"lrcpc",
"dcpop",
+ "sve",
NULL
};
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Alan Hayward, Will Deacon,
Michael Kerrisk, Richard Sandiford, linux-api, kvmarm
This patch adds basic documentation of the user/kernel interface
provided by the for SVE.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Alan Hayward <alan.hayward@arm.com>
---
Changes since v2
----------------
Changes requested by Alan Hayward:
* Added a note that the caller of PTRACE_SETREGSET will need to do a
GETREGSET if complete certainty about the resulting VL is desired.
ABI changes:
* Documented the changed return value value semantics for PR_SET_SET_VL
when the PR_SVE_SET_VL_ONEXEC flag is passed.
---
Documentation/arm64/sve.txt | 484 +++++++++++++++++++++++++++++++
arch/arm64/include/uapi/asm/sigcontext.h | 3 +
2 files changed, 487 insertions(+)
create mode 100644 Documentation/arm64/sve.txt
diff --git a/Documentation/arm64/sve.txt b/Documentation/arm64/sve.txt
new file mode 100644
index 0000000..2e8f009
--- /dev/null
+++ b/Documentation/arm64/sve.txt
@@ -0,0 +1,484 @@
+ Scalable Vector Extension support for AArch64 Linux
+ ===================================================
+
+Author: Dave Martin <Dave.Martin@arm.com>
+Date: 4 August 2017
+
+This document outlines briefly the interface provided to userspace by Linux in
+order to support use of the ARM Scalable Vector Extension (SVE).
+
+This is an outline of the most important features and issues only and not
+intended to be exhaustive.
+
+This document does not aim to describe the SVE architecture or programmer's
+model. To aid understanding, a minimal description of relevant programmer's
+model features for SVE is included in Appendix A.
+
+
+1. General
+-----------
+
+* SVE registers Z0..Z31, P0..P15 and FFR and the current vector length VL, are
+ tracked per-thread.
+
+* The presence of SVE is reported to userspace via HWCAP_SVE in the aux vector
+ AT_HWCAP entry. Presence of this flag implies the presence of the SVE
+ instructions and registers, and the Linux-specific system interfaces
+ described in this document. SVE is reported in /proc/cpuinfo as "sve".
+
+* Support for the execution of SVE instructions in userspace can also be
+ detected by reading the CPU ID register ID_AA64PFR0_EL1 using an MRS
+ instruction, and checking that the value of the SVE field is nonzero. [3]
+
+ It does not guarantee the presence of the system interfaces described in the
+ following sections: software that needs to verify that those interfaces are
+ present must check for HWCAP_SVE instead.
+
+* Debuggers should restrict themselves to interacting with the target via the
+ NT_ARM_SVE regset. The recommended way of detecting support for this regset
+ is to connect to a target process first and then attempt a
+ ptrace(PTRACE_GETREGSET, pid, NT_ARM_SVE, &iov).
+
+
+2. Vector length terminology
+-----------------------------
+
+The size of an SVE vector (Z) register is referred to as the "vector length".
+
+To avoid confusion about the units used to express vector length, the kernel
+adopts the following conventions:
+
+* Vector length (VL) = size of a Z-register in bytes
+
+* Vector quadwords (VQ) = size of a Z-register in units of 128 bits
+
+(So, VL = 16 * VQ.)
+
+The VQ convention is used where the underlying granularity is important, such
+as in data structure definitions. In most other situations, the VL convention
+is used. This is consistent with the meaning of the "VL" pseudo-register in
+the SVE instruction set architecture.
+
+
+3. System call behaviour
+-------------------------
+
+* On syscall, V0..V31 are preserved (as without SVE). Thus, bits [127:0] of
+ Z0..Z31 are preserved. All other bits of Z0..Z31, and all of P0..P15 and FFR
+ become unspecified on return from a syscall.
+
+* The SVE registers are not used to pass arguments to or receive results from
+ any syscall.
+
+* In practice the affected registers/bits will be preserved or will be replaced
+ with zeros on return from a syscall, but userspace should not make
+ assumptions about this. The kernel behaviour may vary on a case-by-case
+ basis.
+
+
+4. Signal handling
+-------------------
+
+* A new signal frame record sve_context encodes the SVE registers on signal
+ delivery. [1]
+
+* This record is supplementary to fpsimd_context. The FPSR and FPCR registers
+ are only present in fpsimd_context. For convenience, the content of V0..V31
+ is duplicated between sve_context and fpsimd_context.
+
+* The signal frame record for SVE always contains basic metadata, in particular
+ the thread's vector length (in sve_context.vl).
+
+* The SVE registers may or may not be included in the record, depending on
+ whether the registers are live for the thread. The registers are present if
+ and only if:
+ sve_context.head.size >= SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)).
+
+* If the registers are present, the remainder of the record has a vl-dependent
+ size and layout. Macros SIG_SVE_* are defined [1] to facilitate access to
+ the members.
+
+* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
+ space is allocated on the stack, an extra_context record is written in
+ __reserved[] referencing this space. sve_context is then written in the
+ extra space. Refer to [1] for further details about this mechanism.
+
+
+5. Signal return
+-----------------
+
+When returning from a signal handler:
+
+* If there is no sve_context record in the signal frame, or if the record is
+ present but contains no register data as desribed in the previous section,
+ then the SVE registers/bits become non-live and take unspecified values.
+
+* If sve_context is present in the signal frame and contains full register
+ data, the SVE registers become live and are populated with the specified
+ data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
+ are always restored from the corresponding members of fpsimd_context.vregs[]
+ and not from sve_context. The remaining bits are restored from sve_context.
+
+* Inclusion of fpsimd_context in the signal frame remains mandatory,
+ irrespective of whether sve_context is present or not.
+
+* The vector length cannot be changed via signal return. If sve_context.vl in
+ the signal frame does not match the current vector length, the signal return
+ attempt is treated as illegal, resulting in a forced SIGSEGV.
+
+
+6. prctl extensions
+--------------------
+
+Some new prctl() calls are added to allow programs to manage the SVE vector
+length:
+
+prctl(PR_SVE_SET_VL, unsigned long arg)
+
+ Sets the vector length of the calling thread and related flags, where
+ arg == vl | flags.
+
+ vl is the desired vector length, where sve_vl_valid(vl) must be true.
+
+ flags:
+
+ PR_SVE_SET_VL_INHERIT
+
+ Inherit the current vector length across execve(). Otherwise, the
+ vector length is reset to the system default at execve(). (See
+ Section 9.)
+
+ PR_SVE_SET_VL_ONEXEC
+
+ Defer the requested vector length change until the next execve().
+ This allows launching of a new program with a different vector
+ length, while avoiding runtime side effects in the caller.
+
+ This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
+ first execve().
+
+ Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
+ length change is cancelled.
+
+ Return value: a nonnegative on success, or a negative value on error:
+ EINVAL: SVE not supported, invalid vector length requested, or
+ invalid flags.
+
+ On success, the calling thread's vector length is changed to the largest
+ value supported by the system that is less than or equal to vl.
+ If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
+ largest value supported by the system.
+
+ The returned value describes the resulting configuration, encoded as for
+ PR_SVE_GET_VL. The vector length reported in this value is the new current
+ vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
+ input arg; otherwise, the reported vector length is the deferred vector
+ length that will be applied at the next exec.
+
+ Changing the vector length causes all of P0..P15, FFR and all bits of
+ Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
+ unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
+ vector length does not constitute a change to the vector length for this
+ purpose.
+
+
+prctl(PR_SVE_GET_VL)
+
+ Gets the vector length of the calling thread.
+
+ The following flag may be OR-ed into the result:
+
+ PR_SVE_SET_VL_INHERIT
+
+ Vector length will be inherited across execve().
+
+ There is no way to determine whether there is an outstanding deferred
+ vector length change (which would only normally be the case between a
+ fork() or vfork() and the corresponding execve() in typical use).
+
+ To extract the vector length from the result, and it with
+ PR_SVE_VL_LEN_MASK.
+
+ Return value: a nonnegative value on success, or a negative value on error:
+ EINVAL: SVE not supported.
+
+
+7. ptrace extensions
+---------------------
+
+* A new regset NT_ARM_SVE is defined for use with PTRACE_GETREGSET and
+ PTRACE_SETREGSET.
+
+ Refer to [2] for definitions.
+
+The regset data starts with struct user_sve_header, containing:
+
+ size
+
+ Size of the complete regset, in bytes.
+ This depends on vl and possibly on other things in the future.
+
+ If a call to PTRACE_GETREGSET requests less data than the value of
+ size, the caller can allocate a larger buffer and retry in order to
+ read the complete regset.
+
+ max_size
+
+ Maximum size in bytes that the regset can grow to for the target
+ thread. The regset won't grow bigger than this even if the target
+ thread changes its vector length etc.
+
+ vl
+
+ Target thread's current vector length, in bytes.
+
+ max_vl
+
+ Maximum possible vector length for the target thread.
+
+ flags
+
+ either
+
+ SVE_PT_REGS_FPSIMD
+
+ SVE registers are not live (GETREGSET) or are to be made
+ non-live (SETREGSET).
+
+ The payload is of type struct user_fpsimd_state, with the same
+ meaning as for NT_PRFPREG, starting at offset
+ SVE_PT_FPSIMD_OFFSET from the start of user_sve_header.
+
+ Extra data might be appended in the future: the size of the
+ payload should be obtained using SVE_PT_FPSIMD_SIZE(vq, flags).
+
+ vq should be obtained using sve_vq_from_vl(vl).
+
+ or
+
+ SVE_PT_REGS_SVE
+
+ SVE registers are live (GETREGSET) or are to be made live
+ (SETREGSET).
+
+ The payload contains the SVE register data, starting at offset
+ SVE_PT_SVE_OFFSET from the start of user_sve_header, and with
+ size SVE_PT_SVE_SIZE(vq, flags);
+
+ ... OR-ed with zero or more of the following flags, which have the same
+ meaning and behaviour as the corresponding PR_SET_VL_* flags:
+
+ SVE_PT_VL_INHERIT
+
+ SVE_PT_VL_ONEXEC (SETREGSET only).
+
+* The effects of changing the vector length and/or flags are equivalent to
+ those documented for PR_SVE_SET_VL.
+
+ The caller must make a further GETREGSET call if it needs to know what VL is
+ actually set by SETREGSET, unless is it known in advance that the requested
+ VL is supported.
+
+* In the SVE_PT_REGS_SVE case, the size and layout of the payload depends on
+ the header fields. The SVE_PT_SVE_*() macros are provided to facilitate
+ access to the members.
+
+* In either case, for SETREGSET it is permissible to omit the payload, in which
+ case only the vector length and flags are changed (along with any
+ consequences of those changes).
+
+* For SETREGSET, if an SVE_PT_REGS_SVE payload is present and the
+ requested VL is not supported, the effect will be the same as if the
+ payload were omitted, except that an EIO error is reported. No
+ attempt is made to translate the payload data to the correct layout
+ for the vector length actually set. The thread's FPSIMD state is
+ preserved, but the remaining bits of the SVE registers become
+ unspecified. It is up to the caller to translate the payload layout
+ for the actual VL and retry.
+
+* The effect of writing a partial, incomplete payload is unspecified.
+
+
+8. ELF coredump extensions
+---------------------------
+
+* A NT_ARM_SVE note will be added to each coredump for each thread of the
+ dumped process. The contents will be equivalent to the data that would have
+ been read if a PTRACE_GETREGSET of NT_ARM_SVE were executed for each thread
+ when the coredump was generated.
+
+
+9. System runtime configuration
+--------------------------------
+
+* To mitigate the ABI impact of expansion of the signal frame, a policy
+ mechanism is provided for administrators, distro maintainers and developers
+ to set the default vector length for userspace processes:
+
+/proc/cpu/sve_default_vector_length
+
+ Writing the text representation of an integer to this file sets the system
+ default vector length to the specified value, unless the value is greater
+ than the maximum vector length supported by the system in which case the
+ default vector length is set to that maximum.
+
+ The result can be determined by reopening the file and reading its
+ contents.
+
+ At boot, the default vector length is initially set to 64 or the maximum
+ supported vector length, whichever is smaller. This determines the initial
+ vector length of the init process (PID 1).
+
+ Reading this file returns the current system default vector length.
+
+* At every execve() call, the new vector length of the new process is set to
+ the system default vector length, unless
+
+ * PR_SVE_SET_VL_INHERIT (or equivalently SVE_PT_VL_INHERIT) is set for the
+ calling thread, or
+
+ * a deferred vector length change is pending, established via the
+ PR_SVE_SET_VL_ONEXEC flag (or SVE_PT_VL_ONEXEC).
+
+* Modifying the system default vector length does not affect the vector length
+ of any existing process or thread that does not make an execve() call.
+
+
+Appendix A. SVE programmer's model (informative)
+=================================================
+
+This section provides a minimal description of the additions made by SVE to the
+ARMv8-A programmer's model that are relevant to this document.
+
+Note: This section is for information only and not intended to be complete or
+to replace any architectural specification.
+
+A.1. Registers
+---------------
+
+In A64 state, SVE adds the following:
+
+* 32 8VL-bit vector registers Z0..Z31
+ For each Zn, Zn bits [127:0] alias the ARMv8-A vector register Vn.
+
+ A register write using a Vn register name zeros all bits of the corresponding
+ Zn except for bits [127:0].
+
+* 16 VL-bit predicate registers P0..P15
+
+* 1 VL-bit special-purpose predicate register FFR (the "first-fault register")
+
+* a VL "pseudo-register" that determines the size of each vector register
+
+ The SVE instruction set architecture provides no way to write VL directly.
+ Instead, it can be modified only by EL1 and above, by writing appropriate
+ system registers.
+
+* The value of VL can be configured at runtime by EL1 and above:
+ 16 <= VL <= VLmax, where VL must be a multiple of 16.
+
+* The maximum vector length is determined by the hardware:
+ 16 <= VLmax <= 256.
+
+ (The SVE architecture specifies 256, but permits future architecture
+ revisions to raise this limit.)
+
+* FPSR and FPCR are retained from ARMv8-A, and interact with SVE floating-point
+ operations in a similar way to the way in which they interact with ARMv8
+ floating-point operations.
+
+ 8VL-1 128 0 bit index
+ +---- //// -----------------+
+ Z0 | : V0 |
+ : :
+ Z7 | : V7 |
+ Z8 | : * V8 |
+ : : :
+ Z15 | : *V15 |
+ Z16 | : V16 |
+ : :
+ Z31 | : V31 |
+ +---- //// -----------------+
+ 31 0
+ VL-1 0 +-------+
+ +---- //// --+ FPSR | |
+ P0 | | +-------+
+ : | | *FPCR | |
+ P15 | | +-------+
+ +---- //// --+
+ FFR | | +-----+
+ +---- //// --+ VL | |
+ +-----+
+
+(*) callee-save:
+ This only applies to bits [63:0] of Z-/V-registers.
+ FPCR contains callee-save and caller-save bits. See [4] for details.
+
+
+A.2. Procedure call standard
+-----------------------------
+
+The ARMv8-A base procedure call standard is extended as follows with respect to
+the additional SVE register state:
+
+* All SVE register bits that are not shared with FP/SIMD are caller-save.
+
+* Z8 bits [63:0] .. Z15 bits [63:0] are callee-save.
+
+ This follows from the way these bits are mapped to V8..V15, which are caller-
+ save in the base procedure call standard.
+
+
+Appendix B. ARMv8-A FP/SIMD programmer's model
+===============================================
+
+Note: This section is for information only and not intended to be complete or
+to replace any architectural specification.
+
+Refer to [4] for for more information.
+
+ARMv8-A defines the following floating-point / SIMD register state:
+
+* 32 128-bit vector registers V0..V31
+* 2 32-bit status/control registers FPSR, FPCR
+
+ 127 0 bit index
+ +---------------+
+ V0 | |
+ : : :
+ V7 | |
+ * V8 | |
+ : : : :
+ *V15 | |
+ V16 | |
+ : : :
+ V31 | |
+ +---------------+
+
+ 31 0
+ +-------+
+ FPSR | |
+ +-------+
+ *FPCR | |
+ +-------+
+
+(*) callee-save:
+ This only applies to bits [63:0] of V-registers.
+ FPCR contains a mixture of callee-save and caller-save bits.
+
+
+References
+==========
+
+[1] arch/arm64/include/uapi/asm/sigcontext.h
+ AArch64 Linux signal ABI definitions
+
+[2] arch/arm64/include/uapi/asm/ptrace.h
+ AArch64 Linux ptrace ABI definitions
+
+[3] linux/Documentation/arm64/cpu-feature-registers.txt
+
+[4] ARM IHI0055C
+ http://infocenter.arm.com/help/topic/com.arm.doc.ihi0055c/IHI0055C_beta_aapcs64.pdf
+ http://infocenter.arm.com/help/topic/com.arm.doc.subset.swdev.abi/index.html
+ Procedure Call Standard for the ARM 64-bit Architecture (AArch64)
diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h
index 7654a81..3c0b484 100644
--- a/arch/arm64/include/uapi/asm/sigcontext.h
+++ b/arch/arm64/include/uapi/asm/sigcontext.h
@@ -133,6 +133,9 @@ struct sve_context {
* The SVE architecture leaves space for future expansion of the
* vector length beyond its initial architectural limit of 2048 bits
* (16 quadwords).
+ *
+ * See linux/Documentation/arm64/sve.txt for a description of the VL/VQ
+ * terminology.
*/
#define SVE_VQ_BYTES 16 /* number of bytes per quadword */
--
2.1.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, linux-api, Michael Kerrisk, Mark Rutland,
Alan Hayward
This patch adds basic documentation of the user/kernel interface
provided by the for SVE.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Bennée <alex.bennee@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Alan Hayward <alan.hayward@arm.com>
---
Changes since v2
----------------
Changes requested by Alan Hayward:
* Added a note that the caller of PTRACE_SETREGSET will need to do a
GETREGSET if complete certainty about the resulting VL is desired.
ABI changes:
* Documented the changed return value value semantics for PR_SET_SET_VL
when the PR_SVE_SET_VL_ONEXEC flag is passed.
---
Documentation/arm64/sve.txt | 484 +++++++++++++++++++++++++++++++
arch/arm64/include/uapi/asm/sigcontext.h | 3 +
2 files changed, 487 insertions(+)
create mode 100644 Documentation/arm64/sve.txt
diff --git a/Documentation/arm64/sve.txt b/Documentation/arm64/sve.txt
new file mode 100644
index 0000000..2e8f009
--- /dev/null
+++ b/Documentation/arm64/sve.txt
@@ -0,0 +1,484 @@
+ Scalable Vector Extension support for AArch64 Linux
+ ===================================================
+
+Author: Dave Martin <Dave.Martin@arm.com>
+Date: 4 August 2017
+
+This document outlines briefly the interface provided to userspace by Linux in
+order to support use of the ARM Scalable Vector Extension (SVE).
+
+This is an outline of the most important features and issues only and not
+intended to be exhaustive.
+
+This document does not aim to describe the SVE architecture or programmer's
+model. To aid understanding, a minimal description of relevant programmer's
+model features for SVE is included in Appendix A.
+
+
+1. General
+-----------
+
+* SVE registers Z0..Z31, P0..P15 and FFR and the current vector length VL, are
+ tracked per-thread.
+
+* The presence of SVE is reported to userspace via HWCAP_SVE in the aux vector
+ AT_HWCAP entry. Presence of this flag implies the presence of the SVE
+ instructions and registers, and the Linux-specific system interfaces
+ described in this document. SVE is reported in /proc/cpuinfo as "sve".
+
+* Support for the execution of SVE instructions in userspace can also be
+ detected by reading the CPU ID register ID_AA64PFR0_EL1 using an MRS
+ instruction, and checking that the value of the SVE field is nonzero. [3]
+
+ It does not guarantee the presence of the system interfaces described in the
+ following sections: software that needs to verify that those interfaces are
+ present must check for HWCAP_SVE instead.
+
+* Debuggers should restrict themselves to interacting with the target via the
+ NT_ARM_SVE regset. The recommended way of detecting support for this regset
+ is to connect to a target process first and then attempt a
+ ptrace(PTRACE_GETREGSET, pid, NT_ARM_SVE, &iov).
+
+
+2. Vector length terminology
+-----------------------------
+
+The size of an SVE vector (Z) register is referred to as the "vector length".
+
+To avoid confusion about the units used to express vector length, the kernel
+adopts the following conventions:
+
+* Vector length (VL) = size of a Z-register in bytes
+
+* Vector quadwords (VQ) = size of a Z-register in units of 128 bits
+
+(So, VL = 16 * VQ.)
+
+The VQ convention is used where the underlying granularity is important, such
+as in data structure definitions. In most other situations, the VL convention
+is used. This is consistent with the meaning of the "VL" pseudo-register in
+the SVE instruction set architecture.
+
+
+3. System call behaviour
+-------------------------
+
+* On syscall, V0..V31 are preserved (as without SVE). Thus, bits [127:0] of
+ Z0..Z31 are preserved. All other bits of Z0..Z31, and all of P0..P15 and FFR
+ become unspecified on return from a syscall.
+
+* The SVE registers are not used to pass arguments to or receive results from
+ any syscall.
+
+* In practice the affected registers/bits will be preserved or will be replaced
+ with zeros on return from a syscall, but userspace should not make
+ assumptions about this. The kernel behaviour may vary on a case-by-case
+ basis.
+
+
+4. Signal handling
+-------------------
+
+* A new signal frame record sve_context encodes the SVE registers on signal
+ delivery. [1]
+
+* This record is supplementary to fpsimd_context. The FPSR and FPCR registers
+ are only present in fpsimd_context. For convenience, the content of V0..V31
+ is duplicated between sve_context and fpsimd_context.
+
+* The signal frame record for SVE always contains basic metadata, in particular
+ the thread's vector length (in sve_context.vl).
+
+* The SVE registers may or may not be included in the record, depending on
+ whether the registers are live for the thread. The registers are present if
+ and only if:
+ sve_context.head.size >= SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)).
+
+* If the registers are present, the remainder of the record has a vl-dependent
+ size and layout. Macros SIG_SVE_* are defined [1] to facilitate access to
+ the members.
+
+* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
+ space is allocated on the stack, an extra_context record is written in
+ __reserved[] referencing this space. sve_context is then written in the
+ extra space. Refer to [1] for further details about this mechanism.
+
+
+5. Signal return
+-----------------
+
+When returning from a signal handler:
+
+* If there is no sve_context record in the signal frame, or if the record is
+ present but contains no register data as desribed in the previous section,
+ then the SVE registers/bits become non-live and take unspecified values.
+
+* If sve_context is present in the signal frame and contains full register
+ data, the SVE registers become live and are populated with the specified
+ data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
+ are always restored from the corresponding members of fpsimd_context.vregs[]
+ and not from sve_context. The remaining bits are restored from sve_context.
+
+* Inclusion of fpsimd_context in the signal frame remains mandatory,
+ irrespective of whether sve_context is present or not.
+
+* The vector length cannot be changed via signal return. If sve_context.vl in
+ the signal frame does not match the current vector length, the signal return
+ attempt is treated as illegal, resulting in a forced SIGSEGV.
+
+
+6. prctl extensions
+--------------------
+
+Some new prctl() calls are added to allow programs to manage the SVE vector
+length:
+
+prctl(PR_SVE_SET_VL, unsigned long arg)
+
+ Sets the vector length of the calling thread and related flags, where
+ arg == vl | flags.
+
+ vl is the desired vector length, where sve_vl_valid(vl) must be true.
+
+ flags:
+
+ PR_SVE_SET_VL_INHERIT
+
+ Inherit the current vector length across execve(). Otherwise, the
+ vector length is reset to the system default at execve(). (See
+ Section 9.)
+
+ PR_SVE_SET_VL_ONEXEC
+
+ Defer the requested vector length change until the next execve().
+ This allows launching of a new program with a different vector
+ length, while avoiding runtime side effects in the caller.
+
+ This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
+ first execve().
+
+ Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
+ length change is cancelled.
+
+ Return value: a nonnegative on success, or a negative value on error:
+ EINVAL: SVE not supported, invalid vector length requested, or
+ invalid flags.
+
+ On success, the calling thread's vector length is changed to the largest
+ value supported by the system that is less than or equal to vl.
+ If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
+ largest value supported by the system.
+
+ The returned value describes the resulting configuration, encoded as for
+ PR_SVE_GET_VL. The vector length reported in this value is the new current
+ vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
+ input arg; otherwise, the reported vector length is the deferred vector
+ length that will be applied at the next exec.
+
+ Changing the vector length causes all of P0..P15, FFR and all bits of
+ Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
+ unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
+ vector length does not constitute a change to the vector length for this
+ purpose.
+
+
+prctl(PR_SVE_GET_VL)
+
+ Gets the vector length of the calling thread.
+
+ The following flag may be OR-ed into the result:
+
+ PR_SVE_SET_VL_INHERIT
+
+ Vector length will be inherited across execve().
+
+ There is no way to determine whether there is an outstanding deferred
+ vector length change (which would only normally be the case between a
+ fork() or vfork() and the corresponding execve() in typical use).
+
+ To extract the vector length from the result, and it with
+ PR_SVE_VL_LEN_MASK.
+
+ Return value: a nonnegative value on success, or a negative value on error:
+ EINVAL: SVE not supported.
+
+
+7. ptrace extensions
+---------------------
+
+* A new regset NT_ARM_SVE is defined for use with PTRACE_GETREGSET and
+ PTRACE_SETREGSET.
+
+ Refer to [2] for definitions.
+
+The regset data starts with struct user_sve_header, containing:
+
+ size
+
+ Size of the complete regset, in bytes.
+ This depends on vl and possibly on other things in the future.
+
+ If a call to PTRACE_GETREGSET requests less data than the value of
+ size, the caller can allocate a larger buffer and retry in order to
+ read the complete regset.
+
+ max_size
+
+ Maximum size in bytes that the regset can grow to for the target
+ thread. The regset won't grow bigger than this even if the target
+ thread changes its vector length etc.
+
+ vl
+
+ Target thread's current vector length, in bytes.
+
+ max_vl
+
+ Maximum possible vector length for the target thread.
+
+ flags
+
+ either
+
+ SVE_PT_REGS_FPSIMD
+
+ SVE registers are not live (GETREGSET) or are to be made
+ non-live (SETREGSET).
+
+ The payload is of type struct user_fpsimd_state, with the same
+ meaning as for NT_PRFPREG, starting at offset
+ SVE_PT_FPSIMD_OFFSET from the start of user_sve_header.
+
+ Extra data might be appended in the future: the size of the
+ payload should be obtained using SVE_PT_FPSIMD_SIZE(vq, flags).
+
+ vq should be obtained using sve_vq_from_vl(vl).
+
+ or
+
+ SVE_PT_REGS_SVE
+
+ SVE registers are live (GETREGSET) or are to be made live
+ (SETREGSET).
+
+ The payload contains the SVE register data, starting at offset
+ SVE_PT_SVE_OFFSET from the start of user_sve_header, and with
+ size SVE_PT_SVE_SIZE(vq, flags);
+
+ ... OR-ed with zero or more of the following flags, which have the same
+ meaning and behaviour as the corresponding PR_SET_VL_* flags:
+
+ SVE_PT_VL_INHERIT
+
+ SVE_PT_VL_ONEXEC (SETREGSET only).
+
+* The effects of changing the vector length and/or flags are equivalent to
+ those documented for PR_SVE_SET_VL.
+
+ The caller must make a further GETREGSET call if it needs to know what VL is
+ actually set by SETREGSET, unless is it known in advance that the requested
+ VL is supported.
+
+* In the SVE_PT_REGS_SVE case, the size and layout of the payload depends on
+ the header fields. The SVE_PT_SVE_*() macros are provided to facilitate
+ access to the members.
+
+* In either case, for SETREGSET it is permissible to omit the payload, in which
+ case only the vector length and flags are changed (along with any
+ consequences of those changes).
+
+* For SETREGSET, if an SVE_PT_REGS_SVE payload is present and the
+ requested VL is not supported, the effect will be the same as if the
+ payload were omitted, except that an EIO error is reported. No
+ attempt is made to translate the payload data to the correct layout
+ for the vector length actually set. The thread's FPSIMD state is
+ preserved, but the remaining bits of the SVE registers become
+ unspecified. It is up to the caller to translate the payload layout
+ for the actual VL and retry.
+
+* The effect of writing a partial, incomplete payload is unspecified.
+
+
+8. ELF coredump extensions
+---------------------------
+
+* A NT_ARM_SVE note will be added to each coredump for each thread of the
+ dumped process. The contents will be equivalent to the data that would have
+ been read if a PTRACE_GETREGSET of NT_ARM_SVE were executed for each thread
+ when the coredump was generated.
+
+
+9. System runtime configuration
+--------------------------------
+
+* To mitigate the ABI impact of expansion of the signal frame, a policy
+ mechanism is provided for administrators, distro maintainers and developers
+ to set the default vector length for userspace processes:
+
+/proc/cpu/sve_default_vector_length
+
+ Writing the text representation of an integer to this file sets the system
+ default vector length to the specified value, unless the value is greater
+ than the maximum vector length supported by the system in which case the
+ default vector length is set to that maximum.
+
+ The result can be determined by reopening the file and reading its
+ contents.
+
+ At boot, the default vector length is initially set to 64 or the maximum
+ supported vector length, whichever is smaller. This determines the initial
+ vector length of the init process (PID 1).
+
+ Reading this file returns the current system default vector length.
+
+* At every execve() call, the new vector length of the new process is set to
+ the system default vector length, unless
+
+ * PR_SVE_SET_VL_INHERIT (or equivalently SVE_PT_VL_INHERIT) is set for the
+ calling thread, or
+
+ * a deferred vector length change is pending, established via the
+ PR_SVE_SET_VL_ONEXEC flag (or SVE_PT_VL_ONEXEC).
+
+* Modifying the system default vector length does not affect the vector length
+ of any existing process or thread that does not make an execve() call.
+
+
+Appendix A. SVE programmer's model (informative)
+=================================================
+
+This section provides a minimal description of the additions made by SVE to the
+ARMv8-A programmer's model that are relevant to this document.
+
+Note: This section is for information only and not intended to be complete or
+to replace any architectural specification.
+
+A.1. Registers
+---------------
+
+In A64 state, SVE adds the following:
+
+* 32 8VL-bit vector registers Z0..Z31
+ For each Zn, Zn bits [127:0] alias the ARMv8-A vector register Vn.
+
+ A register write using a Vn register name zeros all bits of the corresponding
+ Zn except for bits [127:0].
+
+* 16 VL-bit predicate registers P0..P15
+
+* 1 VL-bit special-purpose predicate register FFR (the "first-fault register")
+
+* a VL "pseudo-register" that determines the size of each vector register
+
+ The SVE instruction set architecture provides no way to write VL directly.
+ Instead, it can be modified only by EL1 and above, by writing appropriate
+ system registers.
+
+* The value of VL can be configured at runtime by EL1 and above:
+ 16 <= VL <= VLmax, where VL must be a multiple of 16.
+
+* The maximum vector length is determined by the hardware:
+ 16 <= VLmax <= 256.
+
+ (The SVE architecture specifies 256, but permits future architecture
+ revisions to raise this limit.)
+
+* FPSR and FPCR are retained from ARMv8-A, and interact with SVE floating-point
+ operations in a similar way to the way in which they interact with ARMv8
+ floating-point operations.
+
+ 8VL-1 128 0 bit index
+ +---- //// -----------------+
+ Z0 | : V0 |
+ : :
+ Z7 | : V7 |
+ Z8 | : * V8 |
+ : : :
+ Z15 | : *V15 |
+ Z16 | : V16 |
+ : :
+ Z31 | : V31 |
+ +---- //// -----------------+
+ 31 0
+ VL-1 0 +-------+
+ +---- //// --+ FPSR | |
+ P0 | | +-------+
+ : | | *FPCR | |
+ P15 | | +-------+
+ +---- //// --+
+ FFR | | +-----+
+ +---- //// --+ VL | |
+ +-----+
+
+(*) callee-save:
+ This only applies to bits [63:0] of Z-/V-registers.
+ FPCR contains callee-save and caller-save bits. See [4] for details.
+
+
+A.2. Procedure call standard
+-----------------------------
+
+The ARMv8-A base procedure call standard is extended as follows with respect to
+the additional SVE register state:
+
+* All SVE register bits that are not shared with FP/SIMD are caller-save.
+
+* Z8 bits [63:0] .. Z15 bits [63:0] are callee-save.
+
+ This follows from the way these bits are mapped to V8..V15, which are caller-
+ save in the base procedure call standard.
+
+
+Appendix B. ARMv8-A FP/SIMD programmer's model
+===============================================
+
+Note: This section is for information only and not intended to be complete or
+to replace any architectural specification.
+
+Refer to [4] for for more information.
+
+ARMv8-A defines the following floating-point / SIMD register state:
+
+* 32 128-bit vector registers V0..V31
+* 2 32-bit status/control registers FPSR, FPCR
+
+ 127 0 bit index
+ +---------------+
+ V0 | |
+ : : :
+ V7 | |
+ * V8 | |
+ : : : :
+ *V15 | |
+ V16 | |
+ : : :
+ V31 | |
+ +---------------+
+
+ 31 0
+ +-------+
+ FPSR | |
+ +-------+
+ *FPCR | |
+ +-------+
+
+(*) callee-save:
+ This only applies to bits [63:0] of V-registers.
+ FPCR contains a mixture of callee-save and caller-save bits.
+
+
+References
+==========
+
+[1] arch/arm64/include/uapi/asm/sigcontext.h
+ AArch64 Linux signal ABI definitions
+
+[2] arch/arm64/include/uapi/asm/ptrace.h
+ AArch64 Linux ptrace ABI definitions
+
+[3] linux/Documentation/arm64/cpu-feature-registers.txt
+
+[4] ARM IHI0055C
+ http://infocenter.arm.com/help/topic/com.arm.doc.ihi0055c/IHI0055C_beta_aapcs64.pdf
+ http://infocenter.arm.com/help/topic/com.arm.doc.subset.swdev.abi/index.html
+ Procedure Call Standard for the ARM 64-bit Architecture (AArch64)
diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h
index 7654a81..3c0b484 100644
--- a/arch/arm64/include/uapi/asm/sigcontext.h
+++ b/arch/arm64/include/uapi/asm/sigcontext.h
@@ -133,6 +133,9 @@ struct sve_context {
* The SVE architecture leaves space for future expansion of the
* vector length beyond its initial architectural limit of 2048 bits
* (16 quadwords).
+ *
+ * See linux/Documentation/arm64/sve.txt for a description of the VL/VQ
+ * terminology.
*/
#define SVE_VQ_BYTES 16 /* number of bytes per quadword */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
This patch adds basic documentation of the user/kernel interface
provided by the for SVE.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Alex Benn?e <alex.bennee@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Alan Hayward <alan.hayward@arm.com>
---
Changes since v2
----------------
Changes requested by Alan Hayward:
* Added a note that the caller of PTRACE_SETREGSET will need to do a
GETREGSET if complete certainty about the resulting VL is desired.
ABI changes:
* Documented the changed return value value semantics for PR_SET_SET_VL
when the PR_SVE_SET_VL_ONEXEC flag is passed.
---
Documentation/arm64/sve.txt | 484 +++++++++++++++++++++++++++++++
arch/arm64/include/uapi/asm/sigcontext.h | 3 +
2 files changed, 487 insertions(+)
create mode 100644 Documentation/arm64/sve.txt
diff --git a/Documentation/arm64/sve.txt b/Documentation/arm64/sve.txt
new file mode 100644
index 0000000..2e8f009
--- /dev/null
+++ b/Documentation/arm64/sve.txt
@@ -0,0 +1,484 @@
+ Scalable Vector Extension support for AArch64 Linux
+ ===================================================
+
+Author: Dave Martin <Dave.Martin@arm.com>
+Date: 4 August 2017
+
+This document outlines briefly the interface provided to userspace by Linux in
+order to support use of the ARM Scalable Vector Extension (SVE).
+
+This is an outline of the most important features and issues only and not
+intended to be exhaustive.
+
+This document does not aim to describe the SVE architecture or programmer's
+model. To aid understanding, a minimal description of relevant programmer's
+model features for SVE is included in Appendix A.
+
+
+1. General
+-----------
+
+* SVE registers Z0..Z31, P0..P15 and FFR and the current vector length VL, are
+ tracked per-thread.
+
+* The presence of SVE is reported to userspace via HWCAP_SVE in the aux vector
+ AT_HWCAP entry. Presence of this flag implies the presence of the SVE
+ instructions and registers, and the Linux-specific system interfaces
+ described in this document. SVE is reported in /proc/cpuinfo as "sve".
+
+* Support for the execution of SVE instructions in userspace can also be
+ detected by reading the CPU ID register ID_AA64PFR0_EL1 using an MRS
+ instruction, and checking that the value of the SVE field is nonzero. [3]
+
+ It does not guarantee the presence of the system interfaces described in the
+ following sections: software that needs to verify that those interfaces are
+ present must check for HWCAP_SVE instead.
+
+* Debuggers should restrict themselves to interacting with the target via the
+ NT_ARM_SVE regset. The recommended way of detecting support for this regset
+ is to connect to a target process first and then attempt a
+ ptrace(PTRACE_GETREGSET, pid, NT_ARM_SVE, &iov).
+
+
+2. Vector length terminology
+-----------------------------
+
+The size of an SVE vector (Z) register is referred to as the "vector length".
+
+To avoid confusion about the units used to express vector length, the kernel
+adopts the following conventions:
+
+* Vector length (VL) = size of a Z-register in bytes
+
+* Vector quadwords (VQ) = size of a Z-register in units of 128 bits
+
+(So, VL = 16 * VQ.)
+
+The VQ convention is used where the underlying granularity is important, such
+as in data structure definitions. In most other situations, the VL convention
+is used. This is consistent with the meaning of the "VL" pseudo-register in
+the SVE instruction set architecture.
+
+
+3. System call behaviour
+-------------------------
+
+* On syscall, V0..V31 are preserved (as without SVE). Thus, bits [127:0] of
+ Z0..Z31 are preserved. All other bits of Z0..Z31, and all of P0..P15 and FFR
+ become unspecified on return from a syscall.
+
+* The SVE registers are not used to pass arguments to or receive results from
+ any syscall.
+
+* In practice the affected registers/bits will be preserved or will be replaced
+ with zeros on return from a syscall, but userspace should not make
+ assumptions about this. The kernel behaviour may vary on a case-by-case
+ basis.
+
+
+4. Signal handling
+-------------------
+
+* A new signal frame record sve_context encodes the SVE registers on signal
+ delivery. [1]
+
+* This record is supplementary to fpsimd_context. The FPSR and FPCR registers
+ are only present in fpsimd_context. For convenience, the content of V0..V31
+ is duplicated between sve_context and fpsimd_context.
+
+* The signal frame record for SVE always contains basic metadata, in particular
+ the thread's vector length (in sve_context.vl).
+
+* The SVE registers may or may not be included in the record, depending on
+ whether the registers are live for the thread. The registers are present if
+ and only if:
+ sve_context.head.size >= SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)).
+
+* If the registers are present, the remainder of the record has a vl-dependent
+ size and layout. Macros SIG_SVE_* are defined [1] to facilitate access to
+ the members.
+
+* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
+ space is allocated on the stack, an extra_context record is written in
+ __reserved[] referencing this space. sve_context is then written in the
+ extra space. Refer to [1] for further details about this mechanism.
+
+
+5. Signal return
+-----------------
+
+When returning from a signal handler:
+
+* If there is no sve_context record in the signal frame, or if the record is
+ present but contains no register data as desribed in the previous section,
+ then the SVE registers/bits become non-live and take unspecified values.
+
+* If sve_context is present in the signal frame and contains full register
+ data, the SVE registers become live and are populated with the specified
+ data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
+ are always restored from the corresponding members of fpsimd_context.vregs[]
+ and not from sve_context. The remaining bits are restored from sve_context.
+
+* Inclusion of fpsimd_context in the signal frame remains mandatory,
+ irrespective of whether sve_context is present or not.
+
+* The vector length cannot be changed via signal return. If sve_context.vl in
+ the signal frame does not match the current vector length, the signal return
+ attempt is treated as illegal, resulting in a forced SIGSEGV.
+
+
+6. prctl extensions
+--------------------
+
+Some new prctl() calls are added to allow programs to manage the SVE vector
+length:
+
+prctl(PR_SVE_SET_VL, unsigned long arg)
+
+ Sets the vector length of the calling thread and related flags, where
+ arg == vl | flags.
+
+ vl is the desired vector length, where sve_vl_valid(vl) must be true.
+
+ flags:
+
+ PR_SVE_SET_VL_INHERIT
+
+ Inherit the current vector length across execve(). Otherwise, the
+ vector length is reset to the system default at execve(). (See
+ Section 9.)
+
+ PR_SVE_SET_VL_ONEXEC
+
+ Defer the requested vector length change until the next execve().
+ This allows launching of a new program with a different vector
+ length, while avoiding runtime side effects in the caller.
+
+ This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
+ first execve().
+
+ Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
+ length change is cancelled.
+
+ Return value: a nonnegative on success, or a negative value on error:
+ EINVAL: SVE not supported, invalid vector length requested, or
+ invalid flags.
+
+ On success, the calling thread's vector length is changed to the largest
+ value supported by the system that is less than or equal to vl.
+ If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
+ largest value supported by the system.
+
+ The returned value describes the resulting configuration, encoded as for
+ PR_SVE_GET_VL. The vector length reported in this value is the new current
+ vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
+ input arg; otherwise, the reported vector length is the deferred vector
+ length that will be applied at the next exec.
+
+ Changing the vector length causes all of P0..P15, FFR and all bits of
+ Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
+ unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
+ vector length does not constitute a change to the vector length for this
+ purpose.
+
+
+prctl(PR_SVE_GET_VL)
+
+ Gets the vector length of the calling thread.
+
+ The following flag may be OR-ed into the result:
+
+ PR_SVE_SET_VL_INHERIT
+
+ Vector length will be inherited across execve().
+
+ There is no way to determine whether there is an outstanding deferred
+ vector length change (which would only normally be the case between a
+ fork() or vfork() and the corresponding execve() in typical use).
+
+ To extract the vector length from the result, and it with
+ PR_SVE_VL_LEN_MASK.
+
+ Return value: a nonnegative value on success, or a negative value on error:
+ EINVAL: SVE not supported.
+
+
+7. ptrace extensions
+---------------------
+
+* A new regset NT_ARM_SVE is defined for use with PTRACE_GETREGSET and
+ PTRACE_SETREGSET.
+
+ Refer to [2] for definitions.
+
+The regset data starts with struct user_sve_header, containing:
+
+ size
+
+ Size of the complete regset, in bytes.
+ This depends on vl and possibly on other things in the future.
+
+ If a call to PTRACE_GETREGSET requests less data than the value of
+ size, the caller can allocate a larger buffer and retry in order to
+ read the complete regset.
+
+ max_size
+
+ Maximum size in bytes that the regset can grow to for the target
+ thread. The regset won't grow bigger than this even if the target
+ thread changes its vector length etc.
+
+ vl
+
+ Target thread's current vector length, in bytes.
+
+ max_vl
+
+ Maximum possible vector length for the target thread.
+
+ flags
+
+ either
+
+ SVE_PT_REGS_FPSIMD
+
+ SVE registers are not live (GETREGSET) or are to be made
+ non-live (SETREGSET).
+
+ The payload is of type struct user_fpsimd_state, with the same
+ meaning as for NT_PRFPREG, starting at offset
+ SVE_PT_FPSIMD_OFFSET from the start of user_sve_header.
+
+ Extra data might be appended in the future: the size of the
+ payload should be obtained using SVE_PT_FPSIMD_SIZE(vq, flags).
+
+ vq should be obtained using sve_vq_from_vl(vl).
+
+ or
+
+ SVE_PT_REGS_SVE
+
+ SVE registers are live (GETREGSET) or are to be made live
+ (SETREGSET).
+
+ The payload contains the SVE register data, starting at offset
+ SVE_PT_SVE_OFFSET from the start of user_sve_header, and with
+ size SVE_PT_SVE_SIZE(vq, flags);
+
+ ... OR-ed with zero or more of the following flags, which have the same
+ meaning and behaviour as the corresponding PR_SET_VL_* flags:
+
+ SVE_PT_VL_INHERIT
+
+ SVE_PT_VL_ONEXEC (SETREGSET only).
+
+* The effects of changing the vector length and/or flags are equivalent to
+ those documented for PR_SVE_SET_VL.
+
+ The caller must make a further GETREGSET call if it needs to know what VL is
+ actually set by SETREGSET, unless is it known in advance that the requested
+ VL is supported.
+
+* In the SVE_PT_REGS_SVE case, the size and layout of the payload depends on
+ the header fields. The SVE_PT_SVE_*() macros are provided to facilitate
+ access to the members.
+
+* In either case, for SETREGSET it is permissible to omit the payload, in which
+ case only the vector length and flags are changed (along with any
+ consequences of those changes).
+
+* For SETREGSET, if an SVE_PT_REGS_SVE payload is present and the
+ requested VL is not supported, the effect will be the same as if the
+ payload were omitted, except that an EIO error is reported. No
+ attempt is made to translate the payload data to the correct layout
+ for the vector length actually set. The thread's FPSIMD state is
+ preserved, but the remaining bits of the SVE registers become
+ unspecified. It is up to the caller to translate the payload layout
+ for the actual VL and retry.
+
+* The effect of writing a partial, incomplete payload is unspecified.
+
+
+8. ELF coredump extensions
+---------------------------
+
+* A NT_ARM_SVE note will be added to each coredump for each thread of the
+ dumped process. The contents will be equivalent to the data that would have
+ been read if a PTRACE_GETREGSET of NT_ARM_SVE were executed for each thread
+ when the coredump was generated.
+
+
+9. System runtime configuration
+--------------------------------
+
+* To mitigate the ABI impact of expansion of the signal frame, a policy
+ mechanism is provided for administrators, distro maintainers and developers
+ to set the default vector length for userspace processes:
+
+/proc/cpu/sve_default_vector_length
+
+ Writing the text representation of an integer to this file sets the system
+ default vector length to the specified value, unless the value is greater
+ than the maximum vector length supported by the system in which case the
+ default vector length is set to that maximum.
+
+ The result can be determined by reopening the file and reading its
+ contents.
+
+ At boot, the default vector length is initially set to 64 or the maximum
+ supported vector length, whichever is smaller. This determines the initial
+ vector length of the init process (PID 1).
+
+ Reading this file returns the current system default vector length.
+
+* At every execve() call, the new vector length of the new process is set to
+ the system default vector length, unless
+
+ * PR_SVE_SET_VL_INHERIT (or equivalently SVE_PT_VL_INHERIT) is set for the
+ calling thread, or
+
+ * a deferred vector length change is pending, established via the
+ PR_SVE_SET_VL_ONEXEC flag (or SVE_PT_VL_ONEXEC).
+
+* Modifying the system default vector length does not affect the vector length
+ of any existing process or thread that does not make an execve() call.
+
+
+Appendix A. SVE programmer's model (informative)
+=================================================
+
+This section provides a minimal description of the additions made by SVE to the
+ARMv8-A programmer's model that are relevant to this document.
+
+Note: This section is for information only and not intended to be complete or
+to replace any architectural specification.
+
+A.1. Registers
+---------------
+
+In A64 state, SVE adds the following:
+
+* 32 8VL-bit vector registers Z0..Z31
+ For each Zn, Zn bits [127:0] alias the ARMv8-A vector register Vn.
+
+ A register write using a Vn register name zeros all bits of the corresponding
+ Zn except for bits [127:0].
+
+* 16 VL-bit predicate registers P0..P15
+
+* 1 VL-bit special-purpose predicate register FFR (the "first-fault register")
+
+* a VL "pseudo-register" that determines the size of each vector register
+
+ The SVE instruction set architecture provides no way to write VL directly.
+ Instead, it can be modified only by EL1 and above, by writing appropriate
+ system registers.
+
+* The value of VL can be configured at runtime by EL1 and above:
+ 16 <= VL <= VLmax, where VL must be a multiple of 16.
+
+* The maximum vector length is determined by the hardware:
+ 16 <= VLmax <= 256.
+
+ (The SVE architecture specifies 256, but permits future architecture
+ revisions to raise this limit.)
+
+* FPSR and FPCR are retained from ARMv8-A, and interact with SVE floating-point
+ operations in a similar way to the way in which they interact with ARMv8
+ floating-point operations.
+
+ 8VL-1 128 0 bit index
+ +---- //// -----------------+
+ Z0 | : V0 |
+ : :
+ Z7 | : V7 |
+ Z8 | : * V8 |
+ : : :
+ Z15 | : *V15 |
+ Z16 | : V16 |
+ : :
+ Z31 | : V31 |
+ +---- //// -----------------+
+ 31 0
+ VL-1 0 +-------+
+ +---- //// --+ FPSR | |
+ P0 | | +-------+
+ : | | *FPCR | |
+ P15 | | +-------+
+ +---- //// --+
+ FFR | | +-----+
+ +---- //// --+ VL | |
+ +-----+
+
+(*) callee-save:
+ This only applies to bits [63:0] of Z-/V-registers.
+ FPCR contains callee-save and caller-save bits. See [4] for details.
+
+
+A.2. Procedure call standard
+-----------------------------
+
+The ARMv8-A base procedure call standard is extended as follows with respect to
+the additional SVE register state:
+
+* All SVE register bits that are not shared with FP/SIMD are caller-save.
+
+* Z8 bits [63:0] .. Z15 bits [63:0] are callee-save.
+
+ This follows from the way these bits are mapped to V8..V15, which are caller-
+ save in the base procedure call standard.
+
+
+Appendix B. ARMv8-A FP/SIMD programmer's model
+===============================================
+
+Note: This section is for information only and not intended to be complete or
+to replace any architectural specification.
+
+Refer to [4] for for more information.
+
+ARMv8-A defines the following floating-point / SIMD register state:
+
+* 32 128-bit vector registers V0..V31
+* 2 32-bit status/control registers FPSR, FPCR
+
+ 127 0 bit index
+ +---------------+
+ V0 | |
+ : : :
+ V7 | |
+ * V8 | |
+ : : : :
+ *V15 | |
+ V16 | |
+ : : :
+ V31 | |
+ +---------------+
+
+ 31 0
+ +-------+
+ FPSR | |
+ +-------+
+ *FPCR | |
+ +-------+
+
+(*) callee-save:
+ This only applies to bits [63:0] of V-registers.
+ FPCR contains a mixture of callee-save and caller-save bits.
+
+
+References
+==========
+
+[1] arch/arm64/include/uapi/asm/sigcontext.h
+ AArch64 Linux signal ABI definitions
+
+[2] arch/arm64/include/uapi/asm/ptrace.h
+ AArch64 Linux ptrace ABI definitions
+
+[3] linux/Documentation/arm64/cpu-feature-registers.txt
+
+[4] ARM IHI0055C
+ http://infocenter.arm.com/help/topic/com.arm.doc.ihi0055c/IHI0055C_beta_aapcs64.pdf
+ http://infocenter.arm.com/help/topic/com.arm.doc.subset.swdev.abi/index.html
+ Procedure Call Standard for the ARM 64-bit Architecture (AArch64)
diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h
index 7654a81..3c0b484 100644
--- a/arch/arm64/include/uapi/asm/sigcontext.h
+++ b/arch/arm64/include/uapi/asm/sigcontext.h
@@ -133,6 +133,9 @@ struct sve_context {
* The SVE architecture leaves space for future expansion of the
* vector length beyond its initial architectural limit of 2048 bits
* (16 quadwords).
+ *
+ * See linux/Documentation/arm64/sve.txt for a description of the VL/VQ
+ * terminology.
*/
#define SVE_VQ_BYTES 16 /* number of bytes per quadword */
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [RFC PATCH v3 27/28] arm64: signal: Report signal frame size to userspace via auxv
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
Stateful CPU architecture extensions may require the signal frame
to grow to a size that exceeds the arch's MINSIGSTKSZ #define.
However, changing this #define is an ABI break.
To allow userspace the option of determining the signal frame size
in a more forwards-compatible way, this patch adds a new auxv entry
tagged with AT_MINSIGSTKSZ, which provides the maximum signal frame
size that the process can observe during its lifetime.
If AT_MINSIGSTKSZ is absent from the aux vector, the caller can
assume that the MINSIGSTKSZ #define is sufficient. This allows for
a consistent interface with older kernels that do not provide
AT_MINSIGSTKSZ.
The idea is that libc could expose this via sysconf() or some
similar mechanism.
There is deliberately no AT_SIGSTKSZ. The kernel knows nothing
about userspace's own stack overheads and should not pretend to
know.
For arm64:
The primary motivation for this interface is the Scalable Vector
Extension, which can require at least 4KB or so of extra space
in the signal frame for the largest hardware implementations.
To determine the correct value, a "Christmas tree" mode (via the
add_all argument) is added to setup_sigframe_layout(), to simulate
addition of all possible records to the signal frame at maximum
possible size.
If this procedure goes wrong somehow, resulting in a stupidly large
frame layout and hence failure of sigframe_alloc() to allocate a
record to the frame, then this is indicative of a kernel bug: the
kernel's internal SIGFRAME_MAXSZ is supposed to sanity-check
against generting frames that we consider _impossibly_ large. In
this case, SIGSTKSZ is returned as a "reasonable guess that is at
least bigger than MINSIGSTKSZ" and we WARN().
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
---
arch/arm64/include/asm/elf.h | 5 +++++
arch/arm64/include/asm/processor.h | 3 +++
arch/arm64/include/uapi/asm/auxvec.h | 3 ++-
arch/arm64/kernel/signal.c | 39 +++++++++++++++++++++++++++++++-----
4 files changed, 44 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
index 33be513..8a2708a 100644
--- a/arch/arm64/include/asm/elf.h
+++ b/arch/arm64/include/asm/elf.h
@@ -24,6 +24,10 @@
#include <asm/ptrace.h>
#include <asm/user.h>
+#ifndef __ASSEMBLY__
+#include <asm/processor.h> /* for get_minsigstksz(), used by ARCH_DLINFO */
+#endif
+
/*
* AArch64 static relocation types.
*/
@@ -148,6 +152,7 @@ typedef struct user_fpsimd_state elf_fpregset_t;
do { \
NEW_AUX_ENT(AT_SYSINFO_EHDR, \
(elf_addr_t)current->mm->context.vdso); \
+ NEW_AUX_ENT(AT_MINSIGSTKSZ, get_minsigstksz()); \
} while (0)
#define ARCH_HAS_SETUP_ADDITIONAL_PAGES
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index df66452..18af4bd 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -197,6 +197,9 @@ static inline void spin_lock_prefetch(const void *ptr)
int cpu_enable_pan(void *__unused);
int cpu_enable_cache_maint_trap(void *__unused);
+/* User signal frame size discovery: */
+int get_minsigstksz(void);
+
/* Userspace interface for PR_SVE_{SET,GET}_VL prctl()s: */
#define SVE_SET_VL(arg) sve_set_current_vl(arg)
#define SVE_GET_VL() sve_get_current_vl()
diff --git a/arch/arm64/include/uapi/asm/auxvec.h b/arch/arm64/include/uapi/asm/auxvec.h
index 4cf0c17..1d45b28 100644
--- a/arch/arm64/include/uapi/asm/auxvec.h
+++ b/arch/arm64/include/uapi/asm/auxvec.h
@@ -18,7 +18,8 @@
/* vDSO location */
#define AT_SYSINFO_EHDR 33
+#define AT_MINSIGSTKSZ 34 /* stack needed for signal delivery */
-#define AT_VECTOR_SIZE_ARCH 1 /* entries in ARCH_DLINFO */
+#define AT_VECTOR_SIZE_ARCH 2 /* entries in ARCH_DLINFO */
#endif
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 0d7a71e..3382e87 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -567,8 +567,15 @@ asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
return 0;
}
-/* Determine the layout of optional records in the signal frame */
-static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
+/*
+ * Determine the layout of optional records in the signal frame
+ *
+ * add_all: if true, lays out the biggest possible signal frame for
+ * this task; otherwise, generates a layout for the current state
+ * of the task.
+ */
+static int setup_sigframe_layout(struct rt_sigframe_user_layout *user,
+ bool add_all)
{
int err;
@@ -578,7 +585,7 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
return err;
/* fault information, if valid */
- if (current->thread.fault_code) {
+ if (add_all || current->thread.fault_code) {
err = sigframe_alloc(user, &user->esr_offset,
sizeof(struct esr_context));
if (err)
@@ -600,7 +607,6 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
return sigframe_alloc_end(user);
}
-
static int setup_sigframe(struct rt_sigframe_user_layout *user,
struct pt_regs *regs, sigset_t *set)
{
@@ -698,7 +704,7 @@ static int get_sigframe(struct rt_sigframe_user_layout *user,
int err;
init_user_layout(user);
- err = setup_sigframe_layout(user);
+ err = setup_sigframe_layout(user, false);
if (err)
return err;
@@ -936,3 +942,26 @@ asmlinkage void do_notify_resume(struct pt_regs *regs,
thread_flags = READ_ONCE(current_thread_info()->flags);
} while (thread_flags & _TIF_WORK_MASK);
}
+
+/*
+ * Determine the stack space required for guaranteed signal devliery.
+ * This function is used to populate AT_MINSIGSTKSZ at process startup.
+ */
+int get_minsigstksz(void)
+{
+ struct rt_sigframe_user_layout user;
+ int err;
+
+ init_user_layout(&user);
+ err = setup_sigframe_layout(&user, true);
+
+ if (err) {
+ WARN_ON(1);
+
+ return SIGSTKSZ;
+ } else {
+ return sigframe_size(&user) +
+ round_up(sizeof(struct frame_record), 16) +
+ 16; /* max alignment padding */
+ }
+}
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [RFC PATCH v3 27/28] arm64: signal: Report signal frame size to userspace via auxv
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Stateful CPU architecture extensions may require the signal frame
to grow to a size that exceeds the arch's MINSIGSTKSZ #define.
However, changing this #define is an ABI break.
To allow userspace the option of determining the signal frame size
in a more forwards-compatible way, this patch adds a new auxv entry
tagged with AT_MINSIGSTKSZ, which provides the maximum signal frame
size that the process can observe during its lifetime.
If AT_MINSIGSTKSZ is absent from the aux vector, the caller can
assume that the MINSIGSTKSZ #define is sufficient. This allows for
a consistent interface with older kernels that do not provide
AT_MINSIGSTKSZ.
The idea is that libc could expose this via sysconf() or some
similar mechanism.
There is deliberately no AT_SIGSTKSZ. The kernel knows nothing
about userspace's own stack overheads and should not pretend to
know.
For arm64:
The primary motivation for this interface is the Scalable Vector
Extension, which can require at least 4KB or so of extra space
in the signal frame for the largest hardware implementations.
To determine the correct value, a "Christmas tree" mode (via the
add_all argument) is added to setup_sigframe_layout(), to simulate
addition of all possible records to the signal frame at maximum
possible size.
If this procedure goes wrong somehow, resulting in a stupidly large
frame layout and hence failure of sigframe_alloc() to allocate a
record to the frame, then this is indicative of a kernel bug: the
kernel's internal SIGFRAME_MAXSZ is supposed to sanity-check
against generting frames that we consider _impossibly_ large. In
this case, SIGSTKSZ is returned as a "reasonable guess that is at
least bigger than MINSIGSTKSZ" and we WARN().
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
---
arch/arm64/include/asm/elf.h | 5 +++++
arch/arm64/include/asm/processor.h | 3 +++
arch/arm64/include/uapi/asm/auxvec.h | 3 ++-
arch/arm64/kernel/signal.c | 39 +++++++++++++++++++++++++++++++-----
4 files changed, 44 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
index 33be513..8a2708a 100644
--- a/arch/arm64/include/asm/elf.h
+++ b/arch/arm64/include/asm/elf.h
@@ -24,6 +24,10 @@
#include <asm/ptrace.h>
#include <asm/user.h>
+#ifndef __ASSEMBLY__
+#include <asm/processor.h> /* for get_minsigstksz(), used by ARCH_DLINFO */
+#endif
+
/*
* AArch64 static relocation types.
*/
@@ -148,6 +152,7 @@ typedef struct user_fpsimd_state elf_fpregset_t;
do { \
NEW_AUX_ENT(AT_SYSINFO_EHDR, \
(elf_addr_t)current->mm->context.vdso); \
+ NEW_AUX_ENT(AT_MINSIGSTKSZ, get_minsigstksz()); \
} while (0)
#define ARCH_HAS_SETUP_ADDITIONAL_PAGES
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index df66452..18af4bd 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -197,6 +197,9 @@ static inline void spin_lock_prefetch(const void *ptr)
int cpu_enable_pan(void *__unused);
int cpu_enable_cache_maint_trap(void *__unused);
+/* User signal frame size discovery: */
+int get_minsigstksz(void);
+
/* Userspace interface for PR_SVE_{SET,GET}_VL prctl()s: */
#define SVE_SET_VL(arg) sve_set_current_vl(arg)
#define SVE_GET_VL() sve_get_current_vl()
diff --git a/arch/arm64/include/uapi/asm/auxvec.h b/arch/arm64/include/uapi/asm/auxvec.h
index 4cf0c17..1d45b28 100644
--- a/arch/arm64/include/uapi/asm/auxvec.h
+++ b/arch/arm64/include/uapi/asm/auxvec.h
@@ -18,7 +18,8 @@
/* vDSO location */
#define AT_SYSINFO_EHDR 33
+#define AT_MINSIGSTKSZ 34 /* stack needed for signal delivery */
-#define AT_VECTOR_SIZE_ARCH 1 /* entries in ARCH_DLINFO */
+#define AT_VECTOR_SIZE_ARCH 2 /* entries in ARCH_DLINFO */
#endif
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 0d7a71e..3382e87 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -567,8 +567,15 @@ asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
return 0;
}
-/* Determine the layout of optional records in the signal frame */
-static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
+/*
+ * Determine the layout of optional records in the signal frame
+ *
+ * add_all: if true, lays out the biggest possible signal frame for
+ * this task; otherwise, generates a layout for the current state
+ * of the task.
+ */
+static int setup_sigframe_layout(struct rt_sigframe_user_layout *user,
+ bool add_all)
{
int err;
@@ -578,7 +585,7 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
return err;
/* fault information, if valid */
- if (current->thread.fault_code) {
+ if (add_all || current->thread.fault_code) {
err = sigframe_alloc(user, &user->esr_offset,
sizeof(struct esr_context));
if (err)
@@ -600,7 +607,6 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user)
return sigframe_alloc_end(user);
}
-
static int setup_sigframe(struct rt_sigframe_user_layout *user,
struct pt_regs *regs, sigset_t *set)
{
@@ -698,7 +704,7 @@ static int get_sigframe(struct rt_sigframe_user_layout *user,
int err;
init_user_layout(user);
- err = setup_sigframe_layout(user);
+ err = setup_sigframe_layout(user, false);
if (err)
return err;
@@ -936,3 +942,26 @@ asmlinkage void do_notify_resume(struct pt_regs *regs,
thread_flags = READ_ONCE(current_thread_info()->flags);
} while (thread_flags & _TIF_WORK_MASK);
}
+
+/*
+ * Determine the stack space required for guaranteed signal devliery.
+ * This function is used to populate AT_MINSIGSTKSZ at process startup.
+ */
+int get_minsigstksz(void)
+{
+ struct rt_sigframe_user_layout user;
+ int err;
+
+ init_user_layout(&user);
+ err = setup_sigframe_layout(&user, true);
+
+ if (err) {
+ WARN_ON(1);
+
+ return SIGSTKSZ;
+ } else {
+ return sigframe_size(&user) +
+ round_up(sizeof(struct frame_record), 16) +
+ 16; /* max alignment padding */
+ }
+}
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [RFC PATCH v3 28/28] arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ
2017-10-10 18:38 ` Dave Martin
@ 2017-10-10 18:38 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
The SVE context block in the signal frame needs to be considered
too when computing the maximum possible signal frame size.
Because the size of this block depends on the vector length, this
patch computes the size based not on the thread's current vector
length but instead on the maximum possible vector length: this
determines the maximum size of SVE context block that can be
observed in any signal frame for the lifetime of the process.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Alex Bennée <alex.bennee@linaro.org>
---
arch/arm64/kernel/signal.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 3382e87..15bc2ad 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -595,8 +595,18 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user,
if (system_supports_sve()) {
unsigned int vq = 0;
- if (test_thread_flag(TIF_SVE))
- vq = sve_vq_from_vl(current->thread.sve_vl);
+ if (add_all || test_thread_flag(TIF_SVE)) {
+ int vl = sve_max_vl;
+
+ if (!add_all)
+ vl = current->thread.sve_vl;
+
+ /* Fail safe if something wasn't initialised */
+ if (WARN_ON(!sve_vl_valid(vl)))
+ vl = SVE_VL_MIN;
+
+ vq = sve_vq_from_vl(vl);
+ }
err = sigframe_alloc(user, &user->sve_offset,
SVE_SIG_CONTEXT_SIZE(vq));
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [RFC PATCH v3 28/28] arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ
@ 2017-10-10 18:38 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-10 18:38 UTC (permalink / raw)
To: linux-arm-kernel
The SVE context block in the signal frame needs to be considered
too when computing the maximum possible signal frame size.
Because the size of this block depends on the vector length, this
patch computes the size based not on the thread's current vector
length but instead on the maximum possible vector length: this
determines the maximum size of SVE context block that can be
observed in any signal frame for the lifetime of the process.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Alex Benn?e <alex.bennee@linaro.org>
---
arch/arm64/kernel/signal.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 3382e87..15bc2ad 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -595,8 +595,18 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user,
if (system_supports_sve()) {
unsigned int vq = 0;
- if (test_thread_flag(TIF_SVE))
- vq = sve_vq_from_vl(current->thread.sve_vl);
+ if (add_all || test_thread_flag(TIF_SVE)) {
+ int vl = sve_max_vl;
+
+ if (!add_all)
+ vl = current->thread.sve_vl;
+
+ /* Fail safe if something wasn't initialised */
+ if (WARN_ON(!sve_vl_valid(vl)))
+ vl = SVE_VL_MIN;
+
+ vq = sve_vq_from_vl(vl);
+ }
err = sigframe_alloc(user, &user->sve_offset,
SVE_SIG_CONTEXT_SIZE(vq));
--
2.1.4
^ permalink raw reply related [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 9:50 ` Szabolcs Nagy
-1 siblings, 0 replies; 253+ messages in thread
From: Szabolcs Nagy @ 2017-10-11 9:50 UTC (permalink / raw)
To: Dave Martin, linux-arm-kernel
Cc: nd, Catalin Marinas, Will Deacon, Ard Biesheuvel,
Alex Bennée, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, linux-api, Michael Kerrisk, Mark Rutland,
Alan Hayward
On 10/10/17 19:38, Dave Martin wrote:
> This patch adds basic documentation of the user/kernel interface
> provided by the for SVE.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Bennée <alex.bennee@linaro.org>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Alan Hayward <alan.hayward@arm.com>
>
> ---
>
> Changes since v2
> ----------------
>
> Changes requested by Alan Hayward:
>
> * Added a note that the caller of PTRACE_SETREGSET will need to do a
> GETREGSET if complete certainty about the resulting VL is desired.
>
> ABI changes:
>
> * Documented the changed return value value semantics for PR_SET_SET_VL
> when the PR_SVE_SET_VL_ONEXEC flag is passed.
> ---
...
> +prctl(PR_SVE_SET_VL, unsigned long arg)
> +
> + Sets the vector length of the calling thread and related flags, where
> + arg == vl | flags.
> +
> + vl is the desired vector length, where sve_vl_valid(vl) must be true.
> +
> + flags:
> +
> + PR_SVE_SET_VL_INHERIT
> +
> + Inherit the current vector length across execve(). Otherwise, the
> + vector length is reset to the system default at execve(). (See
> + Section 9.)
> +
> + PR_SVE_SET_VL_ONEXEC
> +
> + Defer the requested vector length change until the next execve().
> + This allows launching of a new program with a different vector
> + length, while avoiding runtime side effects in the caller.
> +
> + This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
> + first execve().
> +
> + Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
> + length change is cancelled.
> +
"next execve" is still ambiguous. (execve has process
global effect so it may plausibly mean next in the
process or next in the calling thread)
"any outstanding deferred vector length change" is
ambiguous. (it may be for all threads in a process or
in the calling thread only)
> + Return value: a nonnegative on success, or a negative value on error:
> + EINVAL: SVE not supported, invalid vector length requested, or
> + invalid flags.
> +
> + On success, the calling thread's vector length is changed to the largest
> + value supported by the system that is less than or equal to vl.
> + If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
> + largest value supported by the system.
> +
> + The returned value describes the resulting configuration, encoded as for
> + PR_SVE_GET_VL. The vector length reported in this value is the new current
> + vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
> + input arg; otherwise, the reported vector length is the deferred vector
> + length that will be applied at the next exec.
> +
...
> +9. System runtime configuration
> +--------------------------------
> +
> +* To mitigate the ABI impact of expansion of the signal frame, a policy
> + mechanism is provided for administrators, distro maintainers and developers
> + to set the default vector length for userspace processes:
> +
> +/proc/cpu/sve_default_vector_length
> +
still wrong.
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-11 9:50 ` Szabolcs Nagy
0 siblings, 0 replies; 253+ messages in thread
From: Szabolcs Nagy @ 2017-10-11 9:50 UTC (permalink / raw)
To: linux-arm-kernel
On 10/10/17 19:38, Dave Martin wrote:
> This patch adds basic documentation of the user/kernel interface
> provided by the for SVE.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Alan Hayward <alan.hayward@arm.com>
>
> ---
>
> Changes since v2
> ----------------
>
> Changes requested by Alan Hayward:
>
> * Added a note that the caller of PTRACE_SETREGSET will need to do a
> GETREGSET if complete certainty about the resulting VL is desired.
>
> ABI changes:
>
> * Documented the changed return value value semantics for PR_SET_SET_VL
> when the PR_SVE_SET_VL_ONEXEC flag is passed.
> ---
...
> +prctl(PR_SVE_SET_VL, unsigned long arg)
> +
> + Sets the vector length of the calling thread and related flags, where
> + arg == vl | flags.
> +
> + vl is the desired vector length, where sve_vl_valid(vl) must be true.
> +
> + flags:
> +
> + PR_SVE_SET_VL_INHERIT
> +
> + Inherit the current vector length across execve(). Otherwise, the
> + vector length is reset to the system default at execve(). (See
> + Section 9.)
> +
> + PR_SVE_SET_VL_ONEXEC
> +
> + Defer the requested vector length change until the next execve().
> + This allows launching of a new program with a different vector
> + length, while avoiding runtime side effects in the caller.
> +
> + This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
> + first execve().
> +
> + Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
> + length change is cancelled.
> +
"next execve" is still ambiguous. (execve has process
global effect so it may plausibly mean next in the
process or next in the calling thread)
"any outstanding deferred vector length change" is
ambiguous. (it may be for all threads in a process or
in the calling thread only)
> + Return value: a nonnegative on success, or a negative value on error:
> + EINVAL: SVE not supported, invalid vector length requested, or
> + invalid flags.
> +
> + On success, the calling thread's vector length is changed to the largest
> + value supported by the system that is less than or equal to vl.
> + If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
> + largest value supported by the system.
> +
> + The returned value describes the resulting configuration, encoded as for
> + PR_SVE_GET_VL. The vector length reported in this value is the new current
> + vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
> + input arg; otherwise, the reported vector length is the deferred vector
> + length that will be applied at the next exec.
> +
...
> +9. System runtime configuration
> +--------------------------------
> +
> +* To mitigate the ABI impact of expansion of the signal frame, a policy
> + mechanism is provided for administrators, distro maintainers and developers
> + to set the default vector length for userspace processes:
> +
> +/proc/cpu/sve_default_vector_length
> +
still wrong.
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [RFC PATCH v3 27/28] arm64: signal: Report signal frame size to userspace via auxv
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 10:19 ` Szabolcs Nagy
-1 siblings, 0 replies; 253+ messages in thread
From: Szabolcs Nagy @ 2017-10-11 10:19 UTC (permalink / raw)
To: Dave Martin, linux-arm-kernel
Cc: nd, Catalin Marinas, Will Deacon, Ard Biesheuvel,
Alex Bennée, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
On 10/10/17 19:38, Dave Martin wrote:
> Stateful CPU architecture extensions may require the signal frame
> to grow to a size that exceeds the arch's MINSIGSTKSZ #define.
> However, changing this #define is an ABI break.
>
> To allow userspace the option of determining the signal frame size
> in a more forwards-compatible way, this patch adds a new auxv entry
> tagged with AT_MINSIGSTKSZ, which provides the maximum signal frame
> size that the process can observe during its lifetime.
>
> If AT_MINSIGSTKSZ is absent from the aux vector, the caller can
> assume that the MINSIGSTKSZ #define is sufficient. This allows for
> a consistent interface with older kernels that do not provide
> AT_MINSIGSTKSZ.
>
the posix sigaltstack api shall fail with ENOMEM
if smaller than MINSIGSTKSZ stack size is used.
so it is important to note somewhere if AT_MINSIGSTKSZ
is intended to be always >= MINSIGSTKSZ define (which
is rounded up to 5k) or it may be smaller as it provides
the precise value of the largest signal frame.
(i think it makes sense for it to be a precise value,
but then users should do the >= check before calling
the sigaltstack api, so they should be aware of this
issue)
^ permalink raw reply [flat|nested] 253+ messages in thread
* [RFC PATCH v3 27/28] arm64: signal: Report signal frame size to userspace via auxv
@ 2017-10-11 10:19 ` Szabolcs Nagy
0 siblings, 0 replies; 253+ messages in thread
From: Szabolcs Nagy @ 2017-10-11 10:19 UTC (permalink / raw)
To: linux-arm-kernel
On 10/10/17 19:38, Dave Martin wrote:
> Stateful CPU architecture extensions may require the signal frame
> to grow to a size that exceeds the arch's MINSIGSTKSZ #define.
> However, changing this #define is an ABI break.
>
> To allow userspace the option of determining the signal frame size
> in a more forwards-compatible way, this patch adds a new auxv entry
> tagged with AT_MINSIGSTKSZ, which provides the maximum signal frame
> size that the process can observe during its lifetime.
>
> If AT_MINSIGSTKSZ is absent from the aux vector, the caller can
> assume that the MINSIGSTKSZ #define is sufficient. This allows for
> a consistent interface with older kernels that do not provide
> AT_MINSIGSTKSZ.
>
the posix sigaltstack api shall fail with ENOMEM
if smaller than MINSIGSTKSZ stack size is used.
so it is important to note somewhere if AT_MINSIGSTKSZ
is intended to be always >= MINSIGSTKSZ define (which
is rounded up to 5k) or it may be smaller as it provides
the precise value of the largest signal frame.
(i think it makes sense for it to be a precise value,
but then users should do the >= check before calling
the sigaltstack api, so they should be aware of this
issue)
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-11 11:08 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 11:08 UTC (permalink / raw)
To: Szabolcs Nagy
Cc: linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r,
Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Richard Sandiford, Okamoto Takayuki,
kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg,
libc-alpha-9JcytcrH/bA+uJoB2kUjGw,
linux-arch-u79uwXL29TY76Z2rM5mHXA,
linux-api-u79uwXL29TY76Z2rM5mHXA, Michael Kerrisk, Mark Rutland,
Alan Hayward
On Wed, Oct 11, 2017 at 10:50:16AM +0100, Szabolcs Nagy wrote:
> On 10/10/17 19:38, Dave Martin wrote:
> > This patch adds basic documentation of the user/kernel interface
> > provided by the for SVE.
> >
> > Signed-off-by: Dave Martin <Dave.Martin-5wv7dgnIgG8@public.gmane.org>
> > Cc: Alex Bennée <alex.bennee-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> > Cc: Mark Rutland <mark.rutland-5wv7dgnIgG8@public.gmane.org>
> > Cc: Alan Hayward <alan.hayward-5wv7dgnIgG8@public.gmane.org>
> >
> > ---
> >
> > Changes since v2
> > ----------------
> >
> > Changes requested by Alan Hayward:
> >
> > * Added a note that the caller of PTRACE_SETREGSET will need to do a
> > GETREGSET if complete certainty about the resulting VL is desired.
> >
> > ABI changes:
> >
> > * Documented the changed return value value semantics for PR_SET_SET_VL
> > when the PR_SVE_SET_VL_ONEXEC flag is passed.
> > ---
> ...
> > +prctl(PR_SVE_SET_VL, unsigned long arg)
> > +
> > + Sets the vector length of the calling thread and related flags, where
> > + arg == vl | flags.
> > +
> > + vl is the desired vector length, where sve_vl_valid(vl) must be true.
> > +
> > + flags:
> > +
> > + PR_SVE_SET_VL_INHERIT
> > +
> > + Inherit the current vector length across execve(). Otherwise, the
> > + vector length is reset to the system default at execve(). (See
> > + Section 9.)
> > +
> > + PR_SVE_SET_VL_ONEXEC
> > +
> > + Defer the requested vector length change until the next execve().
> > + This allows launching of a new program with a different vector
> > + length, while avoiding runtime side effects in the caller.
> > +
> > + This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
> > + first execve().
> > +
> > + Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
> > + length change is cancelled.
> > +
>
> "next execve" is still ambiguous. (execve has process
> global effect so it may plausibly mean next in the
> process or next in the calling thread)
>
> "any outstanding deferred vector length change" is
> ambiguous. (it may be for all threads in a process or
> in the calling thread only)
>
> > + Return value: a nonnegative on success, or a negative value on error:
> > + EINVAL: SVE not supported, invalid vector length requested, or
> > + invalid flags.
> > +
> > + On success, the calling thread's vector length is changed to the largest
> > + value supported by the system that is less than or equal to vl.
> > + If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
> > + largest value supported by the system.
> > +
> > + The returned value describes the resulting configuration, encoded as for
> > + PR_SVE_GET_VL. The vector length reported in this value is the new current
> > + vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
> > + input arg; otherwise, the reported vector length is the deferred vector
> > + length that will be applied at the next exec.
> > +
> ...
> > +9. System runtime configuration
> > +--------------------------------
> > +
> > +* To mitigate the ABI impact of expansion of the signal frame, a policy
> > + mechanism is provided for administrators, distro maintainers and developers
> > + to set the default vector length for userspace processes:
> > +
> > +/proc/cpu/sve_default_vector_length
> > +
>
> still wrong.
Dang, sorry, I was focusing on the code and completely missed these
documentation changes.
The text actually leaves a fair amount to be desired in some places,
now I look again at it.
How does this look:
diff --git a/Documentation/arm64/sve.txt b/Documentation/arm64/sve.txt
index 2e8f009..27b8833 100644
--- a/Documentation/arm64/sve.txt
+++ b/Documentation/arm64/sve.txt
@@ -75,6 +75,15 @@ the SVE instruction set architecture.
assumptions about this. The kernel behaviour may vary on a case-by-case
basis.
+* All other SVE state of a thread, including the currently configured vector
+ length, the state of the PR_SVE_VL_INHERIT flag, and the deferred vector
+ length (if any), is preserved across all syscalls, subject to the specific
+ exceptions for execve() described in section 6.
+
+ In particular, on return from a fork() or clone(), the parent and new child
+ process or thread share identical SVE configuration, matching that of the
+ parent before the call.
+
4. Signal handling
-------------------
@@ -136,7 +145,7 @@ length:
prctl(PR_SVE_SET_VL, unsigned long arg)
Sets the vector length of the calling thread and related flags, where
- arg == vl | flags.
+ arg == vl | flags. Other threads of the calling process are unaffected.
vl is the desired vector length, where sve_vl_valid(vl) must be true.
@@ -150,36 +159,51 @@ prctl(PR_SVE_SET_VL, unsigned long arg)
PR_SVE_SET_VL_ONEXEC
- Defer the requested vector length change until the next execve().
+ Defer the requested vector length change until the next execve()
+ performed by this thread.
+
+ The effect is equivalent to implicit exceution of the following
+ call immediately after the next execve() (if any) by the thread:
+
+ prctl(PR_SVE_SET_VL, arg & ~PR_SVE_SET_VL_ONEXEC)
+
This allows launching of a new program with a different vector
length, while avoiding runtime side effects in the caller.
- This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
- first execve().
- Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
- length change is cancelled.
+ Without PR_SVE_SET_VL_ONEXEC, the requested change takes effect
+ immediately.
+
Return value: a nonnegative on success, or a negative value on error:
EINVAL: SVE not supported, invalid vector length requested, or
invalid flags.
- On success, the calling thread's vector length is changed to the largest
- value supported by the system that is less than or equal to vl.
- If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
- largest value supported by the system.
- The returned value describes the resulting configuration, encoded as for
- PR_SVE_GET_VL. The vector length reported in this value is the new current
- vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
- input arg; otherwise, the reported vector length is the deferred vector
- length that will be applied at the next exec.
+ On success:
+
+ * Either the calling thread's vector length or the deferred vector length
+ to be applied at the next execve() by the thread (dependent on whether
+ PR_SVE_SET_VL_ONEXEC is present in arg), is set to the largest value
+ supported by the system that is less than or equal to vl. If vl ==
+ SVE_VL_MAX, the value set will be the largest value supported by the
+ system.
+
+ * Any previously outstanding deferred vector length change in the calling
+ thread is cancelled.
+
+ * The returned value describes the resulting configuration, encoded as for
+ PR_SVE_GET_VL. The vector length reported in this value is the new
+ current vector length for this thread if PR_SVE_SET_VL_ONEXEC was not
+ present in arg; otherwise, the reported vector length is the deferred
+ vector length that will be applied at the next execve() by the calling
+ thread.
- Changing the vector length causes all of P0..P15, FFR and all bits of
- Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
- unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
- vector length does not constitute a change to the vector length for this
- purpose.
+ * Changing the vector length causes all of P0..P15, FFR and all bits of
+ Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
+ unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
+ vector length, or calling PR_SVE_SET_VL with the PR_SVE_SET_VL_ONEXEC
+ flag, does not constitute a change to the vector length for this purpose.
prctl(PR_SVE_GET_VL)
@@ -315,7 +339,7 @@ The regset data starts with struct user_sve_header, containing:
mechanism is provided for administrators, distro maintainers and developers
to set the default vector length for userspace processes:
-/proc/cpu/sve_default_vector_length
+/proc/sys/abi/sve_default_vector_length
Writing the text representation of an integer to this file sets the system
default vector length to the specified value, unless the value is greater
^ permalink raw reply related [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-11 11:08 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 11:08 UTC (permalink / raw)
To: Szabolcs Nagy
Cc: linux-arm-kernel, Catalin Marinas, Will Deacon, Ard Biesheuvel,
Alex Bennée, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, linux-api, Michael Kerrisk, Mark Rutland,
Alan Hayward
On Wed, Oct 11, 2017 at 10:50:16AM +0100, Szabolcs Nagy wrote:
> On 10/10/17 19:38, Dave Martin wrote:
> > This patch adds basic documentation of the user/kernel interface
> > provided by the for SVE.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Cc: Alex Bennée <alex.bennee@linaro.org>
> > Cc: Mark Rutland <mark.rutland@arm.com>
> > Cc: Alan Hayward <alan.hayward@arm.com>
> >
> > ---
> >
> > Changes since v2
> > ----------------
> >
> > Changes requested by Alan Hayward:
> >
> > * Added a note that the caller of PTRACE_SETREGSET will need to do a
> > GETREGSET if complete certainty about the resulting VL is desired.
> >
> > ABI changes:
> >
> > * Documented the changed return value value semantics for PR_SET_SET_VL
> > when the PR_SVE_SET_VL_ONEXEC flag is passed.
> > ---
> ...
> > +prctl(PR_SVE_SET_VL, unsigned long arg)
> > +
> > + Sets the vector length of the calling thread and related flags, where
> > + arg == vl | flags.
> > +
> > + vl is the desired vector length, where sve_vl_valid(vl) must be true.
> > +
> > + flags:
> > +
> > + PR_SVE_SET_VL_INHERIT
> > +
> > + Inherit the current vector length across execve(). Otherwise, the
> > + vector length is reset to the system default at execve(). (See
> > + Section 9.)
> > +
> > + PR_SVE_SET_VL_ONEXEC
> > +
> > + Defer the requested vector length change until the next execve().
> > + This allows launching of a new program with a different vector
> > + length, while avoiding runtime side effects in the caller.
> > +
> > + This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
> > + first execve().
> > +
> > + Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
> > + length change is cancelled.
> > +
>
> "next execve" is still ambiguous. (execve has process
> global effect so it may plausibly mean next in the
> process or next in the calling thread)
>
> "any outstanding deferred vector length change" is
> ambiguous. (it may be for all threads in a process or
> in the calling thread only)
>
> > + Return value: a nonnegative on success, or a negative value on error:
> > + EINVAL: SVE not supported, invalid vector length requested, or
> > + invalid flags.
> > +
> > + On success, the calling thread's vector length is changed to the largest
> > + value supported by the system that is less than or equal to vl.
> > + If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
> > + largest value supported by the system.
> > +
> > + The returned value describes the resulting configuration, encoded as for
> > + PR_SVE_GET_VL. The vector length reported in this value is the new current
> > + vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
> > + input arg; otherwise, the reported vector length is the deferred vector
> > + length that will be applied at the next exec.
> > +
> ...
> > +9. System runtime configuration
> > +--------------------------------
> > +
> > +* To mitigate the ABI impact of expansion of the signal frame, a policy
> > + mechanism is provided for administrators, distro maintainers and developers
> > + to set the default vector length for userspace processes:
> > +
> > +/proc/cpu/sve_default_vector_length
> > +
>
> still wrong.
Dang, sorry, I was focusing on the code and completely missed these
documentation changes.
The text actually leaves a fair amount to be desired in some places,
now I look again at it.
How does this look:
diff --git a/Documentation/arm64/sve.txt b/Documentation/arm64/sve.txt
index 2e8f009..27b8833 100644
--- a/Documentation/arm64/sve.txt
+++ b/Documentation/arm64/sve.txt
@@ -75,6 +75,15 @@ the SVE instruction set architecture.
assumptions about this. The kernel behaviour may vary on a case-by-case
basis.
+* All other SVE state of a thread, including the currently configured vector
+ length, the state of the PR_SVE_VL_INHERIT flag, and the deferred vector
+ length (if any), is preserved across all syscalls, subject to the specific
+ exceptions for execve() described in section 6.
+
+ In particular, on return from a fork() or clone(), the parent and new child
+ process or thread share identical SVE configuration, matching that of the
+ parent before the call.
+
4. Signal handling
-------------------
@@ -136,7 +145,7 @@ length:
prctl(PR_SVE_SET_VL, unsigned long arg)
Sets the vector length of the calling thread and related flags, where
- arg == vl | flags.
+ arg == vl | flags. Other threads of the calling process are unaffected.
vl is the desired vector length, where sve_vl_valid(vl) must be true.
@@ -150,36 +159,51 @@ prctl(PR_SVE_SET_VL, unsigned long arg)
PR_SVE_SET_VL_ONEXEC
- Defer the requested vector length change until the next execve().
+ Defer the requested vector length change until the next execve()
+ performed by this thread.
+
+ The effect is equivalent to implicit exceution of the following
+ call immediately after the next execve() (if any) by the thread:
+
+ prctl(PR_SVE_SET_VL, arg & ~PR_SVE_SET_VL_ONEXEC)
+
This allows launching of a new program with a different vector
length, while avoiding runtime side effects in the caller.
- This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
- first execve().
- Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
- length change is cancelled.
+ Without PR_SVE_SET_VL_ONEXEC, the requested change takes effect
+ immediately.
+
Return value: a nonnegative on success, or a negative value on error:
EINVAL: SVE not supported, invalid vector length requested, or
invalid flags.
- On success, the calling thread's vector length is changed to the largest
- value supported by the system that is less than or equal to vl.
- If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
- largest value supported by the system.
- The returned value describes the resulting configuration, encoded as for
- PR_SVE_GET_VL. The vector length reported in this value is the new current
- vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
- input arg; otherwise, the reported vector length is the deferred vector
- length that will be applied at the next exec.
+ On success:
+
+ * Either the calling thread's vector length or the deferred vector length
+ to be applied at the next execve() by the thread (dependent on whether
+ PR_SVE_SET_VL_ONEXEC is present in arg), is set to the largest value
+ supported by the system that is less than or equal to vl. If vl ==
+ SVE_VL_MAX, the value set will be the largest value supported by the
+ system.
+
+ * Any previously outstanding deferred vector length change in the calling
+ thread is cancelled.
+
+ * The returned value describes the resulting configuration, encoded as for
+ PR_SVE_GET_VL. The vector length reported in this value is the new
+ current vector length for this thread if PR_SVE_SET_VL_ONEXEC was not
+ present in arg; otherwise, the reported vector length is the deferred
+ vector length that will be applied at the next execve() by the calling
+ thread.
- Changing the vector length causes all of P0..P15, FFR and all bits of
- Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
- unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
- vector length does not constitute a change to the vector length for this
- purpose.
+ * Changing the vector length causes all of P0..P15, FFR and all bits of
+ Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
+ unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
+ vector length, or calling PR_SVE_SET_VL with the PR_SVE_SET_VL_ONEXEC
+ flag, does not constitute a change to the vector length for this purpose.
prctl(PR_SVE_GET_VL)
@@ -315,7 +339,7 @@ The regset data starts with struct user_sve_header, containing:
mechanism is provided for administrators, distro maintainers and developers
to set the default vector length for userspace processes:
-/proc/cpu/sve_default_vector_length
+/proc/sys/abi/sve_default_vector_length
Writing the text representation of an integer to this file sets the system
default vector length to the specified value, unless the value is greater
^ permalink raw reply related [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-11 11:08 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 11:08 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 11, 2017 at 10:50:16AM +0100, Szabolcs Nagy wrote:
> On 10/10/17 19:38, Dave Martin wrote:
> > This patch adds basic documentation of the user/kernel interface
> > provided by the for SVE.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Cc: Alex Benn?e <alex.bennee@linaro.org>
> > Cc: Mark Rutland <mark.rutland@arm.com>
> > Cc: Alan Hayward <alan.hayward@arm.com>
> >
> > ---
> >
> > Changes since v2
> > ----------------
> >
> > Changes requested by Alan Hayward:
> >
> > * Added a note that the caller of PTRACE_SETREGSET will need to do a
> > GETREGSET if complete certainty about the resulting VL is desired.
> >
> > ABI changes:
> >
> > * Documented the changed return value value semantics for PR_SET_SET_VL
> > when the PR_SVE_SET_VL_ONEXEC flag is passed.
> > ---
> ...
> > +prctl(PR_SVE_SET_VL, unsigned long arg)
> > +
> > + Sets the vector length of the calling thread and related flags, where
> > + arg == vl | flags.
> > +
> > + vl is the desired vector length, where sve_vl_valid(vl) must be true.
> > +
> > + flags:
> > +
> > + PR_SVE_SET_VL_INHERIT
> > +
> > + Inherit the current vector length across execve(). Otherwise, the
> > + vector length is reset to the system default at execve(). (See
> > + Section 9.)
> > +
> > + PR_SVE_SET_VL_ONEXEC
> > +
> > + Defer the requested vector length change until the next execve().
> > + This allows launching of a new program with a different vector
> > + length, while avoiding runtime side effects in the caller.
> > +
> > + This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
> > + first execve().
> > +
> > + Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
> > + length change is cancelled.
> > +
>
> "next execve" is still ambiguous. (execve has process
> global effect so it may plausibly mean next in the
> process or next in the calling thread)
>
> "any outstanding deferred vector length change" is
> ambiguous. (it may be for all threads in a process or
> in the calling thread only)
>
> > + Return value: a nonnegative on success, or a negative value on error:
> > + EINVAL: SVE not supported, invalid vector length requested, or
> > + invalid flags.
> > +
> > + On success, the calling thread's vector length is changed to the largest
> > + value supported by the system that is less than or equal to vl.
> > + If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
> > + largest value supported by the system.
> > +
> > + The returned value describes the resulting configuration, encoded as for
> > + PR_SVE_GET_VL. The vector length reported in this value is the new current
> > + vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
> > + input arg; otherwise, the reported vector length is the deferred vector
> > + length that will be applied at the next exec.
> > +
> ...
> > +9. System runtime configuration
> > +--------------------------------
> > +
> > +* To mitigate the ABI impact of expansion of the signal frame, a policy
> > + mechanism is provided for administrators, distro maintainers and developers
> > + to set the default vector length for userspace processes:
> > +
> > +/proc/cpu/sve_default_vector_length
> > +
>
> still wrong.
Dang, sorry, I was focusing on the code and completely missed these
documentation changes.
The text actually leaves a fair amount to be desired in some places,
now I look again at it.
How does this look:
diff --git a/Documentation/arm64/sve.txt b/Documentation/arm64/sve.txt
index 2e8f009..27b8833 100644
--- a/Documentation/arm64/sve.txt
+++ b/Documentation/arm64/sve.txt
@@ -75,6 +75,15 @@ the SVE instruction set architecture.
assumptions about this. The kernel behaviour may vary on a case-by-case
basis.
+* All other SVE state of a thread, including the currently configured vector
+ length, the state of the PR_SVE_VL_INHERIT flag, and the deferred vector
+ length (if any), is preserved across all syscalls, subject to the specific
+ exceptions for execve() described in section 6.
+
+ In particular, on return from a fork() or clone(), the parent and new child
+ process or thread share identical SVE configuration, matching that of the
+ parent before the call.
+
4. Signal handling
-------------------
@@ -136,7 +145,7 @@ length:
prctl(PR_SVE_SET_VL, unsigned long arg)
Sets the vector length of the calling thread and related flags, where
- arg == vl | flags.
+ arg == vl | flags. Other threads of the calling process are unaffected.
vl is the desired vector length, where sve_vl_valid(vl) must be true.
@@ -150,36 +159,51 @@ prctl(PR_SVE_SET_VL, unsigned long arg)
PR_SVE_SET_VL_ONEXEC
- Defer the requested vector length change until the next execve().
+ Defer the requested vector length change until the next execve()
+ performed by this thread.
+
+ The effect is equivalent to implicit exceution of the following
+ call immediately after the next execve() (if any) by the thread:
+
+ prctl(PR_SVE_SET_VL, arg & ~PR_SVE_SET_VL_ONEXEC)
+
This allows launching of a new program with a different vector
length, while avoiding runtime side effects in the caller.
- This also overrides the effect of PR_SVE_SET_VL_INHERIT for the
- first execve().
- Without PR_SVE_SET_VL_ONEXEC, any outstanding deferred vector
- length change is cancelled.
+ Without PR_SVE_SET_VL_ONEXEC, the requested change takes effect
+ immediately.
+
Return value: a nonnegative on success, or a negative value on error:
EINVAL: SVE not supported, invalid vector length requested, or
invalid flags.
- On success, the calling thread's vector length is changed to the largest
- value supported by the system that is less than or equal to vl.
- If vl == SVE_VL_MAX, the calling thread's vector length is changed to the
- largest value supported by the system.
- The returned value describes the resulting configuration, encoded as for
- PR_SVE_GET_VL. The vector length reported in this value is the new current
- vector length for this thread if PR_SVE_SET_VL_ONEXEC was not passed in the
- input arg; otherwise, the reported vector length is the deferred vector
- length that will be applied at the next exec.
+ On success:
+
+ * Either the calling thread's vector length or the deferred vector length
+ to be applied at the next execve() by the thread (dependent on whether
+ PR_SVE_SET_VL_ONEXEC is present in arg), is set to the largest value
+ supported by the system that is less than or equal to vl. If vl ==
+ SVE_VL_MAX, the value set will be the largest value supported by the
+ system.
+
+ * Any previously outstanding deferred vector length change in the calling
+ thread is cancelled.
+
+ * The returned value describes the resulting configuration, encoded as for
+ PR_SVE_GET_VL. The vector length reported in this value is the new
+ current vector length for this thread if PR_SVE_SET_VL_ONEXEC was not
+ present in arg; otherwise, the reported vector length is the deferred
+ vector length that will be applied at the next execve() by the calling
+ thread.
- Changing the vector length causes all of P0..P15, FFR and all bits of
- Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
- unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
- vector length does not constitute a change to the vector length for this
- purpose.
+ * Changing the vector length causes all of P0..P15, FFR and all bits of
+ Z0..V31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
+ unspecified. Calling PR_SVE_SET_VL with vl equal to the thread's current
+ vector length, or calling PR_SVE_SET_VL with the PR_SVE_SET_VL_ONEXEC
+ flag, does not constitute a change to the vector length for this purpose.
prctl(PR_SVE_GET_VL)
@@ -315,7 +339,7 @@ The regset data starts with struct user_sve_header, containing:
mechanism is provided for administrators, distro maintainers and developers
to set the default vector length for userspace processes:
-/proc/cpu/sve_default_vector_length
+/proc/sys/abi/sve_default_vector_length
Writing the text representation of an integer to this file sets the system
default vector length to the specified value, unless the value is greater
^ permalink raw reply related [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-11 11:30 ` Szabolcs Nagy
0 siblings, 0 replies; 253+ messages in thread
From: Szabolcs Nagy @ 2017-10-11 11:30 UTC (permalink / raw)
To: Dave Martin
Cc: nd-5wv7dgnIgG8,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r,
Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Richard Sandiford, Okamoto Takayuki,
kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg,
libc-alpha-9JcytcrH/bA+uJoB2kUjGw,
linux-arch-u79uwXL29TY76Z2rM5mHXA,
linux-api-u79uwXL29TY76Z2rM5mHXA, Michael Kerrisk, Mark Rutland,
Alan Hayward
On 11/10/17 12:08, Dave Martin wrote:
> How does this look:
>
looks reasonable.
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-11 11:30 ` Szabolcs Nagy
0 siblings, 0 replies; 253+ messages in thread
From: Szabolcs Nagy @ 2017-10-11 11:30 UTC (permalink / raw)
To: Dave Martin
Cc: nd, linux-arm-kernel, Catalin Marinas, Will Deacon,
Ard Biesheuvel, Alex Bennée, Richard Sandiford,
Okamoto Takayuki, kvmarm, libc-alpha, linux-arch, linux-api,
Michael Kerrisk, Mark Rutland, Alan Hayward
On 11/10/17 12:08, Dave Martin wrote:
> How does this look:
>
looks reasonable.
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-11 11:30 ` Szabolcs Nagy
0 siblings, 0 replies; 253+ messages in thread
From: Szabolcs Nagy @ 2017-10-11 11:30 UTC (permalink / raw)
To: linux-arm-kernel
On 11/10/17 12:08, Dave Martin wrote:
> How does this look:
>
looks reasonable.
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [RFC PATCH v3 27/28] arm64: signal: Report signal frame size to userspace via auxv
2017-10-11 10:19 ` Szabolcs Nagy
@ 2017-10-11 13:14 ` Dave P Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave P Martin @ 2017-10-11 13:14 UTC (permalink / raw)
To: Szabolcs Nagy
Cc: linux-arm-kernel, nd, Catalin Marinas, Will Deacon,
Ard Biesheuvel, Alex Bennée, Richard Sandiford, tokamoto,
kvmarm, libc-alpha, linux-arch
On Wed, Oct 11, 2017 at 11:19:03AM +0100, Szabolcs Nagy wrote:
> On 10/10/17 19:38, Dave Martin wrote:
> > Stateful CPU architecture extensions may require the signal frame
> > to grow to a size that exceeds the arch's MINSIGSTKSZ #define.
> > However, changing this #define is an ABI break.
> >
> > To allow userspace the option of determining the signal frame size
> > in a more forwards-compatible way, this patch adds a new auxv entry
> > tagged with AT_MINSIGSTKSZ, which provides the maximum signal frame
> > size that the process can observe during its lifetime.
> >
> > If AT_MINSIGSTKSZ is absent from the aux vector, the caller can
> > assume that the MINSIGSTKSZ #define is sufficient. This allows for
> > a consistent interface with older kernels that do not provide
> > AT_MINSIGSTKSZ.
> >
>
> the posix sigaltstack api shall fail with ENOMEM
> if smaller than MINSIGSTKSZ stack size is used.
>
> so it is important to note somewhere if AT_MINSIGSTKSZ
> is intended to be always >= MINSIGSTKSZ define (which
> is rounded up to 5k) or it may be smaller as it provides
> the precise value of the largest signal frame.
>
> (i think it makes sense for it to be a precise value,
> but then users should do the >= check before calling
> the sigaltstack api, so they should be aware of this
> issue)
This is a good point, and one that I don't have an answer for yet.
POSIX[1] says that sigaltstack() _shall_ return EPERM if ss_size
< MINSIGSTKSZ.
I don't know the full rationale behind this.
The ENOMEM return here doesn't guarantee that signal delivery will
definitely fail or compromise safety when ss_size or less of stack is
available.
A 0 return doesn't guarantee that signal delivery on the registered
alternate stack will succeed or be safe.
So while the ENOMEM return has some sanity-check value, it's very
limited in its usefulness.
I currently saw no good reason to misrepresent the true signal frame
size in AT_MINSIGSTKSZ, so it is currently a precise value that can be
< MINSIGSTKSZ (and is, in the default case).
In an ideal world, my preference would be to relax the check in
sigaltstack() to check >= AT_MINSIGSTKSZ, but it is technically an ABI
break...
We _could_ paper over this by rounding up the AT_MINSIGSTKSZ value
reported by the kernel to be always >= MINSIGSTKSZ. This seems ugly,
but may be the most pragmatic option.
Thoughts?
Cheers
---Dave
[1] SUSv7 / IEEE Std 1003.1-2008 (2016): sigaltstack
http://pubs.opengroup.org/onlinepubs/9699919799/functions/sigaltstack.html
^ permalink raw reply [flat|nested] 253+ messages in thread
* [RFC PATCH v3 27/28] arm64: signal: Report signal frame size to userspace via auxv
@ 2017-10-11 13:14 ` Dave P Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave P Martin @ 2017-10-11 13:14 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 11, 2017 at 11:19:03AM +0100, Szabolcs Nagy wrote:
> On 10/10/17 19:38, Dave Martin wrote:
> > Stateful CPU architecture extensions may require the signal frame
> > to grow to a size that exceeds the arch's MINSIGSTKSZ #define.
> > However, changing this #define is an ABI break.
> >
> > To allow userspace the option of determining the signal frame size
> > in a more forwards-compatible way, this patch adds a new auxv entry
> > tagged with AT_MINSIGSTKSZ, which provides the maximum signal frame
> > size that the process can observe during its lifetime.
> >
> > If AT_MINSIGSTKSZ is absent from the aux vector, the caller can
> > assume that the MINSIGSTKSZ #define is sufficient. This allows for
> > a consistent interface with older kernels that do not provide
> > AT_MINSIGSTKSZ.
> >
>
> the posix sigaltstack api shall fail with ENOMEM
> if smaller than MINSIGSTKSZ stack size is used.
>
> so it is important to note somewhere if AT_MINSIGSTKSZ
> is intended to be always >= MINSIGSTKSZ define (which
> is rounded up to 5k) or it may be smaller as it provides
> the precise value of the largest signal frame.
>
> (i think it makes sense for it to be a precise value,
> but then users should do the >= check before calling
> the sigaltstack api, so they should be aware of this
> issue)
This is a good point, and one that I don't have an answer for yet.
POSIX[1] says that sigaltstack() _shall_ return EPERM if ss_size
< MINSIGSTKSZ.
I don't know the full rationale behind this.
The ENOMEM return here doesn't guarantee that signal delivery will
definitely fail or compromise safety when ss_size or less of stack is
available.
A 0 return doesn't guarantee that signal delivery on the registered
alternate stack will succeed or be safe.
So while the ENOMEM return has some sanity-check value, it's very
limited in its usefulness.
I currently saw no good reason to misrepresent the true signal frame
size in AT_MINSIGSTKSZ, so it is currently a precise value that can be
< MINSIGSTKSZ (and is, in the default case).
In an ideal world, my preference would be to relax the check in
sigaltstack() to check >= AT_MINSIGSTKSZ, but it is technically an ABI
break...
We _could_ paper over this by rounding up the AT_MINSIGSTKSZ value
reported by the kernel to be always >= MINSIGSTKSZ. This seems ugly,
but may be the most pragmatic option.
Thoughts?
Cheers
---Dave
[1] SUSv7 / IEEE Std 1003.1-2008 (2016): sigaltstack
http://pubs.opengroup.org/onlinepubs/9699919799/functions/sigaltstack.html
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 01/28] regset: Add support for dynamically sized regsets
2017-10-10 18:38 ` Dave Martin
(?)
@ 2017-10-11 14:14 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:14 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm, viro, linux-fsdevel
On Tue, Oct 10, 2017 at 07:38:18PM +0100, Dave P Martin wrote:
> Currently the regset API doesn't allow for the possibility that
> regsets (or at least, the amount of meaningful data in a regset)
> may change in size.
>
> In particular, this results in useless padding being added to
> coredumps in a regset's current size is smaller than its
> theoretical maximum size.
>
> This patch adds a get_size() function to struct user_regset.
> Individual regset implementations can implement this function to
> return the current size of the regset data. A regset_size()
> function is added to provide callers with an abstract interface for
> determining the size of a regset without needing to know whether
> the regset is dynamically sized or not.
>
> The only affected user of this interface is the ELF coredump code:
> This patch ports ELF coredump to dump regsets with their actual
> size in the coredump. This has no effect except for new regsets
> that are dynamically sized and provide a get_size() implementation.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn�e <alex.bennee@linaro.org>
> ---
> fs/binfmt_elf.c | 6 ++---
> include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
> 2 files changed, 63 insertions(+), 10 deletions(-)
The patch looks fine to me:
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
However, you'd probably need an ack from the filesystem maintainers
(cc'ed; patch below for reference).
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 73b01e4..35aa03f 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -1699,7 +1699,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> long signr, size_t *total)
> {
> unsigned int i;
> - unsigned int regset_size = view->regsets[0].n * view->regsets[0].size;
> + unsigned int size = regset_size(t->task, &view->regsets[0]);
>
> /*
> * NT_PRSTATUS is the one special case, because the regset data
> @@ -1708,7 +1708,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> * We assume that regset 0 is NT_PRSTATUS.
> */
> fill_prstatus(&t->prstatus, t->task, signr);
> - (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset_size,
> + (void) view->regsets[0].get(t->task, &view->regsets[0], 0, size,
> &t->prstatus.pr_reg, NULL);
>
> fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
> @@ -1728,7 +1728,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> if (regset->core_note_type && regset->get &&
> (!regset->active || regset->active(t->task, regset))) {
> int ret;
> - size_t size = regset->n * regset->size;
> + size_t size = regset_size(t->task, regset);
> void *data = kmalloc(size, GFP_KERNEL);
> if (unlikely(!data))
> return 0;
> diff --git a/include/linux/regset.h b/include/linux/regset.h
> index 8e0c9fe..494ceda 100644
> --- a/include/linux/regset.h
> +++ b/include/linux/regset.h
> @@ -107,6 +107,28 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
> int immediate);
>
> /**
> + * user_regset_get_size_fn - type of @get_size function in &struct user_regset
> + * @target: thread being examined
> + * @regset: regset being examined
> + *
> + * This call is optional; usually the pointer is %NULL.
> + *
> + * When provided, this function must return the current size of regset
> + * data, as observed by the @get function in &struct user_regset. The
> + * value returned must be a multiple of @size. The returned size is
> + * required to be valid only until the next time (if any) @regset is
> + * modified for @target.
> + *
> + * This function is intended for dynamically sized regsets. A regset
> + * that is statically sized does not need to implement it.
> + *
> + * This function should not be called directly: instead, callers should
> + * call regset_size() to determine the current size of a regset.
> + */
> +typedef unsigned int user_regset_get_size_fn(struct task_struct *target,
> + const struct user_regset *regset);
> +
> +/**
> * struct user_regset - accessible thread CPU state
> * @n: Number of slots (registers).
> * @size: Size in bytes of a slot (register).
> @@ -117,19 +139,33 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
> * @set: Function to store values.
> * @active: Function to report if regset is active, or %NULL.
> * @writeback: Function to write data back to user memory, or %NULL.
> + * @get_size: Function to return the regset's size, or %NULL.
> *
> * This data structure describes a machine resource we call a register set.
> * This is part of the state of an individual thread, not necessarily
> * actual CPU registers per se. A register set consists of a number of
> * similar slots, given by @n. Each slot is @size bytes, and aligned to
> - * @align bytes (which is at least @size).
> + * @align bytes (which is at least @size). For dynamically-sized
> + * regsets, @n must contain the maximum possible number of slots for the
> + * regset, and @get_size must point to a function that returns the
> + * current regset size.
> *
> - * These functions must be called only on the current thread or on a
> - * thread that is in %TASK_STOPPED or %TASK_TRACED state, that we are
> - * guaranteed will not be woken up and return to user mode, and that we
> - * have called wait_task_inactive() on. (The target thread always might
> - * wake up for SIGKILL while these functions are working, in which case
> - * that thread's user_regset state might be scrambled.)
> + * Callers that need to know only the current size of the regset and do
> + * not care about its internal structure should call regset_size()
> + * instead of inspecting @n or calling @get_size.
> + *
> + * For backward compatibility, the @get and @set methods must pad to, or
> + * accept, @n * @size bytes, even if the current regset size is smaller.
> + * The precise semantics of these operations depend on the regset being
> + * accessed.
> + *
> + * The functions to which &struct user_regset members point must be
> + * called only on the current thread or on a thread that is in
> + * %TASK_STOPPED or %TASK_TRACED state, that we are guaranteed will not
> + * be woken up and return to user mode, and that we have called
> + * wait_task_inactive() on. (The target thread always might wake up for
> + * SIGKILL while these functions are working, in which case that
> + * thread's user_regset state might be scrambled.)
> *
> * The @pos argument must be aligned according to @align; the @count
> * argument must be a multiple of @size. These functions are not
> @@ -156,6 +192,7 @@ struct user_regset {
> user_regset_set_fn *set;
> user_regset_active_fn *active;
> user_regset_writeback_fn *writeback;
> + user_regset_get_size_fn *get_size;
> unsigned int n;
> unsigned int size;
> unsigned int align;
> @@ -371,5 +408,21 @@ static inline int copy_regset_from_user(struct task_struct *target,
> return regset->set(target, regset, offset, size, NULL, data);
> }
>
> +/**
> + * regset_size - determine the current size of a regset
> + * @target: thread to be examined
> + * @regset: regset to be examined
> + *
> + * Note that the returned size is valid only until the next time
> + * (if any) @regset is modified for @target.
> + */
> +static inline unsigned int regset_size(struct task_struct *target,
> + const struct user_regset *regset)
> +{
> + if (!regset->get_size)
> + return regset->n * regset->size;
> + else
> + return regset->get_size(target, regset);
> +}
>
> #endif /* <linux/regset.h> */
> --
> 2.1.4
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 01/28] regset: Add support for dynamically sized regsets
@ 2017-10-11 14:14 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:14 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm, viro, linux-fsdevel
On Tue, Oct 10, 2017 at 07:38:18PM +0100, Dave P Martin wrote:
> Currently the regset API doesn't allow for the possibility that
> regsets (or at least, the amount of meaningful data in a regset)
> may change in size.
>
> In particular, this results in useless padding being added to
> coredumps in a regset's current size is smaller than its
> theoretical maximum size.
>
> This patch adds a get_size() function to struct user_regset.
> Individual regset implementations can implement this function to
> return the current size of the regset data. A regset_size()
> function is added to provide callers with an abstract interface for
> determining the size of a regset without needing to know whether
> the regset is dynamically sized or not.
>
> The only affected user of this interface is the ELF coredump code:
> This patch ports ELF coredump to dump regsets with their actual
> size in the coredump. This has no effect except for new regsets
> that are dynamically sized and provide a get_size() implementation.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> ---
> fs/binfmt_elf.c | 6 ++---
> include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
> 2 files changed, 63 insertions(+), 10 deletions(-)
The patch looks fine to me:
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
However, you'd probably need an ack from the filesystem maintainers
(cc'ed; patch below for reference).
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 73b01e4..35aa03f 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -1699,7 +1699,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> long signr, size_t *total)
> {
> unsigned int i;
> - unsigned int regset_size = view->regsets[0].n * view->regsets[0].size;
> + unsigned int size = regset_size(t->task, &view->regsets[0]);
>
> /*
> * NT_PRSTATUS is the one special case, because the regset data
> @@ -1708,7 +1708,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> * We assume that regset 0 is NT_PRSTATUS.
> */
> fill_prstatus(&t->prstatus, t->task, signr);
> - (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset_size,
> + (void) view->regsets[0].get(t->task, &view->regsets[0], 0, size,
> &t->prstatus.pr_reg, NULL);
>
> fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
> @@ -1728,7 +1728,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> if (regset->core_note_type && regset->get &&
> (!regset->active || regset->active(t->task, regset))) {
> int ret;
> - size_t size = regset->n * regset->size;
> + size_t size = regset_size(t->task, regset);
> void *data = kmalloc(size, GFP_KERNEL);
> if (unlikely(!data))
> return 0;
> diff --git a/include/linux/regset.h b/include/linux/regset.h
> index 8e0c9fe..494ceda 100644
> --- a/include/linux/regset.h
> +++ b/include/linux/regset.h
> @@ -107,6 +107,28 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
> int immediate);
>
> /**
> + * user_regset_get_size_fn - type of @get_size function in &struct user_regset
> + * @target: thread being examined
> + * @regset: regset being examined
> + *
> + * This call is optional; usually the pointer is %NULL.
> + *
> + * When provided, this function must return the current size of regset
> + * data, as observed by the @get function in &struct user_regset. The
> + * value returned must be a multiple of @size. The returned size is
> + * required to be valid only until the next time (if any) @regset is
> + * modified for @target.
> + *
> + * This function is intended for dynamically sized regsets. A regset
> + * that is statically sized does not need to implement it.
> + *
> + * This function should not be called directly: instead, callers should
> + * call regset_size() to determine the current size of a regset.
> + */
> +typedef unsigned int user_regset_get_size_fn(struct task_struct *target,
> + const struct user_regset *regset);
> +
> +/**
> * struct user_regset - accessible thread CPU state
> * @n: Number of slots (registers).
> * @size: Size in bytes of a slot (register).
> @@ -117,19 +139,33 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
> * @set: Function to store values.
> * @active: Function to report if regset is active, or %NULL.
> * @writeback: Function to write data back to user memory, or %NULL.
> + * @get_size: Function to return the regset's size, or %NULL.
> *
> * This data structure describes a machine resource we call a register set.
> * This is part of the state of an individual thread, not necessarily
> * actual CPU registers per se. A register set consists of a number of
> * similar slots, given by @n. Each slot is @size bytes, and aligned to
> - * @align bytes (which is at least @size).
> + * @align bytes (which is at least @size). For dynamically-sized
> + * regsets, @n must contain the maximum possible number of slots for the
> + * regset, and @get_size must point to a function that returns the
> + * current regset size.
> *
> - * These functions must be called only on the current thread or on a
> - * thread that is in %TASK_STOPPED or %TASK_TRACED state, that we are
> - * guaranteed will not be woken up and return to user mode, and that we
> - * have called wait_task_inactive() on. (The target thread always might
> - * wake up for SIGKILL while these functions are working, in which case
> - * that thread's user_regset state might be scrambled.)
> + * Callers that need to know only the current size of the regset and do
> + * not care about its internal structure should call regset_size()
> + * instead of inspecting @n or calling @get_size.
> + *
> + * For backward compatibility, the @get and @set methods must pad to, or
> + * accept, @n * @size bytes, even if the current regset size is smaller.
> + * The precise semantics of these operations depend on the regset being
> + * accessed.
> + *
> + * The functions to which &struct user_regset members point must be
> + * called only on the current thread or on a thread that is in
> + * %TASK_STOPPED or %TASK_TRACED state, that we are guaranteed will not
> + * be woken up and return to user mode, and that we have called
> + * wait_task_inactive() on. (The target thread always might wake up for
> + * SIGKILL while these functions are working, in which case that
> + * thread's user_regset state might be scrambled.)
> *
> * The @pos argument must be aligned according to @align; the @count
> * argument must be a multiple of @size. These functions are not
> @@ -156,6 +192,7 @@ struct user_regset {
> user_regset_set_fn *set;
> user_regset_active_fn *active;
> user_regset_writeback_fn *writeback;
> + user_regset_get_size_fn *get_size;
> unsigned int n;
> unsigned int size;
> unsigned int align;
> @@ -371,5 +408,21 @@ static inline int copy_regset_from_user(struct task_struct *target,
> return regset->set(target, regset, offset, size, NULL, data);
> }
>
> +/**
> + * regset_size - determine the current size of a regset
> + * @target: thread to be examined
> + * @regset: regset to be examined
> + *
> + * Note that the returned size is valid only until the next time
> + * (if any) @regset is modified for @target.
> + */
> +static inline unsigned int regset_size(struct task_struct *target,
> + const struct user_regset *regset)
> +{
> + if (!regset->get_size)
> + return regset->n * regset->size;
> + else
> + return regset->get_size(target, regset);
> +}
>
> #endif /* <linux/regset.h> */
> --
> 2.1.4
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 01/28] regset: Add support for dynamically sized regsets
@ 2017-10-11 14:14 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:14 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:18PM +0100, Dave P Martin wrote:
> Currently the regset API doesn't allow for the possibility that
> regsets (or at least, the amount of meaningful data in a regset)
> may change in size.
>
> In particular, this results in useless padding being added to
> coredumps in a regset's current size is smaller than its
> theoretical maximum size.
>
> This patch adds a get_size() function to struct user_regset.
> Individual regset implementations can implement this function to
> return the current size of the regset data. A regset_size()
> function is added to provide callers with an abstract interface for
> determining the size of a regset without needing to know whether
> the regset is dynamically sized or not.
>
> The only affected user of this interface is the ELF coredump code:
> This patch ports ELF coredump to dump regsets with their actual
> size in the coredump. This has no effect except for new regsets
> that are dynamically sized and provide a get_size() implementation.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> ---
> fs/binfmt_elf.c | 6 ++---
> include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
> 2 files changed, 63 insertions(+), 10 deletions(-)
The patch looks fine to me:
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
However, you'd probably need an ack from the filesystem maintainers
(cc'ed; patch below for reference).
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 73b01e4..35aa03f 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -1699,7 +1699,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> long signr, size_t *total)
> {
> unsigned int i;
> - unsigned int regset_size = view->regsets[0].n * view->regsets[0].size;
> + unsigned int size = regset_size(t->task, &view->regsets[0]);
>
> /*
> * NT_PRSTATUS is the one special case, because the regset data
> @@ -1708,7 +1708,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> * We assume that regset 0 is NT_PRSTATUS.
> */
> fill_prstatus(&t->prstatus, t->task, signr);
> - (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset_size,
> + (void) view->regsets[0].get(t->task, &view->regsets[0], 0, size,
> &t->prstatus.pr_reg, NULL);
>
> fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
> @@ -1728,7 +1728,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
> if (regset->core_note_type && regset->get &&
> (!regset->active || regset->active(t->task, regset))) {
> int ret;
> - size_t size = regset->n * regset->size;
> + size_t size = regset_size(t->task, regset);
> void *data = kmalloc(size, GFP_KERNEL);
> if (unlikely(!data))
> return 0;
> diff --git a/include/linux/regset.h b/include/linux/regset.h
> index 8e0c9fe..494ceda 100644
> --- a/include/linux/regset.h
> +++ b/include/linux/regset.h
> @@ -107,6 +107,28 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
> int immediate);
>
> /**
> + * user_regset_get_size_fn - type of @get_size function in &struct user_regset
> + * @target: thread being examined
> + * @regset: regset being examined
> + *
> + * This call is optional; usually the pointer is %NULL.
> + *
> + * When provided, this function must return the current size of regset
> + * data, as observed by the @get function in &struct user_regset. The
> + * value returned must be a multiple of @size. The returned size is
> + * required to be valid only until the next time (if any) @regset is
> + * modified for @target.
> + *
> + * This function is intended for dynamically sized regsets. A regset
> + * that is statically sized does not need to implement it.
> + *
> + * This function should not be called directly: instead, callers should
> + * call regset_size() to determine the current size of a regset.
> + */
> +typedef unsigned int user_regset_get_size_fn(struct task_struct *target,
> + const struct user_regset *regset);
> +
> +/**
> * struct user_regset - accessible thread CPU state
> * @n: Number of slots (registers).
> * @size: Size in bytes of a slot (register).
> @@ -117,19 +139,33 @@ typedef int user_regset_writeback_fn(struct task_struct *target,
> * @set: Function to store values.
> * @active: Function to report if regset is active, or %NULL.
> * @writeback: Function to write data back to user memory, or %NULL.
> + * @get_size: Function to return the regset's size, or %NULL.
> *
> * This data structure describes a machine resource we call a register set.
> * This is part of the state of an individual thread, not necessarily
> * actual CPU registers per se. A register set consists of a number of
> * similar slots, given by @n. Each slot is @size bytes, and aligned to
> - * @align bytes (which is at least @size).
> + * @align bytes (which is at least @size). For dynamically-sized
> + * regsets, @n must contain the maximum possible number of slots for the
> + * regset, and @get_size must point to a function that returns the
> + * current regset size.
> *
> - * These functions must be called only on the current thread or on a
> - * thread that is in %TASK_STOPPED or %TASK_TRACED state, that we are
> - * guaranteed will not be woken up and return to user mode, and that we
> - * have called wait_task_inactive() on. (The target thread always might
> - * wake up for SIGKILL while these functions are working, in which case
> - * that thread's user_regset state might be scrambled.)
> + * Callers that need to know only the current size of the regset and do
> + * not care about its internal structure should call regset_size()
> + * instead of inspecting @n or calling @get_size.
> + *
> + * For backward compatibility, the @get and @set methods must pad to, or
> + * accept, @n * @size bytes, even if the current regset size is smaller.
> + * The precise semantics of these operations depend on the regset being
> + * accessed.
> + *
> + * The functions to which &struct user_regset members point must be
> + * called only on the current thread or on a thread that is in
> + * %TASK_STOPPED or %TASK_TRACED state, that we are guaranteed will not
> + * be woken up and return to user mode, and that we have called
> + * wait_task_inactive() on. (The target thread always might wake up for
> + * SIGKILL while these functions are working, in which case that
> + * thread's user_regset state might be scrambled.)
> *
> * The @pos argument must be aligned according to @align; the @count
> * argument must be a multiple of @size. These functions are not
> @@ -156,6 +192,7 @@ struct user_regset {
> user_regset_set_fn *set;
> user_regset_active_fn *active;
> user_regset_writeback_fn *writeback;
> + user_regset_get_size_fn *get_size;
> unsigned int n;
> unsigned int size;
> unsigned int align;
> @@ -371,5 +408,21 @@ static inline int copy_regset_from_user(struct task_struct *target,
> return regset->set(target, regset, offset, size, NULL, data);
> }
>
> +/**
> + * regset_size - determine the current size of a regset
> + * @target: thread to be examined
> + * @regset: regset to be examined
> + *
> + * Note that the returned size is valid only until the next time
> + * (if any) @regset is modified for @target.
> + */
> +static inline unsigned int regset_size(struct task_struct *target,
> + const struct user_regset *regset)
> +{
> + if (!regset->get_size)
> + return regset->n * regset->size;
> + else
> + return regset->get_size(target, regset);
> +}
>
> #endif /* <linux/regset.h> */
> --
> 2.1.4
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 14:14 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:14 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Marc Zyngier,
Richard Sandiford, Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave P Martin wrote:
> Currently, a guest kernel sees the true CPU feature registers
> (ID_*_EL1) when it reads them using MRS instructions. This means
> that the guest will observe features that are present in the
> hardware but the host doesn't understand or doesn't provide support
> for. A guest may legimitately try to use such a feature as per the
> architecture, but use of the feature may trap instead of working
> normally, triggering undef injection into the guest.
>
> This is not a problem for the host, but the guest may go wrong when
> running on newer hardware than the host knows about.
>
> This patch hides from guest VMs any AArch64-specific CPU features
> that the host doesn't support, by exposing to the guest the
> sanitised versions of the registers computed by the cpufeatures
> framework, instead of the true hardware registers. To achieve
> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
> code is added to KVM to report the sanitised versions of the
> affected registers in response to MRS and register reads from
> userspace.
>
> The affected registers are removed from invariant_sys_regs[] (since
> the invariant_sys_regs handling is no longer quite correct for
> them) and added to sys_reg_desgs[], with appropriate access(),
> get_user() and set_user() methods. No runtime vcpu storage is
> allocated for the registers: instead, they are read on demand from
> the cpufeatures framework. This may need modification in the
> future if there is a need for userspace to customise the features
> visible to the guest.
>
> Attempts by userspace to write the registers are handled similarly
> to the current invariant_sys_regs handling: writes are permitted,
> but only if they don't attempt to change the value. This is
> sufficient to support VM snapshot/restore from userspace.
>
> Because of the additional registers, restoring a VM on an older
> kernel may not work unless userspace knows how to handle the extra
> VM registers exposed to the KVM user ABI by this patch.
>
> Under the principle of least damage, this patch makes no attempt to
> handle any of the other registers currently in
> invariant_sys_regs[], or to emulate registers for AArch32: however,
> these could be handled in a similar way in future, as necessary.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/include/asm/sysreg.h | 3 +
> arch/arm64/kvm/hyp/switch.c | 6 +
> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
> 3 files changed, 246 insertions(+), 45 deletions(-)
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
@ 2017-10-11 14:14 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:14 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave P Martin wrote:
> Currently, a guest kernel sees the true CPU feature registers
> (ID_*_EL1) when it reads them using MRS instructions. This means
> that the guest will observe features that are present in the
> hardware but the host doesn't understand or doesn't provide support
> for. A guest may legimitately try to use such a feature as per the
> architecture, but use of the feature may trap instead of working
> normally, triggering undef injection into the guest.
>
> This is not a problem for the host, but the guest may go wrong when
> running on newer hardware than the host knows about.
>
> This patch hides from guest VMs any AArch64-specific CPU features
> that the host doesn't support, by exposing to the guest the
> sanitised versions of the registers computed by the cpufeatures
> framework, instead of the true hardware registers. To achieve
> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
> code is added to KVM to report the sanitised versions of the
> affected registers in response to MRS and register reads from
> userspace.
>
> The affected registers are removed from invariant_sys_regs[] (since
> the invariant_sys_regs handling is no longer quite correct for
> them) and added to sys_reg_desgs[], with appropriate access(),
> get_user() and set_user() methods. No runtime vcpu storage is
> allocated for the registers: instead, they are read on demand from
> the cpufeatures framework. This may need modification in the
> future if there is a need for userspace to customise the features
> visible to the guest.
>
> Attempts by userspace to write the registers are handled similarly
> to the current invariant_sys_regs handling: writes are permitted,
> but only if they don't attempt to change the value. This is
> sufficient to support VM snapshot/restore from userspace.
>
> Because of the additional registers, restoring a VM on an older
> kernel may not work unless userspace knows how to handle the extra
> VM registers exposed to the KVM user ABI by this patch.
>
> Under the principle of least damage, this patch makes no attempt to
> handle any of the other registers currently in
> invariant_sys_regs[], or to emulate registers for AArch32: however,
> these could be handled in a similar way in future, as necessary.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/include/asm/sysreg.h | 3 +
> arch/arm64/kvm/hyp/switch.c | 6 +
> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
> 3 files changed, 246 insertions(+), 45 deletions(-)
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 03/28] arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 14:16 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:16 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:20PM +0100, Dave P Martin wrote:
> The EFI runtime services ABI permits calls to EFI to clobber
> certain FPSIMD/NEON registers, as per the AArch64 procedure call
> standard.
>
> Saving/restoring the clobbered registers around such calls needs
> KERNEL_MODE_NEON, but the dependency is missing from Kconfig.
>
> This patch adds the missing dependency.
>
> This will aid bisection of the patches implementing support for the
> ARM Scalable Vector Extension (SVE).
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> ---
> arch/arm64/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 0df64a6..ca711ac 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1063,6 +1063,7 @@ config EFI_STUB
> config EFI
> bool "UEFI runtime support"
> depends on OF && !CPU_BIG_ENDIAN
> + depends on KERNEL_MODE_NEON
> select LIBFDT
> select UCS2_STRING
> select EFI_PARAMS_FROM_FDT
We could've used select KERNEL_MODE_NEON since it's a feature needed by
EFI but this works for me as well as KERNEL_MODE_NEON is def_bool y
already. Either way:
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 03/28] arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
@ 2017-10-11 14:16 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:16 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:20PM +0100, Dave P Martin wrote:
> The EFI runtime services ABI permits calls to EFI to clobber
> certain FPSIMD/NEON registers, as per the AArch64 procedure call
> standard.
>
> Saving/restoring the clobbered registers around such calls needs
> KERNEL_MODE_NEON, but the dependency is missing from Kconfig.
>
> This patch adds the missing dependency.
>
> This will aid bisection of the patches implementing support for the
> ARM Scalable Vector Extension (SVE).
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> ---
> arch/arm64/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 0df64a6..ca711ac 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1063,6 +1063,7 @@ config EFI_STUB
> config EFI
> bool "UEFI runtime support"
> depends on OF && !CPU_BIG_ENDIAN
> + depends on KERNEL_MODE_NEON
> select LIBFDT
> select UCS2_STRING
> select EFI_PARAMS_FROM_FDT
We could've used select KERNEL_MODE_NEON since it's a feature needed by
EFI but this works for me as well as KERNEL_MODE_NEON is def_bool y
already. Either way:
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 04/28] arm64: Port deprecated instruction emulation to new sysctl interface
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 14:17 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:17 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:21PM +0100, Dave P Martin wrote:
> Currently, armv8_deprected.c takes charge of the "abi" sysctl
> directory, which makes life difficult for other code that wants to
> register sysctls in the same directory.
>
> There is a "new" [1] sysctl registration interface that removes the
> need to define ctl_tables for parent directories explicitly, which
> is ideal here.
>
> This patch ports register_insn_emulation_sysctl() over to the
> register_sysctl() interface and removes the redundant ctl_table for
> "abi".
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>
> [1] fea478d4101a (sysctl: Add register_sysctl for normal sysctl
> users)
> The commit message notes an intent to port users of the
> pre-existing interfaces over to register_sysctl(), though the
> number of users of the new interface currently appears negligible.
> ---
> arch/arm64/kernel/armv8_deprecated.c | 15 +++------------
> 1 file changed, 3 insertions(+), 12 deletions(-)
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 04/28] arm64: Port deprecated instruction emulation to new sysctl interface
@ 2017-10-11 14:17 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:17 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:21PM +0100, Dave P Martin wrote:
> Currently, armv8_deprected.c takes charge of the "abi" sysctl
> directory, which makes life difficult for other code that wants to
> register sysctls in the same directory.
>
> There is a "new" [1] sysctl registration interface that removes the
> need to define ctl_tables for parent directories explicitly, which
> is ideal here.
>
> This patch ports register_insn_emulation_sysctl() over to the
> register_sysctl() interface and removes the redundant ctl_table for
> "abi".
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
>
> [1] fea478d4101a (sysctl: Add register_sysctl for normal sysctl
> users)
> The commit message notes an intent to port users of the
> pre-existing interfaces over to register_sysctl(), though the
> number of users of the new interface currently appears negligible.
> ---
> arch/arm64/kernel/armv8_deprecated.c | 15 +++------------
> 1 file changed, 3 insertions(+), 12 deletions(-)
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set, clear}_ti_thread_flag()
2017-10-10 18:38 ` [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag() Dave Martin
@ 2017-10-11 14:19 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:19 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:22PM +0100, Dave P Martin wrote:
> The existing FPSIMD context switch code contains a couple of
> instances of {set,clear}_ti_thread(task_thread_info(task)). Since
> there are thread flag manipulators that operate directly on
> task_struct, this verbosity isn't strictly needed.
>
> For consistency, this patch simplifies the affected calls. This
> should have no impact on behaviour.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set, clear}_ti_thread_flag()
@ 2017-10-11 14:19 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:19 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:22PM +0100, Dave P Martin wrote:
> The existing FPSIMD context switch code contains a couple of
> instances of {set,clear}_ti_thread(task_thread_info(task)). Since
> there are thread flag manipulators that operate directly on
> task_struct, this verbosity isn't strictly needed.
>
> For consistency, this patch simplifies the affected calls. This
> should have no impact on behaviour.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 06/28] arm64/sve: System register and exception syndrome definitions
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 14:20 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:20 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:23PM +0100, Dave P Martin wrote:
> The SVE architecture adds some system registers, ID register fields
> and a dedicated ESR exception class.
>
> This patch adds the appropriate definitions that will be needed by
> the kernel.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 06/28] arm64/sve: System register and exception syndrome definitions
@ 2017-10-11 14:20 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:20 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:23PM +0100, Dave P Martin wrote:
> The SVE architecture adds some system registers, ID register fields
> and a dedicated ESR exception class.
>
> This patch adds the appropriate definitions that will be needed by
> the kernel.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 07/28] arm64/sve: Low-level SVE architectural state manipulation functions
@ 2017-10-11 14:28 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:28 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, kvmarm,
linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:24PM +0100, Dave P Martin wrote:
> Manipulating the SVE architectural state, including the vector and
> predicate registers, first-fault register and the vector length,
> requires the use of dedicated instructions added by SVE.
>
> This patch adds suitable assembly functions for saving and
> restoring the SVE registers and querying the vector length.
> Setting of the vector length is done as part of register restore.
>
> Since people building kernels may not all get an SVE-enabled
> toolchain for a while, this patch uses macros that generate
> explicit opcodes in place of assembler mnemonics.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
(not adding reviewed-by as I haven't checked the instruction encodings,
I just trust you to be correct ;))
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 07/28] arm64/sve: Low-level SVE architectural state manipulation functions
@ 2017-10-11 14:28 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:28 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:24PM +0100, Dave P Martin wrote:
> Manipulating the SVE architectural state, including the vector and
> predicate registers, first-fault register and the vector length,
> requires the use of dedicated instructions added by SVE.
>
> This patch adds suitable assembly functions for saving and
> restoring the SVE registers and querying the vector length.
> Setting of the vector length is done as part of register restore.
>
> Since people building kernels may not all get an SVE-enabled
> toolchain for a while, this patch uses macros that generate
> explicit opcodes in place of assembler mnemonics.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
(not adding reviewed-by as I haven't checked the instruction encodings,
I just trust you to be correct ;))
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 07/28] arm64/sve: Low-level SVE architectural state manipulation functions
@ 2017-10-11 14:28 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:28 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:24PM +0100, Dave P Martin wrote:
> Manipulating the SVE architectural state, including the vector and
> predicate registers, first-fault register and the vector length,
> requires the use of dedicated instructions added by SVE.
>
> This patch adds suitable assembly functions for saving and
> restoring the SVE registers and querying the vector length.
> Setting of the vector length is done as part of register restore.
>
> Since people building kernels may not all get an SVE-enabled
> toolchain for a while, this patch uses macros that generate
> explicit opcodes in place of assembler mnemonics.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
(not adding reviewed-by as I haven't checked the instruction encodings,
I just trust you to be correct ;))
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 08/28] arm64/sve: Kconfig update and conditional compilation support
@ 2017-10-11 14:29 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:29 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, kvmarm,
linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:25PM +0100, Dave P Martin wrote:
> This patch adds CONFIG_ARM64_SVE to control building of SVE support
> into the kernel, and adds a stub predicate system_supports_sve() to
> control conditional compilation and runtime SVE support.
>
> system_supports_sve() just returns false for now: it will be
> replaced with a non-trivial implementation in a later patch, once
> SVE support is complete enough to be enabled safely.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 08/28] arm64/sve: Kconfig update and conditional compilation support
@ 2017-10-11 14:29 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:29 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:25PM +0100, Dave P Martin wrote:
> This patch adds CONFIG_ARM64_SVE to control building of SVE support
> into the kernel, and adds a stub predicate system_supports_sve() to
> control conditional compilation and runtime SVE support.
>
> system_supports_sve() just returns false for now: it will be
> replaced with a non-trivial implementation in a later patch, once
> SVE support is complete enough to be enabled safely.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 08/28] arm64/sve: Kconfig update and conditional compilation support
@ 2017-10-11 14:29 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:29 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:25PM +0100, Dave P Martin wrote:
> This patch adds CONFIG_ARM64_SVE to control building of SVE support
> into the kernel, and adds a stub predicate system_supports_sve() to
> control conditional compilation and runtime SVE support.
>
> system_supports_sve() just returns false for now: it will be
> replaced with a non-trivial implementation in a later patch, once
> SVE support is complete enough to be enabled safely.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 09/28] arm64/sve: Signal frame and context structure definition
@ 2017-10-11 14:29 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:29 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, kvmarm,
linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:26PM +0100, Dave P Martin wrote:
> This patch defines the representation that will be used for the SVE
> register state in the signal frame, and implements support for
> saving and restoring the SVE registers around signals.
>
> The same layout will also be used for the in-kernel task state.
>
> Due to the variability of the SVE vector length, it is not possible
> to define a fixed C struct to describe all the registers. Instead,
> Macros are defined in sigcontext.h to facilitate access to the
> parts of the structure.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 09/28] arm64/sve: Signal frame and context structure definition
@ 2017-10-11 14:29 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:29 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:26PM +0100, Dave P Martin wrote:
> This patch defines the representation that will be used for the SVE
> register state in the signal frame, and implements support for
> saving and restoring the SVE registers around signals.
>
> The same layout will also be used for the in-kernel task state.
>
> Due to the variability of the SVE vector length, it is not possible
> to define a fixed C struct to describe all the registers. Instead,
> Macros are defined in sigcontext.h to facilitate access to the
> parts of the structure.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 09/28] arm64/sve: Signal frame and context structure definition
@ 2017-10-11 14:29 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:29 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:26PM +0100, Dave P Martin wrote:
> This patch defines the representation that will be used for the SVE
> register state in the signal frame, and implements support for
> saving and restoring the SVE registers around signals.
>
> The same layout will also be used for the in-kernel task state.
>
> Due to the variability of the SVE vector length, it is not possible
> to define a fixed C struct to describe all the registers. Instead,
> Macros are defined in sigcontext.h to facilitate access to the
> parts of the structure.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 10/28] arm64/sve: Low-level CPU setup
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 14:30 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:30 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:27PM +0100, Dave P Martin wrote:
> To enable the kernel to use SVE, SVE traps from EL1 to EL2 must be
> disabled. To take maximum advantage of the hardware, the full
> available vector length also needs to be enabled for EL1 by
> programming ZCR_EL2.LEN. (The kernel will program ZCR_EL1.LEN as
> required, but this cannot override the limit set by ZCR_EL2.)
>
> Traps from EL0 to EL1 are also left enabled by virtue of setting
> the relevant CPACR bit at its default (RES0) value.
>
> This patch makes the appropriate changes to the primary and
> secondary CPU initialisation code.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 10/28] arm64/sve: Low-level CPU setup
@ 2017-10-11 14:30 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 14:30 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:27PM +0100, Dave P Martin wrote:
> To enable the kernel to use SVE, SVE traps from EL1 to EL2 must be
> disabled. To take maximum advantage of the hardware, the full
> available vector length also needs to be enabled for EL1 by
> programming ZCR_EL2.LEN. (The kernel will program ZCR_EL1.LEN as
> required, but this cannot override the limit set by ZCR_EL2.)
>
> Traps from EL0 to EL1 are also left enabled by virtue of setting
> the relevant CPACR bit at its default (RES0) value.
>
> This patch makes the appropriate changes to the primary and
> secondary CPU initialisation code.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 03/28] arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
2017-10-11 14:16 ` Catalin Marinas
@ 2017-10-11 14:35 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 14:35 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alex Bennée,
kvmarm, linux-arm-kernel
On Wed, Oct 11, 2017 at 03:16:47PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:20PM +0100, Dave P Martin wrote:
> > The EFI runtime services ABI permits calls to EFI to clobber
> > certain FPSIMD/NEON registers, as per the AArch64 procedure call
> > standard.
> >
> > Saving/restoring the clobbered registers around such calls needs
> > KERNEL_MODE_NEON, but the dependency is missing from Kconfig.
> >
> > This patch adds the missing dependency.
> >
> > This will aid bisection of the patches implementing support for the
> > ARM Scalable Vector Extension (SVE).
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> > ---
> > arch/arm64/Kconfig | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> > index 0df64a6..ca711ac 100644
> > --- a/arch/arm64/Kconfig
> > +++ b/arch/arm64/Kconfig
> > @@ -1063,6 +1063,7 @@ config EFI_STUB
> > config EFI
> > bool "UEFI runtime support"
> > depends on OF && !CPU_BIG_ENDIAN
> > + depends on KERNEL_MODE_NEON
> > select LIBFDT
> > select UCS2_STRING
> > select EFI_PARAMS_FROM_FDT
>
> We could've used select KERNEL_MODE_NEON since it's a feature needed by
> EFI but this works for me as well as KERNEL_MODE_NEON is def_bool y
> already. Either way:
>
> Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Agreed. I assumed this is moot anyway, since KERNEL_MODE_NEON will
rarely/never be deselected in practice.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 03/28] arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON
@ 2017-10-11 14:35 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 14:35 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 11, 2017 at 03:16:47PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:20PM +0100, Dave P Martin wrote:
> > The EFI runtime services ABI permits calls to EFI to clobber
> > certain FPSIMD/NEON registers, as per the AArch64 procedure call
> > standard.
> >
> > Saving/restoring the clobbered registers around such calls needs
> > KERNEL_MODE_NEON, but the dependency is missing from Kconfig.
> >
> > This patch adds the missing dependency.
> >
> > This will aid bisection of the patches implementing support for the
> > ARM Scalable Vector Extension (SVE).
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> > ---
> > arch/arm64/Kconfig | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> > index 0df64a6..ca711ac 100644
> > --- a/arch/arm64/Kconfig
> > +++ b/arch/arm64/Kconfig
> > @@ -1063,6 +1063,7 @@ config EFI_STUB
> > config EFI
> > bool "UEFI runtime support"
> > depends on OF && !CPU_BIG_ENDIAN
> > + depends on KERNEL_MODE_NEON
> > select LIBFDT
> > select UCS2_STRING
> > select EFI_PARAMS_FROM_FDT
>
> We could've used select KERNEL_MODE_NEON since it's a feature needed by
> EFI but this works for me as well as KERNEL_MODE_NEON is def_bool y
> already. Either way:
>
> Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Agreed. I assumed this is moot anyway, since KERNEL_MODE_NEON will
rarely/never be deselected in practice.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 07/28] arm64/sve: Low-level SVE architectural state manipulation functions
2017-10-11 14:28 ` Catalin Marinas
@ 2017-10-11 14:39 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 14:39 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alex Bennée,
kvmarm, linux-arm-kernel
On Wed, Oct 11, 2017 at 03:28:19PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:24PM +0100, Dave P Martin wrote:
> > Manipulating the SVE architectural state, including the vector and
> > predicate registers, first-fault register and the vector length,
> > requires the use of dedicated instructions added by SVE.
> >
> > This patch adds suitable assembly functions for saving and
> > restoring the SVE registers and querying the vector length.
> > Setting of the vector length is done as part of register restore.
> >
> > Since people building kernels may not all get an SVE-enabled
> > toolchain for a while, this patch uses macros that generate
> > explicit opcodes in place of assembler mnemonics.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>
> Acked-by: Catalin Marinas <catalin.marinas@arm.com>
>
> (not adding reviewed-by as I haven't checked the instruction encodings,
> I just trust you to be correct ;))
Agreed, I am sometimes correct.
Better, Alex _did_ check the encodings against binutils :)
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 07/28] arm64/sve: Low-level SVE architectural state manipulation functions
@ 2017-10-11 14:39 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 14:39 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 11, 2017 at 03:28:19PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:24PM +0100, Dave P Martin wrote:
> > Manipulating the SVE architectural state, including the vector and
> > predicate registers, first-fault register and the vector length,
> > requires the use of dedicated instructions added by SVE.
> >
> > This patch adds suitable assembly functions for saving and
> > restoring the SVE registers and querying the vector length.
> > Setting of the vector length is done as part of register restore.
> >
> > Since people building kernels may not all get an SVE-enabled
> > toolchain for a while, this patch uses macros that generate
> > explicit opcodes in place of assembler mnemonics.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
>
> Acked-by: Catalin Marinas <catalin.marinas@arm.com>
>
> (not adding reviewed-by as I haven't checked the instruction encodings,
> I just trust you to be correct ;))
Agreed, I am sometimes correct.
Better, Alex _did_ check the encodings against binutils :)
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 01/28] regset: Add support for dynamically sized regsets
2017-10-11 14:14 ` Catalin Marinas
(?)
(?)
@ 2017-10-11 14:45 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 14:45 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, viro,
linux-fsdevel, Alex Bennée, kvmarm, linux-arm-kernel
On Wed, Oct 11, 2017 at 03:14:10PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:18PM +0100, Dave P Martin wrote:
> > Currently the regset API doesn't allow for the possibility that
> > regsets (or at least, the amount of meaningful data in a regset)
> > may change in size.
> >
> > In particular, this results in useless padding being added to
> > coredumps in a regset's current size is smaller than its
> > theoretical maximum size.
> >
> > This patch adds a get_size() function to struct user_regset.
> > Individual regset implementations can implement this function to
> > return the current size of the regset data. A regset_size()
> > function is added to provide callers with an abstract interface for
> > determining the size of a regset without needing to know whether
> > the regset is dynamically sized or not.
> >
> > The only affected user of this interface is the ELF coredump code:
> > This patch ports ELF coredump to dump regsets with their actual
> > size in the coredump. This has no effect except for new regsets
> > that are dynamically sized and provide a get_size() implementation.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Benn�e <alex.bennee@linaro.org>
> > ---
> > fs/binfmt_elf.c | 6 ++---
> > include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
> > 2 files changed, 63 insertions(+), 10 deletions(-)
>
> The patch looks fine to me:
>
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
>
> However, you'd probably need an ack from the filesystem maintainers
> (cc'ed; patch below for reference).
Apologies for that -- I manually added Ccs to this patch in previous
postings, and predictably lost them in the respin.
I'll add Cc lines in the commit message, since there will be a
further re-spin of the series to apply the Documentation changes
requested by Szabolcs that I missed.
I don't currently have any pending fixes to _this_ patch, so it's still
worth reviewing.
Cheers
---Dave
[...]
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 01/28] regset: Add support for dynamically sized regsets
@ 2017-10-11 14:45 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 14:45 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, viro,
linux-fsdevel, kvmarm, linux-arm-kernel
On Wed, Oct 11, 2017 at 03:14:10PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:18PM +0100, Dave P Martin wrote:
> > Currently the regset API doesn't allow for the possibility that
> > regsets (or at least, the amount of meaningful data in a regset)
> > may change in size.
> >
> > In particular, this results in useless padding being added to
> > coredumps in a regset's current size is smaller than its
> > theoretical maximum size.
> >
> > This patch adds a get_size() function to struct user_regset.
> > Individual regset implementations can implement this function to
> > return the current size of the regset data. A regset_size()
> > function is added to provide callers with an abstract interface for
> > determining the size of a regset without needing to know whether
> > the regset is dynamically sized or not.
> >
> > The only affected user of this interface is the ELF coredump code:
> > This patch ports ELF coredump to dump regsets with their actual
> > size in the coredump. This has no effect except for new regsets
> > that are dynamically sized and provide a get_size() implementation.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> > ---
> > fs/binfmt_elf.c | 6 ++---
> > include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
> > 2 files changed, 63 insertions(+), 10 deletions(-)
>
> The patch looks fine to me:
>
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
>
> However, you'd probably need an ack from the filesystem maintainers
> (cc'ed; patch below for reference).
Apologies for that -- I manually added Ccs to this patch in previous
postings, and predictably lost them in the respin.
I'll add Cc lines in the commit message, since there will be a
further re-spin of the series to apply the Documentation changes
requested by Szabolcs that I missed.
I don't currently have any pending fixes to _this_ patch, so it's still
worth reviewing.
Cheers
---Dave
[...]
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 01/28] regset: Add support for dynamically sized regsets
@ 2017-10-11 14:45 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 14:45 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, viro,
linux-fsdevel, Alex Bennée, kvmarm, linux-arm-kernel
On Wed, Oct 11, 2017 at 03:14:10PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:18PM +0100, Dave P Martin wrote:
> > Currently the regset API doesn't allow for the possibility that
> > regsets (or at least, the amount of meaningful data in a regset)
> > may change in size.
> >
> > In particular, this results in useless padding being added to
> > coredumps in a regset's current size is smaller than its
> > theoretical maximum size.
> >
> > This patch adds a get_size() function to struct user_regset.
> > Individual regset implementations can implement this function to
> > return the current size of the regset data. A regset_size()
> > function is added to provide callers with an abstract interface for
> > determining the size of a regset without needing to know whether
> > the regset is dynamically sized or not.
> >
> > The only affected user of this interface is the ELF coredump code:
> > This patch ports ELF coredump to dump regsets with their actual
> > size in the coredump. This has no effect except for new regsets
> > that are dynamically sized and provide a get_size() implementation.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> > ---
> > fs/binfmt_elf.c | 6 ++---
> > include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
> > 2 files changed, 63 insertions(+), 10 deletions(-)
>
> The patch looks fine to me:
>
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
>
> However, you'd probably need an ack from the filesystem maintainers
> (cc'ed; patch below for reference).
Apologies for that -- I manually added Ccs to this patch in previous
postings, and predictably lost them in the respin.
I'll add Cc lines in the commit message, since there will be a
further re-spin of the series to apply the Documentation changes
requested by Szabolcs that I missed.
I don't currently have any pending fixes to _this_ patch, so it's still
worth reviewing.
Cheers
---Dave
[...]
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 01/28] regset: Add support for dynamically sized regsets
@ 2017-10-11 14:45 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-11 14:45 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 11, 2017 at 03:14:10PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:18PM +0100, Dave P Martin wrote:
> > Currently the regset API doesn't allow for the possibility that
> > regsets (or at least, the amount of meaningful data in a regset)
> > may change in size.
> >
> > In particular, this results in useless padding being added to
> > coredumps in a regset's current size is smaller than its
> > theoretical maximum size.
> >
> > This patch adds a get_size() function to struct user_regset.
> > Individual regset implementations can implement this function to
> > return the current size of the regset data. A regset_size()
> > function is added to provide callers with an abstract interface for
> > determining the size of a regset without needing to know whether
> > the regset is dynamically sized or not.
> >
> > The only affected user of this interface is the ELF coredump code:
> > This patch ports ELF coredump to dump regsets with their actual
> > size in the coredump. This has no effect except for new regsets
> > that are dynamically sized and provide a get_size() implementation.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> > ---
> > fs/binfmt_elf.c | 6 ++---
> > include/linux/regset.h | 67 ++++++++++++++++++++++++++++++++++++++++++++------
> > 2 files changed, 63 insertions(+), 10 deletions(-)
>
> The patch looks fine to me:
>
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
>
> However, you'd probably need an ack from the filesystem maintainers
> (cc'ed; patch below for reference).
Apologies for that -- I manually added Ccs to this patch in previous
postings, and predictably lost them in the respin.
I'll add Cc lines in the commit message, since there will be a
further re-spin of the series to apply the Documentation changes
requested by Szabolcs that I missed.
I don't currently have any pending fixes to _this_ patch, so it's still
worth reviewing.
Cheers
---Dave
[...]
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 11/28] arm64/sve: Core task context handling
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 16:15 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:15 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:28PM +0100, Dave P Martin wrote:
> diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> index 026a7c7..b1409de 100644
> --- a/arch/arm64/include/asm/fpsimd.h
> +++ b/arch/arm64/include/asm/fpsimd.h
> @@ -72,6 +75,20 @@ extern void sve_load_state(void const *state, u32 const *pfpsr,
> unsigned long vq_minus_1);
> extern unsigned int sve_get_vl(void);
>
> +#ifdef CONFIG_ARM64_SVE
> +
> +extern size_t sve_state_size(struct task_struct const *task);
> +
> +extern void sve_alloc(struct task_struct *task);
> +extern void fpsimd_release_thread(struct task_struct *task);
> +
> +#else /* ! CONFIG_ARM64_SVE */
> +
> +static void __maybe_unused sve_alloc(struct task_struct *task) { }
> +static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
Nitpick: usually we just add static inline functions here rather than
__maybe_unused.
> diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> index 29adab8..4831d28 100644
> --- a/arch/arm64/include/asm/processor.h
> +++ b/arch/arm64/include/asm/processor.h
> @@ -39,6 +47,8 @@
> #define FPEXC_IDF (1 << 7)
>
> /*
> + * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
> + *
> * In order to reduce the number of times the FPSIMD state is needlessly saved
> * and restored, we need to keep track of two things:
> * (a) for each task, we need to remember which CPU was the last one to have
> @@ -99,6 +109,287 @@
> */
> static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
>
> +static void sve_free(struct task_struct *task)
> +{
> + kfree(task->thread.sve_state);
> + task->thread.sve_state = NULL;
> +}
I think we need a WARN_ON if TIF_SVE is still set here (and the callers
making sure it is cleared). I haven't checked the code paths via
fpsimd_release_thread() but wondering what happens if we get an
interrupt between freeing the state and making the pointer NULL, with
some context switching in a preemptible kernel.
Alternatively, always clear TIF_SVE here before freeing (also wondering
whether we should make sve_state NULL before the actual freeing but I
think TIF_SVE clearing should suffice).
> +/*
> + * TIF_SVE controls whether a task can use SVE without trapping while
> + * in userspace, and also the way a task's FPSIMD/SVE state is stored
> + * in thread_struct.
> + *
> + * The kernel uses this flag to track whether a user task is actively
> + * using SVE, and therefore whether full SVE register state needs to
> + * be tracked. If not, the cheaper FPSIMD context handling code can
> + * be used instead of the more costly SVE equivalents.
> + *
> + * * TIF_SVE set:
> + *
> + * The task can execute SVE instructions while in userspace without
> + * trapping to the kernel.
> + *
> + * When stored, Z0-Z31 (incorporating Vn in bits[127:0] or the
> + * corresponding Zn), P0-P15 and FFR are encoded in in
> + * task->thread.sve_state, formatted appropriately for vector
> + * length task->thread.sve_vl.
> + *
> + * task->thread.sve_state must point to a valid buffer at least
> + * sve_state_size(task) bytes in size.
> + *
> + * During any syscall, the kernel may optionally clear TIF_SVE and
> + * discard the vector state except for the FPSIMD subset.
> + *
> + * * TIF_SVE clear:
> + *
> + * An attempt by the user task to execute an SVE instruction causes
> + * do_sve_acc() to be called, which does some preparation and then
> + * sets TIF_SVE.
> + *
> + * When stored, FPSIMD registers V0-V31 are encoded in
> + * task->fpsimd_state; bits [max : 128] for each of Z0-Z31 are
> + * logically zero but not stored anywhere; P0-P15 and FFR are not
> + * stored and have unspecified values from userspace's point of
> + * view. For hygiene purposes, the kernel zeroes them on next use,
> + * but userspace is discouraged from relying on this.
> + *
> + * task->thread.sve_state does not need to be non-NULL, valid or any
> + * particular size: it must not be dereferenced.
> + *
> + * * FPSR and FPCR are always stored in task->fpsimd_state irrespctive of
> + * whether TIF_SVE is clear or set, since these are not vector length
> + * dependent.
> + */
This looks fine, thanks for adding the description.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 11/28] arm64/sve: Core task context handling
@ 2017-10-11 16:15 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:15 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:28PM +0100, Dave P Martin wrote:
> diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> index 026a7c7..b1409de 100644
> --- a/arch/arm64/include/asm/fpsimd.h
> +++ b/arch/arm64/include/asm/fpsimd.h
> @@ -72,6 +75,20 @@ extern void sve_load_state(void const *state, u32 const *pfpsr,
> unsigned long vq_minus_1);
> extern unsigned int sve_get_vl(void);
>
> +#ifdef CONFIG_ARM64_SVE
> +
> +extern size_t sve_state_size(struct task_struct const *task);
> +
> +extern void sve_alloc(struct task_struct *task);
> +extern void fpsimd_release_thread(struct task_struct *task);
> +
> +#else /* ! CONFIG_ARM64_SVE */
> +
> +static void __maybe_unused sve_alloc(struct task_struct *task) { }
> +static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
Nitpick: usually we just add static inline functions here rather than
__maybe_unused.
> diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> index 29adab8..4831d28 100644
> --- a/arch/arm64/include/asm/processor.h
> +++ b/arch/arm64/include/asm/processor.h
> @@ -39,6 +47,8 @@
> #define FPEXC_IDF (1 << 7)
>
> /*
> + * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
> + *
> * In order to reduce the number of times the FPSIMD state is needlessly saved
> * and restored, we need to keep track of two things:
> * (a) for each task, we need to remember which CPU was the last one to have
> @@ -99,6 +109,287 @@
> */
> static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
>
> +static void sve_free(struct task_struct *task)
> +{
> + kfree(task->thread.sve_state);
> + task->thread.sve_state = NULL;
> +}
I think we need a WARN_ON if TIF_SVE is still set here (and the callers
making sure it is cleared). I haven't checked the code paths via
fpsimd_release_thread() but wondering what happens if we get an
interrupt between freeing the state and making the pointer NULL, with
some context switching in a preemptible kernel.
Alternatively, always clear TIF_SVE here before freeing (also wondering
whether we should make sve_state NULL before the actual freeing but I
think TIF_SVE clearing should suffice).
> +/*
> + * TIF_SVE controls whether a task can use SVE without trapping while
> + * in userspace, and also the way a task's FPSIMD/SVE state is stored
> + * in thread_struct.
> + *
> + * The kernel uses this flag to track whether a user task is actively
> + * using SVE, and therefore whether full SVE register state needs to
> + * be tracked. If not, the cheaper FPSIMD context handling code can
> + * be used instead of the more costly SVE equivalents.
> + *
> + * * TIF_SVE set:
> + *
> + * The task can execute SVE instructions while in userspace without
> + * trapping to the kernel.
> + *
> + * When stored, Z0-Z31 (incorporating Vn in bits[127:0] or the
> + * corresponding Zn), P0-P15 and FFR are encoded in in
> + * task->thread.sve_state, formatted appropriately for vector
> + * length task->thread.sve_vl.
> + *
> + * task->thread.sve_state must point to a valid buffer at least
> + * sve_state_size(task) bytes in size.
> + *
> + * During any syscall, the kernel may optionally clear TIF_SVE and
> + * discard the vector state except for the FPSIMD subset.
> + *
> + * * TIF_SVE clear:
> + *
> + * An attempt by the user task to execute an SVE instruction causes
> + * do_sve_acc() to be called, which does some preparation and then
> + * sets TIF_SVE.
> + *
> + * When stored, FPSIMD registers V0-V31 are encoded in
> + * task->fpsimd_state; bits [max : 128] for each of Z0-Z31 are
> + * logically zero but not stored anywhere; P0-P15 and FFR are not
> + * stored and have unspecified values from userspace's point of
> + * view. For hygiene purposes, the kernel zeroes them on next use,
> + * but userspace is discouraged from relying on this.
> + *
> + * task->thread.sve_state does not need to be non-NULL, valid or any
> + * particular size: it must not be dereferenced.
> + *
> + * * FPSR and FPCR are always stored in task->fpsimd_state irrespctive of
> + * whether TIF_SVE is clear or set, since these are not vector length
> + * dependent.
> + */
This looks fine, thanks for adding the description.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 12/28] arm64/sve: Support vector length resetting for new processes
@ 2017-10-11 16:16 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:16 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, kvmarm,
linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:29PM +0100, Dave P Martin wrote:
> It's desirable to be able to reset the vector length to some sane
> default for new processes, since the new binary and its libraries
> processes may or may not be SVE-aware.
>
> This patch tracks the desired post-exec vector length (if any) in a
> new thread member sve_vl_onexec, and adds a new thread flag
> TIF_SVE_VL_INHERIT to control whether to inherit or reset the
> vector length. Currently these are inactive. Subsequent patches
> will provide the capability to configure them.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 12/28] arm64/sve: Support vector length resetting for new processes
@ 2017-10-11 16:16 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:16 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:29PM +0100, Dave P Martin wrote:
> It's desirable to be able to reset the vector length to some sane
> default for new processes, since the new binary and its libraries
> processes may or may not be SVE-aware.
>
> This patch tracks the desired post-exec vector length (if any) in a
> new thread member sve_vl_onexec, and adds a new thread flag
> TIF_SVE_VL_INHERIT to control whether to inherit or reset the
> vector length. Currently these are inactive. Subsequent patches
> will provide the capability to configure them.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 12/28] arm64/sve: Support vector length resetting for new processes
@ 2017-10-11 16:16 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:16 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:29PM +0100, Dave P Martin wrote:
> It's desirable to be able to reset the vector length to some sane
> default for new processes, since the new binary and its libraries
> processes may or may not be SVE-aware.
>
> This patch tracks the desired post-exec vector length (if any) in a
> new thread member sve_vl_onexec, and adds a new thread flag
> TIF_SVE_VL_INHERIT to control whether to inherit or reset the
> vector length. Currently these are inactive. Subsequent patches
> will provide the capability to configure them.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 16:21 ` Marc Zyngier
-1 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-11 16:21 UTC (permalink / raw)
To: Dave Martin, linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Christoffer Dall
[+ Christoffer]
On 10/10/17 19:38, Dave Martin wrote:
> Currently, a guest kernel sees the true CPU feature registers
> (ID_*_EL1) when it reads them using MRS instructions. This means
> that the guest will observe features that are present in the
> hardware but the host doesn't understand or doesn't provide support
> for. A guest may legimitately try to use such a feature as per the
> architecture, but use of the feature may trap instead of working
> normally, triggering undef injection into the guest.
>
> This is not a problem for the host, but the guest may go wrong when
> running on newer hardware than the host knows about.
>
> This patch hides from guest VMs any AArch64-specific CPU features
> that the host doesn't support, by exposing to the guest the
> sanitised versions of the registers computed by the cpufeatures
> framework, instead of the true hardware registers. To achieve
> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
> code is added to KVM to report the sanitised versions of the
> affected registers in response to MRS and register reads from
> userspace.
>
> The affected registers are removed from invariant_sys_regs[] (since
> the invariant_sys_regs handling is no longer quite correct for
> them) and added to sys_reg_desgs[], with appropriate access(),
> get_user() and set_user() methods. No runtime vcpu storage is
> allocated for the registers: instead, they are read on demand from
> the cpufeatures framework. This may need modification in the
> future if there is a need for userspace to customise the features
> visible to the guest.
>
> Attempts by userspace to write the registers are handled similarly
> to the current invariant_sys_regs handling: writes are permitted,
> but only if they don't attempt to change the value. This is
> sufficient to support VM snapshot/restore from userspace.
>
> Because of the additional registers, restoring a VM on an older
> kernel may not work unless userspace knows how to handle the extra
> VM registers exposed to the KVM user ABI by this patch.
>
> Under the principle of least damage, this patch makes no attempt to
> handle any of the other registers currently in
> invariant_sys_regs[], or to emulate registers for AArch32: however,
> these could be handled in a similar way in future, as necessary.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/include/asm/sysreg.h | 3 +
> arch/arm64/kvm/hyp/switch.c | 6 +
> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
> 3 files changed, 246 insertions(+), 45 deletions(-)
>
> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> index f707fed..480ecd6 100644
> --- a/arch/arm64/include/asm/sysreg.h
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -149,6 +149,9 @@
> #define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
> #define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
>
> +#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
> +#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
> +
> #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
> #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
>
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 945e79c..35a90b8 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
> * it will cause an exception.
> */
> val = vcpu->arch.hcr_el2;
> +
> if (!(val & HCR_RW) && system_supports_fpsimd()) {
> write_sysreg(1 << 30, fpexc32_el2);
> isb();
> }
> +
> + if (val & HCR_RW) /* for AArch64 only: */
> + val |= HCR_TID3; /* TID3: trap feature register accesses */
> +
> write_sysreg(val, hcr_el2);
> +
> /* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
> write_sysreg(1 << 15, hstr_el2);
> /*
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index 2e070d3..b1f7552 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
> return true;
> }
>
> +/* Read a sanitised cpufeature ID register by sys_reg_desc */
> +static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> +{
> + u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> + (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> +
> + return raz ? 0 : read_sanitised_ftr_reg(id);
> +}
> +
> +/* cpufeature ID register access trap handlers */
> +
> +static bool __access_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r,
> + bool raz)
> +{
> + if (p->is_write)
> + return write_to_read_only(vcpu, p, r);
> +
> + p->regval = read_id_reg(r, raz);
> + return true;
> +}
> +
> +static bool access_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + return __access_id_reg(vcpu, p, r, false);
> +}
> +
> +static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + return __access_id_reg(vcpu, p, r, true);
> +}
> +
> +static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
> +static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
> +static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
> +
> +/*
> + * cpufeature ID register user accessors
> + *
> + * For now, these registers are immutable for userspace, so no values
> + * are stored, and for set_id_reg() we don't allow the effective value
> + * to be changed.
> + */
> +static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> + bool raz)
> +{
> + const u64 id = sys_reg_to_index(rd);
> + const u64 val = read_id_reg(rd, raz);
> +
> + return reg_to_user(uaddr, &val, id);
> +}
> +
> +static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> + bool raz)
> +{
> + const u64 id = sys_reg_to_index(rd);
> + int err;
> + u64 val;
> +
> + err = reg_from_user(&val, uaddr, id);
> + if (err)
> + return err;
> +
> + /* This is what we mean by invariant: you can't change it. */
> + if (val != read_id_reg(rd, raz))
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> +static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __get_id_reg(rd, uaddr, false);
> +}
> +
> +static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __set_id_reg(rd, uaddr, false);
> +}
> +
> +static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __get_id_reg(rd, uaddr, true);
> +}
> +
> +static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __set_id_reg(rd, uaddr, true);
> +}
> +
> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> +#define ID_SANITISED(name) { \
> + SYS_DESC(SYS_##name), \
> + .access = access_id_reg, \
> + .get_user = get_id_reg, \
> + .set_user = set_id_reg, \
> +}
> +
> +/*
> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> + * (1 <= crm < 8, 0 <= Op2 < 8).
> + */
> +#define ID_UNALLOCATED(crm, op2) { \
> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> + .access = access_raz_id_reg, \
> + .get_user = get_raz_id_reg, \
> + .set_user = set_raz_id_reg, \
> +}
> +
> +/*
> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> + * For now, these are exposed just like unallocated ID regs: they appear
> + * RAZ for the guest.
> + */
> +#define ID_HIDDEN(name) { \
> + SYS_DESC(SYS_##name), \
> + .access = access_raz_id_reg, \
> + .get_user = get_raz_id_reg, \
> + .set_user = set_raz_id_reg, \
> +}
> +
> /*
> * Architected system registers.
> * Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2
> @@ -944,6 +1075,84 @@ static const struct sys_reg_desc sys_reg_descs[] = {
> { SYS_DESC(SYS_DBGVCR32_EL2), NULL, reset_val, DBGVCR32_EL2, 0 },
>
> { SYS_DESC(SYS_MPIDR_EL1), NULL, reset_mpidr, MPIDR_EL1 },
> +
> + /*
> + * ID regs: all ID_SANITISED() entries here must have corresponding
> + * entries in arm64_ftr_regs[].
> + */
> +
> + /* AArch64 mappings of the AArch32 ID registers */
> + /* CRm=1 */
> + ID_SANITISED(ID_PFR0_EL1),
> + ID_SANITISED(ID_PFR1_EL1),
> + ID_SANITISED(ID_DFR0_EL1),
> + ID_HIDDEN(ID_AFR0_EL1),
> + ID_SANITISED(ID_MMFR0_EL1),
> + ID_SANITISED(ID_MMFR1_EL1),
> + ID_SANITISED(ID_MMFR2_EL1),
> + ID_SANITISED(ID_MMFR3_EL1),
> +
> + /* CRm=2 */
> + ID_SANITISED(ID_ISAR0_EL1),
> + ID_SANITISED(ID_ISAR1_EL1),
> + ID_SANITISED(ID_ISAR2_EL1),
> + ID_SANITISED(ID_ISAR3_EL1),
> + ID_SANITISED(ID_ISAR4_EL1),
> + ID_SANITISED(ID_ISAR5_EL1),
> + ID_SANITISED(ID_MMFR4_EL1),
> + ID_UNALLOCATED(2,7),
> +
> + /* CRm=3 */
> + ID_SANITISED(MVFR0_EL1),
> + ID_SANITISED(MVFR1_EL1),
> + ID_SANITISED(MVFR2_EL1),
> + ID_UNALLOCATED(3,3),
> + ID_UNALLOCATED(3,4),
> + ID_UNALLOCATED(3,5),
> + ID_UNALLOCATED(3,6),
> + ID_UNALLOCATED(3,7),
> +
> + /* AArch64 ID registers */
> + /* CRm=4 */
> + ID_SANITISED(ID_AA64PFR0_EL1),
> + ID_SANITISED(ID_AA64PFR1_EL1),
> + ID_UNALLOCATED(4,2),
> + ID_UNALLOCATED(4,3),
> + ID_UNALLOCATED(4,4),
> + ID_UNALLOCATED(4,5),
> + ID_UNALLOCATED(4,6),
> + ID_UNALLOCATED(4,7),
> +
> + /* CRm=5 */
> + ID_SANITISED(ID_AA64DFR0_EL1),
> + ID_SANITISED(ID_AA64DFR1_EL1),
> + ID_UNALLOCATED(5,2),
> + ID_UNALLOCATED(5,3),
> + ID_HIDDEN(ID_AA64AFR0_EL1),
> + ID_HIDDEN(ID_AA64AFR1_EL1),
> + ID_UNALLOCATED(5,6),
> + ID_UNALLOCATED(5,7),
> +
> + /* CRm=6 */
> + ID_SANITISED(ID_AA64ISAR0_EL1),
> + ID_SANITISED(ID_AA64ISAR1_EL1),
> + ID_UNALLOCATED(6,2),
> + ID_UNALLOCATED(6,3),
> + ID_UNALLOCATED(6,4),
> + ID_UNALLOCATED(6,5),
> + ID_UNALLOCATED(6,6),
> + ID_UNALLOCATED(6,7),
> +
> + /* CRm=7 */
> + ID_SANITISED(ID_AA64MMFR0_EL1),
> + ID_SANITISED(ID_AA64MMFR1_EL1),
> + ID_SANITISED(ID_AA64MMFR2_EL1),
> + ID_UNALLOCATED(7,3),
> + ID_UNALLOCATED(7,4),
> + ID_UNALLOCATED(7,5),
> + ID_UNALLOCATED(7,6),
> + ID_UNALLOCATED(7,7),
> +
> { SYS_DESC(SYS_SCTLR_EL1), access_vm_reg, reset_val, SCTLR_EL1, 0x00C50078 },
> { SYS_DESC(SYS_CPACR_EL1), NULL, reset_val, CPACR_EL1, 0 },
> { SYS_DESC(SYS_TTBR0_EL1), access_vm_reg, reset_unknown, TTBR0_EL1 },
> @@ -1790,8 +1999,8 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
> if (!r)
> r = find_reg(¶ms, sys_reg_descs, ARRAY_SIZE(sys_reg_descs));
>
> - /* Not saved in the sys_reg array? */
> - if (r && !r->reg)
> + /* Not saved in the sys_reg array and not otherwise accessible? */
> + if (r && !(r->reg || r->get_user))
> r = NULL;
>
> return r;
> @@ -1815,20 +2024,6 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
> FUNCTION_INVARIANT(midr_el1)
> FUNCTION_INVARIANT(ctr_el0)
> FUNCTION_INVARIANT(revidr_el1)
> -FUNCTION_INVARIANT(id_pfr0_el1)
> -FUNCTION_INVARIANT(id_pfr1_el1)
> -FUNCTION_INVARIANT(id_dfr0_el1)
> -FUNCTION_INVARIANT(id_afr0_el1)
> -FUNCTION_INVARIANT(id_mmfr0_el1)
> -FUNCTION_INVARIANT(id_mmfr1_el1)
> -FUNCTION_INVARIANT(id_mmfr2_el1)
> -FUNCTION_INVARIANT(id_mmfr3_el1)
> -FUNCTION_INVARIANT(id_isar0_el1)
> -FUNCTION_INVARIANT(id_isar1_el1)
> -FUNCTION_INVARIANT(id_isar2_el1)
> -FUNCTION_INVARIANT(id_isar3_el1)
> -FUNCTION_INVARIANT(id_isar4_el1)
> -FUNCTION_INVARIANT(id_isar5_el1)
> FUNCTION_INVARIANT(clidr_el1)
> FUNCTION_INVARIANT(aidr_el1)
>
> @@ -1836,20 +2031,6 @@ FUNCTION_INVARIANT(aidr_el1)
> static struct sys_reg_desc invariant_sys_regs[] = {
> { SYS_DESC(SYS_MIDR_EL1), NULL, get_midr_el1 },
> { SYS_DESC(SYS_REVIDR_EL1), NULL, get_revidr_el1 },
> - { SYS_DESC(SYS_ID_PFR0_EL1), NULL, get_id_pfr0_el1 },
> - { SYS_DESC(SYS_ID_PFR1_EL1), NULL, get_id_pfr1_el1 },
> - { SYS_DESC(SYS_ID_DFR0_EL1), NULL, get_id_dfr0_el1 },
> - { SYS_DESC(SYS_ID_AFR0_EL1), NULL, get_id_afr0_el1 },
> - { SYS_DESC(SYS_ID_MMFR0_EL1), NULL, get_id_mmfr0_el1 },
> - { SYS_DESC(SYS_ID_MMFR1_EL1), NULL, get_id_mmfr1_el1 },
> - { SYS_DESC(SYS_ID_MMFR2_EL1), NULL, get_id_mmfr2_el1 },
> - { SYS_DESC(SYS_ID_MMFR3_EL1), NULL, get_id_mmfr3_el1 },
> - { SYS_DESC(SYS_ID_ISAR0_EL1), NULL, get_id_isar0_el1 },
> - { SYS_DESC(SYS_ID_ISAR1_EL1), NULL, get_id_isar1_el1 },
> - { SYS_DESC(SYS_ID_ISAR2_EL1), NULL, get_id_isar2_el1 },
> - { SYS_DESC(SYS_ID_ISAR3_EL1), NULL, get_id_isar3_el1 },
> - { SYS_DESC(SYS_ID_ISAR4_EL1), NULL, get_id_isar4_el1 },
> - { SYS_DESC(SYS_ID_ISAR5_EL1), NULL, get_id_isar5_el1 },
> { SYS_DESC(SYS_CLIDR_EL1), NULL, get_clidr_el1 },
> { SYS_DESC(SYS_AIDR_EL1), NULL, get_aidr_el1 },
> { SYS_DESC(SYS_CTR_EL0), NULL, get_ctr_el0 },
> @@ -2079,12 +2260,31 @@ static bool copy_reg_to_user(const struct sys_reg_desc *reg, u64 __user **uind)
> return true;
> }
>
> +static int walk_one_sys_reg(const struct sys_reg_desc *rd,
> + u64 __user **uind,
> + unsigned int *total)
> +{
> + /*
> + * Ignore registers we trap but don't save,
> + * and for which no custom user accessor is provided.
> + */
> + if (!(rd->reg || rd->get_user))
> + return 0;
> +
> + if (!copy_reg_to_user(rd, uind))
> + return -EFAULT;
> +
> + (*total)++;
> + return 0;
> +}
> +
> /* Assumed ordered tables, see kvm_sys_reg_table_init. */
> static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
> {
> const struct sys_reg_desc *i1, *i2, *end1, *end2;
> unsigned int total = 0;
> size_t num;
> + int err;
>
> /* We check for duplicates here, to allow arch-specific overrides. */
> i1 = get_target_table(vcpu->arch.target, true, &num);
> @@ -2098,21 +2298,13 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
> while (i1 || i2) {
> int cmp = cmp_sys_reg(i1, i2);
> /* target-specific overrides generic entry. */
> - if (cmp <= 0) {
> - /* Ignore registers we trap but don't save. */
> - if (i1->reg) {
> - if (!copy_reg_to_user(i1, &uind))
> - return -EFAULT;
> - total++;
> - }
> - } else {
> - /* Ignore registers we trap but don't save. */
> - if (i2->reg) {
> - if (!copy_reg_to_user(i2, &uind))
> - return -EFAULT;
> - total++;
> - }
> - }
> + if (cmp <= 0)
> + err = walk_one_sys_reg(i1, &uind, &total);
> + else
> + err = walk_one_sys_reg(i2, &uind, &total);
> +
> + if (err)
> + return err;
>
> if (cmp <= 0 && ++i1 == end1)
> i1 = NULL;
>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
@ 2017-10-11 16:21 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-11 16:21 UTC (permalink / raw)
To: linux-arm-kernel
[+ Christoffer]
On 10/10/17 19:38, Dave Martin wrote:
> Currently, a guest kernel sees the true CPU feature registers
> (ID_*_EL1) when it reads them using MRS instructions. This means
> that the guest will observe features that are present in the
> hardware but the host doesn't understand or doesn't provide support
> for. A guest may legimitately try to use such a feature as per the
> architecture, but use of the feature may trap instead of working
> normally, triggering undef injection into the guest.
>
> This is not a problem for the host, but the guest may go wrong when
> running on newer hardware than the host knows about.
>
> This patch hides from guest VMs any AArch64-specific CPU features
> that the host doesn't support, by exposing to the guest the
> sanitised versions of the registers computed by the cpufeatures
> framework, instead of the true hardware registers. To achieve
> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
> code is added to KVM to report the sanitised versions of the
> affected registers in response to MRS and register reads from
> userspace.
>
> The affected registers are removed from invariant_sys_regs[] (since
> the invariant_sys_regs handling is no longer quite correct for
> them) and added to sys_reg_desgs[], with appropriate access(),
> get_user() and set_user() methods. No runtime vcpu storage is
> allocated for the registers: instead, they are read on demand from
> the cpufeatures framework. This may need modification in the
> future if there is a need for userspace to customise the features
> visible to the guest.
>
> Attempts by userspace to write the registers are handled similarly
> to the current invariant_sys_regs handling: writes are permitted,
> but only if they don't attempt to change the value. This is
> sufficient to support VM snapshot/restore from userspace.
>
> Because of the additional registers, restoring a VM on an older
> kernel may not work unless userspace knows how to handle the extra
> VM registers exposed to the KVM user ABI by this patch.
>
> Under the principle of least damage, this patch makes no attempt to
> handle any of the other registers currently in
> invariant_sys_regs[], or to emulate registers for AArch32: however,
> these could be handled in a similar way in future, as necessary.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/include/asm/sysreg.h | 3 +
> arch/arm64/kvm/hyp/switch.c | 6 +
> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
> 3 files changed, 246 insertions(+), 45 deletions(-)
>
> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> index f707fed..480ecd6 100644
> --- a/arch/arm64/include/asm/sysreg.h
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -149,6 +149,9 @@
> #define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
> #define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
>
> +#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
> +#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
> +
> #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
> #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
>
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 945e79c..35a90b8 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
> * it will cause an exception.
> */
> val = vcpu->arch.hcr_el2;
> +
> if (!(val & HCR_RW) && system_supports_fpsimd()) {
> write_sysreg(1 << 30, fpexc32_el2);
> isb();
> }
> +
> + if (val & HCR_RW) /* for AArch64 only: */
> + val |= HCR_TID3; /* TID3: trap feature register accesses */
> +
> write_sysreg(val, hcr_el2);
> +
> /* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
> write_sysreg(1 << 15, hstr_el2);
> /*
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index 2e070d3..b1f7552 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
> return true;
> }
>
> +/* Read a sanitised cpufeature ID register by sys_reg_desc */
> +static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> +{
> + u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> + (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> +
> + return raz ? 0 : read_sanitised_ftr_reg(id);
> +}
> +
> +/* cpufeature ID register access trap handlers */
> +
> +static bool __access_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r,
> + bool raz)
> +{
> + if (p->is_write)
> + return write_to_read_only(vcpu, p, r);
> +
> + p->regval = read_id_reg(r, raz);
> + return true;
> +}
> +
> +static bool access_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + return __access_id_reg(vcpu, p, r, false);
> +}
> +
> +static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + return __access_id_reg(vcpu, p, r, true);
> +}
> +
> +static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
> +static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
> +static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
> +
> +/*
> + * cpufeature ID register user accessors
> + *
> + * For now, these registers are immutable for userspace, so no values
> + * are stored, and for set_id_reg() we don't allow the effective value
> + * to be changed.
> + */
> +static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> + bool raz)
> +{
> + const u64 id = sys_reg_to_index(rd);
> + const u64 val = read_id_reg(rd, raz);
> +
> + return reg_to_user(uaddr, &val, id);
> +}
> +
> +static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> + bool raz)
> +{
> + const u64 id = sys_reg_to_index(rd);
> + int err;
> + u64 val;
> +
> + err = reg_from_user(&val, uaddr, id);
> + if (err)
> + return err;
> +
> + /* This is what we mean by invariant: you can't change it. */
> + if (val != read_id_reg(rd, raz))
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> +static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __get_id_reg(rd, uaddr, false);
> +}
> +
> +static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __set_id_reg(rd, uaddr, false);
> +}
> +
> +static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __get_id_reg(rd, uaddr, true);
> +}
> +
> +static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __set_id_reg(rd, uaddr, true);
> +}
> +
> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> +#define ID_SANITISED(name) { \
> + SYS_DESC(SYS_##name), \
> + .access = access_id_reg, \
> + .get_user = get_id_reg, \
> + .set_user = set_id_reg, \
> +}
> +
> +/*
> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> + * (1 <= crm < 8, 0 <= Op2 < 8).
> + */
> +#define ID_UNALLOCATED(crm, op2) { \
> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> + .access = access_raz_id_reg, \
> + .get_user = get_raz_id_reg, \
> + .set_user = set_raz_id_reg, \
> +}
> +
> +/*
> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> + * For now, these are exposed just like unallocated ID regs: they appear
> + * RAZ for the guest.
> + */
> +#define ID_HIDDEN(name) { \
> + SYS_DESC(SYS_##name), \
> + .access = access_raz_id_reg, \
> + .get_user = get_raz_id_reg, \
> + .set_user = set_raz_id_reg, \
> +}
> +
> /*
> * Architected system registers.
> * Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2
> @@ -944,6 +1075,84 @@ static const struct sys_reg_desc sys_reg_descs[] = {
> { SYS_DESC(SYS_DBGVCR32_EL2), NULL, reset_val, DBGVCR32_EL2, 0 },
>
> { SYS_DESC(SYS_MPIDR_EL1), NULL, reset_mpidr, MPIDR_EL1 },
> +
> + /*
> + * ID regs: all ID_SANITISED() entries here must have corresponding
> + * entries in arm64_ftr_regs[].
> + */
> +
> + /* AArch64 mappings of the AArch32 ID registers */
> + /* CRm=1 */
> + ID_SANITISED(ID_PFR0_EL1),
> + ID_SANITISED(ID_PFR1_EL1),
> + ID_SANITISED(ID_DFR0_EL1),
> + ID_HIDDEN(ID_AFR0_EL1),
> + ID_SANITISED(ID_MMFR0_EL1),
> + ID_SANITISED(ID_MMFR1_EL1),
> + ID_SANITISED(ID_MMFR2_EL1),
> + ID_SANITISED(ID_MMFR3_EL1),
> +
> + /* CRm=2 */
> + ID_SANITISED(ID_ISAR0_EL1),
> + ID_SANITISED(ID_ISAR1_EL1),
> + ID_SANITISED(ID_ISAR2_EL1),
> + ID_SANITISED(ID_ISAR3_EL1),
> + ID_SANITISED(ID_ISAR4_EL1),
> + ID_SANITISED(ID_ISAR5_EL1),
> + ID_SANITISED(ID_MMFR4_EL1),
> + ID_UNALLOCATED(2,7),
> +
> + /* CRm=3 */
> + ID_SANITISED(MVFR0_EL1),
> + ID_SANITISED(MVFR1_EL1),
> + ID_SANITISED(MVFR2_EL1),
> + ID_UNALLOCATED(3,3),
> + ID_UNALLOCATED(3,4),
> + ID_UNALLOCATED(3,5),
> + ID_UNALLOCATED(3,6),
> + ID_UNALLOCATED(3,7),
> +
> + /* AArch64 ID registers */
> + /* CRm=4 */
> + ID_SANITISED(ID_AA64PFR0_EL1),
> + ID_SANITISED(ID_AA64PFR1_EL1),
> + ID_UNALLOCATED(4,2),
> + ID_UNALLOCATED(4,3),
> + ID_UNALLOCATED(4,4),
> + ID_UNALLOCATED(4,5),
> + ID_UNALLOCATED(4,6),
> + ID_UNALLOCATED(4,7),
> +
> + /* CRm=5 */
> + ID_SANITISED(ID_AA64DFR0_EL1),
> + ID_SANITISED(ID_AA64DFR1_EL1),
> + ID_UNALLOCATED(5,2),
> + ID_UNALLOCATED(5,3),
> + ID_HIDDEN(ID_AA64AFR0_EL1),
> + ID_HIDDEN(ID_AA64AFR1_EL1),
> + ID_UNALLOCATED(5,6),
> + ID_UNALLOCATED(5,7),
> +
> + /* CRm=6 */
> + ID_SANITISED(ID_AA64ISAR0_EL1),
> + ID_SANITISED(ID_AA64ISAR1_EL1),
> + ID_UNALLOCATED(6,2),
> + ID_UNALLOCATED(6,3),
> + ID_UNALLOCATED(6,4),
> + ID_UNALLOCATED(6,5),
> + ID_UNALLOCATED(6,6),
> + ID_UNALLOCATED(6,7),
> +
> + /* CRm=7 */
> + ID_SANITISED(ID_AA64MMFR0_EL1),
> + ID_SANITISED(ID_AA64MMFR1_EL1),
> + ID_SANITISED(ID_AA64MMFR2_EL1),
> + ID_UNALLOCATED(7,3),
> + ID_UNALLOCATED(7,4),
> + ID_UNALLOCATED(7,5),
> + ID_UNALLOCATED(7,6),
> + ID_UNALLOCATED(7,7),
> +
> { SYS_DESC(SYS_SCTLR_EL1), access_vm_reg, reset_val, SCTLR_EL1, 0x00C50078 },
> { SYS_DESC(SYS_CPACR_EL1), NULL, reset_val, CPACR_EL1, 0 },
> { SYS_DESC(SYS_TTBR0_EL1), access_vm_reg, reset_unknown, TTBR0_EL1 },
> @@ -1790,8 +1999,8 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
> if (!r)
> r = find_reg(¶ms, sys_reg_descs, ARRAY_SIZE(sys_reg_descs));
>
> - /* Not saved in the sys_reg array? */
> - if (r && !r->reg)
> + /* Not saved in the sys_reg array and not otherwise accessible? */
> + if (r && !(r->reg || r->get_user))
> r = NULL;
>
> return r;
> @@ -1815,20 +2024,6 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
> FUNCTION_INVARIANT(midr_el1)
> FUNCTION_INVARIANT(ctr_el0)
> FUNCTION_INVARIANT(revidr_el1)
> -FUNCTION_INVARIANT(id_pfr0_el1)
> -FUNCTION_INVARIANT(id_pfr1_el1)
> -FUNCTION_INVARIANT(id_dfr0_el1)
> -FUNCTION_INVARIANT(id_afr0_el1)
> -FUNCTION_INVARIANT(id_mmfr0_el1)
> -FUNCTION_INVARIANT(id_mmfr1_el1)
> -FUNCTION_INVARIANT(id_mmfr2_el1)
> -FUNCTION_INVARIANT(id_mmfr3_el1)
> -FUNCTION_INVARIANT(id_isar0_el1)
> -FUNCTION_INVARIANT(id_isar1_el1)
> -FUNCTION_INVARIANT(id_isar2_el1)
> -FUNCTION_INVARIANT(id_isar3_el1)
> -FUNCTION_INVARIANT(id_isar4_el1)
> -FUNCTION_INVARIANT(id_isar5_el1)
> FUNCTION_INVARIANT(clidr_el1)
> FUNCTION_INVARIANT(aidr_el1)
>
> @@ -1836,20 +2031,6 @@ FUNCTION_INVARIANT(aidr_el1)
> static struct sys_reg_desc invariant_sys_regs[] = {
> { SYS_DESC(SYS_MIDR_EL1), NULL, get_midr_el1 },
> { SYS_DESC(SYS_REVIDR_EL1), NULL, get_revidr_el1 },
> - { SYS_DESC(SYS_ID_PFR0_EL1), NULL, get_id_pfr0_el1 },
> - { SYS_DESC(SYS_ID_PFR1_EL1), NULL, get_id_pfr1_el1 },
> - { SYS_DESC(SYS_ID_DFR0_EL1), NULL, get_id_dfr0_el1 },
> - { SYS_DESC(SYS_ID_AFR0_EL1), NULL, get_id_afr0_el1 },
> - { SYS_DESC(SYS_ID_MMFR0_EL1), NULL, get_id_mmfr0_el1 },
> - { SYS_DESC(SYS_ID_MMFR1_EL1), NULL, get_id_mmfr1_el1 },
> - { SYS_DESC(SYS_ID_MMFR2_EL1), NULL, get_id_mmfr2_el1 },
> - { SYS_DESC(SYS_ID_MMFR3_EL1), NULL, get_id_mmfr3_el1 },
> - { SYS_DESC(SYS_ID_ISAR0_EL1), NULL, get_id_isar0_el1 },
> - { SYS_DESC(SYS_ID_ISAR1_EL1), NULL, get_id_isar1_el1 },
> - { SYS_DESC(SYS_ID_ISAR2_EL1), NULL, get_id_isar2_el1 },
> - { SYS_DESC(SYS_ID_ISAR3_EL1), NULL, get_id_isar3_el1 },
> - { SYS_DESC(SYS_ID_ISAR4_EL1), NULL, get_id_isar4_el1 },
> - { SYS_DESC(SYS_ID_ISAR5_EL1), NULL, get_id_isar5_el1 },
> { SYS_DESC(SYS_CLIDR_EL1), NULL, get_clidr_el1 },
> { SYS_DESC(SYS_AIDR_EL1), NULL, get_aidr_el1 },
> { SYS_DESC(SYS_CTR_EL0), NULL, get_ctr_el0 },
> @@ -2079,12 +2260,31 @@ static bool copy_reg_to_user(const struct sys_reg_desc *reg, u64 __user **uind)
> return true;
> }
>
> +static int walk_one_sys_reg(const struct sys_reg_desc *rd,
> + u64 __user **uind,
> + unsigned int *total)
> +{
> + /*
> + * Ignore registers we trap but don't save,
> + * and for which no custom user accessor is provided.
> + */
> + if (!(rd->reg || rd->get_user))
> + return 0;
> +
> + if (!copy_reg_to_user(rd, uind))
> + return -EFAULT;
> +
> + (*total)++;
> + return 0;
> +}
> +
> /* Assumed ordered tables, see kvm_sys_reg_table_init. */
> static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
> {
> const struct sys_reg_desc *i1, *i2, *end1, *end2;
> unsigned int total = 0;
> size_t num;
> + int err;
>
> /* We check for duplicates here, to allow arch-specific overrides. */
> i1 = get_target_table(vcpu->arch.target, true, &num);
> @@ -2098,21 +2298,13 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
> while (i1 || i2) {
> int cmp = cmp_sys_reg(i1, i2);
> /* target-specific overrides generic entry. */
> - if (cmp <= 0) {
> - /* Ignore registers we trap but don't save. */
> - if (i1->reg) {
> - if (!copy_reg_to_user(i1, &uind))
> - return -EFAULT;
> - total++;
> - }
> - } else {
> - /* Ignore registers we trap but don't save. */
> - if (i2->reg) {
> - if (!copy_reg_to_user(i2, &uind))
> - return -EFAULT;
> - total++;
> - }
> - }
> + if (cmp <= 0)
> + err = walk_one_sys_reg(i1, &uind, &total);
> + else
> + err = walk_one_sys_reg(i2, &uind, &total);
> +
> + if (err)
> + return err;
>
> if (cmp <= 0 && ++i1 == end1)
> i1 = NULL;
>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 16:28 ` Marc Zyngier
-1 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-11 16:28 UTC (permalink / raw)
To: Dave Martin, linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch, Christoffer Dall
[+ Christoffer]
On 10/10/17 19:38, Dave Martin wrote:
> Until KVM has full SVE support, guests must not be allowed to
> execute SVE instructions.
>
> This patch enables the necessary traps, and also ensures that the
> traps are disabled again on exit from the guest so that the host
> can still use SVE if it wants to.
>
> This patch introduces another instance of
> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> Other instances are ported appropriately.
>
> As a side effect of this refactoring, a this_cpu_write() in
> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> should be fine, since cpu_pm_enter() is supposed to be called only
> with interrupts disabled.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm/include/asm/kvm_host.h | 3 +++
> arch/arm64/include/asm/fpsimd.h | 1 +
> arch/arm64/include/asm/kvm_arm.h | 4 +++-
> arch/arm64/include/asm/kvm_host.h | 11 +++++++++++
> arch/arm64/kernel/fpsimd.c | 31 +++++++++++++++++++++++++++++--
> arch/arm64/kvm/hyp/switch.c | 6 +++---
> virt/kvm/arm/arm.c | 3 +++
> 7 files changed, 53 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index 4a879f6..242151e 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -293,4 +293,7 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,
> int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
> struct kvm_device_attr *attr);
>
> +/* All host FP/SIMD state is restored on guest exit, so nothing to save: */
> +static inline void kvm_fpsimd_flush_cpu_state(void) {}
> +
> #endif /* __ARM_KVM_HOST_H__ */
> diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> index 3cfdfbe..10b2824 100644
> --- a/arch/arm64/include/asm/fpsimd.h
> +++ b/arch/arm64/include/asm/fpsimd.h
> @@ -75,6 +75,7 @@ extern void fpsimd_restore_current_state(void);
> extern void fpsimd_update_current_state(struct fpsimd_state *state);
>
> extern void fpsimd_flush_task_state(struct task_struct *target);
> +extern void sve_flush_cpu_state(void);
>
> /* Maximum VL that SVE VL-agnostic software can transparently support */
> #define SVE_VL_ARCH_MAX 0x100
> diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
> index dbf0537..7f069ff 100644
> --- a/arch/arm64/include/asm/kvm_arm.h
> +++ b/arch/arm64/include/asm/kvm_arm.h
> @@ -186,7 +186,8 @@
> #define CPTR_EL2_TTA (1 << 20)
> #define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
> #define CPTR_EL2_TZ (1 << 8)
> -#define CPTR_EL2_DEFAULT 0x000033ff
> +#define CPTR_EL2_RES1 0x000032ff /* known RES1 bits in CPTR_EL2 */
> +#define CPTR_EL2_DEFAULT CPTR_EL2_RES1
>
> /* Hyp Debug Configuration Register bits */
> #define MDCR_EL2_TPMS (1 << 14)
> @@ -237,5 +238,6 @@
>
> #define CPACR_EL1_FPEN (3 << 20)
> #define CPACR_EL1_TTA (1 << 28)
> +#define CPACR_EL1_DEFAULT (CPACR_EL1_FPEN | CPACR_EL1_ZEN_EL1EN)
>
> #endif /* __ARM64_KVM_ARM_H__ */
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index e923b58..674912d 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -25,6 +25,7 @@
> #include <linux/types.h>
> #include <linux/kvm_types.h>
> #include <asm/cpufeature.h>
> +#include <asm/fpsimd.h>
> #include <asm/kvm.h>
> #include <asm/kvm_asm.h>
> #include <asm/kvm_mmio.h>
> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
> "PARange is %d bits, unsupported configuration!", parange);
> }
>
> +/*
> + * All host FP/SIMD state is restored on guest exit, so nothing needs
> + * doing here except in the SVE case:
> +*/
> +static inline void kvm_fpsimd_flush_cpu_state(void)
> +{
> + if (system_supports_sve())
> + sve_flush_cpu_state();
Hmmm. How does this work if...
> +}
> +
> #endif /* __ARM64_KVM_HOST_H__ */
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index a9cb794..6ae3703 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> t->thread.fpsimd_state.cpu = NR_CPUS;
> }
>
> +static inline void fpsimd_flush_cpu_state(void)
> +{
> + __this_cpu_write(fpsimd_last_state, NULL);
> +}
> +
> +/*
> + * Invalidate any task SVE state currently held in this CPU's regs.
> + *
> + * This is used to prevent the kernel from trying to reuse SVE register data
> + * that is detroyed by KVM guest enter/exit. This function should go away when
> + * KVM SVE support is implemented. Don't use it for anything else.
> + */
> +#ifdef CONFIG_ARM64_SVE
> +void sve_flush_cpu_state(void)
> +{
> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> + struct task_struct *tsk;
> +
> + if (!fpstate)
> + return;
> +
> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> + fpsimd_flush_cpu_state();
> +}
> +#endif /* CONFIG_ARM64_SVE */
... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
moving the #ifdef/#endif inside the function...
> +
> #ifdef CONFIG_KERNEL_MODE_NEON
>
> DEFINE_PER_CPU(bool, kernel_neon_busy);
> @@ -1113,7 +1140,7 @@ void kernel_neon_begin(void)
> }
>
> /* Invalidate any task state remaining in the fpsimd regs: */
> - __this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
>
> preempt_disable();
>
> @@ -1234,7 +1261,7 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
> case CPU_PM_ENTER:
> if (current->mm)
> task_fpsimd_save();
> - this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
> break;
> case CPU_PM_EXIT:
> if (current->mm)
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 35a90b8..951f3eb 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -48,7 +48,7 @@ static void __hyp_text __activate_traps_vhe(void)
>
> val = read_sysreg(cpacr_el1);
> val |= CPACR_EL1_TTA;
> - val &= ~CPACR_EL1_FPEN;
> + val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);
> write_sysreg(val, cpacr_el1);
>
> write_sysreg(__kvm_hyp_vector, vbar_el1);
> @@ -59,7 +59,7 @@ static void __hyp_text __activate_traps_nvhe(void)
> u64 val;
>
> val = CPTR_EL2_DEFAULT;
> - val |= CPTR_EL2_TTA | CPTR_EL2_TFP;
> + val |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;
> write_sysreg(val, cptr_el2);
> }
>
> @@ -117,7 +117,7 @@ static void __hyp_text __deactivate_traps_vhe(void)
>
> write_sysreg(mdcr_el2, mdcr_el2);
> write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);
> - write_sysreg(CPACR_EL1_FPEN, cpacr_el1);
> + write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);
> write_sysreg(vectors, vbar_el1);
> }
>
> diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
> index b9f68e4..4d3cf9c 100644
> --- a/virt/kvm/arm/arm.c
> +++ b/virt/kvm/arm/arm.c
> @@ -652,6 +652,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
> */
> preempt_disable();
>
> + /* Flush FP/SIMD state that can't survive guest entry/exit */
> + kvm_fpsimd_flush_cpu_state();
> +
> kvm_pmu_flush_hwstate(vcpu);
>
> kvm_timer_flush_hwstate(vcpu);
>
Thanks,
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-11 16:28 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-11 16:28 UTC (permalink / raw)
To: linux-arm-kernel
[+ Christoffer]
On 10/10/17 19:38, Dave Martin wrote:
> Until KVM has full SVE support, guests must not be allowed to
> execute SVE instructions.
>
> This patch enables the necessary traps, and also ensures that the
> traps are disabled again on exit from the guest so that the host
> can still use SVE if it wants to.
>
> This patch introduces another instance of
> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> Other instances are ported appropriately.
>
> As a side effect of this refactoring, a this_cpu_write() in
> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> should be fine, since cpu_pm_enter() is supposed to be called only
> with interrupts disabled.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm/include/asm/kvm_host.h | 3 +++
> arch/arm64/include/asm/fpsimd.h | 1 +
> arch/arm64/include/asm/kvm_arm.h | 4 +++-
> arch/arm64/include/asm/kvm_host.h | 11 +++++++++++
> arch/arm64/kernel/fpsimd.c | 31 +++++++++++++++++++++++++++++--
> arch/arm64/kvm/hyp/switch.c | 6 +++---
> virt/kvm/arm/arm.c | 3 +++
> 7 files changed, 53 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index 4a879f6..242151e 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -293,4 +293,7 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,
> int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
> struct kvm_device_attr *attr);
>
> +/* All host FP/SIMD state is restored on guest exit, so nothing to save: */
> +static inline void kvm_fpsimd_flush_cpu_state(void) {}
> +
> #endif /* __ARM_KVM_HOST_H__ */
> diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> index 3cfdfbe..10b2824 100644
> --- a/arch/arm64/include/asm/fpsimd.h
> +++ b/arch/arm64/include/asm/fpsimd.h
> @@ -75,6 +75,7 @@ extern void fpsimd_restore_current_state(void);
> extern void fpsimd_update_current_state(struct fpsimd_state *state);
>
> extern void fpsimd_flush_task_state(struct task_struct *target);
> +extern void sve_flush_cpu_state(void);
>
> /* Maximum VL that SVE VL-agnostic software can transparently support */
> #define SVE_VL_ARCH_MAX 0x100
> diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
> index dbf0537..7f069ff 100644
> --- a/arch/arm64/include/asm/kvm_arm.h
> +++ b/arch/arm64/include/asm/kvm_arm.h
> @@ -186,7 +186,8 @@
> #define CPTR_EL2_TTA (1 << 20)
> #define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
> #define CPTR_EL2_TZ (1 << 8)
> -#define CPTR_EL2_DEFAULT 0x000033ff
> +#define CPTR_EL2_RES1 0x000032ff /* known RES1 bits in CPTR_EL2 */
> +#define CPTR_EL2_DEFAULT CPTR_EL2_RES1
>
> /* Hyp Debug Configuration Register bits */
> #define MDCR_EL2_TPMS (1 << 14)
> @@ -237,5 +238,6 @@
>
> #define CPACR_EL1_FPEN (3 << 20)
> #define CPACR_EL1_TTA (1 << 28)
> +#define CPACR_EL1_DEFAULT (CPACR_EL1_FPEN | CPACR_EL1_ZEN_EL1EN)
>
> #endif /* __ARM64_KVM_ARM_H__ */
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index e923b58..674912d 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -25,6 +25,7 @@
> #include <linux/types.h>
> #include <linux/kvm_types.h>
> #include <asm/cpufeature.h>
> +#include <asm/fpsimd.h>
> #include <asm/kvm.h>
> #include <asm/kvm_asm.h>
> #include <asm/kvm_mmio.h>
> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
> "PARange is %d bits, unsupported configuration!", parange);
> }
>
> +/*
> + * All host FP/SIMD state is restored on guest exit, so nothing needs
> + * doing here except in the SVE case:
> +*/
> +static inline void kvm_fpsimd_flush_cpu_state(void)
> +{
> + if (system_supports_sve())
> + sve_flush_cpu_state();
Hmmm. How does this work if...
> +}
> +
> #endif /* __ARM64_KVM_HOST_H__ */
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index a9cb794..6ae3703 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> t->thread.fpsimd_state.cpu = NR_CPUS;
> }
>
> +static inline void fpsimd_flush_cpu_state(void)
> +{
> + __this_cpu_write(fpsimd_last_state, NULL);
> +}
> +
> +/*
> + * Invalidate any task SVE state currently held in this CPU's regs.
> + *
> + * This is used to prevent the kernel from trying to reuse SVE register data
> + * that is detroyed by KVM guest enter/exit. This function should go away when
> + * KVM SVE support is implemented. Don't use it for anything else.
> + */
> +#ifdef CONFIG_ARM64_SVE
> +void sve_flush_cpu_state(void)
> +{
> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> + struct task_struct *tsk;
> +
> + if (!fpstate)
> + return;
> +
> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> + fpsimd_flush_cpu_state();
> +}
> +#endif /* CONFIG_ARM64_SVE */
... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
moving the #ifdef/#endif inside the function...
> +
> #ifdef CONFIG_KERNEL_MODE_NEON
>
> DEFINE_PER_CPU(bool, kernel_neon_busy);
> @@ -1113,7 +1140,7 @@ void kernel_neon_begin(void)
> }
>
> /* Invalidate any task state remaining in the fpsimd regs: */
> - __this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
>
> preempt_disable();
>
> @@ -1234,7 +1261,7 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
> case CPU_PM_ENTER:
> if (current->mm)
> task_fpsimd_save();
> - this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
> break;
> case CPU_PM_EXIT:
> if (current->mm)
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 35a90b8..951f3eb 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -48,7 +48,7 @@ static void __hyp_text __activate_traps_vhe(void)
>
> val = read_sysreg(cpacr_el1);
> val |= CPACR_EL1_TTA;
> - val &= ~CPACR_EL1_FPEN;
> + val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);
> write_sysreg(val, cpacr_el1);
>
> write_sysreg(__kvm_hyp_vector, vbar_el1);
> @@ -59,7 +59,7 @@ static void __hyp_text __activate_traps_nvhe(void)
> u64 val;
>
> val = CPTR_EL2_DEFAULT;
> - val |= CPTR_EL2_TTA | CPTR_EL2_TFP;
> + val |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;
> write_sysreg(val, cptr_el2);
> }
>
> @@ -117,7 +117,7 @@ static void __hyp_text __deactivate_traps_vhe(void)
>
> write_sysreg(mdcr_el2, mdcr_el2);
> write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);
> - write_sysreg(CPACR_EL1_FPEN, cpacr_el1);
> + write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);
> write_sysreg(vectors, vbar_el1);
> }
>
> diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
> index b9f68e4..4d3cf9c 100644
> --- a/virt/kvm/arm/arm.c
> +++ b/virt/kvm/arm/arm.c
> @@ -652,6 +652,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
> */
> preempt_disable();
>
> + /* Flush FP/SIMD state that can't survive guest entry/exit */
> + kvm_fpsimd_flush_cpu_state();
> +
> kvm_pmu_flush_hwstate(vcpu);
>
> kvm_timer_flush_hwstate(vcpu);
>
Thanks,
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 16:31 ` Marc Zyngier
-1 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-11 16:31 UTC (permalink / raw)
To: Dave Martin, linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
[+ Christoffer]
On 10/10/17 19:38, Dave Martin wrote:
> KVM guests cannot currently use SVE, because SVE is always
> configured to trap to EL2.
>
> However, a guest that sees SVE reported as present in
> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> use it. Instead of working, the guest will receive an injected
> undef exception, which may cause the guest to oops or go into a
> spin.
>
> To avoid misleading the guest into believing that SVE will work,
> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> guest attempts to read this register. No support is explicitly
> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> reading as zero, which is consistent with SVE not being
> implemented.
>
> This is a temporary measure, and will be removed in a later series
> when full KVM support for SVE is implemented.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index b1f7552..a0ee9b0 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -23,6 +23,7 @@
> #include <linux/bsearch.h>
> #include <linux/kvm_host.h>
> #include <linux/mm.h>
> +#include <linux/printk.h>
> #include <linux/uaccess.h>
>
> #include <asm/cacheflush.h>
> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> {
> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>
> - return raz ? 0 : read_sanitised_ftr_reg(id);
> + if (id == SYS_ID_AA64PFR0_EL1) {
> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> + task_pid_nr(current));
> +
> + val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
> + }
> +
> + return val;
> }
>
> /* cpufeature ID register access trap handlers */
>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-11 16:31 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-11 16:31 UTC (permalink / raw)
To: linux-arm-kernel
[+ Christoffer]
On 10/10/17 19:38, Dave Martin wrote:
> KVM guests cannot currently use SVE, because SVE is always
> configured to trap to EL2.
>
> However, a guest that sees SVE reported as present in
> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> use it. Instead of working, the guest will receive an injected
> undef exception, which may cause the guest to oops or go into a
> spin.
>
> To avoid misleading the guest into believing that SVE will work,
> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> guest attempts to read this register. No support is explicitly
> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> reading as zero, which is consistent with SVE not being
> implemented.
>
> This is a temporary measure, and will be removed in a later series
> when full KVM support for SVE is implemented.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index b1f7552..a0ee9b0 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -23,6 +23,7 @@
> #include <linux/bsearch.h>
> #include <linux/kvm_host.h>
> #include <linux/mm.h>
> +#include <linux/printk.h>
> #include <linux/uaccess.h>
>
> #include <asm/cacheflush.h>
> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> {
> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>
> - return raz ? 0 : read_sanitised_ftr_reg(id);
> + if (id == SYS_ID_AA64PFR0_EL1) {
> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> + task_pid_nr(current));
> +
> + val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
> + }
> +
> + return val;
> }
>
> /* cpufeature ID register access trap handlers */
>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 13/28] arm64/sve: Signal handling support
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 16:40 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:40 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index aabeaee..fa4ed34 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> sizeof(fst->vregs[i]));
> }
>
> +/*
> + * Transfer the SVE state in task->thread.sve_state to
> + * task->thread.fpsimd_state.
> + *
> + * Task can be a non-runnable task, or current. In the latter case,
> + * softirqs (and preemption) must be disabled.
> + * task->thread.sve_state must point to at least sve_state_size(task)
> + * bytes of allocated kernel memory.
> + * task->thread.sve_state must be up to date before calling this function.
> + */
> +static void sve_to_fpsimd(struct task_struct *task)
> +{
> + unsigned int vq;
> + void const *sst = task->thread.sve_state;
> + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> + unsigned int i;
> +
> + if (!system_supports_sve())
> + return;
> +
> + vq = sve_vq_from_vl(task->thread.sve_vl);
> + for (i = 0; i < 32; ++i)
> + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> + sizeof(fst->vregs[i]));
> +}
Nit: could we actually just do an assignment with some pointer casting?
It looks like we invoke memcpy for every 16 bytes (same for
fpsimd_to_sve).
Otherwise:
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 13/28] arm64/sve: Signal handling support
@ 2017-10-11 16:40 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:40 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index aabeaee..fa4ed34 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> sizeof(fst->vregs[i]));
> }
>
> +/*
> + * Transfer the SVE state in task->thread.sve_state to
> + * task->thread.fpsimd_state.
> + *
> + * Task can be a non-runnable task, or current. In the latter case,
> + * softirqs (and preemption) must be disabled.
> + * task->thread.sve_state must point to at least sve_state_size(task)
> + * bytes of allocated kernel memory.
> + * task->thread.sve_state must be up to date before calling this function.
> + */
> +static void sve_to_fpsimd(struct task_struct *task)
> +{
> + unsigned int vq;
> + void const *sst = task->thread.sve_state;
> + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> + unsigned int i;
> +
> + if (!system_supports_sve())
> + return;
> +
> + vq = sve_vq_from_vl(task->thread.sve_vl);
> + for (i = 0; i < 32; ++i)
> + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> + sizeof(fst->vregs[i]));
> +}
Nit: could we actually just do an assignment with some pointer casting?
It looks like we invoke memcpy for every 16 bytes (same for
fpsimd_to_sve).
Otherwise:
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 14/28] arm64/sve: Backend logic for setting the vector length
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 16:43 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:43 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:31PM +0100, Dave P Martin wrote:
> This patch implements the core logic for changing a task's vector
> length on request from userspace. This will be used by the ptrace
> and prctl frontends that are implemented in later patches.
>
> The SVE architecture permits, but does not require, implementations
> to support vector lengths that are not a power of two. To handle
> this, logic is added to check a requested vector length against a
> possibly sparse bitmap of available vector lengths at runtime, so
> that the best supported value can be chosen.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 14/28] arm64/sve: Backend logic for setting the vector length
@ 2017-10-11 16:43 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:43 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:31PM +0100, Dave P Martin wrote:
> This patch implements the core logic for changing a task's vector
> length on request from userspace. This will be used by the ptrace
> and prctl frontends that are implemented in later patches.
>
> The SVE architecture permits, but does not require, implementations
> to support vector lengths that are not a power of two. To handle
> this, logic is added to check a requested vector length against a
> possibly sparse bitmap of available vector lengths at runtime, so
> that the best supported value can be chosen.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 15/28] arm64: cpufeature: Move sys_caps_initialised declarations
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 16:50 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:50 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:32PM +0100, Dave P Martin wrote:
> update_cpu_features() currently cannot tell whether it is being
> called during early or late secondary boot. This doesn't
> desperately matter for anything it currently does.
>
> However, SVE will need to know here whether the set of available
> vector lengths is fixed of still to be determined when booting a
> CPU so that it can be updated appropriately.
>
> This patch simply moves the sys_caps_initialised stuff to the top
> of the file so that it can be more widely. There doesn't seem to
> be a more obvious place to put it.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 15/28] arm64: cpufeature: Move sys_caps_initialised declarations
@ 2017-10-11 16:50 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:50 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:32PM +0100, Dave P Martin wrote:
> update_cpu_features() currently cannot tell whether it is being
> called during early or late secondary boot. This doesn't
> desperately matter for anything it currently does.
>
> However, SVE will need to know here whether the set of available
> vector lengths is fixed of still to be determined when booting a
> CPU so that it can be updated appropriately.
>
> This patch simply moves the sys_caps_initialised stuff to the top
> of the file so that it can be more widely. There doesn't seem to
> be a more obvious place to put it.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 16:55 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:55 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Suzuki K Poulose, Will Deacon,
Richard Sandiford, Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:33PM +0100, Dave P Martin wrote:
> This patch uses the cpufeatures framework to determine common SVE
> capabilities and vector lengths, and configures the runtime SVE
> support code appropriately.
>
> ZCR_ELx is not really a feature register, but it is convenient to
> use it as a template for recording the maximum vector length
> supported by a CPU, using the LEN field. This field is similar to
> a feature field in that it is a contiguous bitfield for which we
> want to determine the minimum system-wide value. This patch adds
> ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
> custom code to populate it. Finding the minimum supported value of
> the LEN field is left to the cpufeatures framework in the usual
> way.
>
> The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
> so for now we just require it to be zero.
>
> Note that much of this code is dormant and SVE still won't be used
> yet, since system_supports_sve() remains hardwired to false.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Bennée <alex.bennee@linaro.org>
> Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-11 16:55 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-11 16:55 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:33PM +0100, Dave P Martin wrote:
> This patch uses the cpufeatures framework to determine common SVE
> capabilities and vector lengths, and configures the runtime SVE
> support code appropriately.
>
> ZCR_ELx is not really a feature register, but it is convenient to
> use it as a template for recording the maximum vector length
> supported by a CPU, using the LEN field. This field is similar to
> a feature field in that it is a contiguous bitfield for which we
> want to determine the minimum system-wide value. This patch adds
> ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
> custom code to populate it. Finding the minimum supported value of
> the LEN field is left to the cpufeatures framework in the usual
> way.
>
> The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
> so for now we just require it to be zero.
>
> Note that much of this code is dormant and SVE still won't be used
> yet, since system_supports_sve() remains hardwired to false.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 25/28] arm64/sve: Detect SVE and activate runtime support
2017-10-10 18:38 ` Dave Martin
@ 2017-10-11 17:11 ` Suzuki K Poulose
-1 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-11 17:11 UTC (permalink / raw)
To: Dave Martin, linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
On 10/10/17 19:38, Dave Martin wrote:
> This patch enables detection of hardware SVE support via the
> cpufeatures framework, and reports its presence to the kernel and
> userspace via the new ARM64_SVE cpucap and HWCAP_SVE hwcap
> respectively.
>
> Userspace can also detect SVE using ID_AA64PFR0_EL1, using the
> cpufeatures MRS emulation.
>
> When running on hardware that supports SVE, this enables runtime
> kernel support for SVE, and allows user tasks to execute SVE
> instructions and make of the of the SVE-specific user/kernel
> interface extensions implemented by this series.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Looks good to me.
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 25/28] arm64/sve: Detect SVE and activate runtime support
@ 2017-10-11 17:11 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-11 17:11 UTC (permalink / raw)
To: linux-arm-kernel
On 10/10/17 19:38, Dave Martin wrote:
> This patch enables detection of hardware SVE support via the
> cpufeatures framework, and reports its presence to the kernel and
> userspace via the new ARM64_SVE cpucap and HWCAP_SVE hwcap
> respectively.
>
> Userspace can also detect SVE using ID_AA64PFR0_EL1, using the
> cpufeatures MRS emulation.
>
> When running on hardware that supports SVE, this enables runtime
> kernel support for SVE, and allows user tasks to execute SVE
> instructions and make of the of the SVE-specific user/kernel
> interface extensions implemented by this series.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Looks good to me.
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 17/28] arm64/sve: Preserve SVE registers around kernel-mode NEON use
2017-10-10 18:38 ` Dave Martin
@ 2017-10-12 10:15 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 10:15 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:34PM +0100, Dave P Martin wrote:
> Kernel-mode NEON will corrupt the SVE vector registers, due to the
> way they alias the FPSIMD vector registers in the hardware.
>
> This patch ensures that any live SVE register content for the task
> is saved by kernel_neon_begin(). The data will be restored in the
> usual way on return to userspace.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 17/28] arm64/sve: Preserve SVE registers around kernel-mode NEON use
@ 2017-10-12 10:15 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 10:15 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:34PM +0100, Dave P Martin wrote:
> Kernel-mode NEON will corrupt the SVE vector registers, due to the
> way they alias the FPSIMD vector registers in the hardware.
>
> This patch ensures that any live SVE register content for the task
> is saved by kernel_neon_begin(). The data will be restored in the
> usual way on return to userspace.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 18/28] arm64/sve: Preserve SVE registers around EFI runtime service calls
@ 2017-10-12 10:57 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 10:57 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, kvmarm,
linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:35PM +0100, Dave P Martin wrote:
> The EFI runtime services ABI allows EFI to make free use of the
> FPSIMD registers during EFI runtime service calls, subject to the
> callee-save requirements of the AArch64 procedure call standard.
>
> However, the SVE architecture allows upper bits of the SVE vector
> registers to be zeroed as a side-effect of FPSIMD V-register
> writes. This means that the SVE vector registers must be saved in
> their entirety in order to avoid data loss: non-SVE-aware EFI
> implementations cannot restore them correctly.
>
> The non-IRQ case is already handled gracefully by
> kernel_neon_begin(). For the IRQ case, this patch allocates a
> suitable per-CPU stash buffer for the full SVE register state and
> uses it to preserve the affected registers around EFI calls. It is
> currently unclear how the EFI runtime services ABI will be
> clarified with respect to SVE, so it safest to assume that the
> predicate registers and FFR must be saved and restored too.
>
> No attempt is made to restore the restore the vector length after
> a call, for now. It is deemed rather insane for EFI to change it,
> and contemporary EFI implementations certainly won't.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 18/28] arm64/sve: Preserve SVE registers around EFI runtime service calls
@ 2017-10-12 10:57 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 10:57 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:35PM +0100, Dave P Martin wrote:
> The EFI runtime services ABI allows EFI to make free use of the
> FPSIMD registers during EFI runtime service calls, subject to the
> callee-save requirements of the AArch64 procedure call standard.
>
> However, the SVE architecture allows upper bits of the SVE vector
> registers to be zeroed as a side-effect of FPSIMD V-register
> writes. This means that the SVE vector registers must be saved in
> their entirety in order to avoid data loss: non-SVE-aware EFI
> implementations cannot restore them correctly.
>
> The non-IRQ case is already handled gracefully by
> kernel_neon_begin(). For the IRQ case, this patch allocates a
> suitable per-CPU stash buffer for the full SVE register state and
> uses it to preserve the affected registers around EFI calls. It is
> currently unclear how the EFI runtime services ABI will be
> clarified with respect to SVE, so it safest to assume that the
> predicate registers and FFR must be saved and restored too.
>
> No attempt is made to restore the restore the vector length after
> a call, for now. It is deemed rather insane for EFI to change it,
> and contemporary EFI implementations certainly won't.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 18/28] arm64/sve: Preserve SVE registers around EFI runtime service calls
@ 2017-10-12 10:57 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 10:57 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:35PM +0100, Dave P Martin wrote:
> The EFI runtime services ABI allows EFI to make free use of the
> FPSIMD registers during EFI runtime service calls, subject to the
> callee-save requirements of the AArch64 procedure call standard.
>
> However, the SVE architecture allows upper bits of the SVE vector
> registers to be zeroed as a side-effect of FPSIMD V-register
> writes. This means that the SVE vector registers must be saved in
> their entirety in order to avoid data loss: non-SVE-aware EFI
> implementations cannot restore them correctly.
>
> The non-IRQ case is already handled gracefully by
> kernel_neon_begin(). For the IRQ case, this patch allocates a
> suitable per-CPU stash buffer for the full SVE register state and
> uses it to preserve the affected registers around EFI calls. It is
> currently unclear how the EFI runtime services ABI will be
> clarified with respect to SVE, so it safest to assume that the
> predicate registers and FFR must be saved and restored too.
>
> No attempt is made to restore the restore the vector length after
> a call, for now. It is deemed rather insane for EFI to change it,
> and contemporary EFI implementations certainly won't.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-11 16:28 ` Marc Zyngier
@ 2017-10-12 11:04 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-12 11:04 UTC (permalink / raw)
To: Marc Zyngier
Cc: linux-arm-kernel, linux-arch, Christoffer Dall, Okamoto Takayuki,
libc-alpha, Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas,
Will Deacon, Richard Sandiford, Alex Bennée, kvmarm
On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
> [+ Christoffer]
>
> On 10/10/17 19:38, Dave Martin wrote:
> > Until KVM has full SVE support, guests must not be allowed to
> > execute SVE instructions.
> >
> > This patch enables the necessary traps, and also ensures that the
> > traps are disabled again on exit from the guest so that the host
> > can still use SVE if it wants to.
> >
> > This patch introduces another instance of
> > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > Other instances are ported appropriately.
> >
> > As a side effect of this refactoring, a this_cpu_write() in
> > fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> > should be fine, since cpu_pm_enter() is supposed to be called only
> > with interrupts disabled.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> > Cc: Marc Zyngier <marc.zyngier@arm.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > ---
[...]
> > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> > index e923b58..674912d 100644
> > --- a/arch/arm64/include/asm/kvm_host.h
> > +++ b/arch/arm64/include/asm/kvm_host.h
[...]
> > @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
[...]
> > +static inline void kvm_fpsimd_flush_cpu_state(void)
> > +{
> > + if (system_supports_sve())
> > + sve_flush_cpu_state();
>
> Hmmm. How does this work if...
!IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
if CONFIG_ARM64_SVE is not set, the call is optimised away.
[...]
> > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > index a9cb794..6ae3703 100644
> > --- a/arch/arm64/kernel/fpsimd.c
> > +++ b/arch/arm64/kernel/fpsimd.c
> > @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
[...]
> > +#ifdef CONFIG_ARM64_SVE
> > +void sve_flush_cpu_state(void)
> > +{
> > + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> > + struct task_struct *tsk;
> > +
> > + if (!fpstate)
> > + return;
> > +
> > + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> > + if (test_tsk_thread_flag(tsk, TIF_SVE))
> > + fpsimd_flush_cpu_state();
> > +}
> > +#endif /* CONFIG_ARM64_SVE */
>
> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
> moving the #ifdef/#endif inside the function...
Because sve_flush_cpu_state() is not in the same compilation unit it
can't be static, and that means the compiler won't remove it
automatically if it's unused -- hence the #ifdef.
Because the call site is optimised away, there is no link failure.
Don't we rely on this sort of thing all over the place?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-12 11:04 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-12 11:04 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
> [+ Christoffer]
>
> On 10/10/17 19:38, Dave Martin wrote:
> > Until KVM has full SVE support, guests must not be allowed to
> > execute SVE instructions.
> >
> > This patch enables the necessary traps, and also ensures that the
> > traps are disabled again on exit from the guest so that the host
> > can still use SVE if it wants to.
> >
> > This patch introduces another instance of
> > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > Other instances are ported appropriately.
> >
> > As a side effect of this refactoring, a this_cpu_write() in
> > fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> > should be fine, since cpu_pm_enter() is supposed to be called only
> > with interrupts disabled.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> > Cc: Marc Zyngier <marc.zyngier@arm.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > ---
[...]
> > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> > index e923b58..674912d 100644
> > --- a/arch/arm64/include/asm/kvm_host.h
> > +++ b/arch/arm64/include/asm/kvm_host.h
[...]
> > @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
[...]
> > +static inline void kvm_fpsimd_flush_cpu_state(void)
> > +{
> > + if (system_supports_sve())
> > + sve_flush_cpu_state();
>
> Hmmm. How does this work if...
!IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
if CONFIG_ARM64_SVE is not set, the call is optimised away.
[...]
> > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > index a9cb794..6ae3703 100644
> > --- a/arch/arm64/kernel/fpsimd.c
> > +++ b/arch/arm64/kernel/fpsimd.c
> > @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
[...]
> > +#ifdef CONFIG_ARM64_SVE
> > +void sve_flush_cpu_state(void)
> > +{
> > + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> > + struct task_struct *tsk;
> > +
> > + if (!fpstate)
> > + return;
> > +
> > + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> > + if (test_tsk_thread_flag(tsk, TIF_SVE))
> > + fpsimd_flush_cpu_state();
> > +}
> > +#endif /* CONFIG_ARM64_SVE */
>
> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
> moving the #ifdef/#endif inside the function...
Because sve_flush_cpu_state() is not in the same compilation unit it
can't be static, and that means the compiler won't remove it
automatically if it's unused -- hence the #ifdef.
Because the call site is optimised away, there is no link failure.
Don't we rely on this sort of thing all over the place?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-12 11:04 ` Dave Martin
@ 2017-10-12 11:28 ` Marc Zyngier
-1 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-12 11:28 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Christoffer Dall, Okamoto Takayuki,
libc-alpha, Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas,
Will Deacon, Richard Sandiford, Alex Bennée, kvmarm
On 12/10/17 12:04, Dave Martin wrote:
> On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
>> [+ Christoffer]
>>
>> On 10/10/17 19:38, Dave Martin wrote:
>>> Until KVM has full SVE support, guests must not be allowed to
>>> execute SVE instructions.
>>>
>>> This patch enables the necessary traps, and also ensures that the
>>> traps are disabled again on exit from the guest so that the host
>>> can still use SVE if it wants to.
>>>
>>> This patch introduces another instance of
>>> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
>>> is abstracted out as a separate helper fpsimd_flush_cpu_state().
>>> Other instances are ported appropriately.
>>>
>>> As a side effect of this refactoring, a this_cpu_write() in
>>> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
>>> should be fine, since cpu_pm_enter() is supposed to be called only
>>> with interrupts disabled.
>>>
>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>> ---
>
> [...]
>
>>> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
>>> index e923b58..674912d 100644
>>> --- a/arch/arm64/include/asm/kvm_host.h
>>> +++ b/arch/arm64/include/asm/kvm_host.h
>
> [...]
>
>>> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
>
> [...]
>
>>> +static inline void kvm_fpsimd_flush_cpu_state(void)
>>> +{
>>> + if (system_supports_sve())
>>> + sve_flush_cpu_state();
>>
>> Hmmm. How does this work if...
>
> !IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
> if CONFIG_ARM64_SVE is not set, the call is optimised away.
>
> [...]
>
>>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
>>> index a9cb794..6ae3703 100644
>>> --- a/arch/arm64/kernel/fpsimd.c
>>> +++ b/arch/arm64/kernel/fpsimd.c
>>> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
>
> [...]
>
>>> +#ifdef CONFIG_ARM64_SVE
>>> +void sve_flush_cpu_state(void)
>>> +{
>>> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
>>> + struct task_struct *tsk;
>>> +
>>> + if (!fpstate)
>>> + return;
>>> +
>>> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
>>> + if (test_tsk_thread_flag(tsk, TIF_SVE))
>>> + fpsimd_flush_cpu_state();
>>> +}
>>> +#endif /* CONFIG_ARM64_SVE */
>>
>> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
>> moving the #ifdef/#endif inside the function...
>
> Because sve_flush_cpu_state() is not in the same compilation unit it
> can't be static, and that means the compiler won't remove it
> automatically if it's unused -- hence the #ifdef.
>
> Because the call site is optimised away, there is no link failure.
>
> Don't we rely on this sort of thing all over the place?
Dunno. It just feels weird. But if you are sure that it won't break,
fine by me. I guess we'll find out pretty quickly how this fares,
specially with older toolchains.
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-12 11:28 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-12 11:28 UTC (permalink / raw)
To: linux-arm-kernel
On 12/10/17 12:04, Dave Martin wrote:
> On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
>> [+ Christoffer]
>>
>> On 10/10/17 19:38, Dave Martin wrote:
>>> Until KVM has full SVE support, guests must not be allowed to
>>> execute SVE instructions.
>>>
>>> This patch enables the necessary traps, and also ensures that the
>>> traps are disabled again on exit from the guest so that the host
>>> can still use SVE if it wants to.
>>>
>>> This patch introduces another instance of
>>> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
>>> is abstracted out as a separate helper fpsimd_flush_cpu_state().
>>> Other instances are ported appropriately.
>>>
>>> As a side effect of this refactoring, a this_cpu_write() in
>>> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
>>> should be fine, since cpu_pm_enter() is supposed to be called only
>>> with interrupts disabled.
>>>
>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
>>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>> ---
>
> [...]
>
>>> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
>>> index e923b58..674912d 100644
>>> --- a/arch/arm64/include/asm/kvm_host.h
>>> +++ b/arch/arm64/include/asm/kvm_host.h
>
> [...]
>
>>> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
>
> [...]
>
>>> +static inline void kvm_fpsimd_flush_cpu_state(void)
>>> +{
>>> + if (system_supports_sve())
>>> + sve_flush_cpu_state();
>>
>> Hmmm. How does this work if...
>
> !IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
> if CONFIG_ARM64_SVE is not set, the call is optimised away.
>
> [...]
>
>>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
>>> index a9cb794..6ae3703 100644
>>> --- a/arch/arm64/kernel/fpsimd.c
>>> +++ b/arch/arm64/kernel/fpsimd.c
>>> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
>
> [...]
>
>>> +#ifdef CONFIG_ARM64_SVE
>>> +void sve_flush_cpu_state(void)
>>> +{
>>> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
>>> + struct task_struct *tsk;
>>> +
>>> + if (!fpstate)
>>> + return;
>>> +
>>> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
>>> + if (test_tsk_thread_flag(tsk, TIF_SVE))
>>> + fpsimd_flush_cpu_state();
>>> +}
>>> +#endif /* CONFIG_ARM64_SVE */
>>
>> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
>> moving the #ifdef/#endif inside the function...
>
> Because sve_flush_cpu_state() is not in the same compilation unit it
> can't be static, and that means the compiler won't remove it
> automatically if it's unused -- hence the #ifdef.
>
> Because the call site is optimised away, there is no link failure.
>
> Don't we rely on this sort of thing all over the place?
Dunno. It just feels weird. But if you are sure that it won't break,
fine by me. I guess we'll find out pretty quickly how this fares,
specially with older toolchains.
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
2017-10-10 18:38 ` Dave Martin
@ 2017-10-12 12:56 ` Suzuki K Poulose
-1 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-12 12:56 UTC (permalink / raw)
To: Dave Martin, linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Ard Biesheuvel, Alex Bennée,
Szabolcs Nagy, Richard Sandiford, Okamoto Takayuki, kvmarm,
libc-alpha, linux-arch
On 10/10/17 19:38, Dave Martin wrote:
> This patch uses the cpufeatures framework to determine common SVE
> capabilities and vector lengths, and configures the runtime SVE
> support code appropriately.
>
> ZCR_ELx is not really a feature register, but it is convenient to
> use it as a template for recording the maximum vector length
> supported by a CPU, using the LEN field. This field is similar to
> a feature field in that it is a contiguous bitfield for which we
> want to determine the minimum system-wide value. This patch adds
> ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
> custom code to populate it. Finding the minimum supported value of
> the LEN field is left to the cpufeatures framework in the usual
> way.
>
> The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
> so for now we just require it to be zero.
>
> Note that much of this code is dormant and SVE still won't be used
> yet, since system_supports_sve() remains hardwired to false.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Bennée <alex.bennee@linaro.org>
> Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
>
> ---
>
> Dropped Alex Bennée's Reviewed-by, since there is new logic in this
> patch.
>
> Changes since v2
> ----------------
>
> Bug fixes:
>
> * Got rid of dynamic allocation of the shadow vector length map during
> secondary boot. Secondary CPU boot takes place in atomic context,
> and relying on GFP_ATOMIC here doesn't seem justified.
>
> Instead, the needed additional bitmap is allocated statically. Only
> one shadow map is needed, because CPUs don't boot concurrently.
>
> Requested by Alex Bennée:
>
> * Reflowed untidy comment above read_zcr_features()
>
> * Added comments to read_zcr_features() to explain what it's trying to do
> (which is otherwise not readily apparent).
>
> Requested by Catalin Marinas:
>
> * Moved disabling of the EL1 SVE trap to the cpufeatures C code.
> This allows addition of new assembler in __cpu_setup to be
> avoided.
>
> Miscellaneous:
>
> * Added comments explaining the intent, purpose and basic constraints
> for fpsimd.c helpers.
...
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 92a9502..c5acf38 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
...
> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
> info->reg_mvfr2, boot->reg_mvfr2);
> }
>
> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
> + info->reg_zcr, boot->reg_zcr);
> +
> + if (!sys_caps_initialised)
> + sve_update_vq_map();
> + }
nit: I am not sure if we should also check if the "current" sanitised value
of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
is as such fine without the check, its just that we can avoid computing the
map. It is in the CPU boot up path and hence is not performance critical.
So, either way we are fine.
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-12 12:56 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-12 12:56 UTC (permalink / raw)
To: linux-arm-kernel
On 10/10/17 19:38, Dave Martin wrote:
> This patch uses the cpufeatures framework to determine common SVE
> capabilities and vector lengths, and configures the runtime SVE
> support code appropriately.
>
> ZCR_ELx is not really a feature register, but it is convenient to
> use it as a template for recording the maximum vector length
> supported by a CPU, using the LEN field. This field is similar to
> a feature field in that it is a contiguous bitfield for which we
> want to determine the minimum system-wide value. This patch adds
> ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
> custom code to populate it. Finding the minimum supported value of
> the LEN field is left to the cpufeatures framework in the usual
> way.
>
> The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
> so for now we just require it to be zero.
>
> Note that much of this code is dormant and SVE still won't be used
> yet, since system_supports_sve() remains hardwired to false.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
>
> ---
>
> Dropped Alex Benn?e's Reviewed-by, since there is new logic in this
> patch.
>
> Changes since v2
> ----------------
>
> Bug fixes:
>
> * Got rid of dynamic allocation of the shadow vector length map during
> secondary boot. Secondary CPU boot takes place in atomic context,
> and relying on GFP_ATOMIC here doesn't seem justified.
>
> Instead, the needed additional bitmap is allocated statically. Only
> one shadow map is needed, because CPUs don't boot concurrently.
>
> Requested by Alex Benn?e:
>
> * Reflowed untidy comment above read_zcr_features()
>
> * Added comments to read_zcr_features() to explain what it's trying to do
> (which is otherwise not readily apparent).
>
> Requested by Catalin Marinas:
>
> * Moved disabling of the EL1 SVE trap to the cpufeatures C code.
> This allows addition of new assembler in __cpu_setup to be
> avoided.
>
> Miscellaneous:
>
> * Added comments explaining the intent, purpose and basic constraints
> for fpsimd.c helpers.
...
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 92a9502..c5acf38 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
...
> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
> info->reg_mvfr2, boot->reg_mvfr2);
> }
>
> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
> + info->reg_zcr, boot->reg_zcr);
> +
> + if (!sys_caps_initialised)
> + sve_update_vq_map();
> + }
nit: I am not sure if we should also check if the "current" sanitised value
of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
is as such fine without the check, its just that we can avoid computing the
map. It is in the CPU boot up path and hence is not performance critical.
So, either way we are fine.
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 11/28] arm64/sve: Core task context handling
2017-10-11 16:15 ` Catalin Marinas
@ 2017-10-12 16:05 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-12 16:05 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alex Bennée,
kvmarm, linux-arm-kernel
On Wed, Oct 11, 2017 at 05:15:58PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:28PM +0100, Dave P Martin wrote:
> > diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> > index 026a7c7..b1409de 100644
> > --- a/arch/arm64/include/asm/fpsimd.h
> > +++ b/arch/arm64/include/asm/fpsimd.h
> > @@ -72,6 +75,20 @@ extern void sve_load_state(void const *state, u32 const *pfpsr,
> > unsigned long vq_minus_1);
> > extern unsigned int sve_get_vl(void);
> >
> > +#ifdef CONFIG_ARM64_SVE
> > +
> > +extern size_t sve_state_size(struct task_struct const *task);
> > +
> > +extern void sve_alloc(struct task_struct *task);
> > +extern void fpsimd_release_thread(struct task_struct *task);
> > +
> > +#else /* ! CONFIG_ARM64_SVE */
> > +
> > +static void __maybe_unused sve_alloc(struct task_struct *task) { }
> > +static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
>
> Nitpick: usually we just add static inline functions here rather than
> __maybe_unused.
Fair enough -- come to think of it I've already converted some other
instances of this at Ard's request.
>
> > diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> > index 29adab8..4831d28 100644
> > --- a/arch/arm64/include/asm/processor.h
> > +++ b/arch/arm64/include/asm/processor.h
> > @@ -39,6 +47,8 @@
> > #define FPEXC_IDF (1 << 7)
> >
> > /*
> > + * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
> > + *
> > * In order to reduce the number of times the FPSIMD state is needlessly saved
> > * and restored, we need to keep track of two things:
> > * (a) for each task, we need to remember which CPU was the last one to have
> > @@ -99,6 +109,287 @@
> > */
> > static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
> >
> > +static void sve_free(struct task_struct *task)
> > +{
> > + kfree(task->thread.sve_state);
> > + task->thread.sve_state = NULL;
> > +}
>
> I think we need a WARN_ON if TIF_SVE is still set here (and the callers
> making sure it is cleared). I haven't checked the code paths via
> fpsimd_release_thread() but wondering what happens if we get an
> interrupt between freeing the state and making the pointer NULL, with
> some context switching in a preemptible kernel.
Having a WARN_ON() here may be a decent way to sanity-check that we
don't ever have sve_state NULL with TIF_SVE set. This is a lot more
economical than putting a WARN_ON() at each dereference of sve_state
(of which there are quite a few). sve_free() is also a slow path.
Currently, there are two callsites: sve_set_vector_length(), where we
test_and_clear_tsk_thread_flags(task, TIF_SVE) before calling sve_free();
and fpsimd_release_thread() where we "don't care" because the thread
is dying.
Looking more closely though, is the release_thread() path preemptible?
I can't see anything in the scheduler core to ensure this, nor any
general reason why it should be needed.
In which case preemption during thread exit after sve_free() could
result in a NULL deference in fpsimd_thread_switch().
So, I think my favoured approach is:
sve_release_thread()
{
local_bh_disable();
fpsimd_flush_task_state(current);
clear_thread_flag(TIF_SVE);
local_bh_enable();
sve_free();
}
The local_bh stuff is cumbersome here, and could be replaced with
barrier()s to force the order of fpsimd_flusk_task_state() versus
clearing TIF_SVE. Or should the barrier really be in
fpsimd_flush_task_state()? Disabling softirqs avoids the need to answer
such questions...
Then:
sve_free(task)
{
WARN_ON(test_thread_flag(TIF_SVE));
barrier();
kfree(task->thread.sve_state);
tash->thread.sve_state = NULL;
}
I'm assuming here that kfree() can't be called safely from atomic
context, but this is unclear. I would expect to be able to free
GFP_ATOMIC memory from atomic context (though sve_statue is GFP_KERNEL,
so dunno).
> Alternatively, always clear TIF_SVE here before freeing (also wondering
> whether we should make sve_state NULL before the actual freeing but I
> think TIF_SVE clearing should suffice).
Could do. I feel that the current placement of the TIF_SVE clearing in
sve_set_vector_length() feels "more natural", but this is a pretty
flimsy argument. How strongly do you feel about this?
[...]
> > + * * TIF_SVE set:
[...]
> > + * * TIF_SVE clear:
> > + *
> > + * An attempt by the user task to execute an SVE instruction causes
> > + * do_sve_acc() to be called, which does some preparation and then
> > + * sets TIF_SVE.
> > + *
> > + * When stored, FPSIMD registers V0-V31 are encoded in
> > + * task->fpsimd_state; bits [max : 128] for each of Z0-Z31 are
> > + * logically zero but not stored anywhere; P0-P15 and FFR are not
> > + * stored and have unspecified values from userspace's point of
> > + * view. For hygiene purposes, the kernel zeroes them on next use,
> > + * but userspace is discouraged from relying on this.
> > + *
> > + * task->thread.sve_state does not need to be non-NULL, valid or any
> > + * particular size: it must not be dereferenced.
> > + *
> > + * * FPSR and FPCR are always stored in task->fpsimd_state irrespctive of
> > + * whether TIF_SVE is clear or set, since these are not vector length
> > + * dependent.
> > + */
>
> This looks fine, thanks for adding the description.
OK, thanks for checking it.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 11/28] arm64/sve: Core task context handling
@ 2017-10-12 16:05 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-12 16:05 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 11, 2017 at 05:15:58PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:28PM +0100, Dave P Martin wrote:
> > diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> > index 026a7c7..b1409de 100644
> > --- a/arch/arm64/include/asm/fpsimd.h
> > +++ b/arch/arm64/include/asm/fpsimd.h
> > @@ -72,6 +75,20 @@ extern void sve_load_state(void const *state, u32 const *pfpsr,
> > unsigned long vq_minus_1);
> > extern unsigned int sve_get_vl(void);
> >
> > +#ifdef CONFIG_ARM64_SVE
> > +
> > +extern size_t sve_state_size(struct task_struct const *task);
> > +
> > +extern void sve_alloc(struct task_struct *task);
> > +extern void fpsimd_release_thread(struct task_struct *task);
> > +
> > +#else /* ! CONFIG_ARM64_SVE */
> > +
> > +static void __maybe_unused sve_alloc(struct task_struct *task) { }
> > +static void __maybe_unused fpsimd_release_thread(struct task_struct *task) { }
>
> Nitpick: usually we just add static inline functions here rather than
> __maybe_unused.
Fair enough -- come to think of it I've already converted some other
instances of this at Ard's request.
>
> > diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> > index 29adab8..4831d28 100644
> > --- a/arch/arm64/include/asm/processor.h
> > +++ b/arch/arm64/include/asm/processor.h
> > @@ -39,6 +47,8 @@
> > #define FPEXC_IDF (1 << 7)
> >
> > /*
> > + * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
> > + *
> > * In order to reduce the number of times the FPSIMD state is needlessly saved
> > * and restored, we need to keep track of two things:
> > * (a) for each task, we need to remember which CPU was the last one to have
> > @@ -99,6 +109,287 @@
> > */
> > static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
> >
> > +static void sve_free(struct task_struct *task)
> > +{
> > + kfree(task->thread.sve_state);
> > + task->thread.sve_state = NULL;
> > +}
>
> I think we need a WARN_ON if TIF_SVE is still set here (and the callers
> making sure it is cleared). I haven't checked the code paths via
> fpsimd_release_thread() but wondering what happens if we get an
> interrupt between freeing the state and making the pointer NULL, with
> some context switching in a preemptible kernel.
Having a WARN_ON() here may be a decent way to sanity-check that we
don't ever have sve_state NULL with TIF_SVE set. This is a lot more
economical than putting a WARN_ON() at each dereference of sve_state
(of which there are quite a few). sve_free() is also a slow path.
Currently, there are two callsites: sve_set_vector_length(), where we
test_and_clear_tsk_thread_flags(task, TIF_SVE) before calling sve_free();
and fpsimd_release_thread() where we "don't care" because the thread
is dying.
Looking more closely though, is the release_thread() path preemptible?
I can't see anything in the scheduler core to ensure this, nor any
general reason why it should be needed.
In which case preemption during thread exit after sve_free() could
result in a NULL deference in fpsimd_thread_switch().
So, I think my favoured approach is:
sve_release_thread()
{
local_bh_disable();
fpsimd_flush_task_state(current);
clear_thread_flag(TIF_SVE);
local_bh_enable();
sve_free();
}
The local_bh stuff is cumbersome here, and could be replaced with
barrier()s to force the order of fpsimd_flusk_task_state() versus
clearing TIF_SVE. Or should the barrier really be in
fpsimd_flush_task_state()? Disabling softirqs avoids the need to answer
such questions...
Then:
sve_free(task)
{
WARN_ON(test_thread_flag(TIF_SVE));
barrier();
kfree(task->thread.sve_state);
tash->thread.sve_state = NULL;
}
I'm assuming here that kfree() can't be called safely from atomic
context, but this is unclear. I would expect to be able to free
GFP_ATOMIC memory from atomic context (though sve_statue is GFP_KERNEL,
so dunno).
> Alternatively, always clear TIF_SVE here before freeing (also wondering
> whether we should make sve_state NULL before the actual freeing but I
> think TIF_SVE clearing should suffice).
Could do. I feel that the current placement of the TIF_SVE clearing in
sve_set_vector_length() feels "more natural", but this is a pretty
flimsy argument. How strongly do you feel about this?
[...]
> > + * * TIF_SVE set:
[...]
> > + * * TIF_SVE clear:
> > + *
> > + * An attempt by the user task to execute an SVE instruction causes
> > + * do_sve_acc() to be called, which does some preparation and then
> > + * sets TIF_SVE.
> > + *
> > + * When stored, FPSIMD registers V0-V31 are encoded in
> > + * task->fpsimd_state; bits [max : 128] for each of Z0-Z31 are
> > + * logically zero but not stored anywhere; P0-P15 and FFR are not
> > + * stored and have unspecified values from userspace's point of
> > + * view. For hygiene purposes, the kernel zeroes them on next use,
> > + * but userspace is discouraged from relying on this.
> > + *
> > + * task->thread.sve_state does not need to be non-NULL, valid or any
> > + * particular size: it must not be dereferenced.
> > + *
> > + * * FPSR and FPCR are always stored in task->fpsimd_state irrespctive of
> > + * whether TIF_SVE is clear or set, since these are not vector length
> > + * dependent.
> > + */
>
> This looks fine, thanks for adding the description.
OK, thanks for checking it.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 13/28] arm64/sve: Signal handling support
2017-10-11 16:40 ` Catalin Marinas
@ 2017-10-12 16:11 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-12 16:11 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alex Bennée,
kvmarm, linux-arm-kernel
On Wed, Oct 11, 2017 at 05:40:52PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > index aabeaee..fa4ed34 100644
> > --- a/arch/arm64/kernel/fpsimd.c
> > +++ b/arch/arm64/kernel/fpsimd.c
> > @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> > sizeof(fst->vregs[i]));
> > }
> >
> > +/*
> > + * Transfer the SVE state in task->thread.sve_state to
> > + * task->thread.fpsimd_state.
> > + *
> > + * Task can be a non-runnable task, or current. In the latter case,
> > + * softirqs (and preemption) must be disabled.
> > + * task->thread.sve_state must point to at least sve_state_size(task)
> > + * bytes of allocated kernel memory.
> > + * task->thread.sve_state must be up to date before calling this function.
> > + */
> > +static void sve_to_fpsimd(struct task_struct *task)
> > +{
> > + unsigned int vq;
> > + void const *sst = task->thread.sve_state;
> > + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> > + unsigned int i;
> > +
> > + if (!system_supports_sve())
> > + return;
> > +
> > + vq = sve_vq_from_vl(task->thread.sve_vl);
> > + for (i = 0; i < 32; ++i)
> > + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> > + sizeof(fst->vregs[i]));
> > +}
>
> Nit: could we actually just do an assignment with some pointer casting?
> It looks like we invoke memcpy for every 16 bytes (same for
> fpsimd_to_sve).
I was uneasy about what the type of ZREG(sst, vq, i) ought to be.
In any case, memest() is magic: my oldskool GCC (5.3.0) generates:
ffff000008084c70 <sve_to_fpsimd>:
ffff000008084c70: 14000004 b ffff000008084c80 <sve_to_fpsimd+0x10>
ffff000008084c74: d503201f nop
ffff000008084c78: d65f03c0 ret
ffff000008084c7c: d503201f nop
ffff000008084c80: f0007d61 adrp x1, ffff000009033000 <reset_devices>
ffff000008084c84: f942a021 ldr x1, [x1,#1344]
ffff000008084c88: 36b001c1 tbz w1, #22, ffff000008084cc0 <sve_to_fpsimd+0x50>
ffff000008084c8c: b94ca805 ldr w5, [x0,#3240]
ffff000008084c90: 912a0001 add x1, x0, #0xa80
ffff000008084c94: 91320004 add x4, x0, #0xc80
ffff000008084c98: f9465006 ldr x6, [x0,#3232]
ffff000008084c9c: 121c6ca5 and w5, w5, #0xfffffff0
ffff000008084ca0: 52800000 mov w0, #0x0 // #0
ffff000008084ca4: 8b2040c2 add x2, x6, w0, uxtw
ffff000008084ca8: 0b050000 add w0, w0, w5
ffff000008084cac: a9400c42 ldp x2, x3, [x2]
ffff000008084cb0: a8810c22 stp x2, x3, [x1],#16
ffff000008084cb4: eb01009f cmp x4, x1
ffff000008084cb8: 54ffff61 b.ne ffff000008084ca4 <sve_to_fpsimd+0x34>
ffff000008084cbc: d65f03c0 ret
ffff000008084cc0: d65f03c0 ret
ffff000008084cc4: d503201f nop
Without volatile, I think assigning a single object and doing a memcpy()
are equivalent to the compiler: which it actually uses depends solely on
optimisation considerations.
(But then I'm not a language lawyer ... not a professional one anyway).
Are you concerned compilers may mess this up?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 13/28] arm64/sve: Signal handling support
@ 2017-10-12 16:11 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-12 16:11 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 11, 2017 at 05:40:52PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > index aabeaee..fa4ed34 100644
> > --- a/arch/arm64/kernel/fpsimd.c
> > +++ b/arch/arm64/kernel/fpsimd.c
> > @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> > sizeof(fst->vregs[i]));
> > }
> >
> > +/*
> > + * Transfer the SVE state in task->thread.sve_state to
> > + * task->thread.fpsimd_state.
> > + *
> > + * Task can be a non-runnable task, or current. In the latter case,
> > + * softirqs (and preemption) must be disabled.
> > + * task->thread.sve_state must point to at least sve_state_size(task)
> > + * bytes of allocated kernel memory.
> > + * task->thread.sve_state must be up to date before calling this function.
> > + */
> > +static void sve_to_fpsimd(struct task_struct *task)
> > +{
> > + unsigned int vq;
> > + void const *sst = task->thread.sve_state;
> > + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> > + unsigned int i;
> > +
> > + if (!system_supports_sve())
> > + return;
> > +
> > + vq = sve_vq_from_vl(task->thread.sve_vl);
> > + for (i = 0; i < 32; ++i)
> > + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> > + sizeof(fst->vregs[i]));
> > +}
>
> Nit: could we actually just do an assignment with some pointer casting?
> It looks like we invoke memcpy for every 16 bytes (same for
> fpsimd_to_sve).
I was uneasy about what the type of ZREG(sst, vq, i) ought to be.
In any case, memest() is magic: my oldskool GCC (5.3.0) generates:
ffff000008084c70 <sve_to_fpsimd>:
ffff000008084c70: 14000004 b ffff000008084c80 <sve_to_fpsimd+0x10>
ffff000008084c74: d503201f nop
ffff000008084c78: d65f03c0 ret
ffff000008084c7c: d503201f nop
ffff000008084c80: f0007d61 adrp x1, ffff000009033000 <reset_devices>
ffff000008084c84: f942a021 ldr x1, [x1,#1344]
ffff000008084c88: 36b001c1 tbz w1, #22, ffff000008084cc0 <sve_to_fpsimd+0x50>
ffff000008084c8c: b94ca805 ldr w5, [x0,#3240]
ffff000008084c90: 912a0001 add x1, x0, #0xa80
ffff000008084c94: 91320004 add x4, x0, #0xc80
ffff000008084c98: f9465006 ldr x6, [x0,#3232]
ffff000008084c9c: 121c6ca5 and w5, w5, #0xfffffff0
ffff000008084ca0: 52800000 mov w0, #0x0 // #0
ffff000008084ca4: 8b2040c2 add x2, x6, w0, uxtw
ffff000008084ca8: 0b050000 add w0, w0, w5
ffff000008084cac: a9400c42 ldp x2, x3, [x2]
ffff000008084cb0: a8810c22 stp x2, x3, [x1],#16
ffff000008084cb4: eb01009f cmp x4, x1
ffff000008084cb8: 54ffff61 b.ne ffff000008084ca4 <sve_to_fpsimd+0x34>
ffff000008084cbc: d65f03c0 ret
ffff000008084cc0: d65f03c0 ret
ffff000008084cc4: d503201f nop
Without volatile, I think assigning a single object and doing a memcpy()
are equivalent to the compiler: which it actually uses depends solely on
optimisation considerations.
(But then I'm not a language lawyer ... not a professional one anyway).
Are you concerned compilers may mess this up?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
2017-10-10 18:38 ` Dave Martin
@ 2017-10-12 17:06 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:06 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Alan Hayward, Will Deacon,
Richard Sandiford, Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> return ret;
> }
>
> +#ifdef CONFIG_ARM64_SVE
> +
> +static void sve_init_header_from_task(struct user_sve_header *header,
> + struct task_struct *target)
> +{
> + unsigned int vq;
> +
> + memset(header, 0, sizeof(*header));
> +
> + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
happened with the target. Just a thought: shall we clear TIF_SVE (and
sync it to fpsimd) in syscall_trace_enter()?
> + if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT))
> + header->flags |= SVE_PT_VL_INHERIT;
> +
> + header->vl = target->thread.sve_vl;
> + vq = sve_vq_from_vl(header->vl);
> +
> + header->max_vl = sve_max_vl;
> + if (WARN_ON(!sve_vl_valid(sve_max_vl)))
> + header->max_vl = header->vl;
> +
> + header->size = SVE_PT_SIZE(vq, header->flags);
> + header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl),
> + SVE_PT_REGS_SVE);
> +}
[...]
> +static int sve_set(struct task_struct *target,
> + const struct user_regset *regset,
> + unsigned int pos, unsigned int count,
> + const void *kbuf, const void __user *ubuf)
> +{
> + int ret;
> + struct user_sve_header header;
> + unsigned int vq;
> + unsigned long start, end;
> +
> + if (!system_supports_sve())
> + return -EINVAL;
> +
> + /* Header */
> + if (count < sizeof(header))
> + return -EINVAL;
> + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header,
> + 0, sizeof(header));
> + if (ret)
> + goto out;
> +
> + /*
> + * Apart from PT_SVE_REGS_MASK, all PT_SVE_* flags are consumed by
> + * sve_set_vector_length(), which will also validate them for us:
> + */
> + ret = sve_set_vector_length(target, header.vl,
> + ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16);
> + if (ret)
> + goto out;
> +
> + /* Actual VL set may be less than the user asked for: */
> + vq = sve_vq_from_vl(target->thread.sve_vl);
> +
> + /* Registers: FPSIMD-only case */
> +
> + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> + sve_sync_to_fpsimd(target);
> +
> + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> + SVE_PT_FPSIMD_OFFSET);
> + clear_tsk_thread_flag(target, TIF_SVE);
> + goto out;
> + }
__fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
need this since we are going to override the FPSIMD state anyway here.
> +
> + /* Otherwise: full SVE case */
> +
> + /*
> + * If setting a different VL from the requested VL and there is
> + * register data, the data layout will be wrong: don't even
> + * try to set the registers in this case.
> + */
> + if (count && vq != sve_vq_from_vl(header.vl)) {
> + ret = -EIO;
> + goto out;
> + }
> +
> + sve_alloc(target);
> + fpsimd_sync_to_sve(target);
Similarly here, it's a full SVE case, so we are going to override it
anyway.
> + set_tsk_thread_flag(target, TIF_SVE);
This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
which may be cleared in some circumstances. It may not be an issue
though.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-12 17:06 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:06 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> return ret;
> }
>
> +#ifdef CONFIG_ARM64_SVE
> +
> +static void sve_init_header_from_task(struct user_sve_header *header,
> + struct task_struct *target)
> +{
> + unsigned int vq;
> +
> + memset(header, 0, sizeof(*header));
> +
> + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
happened with the target. Just a thought: shall we clear TIF_SVE (and
sync it to fpsimd) in syscall_trace_enter()?
> + if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT))
> + header->flags |= SVE_PT_VL_INHERIT;
> +
> + header->vl = target->thread.sve_vl;
> + vq = sve_vq_from_vl(header->vl);
> +
> + header->max_vl = sve_max_vl;
> + if (WARN_ON(!sve_vl_valid(sve_max_vl)))
> + header->max_vl = header->vl;
> +
> + header->size = SVE_PT_SIZE(vq, header->flags);
> + header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl),
> + SVE_PT_REGS_SVE);
> +}
[...]
> +static int sve_set(struct task_struct *target,
> + const struct user_regset *regset,
> + unsigned int pos, unsigned int count,
> + const void *kbuf, const void __user *ubuf)
> +{
> + int ret;
> + struct user_sve_header header;
> + unsigned int vq;
> + unsigned long start, end;
> +
> + if (!system_supports_sve())
> + return -EINVAL;
> +
> + /* Header */
> + if (count < sizeof(header))
> + return -EINVAL;
> + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header,
> + 0, sizeof(header));
> + if (ret)
> + goto out;
> +
> + /*
> + * Apart from PT_SVE_REGS_MASK, all PT_SVE_* flags are consumed by
> + * sve_set_vector_length(), which will also validate them for us:
> + */
> + ret = sve_set_vector_length(target, header.vl,
> + ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16);
> + if (ret)
> + goto out;
> +
> + /* Actual VL set may be less than the user asked for: */
> + vq = sve_vq_from_vl(target->thread.sve_vl);
> +
> + /* Registers: FPSIMD-only case */
> +
> + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> + sve_sync_to_fpsimd(target);
> +
> + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> + SVE_PT_FPSIMD_OFFSET);
> + clear_tsk_thread_flag(target, TIF_SVE);
> + goto out;
> + }
__fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
need this since we are going to override the FPSIMD state anyway here.
> +
> + /* Otherwise: full SVE case */
> +
> + /*
> + * If setting a different VL from the requested VL and there is
> + * register data, the data layout will be wrong: don't even
> + * try to set the registers in this case.
> + */
> + if (count && vq != sve_vq_from_vl(header.vl)) {
> + ret = -EIO;
> + goto out;
> + }
> +
> + sve_alloc(target);
> + fpsimd_sync_to_sve(target);
Similarly here, it's a full SVE case, so we are going to override it
anyway.
> + set_tsk_thread_flag(target, TIF_SVE);
This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
which may be cleared in some circumstances. It may not be an issue
though.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 20/28] arm64/sve: Add prctl controls for userspace vector length management
2017-10-10 18:38 ` Dave Martin
@ 2017-10-12 17:11 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:11 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:37PM +0100, Dave P Martin wrote:
> This patch adds two arm64-specific prctls, to permit userspace to
> control its vector length:
>
> * PR_SVE_SET_VL: set the thread's SVE vector length and vector
> length inheritance mode.
>
> * PR_SVE_GET_VL: get the same information.
>
> Although these calls shadow instruction set features in the SVE
> architecture, these prctls provide additional control: the vector
> length inheritance mode is Linux-specific and nothing to do with
> the architecture, and the architecture does not permit EL0 to set
> its own vector length directly. Both can be used in portable tools
> without requiring the use of SVE instructions.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 20/28] arm64/sve: Add prctl controls for userspace vector length management
@ 2017-10-12 17:11 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:11 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:37PM +0100, Dave P Martin wrote:
> This patch adds two arm64-specific prctls, to permit userspace to
> control its vector length:
>
> * PR_SVE_SET_VL: set the thread's SVE vector length and vector
> length inheritance mode.
>
> * PR_SVE_GET_VL: get the same information.
>
> Although these calls shadow instruction set features in the SVE
> architecture, these prctls provide additional control: the vector
> length inheritance mode is Linux-specific and nothing to do with
> the architecture, and the architecture does not permit EL0 to set
> its own vector length directly. Both can be used in portable tools
> without requiring the use of SVE instructions.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 21/28] arm64/sve: Add sysctl to set the default vector length for new processes
2017-10-10 18:38 ` Dave Martin
@ 2017-10-12 17:11 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:11 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:38PM +0100, Dave P Martin wrote:
> Because of the effect of SVE on the size of the signal frame, the
> default vector length used for new processes involves a tradeoff
> between performance of SVE-enabled software on the one hand, and
> reliability of non-SVE-aware software on the other hand.
>
> For this reason, the best choice depends on the repertoire of
> userspace software in use and is thus best left up to distro
> maintainers, sysadmins and developers.
>
> If CONFIG_SYSCTL is enabled, this patch exposes the default vector
> length in /proc/sys/abi/sve_default_vector_length, where boot
> scripts or the adventurous can poke it.
>
> In common with other arm64 ABI sysctls, this control is currently
> global: setting it requires CAP_SYS_ADMIN in the root user
> namespace, but the value set is effective for subsequent execs in
> all namespaces. The control only affects _new_ processes, however:
> changing it does not affect the vector length of any existing
> process.
>
> The intended usage model is that if userspace is known to be fully
> SVE-tolerant (or a developer is curious to find out) then init
> scripts can crank this up during startup.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 21/28] arm64/sve: Add sysctl to set the default vector length for new processes
@ 2017-10-12 17:11 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:11 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:38PM +0100, Dave P Martin wrote:
> Because of the effect of SVE on the size of the signal frame, the
> default vector length used for new processes involves a tradeoff
> between performance of SVE-enabled software on the one hand, and
> reliability of non-SVE-aware software on the other hand.
>
> For this reason, the best choice depends on the repertoire of
> userspace software in use and is thus best left up to distro
> maintainers, sysadmins and developers.
>
> If CONFIG_SYSCTL is enabled, this patch exposes the default vector
> length in /proc/sys/abi/sve_default_vector_length, where boot
> scripts or the adventurous can poke it.
>
> In common with other arm64 ABI sysctls, this control is currently
> global: setting it requires CAP_SYS_ADMIN in the root user
> namespace, but the value set is effective for subsequent execs in
> all namespaces. The control only affects _new_ processes, however:
> changing it does not affect the vector length of any existing
> process.
>
> The intended usage model is that if userspace is known to be fully
> SVE-tolerant (or a developer is curious to find out) then init
> scripts can crank this up during startup.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-10 18:38 ` Dave Martin
@ 2017-10-12 17:13 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:13 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Marc Zyngier,
Richard Sandiford, Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave P Martin wrote:
> Until KVM has full SVE support, guests must not be allowed to
> execute SVE instructions.
>
> This patch enables the necessary traps, and also ensures that the
> traps are disabled again on exit from the guest so that the host
> can still use SVE if it wants to.
>
> This patch introduces another instance of
> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> Other instances are ported appropriately.
>
> As a side effect of this refactoring, a this_cpu_write() in
> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> should be fine, since cpu_pm_enter() is supposed to be called only
> with interrupts disabled.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-12 17:13 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:13 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave P Martin wrote:
> Until KVM has full SVE support, guests must not be allowed to
> execute SVE instructions.
>
> This patch enables the necessary traps, and also ensures that the
> traps are disabled again on exit from the guest so that the host
> can still use SVE if it wants to.
>
> This patch introduces another instance of
> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> Other instances are ported appropriately.
>
> As a side effect of this refactoring, a this_cpu_write() in
> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> should be fine, since cpu_pm_enter() is supposed to be called only
> with interrupts disabled.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 23/28] arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
2017-10-10 18:38 ` Dave Martin
@ 2017-10-12 17:13 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:13 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:40PM +0100, Dave P Martin wrote:
> When trapping forbidden attempts by a guest to use SVE, we want the
> guest to see a trap consistent with SVE not being implemented.
>
> This patch injects an undefined instruction exception into the
> guest in response to such an exception.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 23/28] arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
@ 2017-10-12 17:13 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:13 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:40PM +0100, Dave P Martin wrote:
> When trapping forbidden attempts by a guest to use SVE, we want the
> guest to see a trap consistent with SVE not being implemented.
>
> This patch injects an undefined instruction exception into the
> guest in response to such an exception.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
2017-10-10 18:38 ` Dave Martin
@ 2017-10-12 17:13 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:13 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Will Deacon, Marc Zyngier,
Richard Sandiford, Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave P Martin wrote:
> KVM guests cannot currently use SVE, because SVE is always
> configured to trap to EL2.
>
> However, a guest that sees SVE reported as present in
> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> use it. Instead of working, the guest will receive an injected
> undef exception, which may cause the guest to oops or go into a
> spin.
>
> To avoid misleading the guest into believing that SVE will work,
> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> guest attempts to read this register. No support is explicitly
> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> reading as zero, which is consistent with SVE not being
> implemented.
>
> This is a temporary measure, and will be removed in a later series
> when full KVM support for SVE is implemented.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-12 17:13 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:13 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave P Martin wrote:
> KVM guests cannot currently use SVE, because SVE is always
> configured to trap to EL2.
>
> However, a guest that sees SVE reported as present in
> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> use it. Instead of working, the guest will receive an injected
> undef exception, which may cause the guest to oops or go into a
> spin.
>
> To avoid misleading the guest into believing that SVE will work,
> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> guest attempts to read this register. No support is explicitly
> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> reading as zero, which is consistent with SVE not being
> implemented.
>
> This is a temporary measure, and will be removed in a later series
> when full KVM support for SVE is implemented.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 25/28] arm64/sve: Detect SVE and activate runtime support
@ 2017-10-12 17:14 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:14 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, kvmarm,
linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:42PM +0100, Dave P Martin wrote:
> This patch enables detection of hardware SVE support via the
> cpufeatures framework, and reports its presence to the kernel and
> userspace via the new ARM64_SVE cpucap and HWCAP_SVE hwcap
> respectively.
>
> Userspace can also detect SVE using ID_AA64PFR0_EL1, using the
> cpufeatures MRS emulation.
>
> When running on hardware that supports SVE, this enables runtime
> kernel support for SVE, and allows user tasks to execute SVE
> instructions and make of the of the SVE-specific user/kernel
> interface extensions implemented by this series.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 25/28] arm64/sve: Detect SVE and activate runtime support
@ 2017-10-12 17:14 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:14 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Suzuki K Poulose, Will Deacon,
Richard Sandiford, Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:42PM +0100, Dave P Martin wrote:
> This patch enables detection of hardware SVE support via the
> cpufeatures framework, and reports its presence to the kernel and
> userspace via the new ARM64_SVE cpucap and HWCAP_SVE hwcap
> respectively.
>
> Userspace can also detect SVE using ID_AA64PFR0_EL1, using the
> cpufeatures MRS emulation.
>
> When running on hardware that supports SVE, this enables runtime
> kernel support for SVE, and allows user tasks to execute SVE
> instructions and make of the of the SVE-specific user/kernel
> interface extensions implemented by this series.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 25/28] arm64/sve: Detect SVE and activate runtime support
@ 2017-10-12 17:14 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-12 17:14 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:42PM +0100, Dave P Martin wrote:
> This patch enables detection of hardware SVE support via the
> cpufeatures framework, and reports its presence to the kernel and
> userspace via the new ARM64_SVE cpucap and HWCAP_SVE hwcap
> respectively.
>
> Userspace can also detect SVE using ID_AA64PFR0_EL1, using the
> cpufeatures MRS emulation.
>
> When running on hardware that supports SVE, this enables runtime
> kernel support for SVE, and allows user tasks to execute SVE
> instructions and make of the of the SVE-specific user/kernel
> interface extensions implemented by this series.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 13/28] arm64/sve: Signal handling support
@ 2017-10-13 11:17 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-13 11:17 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, kvmarm,
linux-arm-kernel
On Thu, Oct 12, 2017 at 05:11:57PM +0100, Dave P Martin wrote:
> On Wed, Oct 11, 2017 at 05:40:52PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> > > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > > index aabeaee..fa4ed34 100644
> > > --- a/arch/arm64/kernel/fpsimd.c
> > > +++ b/arch/arm64/kernel/fpsimd.c
> > > @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> > > sizeof(fst->vregs[i]));
> > > }
> > >
> > > +/*
> > > + * Transfer the SVE state in task->thread.sve_state to
> > > + * task->thread.fpsimd_state.
> > > + *
> > > + * Task can be a non-runnable task, or current. In the latter case,
> > > + * softirqs (and preemption) must be disabled.
> > > + * task->thread.sve_state must point to at least sve_state_size(task)
> > > + * bytes of allocated kernel memory.
> > > + * task->thread.sve_state must be up to date before calling this function.
> > > + */
> > > +static void sve_to_fpsimd(struct task_struct *task)
> > > +{
> > > + unsigned int vq;
> > > + void const *sst = task->thread.sve_state;
> > > + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> > > + unsigned int i;
> > > +
> > > + if (!system_supports_sve())
> > > + return;
> > > +
> > > + vq = sve_vq_from_vl(task->thread.sve_vl);
> > > + for (i = 0; i < 32; ++i)
> > > + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> > > + sizeof(fst->vregs[i]));
> > > +}
> >
> > Nit: could we actually just do an assignment with some pointer casting?
> > It looks like we invoke memcpy for every 16 bytes (same for
> > fpsimd_to_sve).
>
> I was uneasy about what the type of ZREG(sst, vq, i) ought to be.
> In any case, memest() is magic: my oldskool GCC (5.3.0) generates:
>
> ffff000008084c70 <sve_to_fpsimd>:
> ffff000008084c70: 14000004 b ffff000008084c80 <sve_to_fpsimd+0x10>
> ffff000008084c74: d503201f nop
> ffff000008084c78: d65f03c0 ret
> ffff000008084c7c: d503201f nop
> ffff000008084c80: f0007d61 adrp x1, ffff000009033000 <reset_devices>
> ffff000008084c84: f942a021 ldr x1, [x1,#1344]
> ffff000008084c88: 36b001c1 tbz w1, #22, ffff000008084cc0 <sve_to_fpsimd+0x50>
> ffff000008084c8c: b94ca805 ldr w5, [x0,#3240]
> ffff000008084c90: 912a0001 add x1, x0, #0xa80
> ffff000008084c94: 91320004 add x4, x0, #0xc80
> ffff000008084c98: f9465006 ldr x6, [x0,#3232]
> ffff000008084c9c: 121c6ca5 and w5, w5, #0xfffffff0
> ffff000008084ca0: 52800000 mov w0, #0x0 // #0
> ffff000008084ca4: 8b2040c2 add x2, x6, w0, uxtw
> ffff000008084ca8: 0b050000 add w0, w0, w5
> ffff000008084cac: a9400c42 ldp x2, x3, [x2]
> ffff000008084cb0: a8810c22 stp x2, x3, [x1],#16
> ffff000008084cb4: eb01009f cmp x4, x1
> ffff000008084cb8: 54ffff61 b.ne ffff000008084ca4 <sve_to_fpsimd+0x34>
> ffff000008084cbc: d65f03c0 ret
> ffff000008084cc0: d65f03c0 ret
> ffff000008084cc4: d503201f nop
>
>
> Without volatile, I think assigning a single object and doing a memcpy()
> are equivalent to the compiler: which it actually uses depends solely on
> optimisation considerations.
>
> (But then I'm not a language lawyer ... not a professional one anyway).
>
> Are you concerned compilers may mess this up?
That's fine, please ignore my comment then. I was worried that gcc would
always generate a call to the memcpy implementation rather than inlining
it.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 13/28] arm64/sve: Signal handling support
@ 2017-10-13 11:17 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-13 11:17 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alex Bennée,
kvmarm, linux-arm-kernel
On Thu, Oct 12, 2017 at 05:11:57PM +0100, Dave P Martin wrote:
> On Wed, Oct 11, 2017 at 05:40:52PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> > > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > > index aabeaee..fa4ed34 100644
> > > --- a/arch/arm64/kernel/fpsimd.c
> > > +++ b/arch/arm64/kernel/fpsimd.c
> > > @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> > > sizeof(fst->vregs[i]));
> > > }
> > >
> > > +/*
> > > + * Transfer the SVE state in task->thread.sve_state to
> > > + * task->thread.fpsimd_state.
> > > + *
> > > + * Task can be a non-runnable task, or current. In the latter case,
> > > + * softirqs (and preemption) must be disabled.
> > > + * task->thread.sve_state must point to at least sve_state_size(task)
> > > + * bytes of allocated kernel memory.
> > > + * task->thread.sve_state must be up to date before calling this function.
> > > + */
> > > +static void sve_to_fpsimd(struct task_struct *task)
> > > +{
> > > + unsigned int vq;
> > > + void const *sst = task->thread.sve_state;
> > > + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> > > + unsigned int i;
> > > +
> > > + if (!system_supports_sve())
> > > + return;
> > > +
> > > + vq = sve_vq_from_vl(task->thread.sve_vl);
> > > + for (i = 0; i < 32; ++i)
> > > + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> > > + sizeof(fst->vregs[i]));
> > > +}
> >
> > Nit: could we actually just do an assignment with some pointer casting?
> > It looks like we invoke memcpy for every 16 bytes (same for
> > fpsimd_to_sve).
>
> I was uneasy about what the type of ZREG(sst, vq, i) ought to be.
> In any case, memest() is magic: my oldskool GCC (5.3.0) generates:
>
> ffff000008084c70 <sve_to_fpsimd>:
> ffff000008084c70: 14000004 b ffff000008084c80 <sve_to_fpsimd+0x10>
> ffff000008084c74: d503201f nop
> ffff000008084c78: d65f03c0 ret
> ffff000008084c7c: d503201f nop
> ffff000008084c80: f0007d61 adrp x1, ffff000009033000 <reset_devices>
> ffff000008084c84: f942a021 ldr x1, [x1,#1344]
> ffff000008084c88: 36b001c1 tbz w1, #22, ffff000008084cc0 <sve_to_fpsimd+0x50>
> ffff000008084c8c: b94ca805 ldr w5, [x0,#3240]
> ffff000008084c90: 912a0001 add x1, x0, #0xa80
> ffff000008084c94: 91320004 add x4, x0, #0xc80
> ffff000008084c98: f9465006 ldr x6, [x0,#3232]
> ffff000008084c9c: 121c6ca5 and w5, w5, #0xfffffff0
> ffff000008084ca0: 52800000 mov w0, #0x0 // #0
> ffff000008084ca4: 8b2040c2 add x2, x6, w0, uxtw
> ffff000008084ca8: 0b050000 add w0, w0, w5
> ffff000008084cac: a9400c42 ldp x2, x3, [x2]
> ffff000008084cb0: a8810c22 stp x2, x3, [x1],#16
> ffff000008084cb4: eb01009f cmp x4, x1
> ffff000008084cb8: 54ffff61 b.ne ffff000008084ca4 <sve_to_fpsimd+0x34>
> ffff000008084cbc: d65f03c0 ret
> ffff000008084cc0: d65f03c0 ret
> ffff000008084cc4: d503201f nop
>
>
> Without volatile, I think assigning a single object and doing a memcpy()
> are equivalent to the compiler: which it actually uses depends solely on
> optimisation considerations.
>
> (But then I'm not a language lawyer ... not a professional one anyway).
>
> Are you concerned compilers may mess this up?
That's fine, please ignore my comment then. I was worried that gcc would
always generate a call to the memcpy implementation rather than inlining
it.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 13/28] arm64/sve: Signal handling support
@ 2017-10-13 11:17 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-13 11:17 UTC (permalink / raw)
To: linux-arm-kernel
On Thu, Oct 12, 2017 at 05:11:57PM +0100, Dave P Martin wrote:
> On Wed, Oct 11, 2017 at 05:40:52PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> > > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > > index aabeaee..fa4ed34 100644
> > > --- a/arch/arm64/kernel/fpsimd.c
> > > +++ b/arch/arm64/kernel/fpsimd.c
> > > @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> > > sizeof(fst->vregs[i]));
> > > }
> > >
> > > +/*
> > > + * Transfer the SVE state in task->thread.sve_state to
> > > + * task->thread.fpsimd_state.
> > > + *
> > > + * Task can be a non-runnable task, or current. In the latter case,
> > > + * softirqs (and preemption) must be disabled.
> > > + * task->thread.sve_state must point to at least sve_state_size(task)
> > > + * bytes of allocated kernel memory.
> > > + * task->thread.sve_state must be up to date before calling this function.
> > > + */
> > > +static void sve_to_fpsimd(struct task_struct *task)
> > > +{
> > > + unsigned int vq;
> > > + void const *sst = task->thread.sve_state;
> > > + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> > > + unsigned int i;
> > > +
> > > + if (!system_supports_sve())
> > > + return;
> > > +
> > > + vq = sve_vq_from_vl(task->thread.sve_vl);
> > > + for (i = 0; i < 32; ++i)
> > > + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> > > + sizeof(fst->vregs[i]));
> > > +}
> >
> > Nit: could we actually just do an assignment with some pointer casting?
> > It looks like we invoke memcpy for every 16 bytes (same for
> > fpsimd_to_sve).
>
> I was uneasy about what the type of ZREG(sst, vq, i) ought to be.
> In any case, memest() is magic: my oldskool GCC (5.3.0) generates:
>
> ffff000008084c70 <sve_to_fpsimd>:
> ffff000008084c70: 14000004 b ffff000008084c80 <sve_to_fpsimd+0x10>
> ffff000008084c74: d503201f nop
> ffff000008084c78: d65f03c0 ret
> ffff000008084c7c: d503201f nop
> ffff000008084c80: f0007d61 adrp x1, ffff000009033000 <reset_devices>
> ffff000008084c84: f942a021 ldr x1, [x1,#1344]
> ffff000008084c88: 36b001c1 tbz w1, #22, ffff000008084cc0 <sve_to_fpsimd+0x50>
> ffff000008084c8c: b94ca805 ldr w5, [x0,#3240]
> ffff000008084c90: 912a0001 add x1, x0, #0xa80
> ffff000008084c94: 91320004 add x4, x0, #0xc80
> ffff000008084c98: f9465006 ldr x6, [x0,#3232]
> ffff000008084c9c: 121c6ca5 and w5, w5, #0xfffffff0
> ffff000008084ca0: 52800000 mov w0, #0x0 // #0
> ffff000008084ca4: 8b2040c2 add x2, x6, w0, uxtw
> ffff000008084ca8: 0b050000 add w0, w0, w5
> ffff000008084cac: a9400c42 ldp x2, x3, [x2]
> ffff000008084cb0: a8810c22 stp x2, x3, [x1],#16
> ffff000008084cb4: eb01009f cmp x4, x1
> ffff000008084cb8: 54ffff61 b.ne ffff000008084ca4 <sve_to_fpsimd+0x34>
> ffff000008084cbc: d65f03c0 ret
> ffff000008084cc0: d65f03c0 ret
> ffff000008084cc4: d503201f nop
>
>
> Without volatile, I think assigning a single object and doing a memcpy()
> are equivalent to the compiler: which it actually uses depends solely on
> optimisation considerations.
>
> (But then I'm not a language lawyer ... not a professional one anyway).
>
> Are you concerned compilers may mess this up?
That's fine, please ignore my comment then. I was worried that gcc would
always generate a call to the memcpy implementation rather than inlining
it.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 11/28] arm64/sve: Core task context handling
2017-10-12 16:05 ` Dave Martin
@ 2017-10-13 13:57 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-13 13:57 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alex Bennée,
kvmarm, linux-arm-kernel
On Thu, Oct 12, 2017 at 05:05:07PM +0100, Dave P Martin wrote:
> On Wed, Oct 11, 2017 at 05:15:58PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:28PM +0100, Dave P Martin wrote:
> > > diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> > > index 29adab8..4831d28 100644
> > > --- a/arch/arm64/include/asm/processor.h
> > > +++ b/arch/arm64/include/asm/processor.h
> > > @@ -39,6 +47,8 @@
> > > #define FPEXC_IDF (1 << 7)
> > >
> > > /*
> > > + * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
> > > + *
> > > * In order to reduce the number of times the FPSIMD state is needlessly saved
> > > * and restored, we need to keep track of two things:
> > > * (a) for each task, we need to remember which CPU was the last one to have
> > > @@ -99,6 +109,287 @@
> > > */
> > > static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
> > >
> > > +static void sve_free(struct task_struct *task)
> > > +{
> > > + kfree(task->thread.sve_state);
> > > + task->thread.sve_state = NULL;
> > > +}
> >
> > I think we need a WARN_ON if TIF_SVE is still set here (and the callers
> > making sure it is cleared). I haven't checked the code paths via
> > fpsimd_release_thread() but wondering what happens if we get an
> > interrupt between freeing the state and making the pointer NULL, with
> > some context switching in a preemptible kernel.
>
> Having a WARN_ON() here may be a decent way to sanity-check that we
> don't ever have sve_state NULL with TIF_SVE set. This is a lot more
> economical than putting a WARN_ON() at each dereference of sve_state
> (of which there are quite a few). sve_free() is also a slow path.
>
> Currently, there are two callsites: sve_set_vector_length(), where we
> test_and_clear_tsk_thread_flags(task, TIF_SVE) before calling sve_free();
> and fpsimd_release_thread() where we "don't care" because the thread
> is dying.
>
> Looking more closely though, is the release_thread() path preemptible?
> I can't see anything in the scheduler core to ensure this, nor any
> general reason why it should be needed.
>
> In which case preemption during thread exit after sve_free() could
> result in a NULL deference in fpsimd_thread_switch().
>
>
> So, I think my favoured approach is:
>
> sve_release_thread()
> {
> local_bh_disable();
> fpsimd_flush_task_state(current);
> clear_thread_flag(TIF_SVE);
> local_bh_enable();
>
> sve_free();
> }
>
> The local_bh stuff is cumbersome here, and could be replaced with
> barrier()s to force the order of fpsimd_flusk_task_state() versus
> clearing TIF_SVE. Or should the barrier really be in
> fpsimd_flush_task_state()? Disabling softirqs avoids the need to answer
> such questions...
>
>
> Then:
>
> sve_free(task)
> {
> WARN_ON(test_thread_flag(TIF_SVE));
>
> barrier();
> kfree(task->thread.sve_state);
> tash->thread.sve_state = NULL;
> }
>
> I'm assuming here that kfree() can't be called safely from atomic
> context, but this is unclear. I would expect to be able to free
> GFP_ATOMIC memory from atomic context (though sve_statue is GFP_KERNEL,
> so dunno).
The kfree should be fine.
Alternative proposal: free the SVE state in arch_release_task_struct().
This is called via the RCU mechanism and the task is no longer current,
so no preemption issues.
> > Alternatively, always clear TIF_SVE here before freeing (also wondering
> > whether we should make sve_state NULL before the actual freeing but I
> > think TIF_SVE clearing should suffice).
>
> Could do. I feel that the current placement of the TIF_SVE clearing in
> sve_set_vector_length() feels "more natural", but this is a pretty
> flimsy argument. How strongly do you feel about this?
I agree with you, keep the TIF_SVE clearing in sve_set_vector_length().
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 11/28] arm64/sve: Core task context handling
@ 2017-10-13 13:57 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-13 13:57 UTC (permalink / raw)
To: linux-arm-kernel
On Thu, Oct 12, 2017 at 05:05:07PM +0100, Dave P Martin wrote:
> On Wed, Oct 11, 2017 at 05:15:58PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:28PM +0100, Dave P Martin wrote:
> > > diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> > > index 29adab8..4831d28 100644
> > > --- a/arch/arm64/include/asm/processor.h
> > > +++ b/arch/arm64/include/asm/processor.h
> > > @@ -39,6 +47,8 @@
> > > #define FPEXC_IDF (1 << 7)
> > >
> > > /*
> > > + * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
> > > + *
> > > * In order to reduce the number of times the FPSIMD state is needlessly saved
> > > * and restored, we need to keep track of two things:
> > > * (a) for each task, we need to remember which CPU was the last one to have
> > > @@ -99,6 +109,287 @@
> > > */
> > > static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
> > >
> > > +static void sve_free(struct task_struct *task)
> > > +{
> > > + kfree(task->thread.sve_state);
> > > + task->thread.sve_state = NULL;
> > > +}
> >
> > I think we need a WARN_ON if TIF_SVE is still set here (and the callers
> > making sure it is cleared). I haven't checked the code paths via
> > fpsimd_release_thread() but wondering what happens if we get an
> > interrupt between freeing the state and making the pointer NULL, with
> > some context switching in a preemptible kernel.
>
> Having a WARN_ON() here may be a decent way to sanity-check that we
> don't ever have sve_state NULL with TIF_SVE set. This is a lot more
> economical than putting a WARN_ON() at each dereference of sve_state
> (of which there are quite a few). sve_free() is also a slow path.
>
> Currently, there are two callsites: sve_set_vector_length(), where we
> test_and_clear_tsk_thread_flags(task, TIF_SVE) before calling sve_free();
> and fpsimd_release_thread() where we "don't care" because the thread
> is dying.
>
> Looking more closely though, is the release_thread() path preemptible?
> I can't see anything in the scheduler core to ensure this, nor any
> general reason why it should be needed.
>
> In which case preemption during thread exit after sve_free() could
> result in a NULL deference in fpsimd_thread_switch().
>
>
> So, I think my favoured approach is:
>
> sve_release_thread()
> {
> local_bh_disable();
> fpsimd_flush_task_state(current);
> clear_thread_flag(TIF_SVE);
> local_bh_enable();
>
> sve_free();
> }
>
> The local_bh stuff is cumbersome here, and could be replaced with
> barrier()s to force the order of fpsimd_flusk_task_state() versus
> clearing TIF_SVE. Or should the barrier really be in
> fpsimd_flush_task_state()? Disabling softirqs avoids the need to answer
> such questions...
>
>
> Then:
>
> sve_free(task)
> {
> WARN_ON(test_thread_flag(TIF_SVE));
>
> barrier();
> kfree(task->thread.sve_state);
> tash->thread.sve_state = NULL;
> }
>
> I'm assuming here that kfree() can't be called safely from atomic
> context, but this is unclear. I would expect to be able to free
> GFP_ATOMIC memory from atomic context (though sve_statue is GFP_KERNEL,
> so dunno).
The kfree should be fine.
Alternative proposal: free the SVE state in arch_release_task_struct().
This is called via the RCU mechanism and the task is no longer current,
so no preemption issues.
> > Alternatively, always clear TIF_SVE here before freeing (also wondering
> > whether we should make sve_state NULL before the actual freeing but I
> > think TIF_SVE clearing should suffice).
>
> Could do. I feel that the current placement of the TIF_SVE clearing in
> sve_set_vector_length() feels "more natural", but this is a pretty
> flimsy argument. How strongly do you feel about this?
I agree with you, keep the TIF_SVE clearing in sve_set_vector_length().
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-12 11:28 ` Marc Zyngier
@ 2017-10-13 14:15 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 14:15 UTC (permalink / raw)
To: Marc Zyngier
Cc: linux-arch, Christoffer Dall, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, Alex Bennée, kvmarm, linux-arm-kernel
On Thu, Oct 12, 2017 at 12:28:32PM +0100, Marc Zyngier wrote:
> On 12/10/17 12:04, Dave Martin wrote:
> > On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
> >> [+ Christoffer]
> >>
> >> On 10/10/17 19:38, Dave Martin wrote:
> >>> Until KVM has full SVE support, guests must not be allowed to
> >>> execute SVE instructions.
> >>>
> >>> This patch enables the necessary traps, and also ensures that the
> >>> traps are disabled again on exit from the guest so that the host
> >>> can still use SVE if it wants to.
> >>>
> >>> This patch introduces another instance of
> >>> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> >>> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> >>> Other instances are ported appropriately.
> >>>
> >>> As a side effect of this refactoring, a this_cpu_write() in
> >>> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> >>> should be fine, since cpu_pm_enter() is supposed to be called only
> >>> with interrupts disabled.
> >>>
> >>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> >>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> >>> Cc: Marc Zyngier <marc.zyngier@arm.com>
> >>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >>> ---
> >
> > [...]
> >
> >>> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> >>> index e923b58..674912d 100644
> >>> --- a/arch/arm64/include/asm/kvm_host.h
> >>> +++ b/arch/arm64/include/asm/kvm_host.h
> >
> > [...]
> >
> >>> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
> >
> > [...]
> >
> >>> +static inline void kvm_fpsimd_flush_cpu_state(void)
> >>> +{
> >>> + if (system_supports_sve())
> >>> + sve_flush_cpu_state();
> >>
> >> Hmmm. How does this work if...
> >
> > !IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
> > if CONFIG_ARM64_SVE is not set, the call is optimised away.
> >
> > [...]
> >
> >>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> >>> index a9cb794..6ae3703 100644
> >>> --- a/arch/arm64/kernel/fpsimd.c
> >>> +++ b/arch/arm64/kernel/fpsimd.c
> >>> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> >
> > [...]
> >
> >>> +#ifdef CONFIG_ARM64_SVE
> >>> +void sve_flush_cpu_state(void)
> >>> +{
> >>> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> >>> + struct task_struct *tsk;
> >>> +
> >>> + if (!fpstate)
> >>> + return;
> >>> +
> >>> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> >>> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> >>> + fpsimd_flush_cpu_state();
> >>> +}
> >>> +#endif /* CONFIG_ARM64_SVE */
> >>
> >> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
> >> moving the #ifdef/#endif inside the function...
> >
> > Because sve_flush_cpu_state() is not in the same compilation unit it
> > can't be static, and that means the compiler won't remove it
> > automatically if it's unused -- hence the #ifdef.
> >
> > Because the call site is optimised away, there is no link failure.
> >
> > Don't we rely on this sort of thing all over the place?
> Dunno. It just feels weird. But if you are sure that it won't break,
> fine by me. I guess we'll find out pretty quickly how this fares,
> specially with older toolchains.
I thought this was why the kernel doesn't support building with -O0.
There are many instances of this in the series, not just here.
Let me know if you feel this isn't good enough though.
Do you have any other comments on this patch?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-13 14:15 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 14:15 UTC (permalink / raw)
To: linux-arm-kernel
On Thu, Oct 12, 2017 at 12:28:32PM +0100, Marc Zyngier wrote:
> On 12/10/17 12:04, Dave Martin wrote:
> > On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
> >> [+ Christoffer]
> >>
> >> On 10/10/17 19:38, Dave Martin wrote:
> >>> Until KVM has full SVE support, guests must not be allowed to
> >>> execute SVE instructions.
> >>>
> >>> This patch enables the necessary traps, and also ensures that the
> >>> traps are disabled again on exit from the guest so that the host
> >>> can still use SVE if it wants to.
> >>>
> >>> This patch introduces another instance of
> >>> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> >>> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> >>> Other instances are ported appropriately.
> >>>
> >>> As a side effect of this refactoring, a this_cpu_write() in
> >>> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> >>> should be fine, since cpu_pm_enter() is supposed to be called only
> >>> with interrupts disabled.
> >>>
> >>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> >>> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> >>> Cc: Marc Zyngier <marc.zyngier@arm.com>
> >>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >>> ---
> >
> > [...]
> >
> >>> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> >>> index e923b58..674912d 100644
> >>> --- a/arch/arm64/include/asm/kvm_host.h
> >>> +++ b/arch/arm64/include/asm/kvm_host.h
> >
> > [...]
> >
> >>> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
> >
> > [...]
> >
> >>> +static inline void kvm_fpsimd_flush_cpu_state(void)
> >>> +{
> >>> + if (system_supports_sve())
> >>> + sve_flush_cpu_state();
> >>
> >> Hmmm. How does this work if...
> >
> > !IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
> > if CONFIG_ARM64_SVE is not set, the call is optimised away.
> >
> > [...]
> >
> >>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> >>> index a9cb794..6ae3703 100644
> >>> --- a/arch/arm64/kernel/fpsimd.c
> >>> +++ b/arch/arm64/kernel/fpsimd.c
> >>> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> >
> > [...]
> >
> >>> +#ifdef CONFIG_ARM64_SVE
> >>> +void sve_flush_cpu_state(void)
> >>> +{
> >>> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> >>> + struct task_struct *tsk;
> >>> +
> >>> + if (!fpstate)
> >>> + return;
> >>> +
> >>> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> >>> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> >>> + fpsimd_flush_cpu_state();
> >>> +}
> >>> +#endif /* CONFIG_ARM64_SVE */
> >>
> >> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
> >> moving the #ifdef/#endif inside the function...
> >
> > Because sve_flush_cpu_state() is not in the same compilation unit it
> > can't be static, and that means the compiler won't remove it
> > automatically if it's unused -- hence the #ifdef.
> >
> > Because the call site is optimised away, there is no link failure.
> >
> > Don't we rely on this sort of thing all over the place?
> Dunno. It just feels weird. But if you are sure that it won't break,
> fine by me. I guess we'll find out pretty quickly how this fares,
> specially with older toolchains.
I thought this was why the kernel doesn't support building with -O0.
There are many instances of this in the series, not just here.
Let me know if you feel this isn't good enough though.
Do you have any other comments on this patch?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-13 14:15 ` Dave Martin
@ 2017-10-13 14:21 ` Marc Zyngier
-1 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-13 14:21 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Christoffer Dall, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, Alex Bennée, kvmarm, linux-arm-kernel
On 13/10/17 15:15, Dave Martin wrote:
> On Thu, Oct 12, 2017 at 12:28:32PM +0100, Marc Zyngier wrote:
>> On 12/10/17 12:04, Dave Martin wrote:
>>> On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
>>>> [+ Christoffer]
>>>>
>>>> On 10/10/17 19:38, Dave Martin wrote:
>>>>> Until KVM has full SVE support, guests must not be allowed to
>>>>> execute SVE instructions.
>>>>>
>>>>> This patch enables the necessary traps, and also ensures that the
>>>>> traps are disabled again on exit from the guest so that the host
>>>>> can still use SVE if it wants to.
>>>>>
>>>>> This patch introduces another instance of
>>>>> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
>>>>> is abstracted out as a separate helper fpsimd_flush_cpu_state().
>>>>> Other instances are ported appropriately.
>>>>>
>>>>> As a side effect of this refactoring, a this_cpu_write() in
>>>>> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
>>>>> should be fine, since cpu_pm_enter() is supposed to be called only
>>>>> with interrupts disabled.
>>>>>
>>>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>>>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>>>>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>>>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>>> ---
>>>
>>> [...]
>>>
>>>>> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
>>>>> index e923b58..674912d 100644
>>>>> --- a/arch/arm64/include/asm/kvm_host.h
>>>>> +++ b/arch/arm64/include/asm/kvm_host.h
>>>
>>> [...]
>>>
>>>>> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
>>>
>>> [...]
>>>
>>>>> +static inline void kvm_fpsimd_flush_cpu_state(void)
>>>>> +{
>>>>> + if (system_supports_sve())
>>>>> + sve_flush_cpu_state();
>>>>
>>>> Hmmm. How does this work if...
>>>
>>> !IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
>>> if CONFIG_ARM64_SVE is not set, the call is optimised away.
>>>
>>> [...]
>>>
>>>>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
>>>>> index a9cb794..6ae3703 100644
>>>>> --- a/arch/arm64/kernel/fpsimd.c
>>>>> +++ b/arch/arm64/kernel/fpsimd.c
>>>>> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
>>>
>>> [...]
>>>
>>>>> +#ifdef CONFIG_ARM64_SVE
>>>>> +void sve_flush_cpu_state(void)
>>>>> +{
>>>>> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
>>>>> + struct task_struct *tsk;
>>>>> +
>>>>> + if (!fpstate)
>>>>> + return;
>>>>> +
>>>>> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
>>>>> + if (test_tsk_thread_flag(tsk, TIF_SVE))
>>>>> + fpsimd_flush_cpu_state();
>>>>> +}
>>>>> +#endif /* CONFIG_ARM64_SVE */
>>>>
>>>> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
>>>> moving the #ifdef/#endif inside the function...
>>>
>>> Because sve_flush_cpu_state() is not in the same compilation unit it
>>> can't be static, and that means the compiler won't remove it
>>> automatically if it's unused -- hence the #ifdef.
>>>
>>> Because the call site is optimised away, there is no link failure.
>>>
>>> Don't we rely on this sort of thing all over the place?
>> Dunno. It just feels weird. But if you are sure that it won't break,
>> fine by me. I guess we'll find out pretty quickly how this fares,
>> specially with older toolchains.
>
> I thought this was why the kernel doesn't support building with -O0.
> There are many instances of this in the series, not just here.
>
> Let me know if you feel this isn't good enough though.
That's OK to me. As I said, we'll find out pretty quickly if anything
breaks unexpectedly.
> Do you have any other comments on this patch?
None. You can add my:
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-13 14:21 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-13 14:21 UTC (permalink / raw)
To: linux-arm-kernel
On 13/10/17 15:15, Dave Martin wrote:
> On Thu, Oct 12, 2017 at 12:28:32PM +0100, Marc Zyngier wrote:
>> On 12/10/17 12:04, Dave Martin wrote:
>>> On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
>>>> [+ Christoffer]
>>>>
>>>> On 10/10/17 19:38, Dave Martin wrote:
>>>>> Until KVM has full SVE support, guests must not be allowed to
>>>>> execute SVE instructions.
>>>>>
>>>>> This patch enables the necessary traps, and also ensures that the
>>>>> traps are disabled again on exit from the guest so that the host
>>>>> can still use SVE if it wants to.
>>>>>
>>>>> This patch introduces another instance of
>>>>> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
>>>>> is abstracted out as a separate helper fpsimd_flush_cpu_state().
>>>>> Other instances are ported appropriately.
>>>>>
>>>>> As a side effect of this refactoring, a this_cpu_write() in
>>>>> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
>>>>> should be fine, since cpu_pm_enter() is supposed to be called only
>>>>> with interrupts disabled.
>>>>>
>>>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>>>> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
>>>>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>>>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>>> ---
>>>
>>> [...]
>>>
>>>>> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
>>>>> index e923b58..674912d 100644
>>>>> --- a/arch/arm64/include/asm/kvm_host.h
>>>>> +++ b/arch/arm64/include/asm/kvm_host.h
>>>
>>> [...]
>>>
>>>>> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
>>>
>>> [...]
>>>
>>>>> +static inline void kvm_fpsimd_flush_cpu_state(void)
>>>>> +{
>>>>> + if (system_supports_sve())
>>>>> + sve_flush_cpu_state();
>>>>
>>>> Hmmm. How does this work if...
>>>
>>> !IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
>>> if CONFIG_ARM64_SVE is not set, the call is optimised away.
>>>
>>> [...]
>>>
>>>>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
>>>>> index a9cb794..6ae3703 100644
>>>>> --- a/arch/arm64/kernel/fpsimd.c
>>>>> +++ b/arch/arm64/kernel/fpsimd.c
>>>>> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
>>>
>>> [...]
>>>
>>>>> +#ifdef CONFIG_ARM64_SVE
>>>>> +void sve_flush_cpu_state(void)
>>>>> +{
>>>>> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
>>>>> + struct task_struct *tsk;
>>>>> +
>>>>> + if (!fpstate)
>>>>> + return;
>>>>> +
>>>>> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
>>>>> + if (test_tsk_thread_flag(tsk, TIF_SVE))
>>>>> + fpsimd_flush_cpu_state();
>>>>> +}
>>>>> +#endif /* CONFIG_ARM64_SVE */
>>>>
>>>> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
>>>> moving the #ifdef/#endif inside the function...
>>>
>>> Because sve_flush_cpu_state() is not in the same compilation unit it
>>> can't be static, and that means the compiler won't remove it
>>> automatically if it's unused -- hence the #ifdef.
>>>
>>> Because the call site is optimised away, there is no link failure.
>>>
>>> Don't we rely on this sort of thing all over the place?
>> Dunno. It just feels weird. But if you are sure that it won't break,
>> fine by me. I guess we'll find out pretty quickly how this fares,
>> specially with older toolchains.
>
> I thought this was why the kernel doesn't support building with -O0.
> There are many instances of this in the series, not just here.
>
> Let me know if you feel this isn't good enough though.
That's OK to me. As I said, we'll find out pretty quickly if anything
breaks unexpectedly.
> Do you have any other comments on this patch?
None. You can add my:
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
2017-10-10 18:38 ` Dave Martin
@ 2017-10-13 14:24 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-13 14:24 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Mark Rutland, Okamoto Takayuki,
libc-alpha, Ard Biesheuvel, Szabolcs Nagy, Alan Hayward,
Will Deacon, Michael Kerrisk, Richard Sandiford, linux-api,
Alex Bennée, kvmarm
On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
> +4. Signal handling
> +-------------------
> +
> +* A new signal frame record sve_context encodes the SVE registers on signal
> + delivery. [1]
> +
> +* This record is supplementary to fpsimd_context. The FPSR and FPCR registers
> + are only present in fpsimd_context. For convenience, the content of V0..V31
> + is duplicated between sve_context and fpsimd_context.
> +
> +* The signal frame record for SVE always contains basic metadata, in particular
> + the thread's vector length (in sve_context.vl).
> +
> +* The SVE registers may or may not be included in the record, depending on
> + whether the registers are live for the thread. The registers are present if
> + and only if:
> + sve_context.head.size >= SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)).
> +
> +* If the registers are present, the remainder of the record has a vl-dependent
> + size and layout. Macros SIG_SVE_* are defined [1] to facilitate access to
> + the members.
s/SIG_SVE_/SVE_SIG_/
> +
> +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> + space is allocated on the stack, an extra_context record is written in
> + __reserved[] referencing this space. sve_context is then written in the
> + extra space. Refer to [1] for further details about this mechanism.
Does this document require that the user stack is sufficiently large or
should we cap the vector length (prior to the last two RFC patches)?
> +
> +
> +5. Signal return
> +-----------------
> +
> +When returning from a signal handler:
> +
> +* If there is no sve_context record in the signal frame, or if the record is
> + present but contains no register data as desribed in the previous section,
> + then the SVE registers/bits become non-live and take unspecified values.
> +
> +* If sve_context is present in the signal frame and contains full register
> + data, the SVE registers become live and are populated with the specified
> + data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
> + are always restored from the corresponding members of fpsimd_context.vregs[]
> + and not from sve_context. The remaining bits are restored from sve_context.
> +
> +* Inclusion of fpsimd_context in the signal frame remains mandatory,
> + irrespective of whether sve_context is present or not.
Could we relax this? I'm not sure it's worth it.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-13 14:24 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-13 14:24 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
> +4. Signal handling
> +-------------------
> +
> +* A new signal frame record sve_context encodes the SVE registers on signal
> + delivery. [1]
> +
> +* This record is supplementary to fpsimd_context. The FPSR and FPCR registers
> + are only present in fpsimd_context. For convenience, the content of V0..V31
> + is duplicated between sve_context and fpsimd_context.
> +
> +* The signal frame record for SVE always contains basic metadata, in particular
> + the thread's vector length (in sve_context.vl).
> +
> +* The SVE registers may or may not be included in the record, depending on
> + whether the registers are live for the thread. The registers are present if
> + and only if:
> + sve_context.head.size >= SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)).
> +
> +* If the registers are present, the remainder of the record has a vl-dependent
> + size and layout. Macros SIG_SVE_* are defined [1] to facilitate access to
> + the members.
s/SIG_SVE_/SVE_SIG_/
> +
> +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> + space is allocated on the stack, an extra_context record is written in
> + __reserved[] referencing this space. sve_context is then written in the
> + extra space. Refer to [1] for further details about this mechanism.
Does this document require that the user stack is sufficiently large or
should we cap the vector length (prior to the last two RFC patches)?
> +
> +
> +5. Signal return
> +-----------------
> +
> +When returning from a signal handler:
> +
> +* If there is no sve_context record in the signal frame, or if the record is
> + present but contains no register data as desribed in the previous section,
> + then the SVE registers/bits become non-live and take unspecified values.
> +
> +* If sve_context is present in the signal frame and contains full register
> + data, the SVE registers become live and are populated with the specified
> + data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
> + are always restored from the corresponding members of fpsimd_context.vregs[]
> + and not from sve_context. The remaining bits are restored from sve_context.
> +
> +* Inclusion of fpsimd_context in the signal frame remains mandatory,
> + irrespective of whether sve_context is present or not.
Could we relax this? I'm not sure it's worth it.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 13/28] arm64/sve: Signal handling support
2017-10-13 11:17 ` Catalin Marinas
@ 2017-10-13 14:26 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 14:26 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alex Bennée,
kvmarm, linux-arm-kernel
On Fri, Oct 13, 2017 at 12:17:19PM +0100, Catalin Marinas wrote:
> On Thu, Oct 12, 2017 at 05:11:57PM +0100, Dave P Martin wrote:
> > On Wed, Oct 11, 2017 at 05:40:52PM +0100, Catalin Marinas wrote:
> > > On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> > > > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > > > index aabeaee..fa4ed34 100644
> > > > --- a/arch/arm64/kernel/fpsimd.c
> > > > +++ b/arch/arm64/kernel/fpsimd.c
> > > > @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> > > > sizeof(fst->vregs[i]));
> > > > }
> > > >
> > > > +/*
> > > > + * Transfer the SVE state in task->thread.sve_state to
> > > > + * task->thread.fpsimd_state.
> > > > + *
> > > > + * Task can be a non-runnable task, or current. In the latter case,
> > > > + * softirqs (and preemption) must be disabled.
> > > > + * task->thread.sve_state must point to at least sve_state_size(task)
> > > > + * bytes of allocated kernel memory.
> > > > + * task->thread.sve_state must be up to date before calling this function.
> > > > + */
> > > > +static void sve_to_fpsimd(struct task_struct *task)
> > > > +{
> > > > + unsigned int vq;
> > > > + void const *sst = task->thread.sve_state;
> > > > + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> > > > + unsigned int i;
> > > > +
> > > > + if (!system_supports_sve())
> > > > + return;
> > > > +
> > > > + vq = sve_vq_from_vl(task->thread.sve_vl);
> > > > + for (i = 0; i < 32; ++i)
> > > > + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> > > > + sizeof(fst->vregs[i]));
> > > > +}
> > >
> > > Nit: could we actually just do an assignment with some pointer casting?
> > > It looks like we invoke memcpy for every 16 bytes (same for
> > > fpsimd_to_sve).
> >
> > I was uneasy about what the type of ZREG(sst, vq, i) ought to be.
> > In any case, memest() is magic: my oldskool GCC (5.3.0) generates:
> >
> > ffff000008084c70 <sve_to_fpsimd>:
> > ffff000008084c70: 14000004 b ffff000008084c80 <sve_to_fpsimd+0x10>
> > ffff000008084c74: d503201f nop
> > ffff000008084c78: d65f03c0 ret
> > ffff000008084c7c: d503201f nop
> > ffff000008084c80: f0007d61 adrp x1, ffff000009033000 <reset_devices>
> > ffff000008084c84: f942a021 ldr x1, [x1,#1344]
> > ffff000008084c88: 36b001c1 tbz w1, #22, ffff000008084cc0 <sve_to_fpsimd+0x50>
> > ffff000008084c8c: b94ca805 ldr w5, [x0,#3240]
> > ffff000008084c90: 912a0001 add x1, x0, #0xa80
> > ffff000008084c94: 91320004 add x4, x0, #0xc80
> > ffff000008084c98: f9465006 ldr x6, [x0,#3232]
> > ffff000008084c9c: 121c6ca5 and w5, w5, #0xfffffff0
> > ffff000008084ca0: 52800000 mov w0, #0x0 // #0
> > ffff000008084ca4: 8b2040c2 add x2, x6, w0, uxtw
> > ffff000008084ca8: 0b050000 add w0, w0, w5
> > ffff000008084cac: a9400c42 ldp x2, x3, [x2]
> > ffff000008084cb0: a8810c22 stp x2, x3, [x1],#16
> > ffff000008084cb4: eb01009f cmp x4, x1
> > ffff000008084cb8: 54ffff61 b.ne ffff000008084ca4 <sve_to_fpsimd+0x34>
> > ffff000008084cbc: d65f03c0 ret
> > ffff000008084cc0: d65f03c0 ret
> > ffff000008084cc4: d503201f nop
> >
> >
> > Without volatile, I think assigning a single object and doing a memcpy()
> > are equivalent to the compiler: which it actually uses depends solely on
> > optimisation considerations.
> >
> > (But then I'm not a language lawyer ... not a professional one anyway).
> >
> > Are you concerned compilers may mess this up?
>
> That's fine, please ignore my comment then. I was worried that gcc would
> always generate a call to the memcpy implementation rather than inlining
> it.
OK. I'll keep an eye on this, but in any case it won't impact the
FPSIMD-only case.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 13/28] arm64/sve: Signal handling support
@ 2017-10-13 14:26 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 14:26 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Oct 13, 2017 at 12:17:19PM +0100, Catalin Marinas wrote:
> On Thu, Oct 12, 2017 at 05:11:57PM +0100, Dave P Martin wrote:
> > On Wed, Oct 11, 2017 at 05:40:52PM +0100, Catalin Marinas wrote:
> > > On Tue, Oct 10, 2017 at 07:38:30PM +0100, Dave P Martin wrote:
> > > > diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> > > > index aabeaee..fa4ed34 100644
> > > > --- a/arch/arm64/kernel/fpsimd.c
> > > > +++ b/arch/arm64/kernel/fpsimd.c
> > > > @@ -310,6 +310,32 @@ static void fpsimd_to_sve(struct task_struct *task)
> > > > sizeof(fst->vregs[i]));
> > > > }
> > > >
> > > > +/*
> > > > + * Transfer the SVE state in task->thread.sve_state to
> > > > + * task->thread.fpsimd_state.
> > > > + *
> > > > + * Task can be a non-runnable task, or current. In the latter case,
> > > > + * softirqs (and preemption) must be disabled.
> > > > + * task->thread.sve_state must point to at least sve_state_size(task)
> > > > + * bytes of allocated kernel memory.
> > > > + * task->thread.sve_state must be up to date before calling this function.
> > > > + */
> > > > +static void sve_to_fpsimd(struct task_struct *task)
> > > > +{
> > > > + unsigned int vq;
> > > > + void const *sst = task->thread.sve_state;
> > > > + struct fpsimd_state *fst = &task->thread.fpsimd_state;
> > > > + unsigned int i;
> > > > +
> > > > + if (!system_supports_sve())
> > > > + return;
> > > > +
> > > > + vq = sve_vq_from_vl(task->thread.sve_vl);
> > > > + for (i = 0; i < 32; ++i)
> > > > + memcpy(&fst->vregs[i], ZREG(sst, vq, i),
> > > > + sizeof(fst->vregs[i]));
> > > > +}
> > >
> > > Nit: could we actually just do an assignment with some pointer casting?
> > > It looks like we invoke memcpy for every 16 bytes (same for
> > > fpsimd_to_sve).
> >
> > I was uneasy about what the type of ZREG(sst, vq, i) ought to be.
> > In any case, memest() is magic: my oldskool GCC (5.3.0) generates:
> >
> > ffff000008084c70 <sve_to_fpsimd>:
> > ffff000008084c70: 14000004 b ffff000008084c80 <sve_to_fpsimd+0x10>
> > ffff000008084c74: d503201f nop
> > ffff000008084c78: d65f03c0 ret
> > ffff000008084c7c: d503201f nop
> > ffff000008084c80: f0007d61 adrp x1, ffff000009033000 <reset_devices>
> > ffff000008084c84: f942a021 ldr x1, [x1,#1344]
> > ffff000008084c88: 36b001c1 tbz w1, #22, ffff000008084cc0 <sve_to_fpsimd+0x50>
> > ffff000008084c8c: b94ca805 ldr w5, [x0,#3240]
> > ffff000008084c90: 912a0001 add x1, x0, #0xa80
> > ffff000008084c94: 91320004 add x4, x0, #0xc80
> > ffff000008084c98: f9465006 ldr x6, [x0,#3232]
> > ffff000008084c9c: 121c6ca5 and w5, w5, #0xfffffff0
> > ffff000008084ca0: 52800000 mov w0, #0x0 // #0
> > ffff000008084ca4: 8b2040c2 add x2, x6, w0, uxtw
> > ffff000008084ca8: 0b050000 add w0, w0, w5
> > ffff000008084cac: a9400c42 ldp x2, x3, [x2]
> > ffff000008084cb0: a8810c22 stp x2, x3, [x1],#16
> > ffff000008084cb4: eb01009f cmp x4, x1
> > ffff000008084cb8: 54ffff61 b.ne ffff000008084ca4 <sve_to_fpsimd+0x34>
> > ffff000008084cbc: d65f03c0 ret
> > ffff000008084cc0: d65f03c0 ret
> > ffff000008084cc4: d503201f nop
> >
> >
> > Without volatile, I think assigning a single object and doing a memcpy()
> > are equivalent to the compiler: which it actually uses depends solely on
> > optimisation considerations.
> >
> > (But then I'm not a language lawyer ... not a professional one anyway).
> >
> > Are you concerned compilers may mess this up?
>
> That's fine, please ignore my comment then. I was worried that gcc would
> always generate a call to the memcpy implementation rather than inlining
> it.
OK. I'll keep an eye on this, but in any case it won't impact the
FPSIMD-only case.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-13 16:16 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 16:16 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alan Hayward,
kvmarm, linux-arm-kernel
On Thu, Oct 12, 2017 at 06:06:32PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> > @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> > return ret;
> > }
> >
> > +#ifdef CONFIG_ARM64_SVE
> > +
> > +static void sve_init_header_from_task(struct user_sve_header *header,
> > + struct task_struct *target)
> > +{
> > + unsigned int vq;
> > +
> > + memset(header, 0, sizeof(*header));
> > +
> > + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> > + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
>
> For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
> happened with the target. Just a thought: shall we clear TIF_SVE (and
> sync it to fpsimd) in syscall_trace_enter()?
I'm not so sure: if we were to do that, a syscall that is cancelled by
writing -1 to REGSET_SYSCALL could still discard the SVE registers as a
side-effect.
The target committed to discard by executing SVC, but my feeling is
that cancellation of a syscall in this way shouldn't have avoidable
side-effects for the target. But the semantics of cancelled syscalls
are a bit of a grey area, so I can see potential arguments on both
sides.
The current approach at least saves a bit of code. What do you think?
> > + if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT))
> > + header->flags |= SVE_PT_VL_INHERIT;
> > +
> > + header->vl = target->thread.sve_vl;
> > + vq = sve_vq_from_vl(header->vl);
> > +
> > + header->max_vl = sve_max_vl;
> > + if (WARN_ON(!sve_vl_valid(sve_max_vl)))
> > + header->max_vl = header->vl;
> > +
> > + header->size = SVE_PT_SIZE(vq, header->flags);
> > + header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl),
> > + SVE_PT_REGS_SVE);
> > +}
> [...]
> > +static int sve_set(struct task_struct *target,
> > + const struct user_regset *regset,
> > + unsigned int pos, unsigned int count,
> > + const void *kbuf, const void __user *ubuf)
> > +{
> > + int ret;
> > + struct user_sve_header header;
> > + unsigned int vq;
> > + unsigned long start, end;
> > +
> > + if (!system_supports_sve())
> > + return -EINVAL;
> > +
> > + /* Header */
> > + if (count < sizeof(header))
> > + return -EINVAL;
> > + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header,
> > + 0, sizeof(header));
> > + if (ret)
> > + goto out;
> > +
> > + /*
> > + * Apart from PT_SVE_REGS_MASK, all PT_SVE_* flags are consumed by
> > + * sve_set_vector_length(), which will also validate them for us:
> > + */
> > + ret = sve_set_vector_length(target, header.vl,
> > + ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16);
> > + if (ret)
> > + goto out;
> > +
> > + /* Actual VL set may be less than the user asked for: */
> > + vq = sve_vq_from_vl(target->thread.sve_vl);
> > +
> > + /* Registers: FPSIMD-only case */
> > +
> > + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> > + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> > + sve_sync_to_fpsimd(target);
> > +
> > + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> > + SVE_PT_FPSIMD_OFFSET);
> > + clear_tsk_thread_flag(target, TIF_SVE);
> > + goto out;
> > + }
>
> __fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
Yes, the call to sve_sync_to_fpsimd() is superfluous here -- I think
that I realised that all callers of __fpr_set() need this to happen,
but never deleted the explicit call from sve_set().
I'll delete it.
Looking more closely at __fpr_set() though, I think it needs this change
too, because the sync is unintentionally placed after reading
thread.fpsimd_state instead of before:
@@ -652,11 +652,12 @@ static int __fpr_set(struct task_struct *target,
unsigned int start_pos)
{
int ret;
- struct user_fpsimd_state newstate =
- target->thread.fpsimd_state.user_fpsimd;
+ struct user_fpsimd_state newstate;
sve_sync_to_fpsimd(target);
+ newstate = target->thread.fpsimd_state.user_fpsimd;
+
ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
[...]
(Or were you confident that this was already OK? Maybe I'm confusing
myself.)
> need this since we are going to override the FPSIMD state anyway here.
The underlying reason for this is the issue of what should happen
for short regset writes. Historically, writes through fpr_set() can
be truncated arbitrarily, and the rest of fpsimd_state will remain
unchanged.
The issue is that if TIF_SVE is set, fpsimd_state can be stale for
target. If the initial sve_sync_to_fpsimd() is removed in sve_set()
above, then we may resurrect old values for the untouched registers,
instead of simply leaving them unmodified.
Should I add comments explaining the purpose? I guess it is rather
non-obvious.
Of course, I don't know whether userspace should really rely on partial
regset writes doing anything sane, but I figured the implemented
behaviour is at least less surprising with respect to the fpr_set()
behavior.
No legacy software can be relying on NT_ARM_SVE at all, so the behaviour
here may not matter that much. My idea was to reduce the invasiveness
of porting ptrace clients to use NT_ARM_SVE.
>
> > +
> > + /* Otherwise: full SVE case */
> > +
> > + /*
> > + * If setting a different VL from the requested VL and there is
> > + * register data, the data layout will be wrong: don't even
> > + * try to set the registers in this case.
> > + */
> > + if (count && vq != sve_vq_from_vl(header.vl)) {
> > + ret = -EIO;
> > + goto out;
> > + }
> > +
> > + sve_alloc(target);
> > + fpsimd_sync_to_sve(target);
>
> Similarly here, it's a full SVE case, so we are going to override it
> anyway.
The argument here is similar: target->sve_state might already be
allocated and if so it could contain data that doesn't match the user
task's idea of what's in the V-regs. (In fact, sve_alloc() currently
zeroes sve_state, but that's still different from the current V-regs.)
There is no possibility of legacy software relying on this code path,
so we could say that a short write to NT_ARM_SVE with PT_SVE_REGS_SVE
in flags zeroes any trailing data instead of preserving it.
Either way, I don't intend to document the behaviour of partial
writes to NT_ARM_SVE. From a userspace point of view, I leave it
unspecified.
> > + set_tsk_thread_flag(target, TIF_SVE);
>
> This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
> which may be cleared in some circumstances. It may not be an issue
> though.
I would argue that this is correct behaviour: the syscall enter trap and
exit traps should both behave as if they are outside the syscall,
allowing the debugger to simulate the effect of inserting any
instructions the target could have inserted before or after the SVC.
This may include simulating SVE instructions or modifying SVE regs,
which would require TIF_SVE to get set.
If the tracer doesn't cancel the syscall at the enter trap, then a
real syscall will execute and that may cause the SVE state to be
discarded in the usual way in the case of preemption or blocking: it
seems cleaner for the debug illusion that this decision isn't made
differently just because the target is being traced.
(Spoiler alert though: the syscall exit trap will force the target
to be scheduled out, which will force discard with the current
task_fpsimd_save() behaviour ... but that could be changed in the
future, and I prefer not to document any sort of guarantee here.)
Does this make sense? There may be issues or corner cases here
that I didn't spot...
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-13 16:16 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 16:16 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alan Hayward,
Alex Bennée, kvmarm, linux-arm-kernel
On Thu, Oct 12, 2017 at 06:06:32PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> > @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> > return ret;
> > }
> >
> > +#ifdef CONFIG_ARM64_SVE
> > +
> > +static void sve_init_header_from_task(struct user_sve_header *header,
> > + struct task_struct *target)
> > +{
> > + unsigned int vq;
> > +
> > + memset(header, 0, sizeof(*header));
> > +
> > + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> > + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
>
> For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
> happened with the target. Just a thought: shall we clear TIF_SVE (and
> sync it to fpsimd) in syscall_trace_enter()?
I'm not so sure: if we were to do that, a syscall that is cancelled by
writing -1 to REGSET_SYSCALL could still discard the SVE registers as a
side-effect.
The target committed to discard by executing SVC, but my feeling is
that cancellation of a syscall in this way shouldn't have avoidable
side-effects for the target. But the semantics of cancelled syscalls
are a bit of a grey area, so I can see potential arguments on both
sides.
The current approach at least saves a bit of code. What do you think?
> > + if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT))
> > + header->flags |= SVE_PT_VL_INHERIT;
> > +
> > + header->vl = target->thread.sve_vl;
> > + vq = sve_vq_from_vl(header->vl);
> > +
> > + header->max_vl = sve_max_vl;
> > + if (WARN_ON(!sve_vl_valid(sve_max_vl)))
> > + header->max_vl = header->vl;
> > +
> > + header->size = SVE_PT_SIZE(vq, header->flags);
> > + header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl),
> > + SVE_PT_REGS_SVE);
> > +}
> [...]
> > +static int sve_set(struct task_struct *target,
> > + const struct user_regset *regset,
> > + unsigned int pos, unsigned int count,
> > + const void *kbuf, const void __user *ubuf)
> > +{
> > + int ret;
> > + struct user_sve_header header;
> > + unsigned int vq;
> > + unsigned long start, end;
> > +
> > + if (!system_supports_sve())
> > + return -EINVAL;
> > +
> > + /* Header */
> > + if (count < sizeof(header))
> > + return -EINVAL;
> > + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header,
> > + 0, sizeof(header));
> > + if (ret)
> > + goto out;
> > +
> > + /*
> > + * Apart from PT_SVE_REGS_MASK, all PT_SVE_* flags are consumed by
> > + * sve_set_vector_length(), which will also validate them for us:
> > + */
> > + ret = sve_set_vector_length(target, header.vl,
> > + ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16);
> > + if (ret)
> > + goto out;
> > +
> > + /* Actual VL set may be less than the user asked for: */
> > + vq = sve_vq_from_vl(target->thread.sve_vl);
> > +
> > + /* Registers: FPSIMD-only case */
> > +
> > + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> > + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> > + sve_sync_to_fpsimd(target);
> > +
> > + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> > + SVE_PT_FPSIMD_OFFSET);
> > + clear_tsk_thread_flag(target, TIF_SVE);
> > + goto out;
> > + }
>
> __fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
Yes, the call to sve_sync_to_fpsimd() is superfluous here -- I think
that I realised that all callers of __fpr_set() need this to happen,
but never deleted the explicit call from sve_set().
I'll delete it.
Looking more closely at __fpr_set() though, I think it needs this change
too, because the sync is unintentionally placed after reading
thread.fpsimd_state instead of before:
@@ -652,11 +652,12 @@ static int __fpr_set(struct task_struct *target,
unsigned int start_pos)
{
int ret;
- struct user_fpsimd_state newstate =
- target->thread.fpsimd_state.user_fpsimd;
+ struct user_fpsimd_state newstate;
sve_sync_to_fpsimd(target);
+ newstate = target->thread.fpsimd_state.user_fpsimd;
+
ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
[...]
(Or were you confident that this was already OK? Maybe I'm confusing
myself.)
> need this since we are going to override the FPSIMD state anyway here.
The underlying reason for this is the issue of what should happen
for short regset writes. Historically, writes through fpr_set() can
be truncated arbitrarily, and the rest of fpsimd_state will remain
unchanged.
The issue is that if TIF_SVE is set, fpsimd_state can be stale for
target. If the initial sve_sync_to_fpsimd() is removed in sve_set()
above, then we may resurrect old values for the untouched registers,
instead of simply leaving them unmodified.
Should I add comments explaining the purpose? I guess it is rather
non-obvious.
Of course, I don't know whether userspace should really rely on partial
regset writes doing anything sane, but I figured the implemented
behaviour is at least less surprising with respect to the fpr_set()
behavior.
No legacy software can be relying on NT_ARM_SVE at all, so the behaviour
here may not matter that much. My idea was to reduce the invasiveness
of porting ptrace clients to use NT_ARM_SVE.
>
> > +
> > + /* Otherwise: full SVE case */
> > +
> > + /*
> > + * If setting a different VL from the requested VL and there is
> > + * register data, the data layout will be wrong: don't even
> > + * try to set the registers in this case.
> > + */
> > + if (count && vq != sve_vq_from_vl(header.vl)) {
> > + ret = -EIO;
> > + goto out;
> > + }
> > +
> > + sve_alloc(target);
> > + fpsimd_sync_to_sve(target);
>
> Similarly here, it's a full SVE case, so we are going to override it
> anyway.
The argument here is similar: target->sve_state might already be
allocated and if so it could contain data that doesn't match the user
task's idea of what's in the V-regs. (In fact, sve_alloc() currently
zeroes sve_state, but that's still different from the current V-regs.)
There is no possibility of legacy software relying on this code path,
so we could say that a short write to NT_ARM_SVE with PT_SVE_REGS_SVE
in flags zeroes any trailing data instead of preserving it.
Either way, I don't intend to document the behaviour of partial
writes to NT_ARM_SVE. From a userspace point of view, I leave it
unspecified.
> > + set_tsk_thread_flag(target, TIF_SVE);
>
> This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
> which may be cleared in some circumstances. It may not be an issue
> though.
I would argue that this is correct behaviour: the syscall enter trap and
exit traps should both behave as if they are outside the syscall,
allowing the debugger to simulate the effect of inserting any
instructions the target could have inserted before or after the SVC.
This may include simulating SVE instructions or modifying SVE regs,
which would require TIF_SVE to get set.
If the tracer doesn't cancel the syscall at the enter trap, then a
real syscall will execute and that may cause the SVE state to be
discarded in the usual way in the case of preemption or blocking: it
seems cleaner for the debug illusion that this decision isn't made
differently just because the target is being traced.
(Spoiler alert though: the syscall exit trap will force the target
to be scheduled out, which will force discard with the current
task_fpsimd_save() behaviour ... but that could be changed in the
future, and I prefer not to document any sort of guarantee here.)
Does this make sense? There may be issues or corner cases here
that I didn't spot...
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-13 16:16 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 16:16 UTC (permalink / raw)
To: linux-arm-kernel
On Thu, Oct 12, 2017 at 06:06:32PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> > @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> > return ret;
> > }
> >
> > +#ifdef CONFIG_ARM64_SVE
> > +
> > +static void sve_init_header_from_task(struct user_sve_header *header,
> > + struct task_struct *target)
> > +{
> > + unsigned int vq;
> > +
> > + memset(header, 0, sizeof(*header));
> > +
> > + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> > + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
>
> For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
> happened with the target. Just a thought: shall we clear TIF_SVE (and
> sync it to fpsimd) in syscall_trace_enter()?
I'm not so sure: if we were to do that, a syscall that is cancelled by
writing -1 to REGSET_SYSCALL could still discard the SVE registers as a
side-effect.
The target committed to discard by executing SVC, but my feeling is
that cancellation of a syscall in this way shouldn't have avoidable
side-effects for the target. But the semantics of cancelled syscalls
are a bit of a grey area, so I can see potential arguments on both
sides.
The current approach at least saves a bit of code. What do you think?
> > + if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT))
> > + header->flags |= SVE_PT_VL_INHERIT;
> > +
> > + header->vl = target->thread.sve_vl;
> > + vq = sve_vq_from_vl(header->vl);
> > +
> > + header->max_vl = sve_max_vl;
> > + if (WARN_ON(!sve_vl_valid(sve_max_vl)))
> > + header->max_vl = header->vl;
> > +
> > + header->size = SVE_PT_SIZE(vq, header->flags);
> > + header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl),
> > + SVE_PT_REGS_SVE);
> > +}
> [...]
> > +static int sve_set(struct task_struct *target,
> > + const struct user_regset *regset,
> > + unsigned int pos, unsigned int count,
> > + const void *kbuf, const void __user *ubuf)
> > +{
> > + int ret;
> > + struct user_sve_header header;
> > + unsigned int vq;
> > + unsigned long start, end;
> > +
> > + if (!system_supports_sve())
> > + return -EINVAL;
> > +
> > + /* Header */
> > + if (count < sizeof(header))
> > + return -EINVAL;
> > + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header,
> > + 0, sizeof(header));
> > + if (ret)
> > + goto out;
> > +
> > + /*
> > + * Apart from PT_SVE_REGS_MASK, all PT_SVE_* flags are consumed by
> > + * sve_set_vector_length(), which will also validate them for us:
> > + */
> > + ret = sve_set_vector_length(target, header.vl,
> > + ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16);
> > + if (ret)
> > + goto out;
> > +
> > + /* Actual VL set may be less than the user asked for: */
> > + vq = sve_vq_from_vl(target->thread.sve_vl);
> > +
> > + /* Registers: FPSIMD-only case */
> > +
> > + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> > + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> > + sve_sync_to_fpsimd(target);
> > +
> > + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> > + SVE_PT_FPSIMD_OFFSET);
> > + clear_tsk_thread_flag(target, TIF_SVE);
> > + goto out;
> > + }
>
> __fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
Yes, the call to sve_sync_to_fpsimd() is superfluous here -- I think
that I realised that all callers of __fpr_set() need this to happen,
but never deleted the explicit call from sve_set().
I'll delete it.
Looking more closely at __fpr_set() though, I think it needs this change
too, because the sync is unintentionally placed after reading
thread.fpsimd_state instead of before:
@@ -652,11 +652,12 @@ static int __fpr_set(struct task_struct *target,
unsigned int start_pos)
{
int ret;
- struct user_fpsimd_state newstate =
- target->thread.fpsimd_state.user_fpsimd;
+ struct user_fpsimd_state newstate;
sve_sync_to_fpsimd(target);
+ newstate = target->thread.fpsimd_state.user_fpsimd;
+
ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
[...]
(Or were you confident that this was already OK? Maybe I'm confusing
myself.)
> need this since we are going to override the FPSIMD state anyway here.
The underlying reason for this is the issue of what should happen
for short regset writes. Historically, writes through fpr_set() can
be truncated arbitrarily, and the rest of fpsimd_state will remain
unchanged.
The issue is that if TIF_SVE is set, fpsimd_state can be stale for
target. If the initial sve_sync_to_fpsimd() is removed in sve_set()
above, then we may resurrect old values for the untouched registers,
instead of simply leaving them unmodified.
Should I add comments explaining the purpose? I guess it is rather
non-obvious.
Of course, I don't know whether userspace should really rely on partial
regset writes doing anything sane, but I figured the implemented
behaviour is at least less surprising with respect to the fpr_set()
behavior.
No legacy software can be relying on NT_ARM_SVE at all, so the behaviour
here may not matter that much. My idea was to reduce the invasiveness
of porting ptrace clients to use NT_ARM_SVE.
>
> > +
> > + /* Otherwise: full SVE case */
> > +
> > + /*
> > + * If setting a different VL from the requested VL and there is
> > + * register data, the data layout will be wrong: don't even
> > + * try to set the registers in this case.
> > + */
> > + if (count && vq != sve_vq_from_vl(header.vl)) {
> > + ret = -EIO;
> > + goto out;
> > + }
> > +
> > + sve_alloc(target);
> > + fpsimd_sync_to_sve(target);
>
> Similarly here, it's a full SVE case, so we are going to override it
> anyway.
The argument here is similar: target->sve_state might already be
allocated and if so it could contain data that doesn't match the user
task's idea of what's in the V-regs. (In fact, sve_alloc() currently
zeroes sve_state, but that's still different from the current V-regs.)
There is no possibility of legacy software relying on this code path,
so we could say that a short write to NT_ARM_SVE with PT_SVE_REGS_SVE
in flags zeroes any trailing data instead of preserving it.
Either way, I don't intend to document the behaviour of partial
writes to NT_ARM_SVE. From a userspace point of view, I leave it
unspecified.
> > + set_tsk_thread_flag(target, TIF_SVE);
>
> This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
> which may be cleared in some circumstances. It may not be an issue
> though.
I would argue that this is correct behaviour: the syscall enter trap and
exit traps should both behave as if they are outside the syscall,
allowing the debugger to simulate the effect of inserting any
instructions the target could have inserted before or after the SVC.
This may include simulating SVE instructions or modifying SVE regs,
which would require TIF_SVE to get set.
If the tracer doesn't cancel the syscall at the enter trap, then a
real syscall will execute and that may cause the SVE state to be
discarded in the usual way in the case of preemption or blocking: it
seems cleaner for the debug illusion that this decision isn't made
differently just because the target is being traced.
(Spoiler alert though: the syscall exit trap will force the target
to be scheduled out, which will force discard with the current
task_fpsimd_save() behaviour ... but that could be changed in the
future, and I prefer not to document any sort of guarantee here.)
Does this make sense? There may be issues or corner cases here
that I didn't spot...
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-13 14:21 ` Marc Zyngier
@ 2017-10-13 16:47 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 16:47 UTC (permalink / raw)
To: Marc Zyngier
Cc: linux-arch, Christoffer Dall, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, Alex Bennée, kvmarm, linux-arm-kernel
On Fri, Oct 13, 2017 at 03:21:59PM +0100, Marc Zyngier wrote:
> On 13/10/17 15:15, Dave Martin wrote:
> > On Thu, Oct 12, 2017 at 12:28:32PM +0100, Marc Zyngier wrote:
> >> On 12/10/17 12:04, Dave Martin wrote:
> >>> On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
> >>>> [+ Christoffer]
> >>>>
> >>>> On 10/10/17 19:38, Dave Martin wrote:
[...]
> >>>> Hmmm. How does this work if...
> >>>
> >>> !IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
> >>> if CONFIG_ARM64_SVE is not set, the call is optimised away.
> >>>
> >>> [...]
> >>>
> >>>>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> >>>>> index a9cb794..6ae3703 100644
> >>>>> --- a/arch/arm64/kernel/fpsimd.c
> >>>>> +++ b/arch/arm64/kernel/fpsimd.c
> >>>>> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> >>>
> >>> [...]
> >>>
> >>>>> +#ifdef CONFIG_ARM64_SVE
> >>>>> +void sve_flush_cpu_state(void)
> >>>>> +{
> >>>>> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> >>>>> + struct task_struct *tsk;
> >>>>> +
> >>>>> + if (!fpstate)
> >>>>> + return;
> >>>>> +
> >>>>> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> >>>>> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> >>>>> + fpsimd_flush_cpu_state();
> >>>>> +}
> >>>>> +#endif /* CONFIG_ARM64_SVE */
> >>>>
> >>>> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
> >>>> moving the #ifdef/#endif inside the function...
> >>>
> >>> Because sve_flush_cpu_state() is not in the same compilation unit it
> >>> can't be static, and that means the compiler won't remove it
> >>> automatically if it's unused -- hence the #ifdef.
> >>>
> >>> Because the call site is optimised away, there is no link failure.
> >>>
> >>> Don't we rely on this sort of thing all over the place?
> >> Dunno. It just feels weird. But if you are sure that it won't break,
> >> fine by me. I guess we'll find out pretty quickly how this fares,
> >> specially with older toolchains.
> >
> > I thought this was why the kernel doesn't support building with -O0.
> > There are many instances of this in the series, not just here.
> >
> > Let me know if you feel this isn't good enough though.
>
> That's OK to me. As I said, we'll find out pretty quickly if anything
> breaks unexpectedly.
Yup
>
> > Do you have any other comments on this patch?
> None. You can add my:
>
> Acked-by: Marc Zyngier <marc.zyngier@arm.com>
OK, thanks for the input.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-13 16:47 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 16:47 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Oct 13, 2017 at 03:21:59PM +0100, Marc Zyngier wrote:
> On 13/10/17 15:15, Dave Martin wrote:
> > On Thu, Oct 12, 2017 at 12:28:32PM +0100, Marc Zyngier wrote:
> >> On 12/10/17 12:04, Dave Martin wrote:
> >>> On Wed, Oct 11, 2017 at 05:28:06PM +0100, Marc Zyngier wrote:
> >>>> [+ Christoffer]
> >>>>
> >>>> On 10/10/17 19:38, Dave Martin wrote:
[...]
> >>>> Hmmm. How does this work if...
> >>>
> >>> !IS_ENABLED(CONFIG_ARM64_SVE) implies !system_supports_sve(), so
> >>> if CONFIG_ARM64_SVE is not set, the call is optimised away.
> >>>
> >>> [...]
> >>>
> >>>>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> >>>>> index a9cb794..6ae3703 100644
> >>>>> --- a/arch/arm64/kernel/fpsimd.c
> >>>>> +++ b/arch/arm64/kernel/fpsimd.c
> >>>>> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> >>>
> >>> [...]
> >>>
> >>>>> +#ifdef CONFIG_ARM64_SVE
> >>>>> +void sve_flush_cpu_state(void)
> >>>>> +{
> >>>>> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> >>>>> + struct task_struct *tsk;
> >>>>> +
> >>>>> + if (!fpstate)
> >>>>> + return;
> >>>>> +
> >>>>> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> >>>>> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> >>>>> + fpsimd_flush_cpu_state();
> >>>>> +}
> >>>>> +#endif /* CONFIG_ARM64_SVE */
> >>>>
> >>>> ... CONFIG_ARM64_SVE is not set? Fixing this should just be a matter of
> >>>> moving the #ifdef/#endif inside the function...
> >>>
> >>> Because sve_flush_cpu_state() is not in the same compilation unit it
> >>> can't be static, and that means the compiler won't remove it
> >>> automatically if it's unused -- hence the #ifdef.
> >>>
> >>> Because the call site is optimised away, there is no link failure.
> >>>
> >>> Don't we rely on this sort of thing all over the place?
> >> Dunno. It just feels weird. But if you are sure that it won't break,
> >> fine by me. I guess we'll find out pretty quickly how this fares,
> >> specially with older toolchains.
> >
> > I thought this was why the kernel doesn't support building with -O0.
> > There are many instances of this in the series, not just here.
> >
> > Let me know if you feel this isn't good enough though.
>
> That's OK to me. As I said, we'll find out pretty quickly if anything
> breaks unexpectedly.
Yup
>
> > Do you have any other comments on this patch?
> None. You can add my:
>
> Acked-by: Marc Zyngier <marc.zyngier@arm.com>
OK, thanks for the input.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
2017-10-13 14:24 ` Catalin Marinas
@ 2017-10-13 17:17 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 17:17 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Mark Rutland, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Richard Sandiford, Will Deacon,
Michael Kerrisk, Alan Hayward, linux-api, Alex Bennée,
kvmarm, linux-arm-kernel
On Fri, Oct 13, 2017 at 03:24:21PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
> > +4. Signal handling
> > +-------------------
> > +
> > +* A new signal frame record sve_context encodes the SVE registers on signal
> > + delivery. [1]
> > +
> > +* This record is supplementary to fpsimd_context. The FPSR and FPCR registers
> > + are only present in fpsimd_context. For convenience, the content of V0..V31
> > + is duplicated between sve_context and fpsimd_context.
> > +
> > +* The signal frame record for SVE always contains basic metadata, in particular
> > + the thread's vector length (in sve_context.vl).
> > +
> > +* The SVE registers may or may not be included in the record, depending on
> > + whether the registers are live for the thread. The registers are present if
> > + and only if:
> > + sve_context.head.size >= SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)).
> > +
> > +* If the registers are present, the remainder of the record has a vl-dependent
> > + size and layout. Macros SIG_SVE_* are defined [1] to facilitate access to
> > + the members.
>
> s/SIG_SVE_/SVE_SIG_/
Oops, good spot. Fixed.
> > +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> > + space is allocated on the stack, an extra_context record is written in
> > + __reserved[] referencing this space. sve_context is then written in the
> > + extra space. Refer to [1] for further details about this mechanism.
>
> Does this document require that the user stack is sufficiently large or
> should we cap the vector length (prior to the last two RFC patches)?
We don't know how much free stack space there actually is until the
signal is delivered.
If the initial user stack at process startup is <8K the user process has
more serious problems than can be solved by clamping the vector length.
After process startup we are committed to some VL, and silently clamping
it at signal delivery time is a potential programmer's model / ABI break
... there would be no guaranteed way to return from the signal handler
successfully. That may not be what you meant though ...?
In the sigaltstack() case we do know how much space there is in advance,
but at the time of a sigaltstack() call if any, we may be still be
committed to some VL. The thread is allowed to assume the VL is
unchanged across syscalls even though the SVE register data is not
guaranteed to be preserved.
Possibly sigaltstack() should fail with ENOMEM if ss_size is too small
for the maximum VL supported by the system, but strictly speaking that
violates POSIX if ss_size >= MINSIGSTKSZ. Also, knowing that the stack
is big enough for the kernel-generated still doesn't guarantee that
the handler's own stack needs are satisfied, so this check is of
limited use.
So, my current policy is an extension of the existing one: the stack
must have enough space for the signal frame, or attempted signal
delivery will SEGV the task -- the kernel doesn't try to work around
this in advance.
This isn't fantastic, but I haven't come up with a better answer so far.
I'm open to ideas :)
> > +
> > +
> > +5. Signal return
> > +-----------------
> > +
> > +When returning from a signal handler:
> > +
> > +* If there is no sve_context record in the signal frame, or if the record is
> > + present but contains no register data as desribed in the previous section,
> > + then the SVE registers/bits become non-live and take unspecified values.
> > +
> > +* If sve_context is present in the signal frame and contains full register
> > + data, the SVE registers become live and are populated with the specified
> > + data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
> > + are always restored from the corresponding members of fpsimd_context.vregs[]
> > + and not from sve_context. The remaining bits are restored from sve_context.
> > +
> > +* Inclusion of fpsimd_context in the signal frame remains mandatory,
> > + irrespective of whether sve_context is present or not.
>
> Could we relax this? I'm not sure it's worth it.
It would be cleaner, but I think it's an ABI break. Consider a non-SVE
program that gets linked (perhaps dynamically) against a library variant
that happens to use SVE:
void segv_handler(...)
{
/* examine signal frame FPSIMD_MAGIC to print a crash dump */
}
void f(double d, double *p)
{
some_library_function_that_uses_sve_internally();
*p = d;
}
segv_handler() could previously safely assume that the FPSIMD_MAGIC block
was present in the frame and may now just crash or print garbage if this
block isn't found. But even if it does fail safe, functionality is lost
-- the crash dump cannot now include the value of d becuase the non-SVE-
aware main program doesn't know how to fish it out of the signal frame.
I would be all in favour of getting rid of FPSIMD_MAGIC in this instance
and avoiding the duplication and awkward sigreturn semantics, but I
don't see how we would get away with it without breaking existing
software.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-13 17:17 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 17:17 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Oct 13, 2017 at 03:24:21PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
> > +4. Signal handling
> > +-------------------
> > +
> > +* A new signal frame record sve_context encodes the SVE registers on signal
> > + delivery. [1]
> > +
> > +* This record is supplementary to fpsimd_context. The FPSR and FPCR registers
> > + are only present in fpsimd_context. For convenience, the content of V0..V31
> > + is duplicated between sve_context and fpsimd_context.
> > +
> > +* The signal frame record for SVE always contains basic metadata, in particular
> > + the thread's vector length (in sve_context.vl).
> > +
> > +* The SVE registers may or may not be included in the record, depending on
> > + whether the registers are live for the thread. The registers are present if
> > + and only if:
> > + sve_context.head.size >= SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)).
> > +
> > +* If the registers are present, the remainder of the record has a vl-dependent
> > + size and layout. Macros SIG_SVE_* are defined [1] to facilitate access to
> > + the members.
>
> s/SIG_SVE_/SVE_SIG_/
Oops, good spot. Fixed.
> > +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> > + space is allocated on the stack, an extra_context record is written in
> > + __reserved[] referencing this space. sve_context is then written in the
> > + extra space. Refer to [1] for further details about this mechanism.
>
> Does this document require that the user stack is sufficiently large or
> should we cap the vector length (prior to the last two RFC patches)?
We don't know how much free stack space there actually is until the
signal is delivered.
If the initial user stack at process startup is <8K the user process has
more serious problems than can be solved by clamping the vector length.
After process startup we are committed to some VL, and silently clamping
it at signal delivery time is a potential programmer's model / ABI break
... there would be no guaranteed way to return from the signal handler
successfully. That may not be what you meant though ...?
In the sigaltstack() case we do know how much space there is in advance,
but@the time of a sigaltstack() call if any, we may be still be
committed to some VL. The thread is allowed to assume the VL is
unchanged across syscalls even though the SVE register data is not
guaranteed to be preserved.
Possibly sigaltstack() should fail with ENOMEM if ss_size is too small
for the maximum VL supported by the system, but strictly speaking that
violates POSIX if ss_size >= MINSIGSTKSZ. Also, knowing that the stack
is big enough for the kernel-generated still doesn't guarantee that
the handler's own stack needs are satisfied, so this check is of
limited use.
So, my current policy is an extension of the existing one: the stack
must have enough space for the signal frame, or attempted signal
delivery will SEGV the task -- the kernel doesn't try to work around
this in advance.
This isn't fantastic, but I haven't come up with a better answer so far.
I'm open to ideas :)
> > +
> > +
> > +5. Signal return
> > +-----------------
> > +
> > +When returning from a signal handler:
> > +
> > +* If there is no sve_context record in the signal frame, or if the record is
> > + present but contains no register data as desribed in the previous section,
> > + then the SVE registers/bits become non-live and take unspecified values.
> > +
> > +* If sve_context is present in the signal frame and contains full register
> > + data, the SVE registers become live and are populated with the specified
> > + data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
> > + are always restored from the corresponding members of fpsimd_context.vregs[]
> > + and not from sve_context. The remaining bits are restored from sve_context.
> > +
> > +* Inclusion of fpsimd_context in the signal frame remains mandatory,
> > + irrespective of whether sve_context is present or not.
>
> Could we relax this? I'm not sure it's worth it.
It would be cleaner, but I think it's an ABI break. Consider a non-SVE
program that gets linked (perhaps dynamically) against a library variant
that happens to use SVE:
void segv_handler(...)
{
/* examine signal frame FPSIMD_MAGIC to print a crash dump */
}
void f(double d, double *p)
{
some_library_function_that_uses_sve_internally();
*p = d;
}
segv_handler() could previously safely assume that the FPSIMD_MAGIC block
was present in the frame and may now just crash or print garbage if this
block isn't found. But even if it does fail safe, functionality is lost
-- the crash dump cannot now include the value of d becuase the non-SVE-
aware main program doesn't know how to fish it out of the signal frame.
I would be all in favour of getting rid of FPSIMD_MAGIC in this instance
and avoiding the duplication and awkward sigreturn semantics, but I
don't see how we would get away with it without breaking existing
software.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-13 17:35 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 17:35 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch-u79uwXL29TY76Z2rM5mHXA, Mark Rutland,
Okamoto Takayuki, libc-alpha-9JcytcrH/bA+uJoB2kUjGw,
Ard Biesheuvel, Szabolcs Nagy, Richard Sandiford, Will Deacon,
Michael Kerrisk, Alan Hayward, linux-api-u79uwXL29TY76Z2rM5mHXA,
Alex Bennée, kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r
On Fri, Oct 13, 2017 at 03:24:21PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
[...]
> > +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> > + space is allocated on the stack, an extra_context record is written in
> > + __reserved[] referencing this space. sve_context is then written in the
> > + extra space. Refer to [1] for further details about this mechanism.
>
> Does this document require that the user stack is sufficiently large or
> should we cap the vector length (prior to the last two RFC patches)?
Oh, I think I missed your point here.
I don't think it's worth capping the vector length beyond what the
series alread does: the last two patches provide a way to find out how
big the signal frame could be, but software still needs porting either
way if it enables large vectors via prctl or ptrace.
Conversely, software basing its stack allocations on SIGSTKSZ (16K) will
probably get away with it: this seems to be the common choice when
allocating stacks. Apart from models, we're not likely to see SVE
implementations with huge vector lengths for a while yet.
In any case, /proc/sys/abi/sve_default_vector_length proves a
discretionary global clamp that can be set by the distro or admin. This
will prevent programs from seeing large frames unless the VL is set
explicitly to something > 64 bytes via prctl/ptrace (which current
software won't do).
[...]
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-13 17:35 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 17:35 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Mark Rutland, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Richard Sandiford, Will Deacon,
Michael Kerrisk, Alan Hayward, linux-api, Alex Bennée,
kvmarm, linux-arm-kernel
On Fri, Oct 13, 2017 at 03:24:21PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
[...]
> > +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> > + space is allocated on the stack, an extra_context record is written in
> > + __reserved[] referencing this space. sve_context is then written in the
> > + extra space. Refer to [1] for further details about this mechanism.
>
> Does this document require that the user stack is sufficiently large or
> should we cap the vector length (prior to the last two RFC patches)?
Oh, I think I missed your point here.
I don't think it's worth capping the vector length beyond what the
series alread does: the last two patches provide a way to find out how
big the signal frame could be, but software still needs porting either
way if it enables large vectors via prctl or ptrace.
Conversely, software basing its stack allocations on SIGSTKSZ (16K) will
probably get away with it: this seems to be the common choice when
allocating stacks. Apart from models, we're not likely to see SVE
implementations with huge vector lengths for a while yet.
In any case, /proc/sys/abi/sve_default_vector_length proves a
discretionary global clamp that can be set by the distro or admin. This
will prevent programs from seeing large frames unless the VL is set
explicitly to something > 64 bytes via prctl/ptrace (which current
software won't do).
[...]
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-13 17:35 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 17:35 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Oct 13, 2017 at 03:24:21PM +0100, Catalin Marinas wrote:
> On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
[...]
> > +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> > + space is allocated on the stack, an extra_context record is written in
> > + __reserved[] referencing this space. sve_context is then written in the
> > + extra space. Refer to [1] for further details about this mechanism.
>
> Does this document require that the user stack is sufficiently large or
> should we cap the vector length (prior to the last two RFC patches)?
Oh, I think I missed your point here.
I don't think it's worth capping the vector length beyond what the
series alread does: the last two patches provide a way to find out how
big the signal frame could be, but software still needs porting either
way if it enables large vectors via prctl or ptrace.
Conversely, software basing its stack allocations on SIGSTKSZ (16K) will
probably get away with it: this seems to be the common choice when
allocating stacks. Apart from models, we're not likely to see SVE
implementations with huge vector lengths for a while yet.
In any case, /proc/sys/abi/sve_default_vector_length proves a
discretionary global clamp that can be set by the distro or admin. This
will prevent programs from seeing large frames unless the VL is set
explicitly to something > 64 bytes via prctl/ptrace (which current
software won't do).
[...]
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 11/28] arm64/sve: Core task context handling
2017-10-13 13:57 ` Catalin Marinas
@ 2017-10-13 17:53 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 17:53 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alex Bennée,
kvmarm, linux-arm-kernel
On Fri, Oct 13, 2017 at 02:57:37PM +0100, Catalin Marinas wrote:
> On Thu, Oct 12, 2017 at 05:05:07PM +0100, Dave P Martin wrote:
> > On Wed, Oct 11, 2017 at 05:15:58PM +0100, Catalin Marinas wrote:
> > > On Tue, Oct 10, 2017 at 07:38:28PM +0100, Dave P Martin wrote:
> > > > diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> > > > index 29adab8..4831d28 100644
> > > > --- a/arch/arm64/include/asm/processor.h
> > > > +++ b/arch/arm64/include/asm/processor.h
> > > > @@ -39,6 +47,8 @@
> > > > #define FPEXC_IDF (1 << 7)
> > > >
> > > > /*
> > > > + * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
> > > > + *
> > > > * In order to reduce the number of times the FPSIMD state is needlessly saved
> > > > * and restored, we need to keep track of two things:
> > > > * (a) for each task, we need to remember which CPU was the last one to have
> > > > @@ -99,6 +109,287 @@
> > > > */
> > > > static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
> > > >
> > > > +static void sve_free(struct task_struct *task)
> > > > +{
> > > > + kfree(task->thread.sve_state);
> > > > + task->thread.sve_state = NULL;
> > > > +}
> > >
> > > I think we need a WARN_ON if TIF_SVE is still set here (and the callers
> > > making sure it is cleared). I haven't checked the code paths via
> > > fpsimd_release_thread() but wondering what happens if we get an
> > > interrupt between freeing the state and making the pointer NULL, with
> > > some context switching in a preemptible kernel.
> >
> > Having a WARN_ON() here may be a decent way to sanity-check that we
> > don't ever have sve_state NULL with TIF_SVE set. This is a lot more
> > economical than putting a WARN_ON() at each dereference of sve_state
> > (of which there are quite a few). sve_free() is also a slow path.
> >
> > Currently, there are two callsites: sve_set_vector_length(), where we
> > test_and_clear_tsk_thread_flags(task, TIF_SVE) before calling sve_free();
> > and fpsimd_release_thread() where we "don't care" because the thread
> > is dying.
> >
> > Looking more closely though, is the release_thread() path preemptible?
> > I can't see anything in the scheduler core to ensure this, nor any
> > general reason why it should be needed.
> >
> > In which case preemption during thread exit after sve_free() could
> > result in a NULL deference in fpsimd_thread_switch().
> >
> >
> > So, I think my favoured approach is:
> >
> > sve_release_thread()
> > {
> > local_bh_disable();
> > fpsimd_flush_task_state(current);
> > clear_thread_flag(TIF_SVE);
> > local_bh_enable();
> >
> > sve_free();
> > }
> >
> > The local_bh stuff is cumbersome here, and could be replaced with
> > barrier()s to force the order of fpsimd_flusk_task_state() versus
> > clearing TIF_SVE. Or should the barrier really be in
> > fpsimd_flush_task_state()? Disabling softirqs avoids the need to answer
> > such questions...
> >
> >
> > Then:
> >
> > sve_free(task)
> > {
> > WARN_ON(test_thread_flag(TIF_SVE));
> >
> > barrier();
> > kfree(task->thread.sve_state);
> > tash->thread.sve_state = NULL;
> > }
> >
> > I'm assuming here that kfree() can't be called safely from atomic
> > context, but this is unclear. I would expect to be able to free
> > GFP_ATOMIC memory from atomic context (though sve_statue is GFP_KERNEL,
> > so dunno).
>
> The kfree should be fine.
>
> Alternative proposal: free the SVE state in arch_release_task_struct().
> This is called via the RCU mechanism and the task is no longer current,
> so no preemption issues.
Heh, I wasn't aware of that option. That would be better, since
there's no value in the task still being schedulable while we do
the freeing.
Only SuperH seems to have a real version of that function, but it
frees some dynamically allocated state, which sounds familiar.
I'll take a look at moving over to this.
>
> > > Alternatively, always clear TIF_SVE here before freeing (also wondering
> > > whether we should make sve_state NULL before the actual freeing but I
> > > think TIF_SVE clearing should suffice).
> >
> > Could do. I feel that the current placement of the TIF_SVE clearing in
> > sve_set_vector_length() feels "more natural", but this is a pretty
> > flimsy argument. How strongly do you feel about this?
>
> I agree with you, keep the TIF_SVE clearing in sve_set_vector_length().
OK, will do
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 11/28] arm64/sve: Core task context handling
@ 2017-10-13 17:53 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-13 17:53 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Oct 13, 2017 at 02:57:37PM +0100, Catalin Marinas wrote:
> On Thu, Oct 12, 2017 at 05:05:07PM +0100, Dave P Martin wrote:
> > On Wed, Oct 11, 2017 at 05:15:58PM +0100, Catalin Marinas wrote:
> > > On Tue, Oct 10, 2017 at 07:38:28PM +0100, Dave P Martin wrote:
> > > > diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> > > > index 29adab8..4831d28 100644
> > > > --- a/arch/arm64/include/asm/processor.h
> > > > +++ b/arch/arm64/include/asm/processor.h
> > > > @@ -39,6 +47,8 @@
> > > > #define FPEXC_IDF (1 << 7)
> > > >
> > > > /*
> > > > + * (Note: in this discussion, statements about FPSIMD apply equally to SVE.)
> > > > + *
> > > > * In order to reduce the number of times the FPSIMD state is needlessly saved
> > > > * and restored, we need to keep track of two things:
> > > > * (a) for each task, we need to remember which CPU was the last one to have
> > > > @@ -99,6 +109,287 @@
> > > > */
> > > > static DEFINE_PER_CPU(struct fpsimd_state *, fpsimd_last_state);
> > > >
> > > > +static void sve_free(struct task_struct *task)
> > > > +{
> > > > + kfree(task->thread.sve_state);
> > > > + task->thread.sve_state = NULL;
> > > > +}
> > >
> > > I think we need a WARN_ON if TIF_SVE is still set here (and the callers
> > > making sure it is cleared). I haven't checked the code paths via
> > > fpsimd_release_thread() but wondering what happens if we get an
> > > interrupt between freeing the state and making the pointer NULL, with
> > > some context switching in a preemptible kernel.
> >
> > Having a WARN_ON() here may be a decent way to sanity-check that we
> > don't ever have sve_state NULL with TIF_SVE set. This is a lot more
> > economical than putting a WARN_ON() at each dereference of sve_state
> > (of which there are quite a few). sve_free() is also a slow path.
> >
> > Currently, there are two callsites: sve_set_vector_length(), where we
> > test_and_clear_tsk_thread_flags(task, TIF_SVE) before calling sve_free();
> > and fpsimd_release_thread() where we "don't care" because the thread
> > is dying.
> >
> > Looking more closely though, is the release_thread() path preemptible?
> > I can't see anything in the scheduler core to ensure this, nor any
> > general reason why it should be needed.
> >
> > In which case preemption during thread exit after sve_free() could
> > result in a NULL deference in fpsimd_thread_switch().
> >
> >
> > So, I think my favoured approach is:
> >
> > sve_release_thread()
> > {
> > local_bh_disable();
> > fpsimd_flush_task_state(current);
> > clear_thread_flag(TIF_SVE);
> > local_bh_enable();
> >
> > sve_free();
> > }
> >
> > The local_bh stuff is cumbersome here, and could be replaced with
> > barrier()s to force the order of fpsimd_flusk_task_state() versus
> > clearing TIF_SVE. Or should the barrier really be in
> > fpsimd_flush_task_state()? Disabling softirqs avoids the need to answer
> > such questions...
> >
> >
> > Then:
> >
> > sve_free(task)
> > {
> > WARN_ON(test_thread_flag(TIF_SVE));
> >
> > barrier();
> > kfree(task->thread.sve_state);
> > tash->thread.sve_state = NULL;
> > }
> >
> > I'm assuming here that kfree() can't be called safely from atomic
> > context, but this is unclear. I would expect to be able to free
> > GFP_ATOMIC memory from atomic context (though sve_statue is GFP_KERNEL,
> > so dunno).
>
> The kfree should be fine.
>
> Alternative proposal: free the SVE state in arch_release_task_struct().
> This is called via the RCU mechanism and the task is no longer current,
> so no preemption issues.
Heh, I wasn't aware of that option. That would be better, since
there's no value in the task still being schedulable while we do
the freeing.
Only SuperH seems to have a real version of that function, but it
frees some dynamically allocated state, which sounds familiar.
I'll take a look at moving over to this.
>
> > > Alternatively, always clear TIF_SVE here before freeing (also wondering
> > > whether we should make sve_state NULL before the actual freeing but I
> > > think TIF_SVE clearing should suffice).
> >
> > Could do. I feel that the current placement of the TIF_SVE clearing in
> > sve_set_vector_length() feels "more natural", but this is a pretty
> > flimsy argument. How strongly do you feel about this?
>
> I agree with you, keep the TIF_SVE clearing in sve_set_vector_length().
OK, will do
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
2017-10-12 12:56 ` Suzuki K Poulose
@ 2017-10-16 15:46 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-16 15:46 UTC (permalink / raw)
To: Suzuki K Poulose
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, Alex Bennée, kvmarm
On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
> On 10/10/17 19:38, Dave Martin wrote:
> >This patch uses the cpufeatures framework to determine common SVE
> >capabilities and vector lengths, and configures the runtime SVE
> >support code appropriately.
> >
> >ZCR_ELx is not really a feature register, but it is convenient to
> >use it as a template for recording the maximum vector length
> >supported by a CPU, using the LEN field. This field is similar to
> >a feature field in that it is a contiguous bitfield for which we
> >want to determine the minimum system-wide value. This patch adds
> >ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
> >custom code to populate it. Finding the minimum supported value of
> >the LEN field is left to the cpufeatures framework in the usual
> >way.
> >
> >The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
> >so for now we just require it to be zero.
> >
> >Note that much of this code is dormant and SVE still won't be used
> >yet, since system_supports_sve() remains hardwired to false.
> >
> >Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> >Cc: Alex Bennée <alex.bennee@linaro.org>
> >Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
> >
> >---
> >
> >Dropped Alex Bennée's Reviewed-by, since there is new logic in this
> >patch.
> >
> >Changes since v2
> >----------------
> >
> >Bug fixes:
> >
> > * Got rid of dynamic allocation of the shadow vector length map during
> > secondary boot. Secondary CPU boot takes place in atomic context,
> > and relying on GFP_ATOMIC here doesn't seem justified.
> >
> > Instead, the needed additional bitmap is allocated statically. Only
> > one shadow map is needed, because CPUs don't boot concurrently.
> >
> >Requested by Alex Bennée:
> >
> > * Reflowed untidy comment above read_zcr_features()
> >
> > * Added comments to read_zcr_features() to explain what it's trying to do
> > (which is otherwise not readily apparent).
> >
> >Requested by Catalin Marinas:
> >
> > * Moved disabling of the EL1 SVE trap to the cpufeatures C code.
> > This allows addition of new assembler in __cpu_setup to be
> > avoided.
> >
> >Miscellaneous:
> >
> > * Added comments explaining the intent, purpose and basic constraints
> > for fpsimd.c helpers.
>
> ...
>
> >diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> >index 92a9502..c5acf38 100644
> >--- a/arch/arm64/kernel/cpufeature.c
> >+++ b/arch/arm64/kernel/cpufeature.c
>
> ...
>
> >@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
> > info->reg_mvfr2, boot->reg_mvfr2);
> > }
> >+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
> >+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
> >+ info->reg_zcr, boot->reg_zcr);
> >+
> >+ if (!sys_caps_initialised)
> >+ sve_update_vq_map();
> >+ }
>
> nit: I am not sure if we should also check if the "current" sanitised value
> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
> is as such fine without the check, its just that we can avoid computing the
> map. It is in the CPU boot up path and hence is not performance critical.
> So, either way we are fine.
>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
I think I prefer to avoid adding extra code to optimise the "broken SoC
design" case.
Maybe we could revisit this later if needed.
Can you suggest some code? Maybe the check is simpler than I think.
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 15:46 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-16 15:46 UTC (permalink / raw)
To: linux-arm-kernel
On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
> On 10/10/17 19:38, Dave Martin wrote:
> >This patch uses the cpufeatures framework to determine common SVE
> >capabilities and vector lengths, and configures the runtime SVE
> >support code appropriately.
> >
> >ZCR_ELx is not really a feature register, but it is convenient to
> >use it as a template for recording the maximum vector length
> >supported by a CPU, using the LEN field. This field is similar to
> >a feature field in that it is a contiguous bitfield for which we
> >want to determine the minimum system-wide value. This patch adds
> >ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
> >custom code to populate it. Finding the minimum supported value of
> >the LEN field is left to the cpufeatures framework in the usual
> >way.
> >
> >The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
> >so for now we just require it to be zero.
> >
> >Note that much of this code is dormant and SVE still won't be used
> >yet, since system_supports_sve() remains hardwired to false.
> >
> >Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> >Cc: Alex Benn?e <alex.bennee@linaro.org>
> >Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
> >
> >---
> >
> >Dropped Alex Benn?e's Reviewed-by, since there is new logic in this
> >patch.
> >
> >Changes since v2
> >----------------
> >
> >Bug fixes:
> >
> > * Got rid of dynamic allocation of the shadow vector length map during
> > secondary boot. Secondary CPU boot takes place in atomic context,
> > and relying on GFP_ATOMIC here doesn't seem justified.
> >
> > Instead, the needed additional bitmap is allocated statically. Only
> > one shadow map is needed, because CPUs don't boot concurrently.
> >
> >Requested by Alex Benn?e:
> >
> > * Reflowed untidy comment above read_zcr_features()
> >
> > * Added comments to read_zcr_features() to explain what it's trying to do
> > (which is otherwise not readily apparent).
> >
> >Requested by Catalin Marinas:
> >
> > * Moved disabling of the EL1 SVE trap to the cpufeatures C code.
> > This allows addition of new assembler in __cpu_setup to be
> > avoided.
> >
> >Miscellaneous:
> >
> > * Added comments explaining the intent, purpose and basic constraints
> > for fpsimd.c helpers.
>
> ...
>
> >diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> >index 92a9502..c5acf38 100644
> >--- a/arch/arm64/kernel/cpufeature.c
> >+++ b/arch/arm64/kernel/cpufeature.c
>
> ...
>
> >@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
> > info->reg_mvfr2, boot->reg_mvfr2);
> > }
> >+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
> >+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
> >+ info->reg_zcr, boot->reg_zcr);
> >+
> >+ if (!sys_caps_initialised)
> >+ sve_update_vq_map();
> >+ }
>
> nit: I am not sure if we should also check if the "current" sanitised value
> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
> is as such fine without the check, its just that we can avoid computing the
> map. It is in the CPU boot up path and hence is not performance critical.
> So, either way we are fine.
>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
I think I prefer to avoid adding extra code to optimise the "broken SoC
design" case.
Maybe we could revisit this later if needed.
Can you suggest some code? Maybe the check is simpler than I think.
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:27 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-16 16:27 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm, linux-arm-kernel
On 16/10/17 16:46, Dave Martin wrote:
> On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
>> On 10/10/17 19:38, Dave Martin wrote:
>>> This patch uses the cpufeatures framework to determine common SVE
>>> capabilities and vector lengths, and configures the runtime SVE
>>> support code appropriately.
>>>
>>> ZCR_ELx is not really a feature register, but it is convenient to
>>> use it as a template for recording the maximum vector length
>>> supported by a CPU, using the LEN field. This field is similar to
>>> a feature field in that it is a contiguous bitfield for which we
>>> want to determine the minimum system-wide value. This patch adds
>>> ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
>>> custom code to populate it. Finding the minimum supported value of
>>> the LEN field is left to the cpufeatures framework in the usual
>>> way.
>>>
>>> The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
>>> so for now we just require it to be zero.
>>>
>>> Note that much of this code is dormant and SVE still won't be used
>>> yet, since system_supports_sve() remains hardwired to false.
>>>
>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>> Cc: Alex Bennée <alex.bennee@linaro.org>
>>> Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
>>>
>>> ---
>>>
>>> Dropped Alex Bennée's Reviewed-by, since there is new logic in this
>>> patch.
>>>
>>> Changes since v2
>>> ----------------
>>>
>>> Bug fixes:
>>>
>>> * Got rid of dynamic allocation of the shadow vector length map during
>>> secondary boot. Secondary CPU boot takes place in atomic context,
>>> and relying on GFP_ATOMIC here doesn't seem justified.
>>>
>>> Instead, the needed additional bitmap is allocated statically. Only
>>> one shadow map is needed, because CPUs don't boot concurrently.
>>>
>>> Requested by Alex Bennée:
>>>
>>> * Reflowed untidy comment above read_zcr_features()
>>>
>>> * Added comments to read_zcr_features() to explain what it's trying to do
>>> (which is otherwise not readily apparent).
>>>
>>> Requested by Catalin Marinas:
>>>
>>> * Moved disabling of the EL1 SVE trap to the cpufeatures C code.
>>> This allows addition of new assembler in __cpu_setup to be
>>> avoided.
>>>
>>> Miscellaneous:
>>>
>>> * Added comments explaining the intent, purpose and basic constraints
>>> for fpsimd.c helpers.
>>
>> ...
>>
>>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>>> index 92a9502..c5acf38 100644
>>> --- a/arch/arm64/kernel/cpufeature.c
>>> +++ b/arch/arm64/kernel/cpufeature.c
>>
>> ...
>>
>>> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
>>> info->reg_mvfr2, boot->reg_mvfr2);
>>> }
>>> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
>>> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
>>> + info->reg_zcr, boot->reg_zcr);
>>> +
>>> + if (!sys_caps_initialised)
>>> + sve_update_vq_map();
>>> + }
>>
>> nit: I am not sure if we should also check if the "current" sanitised value
>> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
>> is as such fine without the check, its just that we can avoid computing the
>> map. It is in the CPU boot up path and hence is not performance critical.
>> So, either way we are fine.
>>
>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>
> I think I prefer to avoid adding extra code to optimise the "broken SoC
> design" case.
>
Sure.
> Maybe we could revisit this later if needed.
>
> Can you suggest some code? Maybe the check is simpler than I think.
Something like :
if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
id_aa64pfr0_sve(id_aa64pfr0)) {
...
}
should be enough.
Or even we could hack it to :
if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
As I mentioned, the code as such is fine. Its just that we try to detect
if the SVE is already moot and skip the steps for this CPU.
Cheers
Suzuki
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:27 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-16 16:27 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, Alex Bennée, kvmarm
On 16/10/17 16:46, Dave Martin wrote:
> On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
>> On 10/10/17 19:38, Dave Martin wrote:
>>> This patch uses the cpufeatures framework to determine common SVE
>>> capabilities and vector lengths, and configures the runtime SVE
>>> support code appropriately.
>>>
>>> ZCR_ELx is not really a feature register, but it is convenient to
>>> use it as a template for recording the maximum vector length
>>> supported by a CPU, using the LEN field. This field is similar to
>>> a feature field in that it is a contiguous bitfield for which we
>>> want to determine the minimum system-wide value. This patch adds
>>> ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
>>> custom code to populate it. Finding the minimum supported value of
>>> the LEN field is left to the cpufeatures framework in the usual
>>> way.
>>>
>>> The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
>>> so for now we just require it to be zero.
>>>
>>> Note that much of this code is dormant and SVE still won't be used
>>> yet, since system_supports_sve() remains hardwired to false.
>>>
>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>> Cc: Alex Bennée <alex.bennee@linaro.org>
>>> Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
>>>
>>> ---
>>>
>>> Dropped Alex Bennée's Reviewed-by, since there is new logic in this
>>> patch.
>>>
>>> Changes since v2
>>> ----------------
>>>
>>> Bug fixes:
>>>
>>> * Got rid of dynamic allocation of the shadow vector length map during
>>> secondary boot. Secondary CPU boot takes place in atomic context,
>>> and relying on GFP_ATOMIC here doesn't seem justified.
>>>
>>> Instead, the needed additional bitmap is allocated statically. Only
>>> one shadow map is needed, because CPUs don't boot concurrently.
>>>
>>> Requested by Alex Bennée:
>>>
>>> * Reflowed untidy comment above read_zcr_features()
>>>
>>> * Added comments to read_zcr_features() to explain what it's trying to do
>>> (which is otherwise not readily apparent).
>>>
>>> Requested by Catalin Marinas:
>>>
>>> * Moved disabling of the EL1 SVE trap to the cpufeatures C code.
>>> This allows addition of new assembler in __cpu_setup to be
>>> avoided.
>>>
>>> Miscellaneous:
>>>
>>> * Added comments explaining the intent, purpose and basic constraints
>>> for fpsimd.c helpers.
>>
>> ...
>>
>>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>>> index 92a9502..c5acf38 100644
>>> --- a/arch/arm64/kernel/cpufeature.c
>>> +++ b/arch/arm64/kernel/cpufeature.c
>>
>> ...
>>
>>> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
>>> info->reg_mvfr2, boot->reg_mvfr2);
>>> }
>>> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
>>> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
>>> + info->reg_zcr, boot->reg_zcr);
>>> +
>>> + if (!sys_caps_initialised)
>>> + sve_update_vq_map();
>>> + }
>>
>> nit: I am not sure if we should also check if the "current" sanitised value
>> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
>> is as such fine without the check, its just that we can avoid computing the
>> map. It is in the CPU boot up path and hence is not performance critical.
>> So, either way we are fine.
>>
>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>
> I think I prefer to avoid adding extra code to optimise the "broken SoC
> design" case.
>
Sure.
> Maybe we could revisit this later if needed.
>
> Can you suggest some code? Maybe the check is simpler than I think.
Something like :
if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
id_aa64pfr0_sve(id_aa64pfr0)) {
...
}
should be enough.
Or even we could hack it to :
if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
As I mentioned, the code as such is fine. Its just that we try to detect
if the SVE is already moot and skip the steps for this CPU.
Cheers
Suzuki
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:27 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-16 16:27 UTC (permalink / raw)
To: linux-arm-kernel
On 16/10/17 16:46, Dave Martin wrote:
> On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
>> On 10/10/17 19:38, Dave Martin wrote:
>>> This patch uses the cpufeatures framework to determine common SVE
>>> capabilities and vector lengths, and configures the runtime SVE
>>> support code appropriately.
>>>
>>> ZCR_ELx is not really a feature register, but it is convenient to
>>> use it as a template for recording the maximum vector length
>>> supported by a CPU, using the LEN field. This field is similar to
>>> a feature field in that it is a contiguous bitfield for which we
>>> want to determine the minimum system-wide value. This patch adds
>>> ZCR as a pseudo-register in cpuinfo/cpufeatures, with appropriate
>>> custom code to populate it. Finding the minimum supported value of
>>> the LEN field is left to the cpufeatures framework in the usual
>>> way.
>>>
>>> The meaning of ID_AA64ZFR0_EL1 is not architecturally defined yet,
>>> so for now we just require it to be zero.
>>>
>>> Note that much of this code is dormant and SVE still won't be used
>>> yet, since system_supports_sve() remains hardwired to false.
>>>
>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>> Cc: Alex Benn?e <alex.bennee@linaro.org>
>>> Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
>>>
>>> ---
>>>
>>> Dropped Alex Benn?e's Reviewed-by, since there is new logic in this
>>> patch.
>>>
>>> Changes since v2
>>> ----------------
>>>
>>> Bug fixes:
>>>
>>> * Got rid of dynamic allocation of the shadow vector length map during
>>> secondary boot. Secondary CPU boot takes place in atomic context,
>>> and relying on GFP_ATOMIC here doesn't seem justified.
>>>
>>> Instead, the needed additional bitmap is allocated statically. Only
>>> one shadow map is needed, because CPUs don't boot concurrently.
>>>
>>> Requested by Alex Benn?e:
>>>
>>> * Reflowed untidy comment above read_zcr_features()
>>>
>>> * Added comments to read_zcr_features() to explain what it's trying to do
>>> (which is otherwise not readily apparent).
>>>
>>> Requested by Catalin Marinas:
>>>
>>> * Moved disabling of the EL1 SVE trap to the cpufeatures C code.
>>> This allows addition of new assembler in __cpu_setup to be
>>> avoided.
>>>
>>> Miscellaneous:
>>>
>>> * Added comments explaining the intent, purpose and basic constraints
>>> for fpsimd.c helpers.
>>
>> ...
>>
>>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>>> index 92a9502..c5acf38 100644
>>> --- a/arch/arm64/kernel/cpufeature.c
>>> +++ b/arch/arm64/kernel/cpufeature.c
>>
>> ...
>>
>>> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
>>> info->reg_mvfr2, boot->reg_mvfr2);
>>> }
>>> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
>>> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
>>> + info->reg_zcr, boot->reg_zcr);
>>> +
>>> + if (!sys_caps_initialised)
>>> + sve_update_vq_map();
>>> + }
>>
>> nit: I am not sure if we should also check if the "current" sanitised value
>> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
>> is as such fine without the check, its just that we can avoid computing the
>> map. It is in the CPU boot up path and hence is not performance critical.
>> So, either way we are fine.
>>
>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>
> I think I prefer to avoid adding extra code to optimise the "broken SoC
> design" case.
>
Sure.
> Maybe we could revisit this later if needed.
>
> Can you suggest some code? Maybe the check is simpler than I think.
Something like :
if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
id_aa64pfr0_sve(id_aa64pfr0)) {
...
}
should be enough.
Or even we could hack it to :
if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
As I mentioned, the code as such is fine. Its just that we try to detect
if the SVE is already moot and skip the steps for this CPU.
Cheers
Suzuki
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
2017-10-16 16:27 ` Suzuki K Poulose
@ 2017-10-16 16:44 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-16 16:44 UTC (permalink / raw)
To: Suzuki K Poulose
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm, linux-arm-kernel
On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
> On 16/10/17 16:46, Dave Martin wrote:
> >On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
> >>On 10/10/17 19:38, Dave Martin wrote:
[...]
> >>>@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
> >>> info->reg_mvfr2, boot->reg_mvfr2);
> >>> }
> >>>+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
> >>>+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
> >>>+ info->reg_zcr, boot->reg_zcr);
> >>>+
> >>>+ if (!sys_caps_initialised)
> >>>+ sve_update_vq_map();
> >>>+ }
> >>
> >>nit: I am not sure if we should also check if the "current" sanitised value
> >>of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
> >>is as such fine without the check, its just that we can avoid computing the
> >>map. It is in the CPU boot up path and hence is not performance critical.
> >>So, either way we are fine.
> >>
> >>Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> >
> >I think I prefer to avoid adding extra code to optimise the "broken SoC
> >design" case.
> >
>
> Sure.
>
> >Maybe we could revisit this later if needed.
> >
> >Can you suggest some code? Maybe the check is simpler than I think.
>
> Something like :
>
> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
> id_aa64pfr0_sve(id_aa64pfr0)) {
> ...
> }
>
> should be enough.
>
> Or even we could hack it to :
>
> if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
>
> As I mentioned, the code as such is fine. Its just that we try to detect
> if the SVE is already moot and skip the steps for this CPU.
How about the following, keeping the outer
if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
- if (!sys_caps_initialised)
+ /* Probe vector lengths, unless we already gave up on SVE */
+ if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
+ !sys_caps_initialised)
sve_update_vq_map();
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:44 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-16 16:44 UTC (permalink / raw)
To: linux-arm-kernel
On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
> On 16/10/17 16:46, Dave Martin wrote:
> >On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
> >>On 10/10/17 19:38, Dave Martin wrote:
[...]
> >>>@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
> >>> info->reg_mvfr2, boot->reg_mvfr2);
> >>> }
> >>>+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
> >>>+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
> >>>+ info->reg_zcr, boot->reg_zcr);
> >>>+
> >>>+ if (!sys_caps_initialised)
> >>>+ sve_update_vq_map();
> >>>+ }
> >>
> >>nit: I am not sure if we should also check if the "current" sanitised value
> >>of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
> >>is as such fine without the check, its just that we can avoid computing the
> >>map. It is in the CPU boot up path and hence is not performance critical.
> >>So, either way we are fine.
> >>
> >>Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> >
> >I think I prefer to avoid adding extra code to optimise the "broken SoC
> >design" case.
> >
>
> Sure.
>
> >Maybe we could revisit this later if needed.
> >
> >Can you suggest some code? Maybe the check is simpler than I think.
>
> Something like :
>
> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
> id_aa64pfr0_sve(id_aa64pfr0)) {
> ...
> }
>
> should be enough.
>
> Or even we could hack it to :
>
> if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
>
> As I mentioned, the code as such is fine. Its just that we try to detect
> if the SVE is already moot and skip the steps for this CPU.
How about the following, keeping the outer
if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
- if (!sys_caps_initialised)
+ /* Probe vector lengths, unless we already gave up on SVE */
+ if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
+ !sys_caps_initialised)
sve_update_vq_map();
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:47 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-16 16:47 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm, linux-arm-kernel
On 16/10/17 17:44, Dave Martin wrote:
> On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
>> On 16/10/17 16:46, Dave Martin wrote:
>>> On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
>>>> On 10/10/17 19:38, Dave Martin wrote:
>
> [...]
>
>>>>> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
>>>>> info->reg_mvfr2, boot->reg_mvfr2);
>>>>> }
>>>>> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
>>>>> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
>>>>> + info->reg_zcr, boot->reg_zcr);
>>>>> +
>>>>> + if (!sys_caps_initialised)
>>>>> + sve_update_vq_map();
>>>>> + }
>>>>
>>>> nit: I am not sure if we should also check if the "current" sanitised value
>>>> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
>>>> is as such fine without the check, its just that we can avoid computing the
>>>> map. It is in the CPU boot up path and hence is not performance critical.
>>>> So, either way we are fine.
>>>>
>>>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>>>
>>> I think I prefer to avoid adding extra code to optimise the "broken SoC
>>> design" case.
>>>
>>
>> Sure.
>>
>>> Maybe we could revisit this later if needed.
>>>
>>> Can you suggest some code? Maybe the check is simpler than I think.
>>
>> Something like :
>>
>> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
>> id_aa64pfr0_sve(id_aa64pfr0)) {
>> ...
>> }
>>
>> should be enough.
>>
>> Or even we could hack it to :
>>
>> if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
>>
>> As I mentioned, the code as such is fine. Its just that we try to detect
>> if the SVE is already moot and skip the steps for this CPU.
>
> How about the following, keeping the outer
> if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
>
> - if (!sys_caps_initialised)
> + /* Probe vector lengths, unless we already gave up on SVE */
> + if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
> + !sys_caps_initialised)
> sve_update_vq_map();
Yep, that looks neater.
Cheers
Suzuki
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:47 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-16 16:47 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm, linux-arm-kernel
On 16/10/17 17:44, Dave Martin wrote:
> On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
>> On 16/10/17 16:46, Dave Martin wrote:
>>> On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
>>>> On 10/10/17 19:38, Dave Martin wrote:
>
> [...]
>
>>>>> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
>>>>> info->reg_mvfr2, boot->reg_mvfr2);
>>>>> }
>>>>> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
>>>>> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
>>>>> + info->reg_zcr, boot->reg_zcr);
>>>>> +
>>>>> + if (!sys_caps_initialised)
>>>>> + sve_update_vq_map();
>>>>> + }
>>>>
>>>> nit: I am not sure if we should also check if the "current" sanitised value
>>>> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
>>>> is as such fine without the check, its just that we can avoid computing the
>>>> map. It is in the CPU boot up path and hence is not performance critical.
>>>> So, either way we are fine.
>>>>
>>>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>>>
>>> I think I prefer to avoid adding extra code to optimise the "broken SoC
>>> design" case.
>>>
>>
>> Sure.
>>
>>> Maybe we could revisit this later if needed.
>>>
>>> Can you suggest some code? Maybe the check is simpler than I think.
>>
>> Something like :
>>
>> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
>> id_aa64pfr0_sve(id_aa64pfr0)) {
>> ...
>> }
>>
>> should be enough.
>>
>> Or even we could hack it to :
>>
>> if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
>>
>> As I mentioned, the code as such is fine. Its just that we try to detect
>> if the SVE is already moot and skip the steps for this CPU.
>
> How about the following, keeping the outer
> if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
>
> - if (!sys_caps_initialised)
> + /* Probe vector lengths, unless we already gave up on SVE */
> + if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
> + !sys_caps_initialised)
> sve_update_vq_map();
Yep, that looks neater.
Cheers
Suzuki
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:47 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-16 16:47 UTC (permalink / raw)
To: linux-arm-kernel
On 16/10/17 17:44, Dave Martin wrote:
> On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
>> On 16/10/17 16:46, Dave Martin wrote:
>>> On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
>>>> On 10/10/17 19:38, Dave Martin wrote:
>
> [...]
>
>>>>> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
>>>>> info->reg_mvfr2, boot->reg_mvfr2);
>>>>> }
>>>>> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
>>>>> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
>>>>> + info->reg_zcr, boot->reg_zcr);
>>>>> +
>>>>> + if (!sys_caps_initialised)
>>>>> + sve_update_vq_map();
>>>>> + }
>>>>
>>>> nit: I am not sure if we should also check if the "current" sanitised value
>>>> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
>>>> is as such fine without the check, its just that we can avoid computing the
>>>> map. It is in the CPU boot up path and hence is not performance critical.
>>>> So, either way we are fine.
>>>>
>>>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>>>
>>> I think I prefer to avoid adding extra code to optimise the "broken SoC
>>> design" case.
>>>
>>
>> Sure.
>>
>>> Maybe we could revisit this later if needed.
>>>
>>> Can you suggest some code? Maybe the check is simpler than I think.
>>
>> Something like :
>>
>> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
>> id_aa64pfr0_sve(id_aa64pfr0)) {
>> ...
>> }
>>
>> should be enough.
>>
>> Or even we could hack it to :
>>
>> if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
>>
>> As I mentioned, the code as such is fine. Its just that we try to detect
>> if the SVE is already moot and skip the steps for this CPU.
>
> How about the following, keeping the outer
> if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
>
> - if (!sys_caps_initialised)
> + /* Probe vector lengths, unless we already gave up on SVE */
> + if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
> + !sys_caps_initialised)
> sve_update_vq_map();
Yep, that looks neater.
Cheers
Suzuki
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
2017-10-16 16:47 ` Suzuki K Poulose
@ 2017-10-16 16:55 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-16 16:55 UTC (permalink / raw)
To: Suzuki K Poulose
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm, linux-arm-kernel
On Mon, Oct 16, 2017 at 05:47:16PM +0100, Suzuki K Poulose wrote:
> On 16/10/17 17:44, Dave Martin wrote:
> >On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
> >>On 16/10/17 16:46, Dave Martin wrote:
> >>>On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
> >>>>On 10/10/17 19:38, Dave Martin wrote:
> >
> >[...]
> >
> >>>>>@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
> >>>>> info->reg_mvfr2, boot->reg_mvfr2);
> >>>>> }
> >>>>>+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
> >>>>>+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
> >>>>>+ info->reg_zcr, boot->reg_zcr);
> >>>>>+
> >>>>>+ if (!sys_caps_initialised)
> >>>>>+ sve_update_vq_map();
> >>>>>+ }
> >>>>
> >>>>nit: I am not sure if we should also check if the "current" sanitised value
> >>>>of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
> >>>>is as such fine without the check, its just that we can avoid computing the
> >>>>map. It is in the CPU boot up path and hence is not performance critical.
> >>>>So, either way we are fine.
> >>>>
> >>>>Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> >>>
> >>>I think I prefer to avoid adding extra code to optimise the "broken SoC
> >>>design" case.
> >>>
> >>
> >>Sure.
> >>
> >>>Maybe we could revisit this later if needed.
> >>>
> >>>Can you suggest some code? Maybe the check is simpler than I think.
> >>
> >>Something like :
> >>
> >>if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
> >> id_aa64pfr0_sve(id_aa64pfr0)) {
> >> ...
> >>}
> >>
> >>should be enough.
> >>
> >>Or even we could hack it to :
> >>
> >>if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
> >>
> >>As I mentioned, the code as such is fine. Its just that we try to detect
> >>if the SVE is already moot and skip the steps for this CPU.
> >
> >How about the following, keeping the outer
> >if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
> >
> >- if (!sys_caps_initialised)
> >+ /* Probe vector lengths, unless we already gave up on SVE */
> >+ if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
> >+ !sys_caps_initialised)
> > sve_update_vq_map();
>
> Yep, that looks neater.
Sorry, that should have been
if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1)) &&
(Disturbingly, the original does build and then hits a BUG(), because
ID_AA64PFR0_SVE happens to be defined).
With the above, are you happy for me to apply your Reviewed-by, or would
you prefer to wait for the respin?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:55 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-16 16:55 UTC (permalink / raw)
To: linux-arm-kernel
On Mon, Oct 16, 2017 at 05:47:16PM +0100, Suzuki K Poulose wrote:
> On 16/10/17 17:44, Dave Martin wrote:
> >On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
> >>On 16/10/17 16:46, Dave Martin wrote:
> >>>On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
> >>>>On 10/10/17 19:38, Dave Martin wrote:
> >
> >[...]
> >
> >>>>>@@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
> >>>>> info->reg_mvfr2, boot->reg_mvfr2);
> >>>>> }
> >>>>>+ if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
> >>>>>+ taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
> >>>>>+ info->reg_zcr, boot->reg_zcr);
> >>>>>+
> >>>>>+ if (!sys_caps_initialised)
> >>>>>+ sve_update_vq_map();
> >>>>>+ }
> >>>>
> >>>>nit: I am not sure if we should also check if the "current" sanitised value
> >>>>of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
> >>>>is as such fine without the check, its just that we can avoid computing the
> >>>>map. It is in the CPU boot up path and hence is not performance critical.
> >>>>So, either way we are fine.
> >>>>
> >>>>Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> >>>
> >>>I think I prefer to avoid adding extra code to optimise the "broken SoC
> >>>design" case.
> >>>
> >>
> >>Sure.
> >>
> >>>Maybe we could revisit this later if needed.
> >>>
> >>>Can you suggest some code? Maybe the check is simpler than I think.
> >>
> >>Something like :
> >>
> >>if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
> >> id_aa64pfr0_sve(id_aa64pfr0)) {
> >> ...
> >>}
> >>
> >>should be enough.
> >>
> >>Or even we could hack it to :
> >>
> >>if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
> >>
> >>As I mentioned, the code as such is fine. Its just that we try to detect
> >>if the SVE is already moot and skip the steps for this CPU.
> >
> >How about the following, keeping the outer
> >if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
> >
> >- if (!sys_caps_initialised)
> >+ /* Probe vector lengths, unless we already gave up on SVE */
> >+ if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
> >+ !sys_caps_initialised)
> > sve_update_vq_map();
>
> Yep, that looks neater.
Sorry, that should have been
if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1)) &&
(Disturbingly, the original does build and then hits a BUG(), because
ID_AA64PFR0_SVE happens to be defined).
With the above, are you happy for me to apply your Reviewed-by, or would
you prefer to wait for the respin?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
2017-10-16 16:55 ` Dave Martin
@ 2017-10-16 16:58 ` Suzuki K Poulose
-1 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-16 16:58 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
Alex Bennée, kvmarm, linux-arm-kernel
On 16/10/17 17:55, Dave Martin wrote:
> On Mon, Oct 16, 2017 at 05:47:16PM +0100, Suzuki K Poulose wrote:
>> On 16/10/17 17:44, Dave Martin wrote:
>>> On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
>>>> On 16/10/17 16:46, Dave Martin wrote:
>>>>> On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
>>>>>> On 10/10/17 19:38, Dave Martin wrote:
>>>
>>> [...]
>>>
>>>>>>> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
>>>>>>> info->reg_mvfr2, boot->reg_mvfr2);
>>>>>>> }
>>>>>>> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
>>>>>>> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
>>>>>>> + info->reg_zcr, boot->reg_zcr);
>>>>>>> +
>>>>>>> + if (!sys_caps_initialised)
>>>>>>> + sve_update_vq_map();
>>>>>>> + }
>>>>>>
>>>>>> nit: I am not sure if we should also check if the "current" sanitised value
>>>>>> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
>>>>>> is as such fine without the check, its just that we can avoid computing the
>>>>>> map. It is in the CPU boot up path and hence is not performance critical.
>>>>>> So, either way we are fine.
>>>>>>
>>>>>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>>>>>
>>>>> I think I prefer to avoid adding extra code to optimise the "broken SoC
>>>>> design" case.
>>>>>
>>>>
>>>> Sure.
>>>>
>>>>> Maybe we could revisit this later if needed.
>>>>>
>>>>> Can you suggest some code? Maybe the check is simpler than I think.
>>>>
>>>> Something like :
>>>>
>>>> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
>>>> id_aa64pfr0_sve(id_aa64pfr0)) {
>>>> ...
>>>> }
>>>>
>>>> should be enough.
>>>>
>>>> Or even we could hack it to :
>>>>
>>>> if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
>>>>
>>>> As I mentioned, the code as such is fine. Its just that we try to detect
>>>> if the SVE is already moot and skip the steps for this CPU.
>>>
>>> How about the following, keeping the outer
>>> if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
>>>
>>> - if (!sys_caps_initialised)
>>> + /* Probe vector lengths, unless we already gave up on SVE */
>>> + if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
>>> + !sys_caps_initialised)
>>> sve_update_vq_map();
>>
>> Yep, that looks neater.
>
> Sorry, that should have been
>
> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1)) &&
>
> (Disturbingly, the original does build and then hits a BUG(), because
> ID_AA64PFR0_SVE happens to be defined).
Ouch ! I didn't notice that ;-). Good to see the BUG() catching such mistakes.
>
>
> With the above, are you happy for me to apply your Reviewed-by, or would
> you prefer to wait for the respin?
With the changes as we discussed above, please feel free to
add :
Reviewed-by : Suzuki K Poulose <suzuki.poulose@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths
@ 2017-10-16 16:58 ` Suzuki K Poulose
0 siblings, 0 replies; 253+ messages in thread
From: Suzuki K Poulose @ 2017-10-16 16:58 UTC (permalink / raw)
To: linux-arm-kernel
On 16/10/17 17:55, Dave Martin wrote:
> On Mon, Oct 16, 2017 at 05:47:16PM +0100, Suzuki K Poulose wrote:
>> On 16/10/17 17:44, Dave Martin wrote:
>>> On Mon, Oct 16, 2017 at 05:27:59PM +0100, Suzuki K Poulose wrote:
>>>> On 16/10/17 16:46, Dave Martin wrote:
>>>>> On Thu, Oct 12, 2017 at 01:56:51PM +0100, Suzuki K Poulose wrote:
>>>>>> On 10/10/17 19:38, Dave Martin wrote:
>>>
>>> [...]
>>>
>>>>>>> @@ -670,6 +689,14 @@ void update_cpu_features(int cpu,
>>>>>>> info->reg_mvfr2, boot->reg_mvfr2);
>>>>>>> }
>>>>>>> + if (id_aa64pfr0_sve(info->reg_id_aa64pfr0)) {
>>>>>>> + taint |= check_update_ftr_reg(SYS_ZCR_EL1, cpu,
>>>>>>> + info->reg_zcr, boot->reg_zcr);
>>>>>>> +
>>>>>>> + if (!sys_caps_initialised)
>>>>>>> + sve_update_vq_map();
>>>>>>> + }
>>>>>>
>>>>>> nit: I am not sure if we should also check if the "current" sanitised value
>>>>>> of the id_aa64pfr0 also supports sve and skip the update if it isn't. The code
>>>>>> is as such fine without the check, its just that we can avoid computing the
>>>>>> map. It is in the CPU boot up path and hence is not performance critical.
>>>>>> So, either way we are fine.
>>>>>>
>>>>>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>>>>>
>>>>> I think I prefer to avoid adding extra code to optimise the "broken SoC
>>>>> design" case.
>>>>>
>>>>
>>>> Sure.
>>>>
>>>>> Maybe we could revisit this later if needed.
>>>>>
>>>>> Can you suggest some code? Maybe the check is simpler than I think.
>>>>
>>>> Something like :
>>>>
>>>> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_IDAA64PFR0)) &&
>>>> id_aa64pfr0_sve(id_aa64pfr0)) {
>>>> ...
>>>> }
>>>>
>>>> should be enough.
>>>>
>>>> Or even we could hack it to :
>>>>
>>>> if (id_aa64pfr0_sve(id_aa64pfr0 | read_sanitised_ftr_reg(SYS_IDAA64PFR0)))
>>>>
>>>> As I mentioned, the code as such is fine. Its just that we try to detect
>>>> if the SVE is already moot and skip the steps for this CPU.
>>>
>>> How about the following, keeping the outer
>>> if(id_aa64pfr0_sve(int->reg_id_aa64pfr0)) from my current code:
>>>
>>> - if (!sys_caps_initialised)
>>> + /* Probe vector lengths, unless we already gave up on SVE */
>>> + if (id_aa64pfr0_sve(read_sanitised_ftr_reg(ID_AA64PFR0_SVE)) &&
>>> + !sys_caps_initialised)
>>> sve_update_vq_map();
>>
>> Yep, that looks neater.
>
> Sorry, that should have been
>
> if (id_aa64pfr0_sve(read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1)) &&
>
> (Disturbingly, the original does build and then hits a BUG(), because
> ID_AA64PFR0_SVE happens to be defined).
Ouch ! I didn't notice that ;-). Good to see the BUG() catching such mistakes.
>
>
> With the above, are you happy for me to apply your Reviewed-by, or would
> you prefer to wait for the respin?
With the changes as we discussed above, please feel free to
add :
Reviewed-by : Suzuki K Poulose <suzuki.poulose@arm.com>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-17 11:50 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 11:50 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Marc Zyngier, Richard Sandiford, kvmarm
On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> Until KVM has full SVE support, guests must not be allowed to
> execute SVE instructions.
>
> This patch enables the necessary traps, and also ensures that the
> traps are disabled again on exit from the guest so that the host
> can still use SVE if it wants to.
>
> This patch introduces another instance of
> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> Other instances are ported appropriately.
I don't understand this paragraph, beginning from ", so this...".
From reading the code, what I think is the reason for having to flush
the SVE state (and mark the host state invalid) is that even though we
disallow SVE usage in the guest, the guest can use the normal FP state,
and while we always fully preserve the host state, this could still
corrupt some additional SVE state not properly preserved for the host.
Is that correct?
>
> As a side effect of this refactoring, a this_cpu_write() in
> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> should be fine, since cpu_pm_enter() is supposed to be called only
> with interrupts disabled.
Otherwise the patch itself looks good to me.
Thanks,
-Christoffer
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm/include/asm/kvm_host.h | 3 +++
> arch/arm64/include/asm/fpsimd.h | 1 +
> arch/arm64/include/asm/kvm_arm.h | 4 +++-
> arch/arm64/include/asm/kvm_host.h | 11 +++++++++++
> arch/arm64/kernel/fpsimd.c | 31 +++++++++++++++++++++++++++++--
> arch/arm64/kvm/hyp/switch.c | 6 +++---
> virt/kvm/arm/arm.c | 3 +++
> 7 files changed, 53 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index 4a879f6..242151e 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -293,4 +293,7 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,
> int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
> struct kvm_device_attr *attr);
>
> +/* All host FP/SIMD state is restored on guest exit, so nothing to save: */
> +static inline void kvm_fpsimd_flush_cpu_state(void) {}
> +
> #endif /* __ARM_KVM_HOST_H__ */
> diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> index 3cfdfbe..10b2824 100644
> --- a/arch/arm64/include/asm/fpsimd.h
> +++ b/arch/arm64/include/asm/fpsimd.h
> @@ -75,6 +75,7 @@ extern void fpsimd_restore_current_state(void);
> extern void fpsimd_update_current_state(struct fpsimd_state *state);
>
> extern void fpsimd_flush_task_state(struct task_struct *target);
> +extern void sve_flush_cpu_state(void);
>
> /* Maximum VL that SVE VL-agnostic software can transparently support */
> #define SVE_VL_ARCH_MAX 0x100
> diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
> index dbf0537..7f069ff 100644
> --- a/arch/arm64/include/asm/kvm_arm.h
> +++ b/arch/arm64/include/asm/kvm_arm.h
> @@ -186,7 +186,8 @@
> #define CPTR_EL2_TTA (1 << 20)
> #define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
> #define CPTR_EL2_TZ (1 << 8)
> -#define CPTR_EL2_DEFAULT 0x000033ff
> +#define CPTR_EL2_RES1 0x000032ff /* known RES1 bits in CPTR_EL2 */
> +#define CPTR_EL2_DEFAULT CPTR_EL2_RES1
>
> /* Hyp Debug Configuration Register bits */
> #define MDCR_EL2_TPMS (1 << 14)
> @@ -237,5 +238,6 @@
>
> #define CPACR_EL1_FPEN (3 << 20)
> #define CPACR_EL1_TTA (1 << 28)
> +#define CPACR_EL1_DEFAULT (CPACR_EL1_FPEN | CPACR_EL1_ZEN_EL1EN)
>
> #endif /* __ARM64_KVM_ARM_H__ */
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index e923b58..674912d 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -25,6 +25,7 @@
> #include <linux/types.h>
> #include <linux/kvm_types.h>
> #include <asm/cpufeature.h>
> +#include <asm/fpsimd.h>
> #include <asm/kvm.h>
> #include <asm/kvm_asm.h>
> #include <asm/kvm_mmio.h>
> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
> "PARange is %d bits, unsupported configuration!", parange);
> }
>
> +/*
> + * All host FP/SIMD state is restored on guest exit, so nothing needs
> + * doing here except in the SVE case:
> +*/
> +static inline void kvm_fpsimd_flush_cpu_state(void)
> +{
> + if (system_supports_sve())
> + sve_flush_cpu_state();
> +}
> +
> #endif /* __ARM64_KVM_HOST_H__ */
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index a9cb794..6ae3703 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> t->thread.fpsimd_state.cpu = NR_CPUS;
> }
>
> +static inline void fpsimd_flush_cpu_state(void)
> +{
> + __this_cpu_write(fpsimd_last_state, NULL);
> +}
> +
> +/*
> + * Invalidate any task SVE state currently held in this CPU's regs.
> + *
> + * This is used to prevent the kernel from trying to reuse SVE register data
> + * that is detroyed by KVM guest enter/exit. This function should go away when
> + * KVM SVE support is implemented. Don't use it for anything else.
> + */
> +#ifdef CONFIG_ARM64_SVE
> +void sve_flush_cpu_state(void)
> +{
> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> + struct task_struct *tsk;
> +
> + if (!fpstate)
> + return;
> +
> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> + fpsimd_flush_cpu_state();
> +}
> +#endif /* CONFIG_ARM64_SVE */
> +
> #ifdef CONFIG_KERNEL_MODE_NEON
>
> DEFINE_PER_CPU(bool, kernel_neon_busy);
> @@ -1113,7 +1140,7 @@ void kernel_neon_begin(void)
> }
>
> /* Invalidate any task state remaining in the fpsimd regs: */
> - __this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
>
> preempt_disable();
>
> @@ -1234,7 +1261,7 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
> case CPU_PM_ENTER:
> if (current->mm)
> task_fpsimd_save();
> - this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
> break;
> case CPU_PM_EXIT:
> if (current->mm)
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 35a90b8..951f3eb 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -48,7 +48,7 @@ static void __hyp_text __activate_traps_vhe(void)
>
> val = read_sysreg(cpacr_el1);
> val |= CPACR_EL1_TTA;
> - val &= ~CPACR_EL1_FPEN;
> + val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);
> write_sysreg(val, cpacr_el1);
>
> write_sysreg(__kvm_hyp_vector, vbar_el1);
> @@ -59,7 +59,7 @@ static void __hyp_text __activate_traps_nvhe(void)
> u64 val;
>
> val = CPTR_EL2_DEFAULT;
> - val |= CPTR_EL2_TTA | CPTR_EL2_TFP;
> + val |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;
> write_sysreg(val, cptr_el2);
> }
>
> @@ -117,7 +117,7 @@ static void __hyp_text __deactivate_traps_vhe(void)
>
> write_sysreg(mdcr_el2, mdcr_el2);
> write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);
> - write_sysreg(CPACR_EL1_FPEN, cpacr_el1);
> + write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);
> write_sysreg(vectors, vbar_el1);
> }
>
> diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
> index b9f68e4..4d3cf9c 100644
> --- a/virt/kvm/arm/arm.c
> +++ b/virt/kvm/arm/arm.c
> @@ -652,6 +652,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
> */
> preempt_disable();
>
> + /* Flush FP/SIMD state that can't survive guest entry/exit */
> + kvm_fpsimd_flush_cpu_state();
> +
> kvm_pmu_flush_hwstate(vcpu);
>
> kvm_timer_flush_hwstate(vcpu);
> --
> 2.1.4
>
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-17 11:50 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 11:50 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Marc Zyngier, Richard Sandiford, kvmarm
On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> Until KVM has full SVE support, guests must not be allowed to
> execute SVE instructions.
>
> This patch enables the necessary traps, and also ensures that the
> traps are disabled again on exit from the guest so that the host
> can still use SVE if it wants to.
>
> This patch introduces another instance of
> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> Other instances are ported appropriately.
I don't understand this paragraph, beginning from ", so this...".
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-17 11:50 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 11:50 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Marc Zyngier, Richard Sandiford, kvmarm
On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> Until KVM has full SVE support, guests must not be allowed to
> execute SVE instructions.
>
> This patch enables the necessary traps, and also ensures that the
> traps are disabled again on exit from the guest so that the host
> can still use SVE if it wants to.
>
> This patch introduces another instance of
> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> Other instances are ported appropriately.
I don't understand this paragraph, beginning from ", so this...".
>From reading the code, what I think is the reason for having to flush
the SVE state (and mark the host state invalid) is that even though we
disallow SVE usage in the guest, the guest can use the normal FP state,
and while we always fully preserve the host state, this could still
corrupt some additional SVE state not properly preserved for the host.
Is that correct?
>
> As a side effect of this refactoring, a this_cpu_write() in
> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> should be fine, since cpu_pm_enter() is supposed to be called only
> with interrupts disabled.
Otherwise the patch itself looks good to me.
Thanks,
-Christoffer
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm/include/asm/kvm_host.h | 3 +++
> arch/arm64/include/asm/fpsimd.h | 1 +
> arch/arm64/include/asm/kvm_arm.h | 4 +++-
> arch/arm64/include/asm/kvm_host.h | 11 +++++++++++
> arch/arm64/kernel/fpsimd.c | 31 +++++++++++++++++++++++++++++--
> arch/arm64/kvm/hyp/switch.c | 6 +++---
> virt/kvm/arm/arm.c | 3 +++
> 7 files changed, 53 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index 4a879f6..242151e 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -293,4 +293,7 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,
> int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
> struct kvm_device_attr *attr);
>
> +/* All host FP/SIMD state is restored on guest exit, so nothing to save: */
> +static inline void kvm_fpsimd_flush_cpu_state(void) {}
> +
> #endif /* __ARM_KVM_HOST_H__ */
> diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> index 3cfdfbe..10b2824 100644
> --- a/arch/arm64/include/asm/fpsimd.h
> +++ b/arch/arm64/include/asm/fpsimd.h
> @@ -75,6 +75,7 @@ extern void fpsimd_restore_current_state(void);
> extern void fpsimd_update_current_state(struct fpsimd_state *state);
>
> extern void fpsimd_flush_task_state(struct task_struct *target);
> +extern void sve_flush_cpu_state(void);
>
> /* Maximum VL that SVE VL-agnostic software can transparently support */
> #define SVE_VL_ARCH_MAX 0x100
> diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
> index dbf0537..7f069ff 100644
> --- a/arch/arm64/include/asm/kvm_arm.h
> +++ b/arch/arm64/include/asm/kvm_arm.h
> @@ -186,7 +186,8 @@
> #define CPTR_EL2_TTA (1 << 20)
> #define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
> #define CPTR_EL2_TZ (1 << 8)
> -#define CPTR_EL2_DEFAULT 0x000033ff
> +#define CPTR_EL2_RES1 0x000032ff /* known RES1 bits in CPTR_EL2 */
> +#define CPTR_EL2_DEFAULT CPTR_EL2_RES1
>
> /* Hyp Debug Configuration Register bits */
> #define MDCR_EL2_TPMS (1 << 14)
> @@ -237,5 +238,6 @@
>
> #define CPACR_EL1_FPEN (3 << 20)
> #define CPACR_EL1_TTA (1 << 28)
> +#define CPACR_EL1_DEFAULT (CPACR_EL1_FPEN | CPACR_EL1_ZEN_EL1EN)
>
> #endif /* __ARM64_KVM_ARM_H__ */
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index e923b58..674912d 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -25,6 +25,7 @@
> #include <linux/types.h>
> #include <linux/kvm_types.h>
> #include <asm/cpufeature.h>
> +#include <asm/fpsimd.h>
> #include <asm/kvm.h>
> #include <asm/kvm_asm.h>
> #include <asm/kvm_mmio.h>
> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
> "PARange is %d bits, unsupported configuration!", parange);
> }
>
> +/*
> + * All host FP/SIMD state is restored on guest exit, so nothing needs
> + * doing here except in the SVE case:
> +*/
> +static inline void kvm_fpsimd_flush_cpu_state(void)
> +{
> + if (system_supports_sve())
> + sve_flush_cpu_state();
> +}
> +
> #endif /* __ARM64_KVM_HOST_H__ */
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index a9cb794..6ae3703 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> t->thread.fpsimd_state.cpu = NR_CPUS;
> }
>
> +static inline void fpsimd_flush_cpu_state(void)
> +{
> + __this_cpu_write(fpsimd_last_state, NULL);
> +}
> +
> +/*
> + * Invalidate any task SVE state currently held in this CPU's regs.
> + *
> + * This is used to prevent the kernel from trying to reuse SVE register data
> + * that is detroyed by KVM guest enter/exit. This function should go away when
> + * KVM SVE support is implemented. Don't use it for anything else.
> + */
> +#ifdef CONFIG_ARM64_SVE
> +void sve_flush_cpu_state(void)
> +{
> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> + struct task_struct *tsk;
> +
> + if (!fpstate)
> + return;
> +
> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> + fpsimd_flush_cpu_state();
> +}
> +#endif /* CONFIG_ARM64_SVE */
> +
> #ifdef CONFIG_KERNEL_MODE_NEON
>
> DEFINE_PER_CPU(bool, kernel_neon_busy);
> @@ -1113,7 +1140,7 @@ void kernel_neon_begin(void)
> }
>
> /* Invalidate any task state remaining in the fpsimd regs: */
> - __this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
>
> preempt_disable();
>
> @@ -1234,7 +1261,7 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
> case CPU_PM_ENTER:
> if (current->mm)
> task_fpsimd_save();
> - this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
> break;
> case CPU_PM_EXIT:
> if (current->mm)
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 35a90b8..951f3eb 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -48,7 +48,7 @@ static void __hyp_text __activate_traps_vhe(void)
>
> val = read_sysreg(cpacr_el1);
> val |= CPACR_EL1_TTA;
> - val &= ~CPACR_EL1_FPEN;
> + val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);
> write_sysreg(val, cpacr_el1);
>
> write_sysreg(__kvm_hyp_vector, vbar_el1);
> @@ -59,7 +59,7 @@ static void __hyp_text __activate_traps_nvhe(void)
> u64 val;
>
> val = CPTR_EL2_DEFAULT;
> - val |= CPTR_EL2_TTA | CPTR_EL2_TFP;
> + val |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;
> write_sysreg(val, cptr_el2);
> }
>
> @@ -117,7 +117,7 @@ static void __hyp_text __deactivate_traps_vhe(void)
>
> write_sysreg(mdcr_el2, mdcr_el2);
> write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);
> - write_sysreg(CPACR_EL1_FPEN, cpacr_el1);
> + write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);
> write_sysreg(vectors, vbar_el1);
> }
>
> diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
> index b9f68e4..4d3cf9c 100644
> --- a/virt/kvm/arm/arm.c
> +++ b/virt/kvm/arm/arm.c
> @@ -652,6 +652,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
> */
> preempt_disable();
>
> + /* Flush FP/SIMD state that can't survive guest entry/exit */
> + kvm_fpsimd_flush_cpu_state();
> +
> kvm_pmu_flush_hwstate(vcpu);
>
> kvm_timer_flush_hwstate(vcpu);
> --
> 2.1.4
>
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-17 11:50 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 11:50 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> Until KVM has full SVE support, guests must not be allowed to
> execute SVE instructions.
>
> This patch enables the necessary traps, and also ensures that the
> traps are disabled again on exit from the guest so that the host
> can still use SVE if it wants to.
>
> This patch introduces another instance of
> __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> is abstracted out as a separate helper fpsimd_flush_cpu_state().
> Other instances are ported appropriately.
I don't understand this paragraph, beginning from ", so this...".
>From reading the code, what I think is the reason for having to flush
the SVE state (and mark the host state invalid) is that even though we
disallow SVE usage in the guest, the guest can use the normal FP state,
and while we always fully preserve the host state, this could still
corrupt some additional SVE state not properly preserved for the host.
Is that correct?
>
> As a side effect of this refactoring, a this_cpu_write() in
> fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> should be fine, since cpu_pm_enter() is supposed to be called only
> with interrupts disabled.
Otherwise the patch itself looks good to me.
Thanks,
-Christoffer
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm/include/asm/kvm_host.h | 3 +++
> arch/arm64/include/asm/fpsimd.h | 1 +
> arch/arm64/include/asm/kvm_arm.h | 4 +++-
> arch/arm64/include/asm/kvm_host.h | 11 +++++++++++
> arch/arm64/kernel/fpsimd.c | 31 +++++++++++++++++++++++++++++--
> arch/arm64/kvm/hyp/switch.c | 6 +++---
> virt/kvm/arm/arm.c | 3 +++
> 7 files changed, 53 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index 4a879f6..242151e 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -293,4 +293,7 @@ int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,
> int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
> struct kvm_device_attr *attr);
>
> +/* All host FP/SIMD state is restored on guest exit, so nothing to save: */
> +static inline void kvm_fpsimd_flush_cpu_state(void) {}
> +
> #endif /* __ARM_KVM_HOST_H__ */
> diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
> index 3cfdfbe..10b2824 100644
> --- a/arch/arm64/include/asm/fpsimd.h
> +++ b/arch/arm64/include/asm/fpsimd.h
> @@ -75,6 +75,7 @@ extern void fpsimd_restore_current_state(void);
> extern void fpsimd_update_current_state(struct fpsimd_state *state);
>
> extern void fpsimd_flush_task_state(struct task_struct *target);
> +extern void sve_flush_cpu_state(void);
>
> /* Maximum VL that SVE VL-agnostic software can transparently support */
> #define SVE_VL_ARCH_MAX 0x100
> diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
> index dbf0537..7f069ff 100644
> --- a/arch/arm64/include/asm/kvm_arm.h
> +++ b/arch/arm64/include/asm/kvm_arm.h
> @@ -186,7 +186,8 @@
> #define CPTR_EL2_TTA (1 << 20)
> #define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT)
> #define CPTR_EL2_TZ (1 << 8)
> -#define CPTR_EL2_DEFAULT 0x000033ff
> +#define CPTR_EL2_RES1 0x000032ff /* known RES1 bits in CPTR_EL2 */
> +#define CPTR_EL2_DEFAULT CPTR_EL2_RES1
>
> /* Hyp Debug Configuration Register bits */
> #define MDCR_EL2_TPMS (1 << 14)
> @@ -237,5 +238,6 @@
>
> #define CPACR_EL1_FPEN (3 << 20)
> #define CPACR_EL1_TTA (1 << 28)
> +#define CPACR_EL1_DEFAULT (CPACR_EL1_FPEN | CPACR_EL1_ZEN_EL1EN)
>
> #endif /* __ARM64_KVM_ARM_H__ */
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index e923b58..674912d 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -25,6 +25,7 @@
> #include <linux/types.h>
> #include <linux/kvm_types.h>
> #include <asm/cpufeature.h>
> +#include <asm/fpsimd.h>
> #include <asm/kvm.h>
> #include <asm/kvm_asm.h>
> #include <asm/kvm_mmio.h>
> @@ -384,4 +385,14 @@ static inline void __cpu_init_stage2(void)
> "PARange is %d bits, unsupported configuration!", parange);
> }
>
> +/*
> + * All host FP/SIMD state is restored on guest exit, so nothing needs
> + * doing here except in the SVE case:
> +*/
> +static inline void kvm_fpsimd_flush_cpu_state(void)
> +{
> + if (system_supports_sve())
> + sve_flush_cpu_state();
> +}
> +
> #endif /* __ARM64_KVM_HOST_H__ */
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index a9cb794..6ae3703 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -1073,6 +1073,33 @@ void fpsimd_flush_task_state(struct task_struct *t)
> t->thread.fpsimd_state.cpu = NR_CPUS;
> }
>
> +static inline void fpsimd_flush_cpu_state(void)
> +{
> + __this_cpu_write(fpsimd_last_state, NULL);
> +}
> +
> +/*
> + * Invalidate any task SVE state currently held in this CPU's regs.
> + *
> + * This is used to prevent the kernel from trying to reuse SVE register data
> + * that is detroyed by KVM guest enter/exit. This function should go away when
> + * KVM SVE support is implemented. Don't use it for anything else.
> + */
> +#ifdef CONFIG_ARM64_SVE
> +void sve_flush_cpu_state(void)
> +{
> + struct fpsimd_state *const fpstate = __this_cpu_read(fpsimd_last_state);
> + struct task_struct *tsk;
> +
> + if (!fpstate)
> + return;
> +
> + tsk = container_of(fpstate, struct task_struct, thread.fpsimd_state);
> + if (test_tsk_thread_flag(tsk, TIF_SVE))
> + fpsimd_flush_cpu_state();
> +}
> +#endif /* CONFIG_ARM64_SVE */
> +
> #ifdef CONFIG_KERNEL_MODE_NEON
>
> DEFINE_PER_CPU(bool, kernel_neon_busy);
> @@ -1113,7 +1140,7 @@ void kernel_neon_begin(void)
> }
>
> /* Invalidate any task state remaining in the fpsimd regs: */
> - __this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
>
> preempt_disable();
>
> @@ -1234,7 +1261,7 @@ static int fpsimd_cpu_pm_notifier(struct notifier_block *self,
> case CPU_PM_ENTER:
> if (current->mm)
> task_fpsimd_save();
> - this_cpu_write(fpsimd_last_state, NULL);
> + fpsimd_flush_cpu_state();
> break;
> case CPU_PM_EXIT:
> if (current->mm)
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 35a90b8..951f3eb 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -48,7 +48,7 @@ static void __hyp_text __activate_traps_vhe(void)
>
> val = read_sysreg(cpacr_el1);
> val |= CPACR_EL1_TTA;
> - val &= ~CPACR_EL1_FPEN;
> + val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);
> write_sysreg(val, cpacr_el1);
>
> write_sysreg(__kvm_hyp_vector, vbar_el1);
> @@ -59,7 +59,7 @@ static void __hyp_text __activate_traps_nvhe(void)
> u64 val;
>
> val = CPTR_EL2_DEFAULT;
> - val |= CPTR_EL2_TTA | CPTR_EL2_TFP;
> + val |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;
> write_sysreg(val, cptr_el2);
> }
>
> @@ -117,7 +117,7 @@ static void __hyp_text __deactivate_traps_vhe(void)
>
> write_sysreg(mdcr_el2, mdcr_el2);
> write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);
> - write_sysreg(CPACR_EL1_FPEN, cpacr_el1);
> + write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);
> write_sysreg(vectors, vbar_el1);
> }
>
> diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
> index b9f68e4..4d3cf9c 100644
> --- a/virt/kvm/arm/arm.c
> +++ b/virt/kvm/arm/arm.c
> @@ -652,6 +652,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
> */
> preempt_disable();
>
> + /* Flush FP/SIMD state that can't survive guest entry/exit */
> + kvm_fpsimd_flush_cpu_state();
> +
> kvm_pmu_flush_hwstate(vcpu);
>
> kvm_timer_flush_hwstate(vcpu);
> --
> 2.1.4
>
> _______________________________________________
> kvmarm mailing list
> kvmarm at lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
2017-10-10 18:38 ` Dave Martin
@ 2017-10-17 13:51 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 13:51 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Marc Zyngier, Richard Sandiford, kvmarm
On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
> Currently, a guest kernel sees the true CPU feature registers
> (ID_*_EL1) when it reads them using MRS instructions. This means
> that the guest will observe features that are present in the
> hardware but the host doesn't understand or doesn't provide support
> for. A guest may legimitately try to use such a feature as per the
> architecture, but use of the feature may trap instead of working
> normally, triggering undef injection into the guest.
>
> This is not a problem for the host, but the guest may go wrong when
> running on newer hardware than the host knows about.
>
> This patch hides from guest VMs any AArch64-specific CPU features
> that the host doesn't support, by exposing to the guest the
> sanitised versions of the registers computed by the cpufeatures
> framework, instead of the true hardware registers. To achieve
> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
> code is added to KVM to report the sanitised versions of the
> affected registers in response to MRS and register reads from
> userspace.
>
> The affected registers are removed from invariant_sys_regs[] (since
> the invariant_sys_regs handling is no longer quite correct for
> them) and added to sys_reg_desgs[], with appropriate access(),
> get_user() and set_user() methods. No runtime vcpu storage is
> allocated for the registers: instead, they are read on demand from
> the cpufeatures framework. This may need modification in the
> future if there is a need for userspace to customise the features
> visible to the guest.
>
> Attempts by userspace to write the registers are handled similarly
> to the current invariant_sys_regs handling: writes are permitted,
> but only if they don't attempt to change the value. This is
> sufficient to support VM snapshot/restore from userspace.
>
> Because of the additional registers, restoring a VM on an older
> kernel may not work unless userspace knows how to handle the extra
> VM registers exposed to the KVM user ABI by this patch.
>
> Under the principle of least damage, this patch makes no attempt to
> handle any of the other registers currently in
> invariant_sys_regs[], or to emulate registers for AArch32: however,
> these could be handled in a similar way in future, as necessary.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/include/asm/sysreg.h | 3 +
> arch/arm64/kvm/hyp/switch.c | 6 +
> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
> 3 files changed, 246 insertions(+), 45 deletions(-)
>
> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> index f707fed..480ecd6 100644
> --- a/arch/arm64/include/asm/sysreg.h
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -149,6 +149,9 @@
> #define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
> #define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
>
> +#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
> +#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
> +
> #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
> #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
>
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 945e79c..35a90b8 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
> * it will cause an exception.
> */
> val = vcpu->arch.hcr_el2;
> +
> if (!(val & HCR_RW) && system_supports_fpsimd()) {
> write_sysreg(1 << 30, fpexc32_el2);
> isb();
> }
> +
> + if (val & HCR_RW) /* for AArch64 only: */
> + val |= HCR_TID3; /* TID3: trap feature register accesses */
> +
Since we're setting this for all 64-bit VMs, can we not set this in
vcpu_reset_hcr instead?
> write_sysreg(val, hcr_el2);
> +
> /* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
> write_sysreg(1 << 15, hstr_el2);
> /*
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index 2e070d3..b1f7552 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
> return true;
> }
>
> +/* Read a sanitised cpufeature ID register by sys_reg_desc */
> +static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> +{
> + u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> + (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> +
> + return raz ? 0 : read_sanitised_ftr_reg(id);
> +}
> +
> +/* cpufeature ID register access trap handlers */
> +
> +static bool __access_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r,
> + bool raz)
> +{
> + if (p->is_write)
> + return write_to_read_only(vcpu, p, r);
> +
> + p->regval = read_id_reg(r, raz);
> + return true;
> +}
> +
> +static bool access_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + return __access_id_reg(vcpu, p, r, false);
> +}
> +
> +static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + return __access_id_reg(vcpu, p, r, true);
> +}
> +
> +static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
> +static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
> +static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
> +
> +/*
> + * cpufeature ID register user accessors
> + *
> + * For now, these registers are immutable for userspace, so no values
> + * are stored, and for set_id_reg() we don't allow the effective value
> + * to be changed.
> + */
> +static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> + bool raz)
> +{
> + const u64 id = sys_reg_to_index(rd);
> + const u64 val = read_id_reg(rd, raz);
> +
> + return reg_to_user(uaddr, &val, id);
> +}
> +
> +static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> + bool raz)
> +{
> + const u64 id = sys_reg_to_index(rd);
> + int err;
> + u64 val;
> +
> + err = reg_from_user(&val, uaddr, id);
> + if (err)
> + return err;
> +
> + /* This is what we mean by invariant: you can't change it. */
> + if (val != read_id_reg(rd, raz))
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> +static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __get_id_reg(rd, uaddr, false);
> +}
> +
> +static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __set_id_reg(rd, uaddr, false);
> +}
> +
> +static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __get_id_reg(rd, uaddr, true);
> +}
> +
> +static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __set_id_reg(rd, uaddr, true);
> +}
> +
> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> +#define ID_SANITISED(name) { \
> + SYS_DESC(SYS_##name), \
> + .access = access_id_reg, \
> + .get_user = get_id_reg, \
> + .set_user = set_id_reg, \
> +}
> +
> +/*
> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> + * (1 <= crm < 8, 0 <= Op2 < 8).
> + */
> +#define ID_UNALLOCATED(crm, op2) { \
> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> + .access = access_raz_id_reg, \
> + .get_user = get_raz_id_reg, \
> + .set_user = set_raz_id_reg, \
> +}
> +
> +/*
> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> + * For now, these are exposed just like unallocated ID regs: they appear
> + * RAZ for the guest.
> + */
What is a hidden ID register as opposed to an unallocated one?
Shouldn't one of them presumably cause an undefined exception in the
guest?
> +#define ID_HIDDEN(name) { \
> + SYS_DESC(SYS_##name), \
> + .access = access_raz_id_reg, \
> + .get_user = get_raz_id_reg, \
> + .set_user = set_raz_id_reg, \
> +}
> +
> /*
> * Architected system registers.
> * Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2
> @@ -944,6 +1075,84 @@ static const struct sys_reg_desc sys_reg_descs[] = {
> { SYS_DESC(SYS_DBGVCR32_EL2), NULL, reset_val, DBGVCR32_EL2, 0 },
>
> { SYS_DESC(SYS_MPIDR_EL1), NULL, reset_mpidr, MPIDR_EL1 },
> +
> + /*
> + * ID regs: all ID_SANITISED() entries here must have corresponding
> + * entries in arm64_ftr_regs[].
> + */
> +
> + /* AArch64 mappings of the AArch32 ID registers */
> + /* CRm=1 */
> + ID_SANITISED(ID_PFR0_EL1),
> + ID_SANITISED(ID_PFR1_EL1),
> + ID_SANITISED(ID_DFR0_EL1),
> + ID_HIDDEN(ID_AFR0_EL1),
> + ID_SANITISED(ID_MMFR0_EL1),
> + ID_SANITISED(ID_MMFR1_EL1),
> + ID_SANITISED(ID_MMFR2_EL1),
> + ID_SANITISED(ID_MMFR3_EL1),
> +
> + /* CRm=2 */
> + ID_SANITISED(ID_ISAR0_EL1),
> + ID_SANITISED(ID_ISAR1_EL1),
> + ID_SANITISED(ID_ISAR2_EL1),
> + ID_SANITISED(ID_ISAR3_EL1),
> + ID_SANITISED(ID_ISAR4_EL1),
> + ID_SANITISED(ID_ISAR5_EL1),
> + ID_SANITISED(ID_MMFR4_EL1),
> + ID_UNALLOCATED(2,7),
> +
> + /* CRm=3 */
> + ID_SANITISED(MVFR0_EL1),
> + ID_SANITISED(MVFR1_EL1),
> + ID_SANITISED(MVFR2_EL1),
> + ID_UNALLOCATED(3,3),
> + ID_UNALLOCATED(3,4),
> + ID_UNALLOCATED(3,5),
> + ID_UNALLOCATED(3,6),
> + ID_UNALLOCATED(3,7),
> +
> + /* AArch64 ID registers */
> + /* CRm=4 */
> + ID_SANITISED(ID_AA64PFR0_EL1),
> + ID_SANITISED(ID_AA64PFR1_EL1),
> + ID_UNALLOCATED(4,2),
> + ID_UNALLOCATED(4,3),
> + ID_UNALLOCATED(4,4),
> + ID_UNALLOCATED(4,5),
> + ID_UNALLOCATED(4,6),
> + ID_UNALLOCATED(4,7),
> +
> + /* CRm=5 */
> + ID_SANITISED(ID_AA64DFR0_EL1),
> + ID_SANITISED(ID_AA64DFR1_EL1),
> + ID_UNALLOCATED(5,2),
> + ID_UNALLOCATED(5,3),
> + ID_HIDDEN(ID_AA64AFR0_EL1),
> + ID_HIDDEN(ID_AA64AFR1_EL1),
> + ID_UNALLOCATED(5,6),
> + ID_UNALLOCATED(5,7),
> +
> + /* CRm=6 */
> + ID_SANITISED(ID_AA64ISAR0_EL1),
> + ID_SANITISED(ID_AA64ISAR1_EL1),
> + ID_UNALLOCATED(6,2),
> + ID_UNALLOCATED(6,3),
> + ID_UNALLOCATED(6,4),
> + ID_UNALLOCATED(6,5),
> + ID_UNALLOCATED(6,6),
> + ID_UNALLOCATED(6,7),
> +
> + /* CRm=7 */
> + ID_SANITISED(ID_AA64MMFR0_EL1),
> + ID_SANITISED(ID_AA64MMFR1_EL1),
> + ID_SANITISED(ID_AA64MMFR2_EL1),
> + ID_UNALLOCATED(7,3),
> + ID_UNALLOCATED(7,4),
> + ID_UNALLOCATED(7,5),
> + ID_UNALLOCATED(7,6),
> + ID_UNALLOCATED(7,7),
> +
> { SYS_DESC(SYS_SCTLR_EL1), access_vm_reg, reset_val, SCTLR_EL1, 0x00C50078 },
> { SYS_DESC(SYS_CPACR_EL1), NULL, reset_val, CPACR_EL1, 0 },
> { SYS_DESC(SYS_TTBR0_EL1), access_vm_reg, reset_unknown, TTBR0_EL1 },
> @@ -1790,8 +1999,8 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
> if (!r)
> r = find_reg(¶ms, sys_reg_descs, ARRAY_SIZE(sys_reg_descs));
>
> - /* Not saved in the sys_reg array? */
> - if (r && !r->reg)
> + /* Not saved in the sys_reg array and not otherwise accessible? */
> + if (r && !(r->reg || r->get_user))
> r = NULL;
>
> return r;
> @@ -1815,20 +2024,6 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
> FUNCTION_INVARIANT(midr_el1)
> FUNCTION_INVARIANT(ctr_el0)
> FUNCTION_INVARIANT(revidr_el1)
> -FUNCTION_INVARIANT(id_pfr0_el1)
> -FUNCTION_INVARIANT(id_pfr1_el1)
> -FUNCTION_INVARIANT(id_dfr0_el1)
> -FUNCTION_INVARIANT(id_afr0_el1)
> -FUNCTION_INVARIANT(id_mmfr0_el1)
> -FUNCTION_INVARIANT(id_mmfr1_el1)
> -FUNCTION_INVARIANT(id_mmfr2_el1)
> -FUNCTION_INVARIANT(id_mmfr3_el1)
> -FUNCTION_INVARIANT(id_isar0_el1)
> -FUNCTION_INVARIANT(id_isar1_el1)
> -FUNCTION_INVARIANT(id_isar2_el1)
> -FUNCTION_INVARIANT(id_isar3_el1)
> -FUNCTION_INVARIANT(id_isar4_el1)
> -FUNCTION_INVARIANT(id_isar5_el1)
> FUNCTION_INVARIANT(clidr_el1)
> FUNCTION_INVARIANT(aidr_el1)
>
> @@ -1836,20 +2031,6 @@ FUNCTION_INVARIANT(aidr_el1)
> static struct sys_reg_desc invariant_sys_regs[] = {
> { SYS_DESC(SYS_MIDR_EL1), NULL, get_midr_el1 },
> { SYS_DESC(SYS_REVIDR_EL1), NULL, get_revidr_el1 },
> - { SYS_DESC(SYS_ID_PFR0_EL1), NULL, get_id_pfr0_el1 },
> - { SYS_DESC(SYS_ID_PFR1_EL1), NULL, get_id_pfr1_el1 },
> - { SYS_DESC(SYS_ID_DFR0_EL1), NULL, get_id_dfr0_el1 },
> - { SYS_DESC(SYS_ID_AFR0_EL1), NULL, get_id_afr0_el1 },
> - { SYS_DESC(SYS_ID_MMFR0_EL1), NULL, get_id_mmfr0_el1 },
> - { SYS_DESC(SYS_ID_MMFR1_EL1), NULL, get_id_mmfr1_el1 },
> - { SYS_DESC(SYS_ID_MMFR2_EL1), NULL, get_id_mmfr2_el1 },
> - { SYS_DESC(SYS_ID_MMFR3_EL1), NULL, get_id_mmfr3_el1 },
> - { SYS_DESC(SYS_ID_ISAR0_EL1), NULL, get_id_isar0_el1 },
> - { SYS_DESC(SYS_ID_ISAR1_EL1), NULL, get_id_isar1_el1 },
> - { SYS_DESC(SYS_ID_ISAR2_EL1), NULL, get_id_isar2_el1 },
> - { SYS_DESC(SYS_ID_ISAR3_EL1), NULL, get_id_isar3_el1 },
> - { SYS_DESC(SYS_ID_ISAR4_EL1), NULL, get_id_isar4_el1 },
> - { SYS_DESC(SYS_ID_ISAR5_EL1), NULL, get_id_isar5_el1 },
> { SYS_DESC(SYS_CLIDR_EL1), NULL, get_clidr_el1 },
> { SYS_DESC(SYS_AIDR_EL1), NULL, get_aidr_el1 },
> { SYS_DESC(SYS_CTR_EL0), NULL, get_ctr_el0 },
> @@ -2079,12 +2260,31 @@ static bool copy_reg_to_user(const struct sys_reg_desc *reg, u64 __user **uind)
> return true;
> }
>
> +static int walk_one_sys_reg(const struct sys_reg_desc *rd,
> + u64 __user **uind,
> + unsigned int *total)
> +{
> + /*
> + * Ignore registers we trap but don't save,
> + * and for which no custom user accessor is provided.
> + */
> + if (!(rd->reg || rd->get_user))
> + return 0;
> +
> + if (!copy_reg_to_user(rd, uind))
> + return -EFAULT;
> +
> + (*total)++;
> + return 0;
> +}
> +
> /* Assumed ordered tables, see kvm_sys_reg_table_init. */
> static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
> {
> const struct sys_reg_desc *i1, *i2, *end1, *end2;
> unsigned int total = 0;
> size_t num;
> + int err;
>
> /* We check for duplicates here, to allow arch-specific overrides. */
> i1 = get_target_table(vcpu->arch.target, true, &num);
> @@ -2098,21 +2298,13 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
> while (i1 || i2) {
> int cmp = cmp_sys_reg(i1, i2);
> /* target-specific overrides generic entry. */
> - if (cmp <= 0) {
> - /* Ignore registers we trap but don't save. */
> - if (i1->reg) {
> - if (!copy_reg_to_user(i1, &uind))
> - return -EFAULT;
> - total++;
> - }
> - } else {
> - /* Ignore registers we trap but don't save. */
> - if (i2->reg) {
> - if (!copy_reg_to_user(i2, &uind))
> - return -EFAULT;
> - total++;
> - }
> - }
> + if (cmp <= 0)
> + err = walk_one_sys_reg(i1, &uind, &total);
> + else
> + err = walk_one_sys_reg(i2, &uind, &total);
> +
> + if (err)
> + return err;
>
> if (cmp <= 0 && ++i1 == end1)
> i1 = NULL;
> --
> 2.1.4
Thanks,
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
@ 2017-10-17 13:51 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 13:51 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
> Currently, a guest kernel sees the true CPU feature registers
> (ID_*_EL1) when it reads them using MRS instructions. This means
> that the guest will observe features that are present in the
> hardware but the host doesn't understand or doesn't provide support
> for. A guest may legimitately try to use such a feature as per the
> architecture, but use of the feature may trap instead of working
> normally, triggering undef injection into the guest.
>
> This is not a problem for the host, but the guest may go wrong when
> running on newer hardware than the host knows about.
>
> This patch hides from guest VMs any AArch64-specific CPU features
> that the host doesn't support, by exposing to the guest the
> sanitised versions of the registers computed by the cpufeatures
> framework, instead of the true hardware registers. To achieve
> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
> code is added to KVM to report the sanitised versions of the
> affected registers in response to MRS and register reads from
> userspace.
>
> The affected registers are removed from invariant_sys_regs[] (since
> the invariant_sys_regs handling is no longer quite correct for
> them) and added to sys_reg_desgs[], with appropriate access(),
> get_user() and set_user() methods. No runtime vcpu storage is
> allocated for the registers: instead, they are read on demand from
> the cpufeatures framework. This may need modification in the
> future if there is a need for userspace to customise the features
> visible to the guest.
>
> Attempts by userspace to write the registers are handled similarly
> to the current invariant_sys_regs handling: writes are permitted,
> but only if they don't attempt to change the value. This is
> sufficient to support VM snapshot/restore from userspace.
>
> Because of the additional registers, restoring a VM on an older
> kernel may not work unless userspace knows how to handle the extra
> VM registers exposed to the KVM user ABI by this patch.
>
> Under the principle of least damage, this patch makes no attempt to
> handle any of the other registers currently in
> invariant_sys_regs[], or to emulate registers for AArch32: however,
> these could be handled in a similar way in future, as necessary.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/include/asm/sysreg.h | 3 +
> arch/arm64/kvm/hyp/switch.c | 6 +
> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
> 3 files changed, 246 insertions(+), 45 deletions(-)
>
> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> index f707fed..480ecd6 100644
> --- a/arch/arm64/include/asm/sysreg.h
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -149,6 +149,9 @@
> #define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
> #define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
>
> +#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
> +#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
> +
> #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
> #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
>
> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> index 945e79c..35a90b8 100644
> --- a/arch/arm64/kvm/hyp/switch.c
> +++ b/arch/arm64/kvm/hyp/switch.c
> @@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
> * it will cause an exception.
> */
> val = vcpu->arch.hcr_el2;
> +
> if (!(val & HCR_RW) && system_supports_fpsimd()) {
> write_sysreg(1 << 30, fpexc32_el2);
> isb();
> }
> +
> + if (val & HCR_RW) /* for AArch64 only: */
> + val |= HCR_TID3; /* TID3: trap feature register accesses */
> +
Since we're setting this for all 64-bit VMs, can we not set this in
vcpu_reset_hcr instead?
> write_sysreg(val, hcr_el2);
> +
> /* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
> write_sysreg(1 << 15, hstr_el2);
> /*
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index 2e070d3..b1f7552 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
> return true;
> }
>
> +/* Read a sanitised cpufeature ID register by sys_reg_desc */
> +static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> +{
> + u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> + (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> +
> + return raz ? 0 : read_sanitised_ftr_reg(id);
> +}
> +
> +/* cpufeature ID register access trap handlers */
> +
> +static bool __access_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r,
> + bool raz)
> +{
> + if (p->is_write)
> + return write_to_read_only(vcpu, p, r);
> +
> + p->regval = read_id_reg(r, raz);
> + return true;
> +}
> +
> +static bool access_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + return __access_id_reg(vcpu, p, r, false);
> +}
> +
> +static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
> + struct sys_reg_params *p,
> + const struct sys_reg_desc *r)
> +{
> + return __access_id_reg(vcpu, p, r, true);
> +}
> +
> +static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
> +static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
> +static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
> +
> +/*
> + * cpufeature ID register user accessors
> + *
> + * For now, these registers are immutable for userspace, so no values
> + * are stored, and for set_id_reg() we don't allow the effective value
> + * to be changed.
> + */
> +static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> + bool raz)
> +{
> + const u64 id = sys_reg_to_index(rd);
> + const u64 val = read_id_reg(rd, raz);
> +
> + return reg_to_user(uaddr, &val, id);
> +}
> +
> +static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> + bool raz)
> +{
> + const u64 id = sys_reg_to_index(rd);
> + int err;
> + u64 val;
> +
> + err = reg_from_user(&val, uaddr, id);
> + if (err)
> + return err;
> +
> + /* This is what we mean by invariant: you can't change it. */
> + if (val != read_id_reg(rd, raz))
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> +static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __get_id_reg(rd, uaddr, false);
> +}
> +
> +static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __set_id_reg(rd, uaddr, false);
> +}
> +
> +static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __get_id_reg(rd, uaddr, true);
> +}
> +
> +static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> + const struct kvm_one_reg *reg, void __user *uaddr)
> +{
> + return __set_id_reg(rd, uaddr, true);
> +}
> +
> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> +#define ID_SANITISED(name) { \
> + SYS_DESC(SYS_##name), \
> + .access = access_id_reg, \
> + .get_user = get_id_reg, \
> + .set_user = set_id_reg, \
> +}
> +
> +/*
> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> + * (1 <= crm < 8, 0 <= Op2 < 8).
> + */
> +#define ID_UNALLOCATED(crm, op2) { \
> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> + .access = access_raz_id_reg, \
> + .get_user = get_raz_id_reg, \
> + .set_user = set_raz_id_reg, \
> +}
> +
> +/*
> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> + * For now, these are exposed just like unallocated ID regs: they appear
> + * RAZ for the guest.
> + */
What is a hidden ID register as opposed to an unallocated one?
Shouldn't one of them presumably cause an undefined exception in the
guest?
> +#define ID_HIDDEN(name) { \
> + SYS_DESC(SYS_##name), \
> + .access = access_raz_id_reg, \
> + .get_user = get_raz_id_reg, \
> + .set_user = set_raz_id_reg, \
> +}
> +
> /*
> * Architected system registers.
> * Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2
> @@ -944,6 +1075,84 @@ static const struct sys_reg_desc sys_reg_descs[] = {
> { SYS_DESC(SYS_DBGVCR32_EL2), NULL, reset_val, DBGVCR32_EL2, 0 },
>
> { SYS_DESC(SYS_MPIDR_EL1), NULL, reset_mpidr, MPIDR_EL1 },
> +
> + /*
> + * ID regs: all ID_SANITISED() entries here must have corresponding
> + * entries in arm64_ftr_regs[].
> + */
> +
> + /* AArch64 mappings of the AArch32 ID registers */
> + /* CRm=1 */
> + ID_SANITISED(ID_PFR0_EL1),
> + ID_SANITISED(ID_PFR1_EL1),
> + ID_SANITISED(ID_DFR0_EL1),
> + ID_HIDDEN(ID_AFR0_EL1),
> + ID_SANITISED(ID_MMFR0_EL1),
> + ID_SANITISED(ID_MMFR1_EL1),
> + ID_SANITISED(ID_MMFR2_EL1),
> + ID_SANITISED(ID_MMFR3_EL1),
> +
> + /* CRm=2 */
> + ID_SANITISED(ID_ISAR0_EL1),
> + ID_SANITISED(ID_ISAR1_EL1),
> + ID_SANITISED(ID_ISAR2_EL1),
> + ID_SANITISED(ID_ISAR3_EL1),
> + ID_SANITISED(ID_ISAR4_EL1),
> + ID_SANITISED(ID_ISAR5_EL1),
> + ID_SANITISED(ID_MMFR4_EL1),
> + ID_UNALLOCATED(2,7),
> +
> + /* CRm=3 */
> + ID_SANITISED(MVFR0_EL1),
> + ID_SANITISED(MVFR1_EL1),
> + ID_SANITISED(MVFR2_EL1),
> + ID_UNALLOCATED(3,3),
> + ID_UNALLOCATED(3,4),
> + ID_UNALLOCATED(3,5),
> + ID_UNALLOCATED(3,6),
> + ID_UNALLOCATED(3,7),
> +
> + /* AArch64 ID registers */
> + /* CRm=4 */
> + ID_SANITISED(ID_AA64PFR0_EL1),
> + ID_SANITISED(ID_AA64PFR1_EL1),
> + ID_UNALLOCATED(4,2),
> + ID_UNALLOCATED(4,3),
> + ID_UNALLOCATED(4,4),
> + ID_UNALLOCATED(4,5),
> + ID_UNALLOCATED(4,6),
> + ID_UNALLOCATED(4,7),
> +
> + /* CRm=5 */
> + ID_SANITISED(ID_AA64DFR0_EL1),
> + ID_SANITISED(ID_AA64DFR1_EL1),
> + ID_UNALLOCATED(5,2),
> + ID_UNALLOCATED(5,3),
> + ID_HIDDEN(ID_AA64AFR0_EL1),
> + ID_HIDDEN(ID_AA64AFR1_EL1),
> + ID_UNALLOCATED(5,6),
> + ID_UNALLOCATED(5,7),
> +
> + /* CRm=6 */
> + ID_SANITISED(ID_AA64ISAR0_EL1),
> + ID_SANITISED(ID_AA64ISAR1_EL1),
> + ID_UNALLOCATED(6,2),
> + ID_UNALLOCATED(6,3),
> + ID_UNALLOCATED(6,4),
> + ID_UNALLOCATED(6,5),
> + ID_UNALLOCATED(6,6),
> + ID_UNALLOCATED(6,7),
> +
> + /* CRm=7 */
> + ID_SANITISED(ID_AA64MMFR0_EL1),
> + ID_SANITISED(ID_AA64MMFR1_EL1),
> + ID_SANITISED(ID_AA64MMFR2_EL1),
> + ID_UNALLOCATED(7,3),
> + ID_UNALLOCATED(7,4),
> + ID_UNALLOCATED(7,5),
> + ID_UNALLOCATED(7,6),
> + ID_UNALLOCATED(7,7),
> +
> { SYS_DESC(SYS_SCTLR_EL1), access_vm_reg, reset_val, SCTLR_EL1, 0x00C50078 },
> { SYS_DESC(SYS_CPACR_EL1), NULL, reset_val, CPACR_EL1, 0 },
> { SYS_DESC(SYS_TTBR0_EL1), access_vm_reg, reset_unknown, TTBR0_EL1 },
> @@ -1790,8 +1999,8 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
> if (!r)
> r = find_reg(¶ms, sys_reg_descs, ARRAY_SIZE(sys_reg_descs));
>
> - /* Not saved in the sys_reg array? */
> - if (r && !r->reg)
> + /* Not saved in the sys_reg array and not otherwise accessible? */
> + if (r && !(r->reg || r->get_user))
> r = NULL;
>
> return r;
> @@ -1815,20 +2024,6 @@ static const struct sys_reg_desc *index_to_sys_reg_desc(struct kvm_vcpu *vcpu,
> FUNCTION_INVARIANT(midr_el1)
> FUNCTION_INVARIANT(ctr_el0)
> FUNCTION_INVARIANT(revidr_el1)
> -FUNCTION_INVARIANT(id_pfr0_el1)
> -FUNCTION_INVARIANT(id_pfr1_el1)
> -FUNCTION_INVARIANT(id_dfr0_el1)
> -FUNCTION_INVARIANT(id_afr0_el1)
> -FUNCTION_INVARIANT(id_mmfr0_el1)
> -FUNCTION_INVARIANT(id_mmfr1_el1)
> -FUNCTION_INVARIANT(id_mmfr2_el1)
> -FUNCTION_INVARIANT(id_mmfr3_el1)
> -FUNCTION_INVARIANT(id_isar0_el1)
> -FUNCTION_INVARIANT(id_isar1_el1)
> -FUNCTION_INVARIANT(id_isar2_el1)
> -FUNCTION_INVARIANT(id_isar3_el1)
> -FUNCTION_INVARIANT(id_isar4_el1)
> -FUNCTION_INVARIANT(id_isar5_el1)
> FUNCTION_INVARIANT(clidr_el1)
> FUNCTION_INVARIANT(aidr_el1)
>
> @@ -1836,20 +2031,6 @@ FUNCTION_INVARIANT(aidr_el1)
> static struct sys_reg_desc invariant_sys_regs[] = {
> { SYS_DESC(SYS_MIDR_EL1), NULL, get_midr_el1 },
> { SYS_DESC(SYS_REVIDR_EL1), NULL, get_revidr_el1 },
> - { SYS_DESC(SYS_ID_PFR0_EL1), NULL, get_id_pfr0_el1 },
> - { SYS_DESC(SYS_ID_PFR1_EL1), NULL, get_id_pfr1_el1 },
> - { SYS_DESC(SYS_ID_DFR0_EL1), NULL, get_id_dfr0_el1 },
> - { SYS_DESC(SYS_ID_AFR0_EL1), NULL, get_id_afr0_el1 },
> - { SYS_DESC(SYS_ID_MMFR0_EL1), NULL, get_id_mmfr0_el1 },
> - { SYS_DESC(SYS_ID_MMFR1_EL1), NULL, get_id_mmfr1_el1 },
> - { SYS_DESC(SYS_ID_MMFR2_EL1), NULL, get_id_mmfr2_el1 },
> - { SYS_DESC(SYS_ID_MMFR3_EL1), NULL, get_id_mmfr3_el1 },
> - { SYS_DESC(SYS_ID_ISAR0_EL1), NULL, get_id_isar0_el1 },
> - { SYS_DESC(SYS_ID_ISAR1_EL1), NULL, get_id_isar1_el1 },
> - { SYS_DESC(SYS_ID_ISAR2_EL1), NULL, get_id_isar2_el1 },
> - { SYS_DESC(SYS_ID_ISAR3_EL1), NULL, get_id_isar3_el1 },
> - { SYS_DESC(SYS_ID_ISAR4_EL1), NULL, get_id_isar4_el1 },
> - { SYS_DESC(SYS_ID_ISAR5_EL1), NULL, get_id_isar5_el1 },
> { SYS_DESC(SYS_CLIDR_EL1), NULL, get_clidr_el1 },
> { SYS_DESC(SYS_AIDR_EL1), NULL, get_aidr_el1 },
> { SYS_DESC(SYS_CTR_EL0), NULL, get_ctr_el0 },
> @@ -2079,12 +2260,31 @@ static bool copy_reg_to_user(const struct sys_reg_desc *reg, u64 __user **uind)
> return true;
> }
>
> +static int walk_one_sys_reg(const struct sys_reg_desc *rd,
> + u64 __user **uind,
> + unsigned int *total)
> +{
> + /*
> + * Ignore registers we trap but don't save,
> + * and for which no custom user accessor is provided.
> + */
> + if (!(rd->reg || rd->get_user))
> + return 0;
> +
> + if (!copy_reg_to_user(rd, uind))
> + return -EFAULT;
> +
> + (*total)++;
> + return 0;
> +}
> +
> /* Assumed ordered tables, see kvm_sys_reg_table_init. */
> static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
> {
> const struct sys_reg_desc *i1, *i2, *end1, *end2;
> unsigned int total = 0;
> size_t num;
> + int err;
>
> /* We check for duplicates here, to allow arch-specific overrides. */
> i1 = get_target_table(vcpu->arch.target, true, &num);
> @@ -2098,21 +2298,13 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
> while (i1 || i2) {
> int cmp = cmp_sys_reg(i1, i2);
> /* target-specific overrides generic entry. */
> - if (cmp <= 0) {
> - /* Ignore registers we trap but don't save. */
> - if (i1->reg) {
> - if (!copy_reg_to_user(i1, &uind))
> - return -EFAULT;
> - total++;
> - }
> - } else {
> - /* Ignore registers we trap but don't save. */
> - if (i2->reg) {
> - if (!copy_reg_to_user(i2, &uind))
> - return -EFAULT;
> - total++;
> - }
> - }
> + if (cmp <= 0)
> + err = walk_one_sys_reg(i1, &uind, &total);
> + else
> + err = walk_one_sys_reg(i2, &uind, &total);
> +
> + if (err)
> + return err;
>
> if (cmp <= 0 && ++i1 == end1)
> i1 = NULL;
> --
> 2.1.4
Thanks,
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
2017-10-10 18:38 ` Dave Martin
@ 2017-10-17 13:58 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 13:58 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Marc Zyngier, Richard Sandiford, kvmarm
On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
> KVM guests cannot currently use SVE, because SVE is always
> configured to trap to EL2.
>
> However, a guest that sees SVE reported as present in
> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> use it. Instead of working, the guest will receive an injected
> undef exception, which may cause the guest to oops or go into a
> spin.
>
> To avoid misleading the guest into believing that SVE will work,
> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> guest attempts to read this register. No support is explicitly
> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> reading as zero, which is consistent with SVE not being
> implemented.
>
> This is a temporary measure, and will be removed in a later series
> when full KVM support for SVE is implemented.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index b1f7552..a0ee9b0 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -23,6 +23,7 @@
> #include <linux/bsearch.h>
> #include <linux/kvm_host.h>
> #include <linux/mm.h>
> +#include <linux/printk.h>
> #include <linux/uaccess.h>
>
> #include <asm/cacheflush.h>
> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> {
> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>
> - return raz ? 0 : read_sanitised_ftr_reg(id);
> + if (id == SYS_ID_AA64PFR0_EL1) {
> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> + task_pid_nr(current));
nit: does this really qualify as an error print?
> +
> + val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
> + }
> +
> + return val;
> }
>
> /* cpufeature ID register access trap handlers */
> --
> 2.1.4
>
Otherwise:
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-17 13:58 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 13:58 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
> KVM guests cannot currently use SVE, because SVE is always
> configured to trap to EL2.
>
> However, a guest that sees SVE reported as present in
> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> use it. Instead of working, the guest will receive an injected
> undef exception, which may cause the guest to oops or go into a
> spin.
>
> To avoid misleading the guest into believing that SVE will work,
> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> guest attempts to read this register. No support is explicitly
> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> reading as zero, which is consistent with SVE not being
> implemented.
>
> This is a temporary measure, and will be removed in a later series
> when full KVM support for SVE is implemented.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index b1f7552..a0ee9b0 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -23,6 +23,7 @@
> #include <linux/bsearch.h>
> #include <linux/kvm_host.h>
> #include <linux/mm.h>
> +#include <linux/printk.h>
> #include <linux/uaccess.h>
>
> #include <asm/cacheflush.h>
> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> {
> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>
> - return raz ? 0 : read_sanitised_ftr_reg(id);
> + if (id == SYS_ID_AA64PFR0_EL1) {
> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> + task_pid_nr(current));
nit: does this really qualify as an error print?
> +
> + val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
> + }
> +
> + return val;
> }
>
> /* cpufeature ID register access trap handlers */
> --
> 2.1.4
>
Otherwise:
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 23/28] arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
2017-10-10 18:38 ` Dave Martin
@ 2017-10-17 13:58 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 13:58 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, kvmarm
On Tue, Oct 10, 2017 at 07:38:40PM +0100, Dave Martin wrote:
> When trapping forbidden attempts by a guest to use SVE, we want the
> guest to see a trap consistent with SVE not being implemented.
>
> This patch injects an undefined instruction exception into the
> guest in response to such an exception.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
> ---
> arch/arm64/kvm/handle_exit.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
> index 7debb74..b712479 100644
> --- a/arch/arm64/kvm/handle_exit.c
> +++ b/arch/arm64/kvm/handle_exit.c
> @@ -147,6 +147,13 @@ static int kvm_handle_unknown_ec(struct kvm_vcpu *vcpu, struct kvm_run *run)
> return 1;
> }
>
> +static int handle_sve(struct kvm_vcpu *vcpu, struct kvm_run *run)
> +{
> + /* Until SVE is supported for guests: */
> + kvm_inject_undefined(vcpu);
> + return 1;
> +}
> +
> static exit_handle_fn arm_exit_handlers[] = {
> [0 ... ESR_ELx_EC_MAX] = kvm_handle_unknown_ec,
> [ESR_ELx_EC_WFx] = kvm_handle_wfx,
> @@ -160,6 +167,7 @@ static exit_handle_fn arm_exit_handlers[] = {
> [ESR_ELx_EC_HVC64] = handle_hvc,
> [ESR_ELx_EC_SMC64] = handle_smc,
> [ESR_ELx_EC_SYS64] = kvm_handle_sys_reg,
> + [ESR_ELx_EC_SVE] = handle_sve,
> [ESR_ELx_EC_IABT_LOW] = kvm_handle_guest_abort,
> [ESR_ELx_EC_DABT_LOW] = kvm_handle_guest_abort,
> [ESR_ELx_EC_SOFTSTP_LOW]= kvm_handle_guest_debug,
> --
> 2.1.4
>
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 23/28] arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
@ 2017-10-17 13:58 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-17 13:58 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 10, 2017 at 07:38:40PM +0100, Dave Martin wrote:
> When trapping forbidden attempts by a guest to use SVE, we want the
> guest to see a trap consistent with SVE not being implemented.
>
> This patch injects an undefined instruction exception into the
> guest in response to such an exception.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
> ---
> arch/arm64/kvm/handle_exit.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
> index 7debb74..b712479 100644
> --- a/arch/arm64/kvm/handle_exit.c
> +++ b/arch/arm64/kvm/handle_exit.c
> @@ -147,6 +147,13 @@ static int kvm_handle_unknown_ec(struct kvm_vcpu *vcpu, struct kvm_run *run)
> return 1;
> }
>
> +static int handle_sve(struct kvm_vcpu *vcpu, struct kvm_run *run)
> +{
> + /* Until SVE is supported for guests: */
> + kvm_inject_undefined(vcpu);
> + return 1;
> +}
> +
> static exit_handle_fn arm_exit_handlers[] = {
> [0 ... ESR_ELx_EC_MAX] = kvm_handle_unknown_ec,
> [ESR_ELx_EC_WFx] = kvm_handle_wfx,
> @@ -160,6 +167,7 @@ static exit_handle_fn arm_exit_handlers[] = {
> [ESR_ELx_EC_HVC64] = handle_hvc,
> [ESR_ELx_EC_SMC64] = handle_smc,
> [ESR_ELx_EC_SYS64] = kvm_handle_sys_reg,
> + [ESR_ELx_EC_SVE] = handle_sve,
> [ESR_ELx_EC_IABT_LOW] = kvm_handle_guest_abort,
> [ESR_ELx_EC_DABT_LOW] = kvm_handle_guest_abort,
> [ESR_ELx_EC_SOFTSTP_LOW]= kvm_handle_guest_debug,
> --
> 2.1.4
>
> _______________________________________________
> kvmarm mailing list
> kvmarm at lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
2017-10-17 13:58 ` Christoffer Dall
@ 2017-10-17 14:07 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-17 14:07 UTC (permalink / raw)
To: Christoffer Dall
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Marc Zyngier,
Richard Sandiford, kvmarm, linux-arm-kernel
On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
> > KVM guests cannot currently use SVE, because SVE is always
> > configured to trap to EL2.
> >
> > However, a guest that sees SVE reported as present in
> > ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> > use it. Instead of working, the guest will receive an injected
> > undef exception, which may cause the guest to oops or go into a
> > spin.
> >
> > To avoid misleading the guest into believing that SVE will work,
> > this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> > guest attempts to read this register. No support is explicitly
> > added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> > reading as zero, which is consistent with SVE not being
> > implemented.
> >
> > This is a temporary measure, and will be removed in a later series
> > when full KVM support for SVE is implemented.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> > Cc: Marc Zyngier <marc.zyngier@arm.com>
> > ---
> > arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> > 1 file changed, 11 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> > index b1f7552..a0ee9b0 100644
> > --- a/arch/arm64/kvm/sys_regs.c
> > +++ b/arch/arm64/kvm/sys_regs.c
> > @@ -23,6 +23,7 @@
> > #include <linux/bsearch.h>
> > #include <linux/kvm_host.h>
> > #include <linux/mm.h>
> > +#include <linux/printk.h>
> > #include <linux/uaccess.h>
> >
> > #include <asm/cacheflush.h>
> > @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> > {
> > u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> > (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> > + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
> >
> > - return raz ? 0 : read_sanitised_ftr_reg(id);
> > + if (id == SYS_ID_AA64PFR0_EL1) {
> > + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> > + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> > + task_pid_nr(current));
>
> nit: does this really qualify as an error print?
I have no strong opinion on this: maz suggested I should add this --
his concern was to make it difficult to ignore.
This is transitional: the main purpose is to circumvent bug reports from
people who find that SVE doesn't work in their guests, in the interim
before proper KVM support lands upstream.
Marc, do you still agree with this position?
> > +
> > + val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
> > + }
> > +
> > + return val;
> > }
> >
> > /* cpufeature ID register access trap handlers */
> > --
> > 2.1.4
> >
> Otherwise:
>
> Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Thanks -- I'll wait for Marc's response before applying.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-17 14:07 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-17 14:07 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
> > KVM guests cannot currently use SVE, because SVE is always
> > configured to trap to EL2.
> >
> > However, a guest that sees SVE reported as present in
> > ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> > use it. Instead of working, the guest will receive an injected
> > undef exception, which may cause the guest to oops or go into a
> > spin.
> >
> > To avoid misleading the guest into believing that SVE will work,
> > this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> > guest attempts to read this register. No support is explicitly
> > added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> > reading as zero, which is consistent with SVE not being
> > implemented.
> >
> > This is a temporary measure, and will be removed in a later series
> > when full KVM support for SVE is implemented.
> >
> > Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> > Cc: Marc Zyngier <marc.zyngier@arm.com>
> > ---
> > arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> > 1 file changed, 11 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> > index b1f7552..a0ee9b0 100644
> > --- a/arch/arm64/kvm/sys_regs.c
> > +++ b/arch/arm64/kvm/sys_regs.c
> > @@ -23,6 +23,7 @@
> > #include <linux/bsearch.h>
> > #include <linux/kvm_host.h>
> > #include <linux/mm.h>
> > +#include <linux/printk.h>
> > #include <linux/uaccess.h>
> >
> > #include <asm/cacheflush.h>
> > @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> > {
> > u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> > (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> > + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
> >
> > - return raz ? 0 : read_sanitised_ftr_reg(id);
> > + if (id == SYS_ID_AA64PFR0_EL1) {
> > + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> > + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> > + task_pid_nr(current));
>
> nit: does this really qualify as an error print?
I have no strong opinion on this: maz suggested I should add this --
his concern was to make it difficult to ignore.
This is transitional: the main purpose is to circumvent bug reports from
people who find that SVE doesn't work in their guests, in the interim
before proper KVM support lands upstream.
Marc, do you still agree with this position?
> > +
> > + val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
> > + }
> > +
> > + return val;
> > }
> >
> > /* cpufeature ID register access trap handlers */
> > --
> > 2.1.4
> >
> Otherwise:
>
> Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Thanks -- I'll wait for Marc's response before applying.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
2017-10-17 13:51 ` Christoffer Dall
@ 2017-10-17 14:08 ` Marc Zyngier
-1 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-17 14:08 UTC (permalink / raw)
To: Christoffer Dall, Dave Martin
Cc: linux-arm-kernel, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, kvmarm
On 17/10/17 14:51, Christoffer Dall wrote:
> On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
>> Currently, a guest kernel sees the true CPU feature registers
>> (ID_*_EL1) when it reads them using MRS instructions. This means
>> that the guest will observe features that are present in the
>> hardware but the host doesn't understand or doesn't provide support
>> for. A guest may legimitately try to use such a feature as per the
>> architecture, but use of the feature may trap instead of working
>> normally, triggering undef injection into the guest.
>>
>> This is not a problem for the host, but the guest may go wrong when
>> running on newer hardware than the host knows about.
>>
>> This patch hides from guest VMs any AArch64-specific CPU features
>> that the host doesn't support, by exposing to the guest the
>> sanitised versions of the registers computed by the cpufeatures
>> framework, instead of the true hardware registers. To achieve
>> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
>> code is added to KVM to report the sanitised versions of the
>> affected registers in response to MRS and register reads from
>> userspace.
>>
>> The affected registers are removed from invariant_sys_regs[] (since
>> the invariant_sys_regs handling is no longer quite correct for
>> them) and added to sys_reg_desgs[], with appropriate access(),
>> get_user() and set_user() methods. No runtime vcpu storage is
>> allocated for the registers: instead, they are read on demand from
>> the cpufeatures framework. This may need modification in the
>> future if there is a need for userspace to customise the features
>> visible to the guest.
>>
>> Attempts by userspace to write the registers are handled similarly
>> to the current invariant_sys_regs handling: writes are permitted,
>> but only if they don't attempt to change the value. This is
>> sufficient to support VM snapshot/restore from userspace.
>>
>> Because of the additional registers, restoring a VM on an older
>> kernel may not work unless userspace knows how to handle the extra
>> VM registers exposed to the KVM user ABI by this patch.
>>
>> Under the principle of least damage, this patch makes no attempt to
>> handle any of the other registers currently in
>> invariant_sys_regs[], or to emulate registers for AArch32: however,
>> these could be handled in a similar way in future, as necessary.
>>
>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>> ---
>> arch/arm64/include/asm/sysreg.h | 3 +
>> arch/arm64/kvm/hyp/switch.c | 6 +
>> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
>> 3 files changed, 246 insertions(+), 45 deletions(-)
>>
>> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
>> index f707fed..480ecd6 100644
>> --- a/arch/arm64/include/asm/sysreg.h
>> +++ b/arch/arm64/include/asm/sysreg.h
>> @@ -149,6 +149,9 @@
>> #define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
>> #define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
>>
>> +#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
>> +#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
>> +
>> #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
>> #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
>>
>> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
>> index 945e79c..35a90b8 100644
>> --- a/arch/arm64/kvm/hyp/switch.c
>> +++ b/arch/arm64/kvm/hyp/switch.c
>> @@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
>> * it will cause an exception.
>> */
>> val = vcpu->arch.hcr_el2;
>> +
>> if (!(val & HCR_RW) && system_supports_fpsimd()) {
>> write_sysreg(1 << 30, fpexc32_el2);
>> isb();
>> }
>> +
>> + if (val & HCR_RW) /* for AArch64 only: */
>> + val |= HCR_TID3; /* TID3: trap feature register accesses */
>> +
>
> Since we're setting this for all 64-bit VMs, can we not set this in
> vcpu_reset_hcr instead?
>
>> write_sysreg(val, hcr_el2);
>> +
>> /* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
>> write_sysreg(1 << 15, hstr_el2);
>> /*
>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
>> index 2e070d3..b1f7552 100644
>> --- a/arch/arm64/kvm/sys_regs.c
>> +++ b/arch/arm64/kvm/sys_regs.c
>> @@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
>> return true;
>> }
>>
>> +/* Read a sanitised cpufeature ID register by sys_reg_desc */
>> +static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
>> +{
>> + u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
>> + (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
>> +
>> + return raz ? 0 : read_sanitised_ftr_reg(id);
>> +}
>> +
>> +/* cpufeature ID register access trap handlers */
>> +
>> +static bool __access_id_reg(struct kvm_vcpu *vcpu,
>> + struct sys_reg_params *p,
>> + const struct sys_reg_desc *r,
>> + bool raz)
>> +{
>> + if (p->is_write)
>> + return write_to_read_only(vcpu, p, r);
>> +
>> + p->regval = read_id_reg(r, raz);
>> + return true;
>> +}
>> +
>> +static bool access_id_reg(struct kvm_vcpu *vcpu,
>> + struct sys_reg_params *p,
>> + const struct sys_reg_desc *r)
>> +{
>> + return __access_id_reg(vcpu, p, r, false);
>> +}
>> +
>> +static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
>> + struct sys_reg_params *p,
>> + const struct sys_reg_desc *r)
>> +{
>> + return __access_id_reg(vcpu, p, r, true);
>> +}
>> +
>> +static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
>> +static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
>> +static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
>> +
>> +/*
>> + * cpufeature ID register user accessors
>> + *
>> + * For now, these registers are immutable for userspace, so no values
>> + * are stored, and for set_id_reg() we don't allow the effective value
>> + * to be changed.
>> + */
>> +static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
>> + bool raz)
>> +{
>> + const u64 id = sys_reg_to_index(rd);
>> + const u64 val = read_id_reg(rd, raz);
>> +
>> + return reg_to_user(uaddr, &val, id);
>> +}
>> +
>> +static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
>> + bool raz)
>> +{
>> + const u64 id = sys_reg_to_index(rd);
>> + int err;
>> + u64 val;
>> +
>> + err = reg_from_user(&val, uaddr, id);
>> + if (err)
>> + return err;
>> +
>> + /* This is what we mean by invariant: you can't change it. */
>> + if (val != read_id_reg(rd, raz))
>> + return -EINVAL;
>> +
>> + return 0;
>> +}
>> +
>> +static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
>> + const struct kvm_one_reg *reg, void __user *uaddr)
>> +{
>> + return __get_id_reg(rd, uaddr, false);
>> +}
>> +
>> +static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
>> + const struct kvm_one_reg *reg, void __user *uaddr)
>> +{
>> + return __set_id_reg(rd, uaddr, false);
>> +}
>> +
>> +static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
>> + const struct kvm_one_reg *reg, void __user *uaddr)
>> +{
>> + return __get_id_reg(rd, uaddr, true);
>> +}
>> +
>> +static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
>> + const struct kvm_one_reg *reg, void __user *uaddr)
>> +{
>> + return __set_id_reg(rd, uaddr, true);
>> +}
>> +
>> +/* sys_reg_desc initialiser for known cpufeature ID registers */
>> +#define ID_SANITISED(name) { \
>> + SYS_DESC(SYS_##name), \
>> + .access = access_id_reg, \
>> + .get_user = get_id_reg, \
>> + .set_user = set_id_reg, \
>> +}
>> +
>> +/*
>> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
>> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
>> + * (1 <= crm < 8, 0 <= Op2 < 8).
>> + */
>> +#define ID_UNALLOCATED(crm, op2) { \
>> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
>> + .access = access_raz_id_reg, \
>> + .get_user = get_raz_id_reg, \
>> + .set_user = set_raz_id_reg, \
>> +}
>> +
>> +/*
>> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
>> + * For now, these are exposed just like unallocated ID regs: they appear
>> + * RAZ for the guest.
>> + */
>
> What is a hidden ID register as opposed to an unallocated one?
A hidden register is one where all the features have been removed (RAZ),
making it similar to an unallocated one.
> Shouldn't one of them presumably cause an undefined exception in the
> guest?
No, that'd be a violation of the architecture. The unallocated ID
registers are required to be RAZ (see table D9-2 in D9.3.1), so that
software can probe for feature without running the risk of getting an UNDEF.
Thanks,
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
@ 2017-10-17 14:08 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-17 14:08 UTC (permalink / raw)
To: linux-arm-kernel
On 17/10/17 14:51, Christoffer Dall wrote:
> On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
>> Currently, a guest kernel sees the true CPU feature registers
>> (ID_*_EL1) when it reads them using MRS instructions. This means
>> that the guest will observe features that are present in the
>> hardware but the host doesn't understand or doesn't provide support
>> for. A guest may legimitately try to use such a feature as per the
>> architecture, but use of the feature may trap instead of working
>> normally, triggering undef injection into the guest.
>>
>> This is not a problem for the host, but the guest may go wrong when
>> running on newer hardware than the host knows about.
>>
>> This patch hides from guest VMs any AArch64-specific CPU features
>> that the host doesn't support, by exposing to the guest the
>> sanitised versions of the registers computed by the cpufeatures
>> framework, instead of the true hardware registers. To achieve
>> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
>> code is added to KVM to report the sanitised versions of the
>> affected registers in response to MRS and register reads from
>> userspace.
>>
>> The affected registers are removed from invariant_sys_regs[] (since
>> the invariant_sys_regs handling is no longer quite correct for
>> them) and added to sys_reg_desgs[], with appropriate access(),
>> get_user() and set_user() methods. No runtime vcpu storage is
>> allocated for the registers: instead, they are read on demand from
>> the cpufeatures framework. This may need modification in the
>> future if there is a need for userspace to customise the features
>> visible to the guest.
>>
>> Attempts by userspace to write the registers are handled similarly
>> to the current invariant_sys_regs handling: writes are permitted,
>> but only if they don't attempt to change the value. This is
>> sufficient to support VM snapshot/restore from userspace.
>>
>> Because of the additional registers, restoring a VM on an older
>> kernel may not work unless userspace knows how to handle the extra
>> VM registers exposed to the KVM user ABI by this patch.
>>
>> Under the principle of least damage, this patch makes no attempt to
>> handle any of the other registers currently in
>> invariant_sys_regs[], or to emulate registers for AArch32: however,
>> these could be handled in a similar way in future, as necessary.
>>
>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>> ---
>> arch/arm64/include/asm/sysreg.h | 3 +
>> arch/arm64/kvm/hyp/switch.c | 6 +
>> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
>> 3 files changed, 246 insertions(+), 45 deletions(-)
>>
>> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
>> index f707fed..480ecd6 100644
>> --- a/arch/arm64/include/asm/sysreg.h
>> +++ b/arch/arm64/include/asm/sysreg.h
>> @@ -149,6 +149,9 @@
>> #define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
>> #define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
>>
>> +#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
>> +#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
>> +
>> #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
>> #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
>>
>> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
>> index 945e79c..35a90b8 100644
>> --- a/arch/arm64/kvm/hyp/switch.c
>> +++ b/arch/arm64/kvm/hyp/switch.c
>> @@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
>> * it will cause an exception.
>> */
>> val = vcpu->arch.hcr_el2;
>> +
>> if (!(val & HCR_RW) && system_supports_fpsimd()) {
>> write_sysreg(1 << 30, fpexc32_el2);
>> isb();
>> }
>> +
>> + if (val & HCR_RW) /* for AArch64 only: */
>> + val |= HCR_TID3; /* TID3: trap feature register accesses */
>> +
>
> Since we're setting this for all 64-bit VMs, can we not set this in
> vcpu_reset_hcr instead?
>
>> write_sysreg(val, hcr_el2);
>> +
>> /* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
>> write_sysreg(1 << 15, hstr_el2);
>> /*
>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
>> index 2e070d3..b1f7552 100644
>> --- a/arch/arm64/kvm/sys_regs.c
>> +++ b/arch/arm64/kvm/sys_regs.c
>> @@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
>> return true;
>> }
>>
>> +/* Read a sanitised cpufeature ID register by sys_reg_desc */
>> +static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
>> +{
>> + u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
>> + (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
>> +
>> + return raz ? 0 : read_sanitised_ftr_reg(id);
>> +}
>> +
>> +/* cpufeature ID register access trap handlers */
>> +
>> +static bool __access_id_reg(struct kvm_vcpu *vcpu,
>> + struct sys_reg_params *p,
>> + const struct sys_reg_desc *r,
>> + bool raz)
>> +{
>> + if (p->is_write)
>> + return write_to_read_only(vcpu, p, r);
>> +
>> + p->regval = read_id_reg(r, raz);
>> + return true;
>> +}
>> +
>> +static bool access_id_reg(struct kvm_vcpu *vcpu,
>> + struct sys_reg_params *p,
>> + const struct sys_reg_desc *r)
>> +{
>> + return __access_id_reg(vcpu, p, r, false);
>> +}
>> +
>> +static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
>> + struct sys_reg_params *p,
>> + const struct sys_reg_desc *r)
>> +{
>> + return __access_id_reg(vcpu, p, r, true);
>> +}
>> +
>> +static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
>> +static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
>> +static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
>> +
>> +/*
>> + * cpufeature ID register user accessors
>> + *
>> + * For now, these registers are immutable for userspace, so no values
>> + * are stored, and for set_id_reg() we don't allow the effective value
>> + * to be changed.
>> + */
>> +static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
>> + bool raz)
>> +{
>> + const u64 id = sys_reg_to_index(rd);
>> + const u64 val = read_id_reg(rd, raz);
>> +
>> + return reg_to_user(uaddr, &val, id);
>> +}
>> +
>> +static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
>> + bool raz)
>> +{
>> + const u64 id = sys_reg_to_index(rd);
>> + int err;
>> + u64 val;
>> +
>> + err = reg_from_user(&val, uaddr, id);
>> + if (err)
>> + return err;
>> +
>> + /* This is what we mean by invariant: you can't change it. */
>> + if (val != read_id_reg(rd, raz))
>> + return -EINVAL;
>> +
>> + return 0;
>> +}
>> +
>> +static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
>> + const struct kvm_one_reg *reg, void __user *uaddr)
>> +{
>> + return __get_id_reg(rd, uaddr, false);
>> +}
>> +
>> +static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
>> + const struct kvm_one_reg *reg, void __user *uaddr)
>> +{
>> + return __set_id_reg(rd, uaddr, false);
>> +}
>> +
>> +static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
>> + const struct kvm_one_reg *reg, void __user *uaddr)
>> +{
>> + return __get_id_reg(rd, uaddr, true);
>> +}
>> +
>> +static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
>> + const struct kvm_one_reg *reg, void __user *uaddr)
>> +{
>> + return __set_id_reg(rd, uaddr, true);
>> +}
>> +
>> +/* sys_reg_desc initialiser for known cpufeature ID registers */
>> +#define ID_SANITISED(name) { \
>> + SYS_DESC(SYS_##name), \
>> + .access = access_id_reg, \
>> + .get_user = get_id_reg, \
>> + .set_user = set_id_reg, \
>> +}
>> +
>> +/*
>> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
>> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
>> + * (1 <= crm < 8, 0 <= Op2 < 8).
>> + */
>> +#define ID_UNALLOCATED(crm, op2) { \
>> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
>> + .access = access_raz_id_reg, \
>> + .get_user = get_raz_id_reg, \
>> + .set_user = set_raz_id_reg, \
>> +}
>> +
>> +/*
>> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
>> + * For now, these are exposed just like unallocated ID regs: they appear
>> + * RAZ for the guest.
>> + */
>
> What is a hidden ID register as opposed to an unallocated one?
A hidden register is one where all the features have been removed (RAZ),
making it similar to an unallocated one.
> Shouldn't one of them presumably cause an undefined exception in the
> guest?
No, that'd be a violation of the architecture. The unallocated ID
registers are required to be RAZ (see table D9-2 in D9.3.1), so that
software can probe for feature without running the risk of getting an UNDEF.
Thanks,
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-17 14:29 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-17 14:29 UTC (permalink / raw)
To: Dave Martin, Christoffer Dall
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm, linux-arm-kernel
On 17/10/17 15:07, Dave Martin wrote:
> On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
>> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
>>> KVM guests cannot currently use SVE, because SVE is always
>>> configured to trap to EL2.
>>>
>>> However, a guest that sees SVE reported as present in
>>> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
>>> use it. Instead of working, the guest will receive an injected
>>> undef exception, which may cause the guest to oops or go into a
>>> spin.
>>>
>>> To avoid misleading the guest into believing that SVE will work,
>>> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
>>> guest attempts to read this register. No support is explicitly
>>> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
>>> reading as zero, which is consistent with SVE not being
>>> implemented.
>>>
>>> This is a temporary measure, and will be removed in a later series
>>> when full KVM support for SVE is implemented.
>>>
>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>>> ---
>>> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
>>> 1 file changed, 11 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
>>> index b1f7552..a0ee9b0 100644
>>> --- a/arch/arm64/kvm/sys_regs.c
>>> +++ b/arch/arm64/kvm/sys_regs.c
>>> @@ -23,6 +23,7 @@
>>> #include <linux/bsearch.h>
>>> #include <linux/kvm_host.h>
>>> #include <linux/mm.h>
>>> +#include <linux/printk.h>
>>> #include <linux/uaccess.h>
>>>
>>> #include <asm/cacheflush.h>
>>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
>>> {
>>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
>>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
>>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>>>
>>> - return raz ? 0 : read_sanitised_ftr_reg(id);
>>> + if (id == SYS_ID_AA64PFR0_EL1) {
>>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
>>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
>>> + task_pid_nr(current));
>>
>> nit: does this really qualify as an error print?
>
> I have no strong opinion on this: maz suggested I should add this --
> his concern was to make it difficult to ignore.
>
> This is transitional: the main purpose is to circumvent bug reports from
> people who find that SVE doesn't work in their guests, in the interim
> before proper KVM support lands upstream.
>
> Marc, do you still agree with this position?
As long as this is transitional, I'm OK with this.
M.
--
Jazz is not dead. It just smells funny...
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-17 14:29 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-17 14:29 UTC (permalink / raw)
To: Dave Martin, Christoffer Dall
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Richard Sandiford,
kvmarm, linux-arm-kernel
On 17/10/17 15:07, Dave Martin wrote:
> On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
>> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
>>> KVM guests cannot currently use SVE, because SVE is always
>>> configured to trap to EL2.
>>>
>>> However, a guest that sees SVE reported as present in
>>> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
>>> use it. Instead of working, the guest will receive an injected
>>> undef exception, which may cause the guest to oops or go into a
>>> spin.
>>>
>>> To avoid misleading the guest into believing that SVE will work,
>>> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
>>> guest attempts to read this register. No support is explicitly
>>> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
>>> reading as zero, which is consistent with SVE not being
>>> implemented.
>>>
>>> This is a temporary measure, and will be removed in a later series
>>> when full KVM support for SVE is implemented.
>>>
>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>>> ---
>>> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
>>> 1 file changed, 11 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
>>> index b1f7552..a0ee9b0 100644
>>> --- a/arch/arm64/kvm/sys_regs.c
>>> +++ b/arch/arm64/kvm/sys_regs.c
>>> @@ -23,6 +23,7 @@
>>> #include <linux/bsearch.h>
>>> #include <linux/kvm_host.h>
>>> #include <linux/mm.h>
>>> +#include <linux/printk.h>
>>> #include <linux/uaccess.h>
>>>
>>> #include <asm/cacheflush.h>
>>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
>>> {
>>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
>>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
>>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>>>
>>> - return raz ? 0 : read_sanitised_ftr_reg(id);
>>> + if (id == SYS_ID_AA64PFR0_EL1) {
>>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
>>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
>>> + task_pid_nr(current));
>>
>> nit: does this really qualify as an error print?
>
> I have no strong opinion on this: maz suggested I should add this --
> his concern was to make it difficult to ignore.
>
> This is transitional: the main purpose is to circumvent bug reports from
> people who find that SVE doesn't work in their guests, in the interim
> before proper KVM support lands upstream.
>
> Marc, do you still agree with this position?
As long as this is transitional, I'm OK with this.
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-17 14:29 ` Marc Zyngier
0 siblings, 0 replies; 253+ messages in thread
From: Marc Zyngier @ 2017-10-17 14:29 UTC (permalink / raw)
To: linux-arm-kernel
On 17/10/17 15:07, Dave Martin wrote:
> On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
>> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
>>> KVM guests cannot currently use SVE, because SVE is always
>>> configured to trap to EL2.
>>>
>>> However, a guest that sees SVE reported as present in
>>> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
>>> use it. Instead of working, the guest will receive an injected
>>> undef exception, which may cause the guest to oops or go into a
>>> spin.
>>>
>>> To avoid misleading the guest into believing that SVE will work,
>>> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
>>> guest attempts to read this register. No support is explicitly
>>> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
>>> reading as zero, which is consistent with SVE not being
>>> implemented.
>>>
>>> This is a temporary measure, and will be removed in a later series
>>> when full KVM support for SVE is implemented.
>>>
>>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
>>> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
>>> Cc: Marc Zyngier <marc.zyngier@arm.com>
>>> ---
>>> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
>>> 1 file changed, 11 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
>>> index b1f7552..a0ee9b0 100644
>>> --- a/arch/arm64/kvm/sys_regs.c
>>> +++ b/arch/arm64/kvm/sys_regs.c
>>> @@ -23,6 +23,7 @@
>>> #include <linux/bsearch.h>
>>> #include <linux/kvm_host.h>
>>> #include <linux/mm.h>
>>> +#include <linux/printk.h>
>>> #include <linux/uaccess.h>
>>>
>>> #include <asm/cacheflush.h>
>>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
>>> {
>>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
>>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
>>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>>>
>>> - return raz ? 0 : read_sanitised_ftr_reg(id);
>>> + if (id == SYS_ID_AA64PFR0_EL1) {
>>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
>>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
>>> + task_pid_nr(current));
>>
>> nit: does this really qualify as an error print?
>
> I have no strong opinion on this: maz suggested I should add this --
> his concern was to make it difficult to ignore.
>
> This is transitional: the main purpose is to circumvent bug reports from
> people who find that SVE doesn't work in their guests, in the interim
> before proper KVM support lands upstream.
>
> Marc, do you still agree with this position?
As long as this is transitional, I'm OK with this.
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-17 11:50 ` Christoffer Dall
@ 2017-10-17 14:31 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-17 14:31 UTC (permalink / raw)
To: Christoffer Dall
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Marc Zyngier,
Richard Sandiford, kvmarm, linux-arm-kernel
On Tue, Oct 17, 2017 at 01:50:24PM +0200, Christoffer Dall wrote:
> On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> > Until KVM has full SVE support, guests must not be allowed to
> > execute SVE instructions.
> >
> > This patch enables the necessary traps, and also ensures that the
> > traps are disabled again on exit from the guest so that the host
> > can still use SVE if it wants to.
> >
> > This patch introduces another instance of
> > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > Other instances are ported appropriately.
>
> I don't understand this paragraph, beginning from ", so this...".
>
>
> From reading the code, what I think is the reason for having to flush
> the SVE state (and mark the host state invalid) is that even though we
> disallow SVE usage in the guest, the guest can use the normal FP state,
> and while we always fully preserve the host state, this could still
> corrupt some additional SVE state not properly preserved for the host.
> Is that correct?
Yes, that's right: the guest can't touch the SVE-specific registers
Pn/FFR, but FPSIMD accesses to Vn regs cause the high bits of the
corresponding SVE Zn registers to be clobbered. In any case, the
FPSIMD restore done by KVM after guest exit is sufficient to clobber
those bits even if the guest didn't do it.
This is a band-aid for not making the KVM world switch code properly
SVE-aware yet.
Does the following wording sound better:
--8<--
On guest exit, high bits of the SVE Zn registers may have been
clobbered as a side-effect the execution of FPSIMD instructions in
the guest. The existing KVM host FPSIMD restore code is not
sufficient to restore these bits, so this patch explicitly marks
the CPU as not containing cached vector state for any task, this
forcing a reload on the next return to userspace. This is an
interim measure, in advance of adding full SVE awareness to KVM.
Because of the duplication of this operation
(__this_cpu_write(fpsimd_last_state, NULL)), it is factored out as
a new helper fpsimd_flush_cpu_state() to make the purpose clearer.
-->8--
> >
> > As a side effect of this refactoring, a this_cpu_write() in
> > fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> > should be fine, since cpu_pm_enter() is supposed to be called only
> > with interrupts disabled.
>
> Otherwise the patch itself looks good to me.
Thanks, let me know about the above wording change though.
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-17 14:31 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-17 14:31 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 17, 2017 at 01:50:24PM +0200, Christoffer Dall wrote:
> On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> > Until KVM has full SVE support, guests must not be allowed to
> > execute SVE instructions.
> >
> > This patch enables the necessary traps, and also ensures that the
> > traps are disabled again on exit from the guest so that the host
> > can still use SVE if it wants to.
> >
> > This patch introduces another instance of
> > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > Other instances are ported appropriately.
>
> I don't understand this paragraph, beginning from ", so this...".
>
>
> From reading the code, what I think is the reason for having to flush
> the SVE state (and mark the host state invalid) is that even though we
> disallow SVE usage in the guest, the guest can use the normal FP state,
> and while we always fully preserve the host state, this could still
> corrupt some additional SVE state not properly preserved for the host.
> Is that correct?
Yes, that's right: the guest can't touch the SVE-specific registers
Pn/FFR, but FPSIMD accesses to Vn regs cause the high bits of the
corresponding SVE Zn registers to be clobbered. In any case, the
FPSIMD restore done by KVM after guest exit is sufficient to clobber
those bits even if the guest didn't do it.
This is a band-aid for not making the KVM world switch code properly
SVE-aware yet.
Does the following wording sound better:
--8<--
On guest exit, high bits of the SVE Zn registers may have been
clobbered as a side-effect the execution of FPSIMD instructions in
the guest. The existing KVM host FPSIMD restore code is not
sufficient to restore these bits, so this patch explicitly marks
the CPU as not containing cached vector state for any task, this
forcing a reload on the next return to userspace. This is an
interim measure, in advance of adding full SVE awareness to KVM.
Because of the duplication of this operation
(__this_cpu_write(fpsimd_last_state, NULL)), it is factored out as
a new helper fpsimd_flush_cpu_state() to make the purpose clearer.
-->8--
> >
> > As a side effect of this refactoring, a this_cpu_write() in
> > fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> > should be fine, since cpu_pm_enter() is supposed to be called only
> > with interrupts disabled.
>
> Otherwise the patch itself looks good to me.
Thanks, let me know about the above wording change though.
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
2017-10-17 14:29 ` Marc Zyngier
@ 2017-10-17 15:47 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-17 15:47 UTC (permalink / raw)
To: Marc Zyngier
Cc: Christoffer Dall, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, kvmarm, linux-arm-kernel
On Tue, Oct 17, 2017 at 03:29:36PM +0100, Marc Zyngier wrote:
> On 17/10/17 15:07, Dave Martin wrote:
> > On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
> >> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
> >>> KVM guests cannot currently use SVE, because SVE is always
> >>> configured to trap to EL2.
> >>>
> >>> However, a guest that sees SVE reported as present in
> >>> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> >>> use it. Instead of working, the guest will receive an injected
> >>> undef exception, which may cause the guest to oops or go into a
> >>> spin.
> >>>
> >>> To avoid misleading the guest into believing that SVE will work,
> >>> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> >>> guest attempts to read this register. No support is explicitly
> >>> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> >>> reading as zero, which is consistent with SVE not being
> >>> implemented.
> >>>
> >>> This is a temporary measure, and will be removed in a later series
> >>> when full KVM support for SVE is implemented.
> >>>
> >>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> >>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> >>> Cc: Marc Zyngier <marc.zyngier@arm.com>
> >>> ---
> >>> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> >>> 1 file changed, 11 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> >>> index b1f7552..a0ee9b0 100644
> >>> --- a/arch/arm64/kvm/sys_regs.c
> >>> +++ b/arch/arm64/kvm/sys_regs.c
> >>> @@ -23,6 +23,7 @@
> >>> #include <linux/bsearch.h>
> >>> #include <linux/kvm_host.h>
> >>> #include <linux/mm.h>
> >>> +#include <linux/printk.h>
> >>> #include <linux/uaccess.h>
> >>>
> >>> #include <asm/cacheflush.h>
> >>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> >>> {
> >>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> >>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> >>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
> >>>
> >>> - return raz ? 0 : read_sanitised_ftr_reg(id);
> >>> + if (id == SYS_ID_AA64PFR0_EL1) {
> >>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> >>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> >>> + task_pid_nr(current));
> >>
> >> nit: does this really qualify as an error print?
> >
> > I have no strong opinion on this: maz suggested I should add this --
> > his concern was to make it difficult to ignore.
> >
> > This is transitional: the main purpose is to circumvent bug reports from
> > people who find that SVE doesn't work in their guests, in the interim
> > before proper KVM support lands upstream.
> >
> > Marc, do you still agree with this position?
>
> As long as this is transitional, I'm OK with this.
No argument from me, since it was your request in the first place ;)
Christoffer?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-17 15:47 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-17 15:47 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 17, 2017 at 03:29:36PM +0100, Marc Zyngier wrote:
> On 17/10/17 15:07, Dave Martin wrote:
> > On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
> >> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
> >>> KVM guests cannot currently use SVE, because SVE is always
> >>> configured to trap to EL2.
> >>>
> >>> However, a guest that sees SVE reported as present in
> >>> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> >>> use it. Instead of working, the guest will receive an injected
> >>> undef exception, which may cause the guest to oops or go into a
> >>> spin.
> >>>
> >>> To avoid misleading the guest into believing that SVE will work,
> >>> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> >>> guest attempts to read this register. No support is explicitly
> >>> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> >>> reading as zero, which is consistent with SVE not being
> >>> implemented.
> >>>
> >>> This is a temporary measure, and will be removed in a later series
> >>> when full KVM support for SVE is implemented.
> >>>
> >>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> >>> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> >>> Cc: Marc Zyngier <marc.zyngier@arm.com>
> >>> ---
> >>> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> >>> 1 file changed, 11 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> >>> index b1f7552..a0ee9b0 100644
> >>> --- a/arch/arm64/kvm/sys_regs.c
> >>> +++ b/arch/arm64/kvm/sys_regs.c
> >>> @@ -23,6 +23,7 @@
> >>> #include <linux/bsearch.h>
> >>> #include <linux/kvm_host.h>
> >>> #include <linux/mm.h>
> >>> +#include <linux/printk.h>
> >>> #include <linux/uaccess.h>
> >>>
> >>> #include <asm/cacheflush.h>
> >>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> >>> {
> >>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> >>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> >>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
> >>>
> >>> - return raz ? 0 : read_sanitised_ftr_reg(id);
> >>> + if (id == SYS_ID_AA64PFR0_EL1) {
> >>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> >>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> >>> + task_pid_nr(current));
> >>
> >> nit: does this really qualify as an error print?
> >
> > I have no strong opinion on this: maz suggested I should add this --
> > his concern was to make it difficult to ignore.
> >
> > This is transitional: the main purpose is to circumvent bug reports from
> > people who find that SVE doesn't work in their guests, in the interim
> > before proper KVM support lands upstream.
> >
> > Marc, do you still agree with this position?
>
> As long as this is transitional, I'm OK with this.
No argument from me, since it was your request in the first place ;)
Christoffer?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-18 9:32 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-18 9:32 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch-u79uwXL29TY76Z2rM5mHXA, Mark Rutland,
Okamoto Takayuki, libc-alpha-9JcytcrH/bA+uJoB2kUjGw,
Ard Biesheuvel, Szabolcs Nagy, Richard Sandiford, Will Deacon,
Michael Kerrisk, Alan Hayward, linux-api-u79uwXL29TY76Z2rM5mHXA,
Alex Bennée, kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r
On Fri, Oct 13, 2017 at 06:17:59PM +0100, Dave P Martin wrote:
> On Fri, Oct 13, 2017 at 03:24:21PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
> > > +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> > > + space is allocated on the stack, an extra_context record is written in
> > > + __reserved[] referencing this space. sve_context is then written in the
> > > + extra space. Refer to [1] for further details about this mechanism.
> >
> > Does this document require that the user stack is sufficiently large or
> > should we cap the vector length (prior to the last two RFC patches)?
>
> We don't know how much free stack space there actually is until the
> signal is delivered.
[...]
> Possibly sigaltstack() should fail with ENOMEM if ss_size is too small
> for the maximum VL supported by the system, but strictly speaking that
> violates POSIX if ss_size >= MINSIGSTKSZ.
We also don't know whether the application is going to use SVE or not,
so MINSIGSTKSZ could be just fine. I don't have a better idea here
without the last two RFC patches. So just ignore my comment.
> > > +5. Signal return
> > > +-----------------
> > > +
> > > +When returning from a signal handler:
> > > +
> > > +* If there is no sve_context record in the signal frame, or if the record is
> > > + present but contains no register data as desribed in the previous section,
> > > + then the SVE registers/bits become non-live and take unspecified values.
> > > +
> > > +* If sve_context is present in the signal frame and contains full register
> > > + data, the SVE registers become live and are populated with the specified
> > > + data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
> > > + are always restored from the corresponding members of fpsimd_context.vregs[]
> > > + and not from sve_context. The remaining bits are restored from sve_context.
> > > +
> > > +* Inclusion of fpsimd_context in the signal frame remains mandatory,
> > > + irrespective of whether sve_context is present or not.
> >
> > Could we relax this? I'm not sure it's worth it.
>
> It would be cleaner, but I think it's an ABI break. Consider a non-SVE
> program that gets linked (perhaps dynamically) against a library variant
> that happens to use SVE:
I agree that in general the kernel always needs to provide user space
with FPSIMD_MAGIC. I was wondering whether on sigreturn the kernel may
choose not to enforce this. But I'm not sure we have a scenario where it
actually matters (IIUC set/getcontext is done in user space anyway).
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-18 9:32 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-18 9:32 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Mark Rutland, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Richard Sandiford, Will Deacon,
Michael Kerrisk, Alan Hayward, linux-api, Alex Bennée,
kvmarm, linux-arm-kernel
On Fri, Oct 13, 2017 at 06:17:59PM +0100, Dave P Martin wrote:
> On Fri, Oct 13, 2017 at 03:24:21PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
> > > +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> > > + space is allocated on the stack, an extra_context record is written in
> > > + __reserved[] referencing this space. sve_context is then written in the
> > > + extra space. Refer to [1] for further details about this mechanism.
> >
> > Does this document require that the user stack is sufficiently large or
> > should we cap the vector length (prior to the last two RFC patches)?
>
> We don't know how much free stack space there actually is until the
> signal is delivered.
[...]
> Possibly sigaltstack() should fail with ENOMEM if ss_size is too small
> for the maximum VL supported by the system, but strictly speaking that
> violates POSIX if ss_size >= MINSIGSTKSZ.
We also don't know whether the application is going to use SVE or not,
so MINSIGSTKSZ could be just fine. I don't have a better idea here
without the last two RFC patches. So just ignore my comment.
> > > +5. Signal return
> > > +-----------------
> > > +
> > > +When returning from a signal handler:
> > > +
> > > +* If there is no sve_context record in the signal frame, or if the record is
> > > + present but contains no register data as desribed in the previous section,
> > > + then the SVE registers/bits become non-live and take unspecified values.
> > > +
> > > +* If sve_context is present in the signal frame and contains full register
> > > + data, the SVE registers become live and are populated with the specified
> > > + data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
> > > + are always restored from the corresponding members of fpsimd_context.vregs[]
> > > + and not from sve_context. The remaining bits are restored from sve_context.
> > > +
> > > +* Inclusion of fpsimd_context in the signal frame remains mandatory,
> > > + irrespective of whether sve_context is present or not.
> >
> > Could we relax this? I'm not sure it's worth it.
>
> It would be cleaner, but I think it's an ABI break. Consider a non-SVE
> program that gets linked (perhaps dynamically) against a library variant
> that happens to use SVE:
I agree that in general the kernel always needs to provide user space
with FPSIMD_MAGIC. I was wondering whether on sigreturn the kernel may
choose not to enforce this. But I'm not sure we have a scenario where it
actually matters (IIUC set/getcontext is done in user space anyway).
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 26/28] arm64/sve: Add documentation
@ 2017-10-18 9:32 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-18 9:32 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Oct 13, 2017 at 06:17:59PM +0100, Dave P Martin wrote:
> On Fri, Oct 13, 2017 at 03:24:21PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:43PM +0100, Dave P Martin wrote:
> > > +* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
> > > + space is allocated on the stack, an extra_context record is written in
> > > + __reserved[] referencing this space. sve_context is then written in the
> > > + extra space. Refer to [1] for further details about this mechanism.
> >
> > Does this document require that the user stack is sufficiently large or
> > should we cap the vector length (prior to the last two RFC patches)?
>
> We don't know how much free stack space there actually is until the
> signal is delivered.
[...]
> Possibly sigaltstack() should fail with ENOMEM if ss_size is too small
> for the maximum VL supported by the system, but strictly speaking that
> violates POSIX if ss_size >= MINSIGSTKSZ.
We also don't know whether the application is going to use SVE or not,
so MINSIGSTKSZ could be just fine. I don't have a better idea here
without the last two RFC patches. So just ignore my comment.
> > > +5. Signal return
> > > +-----------------
> > > +
> > > +When returning from a signal handler:
> > > +
> > > +* If there is no sve_context record in the signal frame, or if the record is
> > > + present but contains no register data as desribed in the previous section,
> > > + then the SVE registers/bits become non-live and take unspecified values.
> > > +
> > > +* If sve_context is present in the signal frame and contains full register
> > > + data, the SVE registers become live and are populated with the specified
> > > + data. However, for backward compatibility reasons, bits [127:0] of Z0..Z31
> > > + are always restored from the corresponding members of fpsimd_context.vregs[]
> > > + and not from sve_context. The remaining bits are restored from sve_context.
> > > +
> > > +* Inclusion of fpsimd_context in the signal frame remains mandatory,
> > > + irrespective of whether sve_context is present or not.
> >
> > Could we relax this? I'm not sure it's worth it.
>
> It would be cleaner, but I think it's an ABI break. Consider a non-SVE
> program that gets linked (perhaps dynamically) against a library variant
> that happens to use SVE:
I agree that in general the kernel always needs to provide user space
with FPSIMD_MAGIC. I was wondering whether on sigreturn the kernel may
choose not to enforce this. But I'm not sure we have a scenario where it
actually matters (IIUC set/getcontext is done in user space anyway).
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
2017-10-13 16:16 ` Dave Martin
@ 2017-10-18 10:32 ` Catalin Marinas
-1 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-18 10:32 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alan Hayward,
Alex Bennée, kvmarm, linux-arm-kernel
On Fri, Oct 13, 2017 at 05:16:39PM +0100, Dave P Martin wrote:
> On Thu, Oct 12, 2017 at 06:06:32PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> > > @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> > > return ret;
> > > }
> > >
> > > +#ifdef CONFIG_ARM64_SVE
> > > +
> > > +static void sve_init_header_from_task(struct user_sve_header *header,
> > > + struct task_struct *target)
> > > +{
> > > + unsigned int vq;
> > > +
> > > + memset(header, 0, sizeof(*header));
> > > +
> > > + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> > > + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
> >
> > For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
> > happened with the target. Just a thought: shall we clear TIF_SVE (and
> > sync it to fpsimd) in syscall_trace_enter()?
>
> I'm not so sure: if we were to do that, a syscall that is cancelled by
> writing -1 to REGSET_SYSCALL could still discard the SVE registers as a
> side-effect.
>
> The target committed to discard by executing SVC, but my feeling is
> that cancellation of a syscall in this way shouldn't have avoidable
> side-effects for the target. But the semantics of cancelled syscalls
> are a bit of a grey area, so I can see potential arguments on both
> sides.
We already can't guarantee this - if the task invoking a syscall gets
preempted before syscall_trace_enter(), TIF_SVE will be cleared. Are you
reinstating TIF_SVE if the syscall was cancelled?
So my comment was more about consistency on presenting the SVE state to
the debugger handling PTRACE_SYSCALL.
> > > + /* Registers: FPSIMD-only case */
> > > +
> > > + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> > > + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> > > + sve_sync_to_fpsimd(target);
> > > +
> > > + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> > > + SVE_PT_FPSIMD_OFFSET);
> > > + clear_tsk_thread_flag(target, TIF_SVE);
> > > + goto out;
> > > + }
> >
> > __fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
>
> Yes, the call to sve_sync_to_fpsimd() is superfluous here -- I think
> that I realised that all callers of __fpr_set() need this to happen,
> but never deleted the explicit call from sve_set().
>
> I'll delete it.
>
>
> Looking more closely at __fpr_set() though, I think it needs this change
> too, because the sync is unintentionally placed after reading
> thread.fpsimd_state instead of before:
>
> @@ -652,11 +652,12 @@ static int __fpr_set(struct task_struct *target,
> unsigned int start_pos)
> {
> int ret;
> - struct user_fpsimd_state newstate =
> - target->thread.fpsimd_state.user_fpsimd;
> + struct user_fpsimd_state newstate;
>
> sve_sync_to_fpsimd(target);
>
> + newstate = target->thread.fpsimd_state.user_fpsimd;
> +
> ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
> [...]
>
> (Or were you confident that this was already OK? Maybe I'm confusing
> myself.)
With the sve_sync_to_fpsimd() called before __fpr_set(), it was ok. Once
you removed that you indeed need the change to __fpr_set().
> > need this since we are going to override the FPSIMD state anyway here.
>
> The underlying reason for this is the issue of what should happen
> for short regset writes. Historically, writes through fpr_set() can
> be truncated arbitrarily, and the rest of fpsimd_state will remain
> unchanged.
Ah, I forgot about this.
> The issue is that if TIF_SVE is set, fpsimd_state can be stale for
> target. If the initial sve_sync_to_fpsimd() is removed in sve_set()
> above, then we may resurrect old values for the untouched registers,
> instead of simply leaving them unmodified.
>
> Should I add comments explaining the purpose? I guess it is rather
> non-obvious.
Yes, please.
> > > + set_tsk_thread_flag(target, TIF_SVE);
> >
> > This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
> > which may be cleared in some circumstances. It may not be an issue
> > though.
>
> I would argue that this is correct behaviour: the syscall enter trap and
> exit traps should both behave as if they are outside the syscall,
> allowing the debugger to simulate the effect of inserting any
> instructions the target could have inserted before or after the SVC.
> This may include simulating SVE instructions or modifying SVE regs,
> which would require TIF_SVE to get set.
I'm ok with this approach but I'm not sure we can guarantee it with
preemption enabled.
> If the tracer doesn't cancel the syscall at the enter trap, then a
> real syscall will execute and that may cause the SVE state to be
> discarded in the usual way in the case of preemption or blocking: it
> seems cleaner for the debug illusion that this decision isn't made
> differently just because the target is being traced.
>
> (Spoiler alert though: the syscall exit trap will force the target
> to be scheduled out, which will force discard with the current
> task_fpsimd_save() behaviour ... but that could be changed in the
> future, and I prefer not to document any sort of guarantee here.)
If such state isn't guaranteed, then the de-facto ABI is that the
debugger cannot simulate any SVE instruction via NO_SYSCALL since the
SVE state may be discarded. So it can only rely on what's guaranteed and
changing the behaviour later won't actually help.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-18 10:32 ` Catalin Marinas
0 siblings, 0 replies; 253+ messages in thread
From: Catalin Marinas @ 2017-10-18 10:32 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Oct 13, 2017 at 05:16:39PM +0100, Dave P Martin wrote:
> On Thu, Oct 12, 2017 at 06:06:32PM +0100, Catalin Marinas wrote:
> > On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> > > @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> > > return ret;
> > > }
> > >
> > > +#ifdef CONFIG_ARM64_SVE
> > > +
> > > +static void sve_init_header_from_task(struct user_sve_header *header,
> > > + struct task_struct *target)
> > > +{
> > > + unsigned int vq;
> > > +
> > > + memset(header, 0, sizeof(*header));
> > > +
> > > + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> > > + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
> >
> > For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
> > happened with the target. Just a thought: shall we clear TIF_SVE (and
> > sync it to fpsimd) in syscall_trace_enter()?
>
> I'm not so sure: if we were to do that, a syscall that is cancelled by
> writing -1 to REGSET_SYSCALL could still discard the SVE registers as a
> side-effect.
>
> The target committed to discard by executing SVC, but my feeling is
> that cancellation of a syscall in this way shouldn't have avoidable
> side-effects for the target. But the semantics of cancelled syscalls
> are a bit of a grey area, so I can see potential arguments on both
> sides.
We already can't guarantee this - if the task invoking a syscall gets
preempted before syscall_trace_enter(), TIF_SVE will be cleared. Are you
reinstating TIF_SVE if the syscall was cancelled?
So my comment was more about consistency on presenting the SVE state to
the debugger handling PTRACE_SYSCALL.
> > > + /* Registers: FPSIMD-only case */
> > > +
> > > + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> > > + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> > > + sve_sync_to_fpsimd(target);
> > > +
> > > + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> > > + SVE_PT_FPSIMD_OFFSET);
> > > + clear_tsk_thread_flag(target, TIF_SVE);
> > > + goto out;
> > > + }
> >
> > __fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
>
> Yes, the call to sve_sync_to_fpsimd() is superfluous here -- I think
> that I realised that all callers of __fpr_set() need this to happen,
> but never deleted the explicit call from sve_set().
>
> I'll delete it.
>
>
> Looking more closely at __fpr_set() though, I think it needs this change
> too, because the sync is unintentionally placed after reading
> thread.fpsimd_state instead of before:
>
> @@ -652,11 +652,12 @@ static int __fpr_set(struct task_struct *target,
> unsigned int start_pos)
> {
> int ret;
> - struct user_fpsimd_state newstate =
> - target->thread.fpsimd_state.user_fpsimd;
> + struct user_fpsimd_state newstate;
>
> sve_sync_to_fpsimd(target);
>
> + newstate = target->thread.fpsimd_state.user_fpsimd;
> +
> ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
> [...]
>
> (Or were you confident that this was already OK? Maybe I'm confusing
> myself.)
With the sve_sync_to_fpsimd() called before __fpr_set(), it was ok. Once
you removed that you indeed need the change to __fpr_set().
> > need this since we are going to override the FPSIMD state anyway here.
>
> The underlying reason for this is the issue of what should happen
> for short regset writes. Historically, writes through fpr_set() can
> be truncated arbitrarily, and the rest of fpsimd_state will remain
> unchanged.
Ah, I forgot about this.
> The issue is that if TIF_SVE is set, fpsimd_state can be stale for
> target. If the initial sve_sync_to_fpsimd() is removed in sve_set()
> above, then we may resurrect old values for the untouched registers,
> instead of simply leaving them unmodified.
>
> Should I add comments explaining the purpose? I guess it is rather
> non-obvious.
Yes, please.
> > > + set_tsk_thread_flag(target, TIF_SVE);
> >
> > This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
> > which may be cleared in some circumstances. It may not be an issue
> > though.
>
> I would argue that this is correct behaviour: the syscall enter trap and
> exit traps should both behave as if they are outside the syscall,
> allowing the debugger to simulate the effect of inserting any
> instructions the target could have inserted before or after the SVC.
> This may include simulating SVE instructions or modifying SVE regs,
> which would require TIF_SVE to get set.
I'm ok with this approach but I'm not sure we can guarantee it with
preemption enabled.
> If the tracer doesn't cancel the syscall at the enter trap, then a
> real syscall will execute and that may cause the SVE state to be
> discarded in the usual way in the case of preemption or blocking: it
> seems cleaner for the debug illusion that this decision isn't made
> differently just because the target is being traced.
>
> (Spoiler alert though: the syscall exit trap will force the target
> to be scheduled out, which will force discard with the current
> task_fpsimd_save() behaviour ... but that could be changed in the
> future, and I prefer not to document any sort of guarantee here.)
If such state isn't guaranteed, then the de-facto ABI is that the
debugger cannot simulate any SVE instruction via NO_SYSCALL since the
SVE state may be discarded. So it can only rely on what's guaranteed and
changing the behaviour later won't actually help.
--
Catalin
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
2017-10-17 14:08 ` Marc Zyngier
@ 2017-10-18 13:20 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 13:20 UTC (permalink / raw)
To: Marc Zyngier
Cc: Dave Martin, linux-arm-kernel, linux-arch, Okamoto Takayuki,
libc-alpha, Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas,
Will Deacon, Richard Sandiford, kvmarm
On Tue, Oct 17, 2017 at 03:08:40PM +0100, Marc Zyngier wrote:
> On 17/10/17 14:51, Christoffer Dall wrote:
> > On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
> >> Currently, a guest kernel sees the true CPU feature registers
> >> (ID_*_EL1) when it reads them using MRS instructions. This means
> >> that the guest will observe features that are present in the
> >> hardware but the host doesn't understand or doesn't provide support
> >> for. A guest may legimitately try to use such a feature as per the
> >> architecture, but use of the feature may trap instead of working
> >> normally, triggering undef injection into the guest.
> >>
> >> This is not a problem for the host, but the guest may go wrong when
> >> running on newer hardware than the host knows about.
> >>
> >> This patch hides from guest VMs any AArch64-specific CPU features
> >> that the host doesn't support, by exposing to the guest the
> >> sanitised versions of the registers computed by the cpufeatures
> >> framework, instead of the true hardware registers. To achieve
> >> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
> >> code is added to KVM to report the sanitised versions of the
> >> affected registers in response to MRS and register reads from
> >> userspace.
> >>
> >> The affected registers are removed from invariant_sys_regs[] (since
> >> the invariant_sys_regs handling is no longer quite correct for
> >> them) and added to sys_reg_desgs[], with appropriate access(),
> >> get_user() and set_user() methods. No runtime vcpu storage is
> >> allocated for the registers: instead, they are read on demand from
> >> the cpufeatures framework. This may need modification in the
> >> future if there is a need for userspace to customise the features
> >> visible to the guest.
> >>
> >> Attempts by userspace to write the registers are handled similarly
> >> to the current invariant_sys_regs handling: writes are permitted,
> >> but only if they don't attempt to change the value. This is
> >> sufficient to support VM snapshot/restore from userspace.
> >>
> >> Because of the additional registers, restoring a VM on an older
> >> kernel may not work unless userspace knows how to handle the extra
> >> VM registers exposed to the KVM user ABI by this patch.
> >>
> >> Under the principle of least damage, this patch makes no attempt to
> >> handle any of the other registers currently in
> >> invariant_sys_regs[], or to emulate registers for AArch32: however,
> >> these could be handled in a similar way in future, as necessary.
> >>
> >> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> >> Cc: Marc Zyngier <marc.zyngier@arm.com>
> >> ---
> >> arch/arm64/include/asm/sysreg.h | 3 +
> >> arch/arm64/kvm/hyp/switch.c | 6 +
> >> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
> >> 3 files changed, 246 insertions(+), 45 deletions(-)
> >>
> >> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> >> index f707fed..480ecd6 100644
> >> --- a/arch/arm64/include/asm/sysreg.h
> >> +++ b/arch/arm64/include/asm/sysreg.h
> >> @@ -149,6 +149,9 @@
> >> #define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
> >> #define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
> >>
> >> +#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
> >> +#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
> >> +
> >> #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
> >> #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
> >>
> >> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> >> index 945e79c..35a90b8 100644
> >> --- a/arch/arm64/kvm/hyp/switch.c
> >> +++ b/arch/arm64/kvm/hyp/switch.c
> >> @@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
> >> * it will cause an exception.
> >> */
> >> val = vcpu->arch.hcr_el2;
> >> +
> >> if (!(val & HCR_RW) && system_supports_fpsimd()) {
> >> write_sysreg(1 << 30, fpexc32_el2);
> >> isb();
> >> }
> >> +
> >> + if (val & HCR_RW) /* for AArch64 only: */
> >> + val |= HCR_TID3; /* TID3: trap feature register accesses */
> >> +
> >
> > Since we're setting this for all 64-bit VMs, can we not set this in
> > vcpu_reset_hcr instead?
> >
> >> write_sysreg(val, hcr_el2);
> >> +
> >> /* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
> >> write_sysreg(1 << 15, hstr_el2);
> >> /*
> >> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> >> index 2e070d3..b1f7552 100644
> >> --- a/arch/arm64/kvm/sys_regs.c
> >> +++ b/arch/arm64/kvm/sys_regs.c
> >> @@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
> >> return true;
> >> }
> >>
> >> +/* Read a sanitised cpufeature ID register by sys_reg_desc */
> >> +static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> >> +{
> >> + u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> >> + (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> >> +
> >> + return raz ? 0 : read_sanitised_ftr_reg(id);
> >> +}
> >> +
> >> +/* cpufeature ID register access trap handlers */
> >> +
> >> +static bool __access_id_reg(struct kvm_vcpu *vcpu,
> >> + struct sys_reg_params *p,
> >> + const struct sys_reg_desc *r,
> >> + bool raz)
> >> +{
> >> + if (p->is_write)
> >> + return write_to_read_only(vcpu, p, r);
> >> +
> >> + p->regval = read_id_reg(r, raz);
> >> + return true;
> >> +}
> >> +
> >> +static bool access_id_reg(struct kvm_vcpu *vcpu,
> >> + struct sys_reg_params *p,
> >> + const struct sys_reg_desc *r)
> >> +{
> >> + return __access_id_reg(vcpu, p, r, false);
> >> +}
> >> +
> >> +static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
> >> + struct sys_reg_params *p,
> >> + const struct sys_reg_desc *r)
> >> +{
> >> + return __access_id_reg(vcpu, p, r, true);
> >> +}
> >> +
> >> +static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
> >> +static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
> >> +static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
> >> +
> >> +/*
> >> + * cpufeature ID register user accessors
> >> + *
> >> + * For now, these registers are immutable for userspace, so no values
> >> + * are stored, and for set_id_reg() we don't allow the effective value
> >> + * to be changed.
> >> + */
> >> +static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> >> + bool raz)
> >> +{
> >> + const u64 id = sys_reg_to_index(rd);
> >> + const u64 val = read_id_reg(rd, raz);
> >> +
> >> + return reg_to_user(uaddr, &val, id);
> >> +}
> >> +
> >> +static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> >> + bool raz)
> >> +{
> >> + const u64 id = sys_reg_to_index(rd);
> >> + int err;
> >> + u64 val;
> >> +
> >> + err = reg_from_user(&val, uaddr, id);
> >> + if (err)
> >> + return err;
> >> +
> >> + /* This is what we mean by invariant: you can't change it. */
> >> + if (val != read_id_reg(rd, raz))
> >> + return -EINVAL;
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> >> + const struct kvm_one_reg *reg, void __user *uaddr)
> >> +{
> >> + return __get_id_reg(rd, uaddr, false);
> >> +}
> >> +
> >> +static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> >> + const struct kvm_one_reg *reg, void __user *uaddr)
> >> +{
> >> + return __set_id_reg(rd, uaddr, false);
> >> +}
> >> +
> >> +static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> >> + const struct kvm_one_reg *reg, void __user *uaddr)
> >> +{
> >> + return __get_id_reg(rd, uaddr, true);
> >> +}
> >> +
> >> +static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> >> + const struct kvm_one_reg *reg, void __user *uaddr)
> >> +{
> >> + return __set_id_reg(rd, uaddr, true);
> >> +}
> >> +
> >> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> >> +#define ID_SANITISED(name) { \
> >> + SYS_DESC(SYS_##name), \
> >> + .access = access_id_reg, \
> >> + .get_user = get_id_reg, \
> >> + .set_user = set_id_reg, \
> >> +}
> >> +
> >> +/*
> >> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> >> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> >> + * (1 <= crm < 8, 0 <= Op2 < 8).
> >> + */
> >> +#define ID_UNALLOCATED(crm, op2) { \
> >> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> >> + .access = access_raz_id_reg, \
> >> + .get_user = get_raz_id_reg, \
> >> + .set_user = set_raz_id_reg, \
> >> +}
> >> +
> >> +/*
> >> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> >> + * For now, these are exposed just like unallocated ID regs: they appear
> >> + * RAZ for the guest.
> >> + */
> >
> > What is a hidden ID register as opposed to an unallocated one?
>
> A hidden register is one where all the features have been removed (RAZ),
> making it similar to an unallocated one.
>
> > Shouldn't one of them presumably cause an undefined exception in the
> > guest?
>
> No, that'd be a violation of the architecture. The unallocated ID
> registers are required to be RAZ (see table D9-2 in D9.3.1), so that
> software can probe for feature without running the risk of getting an UNDEF.
>
Then I'm not really sure why we need the two defines. Is that just to
make it clear what the different rationales for dealing with various
registers in the same way are?
Thanks,
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
@ 2017-10-18 13:20 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 13:20 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 17, 2017 at 03:08:40PM +0100, Marc Zyngier wrote:
> On 17/10/17 14:51, Christoffer Dall wrote:
> > On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
> >> Currently, a guest kernel sees the true CPU feature registers
> >> (ID_*_EL1) when it reads them using MRS instructions. This means
> >> that the guest will observe features that are present in the
> >> hardware but the host doesn't understand or doesn't provide support
> >> for. A guest may legimitately try to use such a feature as per the
> >> architecture, but use of the feature may trap instead of working
> >> normally, triggering undef injection into the guest.
> >>
> >> This is not a problem for the host, but the guest may go wrong when
> >> running on newer hardware than the host knows about.
> >>
> >> This patch hides from guest VMs any AArch64-specific CPU features
> >> that the host doesn't support, by exposing to the guest the
> >> sanitised versions of the registers computed by the cpufeatures
> >> framework, instead of the true hardware registers. To achieve
> >> this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
> >> code is added to KVM to report the sanitised versions of the
> >> affected registers in response to MRS and register reads from
> >> userspace.
> >>
> >> The affected registers are removed from invariant_sys_regs[] (since
> >> the invariant_sys_regs handling is no longer quite correct for
> >> them) and added to sys_reg_desgs[], with appropriate access(),
> >> get_user() and set_user() methods. No runtime vcpu storage is
> >> allocated for the registers: instead, they are read on demand from
> >> the cpufeatures framework. This may need modification in the
> >> future if there is a need for userspace to customise the features
> >> visible to the guest.
> >>
> >> Attempts by userspace to write the registers are handled similarly
> >> to the current invariant_sys_regs handling: writes are permitted,
> >> but only if they don't attempt to change the value. This is
> >> sufficient to support VM snapshot/restore from userspace.
> >>
> >> Because of the additional registers, restoring a VM on an older
> >> kernel may not work unless userspace knows how to handle the extra
> >> VM registers exposed to the KVM user ABI by this patch.
> >>
> >> Under the principle of least damage, this patch makes no attempt to
> >> handle any of the other registers currently in
> >> invariant_sys_regs[], or to emulate registers for AArch32: however,
> >> these could be handled in a similar way in future, as necessary.
> >>
> >> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> >> Cc: Marc Zyngier <marc.zyngier@arm.com>
> >> ---
> >> arch/arm64/include/asm/sysreg.h | 3 +
> >> arch/arm64/kvm/hyp/switch.c | 6 +
> >> arch/arm64/kvm/sys_regs.c | 282 +++++++++++++++++++++++++++++++++-------
> >> 3 files changed, 246 insertions(+), 45 deletions(-)
> >>
> >> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> >> index f707fed..480ecd6 100644
> >> --- a/arch/arm64/include/asm/sysreg.h
> >> +++ b/arch/arm64/include/asm/sysreg.h
> >> @@ -149,6 +149,9 @@
> >> #define SYS_ID_AA64DFR0_EL1 sys_reg(3, 0, 0, 5, 0)
> >> #define SYS_ID_AA64DFR1_EL1 sys_reg(3, 0, 0, 5, 1)
> >>
> >> +#define SYS_ID_AA64AFR0_EL1 sys_reg(3, 0, 0, 5, 4)
> >> +#define SYS_ID_AA64AFR1_EL1 sys_reg(3, 0, 0, 5, 5)
> >> +
> >> #define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
> >> #define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
> >>
> >> diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
> >> index 945e79c..35a90b8 100644
> >> --- a/arch/arm64/kvm/hyp/switch.c
> >> +++ b/arch/arm64/kvm/hyp/switch.c
> >> @@ -81,11 +81,17 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
> >> * it will cause an exception.
> >> */
> >> val = vcpu->arch.hcr_el2;
> >> +
> >> if (!(val & HCR_RW) && system_supports_fpsimd()) {
> >> write_sysreg(1 << 30, fpexc32_el2);
> >> isb();
> >> }
> >> +
> >> + if (val & HCR_RW) /* for AArch64 only: */
> >> + val |= HCR_TID3; /* TID3: trap feature register accesses */
> >> +
> >
> > Since we're setting this for all 64-bit VMs, can we not set this in
> > vcpu_reset_hcr instead?
> >
> >> write_sysreg(val, hcr_el2);
> >> +
> >> /* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
> >> write_sysreg(1 << 15, hstr_el2);
> >> /*
> >> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> >> index 2e070d3..b1f7552 100644
> >> --- a/arch/arm64/kvm/sys_regs.c
> >> +++ b/arch/arm64/kvm/sys_regs.c
> >> @@ -892,6 +892,137 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu,
> >> return true;
> >> }
> >>
> >> +/* Read a sanitised cpufeature ID register by sys_reg_desc */
> >> +static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> >> +{
> >> + u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> >> + (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> >> +
> >> + return raz ? 0 : read_sanitised_ftr_reg(id);
> >> +}
> >> +
> >> +/* cpufeature ID register access trap handlers */
> >> +
> >> +static bool __access_id_reg(struct kvm_vcpu *vcpu,
> >> + struct sys_reg_params *p,
> >> + const struct sys_reg_desc *r,
> >> + bool raz)
> >> +{
> >> + if (p->is_write)
> >> + return write_to_read_only(vcpu, p, r);
> >> +
> >> + p->regval = read_id_reg(r, raz);
> >> + return true;
> >> +}
> >> +
> >> +static bool access_id_reg(struct kvm_vcpu *vcpu,
> >> + struct sys_reg_params *p,
> >> + const struct sys_reg_desc *r)
> >> +{
> >> + return __access_id_reg(vcpu, p, r, false);
> >> +}
> >> +
> >> +static bool access_raz_id_reg(struct kvm_vcpu *vcpu,
> >> + struct sys_reg_params *p,
> >> + const struct sys_reg_desc *r)
> >> +{
> >> + return __access_id_reg(vcpu, p, r, true);
> >> +}
> >> +
> >> +static int reg_from_user(u64 *val, const void __user *uaddr, u64 id);
> >> +static int reg_to_user(void __user *uaddr, const u64 *val, u64 id);
> >> +static u64 sys_reg_to_index(const struct sys_reg_desc *reg);
> >> +
> >> +/*
> >> + * cpufeature ID register user accessors
> >> + *
> >> + * For now, these registers are immutable for userspace, so no values
> >> + * are stored, and for set_id_reg() we don't allow the effective value
> >> + * to be changed.
> >> + */
> >> +static int __get_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> >> + bool raz)
> >> +{
> >> + const u64 id = sys_reg_to_index(rd);
> >> + const u64 val = read_id_reg(rd, raz);
> >> +
> >> + return reg_to_user(uaddr, &val, id);
> >> +}
> >> +
> >> +static int __set_id_reg(const struct sys_reg_desc *rd, void __user *uaddr,
> >> + bool raz)
> >> +{
> >> + const u64 id = sys_reg_to_index(rd);
> >> + int err;
> >> + u64 val;
> >> +
> >> + err = reg_from_user(&val, uaddr, id);
> >> + if (err)
> >> + return err;
> >> +
> >> + /* This is what we mean by invariant: you can't change it. */
> >> + if (val != read_id_reg(rd, raz))
> >> + return -EINVAL;
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> >> + const struct kvm_one_reg *reg, void __user *uaddr)
> >> +{
> >> + return __get_id_reg(rd, uaddr, false);
> >> +}
> >> +
> >> +static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> >> + const struct kvm_one_reg *reg, void __user *uaddr)
> >> +{
> >> + return __set_id_reg(rd, uaddr, false);
> >> +}
> >> +
> >> +static int get_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> >> + const struct kvm_one_reg *reg, void __user *uaddr)
> >> +{
> >> + return __get_id_reg(rd, uaddr, true);
> >> +}
> >> +
> >> +static int set_raz_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> >> + const struct kvm_one_reg *reg, void __user *uaddr)
> >> +{
> >> + return __set_id_reg(rd, uaddr, true);
> >> +}
> >> +
> >> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> >> +#define ID_SANITISED(name) { \
> >> + SYS_DESC(SYS_##name), \
> >> + .access = access_id_reg, \
> >> + .get_user = get_id_reg, \
> >> + .set_user = set_id_reg, \
> >> +}
> >> +
> >> +/*
> >> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> >> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> >> + * (1 <= crm < 8, 0 <= Op2 < 8).
> >> + */
> >> +#define ID_UNALLOCATED(crm, op2) { \
> >> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> >> + .access = access_raz_id_reg, \
> >> + .get_user = get_raz_id_reg, \
> >> + .set_user = set_raz_id_reg, \
> >> +}
> >> +
> >> +/*
> >> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> >> + * For now, these are exposed just like unallocated ID regs: they appear
> >> + * RAZ for the guest.
> >> + */
> >
> > What is a hidden ID register as opposed to an unallocated one?
>
> A hidden register is one where all the features have been removed (RAZ),
> making it similar to an unallocated one.
>
> > Shouldn't one of them presumably cause an undefined exception in the
> > guest?
>
> No, that'd be a violation of the architecture. The unallocated ID
> registers are required to be RAZ (see table D9-2 in D9.3.1), so that
> software can probe for feature without running the risk of getting an UNDEF.
>
Then I'm not really sure why we need the two defines. Is that just to
make it clear what the different rationales for dealing with various
registers in the same way are?
Thanks,
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
2017-10-17 15:47 ` Dave Martin
@ 2017-10-18 13:21 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 13:21 UTC (permalink / raw)
To: Dave Martin
Cc: Marc Zyngier, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
Richard Sandiford, kvmarm, linux-arm-kernel
On Tue, Oct 17, 2017 at 04:47:08PM +0100, Dave Martin wrote:
> On Tue, Oct 17, 2017 at 03:29:36PM +0100, Marc Zyngier wrote:
> > On 17/10/17 15:07, Dave Martin wrote:
> > > On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
> > >> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
> > >>> KVM guests cannot currently use SVE, because SVE is always
> > >>> configured to trap to EL2.
> > >>>
> > >>> However, a guest that sees SVE reported as present in
> > >>> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> > >>> use it. Instead of working, the guest will receive an injected
> > >>> undef exception, which may cause the guest to oops or go into a
> > >>> spin.
> > >>>
> > >>> To avoid misleading the guest into believing that SVE will work,
> > >>> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> > >>> guest attempts to read this register. No support is explicitly
> > >>> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> > >>> reading as zero, which is consistent with SVE not being
> > >>> implemented.
> > >>>
> > >>> This is a temporary measure, and will be removed in a later series
> > >>> when full KVM support for SVE is implemented.
> > >>>
> > >>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > >>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> > >>> Cc: Marc Zyngier <marc.zyngier@arm.com>
> > >>> ---
> > >>> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> > >>> 1 file changed, 11 insertions(+), 1 deletion(-)
> > >>>
> > >>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> > >>> index b1f7552..a0ee9b0 100644
> > >>> --- a/arch/arm64/kvm/sys_regs.c
> > >>> +++ b/arch/arm64/kvm/sys_regs.c
> > >>> @@ -23,6 +23,7 @@
> > >>> #include <linux/bsearch.h>
> > >>> #include <linux/kvm_host.h>
> > >>> #include <linux/mm.h>
> > >>> +#include <linux/printk.h>
> > >>> #include <linux/uaccess.h>
> > >>>
> > >>> #include <asm/cacheflush.h>
> > >>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> > >>> {
> > >>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> > >>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> > >>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
> > >>>
> > >>> - return raz ? 0 : read_sanitised_ftr_reg(id);
> > >>> + if (id == SYS_ID_AA64PFR0_EL1) {
> > >>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> > >>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> > >>> + task_pid_nr(current));
> > >>
> > >> nit: does this really qualify as an error print?
> > >
> > > I have no strong opinion on this: maz suggested I should add this --
> > > his concern was to make it difficult to ignore.
> > >
> > > This is transitional: the main purpose is to circumvent bug reports from
> > > people who find that SVE doesn't work in their guests, in the interim
> > > before proper KVM support lands upstream.
> > >
> > > Marc, do you still agree with this position?
> >
> > As long as this is transitional, I'm OK with this.
>
> No argument from me, since it was your request in the first place ;)
>
> Christoffer?
>
No (further) argument from me.
Thanks,
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-18 13:21 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 13:21 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 17, 2017 at 04:47:08PM +0100, Dave Martin wrote:
> On Tue, Oct 17, 2017 at 03:29:36PM +0100, Marc Zyngier wrote:
> > On 17/10/17 15:07, Dave Martin wrote:
> > > On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
> > >> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
> > >>> KVM guests cannot currently use SVE, because SVE is always
> > >>> configured to trap to EL2.
> > >>>
> > >>> However, a guest that sees SVE reported as present in
> > >>> ID_AA64PFR0_EL1 may legitimately expect that SVE works and try to
> > >>> use it. Instead of working, the guest will receive an injected
> > >>> undef exception, which may cause the guest to oops or go into a
> > >>> spin.
> > >>>
> > >>> To avoid misleading the guest into believing that SVE will work,
> > >>> this patch masks out the SVE field from ID_AA64PFR0_EL1 when a
> > >>> guest attempts to read this register. No support is explicitly
> > >>> added for ID_AA64ZFR0_EL1 either, so that is still emulated as
> > >>> reading as zero, which is consistent with SVE not being
> > >>> implemented.
> > >>>
> > >>> This is a temporary measure, and will be removed in a later series
> > >>> when full KVM support for SVE is implemented.
> > >>>
> > >>> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> > >>> Reviewed-by: Alex Benn?e <alex.bennee@linaro.org>
> > >>> Cc: Marc Zyngier <marc.zyngier@arm.com>
> > >>> ---
> > >>> arch/arm64/kvm/sys_regs.c | 12 +++++++++++-
> > >>> 1 file changed, 11 insertions(+), 1 deletion(-)
> > >>>
> > >>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> > >>> index b1f7552..a0ee9b0 100644
> > >>> --- a/arch/arm64/kvm/sys_regs.c
> > >>> +++ b/arch/arm64/kvm/sys_regs.c
> > >>> @@ -23,6 +23,7 @@
> > >>> #include <linux/bsearch.h>
> > >>> #include <linux/kvm_host.h>
> > >>> #include <linux/mm.h>
> > >>> +#include <linux/printk.h>
> > >>> #include <linux/uaccess.h>
> > >>>
> > >>> #include <asm/cacheflush.h>
> > >>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> > >>> {
> > >>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> > >>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> > >>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
> > >>>
> > >>> - return raz ? 0 : read_sanitised_ftr_reg(id);
> > >>> + if (id == SYS_ID_AA64PFR0_EL1) {
> > >>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> > >>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> > >>> + task_pid_nr(current));
> > >>
> > >> nit: does this really qualify as an error print?
> > >
> > > I have no strong opinion on this: maz suggested I should add this --
> > > his concern was to make it difficult to ignore.
> > >
> > > This is transitional: the main purpose is to circumvent bug reports from
> > > people who find that SVE doesn't work in their guests, in the interim
> > > before proper KVM support lands upstream.
> > >
> > > Marc, do you still agree with this position?
> >
> > As long as this is transitional, I'm OK with this.
>
> No argument from me, since it was your request in the first place ;)
>
> Christoffer?
>
No (further) argument from me.
Thanks,
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-17 14:31 ` Dave Martin
@ 2017-10-18 13:23 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 13:23 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Marc Zyngier,
Richard Sandiford, kvmarm, linux-arm-kernel
On Tue, Oct 17, 2017 at 03:31:42PM +0100, Dave Martin wrote:
> On Tue, Oct 17, 2017 at 01:50:24PM +0200, Christoffer Dall wrote:
> > On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> > > Until KVM has full SVE support, guests must not be allowed to
> > > execute SVE instructions.
> > >
> > > This patch enables the necessary traps, and also ensures that the
> > > traps are disabled again on exit from the guest so that the host
> > > can still use SVE if it wants to.
> > >
> > > This patch introduces another instance of
> > > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > > Other instances are ported appropriately.
> >
> > I don't understand this paragraph, beginning from ", so this...".
> >
> >
> > From reading the code, what I think is the reason for having to flush
> > the SVE state (and mark the host state invalid) is that even though we
> > disallow SVE usage in the guest, the guest can use the normal FP state,
> > and while we always fully preserve the host state, this could still
> > corrupt some additional SVE state not properly preserved for the host.
> > Is that correct?
>
> Yes, that's right: the guest can't touch the SVE-specific registers
> Pn/FFR, but FPSIMD accesses to Vn regs cause the high bits of the
> corresponding SVE Zn registers to be clobbered. In any case, the
> FPSIMD restore done by KVM after guest exit is sufficient to clobber
> those bits even if the guest didn't do it.
>
> This is a band-aid for not making the KVM world switch code properly
> SVE-aware yet.
>
> Does the following wording sound better:
>
> --8<--
>
> On guest exit, high bits of the SVE Zn registers may have been
> clobbered as a side-effect the execution of FPSIMD instructions in
> the guest. The existing KVM host FPSIMD restore code is not
> sufficient to restore these bits, so this patch explicitly marks
> the CPU as not containing cached vector state for any task, this
> forcing a reload on the next return to userspace. This is an
> interim measure, in advance of adding full SVE awareness to KVM.
>
> Because of the duplication of this operation
> (__this_cpu_write(fpsimd_last_state, NULL)), it is factored out as
s/it is/is/ (I think)
> a new helper fpsimd_flush_cpu_state() to make the purpose clearer.
>
> -->8--
>
> > >
> > > As a side effect of this refactoring, a this_cpu_write() in
> > > fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> > > should be fine, since cpu_pm_enter() is supposed to be called only
> > > with interrupts disabled.
> >
> > Otherwise the patch itself looks good to me.
>
> Thanks, let me know about the above wording change though.
>
Yes, the wording is good and helps a lot. Thanks for writing that.
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-18 13:23 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 13:23 UTC (permalink / raw)
To: linux-arm-kernel
On Tue, Oct 17, 2017 at 03:31:42PM +0100, Dave Martin wrote:
> On Tue, Oct 17, 2017 at 01:50:24PM +0200, Christoffer Dall wrote:
> > On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> > > Until KVM has full SVE support, guests must not be allowed to
> > > execute SVE instructions.
> > >
> > > This patch enables the necessary traps, and also ensures that the
> > > traps are disabled again on exit from the guest so that the host
> > > can still use SVE if it wants to.
> > >
> > > This patch introduces another instance of
> > > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > > Other instances are ported appropriately.
> >
> > I don't understand this paragraph, beginning from ", so this...".
> >
> >
> > From reading the code, what I think is the reason for having to flush
> > the SVE state (and mark the host state invalid) is that even though we
> > disallow SVE usage in the guest, the guest can use the normal FP state,
> > and while we always fully preserve the host state, this could still
> > corrupt some additional SVE state not properly preserved for the host.
> > Is that correct?
>
> Yes, that's right: the guest can't touch the SVE-specific registers
> Pn/FFR, but FPSIMD accesses to Vn regs cause the high bits of the
> corresponding SVE Zn registers to be clobbered. In any case, the
> FPSIMD restore done by KVM after guest exit is sufficient to clobber
> those bits even if the guest didn't do it.
>
> This is a band-aid for not making the KVM world switch code properly
> SVE-aware yet.
>
> Does the following wording sound better:
>
> --8<--
>
> On guest exit, high bits of the SVE Zn registers may have been
> clobbered as a side-effect the execution of FPSIMD instructions in
> the guest. The existing KVM host FPSIMD restore code is not
> sufficient to restore these bits, so this patch explicitly marks
> the CPU as not containing cached vector state for any task, this
> forcing a reload on the next return to userspace. This is an
> interim measure, in advance of adding full SVE awareness to KVM.
>
> Because of the duplication of this operation
> (__this_cpu_write(fpsimd_last_state, NULL)), it is factored out as
s/it is/is/ (I think)
> a new helper fpsimd_flush_cpu_state() to make the purpose clearer.
>
> -->8--
>
> > >
> > > As a side effect of this refactoring, a this_cpu_write() in
> > > fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
> > > should be fine, since cpu_pm_enter() is supposed to be called only
> > > with interrupts disabled.
> >
> > Otherwise the patch itself looks good to me.
>
> Thanks, let me know about the above wording change though.
>
Yes, the wording is good and helps a lot. Thanks for writing that.
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
2017-10-18 13:20 ` Christoffer Dall
@ 2017-10-18 14:45 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-18 14:45 UTC (permalink / raw)
To: Christoffer Dall
Cc: Marc Zyngier, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
kvmarm, Richard Sandiford, linux-arm-kernel
On Wed, Oct 18, 2017 at 03:20:26PM +0200, Christoffer Dall wrote:
> On Tue, Oct 17, 2017 at 03:08:40PM +0100, Marc Zyngier wrote:
> > On 17/10/17 14:51, Christoffer Dall wrote:
> > > On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
[...]
> > >> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> > >> +#define ID_SANITISED(name) { \
> > >> + SYS_DESC(SYS_##name), \
> > >> + .access = access_id_reg, \
> > >> + .get_user = get_id_reg, \
> > >> + .set_user = set_id_reg, \
> > >> +}
> > >> +
> > >> +/*
> > >> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> > >> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> > >> + * (1 <= crm < 8, 0 <= Op2 < 8).
> > >> + */
> > >> +#define ID_UNALLOCATED(crm, op2) { \
> > >> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> > >> + .access = access_raz_id_reg, \
> > >> + .get_user = get_raz_id_reg, \
> > >> + .set_user = set_raz_id_reg, \
> > >> +}
> > >> +
> > >> +/*
> > >> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> > >> + * For now, these are exposed just like unallocated ID regs: they appear
> > >> + * RAZ for the guest.
> > >> + */
> > >
> > > What is a hidden ID register as opposed to an unallocated one?
> >
> > A hidden register is one where all the features have been removed (RAZ),
> > making it similar to an unallocated one.
> >
> > > Shouldn't one of them presumably cause an undefined exception in the
> > > guest?
> >
> > No, that'd be a violation of the architecture. The unallocated ID
> > registers are required to be RAZ (see table D9-2 in D9.3.1), so that
> > software can probe for feature without running the risk of getting an UNDEF.
> >
> Then I'm not really sure why we need the two defines. Is that just to
> make it clear what the different rationales for dealing with various
> registers in the same way are?
Basically yes.
ID_HIDDEN() means we are bodging around something that we don't know
how to sanitise, whereas ID_UNALLOCATED() means that we follow the
architecture in returning zero for reads (maybe following an older
architecture version than the silicon).
ID_HIDDEN()s may need to evolve SoC-specific quirkage if we need to
expose non-architectural SoC-specific features via the mechanism.
These should never simply be exposed unless the architecture is
tightened in the future in such a way as to make this safe (unlikely).
ID_UNALLOCATED()s OTOH will mostly turn into ID_SANITISED() as the
architecture gains new features. The architecture could allocate new
IMP DEF feature regs though, in which case they would become ID_HIDDEN()
as soon as we know about them.
The distinction is drawn in attempt to help maintainers: the future
maintenance requirements for IN_UNALLOCATED()s will differ from
ID_HIDDEN()s.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
@ 2017-10-18 14:45 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-18 14:45 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 18, 2017 at 03:20:26PM +0200, Christoffer Dall wrote:
> On Tue, Oct 17, 2017 at 03:08:40PM +0100, Marc Zyngier wrote:
> > On 17/10/17 14:51, Christoffer Dall wrote:
> > > On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
[...]
> > >> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> > >> +#define ID_SANITISED(name) { \
> > >> + SYS_DESC(SYS_##name), \
> > >> + .access = access_id_reg, \
> > >> + .get_user = get_id_reg, \
> > >> + .set_user = set_id_reg, \
> > >> +}
> > >> +
> > >> +/*
> > >> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> > >> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> > >> + * (1 <= crm < 8, 0 <= Op2 < 8).
> > >> + */
> > >> +#define ID_UNALLOCATED(crm, op2) { \
> > >> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> > >> + .access = access_raz_id_reg, \
> > >> + .get_user = get_raz_id_reg, \
> > >> + .set_user = set_raz_id_reg, \
> > >> +}
> > >> +
> > >> +/*
> > >> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> > >> + * For now, these are exposed just like unallocated ID regs: they appear
> > >> + * RAZ for the guest.
> > >> + */
> > >
> > > What is a hidden ID register as opposed to an unallocated one?
> >
> > A hidden register is one where all the features have been removed (RAZ),
> > making it similar to an unallocated one.
> >
> > > Shouldn't one of them presumably cause an undefined exception in the
> > > guest?
> >
> > No, that'd be a violation of the architecture. The unallocated ID
> > registers are required to be RAZ (see table D9-2 in D9.3.1), so that
> > software can probe for feature without running the risk of getting an UNDEF.
> >
> Then I'm not really sure why we need the two defines. Is that just to
> make it clear what the different rationales for dealing with various
> registers in the same way are?
Basically yes.
ID_HIDDEN() means we are bodging around something that we don't know
how to sanitise, whereas ID_UNALLOCATED() means that we follow the
architecture in returning zero for reads (maybe following an older
architecture version than the silicon).
ID_HIDDEN()s may need to evolve SoC-specific quirkage if we need to
expose non-architectural SoC-specific features via the mechanism.
These should never simply be exposed unless the architecture is
tightened in the future in such a way as to make this safe (unlikely).
ID_UNALLOCATED()s OTOH will mostly turn into ID_SANITISED() as the
architecture gains new features. The architecture could allocate new
IMP DEF feature regs though, in which case they would become ID_HIDDEN()
as soon as we know about them.
The distinction is drawn in attempt to help maintainers: the future
maintenance requirements for IN_UNALLOCATED()s will differ from
ID_HIDDEN()s.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-18 13:23 ` Christoffer Dall
@ 2017-10-18 15:00 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-18 15:00 UTC (permalink / raw)
To: Christoffer Dall
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Marc Zyngier,
Richard Sandiford, kvmarm, linux-arm-kernel
On Wed, Oct 18, 2017 at 03:23:23PM +0200, Christoffer Dall wrote:
> On Tue, Oct 17, 2017 at 03:31:42PM +0100, Dave Martin wrote:
> > On Tue, Oct 17, 2017 at 01:50:24PM +0200, Christoffer Dall wrote:
> > > On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> > > > Until KVM has full SVE support, guests must not be allowed to
> > > > execute SVE instructions.
> > > >
> > > > This patch enables the necessary traps, and also ensures that the
> > > > traps are disabled again on exit from the guest so that the host
> > > > can still use SVE if it wants to.
> > > >
> > > > This patch introduces another instance of
> > > > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > > > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > > > Other instances are ported appropriately.
> > >
> > > I don't understand this paragraph, beginning from ", so this...".
> > >
> > >
> > > From reading the code, what I think is the reason for having to flush
> > > the SVE state (and mark the host state invalid) is that even though we
> > > disallow SVE usage in the guest, the guest can use the normal FP state,
> > > and while we always fully preserve the host state, this could still
> > > corrupt some additional SVE state not properly preserved for the host.
> > > Is that correct?
> >
> > Yes, that's right: the guest can't touch the SVE-specific registers
> > Pn/FFR, but FPSIMD accesses to Vn regs cause the high bits of the
> > corresponding SVE Zn registers to be clobbered. In any case, the
> > FPSIMD restore done by KVM after guest exit is sufficient to clobber
> > those bits even if the guest didn't do it.
> >
> > This is a band-aid for not making the KVM world switch code properly
> > SVE-aware yet.
> >
> > Does the following wording sound better:
> >
> > --8<--
> >
> > On guest exit, high bits of the SVE Zn registers may have been
> > clobbered as a side-effect the execution of FPSIMD instructions in
> > the guest. The existing KVM host FPSIMD restore code is not
> > sufficient to restore these bits, so this patch explicitly marks
> > the CPU as not containing cached vector state for any task, this
> > forcing a reload on the next return to userspace. This is an
> > interim measure, in advance of adding full SVE awareness to KVM.
> >
> > Because of the duplication of this operation
> > (__this_cpu_write(fpsimd_last_state, NULL)), it is factored out as
>
> s/it is/is/ (I think)
>
> > a new helper fpsimd_flush_cpu_state() to make the purpose clearer.
>
> Yes, the wording is good and helps a lot. Thanks for writing that.
>
I think it "it is" is correct, but it's a pretty ghastly sentence...
I'll split it as:
This marking of cached vector state in the CPU as invalid is done using
__this_cpu_write(fpsimd_last_state, NULL) in fpsimd.c. Due to the
repeated use of this rather obscure operation, it makes sense to factor
it out as a separate helper with a clearer name. This patch factors it
out as fpsimd_flush_cpu_state().
> Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
I'll assume I can keep keep your Reviewed-by, since this change is just
clarification.
But if you're not happy, please shout!
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-18 15:00 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-18 15:00 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 18, 2017 at 03:23:23PM +0200, Christoffer Dall wrote:
> On Tue, Oct 17, 2017 at 03:31:42PM +0100, Dave Martin wrote:
> > On Tue, Oct 17, 2017 at 01:50:24PM +0200, Christoffer Dall wrote:
> > > On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> > > > Until KVM has full SVE support, guests must not be allowed to
> > > > execute SVE instructions.
> > > >
> > > > This patch enables the necessary traps, and also ensures that the
> > > > traps are disabled again on exit from the guest so that the host
> > > > can still use SVE if it wants to.
> > > >
> > > > This patch introduces another instance of
> > > > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > > > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > > > Other instances are ported appropriately.
> > >
> > > I don't understand this paragraph, beginning from ", so this...".
> > >
> > >
> > > From reading the code, what I think is the reason for having to flush
> > > the SVE state (and mark the host state invalid) is that even though we
> > > disallow SVE usage in the guest, the guest can use the normal FP state,
> > > and while we always fully preserve the host state, this could still
> > > corrupt some additional SVE state not properly preserved for the host.
> > > Is that correct?
> >
> > Yes, that's right: the guest can't touch the SVE-specific registers
> > Pn/FFR, but FPSIMD accesses to Vn regs cause the high bits of the
> > corresponding SVE Zn registers to be clobbered. In any case, the
> > FPSIMD restore done by KVM after guest exit is sufficient to clobber
> > those bits even if the guest didn't do it.
> >
> > This is a band-aid for not making the KVM world switch code properly
> > SVE-aware yet.
> >
> > Does the following wording sound better:
> >
> > --8<--
> >
> > On guest exit, high bits of the SVE Zn registers may have been
> > clobbered as a side-effect the execution of FPSIMD instructions in
> > the guest. The existing KVM host FPSIMD restore code is not
> > sufficient to restore these bits, so this patch explicitly marks
> > the CPU as not containing cached vector state for any task, this
> > forcing a reload on the next return to userspace. This is an
> > interim measure, in advance of adding full SVE awareness to KVM.
> >
> > Because of the duplication of this operation
> > (__this_cpu_write(fpsimd_last_state, NULL)), it is factored out as
>
> s/it is/is/ (I think)
>
> > a new helper fpsimd_flush_cpu_state() to make the purpose clearer.
>
> Yes, the wording is good and helps a lot. Thanks for writing that.
>
I think it "it is" is correct, but it's a pretty ghastly sentence...
I'll split it as:
This marking of cached vector state in the CPU as invalid is done using
__this_cpu_write(fpsimd_last_state, NULL) in fpsimd.c. Due to the
repeated use of this rather obscure operation, it makes sense to factor
it out as a separate helper with a clearer name. This patch factors it
out as fpsimd_flush_cpu_state().
> Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
I'll assume I can keep keep your Reviewed-by, since this change is just
clarification.
But if you're not happy, please shout!
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
2017-10-18 13:21 ` Christoffer Dall
@ 2017-10-18 15:01 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-18 15:01 UTC (permalink / raw)
To: Christoffer Dall
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Marc Zyngier, Catalin Marinas, Will Deacon, Szabolcs Nagy,
Richard Sandiford, kvmarm, linux-arm-kernel
On Wed, Oct 18, 2017 at 03:21:45PM +0200, Christoffer Dall wrote:
> On Tue, Oct 17, 2017 at 04:47:08PM +0100, Dave Martin wrote:
> > On Tue, Oct 17, 2017 at 03:29:36PM +0100, Marc Zyngier wrote:
> > > On 17/10/17 15:07, Dave Martin wrote:
> > > > On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
> > > >> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
[...]
> > > >>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
[...]
> > > >>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> > > >>> {
> > > >>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> > > >>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> > > >>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
> > > >>>
> > > >>> - return raz ? 0 : read_sanitised_ftr_reg(id);
> > > >>> + if (id == SYS_ID_AA64PFR0_EL1) {
> > > >>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> > > >>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> > > >>> + task_pid_nr(current));
> > > >>
> > > >> nit: does this really qualify as an error print?
> > > >
> > > > I have no strong opinion on this: maz suggested I should add this --
> > > > his concern was to make it difficult to ignore.
> > > >
> > > > This is transitional: the main purpose is to circumvent bug reports from
> > > > people who find that SVE doesn't work in their guests, in the interim
> > > > before proper KVM support lands upstream.
> > > >
> > > > Marc, do you still agree with this position?
> > >
> > > As long as this is transitional, I'm OK with this.
> >
> > No argument from me, since it was your request in the first place ;)
> >
> > Christoffer?
> >
> No (further) argument from me.
OK, thanks. Can I take that as an Ack?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-18 15:01 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-18 15:01 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 18, 2017 at 03:21:45PM +0200, Christoffer Dall wrote:
> On Tue, Oct 17, 2017 at 04:47:08PM +0100, Dave Martin wrote:
> > On Tue, Oct 17, 2017 at 03:29:36PM +0100, Marc Zyngier wrote:
> > > On 17/10/17 15:07, Dave Martin wrote:
> > > > On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
> > > >> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
[...]
> > > >>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
[...]
> > > >>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
> > > >>> {
> > > >>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
> > > >>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
> > > >>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
> > > >>>
> > > >>> - return raz ? 0 : read_sanitised_ftr_reg(id);
> > > >>> + if (id == SYS_ID_AA64PFR0_EL1) {
> > > >>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
> > > >>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
> > > >>> + task_pid_nr(current));
> > > >>
> > > >> nit: does this really qualify as an error print?
> > > >
> > > > I have no strong opinion on this: maz suggested I should add this --
> > > > his concern was to make it difficult to ignore.
> > > >
> > > > This is transitional: the main purpose is to circumvent bug reports from
> > > > people who find that SVE doesn't work in their guests, in the interim
> > > > before proper KVM support lands upstream.
> > > >
> > > > Marc, do you still agree with this position?
> > >
> > > As long as this is transitional, I'm OK with this.
> >
> > No argument from me, since it was your request in the first place ;)
> >
> > Christoffer?
> >
> No (further) argument from me.
OK, thanks. Can I take that as an Ack?
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
2017-10-18 10:32 ` Catalin Marinas
@ 2017-10-18 16:02 ` Dave Martin
-1 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-18 16:02 UTC (permalink / raw)
To: Catalin Marinas
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Richard Sandiford, Will Deacon, Alan Hayward,
Alex Bennée, kvmarm, linux-arm-kernel
On Wed, Oct 18, 2017 at 11:32:55AM +0100, Catalin Marinas wrote:
> On Fri, Oct 13, 2017 at 05:16:39PM +0100, Dave P Martin wrote:
> > On Thu, Oct 12, 2017 at 06:06:32PM +0100, Catalin Marinas wrote:
> > > On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> > > > @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> > > > return ret;
> > > > }
> > > >
> > > > +#ifdef CONFIG_ARM64_SVE
> > > > +
> > > > +static void sve_init_header_from_task(struct user_sve_header *header,
> > > > + struct task_struct *target)
> > > > +{
> > > > + unsigned int vq;
> > > > +
> > > > + memset(header, 0, sizeof(*header));
> > > > +
> > > > + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> > > > + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
> > >
> > > For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
> > > happened with the target. Just a thought: shall we clear TIF_SVE (and
> > > sync it to fpsimd) in syscall_trace_enter()?
> >
> > I'm not so sure: if we were to do that, a syscall that is cancelled by
> > writing -1 to REGSET_SYSCALL could still discard the SVE registers as a
> > side-effect.
> >
> > The target committed to discard by executing SVC, but my feeling is
> > that cancellation of a syscall in this way shouldn't have avoidable
> > side-effects for the target. But the semantics of cancelled syscalls
> > are a bit of a grey area, so I can see potential arguments on both
> > sides.
>
> We already can't guarantee this - if the task invoking a syscall gets
> preempted before syscall_trace_enter(), TIF_SVE will be cleared. Are you
> reinstating TIF_SVE if the syscall was cancelled?
>
> So my comment was more about consistency on presenting the SVE state to
> the debugger handling PTRACE_SYSCALL.
See the end of this reply.
> > > > + /* Registers: FPSIMD-only case */
> > > > +
> > > > + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> > > > + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> > > > + sve_sync_to_fpsimd(target);
> > > > +
> > > > + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> > > > + SVE_PT_FPSIMD_OFFSET);
> > > > + clear_tsk_thread_flag(target, TIF_SVE);
> > > > + goto out;
> > > > + }
> > >
> > > __fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
> >
> > Yes, the call to sve_sync_to_fpsimd() is superfluous here -- I think
> > that I realised that all callers of __fpr_set() need this to happen,
> > but never deleted the explicit call from sve_set().
> >
> > I'll delete it.
> >
> >
> > Looking more closely at __fpr_set() though, I think it needs this change
> > too, because the sync is unintentionally placed after reading
> > thread.fpsimd_state instead of before:
> >
> > @@ -652,11 +652,12 @@ static int __fpr_set(struct task_struct *target,
> > unsigned int start_pos)
> > {
> > int ret;
> > - struct user_fpsimd_state newstate =
> > - target->thread.fpsimd_state.user_fpsimd;
> > + struct user_fpsimd_state newstate;
> >
> > sve_sync_to_fpsimd(target);
> >
> > + newstate = target->thread.fpsimd_state.user_fpsimd;
> > +
> > ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
> > [...]
> >
> > (Or were you confident that this was already OK? Maybe I'm confusing
> > myself.)
>
> With the sve_sync_to_fpsimd() called before __fpr_set(), it was ok. Once
> you removed that you indeed need the change to __fpr_set().
Hmmm, yes. Anyway, I've applied the above fix, so I think this should
be fine now.
> > > need this since we are going to override the FPSIMD state anyway here.
> >
> > The underlying reason for this is the issue of what should happen
> > for short regset writes. Historically, writes through fpr_set() can
> > be truncated arbitrarily, and the rest of fpsimd_state will remain
> > unchanged.
>
> Ah, I forgot about this.
>
> > The issue is that if TIF_SVE is set, fpsimd_state can be stale for
> > target. If the initial sve_sync_to_fpsimd() is removed in sve_set()
> > above, then we may resurrect old values for the untouched registers,
> > instead of simply leaving them unmodified.
> >
> > Should I add comments explaining the purpose? I guess it is rather
> > non-obvious.
>
> Yes, please.
Will do. It's pretty yucky.
>
> > > > + set_tsk_thread_flag(target, TIF_SVE);
> > >
> > > This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
> > > which may be cleared in some circumstances. It may not be an issue
> > > though.
> >
> > I would argue that this is correct behaviour: the syscall enter trap and
> > exit traps should both behave as if they are outside the syscall,
> > allowing the debugger to simulate the effect of inserting any
> > instructions the target could have inserted before or after the SVC.
> > This may include simulating SVE instructions or modifying SVE regs,
> > which would require TIF_SVE to get set.
>
> I'm ok with this approach but I'm not sure we can guarantee it with
> preemption enabled.
Hmmm, I think I'm guilty of inventing a spurious argument here.
Apparently gdb does not do syscall cancelling.
Strace does though.
(See http://man7.org/linux/man-pages/man1/strace.1.html, search for
"syscall tampering" ;)
However, it never tries to skip a syscall entirelity AFAICT:
instead, it only attempts to fake what occurs during the syscall,
such as bailing out with a predetermined return value.
> > If the tracer doesn't cancel the syscall at the enter trap, then a
> > real syscall will execute and that may cause the SVE state to be
> > discarded in the usual way in the case of preemption or blocking: it
> > seems cleaner for the debug illusion that this decision isn't made
> > differently just because the target is being traced.
> >
> > (Spoiler alert though: the syscall exit trap will force the target
> > to be scheduled out, which will force discard with the current
> > task_fpsimd_save() behaviour ... but that could be changed in the
> > future, and I prefer not to document any sort of guarantee here.)
>
> If such state isn't guaranteed, then the de-facto ABI is that the
> debugger cannot simulate any SVE instruction via NO_SYSCALL since the
> SVE state may be discarded. So it can only rely on what's guaranteed and
> changing the behaviour later won't actually help.
I think you're right.
Simulating the content of the syscall does work though, and doesn't
depend on whether SVE discard occurs or not.
If the tracer sets the SVE regs at the syscall enter/exit traps,
they could still be discarded again before the tracee reenters
userspace, but that's no different from what happens in a real
syscall.
So I think my overall argument would be:
ptrace should be as orthogonal as possible to SVE discard.
Currently ptrace neither assumes that SVE discard will happen or that it
won't: it just does what the tracer asks for and tries to be safe with
either and doesn't try to hide the effects from the tracer or tracee.
I worry that introducing more interdependencies between ptrace and the
fpsimd.c code will complicate maintenance rather than making it easier.
Does that may my position clearer?
If we go with this, I should add a note to the documentation explaining
how NT_ARM_SVE writes interact with ptrace syscall traps.
The alternative would be to forcibly discard SVE in
syscall_trace_enter(), but this doesn't seem to simplify the NT_ARM_SVE
implementation at all -- that code needs to work for all types of
ptrace-stop, not just syscall traps: other that syscall traps, SVE
is potentially live for the tracee and must not be discarded.
So I'm still not clear on what the gain is.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support
@ 2017-10-18 16:02 ` Dave Martin
0 siblings, 0 replies; 253+ messages in thread
From: Dave Martin @ 2017-10-18 16:02 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 18, 2017 at 11:32:55AM +0100, Catalin Marinas wrote:
> On Fri, Oct 13, 2017 at 05:16:39PM +0100, Dave P Martin wrote:
> > On Thu, Oct 12, 2017 at 06:06:32PM +0100, Catalin Marinas wrote:
> > > On Tue, Oct 10, 2017 at 07:38:36PM +0100, Dave P Martin wrote:
> > > > @@ -702,6 +737,211 @@ static int system_call_set(struct task_struct *target,
> > > > return ret;
> > > > }
> > > >
> > > > +#ifdef CONFIG_ARM64_SVE
> > > > +
> > > > +static void sve_init_header_from_task(struct user_sve_header *header,
> > > > + struct task_struct *target)
> > > > +{
> > > > + unsigned int vq;
> > > > +
> > > > + memset(header, 0, sizeof(*header));
> > > > +
> > > > + header->flags = test_tsk_thread_flag(target, TIF_SVE) ?
> > > > + SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD;
> > >
> > > For PTRACE_SYSCALL, we may or may not have TIF_SVE depending on what
> > > happened with the target. Just a thought: shall we clear TIF_SVE (and
> > > sync it to fpsimd) in syscall_trace_enter()?
> >
> > I'm not so sure: if we were to do that, a syscall that is cancelled by
> > writing -1 to REGSET_SYSCALL could still discard the SVE registers as a
> > side-effect.
> >
> > The target committed to discard by executing SVC, but my feeling is
> > that cancellation of a syscall in this way shouldn't have avoidable
> > side-effects for the target. But the semantics of cancelled syscalls
> > are a bit of a grey area, so I can see potential arguments on both
> > sides.
>
> We already can't guarantee this - if the task invoking a syscall gets
> preempted before syscall_trace_enter(), TIF_SVE will be cleared. Are you
> reinstating TIF_SVE if the syscall was cancelled?
>
> So my comment was more about consistency on presenting the SVE state to
> the debugger handling PTRACE_SYSCALL.
See the end of this reply.
> > > > + /* Registers: FPSIMD-only case */
> > > > +
> > > > + BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header));
> > > > + if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) {
> > > > + sve_sync_to_fpsimd(target);
> > > > +
> > > > + ret = __fpr_set(target, regset, pos, count, kbuf, ubuf,
> > > > + SVE_PT_FPSIMD_OFFSET);
> > > > + clear_tsk_thread_flag(target, TIF_SVE);
> > > > + goto out;
> > > > + }
> > >
> > > __fpr_set() already calls sve_sync_to_fpsimd(). Anyway, do you actually
> >
> > Yes, the call to sve_sync_to_fpsimd() is superfluous here -- I think
> > that I realised that all callers of __fpr_set() need this to happen,
> > but never deleted the explicit call from sve_set().
> >
> > I'll delete it.
> >
> >
> > Looking more closely at __fpr_set() though, I think it needs this change
> > too, because the sync is unintentionally placed after reading
> > thread.fpsimd_state instead of before:
> >
> > @@ -652,11 +652,12 @@ static int __fpr_set(struct task_struct *target,
> > unsigned int start_pos)
> > {
> > int ret;
> > - struct user_fpsimd_state newstate =
> > - target->thread.fpsimd_state.user_fpsimd;
> > + struct user_fpsimd_state newstate;
> >
> > sve_sync_to_fpsimd(target);
> >
> > + newstate = target->thread.fpsimd_state.user_fpsimd;
> > +
> > ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate,
> > [...]
> >
> > (Or were you confident that this was already OK? Maybe I'm confusing
> > myself.)
>
> With the sve_sync_to_fpsimd() called before __fpr_set(), it was ok. Once
> you removed that you indeed need the change to __fpr_set().
Hmmm, yes. Anyway, I've applied the above fix, so I think this should
be fine now.
> > > need this since we are going to override the FPSIMD state anyway here.
> >
> > The underlying reason for this is the issue of what should happen
> > for short regset writes. Historically, writes through fpr_set() can
> > be truncated arbitrarily, and the rest of fpsimd_state will remain
> > unchanged.
>
> Ah, I forgot about this.
>
> > The issue is that if TIF_SVE is set, fpsimd_state can be stale for
> > target. If the initial sve_sync_to_fpsimd() is removed in sve_set()
> > above, then we may resurrect old values for the untouched registers,
> > instead of simply leaving them unmodified.
> >
> > Should I add comments explaining the purpose? I guess it is rather
> > non-obvious.
>
> Yes, please.
Will do. It's pretty yucky.
>
> > > > + set_tsk_thread_flag(target, TIF_SVE);
> > >
> > > This has the side-effect of enabling TIF_SVE even for PTRACE_SYSCALL
> > > which may be cleared in some circumstances. It may not be an issue
> > > though.
> >
> > I would argue that this is correct behaviour: the syscall enter trap and
> > exit traps should both behave as if they are outside the syscall,
> > allowing the debugger to simulate the effect of inserting any
> > instructions the target could have inserted before or after the SVC.
> > This may include simulating SVE instructions or modifying SVE regs,
> > which would require TIF_SVE to get set.
>
> I'm ok with this approach but I'm not sure we can guarantee it with
> preemption enabled.
Hmmm, I think I'm guilty of inventing a spurious argument here.
Apparently gdb does not do syscall cancelling.
Strace does though.
(See http://man7.org/linux/man-pages/man1/strace.1.html, search for
"syscall tampering" ;)
However, it never tries to skip a syscall entirelity AFAICT:
instead, it only attempts to fake what occurs during the syscall,
such as bailing out with a predetermined return value.
> > If the tracer doesn't cancel the syscall at the enter trap, then a
> > real syscall will execute and that may cause the SVE state to be
> > discarded in the usual way in the case of preemption or blocking: it
> > seems cleaner for the debug illusion that this decision isn't made
> > differently just because the target is being traced.
> >
> > (Spoiler alert though: the syscall exit trap will force the target
> > to be scheduled out, which will force discard with the current
> > task_fpsimd_save() behaviour ... but that could be changed in the
> > future, and I prefer not to document any sort of guarantee here.)
>
> If such state isn't guaranteed, then the de-facto ABI is that the
> debugger cannot simulate any SVE instruction via NO_SYSCALL since the
> SVE state may be discarded. So it can only rely on what's guaranteed and
> changing the behaviour later won't actually help.
I think you're right.
Simulating the content of the syscall does work though, and doesn't
depend on whether SVE discard occurs or not.
If the tracer sets the SVE regs at the syscall enter/exit traps,
they could still be discarded again before the tracee reenters
userspace, but that's no different from what happens in a real
syscall.
So I think my overall argument would be:
ptrace should be as orthogonal as possible to SVE discard.
Currently ptrace neither assumes that SVE discard will happen or that it
won't: it just does what the tracer asks for and tries to be safe with
either and doesn't try to hide the effects from the tracer or tracee.
I worry that introducing more interdependencies between ptrace and the
fpsimd.c code will complicate maintenance rather than making it easier.
Does that may my position clearer?
If we go with this, I should add a note to the documentation explaining
how NT_ARM_SVE writes interact with ptrace syscall traps.
The alternative would be to forcibly discard SVE in
syscall_trace_enter(), but this doesn't seem to simplify the NT_ARM_SVE
implementation at all -- that code needs to work for all types of
ptrace-stop, not just syscall traps: other that syscall traps, SVE
is potentially live for the tracee and must not be discarded.
So I'm still not clear on what the gain is.
Cheers
---Dave
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
2017-10-18 15:01 ` Dave Martin
@ 2017-10-18 16:49 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 16:49 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Marc Zyngier, Catalin Marinas, Will Deacon, Szabolcs Nagy,
Richard Sandiford, kvmarm, linux-arm-kernel
On Wed, Oct 18, 2017 at 5:01 PM, Dave Martin <Dave.Martin@arm.com> wrote:
> On Wed, Oct 18, 2017 at 03:21:45PM +0200, Christoffer Dall wrote:
>> On Tue, Oct 17, 2017 at 04:47:08PM +0100, Dave Martin wrote:
>> > On Tue, Oct 17, 2017 at 03:29:36PM +0100, Marc Zyngier wrote:
>> > > On 17/10/17 15:07, Dave Martin wrote:
>> > > > On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
>> > > >> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
>
> [...]
>
>> > > >>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
>
> [...]
>
>> > > >>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
>> > > >>> {
>> > > >>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
>> > > >>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
>> > > >>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>> > > >>>
>> > > >>> - return raz ? 0 : read_sanitised_ftr_reg(id);
>> > > >>> + if (id == SYS_ID_AA64PFR0_EL1) {
>> > > >>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
>> > > >>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
>> > > >>> + task_pid_nr(current));
>> > > >>
>> > > >> nit: does this really qualify as an error print?
>> > > >
>> > > > I have no strong opinion on this: maz suggested I should add this --
>> > > > his concern was to make it difficult to ignore.
>> > > >
>> > > > This is transitional: the main purpose is to circumvent bug reports from
>> > > > people who find that SVE doesn't work in their guests, in the interim
>> > > > before proper KVM support lands upstream.
>> > > >
>> > > > Marc, do you still agree with this position?
>> > >
>> > > As long as this is transitional, I'm OK with this.
>> >
>> > No argument from me, since it was your request in the first place ;)
>> >
>> > Christoffer?
>> >
>> No (further) argument from me.
>
> OK, thanks. Can I take that as an Ack?
>
Yes:
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests
@ 2017-10-18 16:49 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 16:49 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 18, 2017 at 5:01 PM, Dave Martin <Dave.Martin@arm.com> wrote:
> On Wed, Oct 18, 2017 at 03:21:45PM +0200, Christoffer Dall wrote:
>> On Tue, Oct 17, 2017 at 04:47:08PM +0100, Dave Martin wrote:
>> > On Tue, Oct 17, 2017 at 03:29:36PM +0100, Marc Zyngier wrote:
>> > > On 17/10/17 15:07, Dave Martin wrote:
>> > > > On Tue, Oct 17, 2017 at 06:58:16AM -0700, Christoffer Dall wrote:
>> > > >> On Tue, Oct 10, 2017 at 07:38:41PM +0100, Dave Martin wrote:
>
> [...]
>
>> > > >>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
>
> [...]
>
>> > > >>> @@ -897,8 +898,17 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
>> > > >>> {
>> > > >>> u32 id = sys_reg((u32)r->Op0, (u32)r->Op1,
>> > > >>> (u32)r->CRn, (u32)r->CRm, (u32)r->Op2);
>> > > >>> + u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
>> > > >>>
>> > > >>> - return raz ? 0 : read_sanitised_ftr_reg(id);
>> > > >>> + if (id == SYS_ID_AA64PFR0_EL1) {
>> > > >>> + if (val & (0xfUL << ID_AA64PFR0_SVE_SHIFT))
>> > > >>> + pr_err_once("kvm [%i]: SVE unsupported for guests, suppressing\n",
>> > > >>> + task_pid_nr(current));
>> > > >>
>> > > >> nit: does this really qualify as an error print?
>> > > >
>> > > > I have no strong opinion on this: maz suggested I should add this --
>> > > > his concern was to make it difficult to ignore.
>> > > >
>> > > > This is transitional: the main purpose is to circumvent bug reports from
>> > > > people who find that SVE doesn't work in their guests, in the interim
>> > > > before proper KVM support lands upstream.
>> > > >
>> > > > Marc, do you still agree with this position?
>> > >
>> > > As long as this is transitional, I'm OK with this.
>> >
>> > No argument from me, since it was your request in the first place ;)
>> >
>> > Christoffer?
>> >
>> No (further) argument from me.
>
> OK, thanks. Can I take that as an Ack?
>
Yes:
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
2017-10-18 14:45 ` Dave Martin
@ 2017-10-18 19:19 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 19:19 UTC (permalink / raw)
To: Dave Martin
Cc: Marc Zyngier, linux-arch, Okamoto Takayuki, libc-alpha,
Ard Biesheuvel, Szabolcs Nagy, Catalin Marinas, Will Deacon,
kvmarm, Richard Sandiford, linux-arm-kernel
On Wed, Oct 18, 2017 at 03:45:10PM +0100, Dave Martin wrote:
> On Wed, Oct 18, 2017 at 03:20:26PM +0200, Christoffer Dall wrote:
> > On Tue, Oct 17, 2017 at 03:08:40PM +0100, Marc Zyngier wrote:
> > > On 17/10/17 14:51, Christoffer Dall wrote:
> > > > On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
>
> [...]
>
> > > >> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> > > >> +#define ID_SANITISED(name) { \
> > > >> + SYS_DESC(SYS_##name), \
> > > >> + .access = access_id_reg, \
> > > >> + .get_user = get_id_reg, \
> > > >> + .set_user = set_id_reg, \
> > > >> +}
> > > >> +
> > > >> +/*
> > > >> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> > > >> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> > > >> + * (1 <= crm < 8, 0 <= Op2 < 8).
> > > >> + */
> > > >> +#define ID_UNALLOCATED(crm, op2) { \
> > > >> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> > > >> + .access = access_raz_id_reg, \
> > > >> + .get_user = get_raz_id_reg, \
> > > >> + .set_user = set_raz_id_reg, \
> > > >> +}
> > > >> +
> > > >> +/*
> > > >> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> > > >> + * For now, these are exposed just like unallocated ID regs: they appear
> > > >> + * RAZ for the guest.
> > > >> + */
> > > >
> > > > What is a hidden ID register as opposed to an unallocated one?
> > >
> > > A hidden register is one where all the features have been removed (RAZ),
> > > making it similar to an unallocated one.
> > >
> > > > Shouldn't one of them presumably cause an undefined exception in the
> > > > guest?
> > >
> > > No, that'd be a violation of the architecture. The unallocated ID
> > > registers are required to be RAZ (see table D9-2 in D9.3.1), so that
> > > software can probe for feature without running the risk of getting an UNDEF.
> > >
> > Then I'm not really sure why we need the two defines. Is that just to
> > make it clear what the different rationales for dealing with various
> > registers in the same way are?
>
> Basically yes.
>
> ID_HIDDEN() means we are bodging around something that we don't know
> how to sanitise, whereas ID_UNALLOCATED() means that we follow the
> architecture in returning zero for reads (maybe following an older
> architecture version than the silicon).
>
> ID_HIDDEN()s may need to evolve SoC-specific quirkage if we need to
> expose non-architectural SoC-specific features via the mechanism.
> These should never simply be exposed unless the architecture is
> tightened in the future in such a way as to make this safe (unlikely).
>
> ID_UNALLOCATED()s OTOH will mostly turn into ID_SANITISED() as the
> architecture gains new features. The architecture could allocate new
> IMP DEF feature regs though, in which case they would become ID_HIDDEN()
> as soon as we know about them.
>
>
> The distinction is drawn in attempt to help maintainers: the future
> maintenance requirements for IN_UNALLOCATED()s will differ from
> ID_HIDDEN()s.
>
Thanks for the explanation.
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests
@ 2017-10-18 19:19 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 19:19 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 18, 2017 at 03:45:10PM +0100, Dave Martin wrote:
> On Wed, Oct 18, 2017 at 03:20:26PM +0200, Christoffer Dall wrote:
> > On Tue, Oct 17, 2017 at 03:08:40PM +0100, Marc Zyngier wrote:
> > > On 17/10/17 14:51, Christoffer Dall wrote:
> > > > On Tue, Oct 10, 2017 at 07:38:19PM +0100, Dave Martin wrote:
>
> [...]
>
> > > >> +/* sys_reg_desc initialiser for known cpufeature ID registers */
> > > >> +#define ID_SANITISED(name) { \
> > > >> + SYS_DESC(SYS_##name), \
> > > >> + .access = access_id_reg, \
> > > >> + .get_user = get_id_reg, \
> > > >> + .set_user = set_id_reg, \
> > > >> +}
> > > >> +
> > > >> +/*
> > > >> + * sys_reg_desc initialiser for architecturally unallocated cpufeature ID
> > > >> + * register with encoding Op0=3, Op1=0, CRn=0, CRm=crm, Op2=op2
> > > >> + * (1 <= crm < 8, 0 <= Op2 < 8).
> > > >> + */
> > > >> +#define ID_UNALLOCATED(crm, op2) { \
> > > >> + Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \
> > > >> + .access = access_raz_id_reg, \
> > > >> + .get_user = get_raz_id_reg, \
> > > >> + .set_user = set_raz_id_reg, \
> > > >> +}
> > > >> +
> > > >> +/*
> > > >> + * sys_reg_desc initialiser for known ID registers that we hide from guests.
> > > >> + * For now, these are exposed just like unallocated ID regs: they appear
> > > >> + * RAZ for the guest.
> > > >> + */
> > > >
> > > > What is a hidden ID register as opposed to an unallocated one?
> > >
> > > A hidden register is one where all the features have been removed (RAZ),
> > > making it similar to an unallocated one.
> > >
> > > > Shouldn't one of them presumably cause an undefined exception in the
> > > > guest?
> > >
> > > No, that'd be a violation of the architecture. The unallocated ID
> > > registers are required to be RAZ (see table D9-2 in D9.3.1), so that
> > > software can probe for feature without running the risk of getting an UNDEF.
> > >
> > Then I'm not really sure why we need the two defines. Is that just to
> > make it clear what the different rationales for dealing with various
> > registers in the same way are?
>
> Basically yes.
>
> ID_HIDDEN() means we are bodging around something that we don't know
> how to sanitise, whereas ID_UNALLOCATED() means that we follow the
> architecture in returning zero for reads (maybe following an older
> architecture version than the silicon).
>
> ID_HIDDEN()s may need to evolve SoC-specific quirkage if we need to
> expose non-architectural SoC-specific features via the mechanism.
> These should never simply be exposed unless the architecture is
> tightened in the future in such a way as to make this safe (unlikely).
>
> ID_UNALLOCATED()s OTOH will mostly turn into ID_SANITISED() as the
> architecture gains new features. The architecture could allocate new
> IMP DEF feature regs though, in which case they would become ID_HIDDEN()
> as soon as we know about them.
>
>
> The distinction is drawn in attempt to help maintainers: the future
> maintenance requirements for IN_UNALLOCATED()s will differ from
> ID_HIDDEN()s.
>
Thanks for the explanation.
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* Re: [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
2017-10-18 15:00 ` Dave Martin
@ 2017-10-18 19:22 ` Christoffer Dall
-1 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 19:22 UTC (permalink / raw)
To: Dave Martin
Cc: linux-arch, Okamoto Takayuki, libc-alpha, Ard Biesheuvel,
Szabolcs Nagy, Catalin Marinas, Will Deacon, Marc Zyngier,
Richard Sandiford, kvmarm, linux-arm-kernel
On Wed, Oct 18, 2017 at 04:00:05PM +0100, Dave Martin wrote:
> On Wed, Oct 18, 2017 at 03:23:23PM +0200, Christoffer Dall wrote:
> > On Tue, Oct 17, 2017 at 03:31:42PM +0100, Dave Martin wrote:
> > > On Tue, Oct 17, 2017 at 01:50:24PM +0200, Christoffer Dall wrote:
> > > > On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> > > > > Until KVM has full SVE support, guests must not be allowed to
> > > > > execute SVE instructions.
> > > > >
> > > > > This patch enables the necessary traps, and also ensures that the
> > > > > traps are disabled again on exit from the guest so that the host
> > > > > can still use SVE if it wants to.
> > > > >
> > > > > This patch introduces another instance of
> > > > > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > > > > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > > > > Other instances are ported appropriately.
> > > >
> > > > I don't understand this paragraph, beginning from ", so this...".
> > > >
> > > >
> > > > From reading the code, what I think is the reason for having to flush
> > > > the SVE state (and mark the host state invalid) is that even though we
> > > > disallow SVE usage in the guest, the guest can use the normal FP state,
> > > > and while we always fully preserve the host state, this could still
> > > > corrupt some additional SVE state not properly preserved for the host.
> > > > Is that correct?
> > >
> > > Yes, that's right: the guest can't touch the SVE-specific registers
> > > Pn/FFR, but FPSIMD accesses to Vn regs cause the high bits of the
> > > corresponding SVE Zn registers to be clobbered. In any case, the
> > > FPSIMD restore done by KVM after guest exit is sufficient to clobber
> > > those bits even if the guest didn't do it.
> > >
> > > This is a band-aid for not making the KVM world switch code properly
> > > SVE-aware yet.
> > >
> > > Does the following wording sound better:
> > >
> > > --8<--
> > >
> > > On guest exit, high bits of the SVE Zn registers may have been
> > > clobbered as a side-effect the execution of FPSIMD instructions in
> > > the guest. The existing KVM host FPSIMD restore code is not
> > > sufficient to restore these bits, so this patch explicitly marks
> > > the CPU as not containing cached vector state for any task, this
> > > forcing a reload on the next return to userspace. This is an
> > > interim measure, in advance of adding full SVE awareness to KVM.
> > >
> > > Because of the duplication of this operation
> > > (__this_cpu_write(fpsimd_last_state, NULL)), it is factored out as
> >
> > s/it is/is/ (I think)
> >
> > > a new helper fpsimd_flush_cpu_state() to make the purpose clearer.
> >
> > Yes, the wording is good and helps a lot. Thanks for writing that.
> >
>
> I think it "it is" is correct, but it's a pretty ghastly sentence...
Ah, I missed the comma, before and read it as __this_cpu_write... is
factored... but that doesn't make any sense. Sorry, I was just not
paying proper attention.
>
> I'll split it as:
>
> This marking of cached vector state in the CPU as invalid is done using
> __this_cpu_write(fpsimd_last_state, NULL) in fpsimd.c. Due to the
> repeated use of this rather obscure operation, it makes sense to factor
> it out as a separate helper with a clearer name. This patch factors it
> out as fpsimd_flush_cpu_state().
>
That's definitely clear.
> > Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
>
> I'll assume I can keep keep your Reviewed-by, since this change is just
> clarification.
>
> But if you're not happy, please shout!
>
I'm happy - in most aspects of life - indeed keep my reviewed-by.
Thanks,
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
* [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE
@ 2017-10-18 19:22 ` Christoffer Dall
0 siblings, 0 replies; 253+ messages in thread
From: Christoffer Dall @ 2017-10-18 19:22 UTC (permalink / raw)
To: linux-arm-kernel
On Wed, Oct 18, 2017 at 04:00:05PM +0100, Dave Martin wrote:
> On Wed, Oct 18, 2017 at 03:23:23PM +0200, Christoffer Dall wrote:
> > On Tue, Oct 17, 2017 at 03:31:42PM +0100, Dave Martin wrote:
> > > On Tue, Oct 17, 2017 at 01:50:24PM +0200, Christoffer Dall wrote:
> > > > On Tue, Oct 10, 2017 at 07:38:39PM +0100, Dave Martin wrote:
> > > > > Until KVM has full SVE support, guests must not be allowed to
> > > > > execute SVE instructions.
> > > > >
> > > > > This patch enables the necessary traps, and also ensures that the
> > > > > traps are disabled again on exit from the guest so that the host
> > > > > can still use SVE if it wants to.
> > > > >
> > > > > This patch introduces another instance of
> > > > > __this_cpu_write(fpsimd_last_state, NULL), so this flush operation
> > > > > is abstracted out as a separate helper fpsimd_flush_cpu_state().
> > > > > Other instances are ported appropriately.
> > > >
> > > > I don't understand this paragraph, beginning from ", so this...".
> > > >
> > > >
> > > > From reading the code, what I think is the reason for having to flush
> > > > the SVE state (and mark the host state invalid) is that even though we
> > > > disallow SVE usage in the guest, the guest can use the normal FP state,
> > > > and while we always fully preserve the host state, this could still
> > > > corrupt some additional SVE state not properly preserved for the host.
> > > > Is that correct?
> > >
> > > Yes, that's right: the guest can't touch the SVE-specific registers
> > > Pn/FFR, but FPSIMD accesses to Vn regs cause the high bits of the
> > > corresponding SVE Zn registers to be clobbered. In any case, the
> > > FPSIMD restore done by KVM after guest exit is sufficient to clobber
> > > those bits even if the guest didn't do it.
> > >
> > > This is a band-aid for not making the KVM world switch code properly
> > > SVE-aware yet.
> > >
> > > Does the following wording sound better:
> > >
> > > --8<--
> > >
> > > On guest exit, high bits of the SVE Zn registers may have been
> > > clobbered as a side-effect the execution of FPSIMD instructions in
> > > the guest. The existing KVM host FPSIMD restore code is not
> > > sufficient to restore these bits, so this patch explicitly marks
> > > the CPU as not containing cached vector state for any task, this
> > > forcing a reload on the next return to userspace. This is an
> > > interim measure, in advance of adding full SVE awareness to KVM.
> > >
> > > Because of the duplication of this operation
> > > (__this_cpu_write(fpsimd_last_state, NULL)), it is factored out as
> >
> > s/it is/is/ (I think)
> >
> > > a new helper fpsimd_flush_cpu_state() to make the purpose clearer.
> >
> > Yes, the wording is good and helps a lot. Thanks for writing that.
> >
>
> I think it "it is" is correct, but it's a pretty ghastly sentence...
Ah, I missed the comma, before and read it as __this_cpu_write... is
factored... but that doesn't make any sense. Sorry, I was just not
paying proper attention.
>
> I'll split it as:
>
> This marking of cached vector state in the CPU as invalid is done using
> __this_cpu_write(fpsimd_last_state, NULL) in fpsimd.c. Due to the
> repeated use of this rather obscure operation, it makes sense to factor
> it out as a separate helper with a clearer name. This patch factors it
> out as fpsimd_flush_cpu_state().
>
That's definitely clear.
> > Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
>
> I'll assume I can keep keep your Reviewed-by, since this change is just
> clarification.
>
> But if you're not happy, please shout!
>
I'm happy - in most aspects of life - indeed keep my reviewed-by.
Thanks,
-Christoffer
^ permalink raw reply [flat|nested] 253+ messages in thread
end of thread, other threads:[~2017-10-18 19:22 UTC | newest]
Thread overview: 253+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-10 18:38 [PATCH v3 00/28] ARM Scalable Vector Extension (SVE) Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` [PATCH v3 01/28] regset: Add support for dynamically sized regsets Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:14 ` Catalin Marinas
2017-10-11 14:14 ` Catalin Marinas
2017-10-11 14:14 ` Catalin Marinas
2017-10-11 14:45 ` Dave Martin
2017-10-11 14:45 ` Dave Martin
2017-10-11 14:45 ` Dave Martin
2017-10-11 14:45 ` Dave Martin
2017-10-10 18:38 ` [PATCH v3 02/28] arm64: KVM: Hide unsupported AArch64 CPU features from guests Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:14 ` Catalin Marinas
2017-10-11 14:14 ` Catalin Marinas
2017-10-11 16:21 ` Marc Zyngier
2017-10-11 16:21 ` Marc Zyngier
2017-10-17 13:51 ` Christoffer Dall
2017-10-17 13:51 ` Christoffer Dall
2017-10-17 14:08 ` Marc Zyngier
2017-10-17 14:08 ` Marc Zyngier
2017-10-18 13:20 ` Christoffer Dall
2017-10-18 13:20 ` Christoffer Dall
2017-10-18 14:45 ` Dave Martin
2017-10-18 14:45 ` Dave Martin
2017-10-18 19:19 ` Christoffer Dall
2017-10-18 19:19 ` Christoffer Dall
2017-10-10 18:38 ` [PATCH v3 03/28] arm64: efi: Add missing Kconfig dependency on KERNEL_MODE_NEON Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:16 ` Catalin Marinas
2017-10-11 14:16 ` Catalin Marinas
2017-10-11 14:35 ` Dave Martin
2017-10-11 14:35 ` Dave Martin
2017-10-10 18:38 ` [PATCH v3 04/28] arm64: Port deprecated instruction emulation to new sysctl interface Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:17 ` Catalin Marinas
2017-10-11 14:17 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set, clear}_ti_thread_flag() Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set,clear}_ti_thread_flag() Dave Martin
2017-10-11 14:19 ` [PATCH v3 05/28] arm64: fpsimd: Simplify uses of {set, clear}_ti_thread_flag() Catalin Marinas
2017-10-11 14:19 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 06/28] arm64/sve: System register and exception syndrome definitions Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:20 ` Catalin Marinas
2017-10-11 14:20 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 07/28] arm64/sve: Low-level SVE architectural state manipulation functions Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:28 ` Catalin Marinas
2017-10-11 14:28 ` Catalin Marinas
2017-10-11 14:28 ` Catalin Marinas
2017-10-11 14:39 ` Dave Martin
2017-10-11 14:39 ` Dave Martin
2017-10-10 18:38 ` [PATCH v3 08/28] arm64/sve: Kconfig update and conditional compilation support Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:29 ` Catalin Marinas
2017-10-11 14:29 ` Catalin Marinas
2017-10-11 14:29 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 09/28] arm64/sve: Signal frame and context structure definition Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:29 ` Catalin Marinas
2017-10-11 14:29 ` Catalin Marinas
2017-10-11 14:29 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 10/28] arm64/sve: Low-level CPU setup Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 14:30 ` Catalin Marinas
2017-10-11 14:30 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 11/28] arm64/sve: Core task context handling Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 16:15 ` Catalin Marinas
2017-10-11 16:15 ` Catalin Marinas
2017-10-12 16:05 ` Dave Martin
2017-10-12 16:05 ` Dave Martin
2017-10-13 13:57 ` Catalin Marinas
2017-10-13 13:57 ` Catalin Marinas
2017-10-13 17:53 ` Dave Martin
2017-10-13 17:53 ` Dave Martin
2017-10-10 18:38 ` [PATCH v3 12/28] arm64/sve: Support vector length resetting for new processes Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 16:16 ` Catalin Marinas
2017-10-11 16:16 ` Catalin Marinas
2017-10-11 16:16 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 13/28] arm64/sve: Signal handling support Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 16:40 ` Catalin Marinas
2017-10-11 16:40 ` Catalin Marinas
2017-10-12 16:11 ` Dave Martin
2017-10-12 16:11 ` Dave Martin
2017-10-13 11:17 ` Catalin Marinas
2017-10-13 11:17 ` Catalin Marinas
2017-10-13 11:17 ` Catalin Marinas
2017-10-13 14:26 ` Dave Martin
2017-10-13 14:26 ` Dave Martin
2017-10-10 18:38 ` [PATCH v3 14/28] arm64/sve: Backend logic for setting the vector length Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 16:43 ` Catalin Marinas
2017-10-11 16:43 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 15/28] arm64: cpufeature: Move sys_caps_initialised declarations Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 16:50 ` Catalin Marinas
2017-10-11 16:50 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 16/28] arm64/sve: Probe SVE capabilities and usable vector lengths Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 16:55 ` Catalin Marinas
2017-10-11 16:55 ` Catalin Marinas
2017-10-12 12:56 ` Suzuki K Poulose
2017-10-12 12:56 ` Suzuki K Poulose
2017-10-16 15:46 ` Dave Martin
2017-10-16 15:46 ` Dave Martin
2017-10-16 16:27 ` Suzuki K Poulose
2017-10-16 16:27 ` Suzuki K Poulose
2017-10-16 16:27 ` Suzuki K Poulose
2017-10-16 16:44 ` Dave Martin
2017-10-16 16:44 ` Dave Martin
2017-10-16 16:47 ` Suzuki K Poulose
2017-10-16 16:47 ` Suzuki K Poulose
2017-10-16 16:47 ` Suzuki K Poulose
2017-10-16 16:55 ` Dave Martin
2017-10-16 16:55 ` Dave Martin
2017-10-16 16:58 ` Suzuki K Poulose
2017-10-16 16:58 ` Suzuki K Poulose
2017-10-10 18:38 ` [PATCH v3 17/28] arm64/sve: Preserve SVE registers around kernel-mode NEON use Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-12 10:15 ` Catalin Marinas
2017-10-12 10:15 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 18/28] arm64/sve: Preserve SVE registers around EFI runtime service calls Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-12 10:57 ` Catalin Marinas
2017-10-12 10:57 ` Catalin Marinas
2017-10-12 10:57 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 19/28] arm64/sve: ptrace and ELF coredump support Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-12 17:06 ` Catalin Marinas
2017-10-12 17:06 ` Catalin Marinas
2017-10-13 16:16 ` Dave Martin
2017-10-13 16:16 ` Dave Martin
2017-10-13 16:16 ` Dave Martin
2017-10-18 10:32 ` Catalin Marinas
2017-10-18 10:32 ` Catalin Marinas
2017-10-18 16:02 ` Dave Martin
2017-10-18 16:02 ` Dave Martin
2017-10-10 18:38 ` [PATCH v3 20/28] arm64/sve: Add prctl controls for userspace vector length management Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-12 17:11 ` Catalin Marinas
2017-10-12 17:11 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 21/28] arm64/sve: Add sysctl to set the default vector length for new processes Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-12 17:11 ` Catalin Marinas
2017-10-12 17:11 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 22/28] arm64/sve: KVM: Prevent guests from using SVE Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 16:28 ` Marc Zyngier
2017-10-11 16:28 ` Marc Zyngier
2017-10-12 11:04 ` Dave Martin
2017-10-12 11:04 ` Dave Martin
2017-10-12 11:28 ` Marc Zyngier
2017-10-12 11:28 ` Marc Zyngier
2017-10-13 14:15 ` Dave Martin
2017-10-13 14:15 ` Dave Martin
2017-10-13 14:21 ` Marc Zyngier
2017-10-13 14:21 ` Marc Zyngier
2017-10-13 16:47 ` Dave Martin
2017-10-13 16:47 ` Dave Martin
2017-10-12 17:13 ` Catalin Marinas
2017-10-12 17:13 ` Catalin Marinas
2017-10-17 11:50 ` Christoffer Dall
2017-10-17 11:50 ` Christoffer Dall
2017-10-17 11:50 ` Christoffer Dall
2017-10-17 11:50 ` Christoffer Dall
2017-10-17 14:31 ` Dave Martin
2017-10-17 14:31 ` Dave Martin
2017-10-18 13:23 ` Christoffer Dall
2017-10-18 13:23 ` Christoffer Dall
2017-10-18 15:00 ` Dave Martin
2017-10-18 15:00 ` Dave Martin
2017-10-18 19:22 ` Christoffer Dall
2017-10-18 19:22 ` Christoffer Dall
2017-10-10 18:38 ` [PATCH v3 23/28] arm64/sve: KVM: Treat guest SVE use as undefined instruction execution Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-12 17:13 ` Catalin Marinas
2017-10-12 17:13 ` Catalin Marinas
2017-10-17 13:58 ` Christoffer Dall
2017-10-17 13:58 ` Christoffer Dall
2017-10-10 18:38 ` [PATCH v3 24/28] arm64/sve: KVM: Hide SVE from CPU features exposed to guests Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 16:31 ` Marc Zyngier
2017-10-11 16:31 ` Marc Zyngier
2017-10-12 17:13 ` Catalin Marinas
2017-10-12 17:13 ` Catalin Marinas
2017-10-17 13:58 ` Christoffer Dall
2017-10-17 13:58 ` Christoffer Dall
2017-10-17 14:07 ` Dave Martin
2017-10-17 14:07 ` Dave Martin
2017-10-17 14:29 ` Marc Zyngier
2017-10-17 14:29 ` Marc Zyngier
2017-10-17 14:29 ` Marc Zyngier
2017-10-17 15:47 ` Dave Martin
2017-10-17 15:47 ` Dave Martin
2017-10-18 13:21 ` Christoffer Dall
2017-10-18 13:21 ` Christoffer Dall
2017-10-18 15:01 ` Dave Martin
2017-10-18 15:01 ` Dave Martin
2017-10-18 16:49 ` Christoffer Dall
2017-10-18 16:49 ` Christoffer Dall
2017-10-10 18:38 ` [PATCH v3 25/28] arm64/sve: Detect SVE and activate runtime support Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 17:11 ` Suzuki K Poulose
2017-10-11 17:11 ` Suzuki K Poulose
2017-10-12 17:14 ` Catalin Marinas
2017-10-12 17:14 ` Catalin Marinas
2017-10-12 17:14 ` Catalin Marinas
2017-10-10 18:38 ` [PATCH v3 26/28] arm64/sve: Add documentation Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 9:50 ` Szabolcs Nagy
2017-10-11 9:50 ` Szabolcs Nagy
[not found] ` <59DDE958.4080605-5wv7dgnIgG8@public.gmane.org>
2017-10-11 11:08 ` Dave Martin
2017-10-11 11:08 ` Dave Martin
2017-10-11 11:08 ` Dave Martin
[not found] ` <20171011110811.GB19485-M5GwZQ6tE7x5pKCnmE3YQBJ8xKzm50AiAL8bYrjMMd8@public.gmane.org>
2017-10-11 11:30 ` Szabolcs Nagy
2017-10-11 11:30 ` Szabolcs Nagy
2017-10-11 11:30 ` Szabolcs Nagy
2017-10-13 14:24 ` Catalin Marinas
2017-10-13 14:24 ` Catalin Marinas
2017-10-13 17:17 ` Dave Martin
2017-10-13 17:17 ` Dave Martin
[not found] ` <20171013171758.GO19485-M5GwZQ6tE7x5pKCnmE3YQBJ8xKzm50AiAL8bYrjMMd8@public.gmane.org>
2017-10-18 9:32 ` Catalin Marinas
2017-10-18 9:32 ` Catalin Marinas
2017-10-18 9:32 ` Catalin Marinas
[not found] ` <20171013142421.j32jzisukewxtosx-+1aNUgJU5qkijLcmloz0ER/iLCjYCKR+VpNB7YpNyf8@public.gmane.org>
2017-10-13 17:35 ` Dave Martin
2017-10-13 17:35 ` Dave Martin
2017-10-13 17:35 ` Dave Martin
2017-10-10 18:38 ` [RFC PATCH v3 27/28] arm64: signal: Report signal frame size to userspace via auxv Dave Martin
2017-10-10 18:38 ` Dave Martin
2017-10-11 10:19 ` Szabolcs Nagy
2017-10-11 10:19 ` Szabolcs Nagy
2017-10-11 13:14 ` Dave P Martin
2017-10-11 13:14 ` Dave P Martin
2017-10-10 18:38 ` [RFC PATCH v3 28/28] arm64/sve: signal: Include SVE when computing AT_MINSIGSTKSZ Dave Martin
2017-10-10 18:38 ` Dave Martin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.