Received: by 2002:a05:7208:3003:b0:81:def:69cd with SMTP id f3csp4245658rba;
        Tue, 2 Apr 2024 11:11:59 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUxxa8Ys1sym6nQ4uZR8cUpfmCDnUPXRsyZUUiBK4Il9T10agYdLzQcGw6j4GRDIN6y6AldMx6JEOgroK9vIRGmG2mYSH8CNlHcLMuvfw==
X-Google-Smtp-Source: AGHT+IE3wOJ2n/FqklGIHmf9M4FErSfb2zeeA12mBLSIIG6x2sh2AyftWQ3nzawtM4fmT2iDsjlz
X-Received: by 2002:a05:6402:40c7:b0:56c:d21:d919 with SMTP id z7-20020a05640240c700b0056c0d21d919mr2093711edb.34.1712081519125;
        Tue, 02 Apr 2024 11:11:59 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712081519; cv=pass;
        d=google.com; s=arc-20160816;
        b=Wf8ZWA/rtqtloGnqOiNFFbPdsXtg/OiweHHc35dAaq9CCheeYFGKn7A9wJuUTwEKtc
         AHEAug1RvuVH1ql8HoMWFE08Et9bAzzIMQhoAkNil1MX+0bvPqh/GU1vQiT2HES7hEip
         KTytRYJL+e5qNSPBjm/chInIUNapaJVz32L6F+2OlVAV9wKBYuWi8EyjFz/mnYTwzLn9
         eKrvsgPbi2uYZhizdGB6n1P/inXr/l6khypi4dgiye8D9FnDbr5izSBosWh7koW69E+U
         SNnRHzl9rU4HhSDUbwTlorrECuItZCaxhW1LxMglSPY6d8Wkfic1Wn2VxUpweCjDNm/0
         BOmQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date;
        bh=nzPG7NkkvJfbBAsWCHJ/gBkpE9/hpkPnPyaftkrNAlw=;
        fh=YmWscFy0cqgCZi89FkotrhiUUcTY5gksoR+LWAixXhU=;
        b=jYwgCXYXpVL/fnI/ll3Rue5++zzBq0WncI7j/TpP0yfeMEhffGB4cS2qO7vURs+hSu
         kctSC8WGeDHIT+AM/2qmo9hFn4/LsgsiniJPPG1rI6rGQFzsBx4undF1nZTBJOTPDhwC
         Dy/xTllpvwSPcjnPKT9BB5ICARVni49SCZB3ql3xArPDH4v1Z8bgD9HCHHwcLTLv/5VB
         ve+kwspKlckcFE5DZ65oAvwEr0QCd7sY8/gv/OHkTn898xF4KvOJzrd6JEdeMZtHuDbb
         tOLZlWcd1k3AMuVOvXpBAyUNsYikYGQbdEFPNoI7s+VCRZNBUBSVB3B6aixDWy+4PBPV
         +m6g==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com);
       spf=pass (google.com: domain of linux-kernel+bounces-128489-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-128489-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel+bounces-128489-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id z18-20020a05640240d200b0056c1ccd2dfdsi5908764edb.25.2024.04.02.11.11.59
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 02 Apr 2024 11:11:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-128489-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com);
       spf=pass (google.com: domain of linux-kernel+bounces-128489-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-128489-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 9AABC1F22215
	for <linux.lists.archive@gmail.com>; Tue,  2 Apr 2024 18:11:58 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 0C3A015AD80;
	Tue,  2 Apr 2024 18:11:52 +0000 (UTC)
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 3021015AAD7
	for <linux-kernel@vger.kernel.org>; Tue,  2 Apr 2024 18:11:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712081511; cv=none; b=UTtxr5iK+/akvjZjqkF8lXUd2IV4K8+brgLxqHqZQaM8OT321h3/Y9LW470q/QyAB+v4X057P8BEywnEbQRDAZVwqxF/iMOgkz4jV4FnOIR2JZGH1XAqVmL7gZFO8ph3GioJN39r+4k6jWB8JJ9RVgwJIK2k0BD2PVMwy7AEq5Q=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712081511; c=relaxed/simple;
	bh=4JmSWPxQ7WjqtjBMCMN4q6rtpi1w4hviH2iHcZhRAYg=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=HpJkcD6tDUIqOmsVGBlZv+rzdOiBusqlewH9IGbTq16MyOM4aQBLvkgT8mplYhZYfNl0OZc2sE1ou/WXIyl2DqVwttXh4O0gzfyQFTxd1FnOORTQQG2miJONTaxtVGN2jW+zENSUq1eNPUzVpSgwEzWz3JLOLWkVV1n6uhAp5go=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9E5FD1007;
	Tue,  2 Apr 2024 11:12:19 -0700 (PDT)
Received: from FVFF77S0Q05N (unknown [10.57.16.234])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D30633F766;
	Tue,  2 Apr 2024 11:11:46 -0700 (PDT)
Date: Tue, 2 Apr 2024 19:11:43 +0100
From: Mark Rutland <mark.rutland@arm.com>
To: Vineet Gupta <vineetg@rivosinc.com>
Cc: Will Deacon <will@kernel.org>, Andrew Waterman <andrew@sifive.com>,
	Palmer Dabbelt <palmer@rivosinc.com>,
	lkml <linux-kernel@vger.kernel.org>,
	Mark Brown <broonie@kernel.org>, Dave Martin <Dave.Martin@arm.com>
Subject: Re: ARM SVE ABI: kernel dropping SVE/SME state on syscalls
Message-ID: <ZgxKXy6r0X7Whu5U@FVFF77S0Q05N>
References: <bc21c53f-23b9-4596-b757-fc7707f91f24@rivosinc.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <bc21c53f-23b9-4596-b757-fc7707f91f24@rivosinc.com>

On Wed, Mar 27, 2024 at 05:30:00PM -0700, Vineet Gupta wrote:
> Hi Will, Marc,
> 
> In the RISC-V land we are hitting an issue and need some help
> understanding the SVE ABI about dropping the state on syscalls (and its
> implications etc - in hindsight)
> 
> If I'm reading the arm64 code correctly, SVE state is unconditionally
> (for any syscall whatsoever) dropped in following code path:
> 
> el0_svc
>     fp_user_discard
> 
> The RISC-V Vector ABI mandates something similar and kernel implements
> something similar.
> 
>     2023-06-29 9657e9b7d253 riscv: Discard vector state on syscalls  
> 
> However in recent testing with RISC-V vector builds we are running into
> an issue when this just doesn't work.
> 
> Just for some background, RISC-V vector instructions relies on
> additional state in a VTYPE register which is setup using an apriori
> VSETVLI insn.
> So consider the following piece of code:
> 
>    3ff80:    cc787057              vsetivli    zero,16,e8,mf2,ta,ma    
> <-- sets up VTYPE
>    3ff84:    44d8                    lw    a4,12(s1)
>    3ff86:    449c                    lw    a5,8(s1)
>    3ff88:    06f75563              bge    a4,a5,3fff2
>    3ff8c:    02010087              vle8.v    v1,(sp)
>    3ff90:    020980a7              vse8.v    v1,(s3)   <-- Vector store
> instruction
> Here's the sequence of events that's causing the issue 
>
> 1. The vector store instruction (in say bash) takes a page fault, enters
> kernel.
> 2. In PF return path, a SIGCHLD signal is pending (a bash sub-shell
> which exited, likely on different cpu).

At this point, surely you need to save the VTYPE into a sigframe before
delivering the signal?

> 3. kernel resumes in userspace signal handler which ends up making an
> rt_sigreturn syscall - and which as specified discards the V state (and
> makes VTYPE reg invalid).

The state is discarded at syscall entry, but rt_sigreturn() runs *after* the
discard. If you saved the original VTYPE prior to delivering the signal, it
should be able to restore it regardless of whether it'd be clobbered at syscall
entry.

Surely you *must* save/restore VTYPE in the signal frame? Otherwise the signal
handler can't make any syscall whatsoever, or it's responsible for saving and
restoring VTYPE in userspace, which doesn't seem right.

> 4. When sigreturn finally returns to original Vector store instruction,
> invalid VTYPE triggers an Illegal instruction which causes a SIGILL (as
> state was discarded above).
> 
> So there is no way dropping syscall state would work here.

As above, I don't think that's quite true. It sounds to me like that the actual
bug is that you don't save+restore VTYPE in the signal frame?

> How do you guys handle this for SVE/SME ? One way would be to not do the
> discard in rt_sigreturn codepath, but I don't see that - granted I'm not
> too familiar with arch/arm64/*/**

IIUC this works on arm64 because we'll save all the original state when we
deliver the signal, then restore that state *after* entry to the rt_sigreturn()
syscall.

I can go dig into that tomorrow, but I don't see how this can work unless we
save *all* state prior to delivering the signal, and restoring *all* that state
from the sigframe.

> Other thing I wanted to ask is, have there been any perf implications of
> this ABI decision: as in if this was other way around, userspace (and/or
> compilers) could potentially leverage the fact that SVE/SME state would
> still be valid past a syscall - and won't have to reload/resetup etc.

I believe Mark Brown has made some changes recently to try to avoid some of
that impact. He might be able to comment on that.

Mark.