Re: [PATCH v2] arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented

[Catalin Marinas <catalin.marinas@arm.com>]

On Mon, Jan 06, 2025 at 09:40:56AM +0000, Mark Rutland wrote:
> On Fri, Jan 03, 2025 at 06:22:55PM +0000, Marc Zyngier wrote:
> > The hwcaps code that exposes SVE features to userspace only
> > considers ID_AA64ZFR0_EL1, while this is only valid when
> > ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported.
> > 
> > The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the
> > ID_AA64ZFR0_EL1 register is also 0. So far, so good.
> > 
> > Things become a bit more interesting if the HW implements SME.
> > In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME*
> > features. And these fields overlap with their SVE interpretations.
> > But the architecture says that the SME and SVE feature sets must
> > match, so we're still hunky-dory.
> > 
> > This goes wrong if the HW implements SME, but not SVE. In this
> > case, we end-up advertising some SVE features to userspace, even
> > if the HW has none. That's because we never consider whether SVE
> > is actually implemented. Oh well.
> 
> Ugh; this is a massive pain. :(
> 
> Was this found by inspection, or is some real software going wrong?

It goes wrong on M4 in a VM. The latest macOS (15.2 I think) enabled
those ID regs for guests and Linux user space started falling apart
(first one reported was a fairly recent JDK getting SIGILL when trying
to use the INCB instruction). Reported initially on the Parallels forum.

> > Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE
> > being non-zero.
> 
> Unfortunately, I'm not sure this fix is correct+complete.
> 
> We expose ID_AA64PFR0_EL1 and ID_AA64ZFR0_EL1 via ID register emulation,
> so any userspace software reading ID_AA64ZFR0_EL1 will encounter the
> same surprise. If we hide that I'm worried we might hide some SME-only
> information that isn't exposed elsewhere, and I'm not sure we can
> reasonably hide ID_AA64ZFR0_EL1 emulation for SME-only (more on that
> below).

Good point about the user also accessing these registers through
emulation.

> Secondly, all our HWCAP documentation is written in the form:
> 
> | HWCAP2_SVEBF16
> |     Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001.
> 
> ... so while the architectural behaviour is a surprise, the kernel is
> (techincallyy) behaving exactly as documented prior to this patch. Maybe
> we need to change that documentation?

The kernel is also reporting HWCAP2_SVE2 based on ID_AA64ZFR0_EL1.SVEver
which I don't think it should (my reading of the spec). I suspect that's
what's causing JDK failures.

> Do we have equivalent SME hwcaps for the relevant features?
> 
> ... looking at:
> 
>   https://developer.arm.com/documentation/ddi0601/2024-12/AArch64-Registers/ID-AA64ZFR0-EL1--SVE-Feature-ID-Register-0?lang=en
> 
> ... I see that ID_AA64ZFR0_EL1.B16B16 >= 0b0010 implies the presence of
> SME BFMUL and BFSCALE instructions, but I don't see something equivalent
> in ID_AA64SMFR0_EL1 per:
> 
>   https://developer.arm.com/documentation/ddi0601/2024-12/AArch64-Registers/ID-AA64SMFR0-EL1--SME-Feature-ID-Register-0?lang=en
> 
> ... so I suspect ID_AA64ZFR0_EL1 might be the only source of truth for
> this.
> 
> It is bizarre that ID_AA64SMFR0_EL1 doesn't follow the same format, and
> ID_AA64SMFR0_EL1.B16B16 is a single-bit field that cannot encode the
> same values as ID_AA64ZFR0_EL1.B16B16 (which is a 4-bit field).

Oh, I'm getting confused now. Do we have this information exposed twice
in the ID regs? I think in the kernel we use ZFR0 for SVE and SMFR0 for
the SME equivalent but the architecture is actually confusing with ZFR0
describing both SME and SVE features available. I guess at some point
the architects thought we can't have SME without SVE but changed their
mind and we haven't spotted.

-- 
Catalin