From: Dave Martin <Dave.Martin@arm.com>
To: Mark Brown <broonie@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH 1/6] arm64/sme: Flush foreign register state in do_sme_acc()
Date: Tue, 3 Dec 2024 15:32:22 +0000 [thread overview]
Message-ID: <Z08khk6Mg6+T6VV9@e133380.arm.com> (raw)
In-Reply-To: <20241203-arm64-sme-reenable-v1-1-d853479d1b77@kernel.org>
On Tue, Dec 03, 2024 at 12:45:53PM +0000, Mark Brown wrote:
> When do_sme_acc() runs with foreign FP state it does not do any updates of
> the task structure, relying on the next return to userspace to reload the
> register state appropriately, but leaves the task's last loaded CPU
> untouched. This means that if the task returns to userspace on the last
> CPU it ran on then the checks in fpsimd_bind_task_to_cpu() will incorrectly
> determine that the register state on the CPU is current and suppress reload
> of the floating point register state before returning to userspace. This
> will result in spurious warnings due to SME access traps occuring for the
> task after TIF_SME is set.
>
> Call fpsimd_flush_task_state() to invalidate the last loaded CPU
> recorded in the task, forcing detection of the task as foreign.
>
> Fixes: 8bd7f91c03d8 ("arm64/sme: Implement traps and syscall handling for SME")
> Reported-by: Mark Rutlamd <mark.rutland@arm.com>
> Signed-off-by: Mark Brown <broonie@kernel.org>
> Cc: stable@vger.kernel.org
> ---
> arch/arm64/kernel/fpsimd.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index 8c4c1a2186cc510a7826d15ec36225857c07ed71..eca0b6a2fc6fa25d8c850a5b9e109b4d58809f54 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -1460,6 +1460,8 @@ void do_sme_acc(unsigned long esr, struct pt_regs *regs)
> sme_set_vq(vq_minus_one);
>
> fpsimd_bind_task_to_cpu();
> + } else {
> + fpsimd_flush_task_state(current);
TIF_FOREIGN_FPSTATE is (or was) a cache of the task<->CPU binding that
you're clobbering here.
So, this fpsimd_flush_task_state() should have no effect unless
TIF_FOREIGN_FPSTATE is already wrong? I'm wondering if the apparent
need for this means that there is an undiagnosed bug elsewhere.
(My understanding is based on FPSIMD/SVE; I'm less familiar with the
SME changes, so I may be missing something important here.)
[...]
Cheers
---Dave
next prev parent reply other threads:[~2024-12-03 15:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-03 12:45 [PATCH 0/6] arm64/sme: Collected SME fixes Mark Brown
2024-12-03 12:45 ` [PATCH 1/6] arm64/sme: Flush foreign register state in do_sme_acc() Mark Brown
2024-12-03 15:32 ` Dave Martin [this message]
2024-12-03 16:00 ` Mark Brown
2024-12-03 17:00 ` Dave Martin
2024-12-03 17:24 ` Mark Brown
2024-12-04 11:33 ` Dave Martin
2024-12-03 12:45 ` [PATCH 3/6] arm64/ptrace: Zero FPMR on streaming mode entry/exit Mark Brown
2024-12-03 12:45 ` [PATCH 5/6] arm64/signal: Avoid corruption of SME state when entering signal handler Mark Brown
2024-12-03 15:33 ` Dave Martin
2024-12-03 16:12 ` Mark Brown
2024-12-03 17:10 ` Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z08khk6Mg6+T6VV9@e133380.arm.com \
--to=dave.martin@arm.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=stable@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox