[PATCH OLK-5.10 80/80] arm64/ptrace: Ensure that SME is set up for target when writing SSVE state

28 Nov 2023

From: Mark Brown broonie@kernel.org
mainline inclusion
from mainline-v6.5-rc7
commit 5d0a8d2fba50e9c07cde4aad7fba28c008b07a5b
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I8E73O
CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
-------------------------------------------------
When we use NT_ARM_SSVE to either enable streaming mode or change the
vector length for a process we do not currently do anything to ensure that
there is storage allocated for the SME specific register state.  If the
task had not previously used SME or we changed the vector length then
the task will not have had TIF_SME set or backing storage for ZA/ZT
allocated, resulting in inconsistent register sizes when saving state
and spurious traps which flush the newly set register state.
We should set TIF_SME to disable traps and ensure that storage is
allocated for ZA and ZT if it is not already allocated.  This requires
modifying sme_alloc() to make the flush of any existing register state
optional so we don't disturb existing state for ZA and ZT.
Fixes: e12310a0d30f ("arm64/sme: Implement ptrace support for streaming mode SVE registers")
Reported-by: David Spickett David.Spickett@arm.com
Signed-off-by: Mark Brown broonie@kernel.org
Cc: stable@vger.kernel.org # 5.19.x
Link: https://lore.kernel.org/r/20230810-arm64-fix-ptrace-race-v1-1-a5361fad2bd6@k...
Signed-off-by: Catalin Marinas catalin.marinas@arm.com
Conflicts:
        arch/arm64/kernel/ptrace.c
        Leave zt_set() behind.
Signed-off-by: Wang ShaoBo bobo.shaobowang@huawei.com
---
 arch/arm64/include/asm/fpsimd.h | 4 ++--
 arch/arm64/kernel/fpsimd.c      | 6 +++---
 arch/arm64/kernel/ptrace.c      | 9 ++++++++-
 arch/arm64/kernel/signal.c      | 2 +-
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/arch/arm64/include/asm/fpsimd.h b/arch/arm64/include/asm/fpsimd.h
index 7cd2036685d5a..22f6c6e234419 100644
--- a/arch/arm64/include/asm/fpsimd.h
+++ b/arch/arm64/include/asm/fpsimd.h
@@ -337,7 +337,7 @@ static inline int sme_max_virtualisable_vl(void)
    return vec_max_virtualisable_vl(ARM64_VEC_SME);
 }
-extern void sme_alloc(struct task_struct *task);
+extern void sme_alloc(struct task_struct *task, bool flush);
 extern unsigned int sme_get_vl(void);
 extern int sme_set_current_vl(unsigned long arg);
 extern int sme_get_current_vl(void);
@@ -363,7 +363,7 @@ static inline void sme_smstart_sm(void) { }
 static inline void sme_smstop_sm(void) { }
 static inline void sme_smstop(void) { }
-static inline void sme_alloc(struct task_struct *task) { }
+static inline void sme_alloc(struct task_struct *task, bool flush) { }
 static inline void sme_setup(void) { }
 static inline unsigned int sme_get_vl(void) { return 0; }
 static inline int sme_max_vl(void) { return 0; }
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 1865813163f14..bf286a24a7b79 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -1216,9 +1216,9 @@ void fpsimd_release_task(struct task_struct *dead_task)
  * the interest of testability and predictability, the architecture
  * guarantees that when ZA is enabled it will be zeroed.
  */
-void sme_alloc(struct task_struct *task)
+void sme_alloc(struct task_struct *task, bool flush)
 {
-	if (task->thread.za_state) {
+	if (task->thread.za_state && flush) {
    	memset(task->thread.za_state, 0, za_state_size(task));
    	return;
    }
@@ -1434,7 +1434,7 @@ void do_sme_acc(unsigned int esr, struct pt_regs *regs)
    }
sve_alloc(current, false);
-	sme_alloc(current);
+	sme_alloc(current, true);
    if (!current->thread.sve_state || !current->thread.za_state) {
    	force_sig(SIGKILL);
    	return;
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index e564cb7421372..b8c5b0b52ddaa 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -873,6 +873,13 @@ static int sve_set_common(struct task_struct *target,
    		break;
    	case ARM64_VEC_SME:
    		target->thread.svcr |= SVCR_SM_MASK;
+
+			/*
+			 * Disable traps and ensure there is SME storage but
+			 * preserve any currently set values in ZA/ZT.
+			 */
+			sme_alloc(target, false);
+			set_tsk_thread_flag(target, TIF_SME);
    		break;
    	default:
    		WARN_ON_ONCE(1);
@@ -1092,7 +1099,7 @@ static int za_set(struct task_struct *target,
    }
/* Allocate/reinit ZA storage */
-	sme_alloc(target);
+	sme_alloc(target, true);
    if (!target->thread.za_state) {
    	ret = -ENOMEM;
    	goto out;
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 2292a0db6ec10..2ab9a582506de 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -363,7 +363,7 @@ int restore_za_context(struct user_ctxs __user *user)
    fpsimd_flush_task_state(current);
    /* From now, fpsimd_thread_switch() won't touch thread.sve_state */
-	sme_alloc(current);
+	sme_alloc(current, true);
    if (!current->thread.za_state) {
    	current->thread.svcr &= ~SVCR_ZA_MASK;
    	clear_thread_flag(TIF_SME);
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

[PATCH OLK-5.10 80/80] arm64/ptrace: Ensure that SME is set up for target when writing SSVE state