arm64/fpsimd: ptrace/prctl: Ensure VL changes do not resurrect stale data

mrutland-arm · willdeacon · commit 49ce484187f7 · 2025-05-08T15:29:10.000+01:00
The SVE/SME vector lengths can be changed via prctl/ptrace syscalls. Changes to the SVE/SME vector lengths are documented as preserving the lower 128 bits of the Z registers (i.e. the bits shared with the FPSIMD V registers). To ensure this, vec_set_vector_length() explicitly copies register values from a task's saved SVE state to its saved FPSIMD state when dropping the task to FPSIMD-only. The logic for this was not updated when when FPSIMD/SVE state tracking was changed across commits: baa8515 ("arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE") a0136be (arm64/fpsimd: Load FP state based on recorded data type") bbc6172 ("arm64/fpsimd: SME no longer requires SVE register state") 8c845e2 ("arm64/sve: Leave SVE enabled on syscall if we don't context switch") Since the last commit above, a task's FPSIMD/SVE state may be stored in FPSIMD format while TIF_SVE is set, and the stored SVE state is stale. When vec_set_vector_length() encounters this case, it will erroneously clobber the live FPSIMD state with stale SVE state by using sve_to_fpsimd(). Fix this by using fpsimd_sync_from_effective_state() instead. Related issues with streaming mode state will be addressed in subsequent patches. Fixes: 8c845e2 ("arm64/sve: Leave SVE enabled on syscall if we don't context switch") Signed-off-by: Mark Rutland <mark.rutland@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: David Spickett <david.spickett@arm.com> Cc: Luis Machado <luis.machado@arm.com> Cc: Marc Zyngier <maz@kernel.org> Cc: Mark Brown <broonie@kernel.org> Cc: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20250508132644.1395904-15-mark.rutland@arm.com Signed-off-by: Will Deacon <will@kernel.org>
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
@@ -852,7 +852,7 @@ int vec_set_vector_length(struct task_struct *task, enum vec_type type,
 	fpsimd_flush_task_state(task);
 	if (test_and_clear_tsk_thread_flag(task, TIF_SVE) ||
 	    thread_sm_enabled(&task->thread)) {
-		sve_to_fpsimd(task);
+		fpsimd_sync_from_effective_state(task);
 		task->thread.fp_type = FP_STATE_FPSIMD;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -852,7 +852,7 @@ int vec_set_vector_length(struct task_struct *task, enum vec_type type,`
`852`	`852`	`fpsimd_flush_task_state(task);`
`853`	`853`	`if (test_and_clear_tsk_thread_flag(task, TIF_SVE) \|\|`
`854`	`854`	`thread_sm_enabled(&task->thread)) {`
`855`		`- sve_to_fpsimd(task);`
	`855`	`+ fpsimd_sync_from_effective_state(task);`
`856`	`856`	`task->thread.fp_type = FP_STATE_FPSIMD;`
`857`	`857`	`}`
`858`	`858`