From patchwork Thu Jun 22 17:36:13 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn@kernel.org>
X-Patchwork-Id: 13289502
Return-Path: 
 <linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 2B049EB64D8
	for <linux-riscv@archiver.kernel.org>; Thu, 22 Jun 2023 17:36:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=AeM0x8+Wq/THVM1gwJyfzCWnu2LCidogeGx5QsQM5BY=; b=chJbIUHPDeELPI
	3ewZxNMHl+S6OSg+49nbOrLFTSCwaEBqikmUryMIeDxTw+J2u974IQJ0Ky5Al3//j8m/cb4sPtt6P
	2EW/4Vacx2ssEhrneb6BBN0Ei2VFBqDWoP3Ptps5CylOnbSrMJWG+tiD4QxlHqKXf9jobeXdNFytU
	atqBXKkHPQYL61b9YNusLSRlBon1wUNF+oeRUd+dOUDAWZgtpfakYWAGr7x7fmQ+BM/he3aZpXRt1
	cxGOq7laPXST24UaNReopwgCT1GngP8VkTZnI70FYxSn3SsM5eS3Xqa+z1cun5h1QMO2vthQTqHe9
	mqW9mit0lPeOuS4jaLnA==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1qCOEL-001LrM-2P;
	Thu, 22 Jun 2023 17:36:25 +0000
Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1qCOEI-001Lqy-30
	for linux-riscv@lists.infradead.org;
	Thu, 22 Jun 2023 17:36:24 +0000
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 433E76189F;
	Thu, 22 Jun 2023 17:36:22 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 46613C433C0;
	Thu, 22 Jun 2023 17:36:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1687455381;
	bh=/OtlEWvMky8FwHoyDb4NvG0us2YcJyx1FBYe9wivhIo=;
	h=From:To:Cc:Subject:Date:From;
	b=SDP/87huKee/Zv1UWW27EOV4jrMoXFTtOyzBCCVV2HyEgaNUlEEUByq9LhmSB4cQK
	 akKVNj+YyNFLugitTB+lUVjf2avCXVwEpZeOLECHKo91RYsbYxvVrgshCGdYAZSGn6
	 Pcbf/v/6u2sZGEpbffUiKeA3Vux7ZXH88rKG/+xBRKsxo3gfRv9pmhjl3KaRCQ7GGB
	 GT+jJOmenD9WBi2fLUfivHK5Jupp7GHhbEDJnkSS73TJVm4wegD6JxV9lNB/a+XeeA
	 iFHcQOnUsZswGhaDS+pRpwrShuald9jYkTRJ4R65G/STQ1uWc06QiHga7mojE0upT+
	 VoQDDDWWKH93g==
From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn@kernel.org>
To: Paul Walmsley <paul.walmsley@sifive.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Albert Ou <aou@eecs.berkeley.edu>,
	linux-riscv@lists.infradead.org
Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn@rivosinc.com>,
 linux-kernel@vger.kernel.org, linux@rivosinc.com,
 Palmer Dabbelt <palmer@rivosinc.com>,
 =?utf-8?q?R=C3=A9mi_Denis-Courmont?= <remi@remlab.net>,
 Darius Rad <darius@bluespec.com>, Andy Chiu <andy.chiu@sifive.com>
Subject: [PATCH] riscv: Discard vector state on syscalls
Date: Thu, 22 Jun 2023 19:36:13 +0200
Message-Id: <20230622173613.30722-1-bjorn@kernel.org>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230622_103623_080063_FBF4BA7B 
X-CRM114-Status: GOOD (  13.69  )
X-BeenThere: linux-riscv@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-riscv.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-riscv>,
 <mailto:linux-riscv-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-riscv/>
List-Post: <mailto:linux-riscv@lists.infradead.org>
List-Help: <mailto:linux-riscv-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-riscv>,
 <mailto:linux-riscv-request@lists.infradead.org?subject=subscribe>
Sender: "linux-riscv" <linux-riscv-bounces@lists.infradead.org>
Errors-To: 
 linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org

From: Björn Töpel <bjorn@rivosinc.com>

The RISC-V vector specification states:
  Executing a system call causes all caller-saved vector registers
  (v0-v31, vl, vtype) and vstart to become unspecified.

The vector registers are cleared, vill is set (invalid), and the
vector status is set to Initial.

That way we can prevent userspace from accidentally relying on the
stated save.

Rémi pointed out [1] that clearing the registers might be superfluous,
and setting vill is sufficient.

Link: https://lore.kernel.org/linux-riscv/12784326.9UPPK3MAeB@basile.remlab.net/ # [1]
Suggested-by: Palmer Dabbelt <palmer@rivosinc.com>
Suggested-by: Rémi Denis-Courmont <remi@remlab.net>
Signed-off-by: Björn Töpel <bjorn@rivosinc.com>
---

I figured I'd sent out a proper patch. I like Andy's optimization
patch, but TBH I think we should do that as a follow up.

As Rémi pointed out, the clearing might be opted out, but I left it in
here.


Björn

---
 arch/riscv/include/asm/vector.h | 25 +++++++++++++++++++++++++
 arch/riscv/kernel/traps.c       |  2 ++
 2 files changed, 27 insertions(+)


base-commit: 4681dacadeefa5ca6017e00736adc1d7dc963c6a

diff --git a/arch/riscv/include/asm/vector.h b/arch/riscv/include/asm/vector.h
index 04c0b07bf6cd..692ce55e4a69 100644
--- a/arch/riscv/include/asm/vector.h
+++ b/arch/riscv/include/asm/vector.h
@@ -163,6 +163,30 @@ static inline void __switch_to_vector(struct task_struct *prev,
 void riscv_v_vstate_ctrl_init(struct task_struct *tsk);
 bool riscv_v_vstate_ctrl_user_allowed(void);
 
+static inline void riscv_v_vstate_discard(struct pt_regs *regs)
+{
+	unsigned long vl, vtype_inval = 1UL << (BITS_PER_LONG - 1);
+
+	if (!riscv_v_vstate_query(regs))
+		return;
+
+	riscv_v_enable();
+	asm volatile (
+		".option push\n\t"
+		".option arch, +v\n\t"
+		"vsetvli	%0, x0, e8, m8, ta, ma\n\t"
+		"vmv.v.i	v0, 0\n\t"
+		"vmv.v.i	v8, 0\n\t"
+		"vmv.v.i	v16, 0\n\t"
+		"vmv.v.i	v24, 0\n\t"
+		"vsetvl		%0, x0, %1\n\t"
+		".option pop\n\t"
+		: "=&r" (vl) : "r" (vtype_inval) : "memory");
+	riscv_v_disable();
+
+	riscv_v_vstate_on(regs);
+}
+
 #else /* ! CONFIG_RISCV_ISA_V  */
 
 struct pt_regs;
@@ -178,6 +202,7 @@ static inline bool riscv_v_vstate_ctrl_user_allowed(void) { return false; }
 #define __switch_to_vector(__prev, __next)	do {} while (0)
 #define riscv_v_vstate_off(regs)		do {} while (0)
 #define riscv_v_vstate_on(regs)			do {} while (0)
+#define riscv_v_vstate_discard(regs)		do {} while (0)
 
 #endif /* CONFIG_RISCV_ISA_V */
 
diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
index 05ffdcd1424e..00c68b57ff88 100644
--- a/arch/riscv/kernel/traps.c
+++ b/arch/riscv/kernel/traps.c
@@ -295,6 +295,8 @@ asmlinkage __visible __trap_section void do_trap_ecall_u(struct pt_regs *regs)
 		regs->epc += 4;
 		regs->orig_a0 = regs->a0;
 
+		riscv_v_vstate_discard(regs);
+
 		syscall = syscall_enter_from_user_mode(regs, syscall);
 
 		if (syscall < NR_syscalls)