On Mon, 06 Jan 2025 09:40:56 +0000, Mark Rutland mark.rutland@arm.com wrote:
On Fri, Jan 03, 2025 at 06:22:55PM +0000, Marc Zyngier wrote:
The hwcaps code that exposes SVE features to userspace only considers ID_AA64ZFR0_EL1, while this is only valid when ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported.
The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the ID_AA64ZFR0_EL1 register is also 0. So far, so good.
Things become a bit more interesting if the HW implements SME. In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME* features. And these fields overlap with their SVE interpretations. But the architecture says that the SME and SVE feature sets must match, so we're still hunky-dory.
This goes wrong if the HW implements SME, but not SVE. In this case, we end-up advertising some SVE features to userspace, even if the HW has none. That's because we never consider whether SVE is actually implemented. Oh well.
Ugh; this is a massive pain. :(
Was this found by inspection, or is some real software going wrong?
Catalin can comment on that -- I understand that he found existing SW latching on SVE2 being wrongly advertised as hwcaps.
Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE being non-zero.
Unfortunately, I'm not sure this fix is correct+complete.
We expose ID_AA64PFR0_EL1 and ID_AA64ZFR0_EL1 via ID register emulation, so any userspace software reading ID_AA64ZFR0_EL1 will encounter the same surprise. If we hide that I'm worried we might hide some SME-only information that isn't exposed elsewhere, and I'm not sure we can reasonably hide ID_AA64ZFR0_EL1 emulation for SME-only (more on that below).
I don't understand where things go wrong. EL0 SW that looks at the ID registers should perform similar checks, and we are not trying to make things better on that front (we can't). Unless you invent time travel and fix the architecture 5 years ago... :-/
The hwcaps are effectively demultiplexing the ID registers, and they have to be exact, which is what this patch provides (SVE2 doesn't get wrongly advertised when not present).
Secondly, all our HWCAP documentation is written in the form:
| HWCAP2_SVEBF16 | Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001.
... so while the architectural behaviour is a surprise, the kernel is (techincallyy) behaving exactly as documented prior to this patch. Maybe we need to change that documentation?
Again, I don't see what goes wrong here. BF16 is only implemented for SVE or SME+FA64, and FA64 requires SVE2. So at least for that one, we should be good.
Do we have equivalent SME hwcaps for the relevant features?
... looking at:
https://developer.arm.com/documentation/ddi0601/2024-12/AArch64-Registers/ID...
... I see that ID_AA64ZFR0_EL1.B16B16 >= 0b0010 implies the presence of SME BFMUL and BFSCALE instructions, but I don't see something equivalent in ID_AA64SMFR0_EL1 per:
https://developer.arm.com/documentation/ddi0601/2024-12/AArch64-Registers/ID...
... so I suspect ID_AA64ZFR0_EL1 might be the only source of truth for this.
Indeed, and the SME HWCAPs are not doing the right thing either. Or rather, we have no way to tell userspace that BFMUL/BFSCALE are available.
It is bizarre that ID_AA64SMFR0_EL1 doesn't follow the same format, and ID_AA64SMFR0_EL1.B16B16 is a single-bit field that cannot encode the same values as ID_AA64ZFR0_EL1.B16B16 (which is a 4-bit field).
*everything* about SME is bizarre.
Even if we change Linux here, someone will need to chase up with the architects to ensure this isn't made worse in future.
Good luck!
M.