On Mon, Jan 06, 2025 at 09:40:56AM +0000, Mark Rutland wrote: > On Fri, Jan 03, 2025 at 06:22:55PM +0000, Marc Zyngier wrote: > > The hwcaps code that exposes SVE features to userspace only > > considers ID_AA64ZFR0_EL1, while this is only valid when > > ID_AA64PFR0_EL1.SVE advertises that SVE is actually supported. > > > > The expectations are that when ID_AA64PFR0_EL1.SVE is 0, the > > ID_AA64ZFR0_EL1 register is also 0. So far, so good. > > > > Things become a bit more interesting if the HW implements SME. > > In this case, a few ID_AA64ZFR0_EL1 fields indicate *SME* > > features. And these fields overlap with their SVE interpretations. > > But the architecture says that the SME and SVE feature sets must > > match, so we're still hunky-dory. > > > > This goes wrong if the HW implements SME, but not SVE. In this > > case, we end-up advertising some SVE features to userspace, even > > if the HW has none. That's because we never consider whether SVE > > is actually implemented. Oh well. > > Ugh; this is a massive pain. :( > > Was this found by inspection, or is some real software going wrong? It goes wrong on M4 in a VM. The latest macOS (15.2 I think) enabled those ID regs for guests and Linux user space started falling apart (first one reported was a fairly recent JDK getting SIGILL when trying to use the INCB instruction). Reported initially on the Parallels forum. > > Fix it by restricting all SVE capabilities to ID_AA64PFR0_EL1.SVE > > being non-zero. > > Unfortunately, I'm not sure this fix is correct+complete. > > We expose ID_AA64PFR0_EL1 and ID_AA64ZFR0_EL1 via ID register emulation, > so any userspace software reading ID_AA64ZFR0_EL1 will encounter the > same surprise. If we hide that I'm worried we might hide some SME-only > information that isn't exposed elsewhere, and I'm not sure we can > reasonably hide ID_AA64ZFR0_EL1 emulation for SME-only (more on that > below). Good point about the user also accessing these registers through emulation. > Secondly, all our HWCAP documentation is written in the form: > > | HWCAP2_SVEBF16 > | Functionality implied by ID_AA64ZFR0_EL1.BF16 == 0b0001. > > ... so while the architectural behaviour is a surprise, the kernel is > (techincallyy) behaving exactly as documented prior to this patch. Maybe > we need to change that documentation? The kernel is also reporting HWCAP2_SVE2 based on ID_AA64ZFR0_EL1.SVEver which I don't think it should (my reading of the spec). I suspect that's what's causing JDK failures. > Do we have equivalent SME hwcaps for the relevant features? > > ... looking at: > > https://developer.arm.com/documentation/ddi0601/2024-12/AArch64-Registers/ID-AA64ZFR0-EL1--SVE-Feature-ID-Register-0?lang=en > > ... I see that ID_AA64ZFR0_EL1.B16B16 >= 0b0010 implies the presence of > SME BFMUL and BFSCALE instructions, but I don't see something equivalent > in ID_AA64SMFR0_EL1 per: > > https://developer.arm.com/documentation/ddi0601/2024-12/AArch64-Registers/ID-AA64SMFR0-EL1--SME-Feature-ID-Register-0?lang=en > > ... so I suspect ID_AA64ZFR0_EL1 might be the only source of truth for > this. > > It is bizarre that ID_AA64SMFR0_EL1 doesn't follow the same format, and > ID_AA64SMFR0_EL1.B16B16 is a single-bit field that cannot encode the > same values as ID_AA64ZFR0_EL1.B16B16 (which is a 4-bit field). Oh, I'm getting confused now. Do we have this information exposed twice in the ID regs? I think in the kernel we use ZFR0 for SVE and SMFR0 for the SME equivalent but the architecture is actually confusing with ZFR0 describing both SME and SVE features available. I guess at some point the architects thought we can't have SME without SVE but changed their mind and we haven't spotted. -- Catalin
