riscv: vector: init vector context with proper vlenb

geomatsi · Sasha Levin · commit f7fc25362c07 · 2026-03-04T07:21:20.000-05:00
[ Upstream commit ef3ff40 ] The vstate in thread_struct is zeroed when the vector context is initialized. That includes read-only register vlenb, which holds the vector register length in bytes. Zeroed state persists until mstatus.VS becomes 'dirty' and a context switch saves the actual hardware values. This can expose the zero vlenb value to the user-space in early debug scenarios, e.g. when ptrace attaches to a traced process early, before any vector instruction except the first one was executed. Fix this by specifying proper vlenb on vector context init. Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> Reviewed-by: Andy Chiu <andybnac@gmail.com> Tested-by: Andy Chiu <andybnac@gmail.com> Link: https://patch.msgid.link/20251214163537.1054292-3-geomatsi@gmail.com Signed-off-by: Paul Walmsley <pjw@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
diff --git a/arch/riscv/kernel/vector.c b/arch/riscv/kernel/vector.c
@@ -99,8 +99,8 @@ static bool insn_is_vector(u32 insn_buf)
 	return false;
 }
 
-static int riscv_v_thread_zalloc(struct kmem_cache *cache,
-				 struct __riscv_v_ext_state *ctx)
+static int riscv_v_thread_ctx_alloc(struct kmem_cache *cache,
+				    struct __riscv_v_ext_state *ctx)
 {
 	void *datap;
 
@@ -110,13 +110,15 @@ static int riscv_v_thread_zalloc(struct kmem_cache *cache,
 
 	ctx->datap = datap;
 	memset(ctx, 0, offsetof(struct __riscv_v_ext_state, datap));
+	ctx->vlenb = riscv_v_vsize / 32;
+
 	return 0;
 }
 
 void riscv_v_thread_alloc(struct task_struct *tsk)
 {
 #ifdef CONFIG_RISCV_ISA_V_PREEMPTIVE
-	riscv_v_thread_zalloc(riscv_v_kernel_cachep, &tsk->thread.kernel_vstate);
+	riscv_v_thread_ctx_alloc(riscv_v_kernel_cachep, &tsk->thread.kernel_vstate);
 #endif
 }
 
@@ -202,12 +204,14 @@ bool riscv_v_first_use_handler(struct pt_regs *regs)
 	 * context where VS has been off. So, try to allocate the user's V
 	 * context and resume execution.
 	 */
-	if (riscv_v_thread_zalloc(riscv_v_user_cachep, &current->thread.vstate)) {
+	if (riscv_v_thread_ctx_alloc(riscv_v_user_cachep, &current->thread.vstate)) {
 		force_sig(SIGBUS);
 		return true;
 	}
+
 	riscv_v_vstate_on(regs);
 	riscv_v_vstate_set_restore(current, regs);
+
 	return true;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -99,8 +99,8 @@ static bool insn_is_vector(u32 insn_buf)`
`99`	`99`	`return false;`
`100`	`100`	`}`
`101`	`101`
`102`		`-static int riscv_v_thread_zalloc(struct kmem_cache *cache,`
`103`		`- struct __riscv_v_ext_state *ctx)`
	`102`	`+static int riscv_v_thread_ctx_alloc(struct kmem_cache *cache,`
	`103`	`+ struct __riscv_v_ext_state *ctx)`
`104`	`104`	`{`
`105`	`105`	`void *datap;`
`106`	`106`
`@@ -110,13 +110,15 @@ static int riscv_v_thread_zalloc(struct kmem_cache *cache,`
`110`	`110`
`111`	`111`	`ctx->datap = datap;`
`112`	`112`	`memset(ctx, 0, offsetof(struct __riscv_v_ext_state, datap));`
	`113`	`+ ctx->vlenb = riscv_v_vsize / 32;`
	`114`	`+`
`113`	`115`	`return 0;`
`114`	`116`	`}`
`115`	`117`
`116`	`118`	`void riscv_v_thread_alloc(struct task_struct *tsk)`
`117`	`119`	`{`
`118`	`120`	`#ifdef CONFIG_RISCV_ISA_V_PREEMPTIVE`
`119`		`- riscv_v_thread_zalloc(riscv_v_kernel_cachep, &tsk->thread.kernel_vstate);`
	`121`	`+ riscv_v_thread_ctx_alloc(riscv_v_kernel_cachep, &tsk->thread.kernel_vstate);`
`120`	`122`	`#endif`
`121`	`123`	`}`
`122`	`124`
`@@ -202,12 +204,14 @@ bool riscv_v_first_use_handler(struct pt_regs *regs)`
`202`	`204`	`* context where VS has been off. So, try to allocate the user's V`
`203`	`205`	`* context and resume execution.`
`204`	`206`	`*/`
`205`		`- if (riscv_v_thread_zalloc(riscv_v_user_cachep, &current->thread.vstate)) {`
	`207`	`+ if (riscv_v_thread_ctx_alloc(riscv_v_user_cachep, &current->thread.vstate)) {`
`206`	`208`	`force_sig(SIGBUS);`
`207`	`209`	`return true;`
`208`	`210`	`}`
	`211`	`+`
`209`	`212`	`riscv_v_vstate_on(regs);`
`210`	`213`	`riscv_v_vstate_set_restore(current, regs);`
	`214`	`+`
`211`	`215`	`return true;`
`212`	`216`	`}`
`213`	`217`