riscv: vector: init vector context with proper vlenb

geomatsi · Paul Walmsley · commit ef3ff40346db · 2026-02-09T15:27:33.000-07:00
The vstate in thread_struct is zeroed when the vector context is initialized. That includes read-only register vlenb, which holds the vector register length in bytes. Zeroed state persists until mstatus.VS becomes 'dirty' and a context switch saves the actual hardware values. This can expose the zero vlenb value to the user-space in early debug scenarios, e.g. when ptrace attaches to a traced process early, before any vector instruction except the first one was executed. Fix this by specifying proper vlenb on vector context init. Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> Reviewed-by: Andy Chiu <andybnac@gmail.com> Tested-by: Andy Chiu <andybnac@gmail.com> Link: https://patch.msgid.link/20251214163537.1054292-3-geomatsi@gmail.com Signed-off-by: Paul Walmsley <pjw@kernel.org>
diff --git a/arch/riscv/kernel/vector.c b/arch/riscv/kernel/vector.c
@@ -111,8 +111,8 @@ bool insn_is_vector(u32 insn_buf)
 	return false;
 }
 
-static int riscv_v_thread_zalloc(struct kmem_cache *cache,
-				 struct __riscv_v_ext_state *ctx)
+static int riscv_v_thread_ctx_alloc(struct kmem_cache *cache,
+				    struct __riscv_v_ext_state *ctx)
 {
 	void *datap;
 
@@ -122,13 +122,15 @@ static int riscv_v_thread_zalloc(struct kmem_cache *cache,
 
 	ctx->datap = datap;
 	memset(ctx, 0, offsetof(struct __riscv_v_ext_state, datap));
+	ctx->vlenb = riscv_v_vsize / 32;
+
 	return 0;
 }
 
 void riscv_v_thread_alloc(struct task_struct *tsk)
 {
 #ifdef CONFIG_RISCV_ISA_V_PREEMPTIVE
-	riscv_v_thread_zalloc(riscv_v_kernel_cachep, &tsk->thread.kernel_vstate);
+	riscv_v_thread_ctx_alloc(riscv_v_kernel_cachep, &tsk->thread.kernel_vstate);
 #endif
 }
 
@@ -214,12 +216,14 @@ bool riscv_v_first_use_handler(struct pt_regs *regs)
 	 * context where VS has been off. So, try to allocate the user's V
 	 * context and resume execution.
 	 */
-	if (riscv_v_thread_zalloc(riscv_v_user_cachep, &current->thread.vstate)) {
+	if (riscv_v_thread_ctx_alloc(riscv_v_user_cachep, &current->thread.vstate)) {
 		force_sig(SIGBUS);
 		return true;
 	}
+
 	riscv_v_vstate_on(regs);
 	riscv_v_vstate_set_restore(current, regs);
+
 	return true;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -111,8 +111,8 @@ bool insn_is_vector(u32 insn_buf)`
`111`	`111`	`return false;`
`112`	`112`	`}`
`113`	`113`
`114`		`-static int riscv_v_thread_zalloc(struct kmem_cache *cache,`
`115`		`- struct __riscv_v_ext_state *ctx)`
	`114`	`+static int riscv_v_thread_ctx_alloc(struct kmem_cache *cache,`
	`115`	`+ struct __riscv_v_ext_state *ctx)`
`116`	`116`	`{`
`117`	`117`	`void *datap;`
`118`	`118`
`@@ -122,13 +122,15 @@ static int riscv_v_thread_zalloc(struct kmem_cache *cache,`
`122`	`122`
`123`	`123`	`ctx->datap = datap;`
`124`	`124`	`memset(ctx, 0, offsetof(struct __riscv_v_ext_state, datap));`
	`125`	`+ ctx->vlenb = riscv_v_vsize / 32;`
	`126`	`+`
`125`	`127`	`return 0;`
`126`	`128`	`}`
`127`	`129`
`128`	`130`	`void riscv_v_thread_alloc(struct task_struct *tsk)`
`129`	`131`	`{`
`130`	`132`	`#ifdef CONFIG_RISCV_ISA_V_PREEMPTIVE`
`131`		`- riscv_v_thread_zalloc(riscv_v_kernel_cachep, &tsk->thread.kernel_vstate);`
	`133`	`+ riscv_v_thread_ctx_alloc(riscv_v_kernel_cachep, &tsk->thread.kernel_vstate);`
`132`	`134`	`#endif`
`133`	`135`	`}`
`134`	`136`
`@@ -214,12 +216,14 @@ bool riscv_v_first_use_handler(struct pt_regs *regs)`
`214`	`216`	`* context where VS has been off. So, try to allocate the user's V`
`215`	`217`	`* context and resume execution.`
`216`	`218`	`*/`
`217`		`- if (riscv_v_thread_zalloc(riscv_v_user_cachep, &current->thread.vstate)) {`
	`219`	`+ if (riscv_v_thread_ctx_alloc(riscv_v_user_cachep, &current->thread.vstate)) {`
`218`	`220`	`force_sig(SIGBUS);`
`219`	`221`	`return true;`
`220`	`222`	`}`
	`223`	`+`
`221`	`224`	`riscv_v_vstate_on(regs);`
`222`	`225`	`riscv_v_vstate_set_restore(current, regs);`
	`226`	`+`
`223`	`227`	`return true;`
`224`	`228`	`}`
`225`	`229`