1===================================================
2Scalable Vector Extension support for AArch64 Linux
3===================================================
4
5Author: Dave Martin <Dave.Martin@arm.com>
6
7Date:   4 August 2017
8
9This document outlines briefly the interface provided to userspace by Linux in
10order to support use of the ARM Scalable Vector Extension (SVE), including
11interactions with Streaming SVE mode added by the Scalable Matrix Extension
12(SME).
13
14This is an outline of the most important features and issues only and not
15intended to be exhaustive.
16
17This document does not aim to describe the SVE architecture or programmer's
18model.  To aid understanding, a minimal description of relevant programmer's
19model features for SVE is included in Appendix A.
20
21
221.  General
23-----------
24
25* SVE registers Z0..Z31, P0..P15 and FFR and the current vector length VL, are
26  tracked per-thread.
27
28* In streaming mode FFR is not accessible unless HWCAP2_SME_FA64 is present
29  in the system, when it is not supported and these interfaces are used to
30  access streaming mode FFR is read and written as zero.
31
32* The presence of SVE is reported to userspace via HWCAP_SVE in the aux vector
33  AT_HWCAP entry.  Presence of this flag implies the presence of the SVE
34  instructions and registers, and the Linux-specific system interfaces
35  described in this document.  SVE is reported in /proc/cpuinfo as "sve".
36
37* Support for the execution of SVE instructions in userspace can also be
38  detected by reading the CPU ID register ID_AA64PFR0_EL1 using an MRS
39  instruction, and checking that the value of the SVE field is nonzero. [3]
40
41  It does not guarantee the presence of the system interfaces described in the
42  following sections: software that needs to verify that those interfaces are
43  present must check for HWCAP_SVE instead.
44
45* On hardware that supports the SVE2 extensions, HWCAP2_SVE2 will also
46  be reported in the AT_HWCAP2 aux vector entry.  In addition to this,
47  optional extensions to SVE2 may be reported by the presence of:
48
49	HWCAP2_SVE2
50	HWCAP2_SVEAES
51	HWCAP2_SVEPMULL
52	HWCAP2_SVEBITPERM
53	HWCAP2_SVESHA3
54	HWCAP2_SVESM4
55	HWCAP2_SVE2P1
56
57  This list may be extended over time as the SVE architecture evolves.
58
59  These extensions are also reported via the CPU ID register ID_AA64ZFR0_EL1,
60  which userspace can read using an MRS instruction.  See elf_hwcaps.txt and
61  cpu-feature-registers.txt for details.
62
63* On hardware that supports the SME extensions, HWCAP2_SME will also be
64  reported in the AT_HWCAP2 aux vector entry.  Among other things SME adds
65  streaming mode which provides a subset of the SVE feature set using a
66  separate SME vector length and the same Z/V registers.  See sme.rst
67  for more details.
68
69* Debuggers should restrict themselves to interacting with the target via the
70  NT_ARM_SVE regset.  The recommended way of detecting support for this regset
71  is to connect to a target process first and then attempt a
72  ptrace(PTRACE_GETREGSET, pid, NT_ARM_SVE, &iov).  Note that when SME is
73  present and streaming SVE mode is in use the FPSIMD subset of registers
74  will be read via NT_ARM_SVE and NT_ARM_SVE writes will exit streaming mode
75  in the target.
76
77* Whenever SVE scalable register values (Zn, Pn, FFR) are exchanged in memory
78  between userspace and the kernel, the register value is encoded in memory in
79  an endianness-invariant layout, with bits [(8 * i + 7) : (8 * i)] encoded at
80  byte offset i from the start of the memory representation.  This affects for
81  example the signal frame (struct sve_context) and ptrace interface
82  (struct user_sve_header) and associated data.
83
84  Beware that on big-endian systems this results in a different byte order than
85  for the FPSIMD V-registers, which are stored as single host-endian 128-bit
86  values, with bits [(127 - 8 * i) : (120 - 8 * i)] of the register encoded at
87  byte offset i.  (struct fpsimd_context, struct user_fpsimd_state).
88
89
902.  Vector length terminology
91-----------------------------
92
93The size of an SVE vector (Z) register is referred to as the "vector length".
94
95To avoid confusion about the units used to express vector length, the kernel
96adopts the following conventions:
97
98* Vector length (VL) = size of a Z-register in bytes
99
100* Vector quadwords (VQ) = size of a Z-register in units of 128 bits
101
102(So, VL = 16 * VQ.)
103
104The VQ convention is used where the underlying granularity is important, such
105as in data structure definitions.  In most other situations, the VL convention
106is used.  This is consistent with the meaning of the "VL" pseudo-register in
107the SVE instruction set architecture.
108
109
1103.  System call behaviour
111-------------------------
112
113* On syscall, V0..V31 are preserved (as without SVE).  Thus, bits [127:0] of
114  Z0..Z31 are preserved.  All other bits of Z0..Z31, and all of P0..P15 and FFR
115  become zero on return from a syscall.
116
117* The SVE registers are not used to pass arguments to or receive results from
118  any syscall.
119
120* All other SVE state of a thread, including the currently configured vector
121  length, the state of the PR_SVE_VL_INHERIT flag, and the deferred vector
122  length (if any), is preserved across all syscalls, subject to the specific
123  exceptions for execve() described in section 6.
124
125  In particular, on return from a fork() or clone(), the parent and new child
126  process or thread share identical SVE configuration, matching that of the
127  parent before the call.
128
129
1304.  Signal handling
131-------------------
132
133* A new signal frame record sve_context encodes the SVE registers on signal
134  delivery. [1]
135
136* This record is supplementary to fpsimd_context.  The FPSR and FPCR registers
137  are only present in fpsimd_context.  For convenience, the content of V0..V31
138  is duplicated between sve_context and fpsimd_context.
139
140* The record contains a flag field which includes a flag SVE_SIG_FLAG_SM which
141  if set indicates that the thread is in streaming mode and the vector length
142  and register data (if present) describe the streaming SVE data and vector
143  length.
144
145* The signal frame record for SVE always contains basic metadata, in particular
146  the thread's vector length (in sve_context.vl).
147
148* The SVE registers may or may not be included in the record, depending on
149  whether the registers are live for the thread.  The registers are present if
150  and only if:
151  sve_context.head.size >= SVE_SIG_CONTEXT_SIZE(sve_vq_from_vl(sve_context.vl)).
152
153* If the registers are present, the remainder of the record has a vl-dependent
154  size and layout.  Macros SVE_SIG_* are defined [1] to facilitate access to
155  the members.
156
157* Each scalable register (Zn, Pn, FFR) is stored in an endianness-invariant
158  layout, with bits [(8 * i + 7) : (8 * i)] stored at byte offset i from the
159  start of the register's representation in memory.
160
161* If the SVE context is too big to fit in sigcontext.__reserved[], then extra
162  space is allocated on the stack, an extra_context record is written in
163  __reserved[] referencing this space.  sve_context is then written in the
164  extra space.  Refer to [1] for further details about this mechanism.
165
166
1675.  Signal return
168-----------------
169
170When returning from a signal handler:
171
172* If there is no sve_context record in the signal frame, or if the record is
173  present but contains no register data as described in the previous section,
174  then the SVE registers/bits become non-live and take unspecified values.
175
176* If sve_context is present in the signal frame and contains full register
177  data, the SVE registers become live and are populated with the specified
178  data.  However, for backward compatibility reasons, bits [127:0] of Z0..Z31
179  are always restored from the corresponding members of fpsimd_context.vregs[]
180  and not from sve_context.  The remaining bits are restored from sve_context.
181
182* Inclusion of fpsimd_context in the signal frame remains mandatory,
183  irrespective of whether sve_context is present or not.
184
185* The vector length cannot be changed via signal return.  If sve_context.vl in
186  the signal frame does not match the current vector length, the signal return
187  attempt is treated as illegal, resulting in a forced SIGSEGV.
188
189* It is permitted to enter or leave streaming mode by setting or clearing
190  the SVE_SIG_FLAG_SM flag but applications should take care to ensure that
191  when doing so sve_context.vl and any register data are appropriate for the
192  vector length in the new mode.
193
194
1956.  prctl extensions
196--------------------
197
198Some new prctl() calls are added to allow programs to manage the SVE vector
199length:
200
201prctl(PR_SVE_SET_VL, unsigned long arg)
202
203    Sets the vector length of the calling thread and related flags, where
204    arg == vl | flags.  Other threads of the calling process are unaffected.
205
206    vl is the desired vector length, where sve_vl_valid(vl) must be true.
207
208    flags:
209
210	PR_SVE_VL_INHERIT
211
212	    Inherit the current vector length across execve().  Otherwise, the
213	    vector length is reset to the system default at execve().  (See
214	    Section 9.)
215
216	PR_SVE_SET_VL_ONEXEC
217
218	    Defer the requested vector length change until the next execve()
219	    performed by this thread.
220
221	    The effect is equivalent to implicit execution of the following
222	    call immediately after the next execve() (if any) by the thread:
223
224		prctl(PR_SVE_SET_VL, arg & ~PR_SVE_SET_VL_ONEXEC)
225
226	    This allows launching of a new program with a different vector
227	    length, while avoiding runtime side effects in the caller.
228
229
230	    Without PR_SVE_SET_VL_ONEXEC, the requested change takes effect
231	    immediately.
232
233
234    Return value: a nonnegative on success, or a negative value on error:
235	EINVAL: SVE not supported, invalid vector length requested, or
236	    invalid flags.
237
238
239    On success:
240
241    * Either the calling thread's vector length or the deferred vector length
242      to be applied at the next execve() by the thread (dependent on whether
243      PR_SVE_SET_VL_ONEXEC is present in arg), is set to the largest value
244      supported by the system that is less than or equal to vl.  If vl ==
245      SVE_VL_MAX, the value set will be the largest value supported by the
246      system.
247
248    * Any previously outstanding deferred vector length change in the calling
249      thread is cancelled.
250
251    * The returned value describes the resulting configuration, encoded as for
252      PR_SVE_GET_VL.  The vector length reported in this value is the new
253      current vector length for this thread if PR_SVE_SET_VL_ONEXEC was not
254      present in arg; otherwise, the reported vector length is the deferred
255      vector length that will be applied at the next execve() by the calling
256      thread.
257
258    * Changing the vector length causes all of P0..P15, FFR and all bits of
259      Z0..Z31 except for Z0 bits [127:0] .. Z31 bits [127:0] to become
260      unspecified.  Calling PR_SVE_SET_VL with vl equal to the thread's current
261      vector length, or calling PR_SVE_SET_VL with the PR_SVE_SET_VL_ONEXEC
262      flag, does not constitute a change to the vector length for this purpose.
263
264
265prctl(PR_SVE_GET_VL)
266
267    Gets the vector length of the calling thread.
268
269    The following flag may be OR-ed into the result:
270
271	PR_SVE_VL_INHERIT
272
273	    Vector length will be inherited across execve().
274
275    There is no way to determine whether there is an outstanding deferred
276    vector length change (which would only normally be the case between a
277    fork() or vfork() and the corresponding execve() in typical use).
278
279    To extract the vector length from the result, bitwise and it with
280    PR_SVE_VL_LEN_MASK.
281
282    Return value: a nonnegative value on success, or a negative value on error:
283	EINVAL: SVE not supported.
284
285
2867.  ptrace extensions
287---------------------
288
289* New regsets NT_ARM_SVE and NT_ARM_SSVE are defined for use with
290  PTRACE_GETREGSET and PTRACE_SETREGSET. NT_ARM_SSVE describes the
291  streaming mode SVE registers and NT_ARM_SVE describes the
292  non-streaming mode SVE registers.
293
294  In this description a register set is referred to as being "live" when
295  the target is in the appropriate streaming or non-streaming mode and is
296  using data beyond the subset shared with the FPSIMD Vn registers.
297
298  Refer to [2] for definitions.
299
300The regset data starts with struct user_sve_header, containing:
301
302    size
303
304	Size of the complete regset, in bytes.
305	This depends on vl and possibly on other things in the future.
306
307	If a call to PTRACE_GETREGSET requests less data than the value of
308	size, the caller can allocate a larger buffer and retry in order to
309	read the complete regset.
310
311    max_size
312
313	Maximum size in bytes that the regset can grow to for the target
314	thread.  The regset won't grow bigger than this even if the target
315	thread changes its vector length etc.
316
317    vl
318
319	Target thread's current vector length, in bytes.
320
321    max_vl
322
323	Maximum possible vector length for the target thread.
324
325    flags
326
327	at most one of
328
329	    SVE_PT_REGS_FPSIMD
330
331		SVE registers are not live (GETREGSET) or are to be made
332		non-live (SETREGSET).
333
334		The payload is of type struct user_fpsimd_state, with the same
335		meaning as for NT_PRFPREG, starting at offset
336		SVE_PT_FPSIMD_OFFSET from the start of user_sve_header.
337
338		Extra data might be appended in the future: the size of the
339		payload should be obtained using SVE_PT_FPSIMD_SIZE(vq, flags).
340
341		vq should be obtained using sve_vq_from_vl(vl).
342
343		or
344
345	    SVE_PT_REGS_SVE
346
347		SVE registers are live (GETREGSET) or are to be made live
348		(SETREGSET).
349
350		The payload contains the SVE register data, starting at offset
351		SVE_PT_SVE_OFFSET from the start of user_sve_header, and with
352		size SVE_PT_SVE_SIZE(vq, flags);
353
354	... OR-ed with zero or more of the following flags, which have the same
355	meaning and behaviour as the corresponding PR_SET_VL_* flags:
356
357	    SVE_PT_VL_INHERIT
358
359	    SVE_PT_VL_ONEXEC (SETREGSET only).
360
361	If neither FPSIMD nor SVE flags are provided then no register
362	payload is available, this is only possible when SME is implemented.
363
364
365* The effects of changing the vector length and/or flags are equivalent to
366  those documented for PR_SVE_SET_VL.
367
368  The caller must make a further GETREGSET call if it needs to know what VL is
369  actually set by SETREGSET, unless is it known in advance that the requested
370  VL is supported.
371
372* In the SVE_PT_REGS_SVE case, the size and layout of the payload depends on
373  the header fields.  The SVE_PT_SVE_*() macros are provided to facilitate
374  access to the members.
375
376* In either case, for SETREGSET it is permissible to omit the payload, in which
377  case only the vector length and flags are changed (along with any
378  consequences of those changes).
379
380* In systems supporting SME when in streaming mode a GETREGSET for
381  NT_REG_SVE will return only the user_sve_header with no register data,
382  similarly a GETREGSET for NT_REG_SSVE will not return any register data
383  when not in streaming mode.
384
385* A GETREGSET for NT_ARM_SSVE will never return SVE_PT_REGS_FPSIMD.
386
387* For SETREGSET, if an SVE_PT_REGS_SVE payload is present and the
388  requested VL is not supported, the effect will be the same as if the
389  payload were omitted, except that an EIO error is reported.  No
390  attempt is made to translate the payload data to the correct layout
391  for the vector length actually set.  The thread's FPSIMD state is
392  preserved, but the remaining bits of the SVE registers become
393  unspecified.  It is up to the caller to translate the payload layout
394  for the actual VL and retry.
395
396* Where SME is implemented it is not possible to GETREGSET the register
397  state for normal SVE when in streaming mode, nor the streaming mode
398  register state when in normal mode, regardless of the implementation defined
399  behaviour of the hardware for sharing data between the two modes.
400
401* Any SETREGSET of NT_ARM_SVE will exit streaming mode if the target was in
402  streaming mode and any SETREGSET of NT_ARM_SSVE will enter streaming mode
403  if the target was not in streaming mode.
404
405* The effect of writing a partial, incomplete payload is unspecified.
406
407
4088.  ELF coredump extensions
409---------------------------
410
411* NT_ARM_SVE and NT_ARM_SSVE notes will be added to each coredump for
412  each thread of the dumped process.  The contents will be equivalent to the
413  data that would have been read if a PTRACE_GETREGSET of the corresponding
414  type were executed for each thread when the coredump was generated.
415
4169.  System runtime configuration
417--------------------------------
418
419* To mitigate the ABI impact of expansion of the signal frame, a policy
420  mechanism is provided for administrators, distro maintainers and developers
421  to set the default vector length for userspace processes:
422
423/proc/sys/abi/sve_default_vector_length
424
425    Writing the text representation of an integer to this file sets the system
426    default vector length to the specified value rounded to a supported value
427    using the same rules as for setting vector length via PR_SVE_SET_VL.
428
429    The result can be determined by reopening the file and reading its
430    contents.
431
432    At boot, the default vector length is initially set to 64 or the maximum
433    supported vector length, whichever is smaller.  This determines the initial
434    vector length of the init process (PID 1).
435
436    Reading this file returns the current system default vector length.
437
438* At every execve() call, the new vector length of the new process is set to
439  the system default vector length, unless
440
441    * PR_SVE_VL_INHERIT (or equivalently SVE_PT_VL_INHERIT) is set for the
442      calling thread, or
443
444    * a deferred vector length change is pending, established via the
445      PR_SVE_SET_VL_ONEXEC flag (or SVE_PT_VL_ONEXEC).
446
447* Modifying the system default vector length does not affect the vector length
448  of any existing process or thread that does not make an execve() call.
449
45010.  Perf extensions
451--------------------------------
452
453* The arm64 specific DWARF standard [5] added the VG (Vector Granule) register
454  at index 46. This register is used for DWARF unwinding when variable length
455  SVE registers are pushed onto the stack.
456
457* Its value is equivalent to the current SVE vector length (VL) in bits divided
458  by 64.
459
460* The value is included in Perf samples in the regs[46] field if
461  PERF_SAMPLE_REGS_USER is set and the sample_regs_user mask has bit 46 set.
462
463* The value is the current value at the time the sample was taken, and it can
464  change over time.
465
466* If the system doesn't support SVE when perf_event_open is called with these
467  settings, the event will fail to open.
468
469Appendix A.  SVE programmer's model (informative)
470=================================================
471
472This section provides a minimal description of the additions made by SVE to the
473ARMv8-A programmer's model that are relevant to this document.
474
475Note: This section is for information only and not intended to be complete or
476to replace any architectural specification.
477
478A.1.  Registers
479---------------
480
481In A64 state, SVE adds the following:
482
483* 32 8VL-bit vector registers Z0..Z31
484  For each Zn, Zn bits [127:0] alias the ARMv8-A vector register Vn.
485
486  A register write using a Vn register name zeros all bits of the corresponding
487  Zn except for bits [127:0].
488
489* 16 VL-bit predicate registers P0..P15
490
491* 1 VL-bit special-purpose predicate register FFR (the "first-fault register")
492
493* a VL "pseudo-register" that determines the size of each vector register
494
495  The SVE instruction set architecture provides no way to write VL directly.
496  Instead, it can be modified only by EL1 and above, by writing appropriate
497  system registers.
498
499* The value of VL can be configured at runtime by EL1 and above:
500  16 <= VL <= VLmax, where VL must be a multiple of 16.
501
502* The maximum vector length is determined by the hardware:
503  16 <= VLmax <= 256.
504
505  (The SVE architecture specifies 256, but permits future architecture
506  revisions to raise this limit.)
507
508* FPSR and FPCR are retained from ARMv8-A, and interact with SVE floating-point
509  operations in a similar way to the way in which they interact with ARMv8
510  floating-point operations::
511
512         8VL-1                       128               0  bit index
513        +----          ////            -----------------+
514     Z0 |                               :       V0      |
515      :                                          :
516     Z7 |                               :       V7      |
517     Z8 |                               :     * V8      |
518      :                                       :  :
519    Z15 |                               :     *V15      |
520    Z16 |                               :      V16      |
521      :                                          :
522    Z31 |                               :      V31      |
523        +----          ////            -----------------+
524                                                 31    0
525         VL-1                  0                +-------+
526        +----       ////      --+          FPSR |       |
527     P0 |                       |               +-------+
528      : |                       |         *FPCR |       |
529    P15 |                       |               +-------+
530        +----       ////      --+
531    FFR |                       |               +-----+
532        +----       ////      --+            VL |     |
533                                                +-----+
534
535(*) callee-save:
536    This only applies to bits [63:0] of Z-/V-registers.
537    FPCR contains callee-save and caller-save bits.  See [4] for details.
538
539
540A.2.  Procedure call standard
541-----------------------------
542
543The ARMv8-A base procedure call standard is extended as follows with respect to
544the additional SVE register state:
545
546* All SVE register bits that are not shared with FP/SIMD are caller-save.
547
548* Z8 bits [63:0] .. Z15 bits [63:0] are callee-save.
549
550  This follows from the way these bits are mapped to V8..V15, which are caller-
551  save in the base procedure call standard.
552
553
554Appendix B.  ARMv8-A FP/SIMD programmer's model
555===============================================
556
557Note: This section is for information only and not intended to be complete or
558to replace any architectural specification.
559
560Refer to [4] for more information.
561
562ARMv8-A defines the following floating-point / SIMD register state:
563
564* 32 128-bit vector registers V0..V31
565* 2 32-bit status/control registers FPSR, FPCR
566
567::
568
569         127           0  bit index
570        +---------------+
571     V0 |               |
572      : :               :
573     V7 |               |
574   * V8 |               |
575   :  : :               :
576   *V15 |               |
577    V16 |               |
578      : :               :
579    V31 |               |
580        +---------------+
581
582                 31    0
583                +-------+
584           FPSR |       |
585                +-------+
586          *FPCR |       |
587                +-------+
588
589(*) callee-save:
590    This only applies to bits [63:0] of V-registers.
591    FPCR contains a mixture of callee-save and caller-save bits.
592
593
594References
595==========
596
597[1] arch/arm64/include/uapi/asm/sigcontext.h
598    AArch64 Linux signal ABI definitions
599
600[2] arch/arm64/include/uapi/asm/ptrace.h
601    AArch64 Linux ptrace ABI definitions
602
603[3] Documentation/arch/arm64/cpu-feature-registers.rst
604
605[4] ARM IHI0055C
606    http://infocenter.arm.com/help/topic/com.arm.doc.ihi0055c/IHI0055C_beta_aapcs64.pdf
607    http://infocenter.arm.com/help/topic/com.arm.doc.subset.swdev.abi/index.html
608    Procedure Call Standard for the ARM 64-bit Architecture (AArch64)
609
610[5] https://github.com/ARM-software/abi-aa/blob/main/aadwarf64/aadwarf64.rst
611