Date: Tue, 10 Feb 2026 17:56:09 +0000 From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Andy Carrel <william.a@carrel.org> Subject: git: 539bbdbd3b0c - releng/15.0 - arm64: Fix kernel panic in get_arm64_sve during core dump Message-ID: <698b7139.268b9.860c0c0@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch releng/15.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=539bbdbd3b0c3c235d441024cf28cef3afd6329e commit 539bbdbd3b0c3c235d441024cf28cef3afd6329e Author: Andy Carrel <william.a@carrel.org> AuthorDate: 2026-01-05 07:50:27 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2026-02-09 16:39:50 +0000 arm64: Fix kernel panic in get_arm64_sve during core dump The coredump logic calls get_arm64_sve twice: once to get the note size, and once to get the data. The note size calculation depended on the volatile `PCB_FP_SVEVALID` flag. If this flag was cleared between the two calls (e.g., due to a context switch clearing the flag to comply with the ABI), the second call would expect a smaller buffer size than the first, triggering a KASSERT panic ("invalid size"). Fix this by ensuring the SVE state is saved to the PCB before we decide whether to use SVE or VFP. Approved by: so Security: FreeBSD-EN-26:04.arm64 PR: 292195 Reviewed by: andrew Differential Revision: https://reviews.freebsd.org/D54532 (cherry picked from commit 93d3ac1daa0ef3ac54ffcd5cc64a14638d04bd60) (cherry picked from commit c70a68bbdbf67e10a8cd8d46857cc6d4533096a9) --- sys/arm64/arm64/vfp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/arm64/arm64/vfp.c b/sys/arm64/arm64/vfp.c index bcddebfaf66e..64f13458e2d9 100644 --- a/sys/arm64/arm64/vfp.c +++ b/sys/arm64/arm64/vfp.c @@ -934,6 +934,9 @@ get_arm64_sve(struct regset *rs, struct thread *td, void *buf, pcb = td->td_pcb; + if (td == curthread && (pcb->pcb_fpflags & PCB_FP_STARTED) != 0) + vfp_save_state(td, pcb); + /* If there is no SVE support in HW then we don't support NT_ARM_SVE */ if (pcb->pcb_sve_len == 0) return (false); @@ -955,9 +958,6 @@ get_arm64_sve(struct regset *rs, struct thread *td, void *buf, KASSERT(*sizep == sizeof(struct svereg_header) + buf_size, ("%s: invalid size", __func__)); - if (td == curthread && (pcb->pcb_fpflags & PCB_FP_STARTED) != 0) - vfp_save_state(td, pcb); - header = buf; memset(header, 0, sizeof(*header));home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?698b7139.268b9.860c0c0>