On 3/14/19 3:51 AM, Alex Bennée wrote: > Amir CHARIF <amir.cha...@cea.fr> writes: > >> Hello, >> Thanks for your answer. >> >> The wrong size was definitely being stored in the TB, and, it only affected >> ADDVL/RDVL/ADDPL (i.e. not all instructions are wrong). Here is what I think >> was happening: >> >> - The kernel disables SVE in EL0 (ZEN= 01). >> - When the user space application is entered, the TB containing ADDVL has >> its length set to 0 (16 bytes), as we are in EL0 (so sve_exception_el!=0), >> and FP is enabled. >> - ADDVL is executed (without trapping) on the basis of the current >> length (16). (Nested function calls in the same context will cause a >> ton of ADDVL instructions to be executed with a vecsize of 16.) > So this looks like the error. Certainly the pseudo code says: > > CheckSVEEnabled(); > bits(64) operand1 = if n == 31 then SP[] else X[n]; > bits(64) result = operand1 + (imm * (VL DIV 8)); > > if d == 31 then > SP[] = result; > else > X[d] = result; > > so we should trap to the kernel and we won't without sve_access_check() >
Yes. A browse through the file suggests ADDVL, ADDPL, and RDVL are missing the check. I'll write up a fix. r~
