QEMU

No check for unaligned data access in ARM32 instructions

Bug #1905356 reported by JIANG Muhui on 2020-11-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Richard Henderson

Bug Description

According to the ARM documentation, there are alignment requirements of load/store instructions. Alignment fault should be raised if the alignment check is failed. However, it seems that QEMU doesn't implement this, which is against the documentation of ARM. For example, the instruction LDRD/STRD/LDREX/STREX must check the address is word alignment no matter what value the SCTLR.A is.

I attached a testcase, which contains an instruction at VA 0x10240: ldrd r0,[pc.#1] in the main function. QEMU can successfully load the data in the unaligned address. The test is done in QEMU 5.1.0. I can provide more testcases for the other instructions if you need. Many thanks.

To patch this, we need a check while we translate the instruction to tcg. If the address is unaligned, a signal number (i.e., SIGBUS) should be raised.

Regards
Muhui

See original description

Revision history for this message

JIANG Muhui (muhui) wrote on 2020-11-24:

case_ldrd_arm Edit (43.4 KiB, application/octet-stream)

description:

updated

Revision history for this message

Richard Henderson (rth) wrote on 2020-11-24:

We don't implement SCTLR.A, but you're right that we should be
checking the mandatory alignments.

Note! Any fix will only apply to system mode (qemu-system-arm)
and not user-only mode (qemu-arm).

Changed in qemu:
status:	New → Confirmed

Richard Henderson (rth) on 2020-11-25

Changed in qemu:
assignee:	nobody → Richard Henderson (rth)

Revision history for this message

JIANG Muhui (muhui) wrote on 2020-11-25:

Thanks for confirmation.

Btw: I was wondering why the fix will only apply to system mode rather than user-only mode. Unaligned data access is not permitted in user level programs, either.

Revision history for this message

Richard Henderson (rth) wrote on 2020-11-25:

Because for user-only, we cheat and use host load/store
operations directly. This makes for much faster emulation
but imposes a number of limitations -- including ignoring
of the alignment bits on hosts that have native unaligned
accesses.

As a corollary, when running user-only on a host that
enforces alignment, you cannot emulate a guest that
*allows* unaligned accesses.

Revision history for this message

Richard Henderson (rth) wrote on 2020-11-25:

Proposed patches:
https://<email address hidden>/

Revision history for this message

Thomas Huth (th-huth) wrote on 2021-05-05:

Richard's patches have been merged (see https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4d753eb5fb03ee7bc71ec and the following ones), so I'm setting the state to "Fix committed" now.

Changed in qemu:
status:	Confirmed → Fix Committed

Thomas Huth (th-huth) on 2021-08-25

Changed in qemu:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

case_ldrd_arm Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.