Ubuntu

Unsafe type-punning causes alignment faults on armel

Reported by Dave Martin on 2011-06-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gtk-sharp2 (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: gtk-sharp2

An attempted string comparison optimisation in the generated glue code in gtk-sharp2 casts strings to 64-bit integer pointers and tries to dereference them, violating the alignment requirements for type-casts specified by ISO C.

The affected code is the HAS_PREFIX() macro generated from generator/GenerationInfo.cs

On armel, 64-bit integer types must be 64-bit aligned, and the compiler is allowed to assume this when generating code which dereferences 64-bit pointers. The resulting alignment faults are trapped by the kernel and the affected instructions are silently emulated, but this may cost thousands of cycles per affected instruction in userspace.

Possible fixes include:
 * Implement HAS_PREFIX() in a safe, ISO-compliant way using memcmp() (tested; this works)
 * Implement HAS_PREFIX() using pointers to a packed structure type containing a 64-bit integer instead of pointers to a bare 64-bit integer type
 * Write inline assembler for ARM which uses LDR instructions to load the data to be compared. These can natively do unaligned access, whereas the 64-bit LDRD instructions the compiler currently generates cannot.
 * Arrange for the strings compared always to have the appropriate alignment (may be difficult?)

To reproduce:

Enable logging of alignment faults:
# echo 3 >/proc/cpu/alignment

$ banshee &
[...]

$ dmesg
[...]
[ 150.543599] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x00636319 FSR 0x001
[ 150.543636] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x006362ee FSR 0x001
[ 150.544446] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x00834177 FSR 0x001
[ 150.544472] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x00834081 FSR 0x001
[ 150.544495] Alignment trap: banshee (2630) PC=0x2de45438 Instr=0xe9d04500 Add
ress=0x00833faa FSR 0x001

Version info:

The bug was observed in natty, but it is believed to affect other versions too.

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 11.04
Release: 11.04
Codename: natty
$ apt-cache policy libgtk2.0-cil
 w3m http://releaseslibgtk2.0-cil:
  Installed: 2.12.10-1ubuntu1
  Candidate: 2.12.10-1ubuntu1
  Version table:
 *** 2.12.10-1ubuntu1 0
        990 http://ports.ubuntu.com/ubuntu-ports/ natty/main armel Packages
        100 /var/lib/dpkg/status
     2.12.10-1 0
        500 http://ports.ubuntu.com/ubuntu-ports/ maverick/main armel Packages

$ apt-cache policy banshee
banshee:
  Installed: 2.0.0-2ubuntu1
  Candidate: 2.0.0-2ubuntu1
  Version table:
 *** 2.0.0-2ubuntu1 0
        990 http://ports.ubuntu.com/ubuntu-ports/ natty/main armel Packages
        100 /var/lib/dpkg/status
     1.8.1-0ubuntu1 0
        500 http://ports.ubuntu.com/ubuntu-ports/ maverick-updates/universe armel Packages
     1.7.6-0ubuntu1 0
        500 http://ports.ubuntu.com/ubuntu-ports/ maverick/universe armel Packages

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers