__memcpy_sse2_unaligned on non-8-byte aligned pointer
Ondřej Bílka
neleai@seznam.cz
Thu Jul 9 07:38:00 GMT 2015
On Mon, Jul 06, 2015 at 02:22:32PM +0200, Stephan Bergmann wrote:
> <https://bugzilla.redhat.com/attachment.cgi?id=1048694> is a SIGSEGV
> backtrace where apparently glibc's __memcpy_sse2_unaligned
> (sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S) is trying to
> write to an address that is not 8-byte aligned,
>
> >Dump of assembler code for function __memcpy_sse2_unaligned:
> > 0x00007fcf46f35b90 <+0>: mov %rsi,%rax
> > 0x00007fcf46f35b93 <+3>: lea (%rdx,%rdx,1),%rcx
> > 0x00007fcf46f35b97 <+7>: sub %rdi,%rax
> > 0x00007fcf46f35b9a <+10>: sub %rdx,%rax
> > 0x00007fcf46f35b9d <+13>: cmp %rcx,%rax
> > 0x00007fcf46f35ba0 <+16>: jb 0x7fcf46f35cad <__memcpy_sse2_unaligned+285>
> > 0x00007fcf46f35ba6 <+22>: cmp $0x10,%rdx
> > 0x00007fcf46f35baa <+26>: jbe 0x7fcf46f35d3b <__memcpy_sse2_unaligned+427>
> > 0x00007fcf46f35bb0 <+32>: movdqu (%rsi),%xmm8
> > 0x00007fcf46f35bb5 <+37>: cmp $0x20,%rdx
> >=> 0x00007fcf46f35bb9 <+41>: movdqu %xmm8,(%rdi)
> [...]
>
> where rdi is 0x7ffc3830b63c (while rsi is 8-byte aligned at 0x7fcf4a314a08).
>
> The code leading up to that memcpy call looks rather unsuspecting,
> and it's unclear to me from the crash report data why it caused a
> SIGSEGV.
>
> However, the Intel documentation for MOVDQU states: "If alignment
> checking is enabled (CR0.AM = 1, RFLAGS.AC = 1, and CPL = 3), an
> alignment-check exception (#AC) may or may not be generated
> (depending on processor implementation) when the operand is not
> aligned on an 8-byte boundary."
>
> Could it be plausible that (a) those alignment checking conditions
> are met for a Linux user space process, (b) that alignment-check
> exception would translate into a SIGSEGV (instead of a SIGBUS, say),
> and (c) that there actually are processor implementations that would
> check for non-8-byte alignment?
>
> It doesn't sound too likely that that would be true, as it would
> mean that arbitrary calls to memcpy (which unconditionally calls
> __memcpy_sse2_unaligned without checking for pointer alignment,
> AFAIU) could fail, but I thought I'd ask here anyway.
Could you check with valgrind first? This is probably just a invalid src
pointer. Basically all string functions use these loads
so alignment checking so it would be bigger problem.
More information about the Libc-help
mailing list