lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 24 Nov 2007 17:19:31 +0100
From:	Pierre Ossman <drzeus-list@...eus.cx>
To:	Luciano Rocha <strange@....no-ip.org>
Cc:	Daniel Drake <dsd@...too.org>, linux-kernel@...r.kernel.org,
	davem@...emloft.net, kune@...ne-taler.de, johannes@...solutions.net
Subject: Re: [RFC] Documentation about unaligned memory access

On Sat, 24 Nov 2007 15:50:52 +0000
Luciano Rocha <strange@....no-ip.org> wrote:

> 
> Dumb memcpy (while (len--) { *d++ = *s++ }) will have alignment problems
> in any case. Intelligent ones, like the one provided in glibc, first copy
> bytes till output is aligned (C file) *or* size is a multiple (i686 asm file)
> of word size, and then it copies word-by-word.
> 
> Linux's x86_64 memcpy does the opposite, copies 64bit words, and then
> copies the last bytes.
> 
> So, in effect, as long as no packed structures are used, memcpy should
> be safer on *int, etc., than *char, as the compiler ensures
> word-alignment.
> 

It most certainly does not. gcc will assume that an int* has int alignment. memcpy() is a builtin, which gcc can translate to pretty much anything. And C specifies that a pointer to foo, will point to a real object of type foo, so gcc can't be blamed for the unsafe typecasts. I have tested this the hard way, so this is not just speculation.

E.g., we have the following struct:

struct foo
{
	u8 a[4];
	u32 b;
};

This struct will have a size of 8 bytes and an alignment of 4 bytes (caused by the member b). Now take the following code:

void copy_foo(struct foo *dst, struct foo *src)
{
	*dst = *src;
}

On a platform that supports 64-bit loads and stores (e.g. AVR32, where I got hit by this), this will generate:

	LD r1, (src)
	ST r1, (dst)

Now if I replace that with:

void copy_foo(struct foo *dst, struct foo *src)
{
	memcpy(dst, src, sizeof(struct foo));
}

then it will generate the same code. So I cannot use copy_foo() to transfer a struct foo either out of, or into a packet buffer.

In other words, memcpy() does _not_ save you from alignment issues. If you cast from char* or void* to something else, you better be damn sure the alignment is correct because gcc will assume it is.

Rgds
-- 
     -- Pierre Ossman

  Linux kernel, MMC maintainer        http://www.kernel.org
  PulseAudio, core developer          http://pulseaudio.org
  rdesktop, core developer          http://www.rdesktop.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ