On 2025-01-18 11:45, Lasse Collin wrote:
On 2025-01-18 Paul Eggert wrote:
Does the unaligned read trick work even with CheriBSD's memory-safe
model? That is an edge case that might need an ifdef or something.
I'm not familiar with CheriBSD but the trick never crosses a cache line
boundary (or page boundary). So the memory-safe model has to be really
strict to not allow it.
Yes, it's really that strict.
Do you have access to cfarm <portal.cfarm.net>? If not, I suggest
getting access. Then log into cfarm240.cfarm.net, and compile and run
the following program with "cc -march=morello -mabi=purecap t.c". After
printing the pointer value (which is restricted so that it can
dereference only the one byte) this program crashes and dump core
because the alignment trick does not work on this platform. The crash
occurs even though &c1 happens to be correctly aligned when I build the
program (the compiler puts it first in its word, followed by c0, then
c2...c7), because the full-word fetch is outside the pointer's bounds.
#include <stdalign.h>
#include <stdint.h>
#include <stdio.h>
long
f (char *p)
{
return * (long *) (p - ((uintptr_t) (p) % alignof (long)));
}
char c0, c1, c2, c3, c4, c5, c6, c7;
int
main (void)
{
printf ("%#p\n", &c1);
return f (&c1);
}
One way to fix bugs like this on CHERI is to use the alignment trick
only if the macro __CHERI_PURE_CAPABILITY__ is not defined.
(Unfortunately this macro is not well-documented.)
