From: "René Scharfe" <l.s.r@web.de>
To: Andrzej Hunt <andrzej@ahunt.org>, Eric Wong <e@80x24.org>,
git@vger.kernel.org
Cc: "Jeff King" <peff@peff.net>, "Junio C Hamano" <gitster@pobox.com>,
"Carlo Marcelo Arenas Belón" <carenas@gmail.com>
Subject: [PATCH] oidtree: avoid unaligned access to crit-bit tree
Date: Sat, 14 Aug 2021 22:00:38 +0200 [thread overview]
Message-ID: <9583052d-9181-7532-304a-4bacfb9e1147@web.de> (raw)
In-Reply-To: <3cbec773-cd99-cf9f-a713-45ef8e6746c3@ahunt.org>
The flexible array member "k" of struct cb_node is used to store the key
of the crit-bit tree node. It offers no alignment guarantees -- in fact
the current struct layout puts it one byte after a 4-byte aligned
address, i.e. guaranteed to be misaligned.
oidtree uses a struct object_id as cb_node key. Since cf0983213c (hash:
add an algo member to struct object_id, 2021-04-26) it requires 4-byte
alignment. The mismatch is reported by UndefinedBehaviorSanitizer at
runtime like this:
hash.h:277:2: runtime error: member access within misaligned address 0x00015000802d for type 'struct object_id', which requires 4 byte alignment
0x00015000802d: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior hash.h:277:2 in
We can fix that by:
1. eliminating the alignment requirement of struct object_id,
2. providing the alignment in struct cb_node, or
3. avoiding the issue by only using memcpy to access "k".
Currently we only store one of two values in "algo" in struct object_id.
We could use a uint8_t for that instead and widen it only once we add
support for our twohundredth algorithm or so. That would not only avoid
alignment issues, but also reduce the memory requirements for each
instance of struct object_id by ca. 9%.
Supporting keys with alignment requirements might be useful to spread
the use of crit-bit trees. It can be achieved by using a wider type for
"k" (e.g. uintmax_t), using different types for the members "byte" and
"otherbits" (e.g. uint16_t or uint32_t for each), or by avoiding the use
of flexible arrays like khash.h does.
This patch implements the third option, though, because it has the least
potential for causing side-effects and we're close to the next release.
If one of the other options is implemented later as well to get their
additional benefits we can get rid of the extra copies introduced here.
Reported-by: Andrzej Hunt <andrzej@ahunt.org>
Signed-off-by: René Scharfe <l.s.r@web.de>
---
cbtree.h | 2 +-
hash.h | 2 +-
oidtree.c | 20 +++++++++++++++-----
3 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/cbtree.h b/cbtree.h
index fe4587087e..a04a312c3f 100644
--- a/cbtree.h
+++ b/cbtree.h
@@ -25,7 +25,7 @@ struct cb_node {
*/
uint32_t byte;
uint8_t otherbits;
- uint8_t k[FLEX_ARRAY]; /* arbitrary data */
+ uint8_t k[FLEX_ARRAY]; /* arbitrary data, unaligned */
};
struct cb_tree {
diff --git a/hash.h b/hash.h
index 27a180248f..9e25c40e9a 100644
--- a/hash.h
+++ b/hash.h
@@ -115,7 +115,7 @@ static inline void git_SHA256_Clone(git_SHA256_CTX *dst, const git_SHA256_CTX *s
struct object_id {
unsigned char hash[GIT_MAX_RAWSZ];
- int algo;
+ int algo; /* XXX requires 4-byte alignment */
};
/* A suitably aligned type for stack allocations of hash contexts. */
diff --git a/oidtree.c b/oidtree.c
index 580cab8ae2..0d39389bee 100644
--- a/oidtree.c
+++ b/oidtree.c
@@ -31,12 +31,19 @@ void oidtree_clear(struct oidtree *ot)
void oidtree_insert(struct oidtree *ot, const struct object_id *oid)
{
struct cb_node *on;
+ struct object_id k;
if (!oid->algo)
BUG("oidtree_insert requires oid->algo");
on = mem_pool_alloc(&ot->mem_pool, sizeof(*on) + sizeof(*oid));
- oidcpy_with_padding((struct object_id *)on->k, oid);
+
+ /*
+ * Clear the padding and copy the result in separate steps to
+ * respect the 4-byte alignment needed by struct object_id.
+ */
+ oidcpy_with_padding(&k, oid);
+ memcpy(on->k, &k, sizeof(k));
/*
* n.b. Current callers won't get us duplicates, here. If a
@@ -68,17 +75,20 @@ int oidtree_contains(struct oidtree *ot, const struct object_id *oid)
static enum cb_next iter(struct cb_node *n, void *arg)
{
struct oidtree_iter_data *x = arg;
- const struct object_id *oid = (const struct object_id *)n->k;
+ struct object_id k;
+
+ /* Copy to provide 4-byte alignment needed by struct object_id. */
+ memcpy(&k, n->k, sizeof(k));
- if (x->algo != GIT_HASH_UNKNOWN && x->algo != oid->algo)
+ if (x->algo != GIT_HASH_UNKNOWN && x->algo != k.algo)
return CB_CONTINUE;
if (x->last_nibble_at) {
- if ((oid->hash[*x->last_nibble_at] ^ x->last_byte) & 0xf0)
+ if ((k.hash[*x->last_nibble_at] ^ x->last_byte) & 0xf0)
return CB_CONTINUE;
}
- return x->fn(oid, x->arg);
+ return x->fn(&k, x->arg);
}
void oidtree_each(struct oidtree *ot, const struct object_id *oid,
--
2.32.0
next prev parent reply other threads:[~2021-08-14 20:01 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-24 0:58 [PATCH] speed up alt_odb_usable() with many alternates Eric Wong
2021-06-27 2:47 ` [PATCH 0/5] optimizations for many odb alternates Eric Wong
2021-06-27 2:47 ` [PATCH 1/5] speed up alt_odb_usable() with many alternates Eric Wong
2021-06-27 2:47 ` [PATCH 2/5] avoid strlen via strbuf_addstr in link_alt_odb_entry Eric Wong
2021-06-27 2:47 ` [PATCH 3/5] make object_directory.loose_objects_subdir_seen a bitmap Eric Wong
2021-06-27 10:23 ` René Scharfe
2021-06-28 23:09 ` Eric Wong
2021-06-27 2:47 ` [PATCH 4/5] oidcpy_with_padding: constify `src' arg Eric Wong
2021-06-27 2:47 ` [PATCH 5/5] oidtree: a crit-bit tree for odb_loose_cache Eric Wong
2021-06-29 14:42 ` Junio C Hamano
2021-06-29 20:17 ` Eric Wong
2021-06-29 20:53 ` [PATCH v2 0/5] optimizations for many alternates Eric Wong
2021-07-07 23:10 ` [PATCH v3 " Eric Wong
2021-07-07 23:10 ` [PATCH v3 1/5] speed up alt_odb_usable() with " Eric Wong
2021-07-08 0:20 ` Junio C Hamano
2021-07-08 1:14 ` Eric Wong
2021-07-08 4:30 ` Junio C Hamano
2021-07-07 23:10 ` [PATCH v3 2/5] avoid strlen via strbuf_addstr in link_alt_odb_entry Eric Wong
2021-07-08 4:57 ` Junio C Hamano
2021-07-07 23:10 ` [PATCH v3 3/5] make object_directory.loose_objects_subdir_seen a bitmap Eric Wong
2021-07-07 23:10 ` [PATCH v3 4/5] oidcpy_with_padding: constify `src' arg Eric Wong
2021-07-07 23:10 ` [PATCH v3 5/5] oidtree: a crit-bit tree for odb_loose_cache Eric Wong
2021-06-29 20:53 ` [PATCH v2 1/5] speed up alt_odb_usable() with many alternates Eric Wong
2021-07-03 10:05 ` René Scharfe
2021-07-04 9:02 ` René Scharfe
2021-07-06 23:01 ` Eric Wong
2021-06-29 20:53 ` [PATCH v2 2/5] avoid strlen via strbuf_addstr in link_alt_odb_entry Eric Wong
2021-06-29 20:53 ` [PATCH v2 3/5] make object_directory.loose_objects_subdir_seen a bitmap Eric Wong
2021-06-29 20:53 ` [PATCH v2 4/5] oidcpy_with_padding: constify `src' arg Eric Wong
2021-06-29 20:53 ` [PATCH v2 5/5] oidtree: a crit-bit tree for odb_loose_cache Eric Wong
2021-07-04 9:02 ` René Scharfe
2021-07-06 23:21 ` Eric Wong
2021-07-04 9:32 ` Ævar Arnfjörð Bjarmason
2021-07-07 23:12 ` Eric Wong
2021-08-06 15:31 ` Andrzej Hunt
2021-08-06 17:53 ` René Scharfe
2021-08-07 22:49 ` Eric Wong
2021-08-09 1:35 ` Carlo Arenas
2021-08-09 1:38 ` [PATCH/RFC 0/3] pedantic errors in next Carlo Marcelo Arenas Belón
2021-08-09 1:38 ` [PATCH/RFC 1/3] oidtree: avoid nested struct oidtree_node Carlo Marcelo Arenas Belón
2021-08-09 1:38 ` [PATCH/RFC 2/3] object-store: avoid extra ';' from KHASH_INIT Carlo Marcelo Arenas Belón
2021-08-09 15:53 ` Junio C Hamano
2021-08-09 1:38 ` [PATCH/RFC 3/3] ci: run a pedantic build as part of the GitHub workflow Carlo Marcelo Arenas Belón
2021-08-09 10:50 ` Bagas Sanjaya
2021-08-09 22:03 ` Carlo Arenas
2021-08-09 14:56 ` Phillip Wood
2021-08-09 22:48 ` Carlo Arenas
2021-08-10 15:24 ` Phillip Wood
2021-08-10 18:25 ` Junio C Hamano
2021-08-30 11:36 ` Ævar Arnfjörð Bjarmason
2021-08-31 20:28 ` Carlo Arenas
2021-08-31 20:51 ` Ævar Arnfjörð Bjarmason
2021-08-31 23:54 ` Carlo Arenas
2021-09-01 1:52 ` Jeff King
2021-09-01 17:55 ` Junio C Hamano
2021-08-30 11:40 ` Ævar Arnfjörð Bjarmason
2021-09-01 9:19 ` [RFC PATCH v2 0/4] developer: support pedantic Carlo Marcelo Arenas Belón
2021-09-01 9:19 ` [RFC PATCH v2 1/4] developer: retire USE_PARENS_AROUND_GETTEXT_N support Carlo Marcelo Arenas Belón
2021-09-01 9:19 ` [RFC PATCH v2 2/4] developer: enable pedantic by default Carlo Marcelo Arenas Belón
2021-09-01 9:19 ` [RFC PATCH v2 3/4] developer: add an alternative script for detecting broken N_() Carlo Marcelo Arenas Belón
2021-09-01 9:19 ` [RFC PATCH v2 4/4] developer: move detect-compiler out of the main directory Carlo Marcelo Arenas Belón
2021-09-01 10:10 ` [RFC PATCH v2 0/4] developer: support pedantic Jeff King
2021-09-01 11:25 ` [PATCH] gettext: remove optional non-standard parens in N_() definition Ævar Arnfjörð Bjarmason
2021-09-01 17:31 ` Eric Sunshine
2021-09-02 9:13 ` Jeff King
2021-09-02 19:19 ` Junio C Hamano
2021-09-01 11:27 ` [RFC PATCH v2 0/4] developer: support pedantic Ævar Arnfjörð Bjarmason
2021-09-01 18:03 ` Carlo Arenas
2021-09-03 17:02 ` [PATCH v3 0/3] support pedantic in developer mode Carlo Marcelo Arenas Belón
2021-09-03 17:02 ` [PATCH v3 1/3] gettext: remove optional non-standard parens in N_() definition Carlo Marcelo Arenas Belón
2021-09-10 15:39 ` Ævar Arnfjörð Bjarmason
2021-09-03 17:02 ` [PATCH v3 2/3] win32: allow building with pedantic mode enabled Carlo Marcelo Arenas Belón
2021-09-03 18:47 ` René Scharfe
2021-09-03 20:13 ` Carlo Marcelo Arenas Belón
2021-09-03 20:32 ` Junio C Hamano
2021-09-03 20:38 ` René Scharfe
2021-09-04 9:37 ` René Scharfe
2021-09-04 14:42 ` Carlo Arenas
2021-09-27 23:04 ` Jonathan Tan
2021-09-28 0:30 ` Carlo Arenas
2021-09-28 16:50 ` Jonathan Tan
2021-09-28 17:37 ` Junio C Hamano
2021-09-28 20:16 ` Jonathan Tan
2021-09-29 1:00 ` Carlo Arenas
2021-09-29 15:55 ` Junio C Hamano
2021-09-03 17:02 ` [PATCH v3 3/3] developer: enable pedantic by default Carlo Marcelo Arenas Belón
2021-09-05 7:54 ` [PATCH v3 0/3] support pedantic in developer mode Ævar Arnfjörð Bjarmason
2021-08-09 16:44 ` [PATCH/RFC 0/3] pedantic errors in next Junio C Hamano
2021-08-09 20:10 ` Eric Wong
2021-08-10 6:16 ` Carlo Marcelo Arenas Belón
2021-08-10 19:30 ` René Scharfe
2021-08-10 23:49 ` Carlo Arenas
2021-08-11 0:57 ` Carlo Arenas
2021-08-11 14:57 ` René Scharfe
2021-08-11 17:20 ` Junio C Hamano
2021-08-10 18:59 ` [PATCH v2 5/5] oidtree: a crit-bit tree for odb_loose_cache René Scharfe
2021-08-10 19:40 ` René Scharfe
2021-08-14 20:00 ` René Scharfe [this message]
2021-08-16 19:11 ` [PATCH] oidtree: avoid unaligned access to crit-bit tree Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9583052d-9181-7532-304a-4bacfb9e1147@web.de \
--to=l.s.r@web.de \
--cc=andrzej@ahunt.org \
--cc=carenas@gmail.com \
--cc=e@80x24.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).