diff options
Diffstat (limited to 'pipermail/pycrypto/2013q4/000713.html')
| -rw-r--r-- | pipermail/pycrypto/2013q4/000713.html | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/pipermail/pycrypto/2013q4/000713.html b/pipermail/pycrypto/2013q4/000713.html new file mode 100644 index 0000000..21dff87 --- /dev/null +++ b/pipermail/pycrypto/2013q4/000713.html @@ -0,0 +1,176 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML> + <HEAD> + <TITLE> [pycrypto] Crypto.Random crashes due to unaligned access + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Crypto.Random%20crashes%20due%20to%20unaligned%20access&In-Reply-To=%3CCAFCC3ev7TbeY_JzdQ6zdgd5eN8MTPDPqdbxZCMvpGEKN-BhP%3Dg%40mail.gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <style type="text/css"> + pre { + white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */ + } + </style> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000716.html"> + <LINK REL="Next" HREF="000717.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[pycrypto] Crypto.Random crashes due to unaligned access</H1> + <B>Greg Price</B> + <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Crypto.Random%20crashes%20due%20to%20unaligned%20access&In-Reply-To=%3CCAFCC3ev7TbeY_JzdQ6zdgd5eN8MTPDPqdbxZCMvpGEKN-BhP%3Dg%40mail.gmail.com%3E" + TITLE="[pycrypto] Crypto.Random crashes due to unaligned access">gnprice at gmail.com + </A><BR> + <I>Sun Oct 27 16:00:12 PDT 2013</I> + <P><UL> + <LI>Previous message: <A HREF="000716.html">[pycrypto] Crypto.Random crashes due to unaligned access +</A></li> + <LI>Next message: <A HREF="000717.html">[pycrypto] Need your input: Major modernization; dropping legacy Python support? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#713">[ date ]</a> + <a href="thread.html#713">[ thread ]</a> + <a href="subject.html#713">[ subject ]</a> + <a href="author.html#713">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>And the other message that didn't make it before. + +Greg + + +---------- Forwarded message ---------- +From: Greg Price <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">gnprice at gmail.com</A>> +Date: Thu, Oct 24, 2013 at 12:53 PM +Subject: Re: Crypto.Random crashes due to unaligned access +To: Dwayne Litzenberger <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">dlitz at dlitz.net</A>> +Cc: <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> + + +GCC 4.6.3, and same with 4.8.1 (see my later message). "setup.py +test" crashes too. + +See my follow-up last night for more of a diagnosis -- the problem is +that 'rk', aka st->ek, has a type that implies 16-byte alignment, and +we don't get that from PyObject_New. That allocation comes (I think) +straight from malloc(), which with glibc on a 32-bit x86 system gives +only 8-byte alignment. + +One fix would be to move st->ek and st->dk to a separate buffer we +allocate with something like posix_memalign(). This wouldn't require +any copying, as we fill those buffers ourselves in the first place. +It'd just add a layer of indirection in the AESNI.c block_state +struct. + +Alternatively we could try to eliminate the 16-byte alignment, but I +don't immediately see a way of doing that without making the code much +messier, and it'd probably also slow the code down. + +Greg + + +On Thu, Oct 24, 2013 at 9:59 AM, Dwayne Litzenberger <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">dlitz at dlitz.net</A>> wrote: +><i> Hi Greg! +</I>><i> +</I>><i> What version/build of GCC is this? Does "setup.py test" crash for you as well? +</I>><i> +</I>><i> I'd rather figure out how to fix the problem than to start making copies of the key. +</I>><i> +</I>><i> Greg Price <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">gnprice at gmail.com</A>> wrote: +</I>>><i>I get the following crash in a PyCrypto built from the current master, +</I>>><i>af058ee (aka v2.6.1-136-gaf058ee): +</I>>><i> +</I>>>>>><i> import Crypto.Random +</I>>>>>><i> Crypto.Random.new().read(1) +</I>>><i>Segmentation fault (core dumped) +</I>>><i> +</I>>><i>This is on i686. I compiled with GCC 4.6.3 (or "Ubuntu/Linaro +</I>>><i>4.6.3-1ubuntu5".) +</I>>><i> +</I>>><i>GDB shows the crash is here: +</I>>><i> +</I>>><i>Program received signal SIGSEGV, Segmentation fault. +</I>>><i>aes_key_setup_enc (keylen=32, cipherKey= +</I>>><i>0x841b1bc +</I>>><i>"L\fB2\244\225\235\206^\242\305\305b\201\200\335ņ{d\240\343\262;m\361\243\276u~\337&", +</I>>><i>rk= +</I>>><i> 0x84900a8) at src/AESNI.c:122 +</I>>><i>122 rk[0] = _mm_loadu_si128((const __m128i*) cipherKey); +</I>>><i> +</I>>><i>at which the instruction is +</I>>><i> +</I>>><i>(gdb) x/i $pc +</I>>><i>=> 0xb78f2600 <ALGnew+2160>: movdqa %xmm0,0x40(%esi) +</I>>><i> +</I>>><i>This is an aligned store. The documentation of MOVDQA says it should +</I>>><i>be 16-byte aligned. The value of rk (aka %esi + 0x40) is only 8-byte +</I>>><i>aligned: +</I>>><i> +</I>>><i>(gdb) p rk +</I>>><i>$5 = (__m128i *) 0x84900a8 +</I>>><i>(gdb) p/x $esi +</I>>><i>$9 = 0x8490068 +</I>>><i> +</I>>><i>It's not clear to me why GCC generated an aligned instruction here -- +</I>>><i>in fact, the definition of _mm_loadu_si128 in my emmintrin.h appears +</I>>><i>to be +</I>>><i> +</I>>><i>extern __inline __m128i __attribute__((__gnu_inline__, +</I>>><i>__always_inline__, __artificial__)) +</I>>><i>_mm_loadu_si128 (__m128i const *__P) +</I>>><i>{ +</I>>><i> return (__m128i) __builtin_ia32_loaddqu ((char const *)__P); +</I>>><i>} +</I>>><i> +</I>>><i>and the name of that builtin sure sounds more like MOVDQU than MOVDQA. +</I>>><i> Perhaps GCC somehow decides that it can prove the pointer is aligned +</I>>><i>here. +</I>>><i> +</I>>><i>I don't know why GCC makes this mistake, or (since it's never the +</I>>><i>compiler's fault) which code is lying to it about something being +</I>>><i>aligned. Anyone know how to investigate this kind of question? +</I>>><i> +</I>>><i>A workaround would be to make sure that the cipherKey argument to +</I>>><i>aes_key_setup_enc() in src/AESNI.c is always 16-byte aligned. At +</I>>><i>present, that argument comes straight from the first Python-level +</I>>><i>argument to _AESNI.new(); see the PyArg_ParseTupleAndKeywords() call +</I>>><i>in src/block_template.c. I guess to implement this workaround we'd +</I>>><i>copy the key to a new, aligned buffer if it's not aligned. +</I>>><i> +</I>>><i>I can send a patch for that workaround if it seems like the best +</I>>><i>approach. Happy to hear alternatives, and of course it'd be most +</I>>><i>satisfying if we can understand why the compiler is emitting this +</I>>><i>output in the first place. +</I>>><i> +</I>>><i>Greg +</I>><i> +</I>><i> -- +</I>><i> Sent from my Android device with K-9 Mail. Please excuse my brevity. +</I></PRE> + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000716.html">[pycrypto] Crypto.Random crashes due to unaligned access +</A></li> + <LI>Next message: <A HREF="000717.html">[pycrypto] Need your input: Major modernization; dropping legacy Python support? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#713">[ date ]</a> + <a href="thread.html#713">[ thread ]</a> + <a href="subject.html#713">[ subject ]</a> + <a href="author.html#713">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto +mailing list</a><br> +</body></html> |