<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Stack is misaligned for an SSE instruction"
href="https://bugs.llvm.org/show_bug.cgi?id=49015">49015</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Stack is misaligned for an SSE instruction
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>11.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Backend: X86
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mfatihbakir@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>craig.topper@gmail.com, llvm-bugs@lists.llvm.org, llvm-dev@redking.me.uk, pengfei.wang@intel.com, spatel+llvm@rotateright.com
</td>
</tr></table>
<p>
<div>
<pre>Hello,
LLVM seems to emit a `movaps %xmm0, (%rsp)` promptly after it pushes 40 bytes
to a 16 bytes aligned stack, which causes a general protection fault. `movaps`
requires the memory operands to be 16 bytes aligned.
I tried to isolate this as much as possible and put the source code, the LLVM
IR and the emitted code to this gist and explained a bit more in a comment:
<a href="https://gist.github.com/FatihBAKIR/8bc6529c5bd801af1be3edcbdcbdabb3">https://gist.github.com/FatihBAKIR/8bc6529c5bd801af1be3edcbdcbdabb3</a>
At the time the instruction is executed, RSP is at 0x20fb18, which is
misaligned in the entry to this function.
The code is compiled with the following flags: `-target x86_64-none-elf
-mno-red-zone -fno-stack-protector -fomit-frame-pointer -mno-avx
-ffunction-sections -fdata-sections -ffreestanding -flto -fno-rtti
-fno-exceptions -fno-unwind-tables -fno-threadsafe-statics -Os -nostdlib
-nostdinc -std=gnu++2a`
Apologies if I'm missing something obvious.
How to reproduce:
It's difficult to deliver the exact environment to try the code as is, but I
tried to simplify it as much as possible to this:
```
#include <cstdint>
#include <vector>
class network_device {
struct buffer;
std::vector<buffer> m_buffers;
void queue_rx_buf(buffer&& buf);
void isr(void* f, int num);
};
struct virtio_net_hdr {
uint8_t flags;
uint8_t gso_type;
uint16_t hdr_len;
uint16_t gso_size;
uint16_t csum_start;
uint16_t csum_offset;
uint16_t num_buffers;
};
struct network_device::buffer {
virtio_net_hdr* header;
void* data;
};
void network_device::isr(void* f, int num) {
auto isr_status = 1;
if (isr_status & 1) {
auto buf = std::move(m_buffers.front());
*buf.header = {};
m_buffers.erase(m_buffers.begin());
queue_rx_buf(std::move(buf));
}
}
```
(Godbolt: <a href="https://godbolt.org/z/GY8o55">https://godbolt.org/z/GY8o55</a>)
Compiling this with `-mno-red-zone -fno-stack-protector -fomit-frame-pointer
-mno-avx -ffunction-sections -fdata-sections -fno-rtti -fno-exceptions
-fno-unwind-tables -fno-threadsafe-statics -Os -std=gnu++2a` emits code that
starts by pushing 24 bytes to the stack, again breaking the 16 bytes alignment
of %RSP:
```
tos::virtio::network_device::isr(void*, int): #
@tos::virtio::network_device::isr(void*, int)
push rbx
sub rsp, 16
mov rbx, rdi
mov rax, qword ptr [rdi]
movups xmm0, xmmword ptr [rax]
movaps xmmword ptr [rsp], xmm0
```</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>