Bug#331519: marked as done (libc6.1: unaligned access in nscd_helper's get_mapping)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 5 Apr 2009 00:02:50 +0200
with message-id <20090404220240.GA25919@radis.liafa.jussieu.fr>
and subject line Re: Bug#331519: libc6.1: unaligned access in nscd_helper's get_mapping
has caused the Debian Bug report #331519,
regarding libc6.1: unaligned access in nscd_helper's get_mapping
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
331519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331519
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libc6.1: unaligned access in nscd_helper's get_mapping
• From: Samuel Thibault <sthibault@labri.fr>
• Date: Mon, 03 Oct 2005 22:27:57 +0200
• Message-id: <1128371277.804758.29270.nullmailer@billy.dalton.labri.fr>

Package: libc6.1
Version: 2.3.5-6
Severity: minor


Hi,

On ia64, we keep getting kernel messages like this:
zsh(23995): unaligned access to 0x60000fffffffb264, ip=0x200000000040e8d1
zsh(23995): unaligned access to 0x60000fffffffb264, ip=0x200000000040e8d1

Running it through gdb reveals that lines 186 and 204 or nscd/nscd_helper.c
hold the issue:


     char buf[CMSG_SPACE (sizeof (int))];
     struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1,
                           .msg_control = buf, .msg_controllen = sizeof (buf) };
     struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);

     cmsg->cmsg_level = SOL_SOCKET;
     cmsg->cmsg_type = SCM_RIGHTS;
186  cmsg->cmsg_len = CMSG_LEN (sizeof (int));
   
     *(int *) CMSG_DATA (cmsg) = -1;
   
     msg.msg_controllen = cmsg->cmsg_len;

     if (TEMP_FAILURE_RETRY (__recvmsg (sock, &msg, 0)) != keylen)
       goto out_close2;
   
     mapfd = *(int *) CMSG_DATA (cmsg);
   
204  if (CMSG_FIRSTHDR (&msg)->cmsg_len != CMSG_LEN (sizeof (int)))
       goto out_close;
   
     struct stat64 st;
     if (strcmp (resdata, key) != 0

The problem seems to be that, since it is a char array, buf is not necessarily
8-byte aligned, while it needs to be for ia64 to access the 8-byte wide
cmsg_len field.

Regards,
Samuel

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: ia64
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-1-mckinley-smp
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: Samuel Thibault <sthibault@labri.fr>, 331519-done@bugs.debian.org
• Subject: Re: Bug#331519: libc6.1: unaligned access in nscd_helper's get_mapping
• From: Julien Cristau <jcristau@debian.org>
• Date: Sun, 5 Apr 2009 00:02:50 +0200
• Message-id: <20090404220240.GA25919@radis.liafa.jussieu.fr>
• In-reply-to: <1128371277.804758.29270.nullmailer@billy.dalton.labri.fr>
• References: <1128371277.804758.29270.nullmailer@billy.dalton.labri.fr>

Version: 2.3.6-1

On Mon, Oct  3, 2005 at 22:27:57 +0200, Samuel Thibault wrote:

> 186  cmsg->cmsg_len = CMSG_LEN (sizeof (int));
> 204  if (CMSG_FIRSTHDR (&msg)->cmsg_len != CMSG_LEN (sizeof (int)))
> 
> The problem seems to be that, since it is a char array, buf is not necessarily
> 8-byte aligned, while it needs to be for ia64 to access the 8-byte wide
> cmsg_len field.
> 
Fixed in 2.3.6 according to
http://sources.redhat.com/bugzilla/show_bug.cgi?id=1080

Cheers,
Julien

--- End Message ---