Bug Report: Unaligned Access in BGP Code on ARMv7 Platforms

Thu Dec 5 23:35:13 CET 2024

Dear BIRD Community,

I am writing to report a bug observed in the BGP implementation on ARMv7 
platforms, which results in a SIGBUS error due to unaligned memory 
access in the NEON assembler code. I debugged this issue on version 
2.15.1 of BIRD.

### Problem Description

When running BIRD on ARMv7, the application crashes with a `SIGBUS` 
signal. The issue stems from an unaligned memory access instruction in 
the NEON assembly:

```
vst1.8 {d16-d17}, [r0 :64]
```

This instruction requires the address in `r0` to be 64-bit (8-byte) 
aligned. However, in some cases, `r0` is not correctly aligned, leading 
to a bus error.

Here is an excerpt from the kernel logs showing the alignment trap:

```
kern.err kernel: [90636.175853] Alignment trap: not handling instruction 
f4400a1f at [<00056fbc>]
kern.alert kernel: [90636.182044] Unhandled fault: alignment exception 
(0x801) at 0xb6dec01c
kern.alert kernel: [90636.184946] pgd = 190a2833
kern.alert kernel: [90636.191494] [b6dec01c] *pgd=82e91835, 
*pte=8502b75f, *ppte=8502bc7f
```

### Backtrace

The crash occurs in the `bgp_get_prefix` function due to the misaligned 
memory address:

```
Program received signal SIGBUS, Bus error.
0x00057504 in bgp_get_prefix (path_id=0, net=0xb6f3e030, c=0xb6f27420) 
at proto/bgp/attrs.c:1710
1710    proto/bgp/attrs.c: No such file or directory.
(gdb) bt
  #0  0x00057504 in bgp_get_prefix (path_id=0, net=0xb6f3e030, 
c=0xb6f27420) at proto/bgp/attrs.c:1710
  #1  bgp_rt_notify (old=0x400, new=0x64, n=0x4, C=0xb6f27420, 
P=0xb6f27850) at proto/bgp/attrs.c:1966
  #2  bgp_rt_notify (P=0xb6f27850, C=0xb6f27420, n=0x4, new=0x64, 
old=0x0) at proto/bgp/attrs.c:1936
  ...
```

The exact crashing line is this instruction:

```c
px->path_id = path_id;
```

You can view it here:
https://github.com/CZ-NIC/bird/blob/0b684a43bd7ce4a32c9cd7754b88286bcd1815bb/proto/bgp/attrs.c#L1710

### Root Cause

The root cause appears to be insufficient alignment of memory allocated 
for structures, specifically in this line:

```c
px = mb_alloc(c->pool, sizeof(struct bgp_prefix) + net->length);
```

The allocated memory may not be properly aligned for structures 
containing 64-bit data types, which is mandatory on ARMv7 when using 
NEON instructions.

### Temporary Workaround

To mitigate the issue, we are currently using the GCC compiler flag 
`-mno-unaligned-access`. This flag ensures that the compiler avoids 
generating code that assumes unaligned access is supported, thereby 
preventing the `SIGBUS` error.
https://github.com/freifunk-berlin/falter-packages/commit/fcce390fc57b44593fe969f1063c6ba711fc7f9b

### Request for Feedback

I would like to hear the community's thoughts on the best approach to 
resolve this issue permanently. If needed, I can provide further logs or 
test configurations to reproduce the problem.

Bests,
Nick