Unaligned access in networking code causes unaligned exception on Nucleo-F429ZI

[therealprof]

Trying to run some networking sample code (with the default configuration) on my new Nucleo-F429ZI board yields this interesting exception:

**** BOOTING ZEPHY***** USAGE FAULT *****
Executing thread ID (thread): 0x200038ac
Faulting instruction address: 0x80097e6
Unaligned memory access
Fatal fault in essential thread! Spinning...

Very much to my surprise it is somewhat obvious where that unaligned exception is coming from:

 80097e0:       689b            ldr     r3, [r3, #8]
        dst->s6_addr[0]   = 0xFF;
 80097e2:       f240 22ff       movw    r2, #767        ; 0x2ff
        UNALIGNED_PUT(0, &dst->s6_addr16[1]);
 80097e6:       e9c3 2506       strd    r2, r5, [r3, #24]
        UNALIGNED_PUT(0, &dst->s6_addr16[3]);

It's somewhat less obvious (to me at least) what to do about it...

[erwango]

Hi @therealprof,

Can you eleaborate a bit on this issue, so we can investigate and fix it?
What sample were you running ? Is that systematic?

[therealprof]

@erwango I just built the default configuration for the Nucleo-F429ZI and ran it. The sample I was trying was the one in samples/net/lwm2m_client/ but I think I've seen it with other networking examples as well.

Meanwhile I've also been able to build a configuration that doesn't crash. I don't have the board here but I think the workaround was to change from
CONFIG_SIZE_OPTIMIZATIONS=y
to
CONFIG_DEBUG_OPTIMIZATIONS=y

Yes, it is systematic. And just looking at the exception and the executed code not at all surprising to the innocent bystander.

If you'd like me to test anything specific or provide more output, I can dig up the board later today and run some stuff.

[erwango]

Hi @therealprof
I think we can try, in net_ipv6_addr_create_solicited_node, to do something like :
dst->s6_addr[2] = 0x00;
dst->s6_addr[3] = 0x00;
UNALIGNED_PUT(0, &dst->s6_addr32[1]);
UNALIGNED_PUT(0, &dst->s6_addr16[4]);
instead of
UNALIGNED_PUT(0, &dst->s6_addr16[1]);
UNALIGNED_PUT(0, &dst->s6_addr16[2]);
UNALIGNED_PUT(0, &dst->s6_addr16[3]);
UNALIGNED_PUT(0, &dst->s6_addr16[4]);

[erwango]

@therealprof , any update?

[jukkar]

I am wondering about that net_ipv6_addr_create_solicited_node() function that looks like a culprit. It is missing UNALIGNED_PUT() in couple of places because those that are just u8_t (so one byte) assignments. I have not seen any issues in frdm_k64f or sam_e70_xplained board that use this code all the time, is there some more stricter alignment rules in stm32?

[erwango]

One thing is I'm not able to run the sample fully (lwm2m connection PC <> board), so will be hard for me to reproduce the exact issue.

Anyway, could this be linked with compiler ?
Looking to the code I generate, this comes a bit different (with CONFIG_SIZE_OPTIMIZATIONS=y ), and I guess using strh.w or strb instead of strd will avoid the issue:

UNALIGNED_PUT(0, &dst->s6_addr16[1]);
 800687c:	f8ad 3002 	strh.w	r3, [sp, #2]
UNALIGNED_PUT(0, &dst->s6_addr16[2]);
 8006880:	f8ad 3004 	strh.w	r3, [sp, #4]
UNALIGNED_PUT(0, &dst->s6_addr16[3]);
 8006884:	f8ad 3006 	strh.w	r3, [sp, #6]
UNALIGNED_PUT(0, &dst->s6_addr16[4]);
 8006888:	f8ad 3008 	strh.w	r3, [sp, #8]

or at other places:

UNALIGNED_PUT(0, &dst->s6_addr16[1]);
 800a6e2:	769d      	strb	r5, [r3, #26]
 800a6e4:	76dd      	strb	r5, [r3, #27]
UNALIGNED_PUT(0, &dst->s6_addr16[2]);
 800a6e6:	771d      	strb	r5, [r3, #28]
 800a6e8:	775d      	strb	r5, [r3, #29]
UNALIGNED_PUT(0, &dst->s6_addr16[3]);
 800a6ea:	779d      	strb	r5, [r3, #30]
 800a6ec:	77dd      	strb	r5, [r3, #31]
UNALIGNED_PUT(0, &dst->s6_addr16[4]);
 800a6ee:	f883 5020 	strb.w	r5, [r3, #32]
 800a6f2:	f883 5021 	strb.w	r5, [r3, #33]	; 0x21

Did we changed something that could have impacted this?

Btw, I've been able to run tests/net/mld (which calls net_ipv6_addr_create_solicited_node) successfully on nucleo_f429zi. This does not prove we're safe, since function is inline and hence I think generated assembly might depend on calling function. But at least this shows code could run without fault in some conditions.

[therealprof]

@erwango I just tested the suggested change using

dst->s6_addr[2] = 0x00;
dst->s6_addr[3] = 0x00;
UNALIGNED_PUT(0, &dst->s6_addr32[1]);
UNALIGNED_PUT(0, &dst->s6_addr16[4]);

and that particular crash went away after making the change. I also checked that it still occurs without patch in the latest git version.

So that's good.

Unfortunately I still cannot fully test the lwm2m_client sample because I have a second (and seemingly unrelated) MPU fault now...

[erwango]

@therealprof , thanks for this feedback!

Can you confirm you meet the issue (w/o the patch) with tests/net/mld ?
Also, may I ask which compiler you're using?