Summary
The polyval 0.7.0-rc.9 avx2.rs backend crashes with SIGILL on x86_64 CPUs that support PCLMULQDQ but not AVX2 (e.g. Intel Pentium Gold, Celeron, some Atom processors).
Root Cause
In src/backend/intrinsics/avx2.rs, the runtime CPU feature detection only checks for pclmulqdq:
// avx2.rs line 34
cpufeatures::new!(clmul, "pclmulqdq");
But the functions guarded by this check are annotated with both avx2 and pclmulqdq:
#[target_feature(enable = "avx2", enable = "pclmulqdq")]
pub(super) unsafe fn expand_key(h: &[u8; 16]) -> ExpandedKey { ... }
#[target_feature(enable = "avx2", enable = "pclmulqdq")]
pub(super) unsafe fn proc_block(...) -> FieldElement { ... }
#[target_feature(enable = "avx2", enable = "pclmulqdq")]
pub(super) unsafe fn proc_par_blocks(...) -> FieldElement { ... }When running on a CPU with PCLMULQDQ but without AVX2:
InitToken::init_get() returns has_intrinsics = true (pclmulqdq detected)- The
expand_key / proc_block / proc_par_blocks functions are called
- The compiler emits VEX-encoded instructions (e.g.
vmovdqu, vpxor, vpclmullqhqdq) due to the avx2 target feature annotation
- The CPU faults with SIGILL
Affected CPUs
Any x86_64 CPU with PCLMULQDQ but without AVX/AVX2, including:
- Intel Pentium Gold (G5400, G5420, etc.)
- Intel Celeron (G4900, G4930, etc.)
- Some Intel Atom processors
- Some older AMD processors
Reproduction
Run any program using aes-gcm (which depends on ghash → polyval) on an Intel Pentium Gold G5420 or similar CPU. The process crashes with SIGILL during the first encryption/decryption operation.
GDB backtrace at crash site:
polyval::backend::intrinsics::intrinsics_impl::expand_key
→ vmovdqu (%rsi),%xmm0 ← SIGILL (AVX VEX-encoded instruction)
Suggested Fix
Change the cpufeatures::new! invocation to also check for avx2:
cpufeatures::new!(clmul, "pclmulqdq", "avx2");
This ensures the intrinsics path is only used when both features are available. CPUs without AVX2 will correctly fall back to the software implementation in backend/soft.rs.
Environment
- CPU: Intel Pentium Gold G5420 @ 3.80GHz (PCLMULQDQ: yes, AVX/AVX2: no)
- OS: Ubuntu Linux 6.8.0-101-generic x86_64
- polyval version: 0.7.0-rc.9
- Discovered via rustfs (S3-compatible object storage) failing to start
Summary
The
polyval0.7.0-rc.9avx2.rsbackend crashes withSIGILLon x86_64 CPUs that support PCLMULQDQ but not AVX2 (e.g. Intel Pentium Gold, Celeron, some Atom processors).Root Cause
In
src/backend/intrinsics/avx2.rs, the runtime CPU feature detection only checks forpclmulqdq:But the functions guarded by this check are annotated with both
avx2andpclmulqdq:When running on a CPU with PCLMULQDQ but without AVX2:
InitToken::init_get()returnshas_intrinsics = true(pclmulqdq detected)expand_key/proc_block/proc_par_blocksfunctions are calledvmovdqu,vpxor,vpclmullqhqdq) due to theavx2target feature annotationAffected CPUs
Any x86_64 CPU with PCLMULQDQ but without AVX/AVX2, including:
Reproduction
Run any program using
aes-gcm(which depends onghash→polyval) on an Intel Pentium Gold G5420 or similar CPU. The process crashes with SIGILL during the first encryption/decryption operation.GDB backtrace at crash site:
Suggested Fix
Change the
cpufeatures::new!invocation to also check foravx2:This ensures the intrinsics path is only used when both features are available. CPUs without AVX2 will correctly fall back to the software implementation in
backend/soft.rs.Environment