Ubuntu
gcc-4.8 package

HTM __builtin_ttest rtl expansion uses wrong shift amount

Bug #1322287 reported by Peter Bergner
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gcc-4.8 (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned

Bug Description

There is a semi-latent bug for the HTM ttest pattern used with the
__builtin_ttest() builtin. This is supposed to expand to a tabortwci.
instruction which sets cr0 and then some code that copies the cr0 value
into a gpr and then shifts and masks it into the lowest 2 bits in the gpr.
The mfcr and mfocrf instructions which can be used to copy the CR0 value
into a gpr, both copy the value into bits 32-35 of the gpr. The bug is
that we only shift the gpr 24 bits to get the CR value into the low
order bits of the gpr, when we should be shifting 28 bits. This "works"
most of the time due to a peculiarity in how the mfocrf instruction
works, since it copies the CR value into bits 32-35 and duplicates
that value in bits 36-39. Since newish -mcpu targets (eg, power8)
normally generate a mfocrf, we don't see the problem. However, in some
cases, we will instead generate a mfcr instruction, which does expose
the bug.

This bug was reported upstream with a patch here:

    https://gcc.gnu.org/ml/gcc-patches/2014-05/msg01667.html

...and has been fixed upstream in trunk and the FSF 4.9 and FSF 4.8
branches, as revisions 210815, 210817 and 210818 respectively.

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gcc-4.8 - 4.8.3-2ubuntu1

---------------
gcc-4.8 (4.8.3-2ubuntu1) utopic; urgency=medium

  * Update the fix for PR target/61208 for the Linaro branch.

gcc-4.8 (4.8.3-2) unstable; urgency=medium

  * Update to SVN 20140527 (r210956) from the gcc-4_8-branch.
    - Fix PR target/61208. Closes: #748422.
 -- Matthias Klose <email address hidden> Tue, 27 May 2014 09:36:52 +0200

Changed in gcc-4.8 (Ubuntu):
status: New → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Peter, or anyone else affected,

Accepted gcc-4.8 into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gcc-4.8/4.8.4-2ubuntu1~14.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gcc-4.8 (Ubuntu Trusty):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
Peter Bergner (pbergner) wrote :

I can verify this is fixed.

Revision history for this message
Peter Bergner (pbergner) wrote :

Sorry, verified with "gcc version 4.9.1 (Ubuntu 4.9.1-16ubuntu6)".

tags: added: verification-done
removed: verification-needed
Revision history for this message
Peter Bergner (pbergner) wrote :

Verified in gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04) too.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (19.4 KiB)

This bug was fixed in the package gcc-4.8 - 4.8.4-2ubuntu1~14.04

---------------
gcc-4.8 (4.8.4-2ubuntu1~14.04) trusty-proposed; urgency=medium

  * SRU LP: #1311866.
  * Fix PR tree-optimization/63341 (wrong code, rs6000).
  * Allow to turn off -Wformat using Wno-format. LP: #1401836.
  * Fix PR target/60693 (x86, ice on valid code). LP: #1378737.
  * Fix PR tree-optimization/61964 (wrong code). LP: #1347147.
  * Fix GCC miscompilation with boost::asio::io_service::work. LP: #1338693.
  * Fix PR target/61208 (POWER, wrong code). LP: #1322287.
  * Fix ABI incompatibility between POWER and Z HTM builtins and intrinsics.
    LP: #1320292.
  * Fix PR c++/61046 (ice on invalid code). LP: #1313102.
  * Fix wrong-code issue in the little endian vector API (ppc64el).
    LP: #1311128.
  * Fix PR tree-optimization/59358 (wrong code). LP: #1395019.
  * Fix ice on ARM32. LP: #1268893.
  * Don't apply the backport for PR61841 for trusty, causing link failures.
  * Fix wrong code for vector doubleword extract (POWER). LP: #1437467.

gcc-4.8 (4.8.4-2ubuntu1) vivid; urgency=medium

  * Merge with Debian; remaining changes:
    - Build from the upstream source.

gcc-4.8 (4.8.4-2) unstable; urgency=medium

  * Update to SVN 20150426 (r222448) from the gcc-4_8-branch.
    - Fix PR libstdc++/60966, PR c/61553, PR middle-end/63704,
      PR target/61413 (ARM), PR target/64358 (RS6000), PR target/64479 (SH),
      PR target/64409 (x86), PR rtl-optimization/64037, PR c++/64487,
      PR c++/64251, PR c++/64297, PR fortran/63733, PR fortran/64244,
      PR c/64766, PR target/64882, PR rtl-optimization/61058,
      PR middle-end/43631, PR tree-optimization/64563, PR target/64513,
      PR middle-end/57748, PR middle-end/57748, PR target/64795,
      PR fortran/64528, PR fortran/56867, PR fortran/57023, PR c/57653,
      PR tree-optimization/63844 (OpenMP), PR middle-end/64199 (ice on valid),
      PR tree-optimization/64493 (ice on valid), PR tree-optimization/64495
      (wrong code), PR tree-optimization/56273 (diagnostics),
      PR tree-optimization/59124 (diagnostic), PR tree-optimization/64277
      (diagnostic), PR lto/65015, PR target/65163 (SH), PR target/64113 (ALPHA,
      link failure), PR rtl-optimization/64557, PR rtl-optimization/63475
      (ALPHA, wrong code), PR rtl-optimization/63483 (ALPHA, wrong code),
      PR target/64452 (AVR), PR target/64387 (x86, ice on valid),
      PR target/64979 (wrong code), PR target/64580 (rs6000),
      PR fortran/63744 (rejects valid), PR lto/65193 (ice on valid),
      PR tree-optimization/61634 (ice on valid), PR target/65196 (AVR),
      PR tree-optimization/63593 (ice on valid),
      PR tree-optimization/65063 (wrong code), PR target/65286 (rs6000),
      PR 65138/target (rs6000), PR target/53988 (SH), PR target/59593 (ARM),
      PR target/64453 (ARM), PR middle-end/65409 (ice on valid),
      PR tree-optimization/65388, PR fortran/65024 (ice),
      PR fortran/60898 (ice on valid), PR fortran/61138, PR libgfortran/60956,
      PR libstdc++/65279, PR libstdc++/65543, PR target/65849, PR target/65456,
      PR target/65787, PR c++/65727, PR c++/65721, PR fortran/56674,
      PR fortran/58813, PR fortran/590...

Changed in gcc-4.8 (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Update Released

The verification of the Stable Release Update for gcc-4.8 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.