hardware-assisted lock elision hazardous on x86
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| eglibc (Ubuntu) | ||||||
| | Trusty |
Medium
|
Chris J Arges | |||
| | glibc (Debian) |
Fix Released
|
Unknown
|
|||
| | glibc (Ubuntu) |
Medium
|
Unassigned | |||
| | Utopic |
Medium
|
Chris J Arges | |||
Bug Description
[Impact]
See https:/
HLE extensions are hazardous due to erratum HSD136.
Users that upgrade their intel-microcode could encounter illegal instruction traps due to microcode updates that blacklist HLE instructions. Glibc uses those instructions and thus we need to be defensive and patch them here.
The issue was originally seen here:
https:/
[Test Case]
Update to latest intel-microcode with microcode-
[Regression Potential]
This has been fixed in vivid, so I'm requesting this patch be backported to T/U.
| Changed in glibc (Ubuntu): | |
| status: | New → Fix Released |
| Changed in glibc (Ubuntu Trusty): | |
| assignee: | nobody → Chris J Arges (arges) |
| Changed in glibc (Ubuntu Utopic): | |
| assignee: | nobody → Chris J Arges (arges) |
| Changed in glibc (Ubuntu Trusty): | |
| importance: | Undecided → Medium |
| Changed in glibc (Ubuntu Utopic): | |
| importance: | Undecided → Medium |
| Changed in glibc (Ubuntu Trusty): | |
| status: | New → In Progress |
| Changed in glibc (Ubuntu Utopic): | |
| status: | New → In Progress |
| no longer affects: | eglibc (Ubuntu Utopic) |
| no longer affects: | glibc (Ubuntu Trusty) |
| Changed in eglibc (Ubuntu): | |
| status: | New → Invalid |
| Changed in eglibc (Ubuntu Trusty): | |
| status: | New → In Progress |
| assignee: | nobody → Chris J Arges (arges) |
| importance: | Undecided → Medium |
| Chris J Arges (arges) wrote : | #1 |
| Chris J Arges (arges) wrote : | #2 |
| Changed in glibc (Debian): | |
| status: | Unknown → Fix Released |
| Chris J Arges (arges) wrote : | #3 |
Hello Chris, or anyone else affected,
Accepted glibc into utopic-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in glibc (Ubuntu Utopic): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed |
| Changed in eglibc (Ubuntu Trusty): | |
| status: | In Progress → Fix Committed |
| Brian Murray (brian-murray) wrote : | #5 |
Hello Chris, or anyone else affected,
Accepted eglibc into trusty-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Chris J Arges (arges) wrote : | #6 |
Ok I was able to verify this for utopic with the following:
1) reproduce bug 1370352 by installing intel-microcode 2.20140913.1ubuntu1
2) install -proposed glibc
3) try to reproduce bug, and now it works!
Trusty doesn't reproduce bug 1370352 (maybe because we're not triggering the right kind of pthread programs when we update microcode). But -proposed onto trusty didn't cause any issues and I was able to update microcodes as normal.
| tags: |
added: verification-done removed: verification-needed |
| Chris J Arges (arges) wrote : | #7 |
Note, I still recommend we patch this for Trusty as well as a precaution. While I was unable to trigger it, a user could easily introduce programs that leverage pthreads in a way to trigger this when we do the microcode update.
| Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package eglibc - 2.19-0ubuntu6.5
---------------
eglibc (2.19-0ubuntu6.5) trusty; urgency=medium
* patches/
Henrique de Moraes Holschuh to disable TSX on processors which might get
it disabled through a microcode update. (LP: #1398975)
-- Chris J Arges <email address hidden> Thu, 04 Dec 2014 08:30:10 -0600
| Changed in eglibc (Ubuntu Trusty): | |
| status: | Fix Committed → Fix Released |
| Adam Conrad (adconrad) wrote : Update Released | #9 |
The verification of the Stable Release Update for eglibc has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
| Launchpad Janitor (janitor) wrote : | #10 |
This bug was fixed in the package glibc - 2.19-10ubuntu2.2
---------------
glibc (2.19-10ubuntu2.2) utopic; urgency=medium
* patches/
Henrique de Moraes Holschuh to disable TSX on processors which might get
it disabled through a microcode update. (LP: #1398975)
-- Chris J Arges <email address hidden> Thu, 04 Dec 2014 10:13:13 -0600
| Changed in glibc (Ubuntu Utopic): | |
| status: | Fix Committed → Fix Released |
| no longer affects: | eglibc (Ubuntu) |
| Changed in glibc (Ubuntu): | |
| importance: | Undecided → Medium |
Uploaded for trusty/utopic.