hardware-assisted lock elision hazardous on x86

Bug #1398975 reported by Chris J Arges on 2014-12-03
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
Trusty
Medium
Chris J Arges
glibc (Debian)
Fix Released
Unknown
glibc (Ubuntu)
Medium
Unassigned
Utopic
Medium
Chris J Arges

Bug Description

[Impact]
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762195 for a full description of the issue.
HLE extensions are hazardous due to erratum HSD136.

Users that upgrade their intel-microcode could encounter illegal instruction traps due to microcode updates that blacklist HLE instructions. Glibc uses those instructions and thus we need to be defensive and patch them here.

The issue was originally seen here:
https://bugs.launchpad.net/intel/+bug/1370352

[Test Case]
Update to latest intel-microcode with microcode-20140913.dat enabled. Try to boot machine and use applications; check dmesg for trap invalid opcodes in libpthread-2.19.so.

[Regression Potential]
This has been fixed in vivid, so I'm requesting this patch be backported to T/U.

Chris J Arges (arges) on 2014-12-03
Changed in glibc (Ubuntu):
status: New → Fix Released
Changed in glibc (Ubuntu Trusty):
assignee: nobody → Chris J Arges (arges)
Changed in glibc (Ubuntu Utopic):
assignee: nobody → Chris J Arges (arges)
Changed in glibc (Ubuntu Trusty):
importance: Undecided → Medium
Changed in glibc (Ubuntu Utopic):
importance: Undecided → Medium
Changed in glibc (Ubuntu Trusty):
status: New → In Progress
Changed in glibc (Ubuntu Utopic):
status: New → In Progress
Chris J Arges (arges) on 2014-12-03
no longer affects: eglibc (Ubuntu Utopic)
no longer affects: glibc (Ubuntu Trusty)
Changed in eglibc (Ubuntu):
status: New → Invalid
Changed in eglibc (Ubuntu Trusty):
status: New → In Progress
assignee: nobody → Chris J Arges (arges)
importance: Undecided → Medium
Chris J Arges (arges) wrote :
Chris J Arges (arges) wrote :
Changed in glibc (Debian):
status: Unknown → Fix Released
Chris J Arges (arges) wrote :

Uploaded for trusty/utopic.

Hello Chris, or anyone else affected,

Accepted glibc into utopic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glibc/2.19-10ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in glibc (Ubuntu Utopic):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in eglibc (Ubuntu Trusty):
status: In Progress → Fix Committed
Brian Murray (brian-murray) wrote :

Hello Chris, or anyone else affected,

Accepted eglibc into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Chris J Arges (arges) wrote :

Ok I was able to verify this for utopic with the following:
1) reproduce bug 1370352 by installing intel-microcode 2.20140913.1ubuntu1
2) install -proposed glibc
3) try to reproduce bug, and now it works!

Trusty doesn't reproduce bug 1370352 (maybe because we're not triggering the right kind of pthread programs when we update microcode). But -proposed onto trusty didn't cause any issues and I was able to update microcodes as normal.

tags: added: verification-done
removed: verification-needed
Chris J Arges (arges) wrote :

Note, I still recommend we patch this for Trusty as well as a precaution. While I was unable to trigger it, a user could easily introduce programs that leverage pthreads in a way to trigger this when we do the microcode update.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.19-0ubuntu6.5

---------------
eglibc (2.19-0ubuntu6.5) trusty; urgency=medium

  * patches/amd64/local-blacklist-on-TSX-Haswell.diff: new patch from
    Henrique de Moraes Holschuh to disable TSX on processors which might get
    it disabled through a microcode update. (LP: #1398975)
 -- Chris J Arges <email address hidden> Thu, 04 Dec 2014 08:30:10 -0600

Changed in eglibc (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for eglibc has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glibc - 2.19-10ubuntu2.2

---------------
glibc (2.19-10ubuntu2.2) utopic; urgency=medium

  * patches/amd64/local-blacklist-on-TSX-Haswell.diff: new patch from
    Henrique de Moraes Holschuh to disable TSX on processors which might get
    it disabled through a microcode update. (LP: #1398975)
 -- Chris J Arges <email address hidden> Thu, 04 Dec 2014 10:13:13 -0600

Changed in glibc (Ubuntu Utopic):
status: Fix Committed → Fix Released
no longer affects: eglibc (Ubuntu)
Changed in glibc (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.