Bug#800574: marked as done (libc6: lock elision hazard on Intel Broadwell and Skylake)

To: Aurelien Jarno <aurel32@debian.org>
Subject: Bug#800574: marked as done (libc6: lock elision hazard on Intel Broadwell and Skylake)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 01 Jan 2016 15:51:36 +0000
Message-id: <[🔎] handler.800574.D800574.145166323111540.ackdone@bugs.debian.org>
References: <E1aF1v2-00011N-Tf@franck.debian.org> <20151001031719.GA18693@khazad-dum.debian.net>

Your message dated Fri, 01 Jan 2016 15:47:08 +0000
with message-id <E1aF1v2-00011N-Tf@franck.debian.org>
and subject line Bug#800574: fixed in glibc 2.19-18+deb8u2
has caused the Debian Bug report #800574,
regarding libc6: lock elision hazard on Intel Broadwell and Skylake
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
800574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800574
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: lock elision hazard on Intel Broadwell and Skylake
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 1 Oct 2015 00:17:19 -0300
Message-id: <20151001031719.GA18693@khazad-dum.debian.net>

Package: libc6
Version: 2.19-4
Severity: grave
Justification: causes non-serious data loss

Intel Broadwell-H and Skylake-S/H have critical errata that causes HLE
to be extremely dangerous to use on those processors, resulting in
unpredictable behavior (i.e. process crashes when you are lucky, data
corruption when you are not) when hardware lock-elision is enabled in
glibc/libpthread.

Broadwell errata BBD50 (desktop/mobile), BDW50 (server):

	An HLE (Hardware Lock Elision) transactional region begins with
	an instruction with the XACQUIRE prefix.  Due to this erratum,
	reads from within the transactional region of the memory
	destination of that instruction may return the value that was
	in memory before the transactional region began

According to the Intel errata list, a firmware fix is possible, but I
have no idea whether it is done by toggling a boot-locked MSR that
disables HLE, or through a microcode update.  The MSR is more likely,
but if it is a microcode update, it is going to be as much of a hazard
as the Haswell one that disabled TSX+HLE.

I recommend that we extend the HLE blacklist in glibc to also include
CPU signature 0x40671.  This will disable HLE on Xeon E3-1200v4, and
5th-generation Core i5/i7.  These processors are supposed to already
have TSX disabled (errata BBD51/BDW51).

Skylake's latest public specification update still doesn't list any HLE
errata, but it is not really recent.  OTOH, there is a Gentoo user's
report that Skylake is also unstable when HLE is enabled in glibc and
that the crashes stop when glibc is compiled without lock elision.

For that reason, it might be a good idea to also blacklist HLE on CPU
signatures 0x506e1, 0x506e2 and 0x506e3, which would disable HLE on
Skylake-S and Skylake-H (6th gen Core i5/i7).  This won't cover the
Skylake Xeon E3-1200v5, for which there are no reports of breakage (nor
a public specification update I could find).

References: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762195
https://bbs.archlinux.org/viewtopic.php?id=202545

In hindsight, it looks like we would have been better off by disabling
lock elision entirely for Debian jessie when we fixed #762195.
Something to consider when the time comes to fix this bug in stable
through a stable update...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

--- End Message ---

--- Begin Message ---

To: 800574-close@bugs.debian.org
Subject: Bug#800574: fixed in glibc 2.19-18+deb8u2
From: Aurelien Jarno <aurel32@debian.org>
Date: Fri, 01 Jan 2016 15:47:08 +0000
Message-id: <E1aF1v2-00011N-Tf@franck.debian.org>

Source: glibc
Source-Version: 2.19-18+deb8u2

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 800574@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Dec 2015 21:39:40 +0100
Source: glibc
Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all
Version: 2.19-18+deb8u2
Distribution: stable
Urgency: medium
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - GNU C Library: Shared libraries [Xen version]
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized)
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 779587 798316 798515 799966 800523 800574 801691 802256 803927
Changes:
 glibc (2.19-18+deb8u2) stable; urgency=medium
 .
   [ Aurelien Jarno ]
   * Update from upstream stable branch:
     - Fix getaddrinfo sometimes returning uninitialized data with nscd.
       Closes: #798515.
     - Fix data corruption while reading the NSS files database
       (CVE-2015-5277).  Closes: #799966.
     - Fix buffer overflow (read past end of buffer) in internal_fnmatch.
     - Fix  _IO_wstr_overflow integer overflow.
     - Fix unexpected closing of nss_files databases after lookups,
       causing denial of service (CVE-2014-8121).  Closes: #779587.
     - Fix NSCD netgroup cache.  Closes: #800523.
   * patches/any/cvs-ld_pointer_guard.diff: new patch from upstream to
     unconditionally disable LD_POINTER_GUARD.  Closes: #798316, #801691.
   * patches/any/cvs-mangle-tls_dtor_list.diff: new patch from upstream to
     mangle function pointers in tls_dtor_list.  Closes: #802256.
   * patches/any/cvs-strxfrm-buffer-overflows.diff: new patch from upstream
     to fix memory allocations issues that can lead to buffer overflows on
     the stack.  Closes: #803927.
 .
   [ Henrique de Moraes Holschuh ]
   * Replace patches/amd64/local-blacklist-on-TSX-Haswell.diff by
     local-blacklist-for-Intel-TSX.diff also blacklisting some Broadwell
     models.  Closes: #800574.
Checksums-Sha1:
 e4386b9b316fb3366323a25c5626df580b3dd100 8236 glibc_2.19-18+deb8u2.dsc
 9a766804327f12ab4424afab959c97d930421f1a 1040948 glibc_2.19-18+deb8u2.debian.tar.xz
 bbf48a19e71e8c9367d8514ff2e1131d34f0134e 2267136 glibc-doc_2.19-18+deb8u2_all.deb
 35528d07531cc05b48fe0a3405de48e2ab91491b 13976542 glibc-source_2.19-18+deb8u2_all.deb
 0b0f9e53d313deb1965e7994c386b5384be66bc2 3954372 locales_2.19-18+deb8u2_all.deb
Checksums-Sha256:
 f87e7448c2e460aac9b1a420469b7848b057a5d4e9f716b26d0277446eabac13 8236 glibc_2.19-18+deb8u2.dsc
 0e407d1610ba95adfe641d7030ddac13105682f638cf8ff1286dfd1c44d24aa3 1040948 glibc_2.19-18+deb8u2.debian.tar.xz
 24366700536fe92feb1570b5ce733d09fac4d1956a5904e330ad7bb642a2a167 2267136 glibc-doc_2.19-18+deb8u2_all.deb
 b940f7c54a40513b5915ff6534b89d5f6b2154c2e78980bfe37b08264f55f90d 13976542 glibc-source_2.19-18+deb8u2_all.deb
 e7694d8bfafffbf78b3ebb79f9e3218d699f0e13b761e1f4c7848705eebc9fe2 3954372 locales_2.19-18+deb8u2_all.deb
Files:
 645a3775c11f5c216a25683b37db0f80 8236 libs required glibc_2.19-18+deb8u2.dsc
 f7c75b3bdf661a84abf51420f15b6933 1040948 libs required glibc_2.19-18+deb8u2.debian.tar.xz
 80e5c2d6537a71b13c549f628e2fdf71 2267136 doc optional glibc-doc_2.19-18+deb8u2_all.deb
 fa2a8d49a5d97782a4f17aaea6edb642 13976542 devel optional glibc-source_2.19-18+deb8u2_all.deb
 f3090452ea4d882d1891f265b90a5979 3954372 localization standard locales_2.19-18+deb8u2_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWgb0OAAoJELqceAYd3Yyb8FcP/3FJ4wWofgVMLI/u8Po9Iq2e
s3YRCwQNyCR7yGPiQS4Ow5OX3z/McXAG9MptMrWJUPetlFYttMqJJ7oW6Sgx5gZq
oZqbU2bI3pvH3qzy/VJfhJSD9r9qYoDRg+5N1LJtpF8D42CbEnKZDNT0KEAFo2qB
5lQcesVhfOGJt8GywiI8W+E10qSaAioWE/qD+D5QSpzoO25suB+9b8spGRZKIT/9
5B36o0DZFfcooPWjjkzab245TKu4SSSmC721whR2HcS4u3mcx9ZdqTEpsEk0DNWm
Hq25r0UJ8nvBffrgBY23odYRWgWeSNQcVml07RFY0dkNyz6FaX1x0917wnBzLvgX
0QAM+gSNs07e6QQV1AnrGzpXRUXsD3KTVklMrkKrKlZ0qmVZjKwzIm3COrIdEXUD
2FU/nSO49zLAvH+kUGMSeDQRDg4pgG2A/uhIq+ty8oBzkDiQvOpZNO8XZ8x2f43O
g1l/RcUF46yzu3WJjKOGoyukKvLMnhywppTHkD4S7fVL+p1mtpBr6p+lNQ9wZuHk
lxYJH4VcmcN1r2mEG6NcR8vdnSWueFIANaFRb/gSiz+oFo0inGLVFgC82a7moD05
yKXLR5BQo5fBNu0upLIrPHK1td9+bAaCyl2O5KlER2YzLtEqVJWcj2J5W/8itYaV
3XIC0DPL18g5+v9LXDpC
=+T4w
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#800523: marked as done (nscd netgroup cache occasionally not updated, nscd -i netgroup hangs)
Next by Date: Bug#798316: marked as done (libc6: Pointer guarding bypass in dynamic Setuid binaries)
Previous by thread: Bug#800523: marked as done (nscd netgroup cache occasionally not updated, nscd -i netgroup hangs)
Next by thread: Bug#803927: marked as done (glibc: multiple overflows in strxfrm())
Index(es):
- Date
- Thread