Debian Bug report logs - #462112
libc6 mips needs LL SC WAR for R10k < rev 3.0

version graph

Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@lists.debian.org>; Source for libc6 is src:eglibc.

Reported by: Florian Lohoff <flo@rfc822.org>

Date: Tue, 22 Jan 2008 16:12:01 UTC

Severity: normal

Tags: patch

Found in version glibc/2.7-6

Fixed in version glibc/2.7-7

Done: Aurelien Jarno <aurel32@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#462112; Package libc6. Full text and rfc822 format available.

Acknowledgement sent to Florian Lohoff <flo@rfc822.org>:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Florian Lohoff <flo@rfc822.org>
To: submit@bugs.debian.org
Subject: libc6 mips needs LL SC WAR for R10k < rev 3.0
Date: Tue, 22 Jan 2008 17:00:45 +0100
[Message part 1 (text/plain, inline)]
Package: libc6
Version: 2.7-6
Tags: patch

Hi,

the R10000 needs an LL/SC Workaround. If not applied all R10k before
rev 3.0 misbehave on atomic ops and rev 2.6 and lower (e.g. SGI IP28)
die after very few seconds with a deadlock due to even more erratas.
To quote the CPU Erratas workaround:

	Workaround: The basic idea is to inhibit the four instructions
	from simultaneously becoming active in R10000. Padding all
	ll/sc sequences with nops or changing the looping branch in the
	routines to a branch likely (which is always predicted taken
	by R10000) will work. The nops should go after the loop, and the
	number of them should be 28. This number could be decremented for
	each additional instruction in the ll/sc loop such as the lock
	modifier(s) between the ll and sc, the looping branch and its
	delay slot. For typical short routines with one ll/sc loop, any
	instructions after the loop could also count as a decrement. The
	nop workaround pollutes the cache more but would be a few cycles
	faster if all the code is in the cache and the looping branch
	is predicted not taken.

The kernels way in e.g. arch/mips/kernel/scall32-o32.S

	204 #ifdef CONFIG_CPU_HAS_LLSC
	205         /* Ok, this is the ll/sc case.  World is sane :-)  */
	206 1:      ll      v0, (a1)
	207         move    a0, a2
	208 2:      sc      a0, (a1)
	209 #if R10000_LLSC_WAR
	210         beqzl   a0, 1b
	211 #else
	212         beqz    a0, 1b
	213 #endif

This is the patch i successfully build a working libc6 for my SGI IP28 with:

diff -Nur glibc-2.7.orig/ports/sysdeps/mips/bits/atomic.h glibc-2.7/ports/sysdeps/mips/bits/atomic.h
--- ports/sysdeps/mips/bits/atomic.h.orig	2005-03-28 09:14:59.000000000 +0000
+++ ports/sysdeps/mips/bits/atomic.h	2008-01-18 11:17:14.000000000 +0000
@@ -74,7 +74,7 @@
      "bne	%0,%2,2f\n\t"						      \
      "move	%1,%3\n\t"						      \
      "sc	%1,%4\n\t"						      \
-     "beqz	%1,1b\n"						      \
+     "beqzl	%1,1b\n"						      \
      acq	"\n\t"							      \
      ".set	pop\n"							      \
      "2:\n\t"								      \
@@ -98,7 +98,7 @@
      "bne	%0,%2,2f\n\t"						      \
      "move	%1,%3\n\t"						      \
      "scd	%1,%4\n\t"						      \
-     "beqz	%1,1b\n"						      \
+     "beqzl	%1,1b\n"						      \
      acq	"\n\t"							      \
      ".set	pop\n"							      \
      "2:\n\t"								      \
@@ -192,7 +192,7 @@
      "ll	%0,%3\n\t"						      \
      "move	%1,%2\n\t"						      \
      "sc	%1,%3\n\t"						      \
-     "beqz	%1,1b\n"						      \
+     "beqzl	%1,1b\n"						      \
      acq	"\n\t"							      \
      ".set	pop\n"							      \
      "2:\n\t"								      \
@@ -216,7 +216,7 @@
      "lld	%0,%3\n\t"						      \
      "move	%1,%2\n\t"						      \
      "scd	%1,%3\n\t"						      \
-     "beqz	%1,1b\n"						      \
+     "beqzl	%1,1b\n"						      \
      acq	"\n\t"							      \
      ".set	pop\n"							      \
      "2:\n\t"								      \
@@ -251,7 +251,7 @@
      "ll	%0,%3\n\t"						      \
      "addu	%1,%0,%2\n\t"						      \
      "sc	%1,%3\n\t"						      \
-     "beqz	%1,1b\n"						      \
+     "beqzl	%1,1b\n"						      \
      acq	"\n\t"							      \
      ".set	pop\n"							      \
      "2:\n\t"								      \
@@ -275,7 +275,7 @@
      "lld	%0,%3\n\t"						      \
      "daddu	%1,%0,%2\n\t"						      \
      "scd	%1,%3\n\t"						      \
-     "beqz	%1,1b\n"						      \
+     "beqzl	%1,1b\n"						      \
      acq	"\n\t"							      \
      ".set	pop\n"							      \
      "2:\n\t"								      \

Flo
-- 
Florian Lohoff                  flo@rfc822.org             +49-171-2280134
	Those who would give up a little freedom to get a little 
          security shall soon have neither - Benjamin Franklin
[signature.asc (application/pgp-signature, inline)]

Tags added: pending Request was from Aurelien Jarno <aurel32@alioth.debian.org> to control@bugs.debian.org. (Tue, 22 Jan 2008 22:15:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#462112; Package libc6. Full text and rfc822 format available.

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. Full text and rfc822 format available.

Message #12 received at 462112@bugs.debian.org (full text, mbox):

From: Martin Michlmayr <tbm@cyrius.com>
To: 462112@bugs.debian.org
Subject: [ths@networkno.de: Re: Tester with IP27/IP30 needed]
Date: Tue, 5 Feb 2008 06:35:40 -0700
FYI; read the section about MIPS I.

----- Forwarded message from Thiemo Seufer <ths@networkno.de> -----

From: Thiemo Seufer <ths@networkno.de>
Subject: Re: Tester with IP27/IP30 needed
Date: Tue, 5 Feb 2008 12:22:11 +0000
To: Kumba <kumba@gentoo.org>
Cc: Florian Lohoff <flo@rfc822.org>, Ralf Baechle <ralf@linux-mips.org>,
	Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
	linux-mips@linux-mips.org, debian-mips@lists.debian.org
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)

Kumba wrote:
> Florian Lohoff wrote:
>> On Sun, Feb 03, 2008 at 03:16:48AM +0100, Ralf Baechle wrote:
>>> On Sat, Feb 02, 2008 at 05:08:31PM -0500, Kumba wrote:
>>>
>>>> Thomas Bogendoerfer wrote:
>>>>> no suprise here. As Ralf already noted cache barrier is a restricted
>>>>> instruction, it will always cause a illegal instruction when used
>>>>> in user space. Nevertheless it looks like all IP28 are affected
>>>>> by the simple exploit. Flo built glibc 2.7 with LLSC war workaround
>>>>> and this avoids triggering the hang.
>>>> Ah, didn't know the 'cache' instructions was kernel-mode only.  
>>>> Explains why it survived then :)
>>>>
>>>> How does one enable the LLSC war workaround in glibc?
>>> By modifying the code ;-)
>>
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462112
>>
>> Flo
>
> Interesting.  Is there a reason the kernel uses an #ifdef to choose 
> between 'bezq' and 'bezql' that's not needed in glibc itself?  Or does 
> glibc itself lack a mechanism to detect CPU types to single out this 
> specific change?

glibc for mips has currently no such mechanism. Note that this change
breaks MIPS I CPUs, so it is not generally applicable.

> And any idea if uClibc will need similar mods?

It needs a similiar change to support R10000 v2.5.


Thiemo

----- End forwarded message -----

-- 
Martin Michlmayr
http://www.cyrius.com/




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#462112; Package libc6. Full text and rfc822 format available.

Acknowledgement sent to Thiemo Seufer <ths@networkno.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. Full text and rfc822 format available.

Message #17 received at 462112@bugs.debian.org (full text, mbox):

From: Thiemo Seufer <ths@networkno.de>
To: Martin Michlmayr <tbm@cyrius.com>
Cc: 462112@bugs.debian.org
Subject: Re: Bug#462112: [ths@networkno.de: Re: Tester with IP27/IP30 needed]
Date: Tue, 5 Feb 2008 14:05:58 +0000
Martin Michlmayr wrote:
> FYI; read the section about MIPS I.

Should be known already, for Debian this is uncritical as there is no
supported MIPS I machine left.


Thiemo

> ----- Forwarded message from Thiemo Seufer <ths@networkno.de> -----
> 
> From: Thiemo Seufer <ths@networkno.de>
> Subject: Re: Tester with IP27/IP30 needed
> Date: Tue, 5 Feb 2008 12:22:11 +0000
> To: Kumba <kumba@gentoo.org>
> Cc: Florian Lohoff <flo@rfc822.org>, Ralf Baechle <ralf@linux-mips.org>,
> 	Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
> 	linux-mips@linux-mips.org, debian-mips@lists.debian.org
> User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
> 
> Kumba wrote:
> > Florian Lohoff wrote:
> >> On Sun, Feb 03, 2008 at 03:16:48AM +0100, Ralf Baechle wrote:
> >>> On Sat, Feb 02, 2008 at 05:08:31PM -0500, Kumba wrote:
> >>>
> >>>> Thomas Bogendoerfer wrote:
> >>>>> no suprise here. As Ralf already noted cache barrier is a restricted
> >>>>> instruction, it will always cause a illegal instruction when used
> >>>>> in user space. Nevertheless it looks like all IP28 are affected
> >>>>> by the simple exploit. Flo built glibc 2.7 with LLSC war workaround
> >>>>> and this avoids triggering the hang.
> >>>> Ah, didn't know the 'cache' instructions was kernel-mode only.  
> >>>> Explains why it survived then :)
> >>>>
> >>>> How does one enable the LLSC war workaround in glibc?
> >>> By modifying the code ;-)
> >>
> >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462112
> >>
> >> Flo
> >
> > Interesting.  Is there a reason the kernel uses an #ifdef to choose 
> > between 'bezq' and 'bezql' that's not needed in glibc itself?  Or does 
> > glibc itself lack a mechanism to detect CPU types to single out this 
> > specific change?
> 
> glibc for mips has currently no such mechanism. Note that this change
> breaks MIPS I CPUs, so it is not generally applicable.
> 
> > And any idea if uClibc will need similar mods?
> 
> It needs a similiar change to support R10000 v2.5.
> 
> 
> Thiemo
> 
> ----- End forwarded message -----
> 
> -- 
> Martin Michlmayr
> http://www.cyrius.com/
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-glibc-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 




Reply sent to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Florian Lohoff <flo@rfc822.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #22 received at 462112-close@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurel32@debian.org>
To: 462112-close@bugs.debian.org
Subject: Bug#462112: fixed in glibc 2.7-7
Date: Tue, 12 Feb 2008 23:02:05 +0000
Source: glibc
Source-Version: 2.7-7

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:

glibc-doc_2.7-7_all.deb
  to pool/main/g/glibc/glibc-doc_2.7-7_all.deb
glibc_2.7-7.diff.gz
  to pool/main/g/glibc/glibc_2.7-7.diff.gz
glibc_2.7-7.dsc
  to pool/main/g/glibc/glibc_2.7-7.dsc
libc6-dbg_2.7-7_amd64.deb
  to pool/main/g/glibc/libc6-dbg_2.7-7_amd64.deb
libc6-dev-i386_2.7-7_amd64.deb
  to pool/main/g/glibc/libc6-dev-i386_2.7-7_amd64.deb
libc6-dev_2.7-7_amd64.deb
  to pool/main/g/glibc/libc6-dev_2.7-7_amd64.deb
libc6-i386_2.7-7_amd64.deb
  to pool/main/g/glibc/libc6-i386_2.7-7_amd64.deb
libc6-pic_2.7-7_amd64.deb
  to pool/main/g/glibc/libc6-pic_2.7-7_amd64.deb
libc6-prof_2.7-7_amd64.deb
  to pool/main/g/glibc/libc6-prof_2.7-7_amd64.deb
libc6-udeb_2.7-7_amd64.udeb
  to pool/main/g/glibc/libc6-udeb_2.7-7_amd64.udeb
libc6_2.7-7_amd64.deb
  to pool/main/g/glibc/libc6_2.7-7_amd64.deb
libnss-dns-udeb_2.7-7_amd64.udeb
  to pool/main/g/glibc/libnss-dns-udeb_2.7-7_amd64.udeb
libnss-files-udeb_2.7-7_amd64.udeb
  to pool/main/g/glibc/libnss-files-udeb_2.7-7_amd64.udeb
locales-all_2.7-7_amd64.deb
  to pool/main/g/glibc/locales-all_2.7-7_amd64.deb
locales_2.7-7_all.deb
  to pool/main/g/glibc/locales_2.7-7_all.deb
nscd_2.7-7_amd64.deb
  to pool/main/g/glibc/nscd_2.7-7_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 462112@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 12 Feb 2008 22:29:56 +0100
Source: glibc
Binary: glibc-doc locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.7-7
Distribution: unstable
Urgency: low
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 glibc-doc  - GNU C Library: Documentation
 libc6      - GNU C Library: Shared libraries
 libc6-dbg  - GNU C Library: Libraries with debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc6-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-prof - GNU C Library: Profiling Libraries
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 438179 453480 456260 456779 462112 463342 464022 464395 464594 464924
Changes: 
 glibc (2.7-7) unstable; urgency=low
 .
   [ Arthur Loiret ]
   * patches/sh4/cvs-nptl-private-futexes.diff: new patch from CVS to fix
     FTBFS on sh4.
 .
   [ Samuel Thibault ]
   * patches/hurd-i386/cvs-epfnosupport.diff: new patch to fix socket()
     error for IPV6.
 .
   [ Aurelien Jarno ]
   * patches/any/local-ldso-disable-hwcap.diff: enable tls/ directory even
     when hardware capabilities are disabled. This workarounds a bug in
     nvidia-glx.  Closes: #453480.
   * patches/mips/local-r10k.diff: new patch from Florian Lohoff to
     workaround LL/SC bug on R10k.  Closes: #462112.
   * patches/mips/submitted-mipsn32.diff: new patch to fix truncate64()
     on MIPS n32.
   * kfreebsd/local-sysdeps.diff: update to revision 2129 (from glibc-bsd).
   * patches/any/cvs-epoll_h.diff: new patch from CVS to define EPOLLRDHUP
     in /usr/include/sys/epoll.h. Closes: #463342.
   * patches/any/submitted-gcc-4.3.diff: pass -isystem option for GCC's
     include-fixed/ directory. Fixes build with gcc-4.3.
   * debian/control.in/main: bump to Standards-Version 3.7.3.
   * debian/sysdeps/*.mk: build main flavours with -O2 instead of -O3 (risks to
     trigger a bug in the compiler are higher with -O3). Remove -g from cflags,
     as it is automatically added by the glibc scripts.
   * debhelper.in/nscd.init: depends on $remote_fs instead of $local_fs.
     Closes: #464022.
   * patches/any/submitted-ieee754_h.diff: use __BIG_ENDIAN instead of
     BIG_ENDIAN. Closes: #464594.
   * local/manpages/ld.so.8: Add missing options to manpage. Closes:
     #464395.
   * rules.d/build.mk: build the locales in the build target instead of the
     install one to workaround a bug in fakeroot.  Closes: #464924.
   * patches/alpha/local-dl-procinfo.diff: fix _dl_string_platform() to accept
     NULL pointers, which happens on statically linked binaries.  Closes:
     bug#456260.
   * local/manpages/gai.conf.5: new manpage.
   * any/submitted-rfc3484-sortv4.diff: Drop. Replaced by ...
   * ... any/cvs/rfc3484.diff: patch from upstream to fix various RFC3484
     issues:
     - Fix source IPv4 source address length computation.  Closes: bug#456779.
     - Only apply rule 9 for IPv4 if source and destination addresses are on
       the same subnet.  Closes: bug#438179.
Files: 
 f0fa1890d2244b2ec9d9f11e030f4d4a 2072 libs required glibc_2.7-7.dsc
 73ce31cb90381bc64908e350daf3d18b 690107 libs required glibc_2.7-7.diff.gz
 0bd343811be920b557fff431a64eb5cd 1625048 doc optional glibc-doc_2.7-7_all.deb
 83583cf0433ac9c0711bd850107c7224 4428838 libs standard locales_2.7-7_all.deb
 429e48b29ca0f1289ad138298447bb3c 4756432 libs required libc6_2.7-7_amd64.deb
 b99fbb893de16cd8bf0984913ec7c3ea 2457212 libdevel optional libc6-dev_2.7-7_amd64.deb
 7e5795f534052354a9fc677e24a3f621 1899712 libdevel extra libc6-prof_2.7-7_amd64.deb
 5bf443778556d5d976affe8edc99b264 1439252 libdevel optional libc6-pic_2.7-7_amd64.deb
 f7b484d96bef9d03656445ef922ddb08 2550084 libs extra locales-all_2.7-7_amd64.deb
 6f58447cf1700db71b171a99eb3c9c20 3627476 libs optional libc6-i386_2.7-7_amd64.deb
 d0cf9c71359b3629e2b428e440d8ddac 1432306 libdevel optional libc6-dev-i386_2.7-7_amd64.deb
 5e15d20b752ddff739c6c20660fd086e 169242 admin optional nscd_2.7-7_amd64.deb
 6f39585a5d1a42555fc8d1ecf8896bc2 5125628 libdevel extra libc6-dbg_2.7-7_amd64.deb
 17ecdfef2d6f59bcd255865995fe38c9 1081194 debian-installer extra libc6-udeb_2.7-7_amd64.udeb
 2ef7c2160b580d6ba5c1090ca16560fb 9338 debian-installer extra libnss-dns-udeb_2.7-7_amd64.udeb
 9e0ebbf13825d25b5866812cfcbf5d84 17450 debian-installer extra libnss-files-udeb_2.7-7_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHsiHDw3ao2vG823MRAtCzAJ4wT/ec8P2zaxaib+TaIlBr2TZpHQCfaJeg
QKPil8qU19sYlYI3NA3rZd8=
=XYeF
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 08 Apr 2008 07:28:13 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 12:41:22 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.