[Bug 979003] Re: libc incorrectly detects AVX support

Wed Nov 14 22:48:48 UTC 2012

This bug was fixed in the package eglibc - 2.15-0ubuntu10.3

---------------
eglibc (2.15-0ubuntu10.3) precise; urgency=low

  * Backport fixes for dbl-64 and ldbl-128 issues (LP: #1000498)
  * Backport another FMA support patch from glibc master branch.

eglibc (2.15-0ubuntu10.2) precise-security; urgency=low

  * SECURITY UPDATE: stack buffer overflow in vfprintf handling
    (LP: #1031301)
    - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
      array grows too large to handle via alloca extension
    - CVE-2012-3406
  * SECURITY UPDATE: stdlib strtod integer/buffer overflows
    - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
      and modify types to void integer overflows
    - CVE-2012-3480

eglibc (2.15-0ubuntu10.1) precise; urgency=low

  * Backport fix from 2.16 to fix htons() conversion errors on non-x86
    architectures, by correctly casting to uint16_t (LP: #1016349)
  * Restore missing AT_EMPTY_PATH definition in fnctl.h (LP: #1010069)
  * Backport FMA4/AVX detection from glibc 2.16 (LP: #956051, #979003)
  * Backport fixups to AVX-using code to match the detection backport.
  * Backport fix from 2.16 for sscanf/realloc deadlock (LP: #1028038)
  * Backport for bogus FPE on underflow for exp(double) (LP: #1007457)
 -- Adam Conrad <adconrad at ubuntu.com> Wed, 03 Oct 2012 15:58:02 -0600

** Changed in: eglibc (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3406

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3480

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/979003

Title:
  libc incorrectly detects AVX support

Status in “eglibc” package in Ubuntu:
  Fix Released
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Oneiric:
  Confirmed
Status in “eglibc” source package in Precise:
  Fix Released
Status in “eglibc” source package in Quantal:
  Fix Released

Bug description:
  [Impact]
  In processors with AVX support virtual machines running can cause the program to execute invalid opcodes, thus crashing a running program.

  [Development Fix]
  This has been fixed in eglibc in precise. It it present in Lucid, Natty and Oneiric.

  [Stable Fix]
  A fix can be backported from the cvs-avx-detection.diff patch present in the precise version. This is provided in the below debdiff.

  [Test Case]
  Please see how to reproduce.

  [Regression Potential]
  This patch affects amd64 versions of eglibc, and in particular processors that have the AVX extension. This patch adds more complete checks for AVX enablement.

  --

  * Description of the problem:

  libc incorrectly detects if AVX is enabled. On processors with AVX
  support like the Xeon E31270, libc does not check sufficiently to
  determine if AVX is actually enabled. The problem is exhibited on
  virtual machines using the effected version of eglibc where the host
  machine is running Xen and has a AVX capable CPU.

  This bugreport explains the problem well: http://bugs.debian.org/cgi-
  bin/bugreport.cgi?bug=649349

  * Versions Affected:

  The problem is in lucid, eglibc-2.11.1-0ubuntu7.10, x86_64.
  The problem is also in current versions of eglibc available for Natty, Maverick and Oneiric.

  The problem is patched upstream in debian unstable eglibc 2.13-22 which made it into precise eglibc 2.13-23ubuntu1:
  https://launchpad.net/ubuntu/+source/eglibc/2.13-23ubuntu1

  There is a patch backported for glibc 2.11 provided by avx-fix.patch here:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646549

  * How to reproduce:

  The problem may only be reproducible on particular hardware that supports AVX being used as a Xen host.
  It is reproducible when trying to start apache. The program exits when execution of an AVX instruction fails.

  Start Apache on a Lucid guest VM where the host machine is running Xen
  and has a Xeon E31270 model cpu.

  * What happens?
  Apache exits with an error:
  apache2[858] trap invalid opcode ip:7ffcebfdf920 sp:7fffc6da6798 error:0 in ld-2.11.1.so[7ffcebfca000+20000]

  * What is expected?
  Apache starts normally.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/979003/+subscriptions