[Bug 2037661] [NEW] Intel TDX Azure instances crash during boot due to glibc bug part 2

Heather Lemon 2037661 at bugs.launchpad.net
Thu Sep 28 15:13:13 UTC 2023 

Public bug reported:

[IMPACT]

This is a continuation of the lp # 2011421

Intel TDX Azure instances are segfaulting due to an error in glibc.

The glibc error is fixed with this patch [1]

FYI elaborating on the commit back-port request [1]

https://www.intel.com/content/www/us/en/architecture-and-
technology/64-ia-32-architectures-software-developer-vol-1-manual.html

19.1 USING THE CPUID INSTRUCTION
Use the CPUID instruction for processor identification in the Pentium M processor family, Pentium 4 processor
family, Intel Xeon processor family, P6 family, Pentium processor, and later Intel486 processors. This instruction
returns the family, model and (for some processors) a brand string for the processor that executes the instruction.
It also indicates the features that are present in the processor and gives information about the processor’s caches
and TLB.
The ID flag (bit 21) in the EFLAGS register indicates support for the CPUID instruction. If a software procedure can
set and clear this flag, the processor executing the procedure supports the CPUID instruction. The CPUID instruc-
tion will cause the invalid opcode exception (#UD) if executed on a processor that does not support it.
To obtain processor identification information, a source operand value is placed in the EAX register to select the
type of information to be returned. When the CPUID instruction is executed, selected information is returned in the
EAX, EBX, ECX, and EDX registers. For a complete description of the CPUID instruction, tables indicating values
returned, and example code, see CPUID—CPU Identification in Chapter 3 of the Intel® 64 and IA-32 Architectures
Software Developer’s Manual, Volume 2A

https://www.intel.com/content/www/us/en/architecture-and-
technology/64-ia-32-architectures-software-developer-vol-2a-manual.pdf

Obtain feature flags, status, and system information by using the CPUID instruction, by checking control register
bits, and by reading model-specific registers. We are moving toward a new syntax to represent this information.
See Figure 1-2.
pg 217

[TEST CASE]

Test case requires an azure TDX instance.

Testing instructions from [2] being

getconf  -a | grep CACHE

showing non-zero entries for the cache values

[REGRESSION POTENTIAL]
Compatibility impact on applications which invoke CPUID directly.

[OTHER]

This will affect Mantic, Jammy, Focal

[0] https://azure.microsoft.com/en-us/blog/azure-confidential-computing-on-4th-gen-intel-xeon-scalable-processors-with-intel-tdx/
[1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1493622f4f9048ffede3fbedb64695efa49d662a
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=30643#c12

** Affects: glibc (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: glibc (Ubuntu Focal)
     Importance: Undecided
     Assignee: Heather Lemon (hypothetical-lemon)
         Status: New

** Affects: glibc (Ubuntu Jammy)
     Importance: Undecided
         Status: New

** Affects: glibc (Ubuntu Mantic)
     Importance: Undecided
         Status: New


** Tags: patch

** Also affects: glibc (Ubuntu Mantic)
   Importance: Undecided
       Status: New

** Also affects: glibc (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: glibc (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Changed in: glibc (Ubuntu Focal)
     Assignee: (unassigned) => Heather Lemon (hypothetical-lemon)

** Description changed:

  [IMPACT]
  
  This is a continuation of the lp # 2011421
  
  Intel TDX Azure instances are segfaulting due to an error in glibc.
  
  The glibc error is fixed with this patch [1]
  
+ FYI elaborating on the commit back-port request [1]
+ 
+ https://www.intel.com/content/www/us/en/architecture-and-
+ technology/64-ia-32-architectures-software-developer-vol-1-manual.html
+ 
+ 19.1 USING THE CPUID INSTRUCTION
+ Use the CPUID instruction for processor identification in the Pentium M processor family, Pentium 4 processor
+ family, Intel Xeon processor family, P6 family, Pentium processor, and later Intel486 processors. This instruction
+ returns the family, model and (for some processors) a brand string for the processor that executes the instruction.
+ It also indicates the features that are present in the processor and gives information about the processor’s caches
+ and TLB.
+ The ID flag (bit 21) in the EFLAGS register indicates support for the CPUID instruction. If a software procedure can
+ set and clear this flag, the processor executing the procedure supports the CPUID instruction. The CPUID instruc-
+ tion will cause the invalid opcode exception (#UD) if executed on a processor that does not support it.
+ To obtain processor identification information, a source operand value is placed in the EAX register to select the
+ type of information to be returned. When the CPUID instruction is executed, selected information is returned in the
+ EAX, EBX, ECX, and EDX registers. For a complete description of the CPUID instruction, tables indicating values
+ returned, and example code, see CPUID—CPU Identification in Chapter 3 of the Intel® 64 and IA-32 Architectures
+ Software Developer’s Manual, Volume 2A
+ 
+ https://www.intel.com/content/www/us/en/architecture-and-
+ technology/64-ia-32-architectures-software-developer-vol-2a-manual.pdf
+ 
+ Obtain feature flags, status, and system information by using the CPUID instruction, by checking control register
+ bits, and by reading model-specific registers. We are moving toward a new syntax to represent this information.
+ See Figure 1-2.
+ pg 217
  
  [TEST CASE]
  
  Test case requires an azure TDX instance.
  
  Testing instructions from [2] being
  
  getconf  -a | grep CACHE
  
  showing non-zero entries for the cache values
  
- 
  [REGRESSION POTENTIAL]
  Compatibility impact on applications which invoke CPUID directly.
  (they might have to be patched in ways similar to glibc). But at least the glibc patch appears to be working.
- 
  
  [OTHER]
  
  This will affect Mantic, Jammy, Focal
  
- [0] https://azure.microsoft.com/en-us/blog/azure-confidential-computing-on-4th-gen-intel-xeon-scalable-processors-with-intel-tdx/ 
- [1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1493622f4f9048ffede3fbedb64695efa49d662a 
+ [0] https://azure.microsoft.com/en-us/blog/azure-confidential-computing-on-4th-gen-intel-xeon-scalable-processors-with-intel-tdx/
+ [1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1493622f4f9048ffede3fbedb64695efa49d662a
  [2] https://sourceware.org/bugzilla/show_bug.cgi?id=30643#c12

** Description changed:

  [IMPACT]
  
  This is a continuation of the lp # 2011421
  
  Intel TDX Azure instances are segfaulting due to an error in glibc.
  
  The glibc error is fixed with this patch [1]
  
  FYI elaborating on the commit back-port request [1]
  
  https://www.intel.com/content/www/us/en/architecture-and-
  technology/64-ia-32-architectures-software-developer-vol-1-manual.html
  
  19.1 USING THE CPUID INSTRUCTION
  Use the CPUID instruction for processor identification in the Pentium M processor family, Pentium 4 processor
  family, Intel Xeon processor family, P6 family, Pentium processor, and later Intel486 processors. This instruction
  returns the family, model and (for some processors) a brand string for the processor that executes the instruction.
  It also indicates the features that are present in the processor and gives information about the processor’s caches
  and TLB.
  The ID flag (bit 21) in the EFLAGS register indicates support for the CPUID instruction. If a software procedure can
  set and clear this flag, the processor executing the procedure supports the CPUID instruction. The CPUID instruc-
  tion will cause the invalid opcode exception (#UD) if executed on a processor that does not support it.
  To obtain processor identification information, a source operand value is placed in the EAX register to select the
  type of information to be returned. When the CPUID instruction is executed, selected information is returned in the
  EAX, EBX, ECX, and EDX registers. For a complete description of the CPUID instruction, tables indicating values
  returned, and example code, see CPUID—CPU Identification in Chapter 3 of the Intel® 64 and IA-32 Architectures
  Software Developer’s Manual, Volume 2A
  
  https://www.intel.com/content/www/us/en/architecture-and-
  technology/64-ia-32-architectures-software-developer-vol-2a-manual.pdf
  
  Obtain feature flags, status, and system information by using the CPUID instruction, by checking control register
  bits, and by reading model-specific registers. We are moving toward a new syntax to represent this information.
  See Figure 1-2.
  pg 217
  
  [TEST CASE]
  
  Test case requires an azure TDX instance.
  
  Testing instructions from [2] being
  
  getconf  -a | grep CACHE
  
  showing non-zero entries for the cache values
  
  [REGRESSION POTENTIAL]
  Compatibility impact on applications which invoke CPUID directly.
- (they might have to be patched in ways similar to glibc). But at least the glibc patch appears to be working.
  
  [OTHER]
  
  This will affect Mantic, Jammy, Focal
  
  [0] https://azure.microsoft.com/en-us/blog/azure-confidential-computing-on-4th-gen-intel-xeon-scalable-processors-with-intel-tdx/
  [1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1493622f4f9048ffede3fbedb64695efa49d662a
  [2] https://sourceware.org/bugzilla/show_bug.cgi?id=30643#c12

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/2037661

Title:
  Intel TDX Azure instances crash during boot due to glibc bug part 2

Status in glibc package in Ubuntu:
  New
Status in glibc source package in Focal:
  New
Status in glibc source package in Jammy:
  New
Status in glibc source package in Mantic:
  New

Bug description:
  [IMPACT]

  This is a continuation of the lp # 2011421

  Intel TDX Azure instances are segfaulting due to an error in glibc.

  The glibc error is fixed with this patch [1]

  FYI elaborating on the commit back-port request [1]

  https://www.intel.com/content/www/us/en/architecture-and-
  technology/64-ia-32-architectures-software-developer-vol-1-manual.html

  19.1 USING THE CPUID INSTRUCTION
  Use the CPUID instruction for processor identification in the Pentium M processor family, Pentium 4 processor
  family, Intel Xeon processor family, P6 family, Pentium processor, and later Intel486 processors. This instruction
  returns the family, model and (for some processors) a brand string for the processor that executes the instruction.
  It also indicates the features that are present in the processor and gives information about the processor’s caches
  and TLB.
  The ID flag (bit 21) in the EFLAGS register indicates support for the CPUID instruction. If a software procedure can
  set and clear this flag, the processor executing the procedure supports the CPUID instruction. The CPUID instruc-
  tion will cause the invalid opcode exception (#UD) if executed on a processor that does not support it.
  To obtain processor identification information, a source operand value is placed in the EAX register to select the
  type of information to be returned. When the CPUID instruction is executed, selected information is returned in the
  EAX, EBX, ECX, and EDX registers. For a complete description of the CPUID instruction, tables indicating values
  returned, and example code, see CPUID—CPU Identification in Chapter 3 of the Intel® 64 and IA-32 Architectures
  Software Developer’s Manual, Volume 2A

  https://www.intel.com/content/www/us/en/architecture-and-
  technology/64-ia-32-architectures-software-developer-vol-2a-manual.pdf

  Obtain feature flags, status, and system information by using the CPUID instruction, by checking control register
  bits, and by reading model-specific registers. We are moving toward a new syntax to represent this information.
  See Figure 1-2.
  pg 217

  [TEST CASE]

  Test case requires an azure TDX instance.

  Testing instructions from [2] being

  getconf  -a | grep CACHE

  showing non-zero entries for the cache values

  [REGRESSION POTENTIAL]
  Compatibility impact on applications which invoke CPUID directly.

  [OTHER]

  This will affect Mantic, Jammy, Focal

  [0] https://azure.microsoft.com/en-us/blog/azure-confidential-computing-on-4th-gen-intel-xeon-scalable-processors-with-intel-tdx/
  [1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1493622f4f9048ffede3fbedb64695efa49d662a
  [2] https://sourceware.org/bugzilla/show_bug.cgi?id=30643#c12

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2037661/+subscriptions

More information about the foundations-bugs mailing list