From mboxrd@z Thu Jan  1 00:00:00 1970
From: ng0 <ng0@n0.is>
Subject: Re: Meltdown / Spectre
Date: Wed, 10 Jan 2018 15:00:12 +0000
Message-ID: <20180110150012.cvpfieipmj25nbfu@abyayala>
References: <874lnzcedp.fsf@gmail.com> <20180106174358.GA28436@jasmine.lan>
	<87vageeobi.fsf@netris.org> <87incedvgv.fsf@netris.org>
	<87k1wtcq7m.fsf@netris.org> <87wp0qognk.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="txznie726dym2m2w"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44450)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <ng0@n0.is>)
	id 1eZGvU-0008Pi-My
	for guix-devel@gnu.org; Wed, 10 Jan 2018 09:00:30 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ng0@n0.is>) id 1eZGvK-00064j-40
	for guix-devel@gnu.org; Wed, 10 Jan 2018 09:00:20 -0500
Received: from aibo.runbox.com ([91.220.196.211]:43598)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ng0@n0.is>) id 1eZGvJ-00063j-St
	for guix-devel@gnu.org; Wed, 10 Jan 2018 09:00:10 -0500
Content-Disposition: inline
In-Reply-To: <87wp0qognk.fsf@gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Alex Vong <alexvong1995@gmail.com>
Cc: guix-devel@gnu.org


--txznie726dym2m2w
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Alex Vong transcribed 1.7K bytes:
> Mark H Weaver <mhw@netris.org> writes:
>=20
> > Mark H Weaver <mhw@netris.org> writes:
> >
> >> I just followed this up with a Spectre mitigation for WebKitGTK+
> >> backported from upstream WebKit:
> >>
> >>   https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D56804398a94b=
ea941183ae4ed29d2a9f82069a6f
> >
> > FYI, adding a patch to 'webkitgtk' seems to have greatly exacerbated an
> > existing race condition in webkitgtk's build system, presumably due to
> > the zeroing of time stamps in the repacked tarball.  I believe that
> > *any* patch would have had this effect.  I filed the following bug to
> > track this issue:
> >
> >   https://bugs.gnu.org/30015
> >
> >       Mark
>=20
> Thanks for all the help and quick fixes.
>=20
> I have an idea. Should we add a news entry to Guix blog[0] summarizing
> all the above? For example, we can advice users to install noscript and
> turn off javascript by default and only enable it on trusted site when
> necessary.

Yes. If you ask yourself the question, it's already possible that someone
out there (realistic: multiple someones) doesn't follow the mailinglist
all the time and they miss it out. a summary on the website will be good im=
ho.

> About the "Retpoline" mitigation technique[1]. Right now only GCC 7.2.0
> is patched, but our default gcc version is 5.4.0 in master and 5.5.0 in
> core-updates.  So I tried to apply the patches apply the patches to
> 5.5.0. There are totally 17 commits/patches. The first 3 patch can be
> modified to work while the 4th patch cannot be easily modified to work
> because the function ``ix86_nopic_noplt_attribute_p'' is not present on
> 5.5.0. Perhaps discarding the hunk would be fine, but we need to be
> careful about it (maybe running tests make sure the fix really works).
>=20
> Do you think we should modify the patch to make it work on GCC 5 or
> update core-updates to GCC 7 instead?
>=20
> [0]: https://www.gnu.org/software/guix/blog/
> [1]: http://git.infradead.org/users/dwmw2/gcc-retpoline.git/shortlog/refs=
/heads/retpoline
>=20
>=20

--=20
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is/a/  ::  https://ea.n0.is

--txznie726dym2m2w
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlpWKnwACgkQ4i+bv+40
hYh12hAArxgxtCQ6OtiIFN27Q4NsUtzCDglgo+uTO4XcOqq//jxnQvrD+pTQoBoe
Yn3TpEDeqmb3Kaz5w9kjnyt+MDf3N0kqKSmZ2AHbiuz0ymr1ZPfIeiZHUufQlGZ0
GTOyyYmfK2/Tk6VxNnXt9Jl/zZChQw6E417/aS+06iLZKLgzFbtEFrZY0SS0SLED
CBXqL9ufuwDt9F+axmFDMKmHnl3snGQXliTMMfg77DydKBZ1tdoeQx8uAvTgxkum
RhdcEqK+y/8b2+YAonmkNM4ZDSOskc+MN0snGLwyxw8DrplbvdfoQyIkc2raNDrt
RbGFHsmb1osYYv7Hfk8+p4D8/dOo1m7dt3pY2siQqgThGdDScSpVxOpZp8RgnoTE
qtjlijNANXdDk6jDiuc7z5Hn8dwbsJ8GfdCOd+dnoe0hxl7PxIYWA27fmaWfAQI1
9ouhgNBV1zuFkN7OVzJEJJ/UgHBHuBv0+KxUpFgKVlRX4GvUCtAYbYCHR3d+V9uw
AosgAJyZtujFzqGtotWGyxFBm33gT0OHXyaK/P9iD1JUe6oBBrmDkLz+HdlBVtcw
IJUJQs9pTdJy3aVzkV5dxr55G0pFO5GoTggOnrg+qoAttiZ90glZAQmW6seQGySk
/OhtgW9kr0XnUlfrgb8QNkcEmdE4PG0RIUcg7YD4jdYqbIOHQSE=
=ABdk
-----END PGP SIGNATURE-----

--txznie726dym2m2w--