[PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[Mark H Weaver]

[-- Attachment #1: Type: text/plain, Size: 685 bytes --]

Here are two patches that:

* Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
* Use gcc-7.3 to build linux-libre on x86 systems.

I'm currently running linux-libre-4.14.14 with full retpoline support:

  mhw@jojen ~$ cd /sys/devices/system/cpu/vulnerabilities
  mhw@jojen /sys/devices/system/cpu/vulnerabilities$ grep . *
  meltdown:Mitigation: PTI
  spectre_v1:Vulnerable
  spectre_v2:Mitigation: Full generic retpoline

There's also support for retpoline in linux-libre-4.9.77, but none yet
in earlier kernels.

My question is: should we push these patches to 'master' now, or should
we wait until gcc-7.3 is released (possibly as soon as January 24)?

      Mark



[-- Attachment #2: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpoline support] --]
[-- Type: text/x-patch, Size: 2277 bytes --]

From 387a02c3f9e157bdf40b2b5ad0e53e5b209f3aa5 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 20 Jan 2018 15:15:19 -0500
Subject: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpoline
 support].

* gnu/packages/gcc.scm (gcc-7.3): New variable.
---
 gnu/packages/gcc.scm | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index ad8992289..288c4deb3 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2018 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
@@ -433,6 +433,24 @@ Go.  It also includes runtime support libraries for these languages.")
 for several languages, including C, C++, Objective-C, Fortran, Ada, and Go.
 It also includes runtime support libraries for these languages.")))
 
+(define-public gcc-7.3
+  (package
+    (inherit gcc-7)
+    (version "7.3.0-RC-20180117")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "ftp://gcc.gnu.org/pub/gcc/snapshots/"
+                                  version "/gcc-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0g447y7q1mdflzkw38d2ycb5w73bgzr5zbwn6135q314wrx6fxp2"))
+              (patches (search-patches "gcc-strmov-store-file-names.patch"
+                                       "gcc-5.0-libvtv-runpath.patch"))))
+    (description
+     "GCC is the GNU Compiler Collection.  It provides compiler front-ends
+for several languages, including C, C++, Objective-C, Fortran, Ada, and Go.
+It also includes runtime support libraries for these languages.")))
+
 ;; Note: When changing the default gcc version, update
 ;;       the gcc-toolchain-* definitions and the gfortran definition
 ;;       accordingly.
-- 
2.15.1


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: [PATCH 2/2] gnu: linux-libre: Full retpoline support on x86 [mitigates spectre] --]
[-- Type: text/x-patch, Size: 1072 bytes --]

From d78c7ffa76c3cd2252bd0753c73e88468755184d Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 20 Jan 2018 15:16:20 -0500
Subject: [PATCH 2/2] gnu: linux-libre: Full retpoline support on x86
 [mitigates spectre].

* gnu/packages/linux.scm (make-linux-libre): On x86 systems, build with
gcc-7.3.
---
 gnu/packages/linux.scm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 13e08f265..2425fc709 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -283,6 +283,12 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
        ("bc" ,bc)
        ("openssl" ,openssl)
        ("kmod" ,kmod)
+       ,@(match (system->linux-architecture
+                 (or (%current-target-system) (%current-system)))
+           ((or "x86_64" "i386")
+            `(("gcc" ,gcc-7.3)))
+           (_
+            '()))
        ,@(match (and configuration-file
                      (configuration-file
                       (system->linux-architecture
-- 
2.15.1

Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[Chris Marusich]

[-- Attachment #1: Type: text/plain, Size: 4600 bytes --]

Mark H Weaver <mhw@netris.org> writes:

> Here are two patches that:
>
> * Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
> * Use gcc-7.3 to build linux-libre on x86 systems.

Awesome!  Thank you for this.

> My question is: should we push these patches to 'master' now, or should
> we wait until gcc-7.3 is released (possibly as soon as January 24)?

Since GuixSD makes it easy to roll back the entire system if it turns
out there's a problem with the new kernel, I think we should just do it.

The only risk I can imagine might be if somebody is building the
Linux-libre kernel with Guix and using that kernel somewhere outside of
GuixSD.  However, even in that case it's pretty easy to roll back to a
previous version of Guix by invoking "guix pull" with the --commit
option.

> From 387a02c3f9e157bdf40b2b5ad0e53e5b209f3aa5 Mon Sep 17 00:00:00 2001
> From: Mark H Weaver <mhw@netris.org>
> Date: Sat, 20 Jan 2018 15:15:19 -0500
> Subject: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpoline
>  support].
>
> * gnu/packages/gcc.scm (gcc-7.3): New variable.
> ---
>  gnu/packages/gcc.scm | 20 +++++++++++++++++++-
>  1 file changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
> index ad8992289..288c4deb3 100644
> --- a/gnu/packages/gcc.scm
> +++ b/gnu/packages/gcc.scm
> @@ -1,6 +1,6 @@
>  ;;; GNU Guix --- Functional package management for GNU
>  ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
> -;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
> +;;; Copyright © 2014, 2015, 2018 Mark H Weaver <mhw@netris.org>
>  ;;; Copyright © 2014, 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
>  ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
>  ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
> @@ -433,6 +433,24 @@ Go.  It also includes runtime support libraries for these languages.")
>  for several languages, including C, C++, Objective-C, Fortran, Ada, and Go.
>  It also includes runtime support libraries for these languages.")))
>  
> +(define-public gcc-7.3
> +  (package
> +    (inherit gcc-7)
> +    (version "7.3.0-RC-20180117")
> +    (source (origin
> +              (method url-fetch)
> +              (uri (string-append "ftp://gcc.gnu.org/pub/gcc/snapshots/"
> +                                  version "/gcc-" version ".tar.xz"))
> +              (sha256
> +               (base32
> +                "0g447y7q1mdflzkw38d2ycb5w73bgzr5zbwn6135q314wrx6fxp2"))
> +              (patches (search-patches "gcc-strmov-store-file-names.patch"
> +                                       "gcc-5.0-libvtv-runpath.patch"))))
> +    (description
> +     "GCC is the GNU Compiler Collection.  It provides compiler front-ends
> +for several languages, including C, C++, Objective-C, Fortran, Ada, and Go.
> +It also includes runtime support libraries for these languages.")))
> +
>  ;; Note: When changing the default gcc version, update
>  ;;       the gcc-toolchain-* definitions and the gfortran definition
>  ;;       accordingly.
> -- 
> 2.15.1

This seems fine to me.

>
> From d78c7ffa76c3cd2252bd0753c73e88468755184d Mon Sep 17 00:00:00 2001
> From: Mark H Weaver <mhw@netris.org>
> Date: Sat, 20 Jan 2018 15:16:20 -0500
> Subject: [PATCH 2/2] gnu: linux-libre: Full retpoline support on x86
>  [mitigates spectre].
>
> * gnu/packages/linux.scm (make-linux-libre): On x86 systems, build with
> gcc-7.3.
> ---
>  gnu/packages/linux.scm | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index 13e08f265..2425fc709 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -283,6 +283,12 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
>         ("bc" ,bc)
>         ("openssl" ,openssl)
>         ("kmod" ,kmod)
> +       ,@(match (system->linux-architecture
> +                 (or (%current-target-system) (%current-system)))
> +           ((or "x86_64" "i386")
> +            `(("gcc" ,gcc-7.3)))
> +           (_
> +            '()))
>         ,@(match (and configuration-file
>                       (configuration-file
>                        (system->linux-architecture

Is "gcc" the correct string to use here if we are in a cross-compilation
context?  Shouldn't it be "cross-gcc" in that case (I was looking at the
'standard-cross-packages' procedure in guix/build-system/gnu.scm)?

-- 
Chris

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[Alex Vong]

Hello Mark,

Mark H Weaver <mhw@netris.org> writes:

> Here are two patches that:
>
> * Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
> * Use gcc-7.3 to build linux-libre on x86 systems.
>
> I'm currently running linux-libre-4.14.14 with full retpoline support:
>
>   mhw@jojen ~$ cd /sys/devices/system/cpu/vulnerabilities
>   mhw@jojen /sys/devices/system/cpu/vulnerabilities$ grep . *
>   meltdown:Mitigation: PTI
>   spectre_v1:Vulnerable
>   spectre_v2:Mitigation: Full generic retpoline
>
> There's also support for retpoline in linux-libre-4.9.77, but none yet
> in earlier kernels.
>
> My question is: should we push these patches to 'master' now, or should
> we wait until gcc-7.3 is released (possibly as soon as January 24)?
>
>       Mark
>
>
[...]

I have a question.

Do we plan to eventually build all programs with all retpoline flags
(-mindirect-branch=thunk, -mfunction-return=thunk, -mindirect-branch-register)
enabled?

In particular, do we build gcc itself with these flags? If so, we will
have to add these flags to BOOT_CFLAGS (which I have problem
understanding how to do it).

Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 914 bytes --]

On Sun, Jan 21, 2018 at 10:09:41PM -0800, Chris Marusich wrote:
> Mark H Weaver <mhw@netris.org> writes:
> 
> > Here are two patches that:
> >
> > * Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
> > * Use gcc-7.3 to build linux-libre on x86 systems.
> 
> Awesome!  Thank you for this.
> 
> > My question is: should we push these patches to 'master' now, or should
> > we wait until gcc-7.3 is released (possibly as soon as January 24)?
> 
> Since GuixSD makes it easy to roll back the entire system if it turns
> out there's a problem with the new kernel, I think we should just do it.

Agreed, the risk seems low. The only issue is that we (and anyone not
using substitutes) will have to build GCC 7 and linux-libre twice in a
short period of time, which could be annoying.

However, I don't have experience with GCC release candidates; I assume
they are of high quality.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 1239 bytes --]

On Sat, Jan 20, 2018 at 03:34:08PM -0500, Mark H Weaver wrote:
> Here are two patches that:
> 
> * Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
> * Use gcc-7.3 to build linux-libre on x86 systems.
> 
> I'm currently running linux-libre-4.14.14 with full retpoline support:
> 
>   mhw@jojen ~$ cd /sys/devices/system/cpu/vulnerabilities
>   mhw@jojen /sys/devices/system/cpu/vulnerabilities$ grep . *
>   meltdown:Mitigation: PTI
>   spectre_v1:Vulnerable
>   spectre_v2:Mitigation: Full generic retpoline
> 
> There's also support for retpoline in linux-libre-4.9.77, but none yet
> in earlier kernels.
> 
> My question is: should we push these patches to 'master' now, or should
> we wait until gcc-7.3 is released (possibly as soon as January 24)?

I'm used this compiler and Guix packages to build a custom Linux 4.14.14
and have used it on my laptop for a day or so now. No problems and the
kernel does see the retpoline:

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[Alex Vong]

Alex Vong <alexvong1995@gmail.com> writes:

> Hello Mark,
>
> Mark H Weaver <mhw@netris.org> writes:
>
>> Here are two patches that:
>>
>> * Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
>> * Use gcc-7.3 to build linux-libre on x86 systems.
>>
>> I'm currently running linux-libre-4.14.14 with full retpoline support:
>>
>>   mhw@jojen ~$ cd /sys/devices/system/cpu/vulnerabilities
>>   mhw@jojen /sys/devices/system/cpu/vulnerabilities$ grep . *
>>   meltdown:Mitigation: PTI
>>   spectre_v1:Vulnerable
>>   spectre_v2:Mitigation: Full generic retpoline
>>
>> There's also support for retpoline in linux-libre-4.9.77, but none yet
>> in earlier kernels.
>>
>> My question is: should we push these patches to 'master' now, or should
>> we wait until gcc-7.3 is released (possibly as soon as January 24)?
>>
>>       Mark
>>
>>
> [...]
>
> I have a question.
>
> Do we plan to eventually build all programs with all retpoline flags
> (-mindirect-branch=thunk, -mfunction-return=thunk, -mindirect-branch-register)
> enabled?
>
> In particular, do we build gcc itself with these flags? If so, we will
> have to add these flags to BOOT_CFLAGS (which I have problem
> understanding how to do it).

I figure it out. We can use 'substitute-keyword-arguments' to alter
'#:make-flags'.

Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[Ludovic Courtès]

Hi Mark,

Mark H Weaver <mhw@netris.org> skribis:

> Here are two patches that:
>
> * Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
> * Use gcc-7.3 to build linux-libre on x86 systems.

With GCC 7.3.0 now out, I think you can go ahead.

> From 387a02c3f9e157bdf40b2b5ad0e53e5b209f3aa5 Mon Sep 17 00:00:00 2001
> From: Mark H Weaver <mhw@netris.org>
> Date: Sat, 20 Jan 2018 15:15:19 -0500
> Subject: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpoline
>  support].
>
> * gnu/packages/gcc.scm (gcc-7.3): New variable.

I think we can upgrade ‘gcc-7’ directly instead of introducing a new
‘gcc-7.3’ variable.  Thoughts?

> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -283,6 +283,12 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
>         ("bc" ,bc)
>         ("openssl" ,openssl)
>         ("kmod" ,kmod)
> +       ,@(match (system->linux-architecture
> +                 (or (%current-target-system) (%current-system)))
> +           ((or "x86_64" "i386")
> +            `(("gcc" ,gcc-7.3)))

Perhaps add a comment that this is for the retpoline mitigation.

Otherwise LGTM, thank you!

Ludo’.

Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]

[Mark H Weaver]

ludo@gnu.org (Ludovic Courtès) writes:

> Mark H Weaver <mhw@netris.org> skribis:
>
>> Here are two patches that:
>>
>> * Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
>> * Use gcc-7.3 to build linux-libre on x86 systems.
>
> With GCC 7.3.0 now out, I think you can go ahead.
>
>> From 387a02c3f9e157bdf40b2b5ad0e53e5b209f3aa5 Mon Sep 17 00:00:00 2001
>> From: Mark H Weaver <mhw@netris.org>
>> Date: Sat, 20 Jan 2018 15:15:19 -0500
>> Subject: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpoline
>>  support].
>>
>> * gnu/packages/gcc.scm (gcc-7.3): New variable.
>
> I think we can upgrade ‘gcc-7’ directly instead of introducing a new
> ‘gcc-7.3’ variable.  Thoughts?

Agreed.

>> --- a/gnu/packages/linux.scm
>> +++ b/gnu/packages/linux.scm
>> @@ -283,6 +283,12 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
>>         ("bc" ,bc)
>>         ("openssl" ,openssl)
>>         ("kmod" ,kmod)
>> +       ,@(match (system->linux-architecture
>> +                 (or (%current-target-system) (%current-system)))
>> +           ((or "x86_64" "i386")
>> +            `(("gcc" ,gcc-7.3)))
>
> Perhaps add a comment that this is for the retpoline mitigation.

Agreed.  I pushed these changes on Thursday.  Fortunately, I had already
done the things you suggested here.

      Thanks!
        Mark