From: ng0 <ng0@n0.is>
To: Alex Vong <alexvong1995@gmail.com>
Cc: guix-devel@gnu.org
Subject: Re: Meltdown / Spectre
Date: Wed, 10 Jan 2018 15:00:12 +0000 [thread overview]
Message-ID: <20180110150012.cvpfieipmj25nbfu@abyayala> (raw)
In-Reply-To: <87wp0qognk.fsf@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2265 bytes --]
Alex Vong transcribed 1.7K bytes:
> Mark H Weaver <mhw@netris.org> writes:
>
> > Mark H Weaver <mhw@netris.org> writes:
> >
> >> I just followed this up with a Spectre mitigation for WebKitGTK+
> >> backported from upstream WebKit:
> >>
> >> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=56804398a94bea941183ae4ed29d2a9f82069a6f
> >
> > FYI, adding a patch to 'webkitgtk' seems to have greatly exacerbated an
> > existing race condition in webkitgtk's build system, presumably due to
> > the zeroing of time stamps in the repacked tarball. I believe that
> > *any* patch would have had this effect. I filed the following bug to
> > track this issue:
> >
> > https://bugs.gnu.org/30015
> >
> > Mark
>
> Thanks for all the help and quick fixes.
>
> I have an idea. Should we add a news entry to Guix blog[0] summarizing
> all the above? For example, we can advice users to install noscript and
> turn off javascript by default and only enable it on trusted site when
> necessary.
Yes. If you ask yourself the question, it's already possible that someone
out there (realistic: multiple someones) doesn't follow the mailinglist
all the time and they miss it out. a summary on the website will be good imho.
> About the "Retpoline" mitigation technique[1]. Right now only GCC 7.2.0
> is patched, but our default gcc version is 5.4.0 in master and 5.5.0 in
> core-updates. So I tried to apply the patches apply the patches to
> 5.5.0. There are totally 17 commits/patches. The first 3 patch can be
> modified to work while the 4th patch cannot be easily modified to work
> because the function ``ix86_nopic_noplt_attribute_p'' is not present on
> 5.5.0. Perhaps discarding the hunk would be fine, but we need to be
> careful about it (maybe running tests make sure the fix really works).
>
> Do you think we should modify the patch to make it work on GCC 5 or
> update core-updates to GCC 7 instead?
>
> [0]: https://www.gnu.org/software/guix/blog/
> [1]: http://git.infradead.org/users/dwmw2/gcc-retpoline.git/shortlog/refs/heads/retpoline
>
>
--
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
WWW: https://n0.is/a/ :: https://ea.n0.is
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-01-10 14:00 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-06 13:20 What do Meltdown and Spectre mean for libreboot x200 user? Alex Vong
2018-01-06 17:23 ` Mark H Weaver
2018-01-06 17:43 ` Meltdown / Spectre Leo Famulari
2018-01-06 20:15 ` Mark H Weaver
2018-01-07 6:38 ` Mark H Weaver
2018-01-07 21:23 ` bug#30015: WebKitGTK nondeterministic build failures Mark H Weaver
2018-01-09 20:14 ` Efraim Flashner
2018-01-10 5:49 ` Leo Famulari
2020-03-22 20:40 ` Leo Famulari
2018-01-07 21:29 ` Meltdown / Spectre Mark H Weaver
2018-01-09 21:39 ` Alex Vong
2018-01-10 4:59 ` Leo Famulari
2018-01-16 10:57 ` Ludovic Courtès
2018-01-19 22:06 ` Mark H Weaver
2018-01-20 0:17 ` Leo Famulari
2018-01-21 16:26 ` Mark H Weaver
2018-01-24 14:23 ` Ludovic Courtès
2018-01-24 16:19 ` Mark H Weaver
2018-01-26 22:05 ` Mark H Weaver
2018-01-27 16:12 ` Ludovic Courtès
2018-01-10 15:00 ` ng0 [this message]
2018-01-08 10:30 ` Ludovic Courtès
2018-01-10 5:27 ` Leo Famulari
2018-01-07 2:44 ` Chris Marusich
2018-01-08 17:22 ` Katherine Cox-Buday
2018-01-08 18:26 ` Marius Bakke
2018-01-08 21:51 ` Tobias Geerinckx-Rice
2018-01-08 22:01 ` Tobias Geerinckx-Rice
2018-01-09 20:13 ` Katherine Cox-Buday
2018-01-09 21:18 ` Tobias Geerinckx-Rice
2018-01-10 5:26 ` Leo Famulari
2018-01-11 19:45 ` Katherine Cox-Buday
2018-01-11 21:49 ` Adonay Felipe Nogueira
2018-01-10 10:46 ` Tobias Platen
2018-01-10 17:20 ` Leo Famulari
2018-01-10 6:43 ` Christopher Lemmer Webber
2018-01-10 18:41 ` Kei Kebreau
2018-01-16 3:58 ` Chris Marusich
2018-01-17 19:20 ` Gábor Boskovits
2018-01-14 15:11 ` Alex Vong
2018-01-09 23:10 ` Mark H Weaver
2018-01-10 5:04 ` Leo Famulari
2018-01-16 11:10 ` Ludovic Courtès
2018-01-17 2:38 ` Mike Gerwitz
2018-01-17 14:11 ` Ludovic Courtès
2018-01-10 9:36 ` Chris Marusich
2018-01-10 11:49 ` Adonay Felipe Nogueira
2018-01-10 12:35 ` Tobias Platen
2018-01-10 14:04 ` Gábor Boskovits
2018-01-12 0:25 ` Marius Bakke
2018-01-15 8:07 ` Pjotr Prins
2018-01-16 3:08 ` Mike Gerwitz
2018-01-16 10:04 ` Pjotr Prins
2018-01-12 7:39 ` Chris Marusich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110150012.cvpfieipmj25nbfu@abyayala \
--to=ng0@n0.is \
--cc=alexvong1995@gmail.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.