From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark H Weaver Subject: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation] Date: Sat, 20 Jan 2018 15:34:08 -0500 Message-ID: <87po648e2n.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44185) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eczqe-0007hP-7g for guix-devel@gnu.org; Sat, 20 Jan 2018 15:34:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eczqb-0001Im-3H for guix-devel@gnu.org; Sat, 20 Jan 2018 15:34:44 -0500 Received: from world.peace.net ([50.252.239.5]:46570) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eczqa-0001II-TI for guix-devel@gnu.org; Sat, 20 Jan 2018 15:34:41 -0500 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --=-=-= Content-Type: text/plain Here are two patches that: * Add gcc-7.3.0-RC-20180117, which includes support for retpoline. * Use gcc-7.3 to build linux-libre on x86 systems. I'm currently running linux-libre-4.14.14 with full retpoline support: mhw@jojen ~$ cd /sys/devices/system/cpu/vulnerabilities mhw@jojen /sys/devices/system/cpu/vulnerabilities$ grep . * meltdown:Mitigation: PTI spectre_v1:Vulnerable spectre_v2:Mitigation: Full generic retpoline There's also support for retpoline in linux-libre-4.9.77, but none yet in earlier kernels. My question is: should we push these patches to 'master' now, or should we wait until gcc-7.3 is released (possibly as soon as January 24)? Mark --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-gnu-gcc-Add-gcc-7.3.0-RC-20180117-includes-retpoline.patch Content-Transfer-Encoding: quoted-printable Content-Description: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpoline support] >From 387a02c3f9e157bdf40b2b5ad0e53e5b209f3aa5 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 20 Jan 2018 15:15:19 -0500 Subject: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpoline support]. * gnu/packages/gcc.scm (gcc-7.3): New variable. --- gnu/packages/gcc.scm | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index ad8992289..288c4deb3 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Court=C3= =A8s -;;; Copyright =C2=A9 2014, 2015 Mark H Weaver +;;; Copyright =C2=A9 2014, 2015, 2018 Mark H Weaver ;;; Copyright =C2=A9 2014, 2015, 2016, 2017 Ricardo Wurmus ;;; Copyright =C2=A9 2015 Andreas Enge ;;; Copyright =C2=A9 2015, 2016, 2017 Efraim Flashner @@ -433,6 +433,24 @@ Go. It also includes runtime support libraries for th= ese languages.") for several languages, including C, C++, Objective-C, Fortran, Ada, and Go. It also includes runtime support libraries for these languages."))) =20 +(define-public gcc-7.3 + (package + (inherit gcc-7) + (version "7.3.0-RC-20180117") + (source (origin + (method url-fetch) + (uri (string-append "ftp://gcc.gnu.org/pub/gcc/snapshots/" + version "/gcc-" version ".tar.xz")) + (sha256 + (base32 + "0g447y7q1mdflzkw38d2ycb5w73bgzr5zbwn6135q314wrx6fxp2")) + (patches (search-patches "gcc-strmov-store-file-names.patch" + "gcc-5.0-libvtv-runpath.patch")))) + (description + "GCC is the GNU Compiler Collection. It provides compiler front-ends +for several languages, including C, C++, Objective-C, Fortran, Ada, and Go. +It also includes runtime support libraries for these languages."))) + ;; Note: When changing the default gcc version, update ;; the gcc-toolchain-* definitions and the gfortran definition ;; accordingly. --=20 2.15.1 --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0002-gnu-linux-libre-Full-retpoline-support-on-x86-mitiga.patch Content-Description: [PATCH 2/2] gnu: linux-libre: Full retpoline support on x86 [mitigates spectre] >From d78c7ffa76c3cd2252bd0753c73e88468755184d Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 20 Jan 2018 15:16:20 -0500 Subject: [PATCH 2/2] gnu: linux-libre: Full retpoline support on x86 [mitigates spectre]. * gnu/packages/linux.scm (make-linux-libre): On x86 systems, build with gcc-7.3. --- gnu/packages/linux.scm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 13e08f265..2425fc709 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -283,6 +283,12 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." ("bc" ,bc) ("openssl" ,openssl) ("kmod" ,kmod) + ,@(match (system->linux-architecture + (or (%current-target-system) (%current-system))) + ((or "x86_64" "i386") + `(("gcc" ,gcc-7.3))) + (_ + '())) ,@(match (and configuration-file (configuration-file (system->linux-architecture -- 2.15.1 --=-=-=--