From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation] Date: Sun, 21 Jan 2018 22:09:41 -0800 Message-ID: <87tvvexw4a.fsf@gmail.com> References: <87po648e2n.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53984) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1edVIl-0004FM-Il for guix-devel@gnu.org; Mon, 22 Jan 2018 01:09:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1edVIk-0000NI-8U for guix-devel@gnu.org; Mon, 22 Jan 2018 01:09:51 -0500 Received: from mail-pg0-x230.google.com ([2607:f8b0:400e:c05::230]:34438) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1edVIj-0000N1-Vd for guix-devel@gnu.org; Mon, 22 Jan 2018 01:09:50 -0500 Received: by mail-pg0-x230.google.com with SMTP id r19so6343526pgn.1 for ; Sun, 21 Jan 2018 22:09:49 -0800 (PST) In-Reply-To: <87po648e2n.fsf@netris.org> (Mark H. Weaver's message of "Sat, 20 Jan 2018 15:34:08 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Mark H Weaver Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mark H Weaver writes: > Here are two patches that: > > * Add gcc-7.3.0-RC-20180117, which includes support for retpoline. > * Use gcc-7.3 to build linux-libre on x86 systems. Awesome! Thank you for this. > My question is: should we push these patches to 'master' now, or should > we wait until gcc-7.3 is released (possibly as soon as January 24)? Since GuixSD makes it easy to roll back the entire system if it turns out there's a problem with the new kernel, I think we should just do it. The only risk I can imagine might be if somebody is building the Linux-libre kernel with Guix and using that kernel somewhere outside of GuixSD. However, even in that case it's pretty easy to roll back to a previous version of Guix by invoking "guix pull" with the --commit option. > From 387a02c3f9e157bdf40b2b5ad0e53e5b209f3aa5 Mon Sep 17 00:00:00 2001 > From: Mark H Weaver > Date: Sat, 20 Jan 2018 15:15:19 -0500 > Subject: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpol= ine > support]. > > * gnu/packages/gcc.scm (gcc-7.3): New variable. > --- > gnu/packages/gcc.scm | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > > diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm > index ad8992289..288c4deb3 100644 > --- a/gnu/packages/gcc.scm > +++ b/gnu/packages/gcc.scm > @@ -1,6 +1,6 @@ > ;;; GNU Guix --- Functional package management for GNU > ;;; Copyright =C2=A9 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Court=C3= =A8s > -;;; Copyright =C2=A9 2014, 2015 Mark H Weaver > +;;; Copyright =C2=A9 2014, 2015, 2018 Mark H Weaver > ;;; Copyright =C2=A9 2014, 2015, 2016, 2017 Ricardo Wurmus > ;;; Copyright =C2=A9 2015 Andreas Enge > ;;; Copyright =C2=A9 2015, 2016, 2017 Efraim Flashner > @@ -433,6 +433,24 @@ Go. It also includes runtime support libraries for = these languages.") > for several languages, including C, C++, Objective-C, Fortran, Ada, and = Go. > It also includes runtime support libraries for these languages."))) >=20=20 > +(define-public gcc-7.3 > + (package > + (inherit gcc-7) > + (version "7.3.0-RC-20180117") > + (source (origin > + (method url-fetch) > + (uri (string-append "ftp://gcc.gnu.org/pub/gcc/snapshots/" > + version "/gcc-" version ".tar.xz")) > + (sha256 > + (base32 > + "0g447y7q1mdflzkw38d2ycb5w73bgzr5zbwn6135q314wrx6fxp2")) > + (patches (search-patches "gcc-strmov-store-file-names.patc= h" > + "gcc-5.0-libvtv-runpath.patch")))) > + (description > + "GCC is the GNU Compiler Collection. It provides compiler front-en= ds > +for several languages, including C, C++, Objective-C, Fortran, Ada, and = Go. > +It also includes runtime support libraries for these languages."))) > + > ;; Note: When changing the default gcc version, update > ;; the gcc-toolchain-* definitions and the gfortran definition > ;; accordingly. > --=20 > 2.15.1 This seems fine to me. > > From d78c7ffa76c3cd2252bd0753c73e88468755184d Mon Sep 17 00:00:00 2001 > From: Mark H Weaver > Date: Sat, 20 Jan 2018 15:16:20 -0500 > Subject: [PATCH 2/2] gnu: linux-libre: Full retpoline support on x86 > [mitigates spectre]. > > * gnu/packages/linux.scm (make-linux-libre): On x86 systems, build with > gcc-7.3. > --- > gnu/packages/linux.scm | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm > index 13e08f265..2425fc709 100644 > --- a/gnu/packages/linux.scm > +++ b/gnu/packages/linux.scm > @@ -283,6 +283,12 @@ for ARCH and optionally VARIANT, or #f if there is n= o such configuration." > ("bc" ,bc) > ("openssl" ,openssl) > ("kmod" ,kmod) > + ,@(match (system->linux-architecture > + (or (%current-target-system) (%current-system))) > + ((or "x86_64" "i386") > + `(("gcc" ,gcc-7.3))) > + (_ > + '())) > ,@(match (and configuration-file > (configuration-file > (system->linux-architecture Is "gcc" the correct string to use here if we are in a cross-compilation context? Shouldn't it be "cross-gcc" in that case (I was looking at the 'standard-cross-packages' procedure in guix/build-system/gnu.scm)? =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlplgCYACgkQ3UCaFdgi Rp2CZw//Vy7iiI5gwyOCCfT00c8rlzA7JzvGU5CBRGNutR1uKlGkaO8ERXS9UWhk CyVtClvYSNnar91xRCRgLOd1FrOTDTb8r2A4T1yqinFgZWC9xKarrpaji/R5gU+w ilWiP5WFSPDKpuEZWARruj668LOstJexnz7UanWd9fXjHUlbLuUFoflh2F6W5PMO Ad23kymA7zJU5BSDfEGSETtGqtDPXGlDeCSKXcmFZnpKsJAPcMPae/a2+rt6RDEO 2agZttGm1Flo8rBP8O4OiR3qNtbeoyyIABKcNjhnVswYGRwp1Z7lbgznWX8SBPT7 dRjk6SE1YRBXlZ2JTaBZMWqBpWjA8tQlZSuZSp58G5yp+NSqwh0ZMDhAocJvZiTJ f6l4jq9UGr6IwIEPgvWGFIH85vniDIDUZlg+UTVNEQy+a5n3sZvm7LD3gv3SrT3s xNTdyv4Vufqqi7g9cYcXrt1q3J6S3KkerzHrU9s/YKyKbRcREdicwJRrNKVZARjy 3bowKJn8BCQGAEpiei4WROZVNf69i54Apl8Hc9q/SNRISZH5Sn4u4LXfWLXgil/P L+B8bBViKIC//vC4ouArFnNf4/AxYTwvWbf0en9udcn8HGU3BH69pq9fP1bpsCjs FJSlnypHnF6y4rn0Gs4UmfLWNKMdQlfBNhoCfsLIAVEjcuuNNvk= =Zxwa -----END PGP SIGNATURE----- --=-=-=--