From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Marusich <cmmarusich@gmail.com>
Subject: Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86
	[spectre mitigation]
Date: Sun, 21 Jan 2018 22:09:41 -0800
Message-ID: <87tvvexw4a.fsf@gmail.com>
References: <87po648e2n.fsf@netris.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53984)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cmmarusich@gmail.com>) id 1edVIl-0004FM-Il
	for guix-devel@gnu.org; Mon, 22 Jan 2018 01:09:52 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cmmarusich@gmail.com>) id 1edVIk-0000NI-8U
	for guix-devel@gnu.org; Mon, 22 Jan 2018 01:09:51 -0500
Received: from mail-pg0-x230.google.com ([2607:f8b0:400e:c05::230]:34438)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <cmmarusich@gmail.com>)
	id 1edVIj-0000N1-Vd
	for guix-devel@gnu.org; Mon, 22 Jan 2018 01:09:50 -0500
Received: by mail-pg0-x230.google.com with SMTP id r19so6343526pgn.1
	for <guix-devel@gnu.org>; Sun, 21 Jan 2018 22:09:49 -0800 (PST)
In-Reply-To: <87po648e2n.fsf@netris.org> (Mark H. Weaver's message of "Sat, 20
	Jan 2018 15:34:08 -0500")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Mark H Weaver <mhw@netris.org> writes:

> Here are two patches that:
>
> * Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
> * Use gcc-7.3 to build linux-libre on x86 systems.

Awesome!  Thank you for this.

> My question is: should we push these patches to 'master' now, or should
> we wait until gcc-7.3 is released (possibly as soon as January 24)?

Since GuixSD makes it easy to roll back the entire system if it turns
out there's a problem with the new kernel, I think we should just do it.

The only risk I can imagine might be if somebody is building the
Linux-libre kernel with Guix and using that kernel somewhere outside of
GuixSD.  However, even in that case it's pretty easy to roll back to a
previous version of Guix by invoking "guix pull" with the --commit
option.

> From 387a02c3f9e157bdf40b2b5ad0e53e5b209f3aa5 Mon Sep 17 00:00:00 2001
> From: Mark H Weaver <mhw@netris.org>
> Date: Sat, 20 Jan 2018 15:15:19 -0500
> Subject: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpol=
ine
>  support].
>
> * gnu/packages/gcc.scm (gcc-7.3): New variable.
> ---
>  gnu/packages/gcc.scm | 20 +++++++++++++++++++-
>  1 file changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
> index ad8992289..288c4deb3 100644
> --- a/gnu/packages/gcc.scm
> +++ b/gnu/packages/gcc.scm
> @@ -1,6 +1,6 @@
>  ;;; GNU Guix --- Functional package management for GNU
>  ;;; Copyright =C2=A9 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Court=C3=
=A8s <ludo@gnu.org>
> -;;; Copyright =C2=A9 2014, 2015 Mark H Weaver <mhw@netris.org>
> +;;; Copyright =C2=A9 2014, 2015, 2018 Mark H Weaver <mhw@netris.org>
>  ;;; Copyright =C2=A9 2014, 2015, 2016, 2017 Ricardo Wurmus <rekado@eleph=
ly.net>
>  ;;; Copyright =C2=A9 2015 Andreas Enge <andreas@enge.fr>
>  ;;; Copyright =C2=A9 2015, 2016, 2017 Efraim Flashner <efraim@flashner.c=
o.il>
> @@ -433,6 +433,24 @@ Go.  It also includes runtime support libraries for =
these languages.")
>  for several languages, including C, C++, Objective-C, Fortran, Ada, and =
Go.
>  It also includes runtime support libraries for these languages.")))
>=20=20
> +(define-public gcc-7.3
> +  (package
> +    (inherit gcc-7)
> +    (version "7.3.0-RC-20180117")
> +    (source (origin
> +              (method url-fetch)
> +              (uri (string-append "ftp://gcc.gnu.org/pub/gcc/snapshots/"
> +                                  version "/gcc-" version ".tar.xz"))
> +              (sha256
> +               (base32
> +                "0g447y7q1mdflzkw38d2ycb5w73bgzr5zbwn6135q314wrx6fxp2"))
> +              (patches (search-patches "gcc-strmov-store-file-names.patc=
h"
> +                                       "gcc-5.0-libvtv-runpath.patch"))))
> +    (description
> +     "GCC is the GNU Compiler Collection.  It provides compiler front-en=
ds
> +for several languages, including C, C++, Objective-C, Fortran, Ada, and =
Go.
> +It also includes runtime support libraries for these languages.")))
> +
>  ;; Note: When changing the default gcc version, update
>  ;;       the gcc-toolchain-* definitions and the gfortran definition
>  ;;       accordingly.
> --=20
> 2.15.1

This seems fine to me.

>
> From d78c7ffa76c3cd2252bd0753c73e88468755184d Mon Sep 17 00:00:00 2001
> From: Mark H Weaver <mhw@netris.org>
> Date: Sat, 20 Jan 2018 15:16:20 -0500
> Subject: [PATCH 2/2] gnu: linux-libre: Full retpoline support on x86
>  [mitigates spectre].
>
> * gnu/packages/linux.scm (make-linux-libre): On x86 systems, build with
> gcc-7.3.
> ---
>  gnu/packages/linux.scm | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index 13e08f265..2425fc709 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -283,6 +283,12 @@ for ARCH and optionally VARIANT, or #f if there is n=
o such configuration."
>         ("bc" ,bc)
>         ("openssl" ,openssl)
>         ("kmod" ,kmod)
> +       ,@(match (system->linux-architecture
> +                 (or (%current-target-system) (%current-system)))
> +           ((or "x86_64" "i386")
> +            `(("gcc" ,gcc-7.3)))
> +           (_
> +            '()))
>         ,@(match (and configuration-file
>                       (configuration-file
>                        (system->linux-architecture

Is "gcc" the correct string to use here if we are in a cross-compilation
context?  Shouldn't it be "cross-gcc" in that case (I was looking at the
'standard-cross-packages' procedure in guix/build-system/gnu.scm)?

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlplgCYACgkQ3UCaFdgi
Rp2CZw//Vy7iiI5gwyOCCfT00c8rlzA7JzvGU5CBRGNutR1uKlGkaO8ERXS9UWhk
CyVtClvYSNnar91xRCRgLOd1FrOTDTb8r2A4T1yqinFgZWC9xKarrpaji/R5gU+w
ilWiP5WFSPDKpuEZWARruj668LOstJexnz7UanWd9fXjHUlbLuUFoflh2F6W5PMO
Ad23kymA7zJU5BSDfEGSETtGqtDPXGlDeCSKXcmFZnpKsJAPcMPae/a2+rt6RDEO
2agZttGm1Flo8rBP8O4OiR3qNtbeoyyIABKcNjhnVswYGRwp1Z7lbgznWX8SBPT7
dRjk6SE1YRBXlZ2JTaBZMWqBpWjA8tQlZSuZSp58G5yp+NSqwh0ZMDhAocJvZiTJ
f6l4jq9UGr6IwIEPgvWGFIH85vniDIDUZlg+UTVNEQy+a5n3sZvm7LD3gv3SrT3s
xNTdyv4Vufqqi7g9cYcXrt1q3J6S3KkerzHrU9s/YKyKbRcREdicwJRrNKVZARjy
3bowKJn8BCQGAEpiei4WROZVNf69i54Apl8Hc9q/SNRISZH5Sn4u4LXfWLXgil/P
L+B8bBViKIC//vC4ouArFnNf4/AxYTwvWbf0en9udcn8HGU3BH69pq9fP1bpsCjs
FJSlnypHnF6y4rn0Gs4UmfLWNKMdQlfBNhoCfsLIAVEjcuuNNvk=
=Zxwa
-----END PGP SIGNATURE-----
--=-=-=--