GNU bug report logs - #30111
[PATCH] gnu: gcc@7: Use retpoline options when building itself.

Previous Next

Package: guix-patches;

Reported by: Alex Vong <alexvong1995 <at> gmail.com>

Date: Sun, 14 Jan 2018 13:10:01 UTC

Severity: normal

Tags: patch, security

Done: zimoun <zimon.toutoune <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Alex Vong <alexvong1995 <at> gmail.com>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: 30111 <at> debbugs.gnu.org
Subject: [bug#30111] gnu: gcc <at> 7: Apply the 'retpoline' mitigation technique.
Date: Tue, 16 Jan 2018 23:24:35 +0800

ludo <at> gnu.org (Ludovic Courtès) writes:

> Hi Alex,
>
> Alex Vong <alexvong1995 <at> gmail.com> skribis:
>
>> From aea3d11f59e260111bdb8bcac458c97a946fa900 Mon Sep 17 00:00:00 2001
>> From: Alex Vong <alexvong1995 <at> gmail.com>
>> Date: Tue, 16 Jan 2018 20:32:32 +0800
>> Subject: [PATCH] gnu: gcc <at> 7: Apply the 'retpoline' mitigation technique.
>>
>> This is part of Spectre (branch target injection) [CVE-2017-5715]
>> mitigation. Suggested by Mark H Weaver <mhw <at> netris.org>.
>>
>> * gnu/local.mk (dist_patch_DATA): Add them.
>> * gnu/packages/gcc.scm (gcc <at> 7): Use them.
>> * gnu/packages/patches/gcc-retpoline-Change-V-to-bare-reg-names.patch,
>> gnu/packages/patches/gcc-retpoline-i386-More-use-reference-of-struct-ix86_frame-to-avoi.patch,
>> gnu/packages/patches/gcc-retpoline-i386-Move-struct-ix86_frame-to-machine_function.patch,
>> gnu/packages/patches/gcc-retpoline-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.patch,
>> gnu/packages/patches/gcc-retpoline-indirect-thunk-reg-names.patch,
>> gnu/packages/patches/gcc-retpoline-x86-Add-V-register-operand-modifier.patch,
>> gnu/packages/patches/gcc-retpoline-x86-Add-mfunction-return.patch,
>> gnu/packages/patches/gcc-retpoline-x86-Add-mindirect-branch-register.patch,
>> gnu/packages/patches/gcc-retpoline-x86-Add-mindirect-branch.patch,
>> gnu/packages/patches/gcc-retpoline-x86-Disallow-mindirect-branch-mfunction-return-with-.patch:
>> New files.
>
> I’d suggest removing the test suite changes from the patches (currently
> we don’t run GCC’s test suite.)  Also, ‘guix lint’ may suggest using
> shorter file names.
>
OK, no problem.

> Do you know if a new 7.x including retpoline support is scheduled for
> release soon?
>
Yes, I think they will appear in 7.3 according to [0]. Also, some
changes appear to be in gcc-7-branch already[1]. Do you think we should
wait for it instead?

[0]: https://gcc.gnu.org/ml/gcc-patches/2018-01/msg01400.html
[1]: https://gcc.gnu.org/git/?p=gcc.git;a=shortlog;h=refs/heads/gcc-7-branch

> Thanks,
> Ludo’.
This bug report was last modified 4 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.