Here are two patches that:
* Add gcc-7.3.0-RC-20180117, which includes support for retpoline.
* Use gcc-7.3 to build linux-libre on x86 systems.
I'm currently running linux-libre-4.14.14 with full retpoline support:
mhw@jojen ~$ cd /sys/devices/system/cpu/vulnerabilities
mhw@jojen /sys/devices/system/cpu/vulnerabilities$ grep . *
meltdown:Mitigation: PTI
spectre_v1:Vulnerable
spectre_v2:Mitigation: Full generic retpoline
There's also support for retpoline in linux-libre-4.9.77, but none yet
in earlier kernels.
My question is: should we push these patches to 'master' now, or should
we wait until gcc-7.3 is released (possibly as soon as January 24)?
Mark
>From 387a02c3f9e157bdf40b2b5ad0e53e5b209f3aa5 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <m...@netris.org>
Date: Sat, 20 Jan 2018 15:15:19 -0500
Subject: [PATCH 1/2] gnu: gcc: Add gcc 7.3.0-RC-20180117 [includes retpoline
support].
* gnu/packages/gcc.scm (gcc-7.3): New variable.
---
gnu/packages/gcc.scm | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index ad8992289..288c4deb3 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <l...@gnu.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <m...@netris.org>
+;;; Copyright © 2014, 2015, 2018 Mark H Weaver <m...@netris.org>
;;; Copyright © 2014, 2015, 2016, 2017 Ricardo Wurmus <rek...@elephly.net>
;;; Copyright © 2015 Andreas Enge <andr...@enge.fr>
;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efr...@flashner.co.il>
@@ -433,6 +433,24 @@ Go. It also includes runtime support libraries for these languages.")
for several languages, including C, C++, Objective-C, Fortran, Ada, and Go.
It also includes runtime support libraries for these languages.")))
+(define-public gcc-7.3
+ (package
+ (inherit gcc-7)
+ (version "7.3.0-RC-20180117")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "ftp://gcc.gnu.org/pub/gcc/snapshots/";
+ version "/gcc-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0g447y7q1mdflzkw38d2ycb5w73bgzr5zbwn6135q314wrx6fxp2"))
+ (patches (search-patches "gcc-strmov-store-file-names.patch"
+ "gcc-5.0-libvtv-runpath.patch"))))
+ (description
+ "GCC is the GNU Compiler Collection. It provides compiler front-ends
+for several languages, including C, C++, Objective-C, Fortran, Ada, and Go.
+It also includes runtime support libraries for these languages.")))
+
;; Note: When changing the default gcc version, update
;; the gcc-toolchain-* definitions and the gfortran definition
;; accordingly.
--
2.15.1
>From d78c7ffa76c3cd2252bd0753c73e88468755184d Mon Sep 17 00:00:00 2001
From: Mark H Weaver <m...@netris.org>
Date: Sat, 20 Jan 2018 15:16:20 -0500
Subject: [PATCH 2/2] gnu: linux-libre: Full retpoline support on x86
[mitigates spectre].
* gnu/packages/linux.scm (make-linux-libre): On x86 systems, build with
gcc-7.3.
---
gnu/packages/linux.scm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 13e08f265..2425fc709 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -283,6 +283,12 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
("bc" ,bc)
("openssl" ,openssl)
("kmod" ,kmod)
+ ,@(match (system->linux-architecture
+ (or (%current-target-system) (%current-system)))
+ ((or "x86_64" "i386")
+ `(("gcc" ,gcc-7.3)))
+ (_
+ '()))
,@(match (and configuration-file
(configuration-file
(system->linux-architecture
--
2.15.1
