Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport retpoline support to gcc 4.9 #38394

Closed
nlewo opened this issue Apr 3, 2018 · 1 comment
Closed

Backport retpoline support to gcc 4.9 #38394

nlewo opened this issue Apr 3, 2018 · 1 comment

Comments

@nlewo
Copy link
Member

nlewo commented Apr 3, 2018

Currently, the retpoline mitigation is only available in gcc7 #34383. However, it still exists some old kernels that only compile with gcc < 5, such as those in Ubuntu Trusty LTS (kernel 3.13). Moreover, kernel modules loaded on these kernel have also to be compiled with the retpoline mitigation.
Ubuntu (and Debian) integrated retpoline mitigation in their gcc 4 releases https://bugs.launchpad.net/ubuntu/+source/gcc-4.8/+bug/1749261 .

Latest Ubuntu 3.13 kernel now requires kernel modules compiled with retpoline mitigation. They can no longer be built with Nix gcc toolchain.

What do you think about backporting these patches?
Someone could help on this?
@Mic92
Copy link
Member

Mic92 commented Apr 4, 2018

sounds good to me.

nlewo added a commit to nlewo/nixpkgs that referenced this issue May 3, 2018
@nlewo
gcc49: backport retpoline support
ada2fc0 
To mitigate Spectre Variant 2, GCC needs to have retpoline
support (-mindirect-branch and -mfunction-return arguments on amd64
and i386).

Patches were pulled from H.J. Lu's backport branch to
4.9 (hjl/indirect/gcc-4_9-branch), available at
https://github.com/hjl-tools/gcc/tree/hjl/indirect/gcc-4_9-branch/master. Upstream
GCC does not apply patches to anything older than the
gcc-6-branch. H.J. Lu is the author of the upstream retpoline commits
as well.

Several Linux distributions already backported these patches to GCC 4
branches and some old kernels (3.13 for instance) have been recompiled
with these GCC patches. These kernels only allow to load kernel
modules that are compiled with the retpoline support.

References:
- Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gcc-4.8/+bug/1749261
- Ubuntu package: https://launchpad.net/ubuntu/+source/gcc-4.8/4.8.4-2ubuntu1~14.04.4

Fixes NixOS#38394
@nlewo nlewo mentioned this issue May 3, 2018
Merged
8 tasks
nlewo added a commit that referenced this issue May 5, 2018
@nlewo
gcc49: backport retpoline support
0a73111 
To mitigate Spectre Variant 2, GCC needs to have retpoline
support (-mindirect-branch and -mfunction-return arguments on amd64
and i386).

Patches were pulled from H.J. Lu's backport branch to
4.9 (hjl/indirect/gcc-4_9-branch), available at
https://github.com/hjl-tools/gcc/tree/hjl/indirect/gcc-4_9-branch/master. Upstream
GCC does not apply patches to anything older than the
gcc-6-branch. H.J. Lu is the author of the upstream retpoline commits
as well.

Several Linux distributions already backported these patches to GCC 4
branches and some old kernels (3.13 for instance) have been recompiled
with these GCC patches. These kernels only allow to load kernel
modules that are compiled with the retpoline support.

References:
- Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gcc-4.8/+bug/1749261
- Ubuntu package: https://launchpad.net/ubuntu/+source/gcc-4.8/4.8.4-2ubuntu1~14.04.4

Fixes #38394

(cherry picked from commit ada2fc0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Mic92 @nlewo