Packages

  • Status Closed
  • Percent Complete
    100%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    André Silva
  • Operating System Hyperbola GNU/Linux-libre
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by Luke - 04/01/2018
Last edited by André Silva - 12/08/2018

FS#184 - [linux-libre-lts*] Meltdown & Spectre Vulnerability

Multiple CVEs. Unprivileged programs can gain access to a hardware bug in the CPU, and thereby initiate memory dumps and other low-level attacks.

Closed by  André Silva
12.08.2018 12:35
Reason for closing:  Fixed
winter commented on 04.01.2018 21:56

Glad to see someone is working on this. The sooner this is fixed the better. Hopefully there's a way so it won't slow down the computer too much...

Admin
Luke commented on 05.01.2018 21:23

Per https://lwn.net/Articles/743246/ - most bugs have been fixed in 4.9.75, we will be updating soon and monitoring to see if any additional patches are needed.

winter commented on 11.01.2018 20:24

I hope at some point you find a way to defeat Spectre. I heard no one knows how to defeat spectre yet.

I wish you the best on this and your porting to libreSSL. :)

Jack Nickolas commented on 10.08.2018 09:48

It is possible to backport retpoline support to GCC-6 compiler using patches from Debian (https://sources.debian.org/src/gcc-6/6.3.0-18+deb9u1/debian/patches/). Then recompile kernel with patched compiler in order to mitigate Spectre V2.

Admin
André Silva commented on 10.08.2018 10:38
It is possible to backport retpoline support to GCC-6 compiler using patches from Debian (https://sources.debian.org/src/gcc-6/6.3.0-18+deb9u1/debian/patches/). Then recompile kernel with patched compiler in order to mitigate Spectre V2.

For stability reasons, we have plans to implement Debian patches in our toolchain for Milky Way v0.3 because it will be the first version that we will begin rebuild all packages from scratch following our Social Contract. However, we could add retpoline-specific patches from Debian as workaround for Milky Way v0.2, do you know what are those patches?

Jack Nickolas commented on 11.08.2018 14:43

First 000* patches:

  • 0001-i386-Move-struct-ix86_frame-to-machine_function.diff
  • 0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-copy.diff
  • 0003-i386-Use-const-reference-of-struct-ix86_frame-to-avoi.diff
  • 0004-x86-Add-mindirect-branch.diff
  • 0005-x86-Add-mfunction-return.diff
  • 0006-x86-Add-mindirect-branch-register.diff
  • 0007-x86-Add-V-register-operand-modifier.diff
  • 0008-x86-Disallow-mindirect-branch-mfunction-return-with-m.diff
  • 0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.diff
Admin
André Silva commented on 11.08.2018 19:53

Thank you Jack, I'm building gcc with those patches.

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing