Packages

  • Status Closed
  • Percent Complete
    100%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    Emulatorman
  • Operating System Hyperbola GNU/Linux-libre
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by g4jc - 04/01/2018
Last edited by Emulatorman - 12/08/2018

FS#184 - [linux-libre-lts*] Meltdown & Spectre Vulnerability

Multiple CVEs. Unprivileged programs can gain access to a hardware bug in the CPU, and thereby initiate memory dumps and other low-level attacks.

Closed by  Emulatorman
12.08.2018 12:35
Reason for closing:  Fixed

Glad to see someone is working on this. The sooner this is fixed the better. Hopefully there's a way so it won't slow down the computer too much...

Admin
g4jc commented on 05.01.2018 21:23

Per https://lwn.net/Articles/743246/ - most bugs have been fixed in 4.9.75, we will be updating soon and monitoring to see if any additional patches are needed.

I hope at some point you find a way to defeat Spectre. I heard no one knows how to defeat spectre yet.

I wish you the best on this and your porting to libreSSL. :)

It is possible to backport retpoline support to GCC-6 compiler using patches from Debian (https://sources.debian.org/src/gcc-6/6.3.0-18+deb9u1/debian/patches/). Then recompile kernel with patched compiler in order to mitigate Spectre V2.

Admin
It is possible to backport retpoline support to GCC-6 compiler using patches from Debian (https://sources.debian.org/src/gcc-6/6.3.0-18+deb9u1/debian/patches/). Then recompile kernel with patched compiler in order to mitigate Spectre V2.

For stability reasons, we have plans to implement Debian patches in our toolchain for Milky Way v0.3 because it will be the first version that we will begin rebuild all packages from scratch following our Social Contract. However, we could add retpoline-specific patches from Debian as workaround for Milky Way v0.2, do you know what are those patches?

First 000* patches:

  • 0001-i386-Move-struct-ix86_frame-to-machine_function.diff
  • 0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-copy.diff
  • 0003-i386-Use-const-reference-of-struct-ix86_frame-to-avoi.diff
  • 0004-x86-Add-mindirect-branch.diff
  • 0005-x86-Add-mfunction-return.diff
  • 0006-x86-Add-mindirect-branch-register.diff
  • 0007-x86-Add-V-register-operand-modifier.diff
  • 0008-x86-Disallow-mindirect-branch-mfunction-return-with-m.diff
  • 0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.diff
Admin

Thank you Jack, I'm building gcc with those patches.

Date User Effort (H:M)
watch my effort tracking timers

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing