Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/luke-jr/full-retpoline

Patches and such to build your entire system with retpolines
https://github.com/luke-jr/full-retpoline

compiler gcc-complier meltdown patches security spectre

Last synced: about 2 months ago
JSON representation

Patches and such to build your entire system with retpolines

Host: GitHub
URL: https://github.com/luke-jr/full-retpoline
Owner: luke-jr
Created: 2018-03-15T20:12:15.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2022-12-15T12:04:01.000Z (about 2 years ago)
Last Synced: 2024-10-28T19:55:37.099Z (3 months ago)
Topics: compiler, gcc-complier, meltdown, patches, security, spectre
Language: Shell
Size: 42 KB
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

These patches enable and help enforce building your entire system with retpolines.
It is designed for Gentoo, but may be useful on other built-from-source systems as well.

Note that this is *intentionally* excessive: certain compile flags are enabled that may very well be unnecessary.
In particular, -O0 and -Og will throw an error by default.

There are many things still missing to get a 100% retpoline'd system.
If you'd like to help out, please read [the TODO file](TODO.md) and open issues and pull requests as appropriate.

# GCC: Usage, caution

The GCC patches enable all retpolines by default, and modifies the defaults for other CFLAGS that are suspected at taking away from its protections.
It also tries to prevent changing these defaults without also explicitly disabling the retpolines:
-O1, -fearly-inlining (upstream default), -fgcse (enabled in -O2 upstream), -fgcse-lm (upstream default), -finline (upstream default), and -finline-small-functions (enabled in -O2 upstream).
-Og is also prevented.

Since common CFLAGS are prohibited, this can cause problems with some build systems, especially ones that test availability of certain features with an unnecessary -O0 flag (they may assume the feature in question is not present, rather than aborting the build).

For this reason, forbidden CFLAGS do not cause GCC to abort.
Instead, it sends itself SIGSTOP to freeze the process, and puts a message in the syslog.
(I recommend configuring your syslog to alert you to such messages so you know it is waiting on your interaction.)
At that point, you may either permit it to continue by sending SIGCONT, or you can send SIGKILL to forcefully terminate it (as a failure).

You can disable CFLAGS limitations entirely by setting LJR_BYPASS_RETPOLINE=1 in the environment.

# libgcrypt

libgcrypt by default builds the Jitter 100% software RNG.
The upstream author cautions that the RNG must be compiled without optimisations, or will be insecure (low entropy).
For this reason, libgcrypt is patched to entirely disable the Jitter RNG by default.

# libgpg-error

For unknown reasons, a build-time tool `mkheader` was compiled with -O0.
It seems fairly safe to let it get optimised, so the patch simply removes -O0.

# Linux kernel

To build a kernel, add a GNUmakefile with (adjust the path to this git repo):

```
CROSS_COMPILE=/path/to/gcc-no-retpoline/x86_64-pc-linux-gnu-no-retpoline-
include Makefile
```

NOTE: If you were using the older steps for the kernel, be sure to *remove* the patch!

This will effectively undo the main changes of this patch for the kernel's build system.
Since the kernel has its own retpoline support, this should be safe.