Hello, Am 30.01.2018 um 08:43 schrieb Robin Geuze: > I was wondering, are the debian maintainers planning on backporting the > -mindirect-branch=thunk support introduced in GCC 7.3 and 8.1 to the > compilers available on Jessie and Stretch? While this is not necessarily > a security fix for the compiler it does provide that fix to at least > kernels compiled using it.
I did it for gcc-4.9, which basically boils down to: > git clone -o hjl -b hjl/indirect/gcc-4_9-branch/master --depth 8 > https://github.com/hjl-tools/gcc.git > git format-patch -7 -o debian/patches/ --src-prefix=a/src/ > --dst-prefix=b/src/ -N --no-add-header --suffix=.diff > filterdiff -p2 -x gcc/doc/invoke.texi -x gcc/doc/extend.texi > debian/patches/*.diff > ls -1 debian/patches/ | sed 's/\.diff//;s/^/debian_patches += /' > >>debian/rules.patch The filterdiff is needed to filter out the GFDL documentation hunks. Using parallel build (-jX) fails for us, so it takes ~13h to compile that gcc. I was told to use '-J' instead, but that is not supported by dpkg-buildpackage in Debian-Stretch :-( After that just re-compile your Linux kernel. It hoefully will have > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic > retpoline on Intel. That worked for us here at Univention. Philipp PS: Here are the 7 relevant GIT commpits for gcc-4.9 from H.J. Lu's GIT repository for reference: > 1fb3a1828fa x86: Disallow -mindirect-branch=/-mfunction-return= with > -mcmodel=large > 7ab5b649f72 x86: Add 'V' register operand modifier > 5550079949a x86: Add -mindirect-branch-register > 35590ed7bee x86: Add -mfunction-return= > e699df5d96f x86: Add -mindirect-branch= > 2015a09e332 i386: Use reference of struct ix86_frame to avoid copy > e623d21608e i386: Move struct ix86_frame to machine_function
