sys-devel/gcc-7.3.0-RC-20180117 is needed for retpoline to handle spectre_v2 but I cannot find any overlay showing such an ebuild searching at http://gpo.zugaina.org/sys-devel/gcc My kernel linx-4.14.14 shows --- /sys/devices/system/cpu/vulnerabilities # grep n * meltdown:Mitigation: PTI spectre_v1:Vulnerable spectre_v2:Vulnerable: Minimal generic ASM retpoline ---
I cannot find any explicit mention about "retpoline" in source gcc-7.3.0-RC-20180118 gcc/ChangLog But there are some two handful change entries of developer 2018-01-16 H.J. Lu <hongjiu.lu@intel.com> When investigating the commitdiffs of that same intel developer at http://git.infradead.org/users/dwmw2/gcc-retpoline.git/shortlog/refs/heads/gcc-7_2_0-retpoline-20171219 (this git.infradead.org I found in a gcc mailing list discussion about retpoline) dated from 2017-12-18 There I can see changes, which most of them had been applied to the gcc RC source (I looked for files and found changes applied such as: - frame = cfun->machine->frame; + struct ix86_frame &frame = cfun->machine->frame; ) Hopefully there is no need of Gentoo special backporting, as Jeroen seems to think, but a simple bump to gcc-7.3.0 in a week or a little longer ahead
gcc-7.3 successfully saves me from half of spectre, this is how: I got an gcc-7.3.0-rc ebuild from tamiko overlay I simple bumped to fresh it 5 days: sys-devel/gcc-7.3.0_rc20180122 compiled well, but without any Gentoo pie patches (I guess my new gcc-7.3 should therefore not be used to compile ebuilds) Then updated my vanilla kernel to linux-4.14.15 Then eselected x86_64-pc-linux-gnu-7.3.0-rc20180122 No having full generic retpoline: --- # grep n /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
Wanted to say: NOW (after compiling and rebooting linux-4.14.15)
Don't think gentoo backported anything.
