Browse code
kernels: Add full retpoline support by building with retpoline-enabled gcc
The retpoline technique is one of the mitigations for the Spectre v2
vulnerability on modern processors. At the moment, our kernels have
only minimal asm retpoline support. Enhance the kernel with full
retpoline support by building with a retpoline-enabled version of gcc
(v7.3.0)
Change-Id: I87ee025095d98b467d04fc13f3174822497cc70d
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5037
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>
Srivatsa S. Bhat authored on 2018/04/12 07:56:34Showing 6 changed files
- SPECS/linux-api-headers/linux-api-headers.spec
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux.spec
- common/data/pkg_build_options.json
- support/package-builder/CommandUtils.py
- support/pullpublishrpms/rpmfilelist
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: Linux API header files |
| 2 | 2 |
Name: linux-api-headers |
| 3 | 3 |
Version: 4.4.124 |
| 4 |
-Release: 1%{?dist}
|
|
| 4 |
+Release: 2%{?dist}
|
|
| 5 | 5 |
License: GPLv2 |
| 6 | 6 |
URL: http://www.kernel.org/ |
| 7 | 7 |
Group: System Environment/Kernel |
| ... | ... |
@@ -29,6 +29,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
|
| 29 | 29 |
%defattr(-,root,root) |
| 30 | 30 |
%{_includedir}/*
|
| 31 | 31 |
%changelog |
| 32 |
+* Thu Apr 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-2 |
|
| 33 |
+- Add full retpoline support by building with retpoline-enabled gcc. |
|
| 32 | 34 |
* Tue Mar 27 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-1 |
| 33 | 35 |
- Update to version 4.4.124 |
| 34 | 36 |
* Mon Feb 05 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.115-1 |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 | 4 |
Version: 4.4.124 |
| 5 |
-Release: 1%{?dist}
|
|
| 5 |
+Release: 2%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -217,6 +217,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 217 | 217 |
/usr/src/linux-headers-%{uname_r}
|
| 218 | 218 |
|
| 219 | 219 |
%changelog |
| 220 |
+* Thu Apr 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-2 |
|
| 221 |
+- Add full retpoline support by building with retpoline-enabled gcc. |
|
| 220 | 222 |
* Tue Mar 27 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-1 |
| 221 | 223 |
- Update to version 4.4.124 |
| 222 | 224 |
* Mon Feb 05 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.115-1 |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 | 4 |
Version: 4.4.124 |
| 5 |
-Release: 1%{?kat_build:.%kat_build}%{?dist}
|
|
| 5 |
+Release: 2%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -315,6 +315,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 315 | 315 |
/usr/share/perf-core |
| 316 | 316 |
|
| 317 | 317 |
%changelog |
| 318 |
+* Thu Apr 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-2 |
|
| 319 |
+- Add full retpoline support by building with retpoline-enabled gcc. |
|
| 318 | 320 |
* Tue Mar 27 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-1 |
| 319 | 321 |
- Update to version 4.4.124 |
| 320 | 322 |
* Thu Mar 08 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.4.115-2 |
| ... | ... |
@@ -14,14 +14,14 @@ |
| 14 | 14 |
"files": [], |
| 15 | 15 |
"macros": [], |
| 16 | 16 |
"override_toolchain": [ |
| 17 |
- {"package": "gcc", "version": "5.3.0"},
|
|
| 18 |
- {"package": "libgcc", "version": "5.3.0"},
|
|
| 19 |
- {"package": "libgcc-devel", "version": "5.3.0"},
|
|
| 20 |
- {"package": "libgcc-atomic", "version": "5.3.0"},
|
|
| 21 |
- {"package": "libstdc++", "version": "5.3.0"},
|
|
| 22 |
- {"package": "libstdc++-devel", "version": "5.3.0"},
|
|
| 23 |
- {"package": "libgomp", "version": "5.3.0"},
|
|
| 24 |
- {"package": "libgomp-devel", "version": "5.3.0"}
|
|
| 17 |
+ {"package": "gcc", "version": "7.3.0"},
|
|
| 18 |
+ {"package": "libgcc", "version": "7.3.0"},
|
|
| 19 |
+ {"package": "libgcc-devel", "version": "7.3.0"},
|
|
| 20 |
+ {"package": "libgcc-atomic", "version": "7.3.0"},
|
|
| 21 |
+ {"package": "libstdc++", "version": "7.3.0"},
|
|
| 22 |
+ {"package": "libstdc++-devel", "version": "7.3.0"},
|
|
| 23 |
+ {"package": "libgomp", "version": "7.3.0"},
|
|
| 24 |
+ {"package": "libgomp-devel", "version": "7.3.0"}
|
|
| 25 | 25 |
] |
| 26 | 26 |
}, |
| 27 | 27 |
|
| ... | ... |
@@ -29,14 +29,14 @@ |
| 29 | 29 |
"files": [], |
| 30 | 30 |
"macros": [], |
| 31 | 31 |
"override_toolchain": [ |
| 32 |
- {"package": "gcc", "version": "5.3.0"},
|
|
| 33 |
- {"package": "libgcc", "version": "5.3.0"},
|
|
| 34 |
- {"package": "libgcc-devel", "version": "5.3.0"},
|
|
| 35 |
- {"package": "libgcc-atomic", "version": "5.3.0"},
|
|
| 36 |
- {"package": "libstdc++", "version": "5.3.0"},
|
|
| 37 |
- {"package": "libstdc++-devel", "version": "5.3.0"},
|
|
| 38 |
- {"package": "libgomp", "version": "5.3.0"},
|
|
| 39 |
- {"package": "libgomp-devel", "version": "5.3.0"}
|
|
| 32 |
+ {"package": "gcc", "version": "7.3.0"},
|
|
| 33 |
+ {"package": "libgcc", "version": "7.3.0"},
|
|
| 34 |
+ {"package": "libgcc-devel", "version": "7.3.0"},
|
|
| 35 |
+ {"package": "libgcc-atomic", "version": "7.3.0"},
|
|
| 36 |
+ {"package": "libstdc++", "version": "7.3.0"},
|
|
| 37 |
+ {"package": "libstdc++-devel", "version": "7.3.0"},
|
|
| 38 |
+ {"package": "libgomp", "version": "7.3.0"},
|
|
| 39 |
+ {"package": "libgomp-devel", "version": "7.3.0"}
|
|
| 40 | 40 |
] |
| 41 | 41 |
}, |
| 42 | 42 |
|
| ... | ... |
@@ -44,14 +44,14 @@ |
| 44 | 44 |
"files": [], |
| 45 | 45 |
"macros": [], |
| 46 | 46 |
"override_toolchain": [ |
| 47 |
- {"package": "gcc", "version": "5.3.0"},
|
|
| 48 |
- {"package": "libgcc", "version": "5.3.0"},
|
|
| 49 |
- {"package": "libgcc-devel", "version": "5.3.0"},
|
|
| 50 |
- {"package": "libgcc-atomic", "version": "5.3.0"},
|
|
| 51 |
- {"package": "libstdc++", "version": "5.3.0"},
|
|
| 52 |
- {"package": "libstdc++-devel", "version": "5.3.0"},
|
|
| 53 |
- {"package": "libgomp", "version": "5.3.0"},
|
|
| 54 |
- {"package": "libgomp-devel", "version": "5.3.0"}
|
|
| 47 |
+ {"package": "gcc", "version": "7.3.0"},
|
|
| 48 |
+ {"package": "libgcc", "version": "7.3.0"},
|
|
| 49 |
+ {"package": "libgcc-devel", "version": "7.3.0"},
|
|
| 50 |
+ {"package": "libgcc-atomic", "version": "7.3.0"},
|
|
| 51 |
+ {"package": "libstdc++", "version": "7.3.0"},
|
|
| 52 |
+ {"package": "libstdc++-devel", "version": "7.3.0"},
|
|
| 53 |
+ {"package": "libgomp", "version": "7.3.0"},
|
|
| 54 |
+ {"package": "libgomp-devel", "version": "7.3.0"}
|
|
| 55 | 55 |
] |
| 56 | 56 |
}, |
| 57 | 57 |
|
| ... | ... |
@@ -59,14 +59,14 @@ |
| 59 | 59 |
"files": [], |
| 60 | 60 |
"macros": [], |
| 61 | 61 |
"override_toolchain": [ |
| 62 |
- {"package": "gcc", "version": "5.3.0"},
|
|
| 63 |
- {"package": "libgcc", "version": "5.3.0"},
|
|
| 64 |
- {"package": "libgcc-devel", "version": "5.3.0"},
|
|
| 65 |
- {"package": "libgcc-atomic", "version": "5.3.0"},
|
|
| 66 |
- {"package": "libstdc++", "version": "5.3.0"},
|
|
| 67 |
- {"package": "libstdc++-devel", "version": "5.3.0"},
|
|
| 68 |
- {"package": "libgomp", "version": "5.3.0"},
|
|
| 69 |
- {"package": "libgomp-devel", "version": "5.3.0"}
|
|
| 62 |
+ {"package": "gcc", "version": "7.3.0"},
|
|
| 63 |
+ {"package": "libgcc", "version": "7.3.0"},
|
|
| 64 |
+ {"package": "libgcc-devel", "version": "7.3.0"},
|
|
| 65 |
+ {"package": "libgcc-atomic", "version": "7.3.0"},
|
|
| 66 |
+ {"package": "libstdc++", "version": "7.3.0"},
|
|
| 67 |
+ {"package": "libstdc++-devel", "version": "7.3.0"},
|
|
| 68 |
+ {"package": "libgomp", "version": "7.3.0"},
|
|
| 69 |
+ {"package": "libgomp-devel", "version": "7.3.0"}
|
|
| 70 | 70 |
] |
| 71 | 71 |
}, |
| 72 | 72 |
|
| ... | ... |
@@ -74,14 +74,14 @@ |
| 74 | 74 |
"files": [], |
| 75 | 75 |
"macros": [], |
| 76 | 76 |
"override_toolchain": [ |
| 77 |
- {"package": "gcc", "version": "5.3.0"},
|
|
| 78 |
- {"package": "libgcc", "version": "5.3.0"},
|
|
| 79 |
- {"package": "libgcc-devel", "version": "5.3.0"},
|
|
| 80 |
- {"package": "libgcc-atomic", "version": "5.3.0"},
|
|
| 81 |
- {"package": "libstdc++", "version": "5.3.0"},
|
|
| 82 |
- {"package": "libstdc++-devel", "version": "5.3.0"},
|
|
| 83 |
- {"package": "libgomp", "version": "5.3.0"},
|
|
| 84 |
- {"package": "libgomp-devel", "version": "5.3.0"}
|
|
| 77 |
+ {"package": "gcc", "version": "7.3.0"},
|
|
| 78 |
+ {"package": "libgcc", "version": "7.3.0"},
|
|
| 79 |
+ {"package": "libgcc-devel", "version": "7.3.0"},
|
|
| 80 |
+ {"package": "libgcc-atomic", "version": "7.3.0"},
|
|
| 81 |
+ {"package": "libstdc++", "version": "7.3.0"},
|
|
| 82 |
+ {"package": "libstdc++-devel", "version": "7.3.0"},
|
|
| 83 |
+ {"package": "libgomp", "version": "7.3.0"},
|
|
| 84 |
+ {"package": "libgomp-devel", "version": "7.3.0"}
|
|
| 85 | 85 |
] |
| 86 | 86 |
} |
| 87 | 87 |
} |
| ... | ... |
@@ -4,13 +4,17 @@ import os |
| 4 | 4 |
class CommandUtils(object): |
| 5 | 5 |
def __init__(self): |
| 6 | 6 |
self.findBinary = "find" |
| 7 |
+ self.sortBinary = "sort" |
|
| 7 | 8 |
|
| 8 | 9 |
def findFile (self, filename, sourcePath): |
| 9 |
- process = subprocess.Popen([self.findBinary, "-L", sourcePath, "-name", filename, "-not", "-type", "d"], stdout=subprocess.PIPE) |
|
| 10 |
- returnVal = process.wait() |
|
| 10 |
+ # Perform an alphabetical sort of the output from find, to get consistent ordering. |
|
| 11 |
+ processFind = subprocess.Popen([self.findBinary, "-L", sourcePath, "-name", filename, "-not", "-type", "d"], stdout=subprocess.PIPE) |
|
| 12 |
+ processSort = subprocess.Popen([self.sortBinary, "-d"], stdin=processFind.stdout, stdout=subprocess.PIPE) |
|
| 13 |
+ processFind.stdout.close() # Allow processFind to receive a SIGPIPE if processSort exits. |
|
| 14 |
+ returnVal = processSort.wait() |
|
| 11 | 15 |
if returnVal != 0: |
| 12 | 16 |
return None |
| 13 |
- result=process.communicate()[0] |
|
| 17 |
+ result=processSort.communicate()[0] |
|
| 14 | 18 |
if result is None: |
| 15 | 19 |
return None |
| 16 | 20 |
return result.split() |
| ... | ... |
@@ -12,6 +12,7 @@ x86_64/libffi-3.2.1-1.ph1.x86_64.rpm |
| 12 | 12 |
x86_64/gmp-6.0.0a-1.ph1.x86_64.rpm |
| 13 | 13 |
x86_64/diffutils-3.3-2.ph1.x86_64.rpm |
| 14 | 14 |
x86_64/gcc-5.3.0-4.ph1.x86_64.rpm |
| 15 |
+x86_64/gcc-7.3.0-1.ph1.x86_64.rpm |
|
| 15 | 16 |
x86_64/gmp-devel-6.0.0a-1.ph1.x86_64.rpm |
| 16 | 17 |
x86_64/automake-1.15-1.ph1.x86_64.rpm |
| 17 | 18 |
x86_64/groff-1.22.2-1.ph1.x86_64.rpm |
| ... | ... |
@@ -27,7 +28,9 @@ x86_64/file-5.24-1.ph1.x86_64.rpm |
| 27 | 27 |
x86_64/mpfr-3.1.3-1.ph1.x86_64.rpm |
| 28 | 28 |
x86_64/zlib-devel-1.2.8-2.ph1.x86_64.rpm |
| 29 | 29 |
x86_64/libgcc-devel-5.3.0-4.ph1.x86_64.rpm |
| 30 |
+x86_64/libgcc-devel-7.3.0-1.ph1.x86_64.rpm |
|
| 30 | 31 |
x86_64/libgcc-atomic-5.3.0-4.ph1.x86_64.rpm |
| 32 |
+x86_64/libgcc-atomic-7.3.0-1.ph1.x86_64.rpm |
|
| 31 | 33 |
x86_64/bison-3.0.4-1.ph1.x86_64.rpm |
| 32 | 34 |
x86_64/lua-5.3.2-1.ph1.x86_64.rpm |
| 33 | 35 |
x86_64/util-linux-2.27.1-1.ph1.x86_64.rpm |
| ... | ... |
@@ -45,10 +48,12 @@ x86_64/libtool-2.4.6-1.ph1.x86_64.rpm |
| 45 | 45 |
x86_64/zlib-1.2.8-2.ph1.x86_64.rpm |
| 46 | 46 |
x86_64/python2-libs-2.7.11-1.ph1.x86_64.rpm |
| 47 | 47 |
x86_64/libgomp-5.3.0-4.ph1.x86_64.rpm |
| 48 |
+x86_64/libgomp-7.3.0-1.ph1.x86_64.rpm |
|
| 48 | 49 |
x86_64/readline-devel-6.3-3.ph1.x86_64.rpm |
| 49 | 50 |
x86_64/sqlite-autoconf-3.11.0-1.ph1.x86_64.rpm |
| 50 | 51 |
x86_64/flex-2.5.39-1.ph1.x86_64.rpm |
| 51 | 52 |
x86_64/libstdc++-devel-5.3.0-4.ph1.x86_64.rpm |
| 53 |
+x86_64/libstdc++-devel-7.3.0-1.ph1.x86_64.rpm |
|
| 52 | 54 |
x86_64/openssl-1.0.2g-1.ph1.x86_64.rpm |
| 53 | 55 |
x86_64/elfutils-0.165-1.ph1.x86_64.rpm |
| 54 | 56 |
x86_64/expat-2.1.0-1.ph1.x86_64.rpm |
| ... | ... |
@@ -62,8 +67,10 @@ x86_64/patch-2.7.5-1.ph1.x86_64.rpm |
| 62 | 62 |
x86_64/xz-5.2.2-1.ph1.x86_64.rpm |
| 63 | 63 |
x86_64/binutils-2.30-2.ph1.x86_64.rpm |
| 64 | 64 |
x86_64/libgomp-devel-5.3.0-4.ph1.x86_64.rpm |
| 65 |
+x86_64/libgomp-devel-7.3.0-1.ph1.x86_64.rpm |
|
| 65 | 66 |
x86_64/bzip2-devel-1.0.6-4.ph1.x86_64.rpm |
| 66 | 67 |
x86_64/libgcc-5.3.0-4.ph1.x86_64.rpm |
| 68 |
+x86_64/libgcc-7.3.0-1.ph1.x86_64.rpm |
|
| 67 | 69 |
x86_64/gzip-1.6-1.ph1.x86_64.rpm |
| 68 | 70 |
x86_64/elfutils-libelf-devel-0.165-1.ph1.x86_64.rpm |
| 69 | 71 |
x86_64/openssl-devel-1.0.2g-1.ph1.x86_64.rpm |
| ... | ... |
@@ -72,6 +79,7 @@ x86_64/popt-devel-1.16-1.ph1.x86_64.rpm |
| 72 | 72 |
x86_64/flex-devel-2.5.39-1.ph1.x86_64.rpm |
| 73 | 73 |
x86_64/findutils-4.4.2-1.ph1.x86_64.rpm |
| 74 | 74 |
x86_64/libstdc++-5.3.0-4.ph1.x86_64.rpm |
| 75 |
+x86_64/libstdc++-7.3.0-1.ph1.x86_64.rpm |
|
| 75 | 76 |
x86_64/libpipeline-1.4.1-1.ph1.x86_64.rpm |
| 76 | 77 |
x86_64/make-4.1-1.ph1.x86_64.rpm |
| 77 | 78 |
x86_64/glibc-devel-2.22-3.ph1.x86_64.rpm |