Meanwhile, this change should help: ---8<--- --- /usr/src/kernels/3.10.0-693.21.1.el7.x86_64/arch/x86/Makefile.orig 2018-03-09 10:49:58.902263193 +0100 +++ /usr/src/kernels/3.10.0-693.21.1.el7.x86_64/arch/x86/Makefile 2018-03-09 10:50:51.820305074 +0100 @@ -160,12 +160,12 @@ # Avoid indirect branches in kernel to deal with Spectre ifdef CONFIG_RETPOLINE RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register) ifneq ($(RETPOLINE_CFLAGS),) KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE - else - $(error CONFIG_RETPOLINE=y, but not supported by the compiler. Toolchain update recommended.) +# else +# $(error CONFIG_RETPOLINE=y, but not supported by the compiler. Toolchain update recommended.) endif endif
archscripts: scripts_basic $(Q)$(MAKE) $(build)=arch/x86/tools relocs --->8--- - Stephan > On 8. Mar 2018, at 18:59, Pat Riehecky <riehe...@fnal.gov> wrote: > > An updated gcc that supports this option is scheduled for publication on > Tuesday. > > Pat > > On 03/08/2018 11:46 AM, Gilles Detillieux wrote: >> I realize this problem was likely introduced by upsteam updates, but I >> thought I'd point it out here anyway so you're aware of it. An unintended >> consequence of this latest kernel update is that it breaks recompilation of >> third-party kernel modules. The new kernel was built with CONFIG_RETPOLINE >> enabled, so presumably with a compiler that supports it, but that updated >> compiler hasn't been released through a corresponding security ERRATA >> update. (Not yet, anyway.) When I try to build a third-party device driver, >> I get the following error: >> >> make[1]: Entering directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64' >> arch/x86/Makefile:166: *** CONFIG_RETPOLINE=y, but not supported by the >> compiler. Toolchain update recommended.. Stop. >> make[1]: Leaving directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64' >> make: *** [default] Error 2 >> >> Is an update of the compiler toolchain for RHEL7/SL7 through the usual >> update repos forthcoming? Until then, I don't think I can use this kernel >> update on systems that rely on that 3rd party driver. >> >> Thanks, >> Gilles >> >> On 2018-03-07 16:16, Pat Riehecky wrote: >>> Synopsis: Important: kernel security and bug fix update >>> Advisory ID: SLSA-2018:0395-1 >>> Issue Date: 2018-03-06 >>> CVE Numbers: CVE-2017-7518 >>> CVE-2017-12188 >>> -- >>> >>> Security Fix(es): >>> >>> * Kernel: KVM: MMU potential stack buffer overrun during page walks >>> (CVE-2017-12188, Important) >>> >>> * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, >>> Moderate) >>> -- >>> >>> SL7 >>> x86_64 >>> kernel-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-debug-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-debug-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-debug-devel-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-devel-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-headers-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-tools-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-tools-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-tools-libs-3.10.0-693.21.1.el7.x86_64.rpm >>> perf-3.10.0-693.21.1.el7.x86_64.rpm >>> perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>> python-perf-3.10.0-693.21.1.el7.x86_64.rpm >>> python-perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>> kernel-tools-libs-devel-3.10.0-693.21.1.el7.x86_64.rpm >>> noarch >>> kernel-abi-whitelists-3.10.0-693.21.1.el7.noarch.rpm >>> kernel-doc-3.10.0-693.21.1.el7.noarch.rpm >>> >>> - Scientific Linux Development Team >> -- Stephan Wiesand DESY -DV- Platanenallee 6 15738 Zeuthen, Germany