I wasn't sure if you could safely mix code compiled with and without the
retpoline extensions into the same kernel, which is why I thought the
Makefile threw an error. But if it's safe to do, I may give this a shot
next week if the gcc update doesn't come as expected, or if for some
reason it doesn't allow the third party driver to build properly.
Thanks!
Gilles
On 03/09/2018 03:58 AM, Stephan Wiesand wrote:
Meanwhile, this change should help:
---8<---
--- /usr/src/kernels/3.10.0-693.21.1.el7.x86_64/arch/x86/Makefile.orig
2018-03-09 10:49:58.902263193 +0100
+++ /usr/src/kernels/3.10.0-693.21.1.el7.x86_64/arch/x86/Makefile
2018-03-09 10:50:51.820305074 +0100
@@ -160,12 +160,12 @@
# Avoid indirect branches in kernel to deal with Spectre
ifdef CONFIG_RETPOLINE
RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern
-mindirect-branch-register)
ifneq ($(RETPOLINE_CFLAGS),)
KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
- else
- $(error CONFIG_RETPOLINE=y, but not supported by the compiler.
Toolchain update recommended.)
+# else
+# $(error CONFIG_RETPOLINE=y, but not supported by the compiler.
Toolchain update recommended.)
endif
endif
archscripts: scripts_basic
$(Q)$(MAKE) $(build)=arch/x86/tools relocs
--->8---
- Stephan
On 8. Mar 2018, at 18:59, Pat Riehecky <riehe...@fnal.gov> wrote:
An updated gcc that supports this option is scheduled for publication on
Tuesday.
Pat
On 03/08/2018 11:46 AM, Gilles Detillieux wrote:
I realize this problem was likely introduced by upsteam updates, but I thought
I'd point it out here anyway so you're aware of it. An unintended consequence
of this latest kernel update is that it breaks recompilation of third-party
kernel modules. The new kernel was built with CONFIG_RETPOLINE enabled, so
presumably with a compiler that supports it, but that updated compiler hasn't
been released through a corresponding security ERRATA update. (Not yet,
anyway.) When I try to build a third-party device driver, I get the following
error:
make[1]: Entering directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64'
arch/x86/Makefile:166: *** CONFIG_RETPOLINE=y, but not supported by the
compiler. Toolchain update recommended.. Stop.
make[1]: Leaving directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64'
make: *** [default] Error 2
Is an update of the compiler toolchain for RHEL7/SL7 through the usual update
repos forthcoming? Until then, I don't think I can use this kernel update on
systems that rely on that 3rd party driver.
Thanks,
Gilles
On 2018-03-07 16:16, Pat Riehecky wrote:
Synopsis: Important: kernel security and bug fix update
Advisory ID: SLSA-2018:0395-1
Issue Date: 2018-03-06
CVE Numbers: CVE-2017-7518
CVE-2017-12188
--
Security Fix(es):
* Kernel: KVM: MMU potential stack buffer overrun during page walks
(CVE-2017-12188, Important)
* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,
Moderate)
--
SL7
x86_64
kernel-3.10.0-693.21.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.21.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.21.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.21.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.21.1.el7.x86_64.rpm
perf-3.10.0-693.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
python-perf-3.10.0-693.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.21.1.el7.x86_64.rpm
noarch
kernel-abi-whitelists-3.10.0-693.21.1.el7.noarch.rpm
kernel-doc-3.10.0-693.21.1.el7.noarch.rpm
- Scientific Linux Development Team
--
Gilles R. Detillieux E-mail: <grde...@scrc.umanitoba.ca>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Rady Faculty of Health Sciences,
Univ. of Manitoba Winnipeg, MB R3E 0J9 (Canada)