> On 09.Mar 2018, at 21:51, Gilles Detillieux <grde...@scrc.umanitoba.ca> wrote: > > I wasn't sure if you could safely mix code compiled with and without the > retpoline extensions into the same kernel, which is why I thought the > Makefile threw an error.
Looks like upstream it's just a warning and there's at least some dispute whether it's justified or even helpful: https://patchwork.kernel.org/patch/10162841 - Stephan > But if it's safe to do, I may give this a shot next week if the gcc update > doesn't come as expected, or if for some reason it doesn't allow the third > party driver to build properly. > > Thanks! > Gilles > > On 03/09/2018 03:58 AM, Stephan Wiesand wrote: >> Meanwhile, this change should help: >> >> ---8<--- >> --- /usr/src/kernels/3.10.0-693.21.1.el7.x86_64/arch/x86/Makefile.orig >> 2018-03-09 10:49:58.902263193 +0100 >> +++ /usr/src/kernels/3.10.0-693.21.1.el7.x86_64/arch/x86/Makefile >> 2018-03-09 10:50:51.820305074 +0100 >> @@ -160,12 +160,12 @@ >> # Avoid indirect branches in kernel to deal with Spectre >> ifdef CONFIG_RETPOLINE >> RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern >> -mindirect-branch-register) >> ifneq ($(RETPOLINE_CFLAGS),) >> KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE >> - else >> - $(error CONFIG_RETPOLINE=y, but not supported by the compiler. >> Toolchain update recommended.) >> +# else >> +# $(error CONFIG_RETPOLINE=y, but not supported by the compiler. >> Toolchain update recommended.) >> endif >> endif >> >> archscripts: scripts_basic >> $(Q)$(MAKE) $(build)=arch/x86/tools relocs >> --->8--- >> >> - Stephan >> >>> On 8. Mar 2018, at 18:59, Pat Riehecky <riehe...@fnal.gov> wrote: >>> >>> An updated gcc that supports this option is scheduled for publication on >>> Tuesday. >>> >>> Pat >>> >>> On 03/08/2018 11:46 AM, Gilles Detillieux wrote: >>>> I realize this problem was likely introduced by upsteam updates, but I >>>> thought I'd point it out here anyway so you're aware of it. An unintended >>>> consequence of this latest kernel update is that it breaks recompilation >>>> of third-party kernel modules. The new kernel was built with >>>> CONFIG_RETPOLINE enabled, so presumably with a compiler that supports it, >>>> but that updated compiler hasn't been released through a corresponding >>>> security ERRATA update. (Not yet, anyway.) When I try to build a >>>> third-party device driver, I get the following error: >>>> >>>> make[1]: Entering directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64' >>>> arch/x86/Makefile:166: *** CONFIG_RETPOLINE=y, but not supported by the >>>> compiler. Toolchain update recommended.. Stop. >>>> make[1]: Leaving directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64' >>>> make: *** [default] Error 2 >>>> >>>> Is an update of the compiler toolchain for RHEL7/SL7 through the usual >>>> update repos forthcoming? Until then, I don't think I can use this kernel >>>> update on systems that rely on that 3rd party driver. >>>> >>>> Thanks, >>>> Gilles >>>> >>>> On 2018-03-07 16:16, Pat Riehecky wrote: >>>>> Synopsis: Important: kernel security and bug fix update >>>>> Advisory ID: SLSA-2018:0395-1 >>>>> Issue Date: 2018-03-06 >>>>> CVE Numbers: CVE-2017-7518 >>>>> CVE-2017-12188 >>>>> -- >>>>> >>>>> Security Fix(es): >>>>> >>>>> * Kernel: KVM: MMU potential stack buffer overrun during page walks >>>>> (CVE-2017-12188, Important) >>>>> >>>>> * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, >>>>> Moderate) >>>>> -- >>>>> >>>>> SL7 >>>>> x86_64 >>>>> kernel-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-debug-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-debug-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-debug-devel-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-devel-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-headers-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-tools-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-tools-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-tools-libs-3.10.0-693.21.1.el7.x86_64.rpm >>>>> perf-3.10.0-693.21.1.el7.x86_64.rpm >>>>> perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>>>> python-perf-3.10.0-693.21.1.el7.x86_64.rpm >>>>> python-perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm >>>>> kernel-tools-libs-devel-3.10.0-693.21.1.el7.x86_64.rpm >>>>> noarch >>>>> kernel-abi-whitelists-3.10.0-693.21.1.el7.noarch.rpm >>>>> kernel-doc-3.10.0-693.21.1.el7.noarch.rpm >>>>> >>>>> - Scientific Linux Development Team -- Stephan Wiesand DESY - DV - Platanenallee 6 15738 Zeuthen, Germany
