Provide a guideline on which program should be rebuilt by "retpoline"-enabled compiler
Issue
Red Hat released both a kernel and gcc errata for RHEL 5, 6 and 7 which include "retpoline" optimizations.
-
Speculative Execution Exploit Performance Impacts - Describing the performance impacts to security patches for CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715
https://access.redhat.com/articles/3307751 -
Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables
https://access.redhat.com/articles/3311301
After applying these errata, the following messages are shown when loading ISV module which were not built with a "retpoline"-enabled compiler.
WARNING: module 'xxxxx' built without retpoline-enabled compiler, may affect Spectre v2 mitigation
There is no guideline for application and middleware developers how to deal with the above message.
- What should a customer do?
- Should they update to the latest kernel and ask the ISVs to provide updated modules?
- What should an ISV do?
- What should the module do specifically? How should it be compiled?
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- spectre/meltdown
- Kernel versions which are retpoline enabled output a warning, please refer to "retpoline enabled kernel and compiler versions" in the resolution section for specific versions
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
