Provide a guideline on which program should be rebuilt by "retpoline"-enabled compiler
Issue
Red Hat released both a kernel and gcc errata for RHEL 5, 6 and 7 which include "retpoline" optimizations.
-
Speculative Execution Exploit Performance Impacts - Describing the performance impacts to security patches for CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715
https://access.redhat.com/articles/3307751 -
Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables
https://access.redhat.com/articles/3311301
After applying these errata, the following messages are shown when loading ISV module which were not built with a "retpoline"-enabled compiler.
WARNING: module 'xxxxx' built without retpoline-enabled compiler, may affect Spectre v2 mitigation
There is no guideline for application and middleware developers how to deal with the above message.
- What should a customer do?
- Should they update to the latest kernel and ask the ISVs to provide updated modules?
- What should an ISV do?
- What should the module do specifically? How should it be compiled?
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- spectre/meltdown
- Kernel versions which are retpoline enabled output a warning, please refer to "retpoline enabled kernel and compiler versions" in the resolution section for specific versions
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
