View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000817 | channel: kernel/el7 | --kernel--request-for-enhancement-- | public | 2018-01-18 11:15 | 2018-04-26 00:22 |
Reporter | schplat | Assigned To | toracat | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | resolved | Resolution | fixed | ||
Summary | 0000817: Compile kernel with retpoline-aware compiler. | ||||
Description | So the retpoline fixes for Spectre IBRS in 4.14.14 mainline, but elrepo's compiling without a retpoline-aware compiler (or not passing the retpoline options to the compiler). Is it possible to compile with retpoline, as this appears to be the targeted fix for Spectre variant 2, going forward? | ||||
Tags | No tags attached. | ||||
|
The latest elrepo kernels are configured for retpoline: * Mitigation 2 * Kernel compiled with retpoline option: YES * * Kernel compiled with a retpoline-aware compiler: NO* However, the compiler in RHEL is not retpoline-aware. Elrepo packages are compiled on RHEL, for RHEL, so until (or rather if) Red Hat backports the retpoline patches into gcc in RHEL, nothing will change. For reference, retpoline patches were only accepted into the GCC 8.0 development branch earlier this week, and then backported to the GCC 7 branch a couple days ago. RHEL7 is on gcc-4.8.5 (and gcc-4.4.7 in RHEL6) which is unsupported upstream so Red Hat would have to do the backporting work themselves, if it is even feasible. Please feel free to file an RFE with Red Hat, or better yet with Intel for an updated firmware for your CPU. |
|
http://lists.elrepo.org/pipermail/elrepo/2018-January/004071.html |
|
Unfortunate. Basically sticks us in a bad spot. Won't do redhat way, because that's not how it's done in the kernel mainline. Won't do the kernel mainline way because redhat can't compile it that way. For the one thing we're using elrepo for, we can't go back to stock kernel as it's missing some key support for what we're doing (though it may have made it in this latest 7.4 release, we have yet to test against it, and the test process takes a while before we trigger the breakage, and there's fears of performance regression wrt software interrupts), meanwhile I'm tasked with spectre/meltdown mitigation efforts. Intel Microcode update is only half the fix. The two ways to mitigate against branch target injection is either via retpoline kernel, or IBRS availability in kernel space and user space combined with the Intel Microcode update.. which was pulled.. because it was crashing systems.. I'll keep watch on what RH continues to do. I would think they backport retpoline into their GCC and give customers a more performant option for mitigation against Spectre v2 Thanks for the response. |
|
This is now fixed. Closing. |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-01-18 11:15 | schplat | New Issue | |
2018-01-18 11:15 | schplat | Status | new => assigned |
2018-01-18 11:15 | schplat | Assigned To | => toracat |
2018-01-18 11:32 | burakkucat | Reproducibility | have not tried => N/A |
2018-01-18 13:44 | pperry | Note Added: 0005676 | |
2018-01-18 13:57 | pperry | Note Added: 0005677 | |
2018-01-19 10:23 | schplat | Note Added: 0005680 | |
2018-04-26 00:22 | pperry | Note Added: 0005790 | |
2018-04-26 00:22 | pperry | Status | assigned => resolved |
2018-04-26 00:22 | pperry | Resolution | open => fixed |