[PATCH 0/2][SRU][D][B] kbuild: add -fcf-protection=none when using retpoline flags
Seth Forshee
seth.forshee at canonical.com
Mon Sep 16 13:41:55 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1843291
== SRU Justification ==
Impact: Starting in eoan -fcf-protection is enabled by default in gcc,
see https://wiki.ubuntu.com/ToolChain/CompilerFlags. This option is
incompatible with -mindirect-branch, which is used for building kernels
with retpoline support. Building a kernel or dkms modules fails without
the patch, and during upgrade to eoan we can get failures due to dkms
modules failing to build for older kernels with the new compiler.
Fix: Backport upstream patch to add -fcf-protection=none to kernel
retpoline flags.
Test Case: Upgrade from {bionic,disco} to eoan with dkms modules
installed.
Regression Potential: The patch probes the compiler for support for
-fcf-protection and only adds it if the compiler supports it, and =none
was the default prior to the change in eoan. It's also been upstream and
in eoan for a while now, so it's unlikely to cause any regressions.
More information about the kernel-team
mailing list