ACK: [PATCH 0/2][SRU][D][B] kbuild: add -fcf-protection=none when using retpoline flags

Andrea Righi andrea.righi at
Mon Sep 16 15:24:24 UTC 2019

On Mon, Sep 16, 2019 at 03:41:55PM +0200, Seth Forshee wrote:
> BugLink:
> == SRU Justification ==
> Impact: Starting in eoan -fcf-protection is enabled by default in gcc,
> see This option is
> incompatible with -mindirect-branch, which is used for building kernels
> with retpoline support. Building a kernel or dkms modules fails without
> the patch, and during upgrade to eoan we can get failures due to dkms
> modules failing to build for older kernels with the new compiler.
> Fix: Backport upstream patch to add -fcf-protection=none to kernel
> retpoline flags.
> Test Case: Upgrade from {bionic,disco} to eoan with dkms modules
> installed.
> Regression Potential: The patch probes the compiler for support for
> -fcf-protection and only adds it if the compiler supports it, and =none
> was the default prior to the change in eoan. It's also been upstream and
> in eoan for a while now, so it's unlikely to cause any regressions.

Definitely needed. Thanks.

Acked-by: Andrea Righi <andrea.righi at>

More information about the kernel-team mailing list