<div dir="ltr"><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">Hi Alan </p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"> Looks like the compiler used has an issue. Can you please change the packaging process to the new compiler .</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"><br></p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">uname -r</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">4.14.14-1.el6.elrepo.x86_64</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"> </p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"> </p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">sh ./spectre-meltdown-checker.sh</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">Spectre and Meltdown mitigation detection tool v0.24</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"> </p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">Checking for vulnerabilities against live running kernel Linux 4.14.14-1.el6.elrepo.x86_64 #1 SMP Wed Jan 17 14:39:23 EST 2018 x86_64</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"> </p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><font color="#212121">* </font><b style=""><font color="#cc0000">Checking count of LFENCE opcodes in kernel: NO (only 11 opcodes found, should be >= 70)</font></b></p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">> STATUS: VULNERABLE (heuristic to be improved when official patches become available)</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"> </p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* Mitigation 1</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* Hardware (CPU microcode) support for mitigation: YES</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* Kernel support for IBRS: NO</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* IBRS enabled for Kernel space: NO</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* IBRS enabled for User space: NO</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* Mitigation 2</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* Kernel compiled with retpoline option: YES</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><font color="#212121">* </font><b style=""><font color="#cc0000"> Kernel compiled with a retpoline-aware compiler: NO</font></b></p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"> </p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* Kernel supports Page Table Isolation (PTI): YES</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">* PTI enabled and active: YES</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)</p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"> </p><p class="gmail-x_MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)">A false sense of security is worse than no security at all, see --disclaimer</p></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 18, 2018 at 3:27 AM, Alan Bartlett <span dir="ltr"><<a href="mailto:ajb@elrepo.org" target="_blank">ajb@elrepo.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Announcing the release of the kernel-ml-4.14.14-1.el6.elrepo package<br>
set into the EL6 elrepo-kernel repository:<br>
<br>
<a href="https://elrepo.org/tiki/kernel-ml" rel="noreferrer" target="_blank">https://elrepo.org/tiki/<wbr>kernel-ml</a><br>
<br>
The upstream changelog:<br>
<br>
<a href="https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14" rel="noreferrer" target="_blank">https://www.kernel.org/pub/<wbr>linux/kernel/v4.x/ChangeLog-4.<wbr>14.14</a><br>
<br>
The following files are currently synchronising to our mirror sites:<br>
<br>
x86_32<br>
kernel-ml-4.14.14-1.el6.<wbr>elrepo.i686.rpm<br>
kernel-ml-devel-4.14.14-1.el6.<wbr>elrepo.i686.rpm<br>
kernel-ml-doc-4.14.14-1.el6.<wbr>elrepo.noarch.rpm<br>
kernel-ml-headers-4.14.14-1.<wbr>el6.elrepo.i386.rpm<br>
kernel-ml-NONPAE-4.14.14-1.<wbr>el6.elrepo.i686.rpm<br>
kernel-ml-NONPAE-devel-4.14.<wbr>14-1.el6.elrepo.i686.rpm<br>
perf-4.14.14-1.el6.elrepo.<wbr>i686.rpm<br>
python-perf-4.14.14-1.el6.<wbr>elrepo.i686.rpm<br>
<br>
x86_64<br>
kernel-ml-4.14.14-1.el6.<wbr>elrepo.x86_64.rpm<br>
kernel-ml-devel-4.14.14-1.el6.<wbr>elrepo.x86_64.rpm<br>
kernel-ml-doc-4.14.14-1.el6.<wbr>elrepo.noarch.rpm<br>
kernel-ml-headers-4.14.14-1.<wbr>el6.elrepo.x86_64.rpm<br>
perf-4.14.14-1.el6.elrepo.x86_<wbr>64.rpm<br>
python-perf-4.14.14-1.el6.<wbr>elrepo.x86_64.rpm<br>
<br>
nosrc<br>
kernel-ml-4.14.14-1.el6.<wbr>elrepo.nosrc.rpm<br>
<br>
We provide these kernels for hardware testing in an effort to identify<br>
new/updated drivers which can then be targeted for backporting as kmod<br>
packages. Meanwhile, these kernels may provide interim relief to<br>
people with non-functional hardware. We stress that we consider such<br>
kernels as a last resort for those who are unable to get their<br>
hardware working using the RHEL-6 kernel with supplementary kmod<br>
packages.<br>
<br>
These packages are provided "As-Is" with no implied warranty or<br>
support. Using the kernel-ml may expose your system to security,<br>
performance and/or data corruption issues. Since timely updates may<br>
not be available from the ELRepo Project, the end user has the<br>
ultimate responsibility for deciding whether to continue using the<br>
kernel-ml packages in regular service.<br>
<br>
The packages are intentionally named kernel-ml so as not to conflict<br>
with the RHEL-6 kernels and, as such, they may be installed and updated<br>
alongside the regular kernel. The kernel configuration is based upon a<br>
default RHEL-6 configuration with added functionality enabled as<br>
appropriate.<br>
<br>
If a bug is found when using these kernels, the end user is encouraged<br>
to report it upstream to the Linux Kernel Bug Tracker [1] and, for our<br>
reference, to the ELRepo bug tracker [2]. By taking such action, the<br>
reporter will be assisting the kernel developers, Red Hat and the Open<br>
Source Community as a whole.<br>
<br>
Thank you,<br>
<br>
The ELRepo Team.<br>
<br>
[1] <a href="https://bugzilla.kernel.org/" rel="noreferrer" target="_blank">https://bugzilla.kernel.org/</a><br>
[2] <a href="https://elrepo.org/bugs/" rel="noreferrer" target="_blank">https://elrepo.org/bugs/</a><br>
______________________________<wbr>_________________<br>
elrepo mailing list<br>
<a href="mailto:elrepo@lists.elrepo.org">elrepo@lists.elrepo.org</a><br>
<a href="http://lists.elrepo.org/mailman/listinfo/elrepo" rel="noreferrer" target="_blank">http://lists.elrepo.org/<wbr>mailman/listinfo/elrepo</a><br>
</blockquote></div><br></div>