Add -fcf-protection=none when using retpoline flags
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
In Progress
|
Medium
|
Seth Forshee | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Disco |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
Impact: Starting in eoan -fcf-protection is enabled by default in gcc, see https:/
Fix: Backport upstream patch to add -fcf-protection
Test Case: Upgrade from {bionic,diso} to eoan with dkms modules installed.
Regression Potential: The patch probes the compiler for support for -fcf-protection and only adds it if the compiler supports it, and =none was the default prior to the change in eoan. It's also been upstream and in eoan for a while now, so it's unlikely to cause any regressions.
CVE References
Changed in linux (Ubuntu Disco): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | New → Fix Committed |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- bionic' to 'verification- done-bionic' . If the problem still exists, change the tag 'verification- needed- bionic' to 'verification- failed- bionic' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!