-mindirect-branch and -fcf-protection are not compatible, and so kernel builds fail with a gcc build where -fcf-protection is enabled by default. Add -fcf-protection=none to the retpoline flags to fix this. Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 3e4868a6498b..050f11d19777 100644 --- a/Makefile +++ b/Makefile @@ -636,6 +636,10 @@ RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG))) +# -mindirect-branch is incompatible with -fcf-protection, so ensure the +# latter is disabled +RETPOLINE_CFLAGS += $(call cc-option,-fcf-protection=none,) +RETPOLINE_VDSO_CFLAGS += $(call cc-option,-fcf-protection=none,) export RETPOLINE_CFLAGS export RETPOLINE_VDSO_CFLAGS -- 2.20.1
