Meanwhile, this change should help:

---8<---
--- /usr/src/kernels/3.10.0-693.21.1.el7.x86_64/arch/x86/Makefile.orig	2018-03-09 10:49:58.902263193 +0100
+++ /usr/src/kernels/3.10.0-693.21.1.el7.x86_64/arch/x86/Makefile	2018-03-09 10:50:51.820305074 +0100
@@ -160,12 +160,12 @@
 # Avoid indirect branches in kernel to deal with Spectre
 ifdef CONFIG_RETPOLINE
     RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register)
     ifneq ($(RETPOLINE_CFLAGS),)
         KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
-    else
-        $(error CONFIG_RETPOLINE=y, but not supported by the compiler. Toolchain update recommended.)
+#    else
+#        $(error CONFIG_RETPOLINE=y, but not supported by the compiler. Toolchain update recommended.)
     endif
 endif

 archscripts: scripts_basic
 	$(Q)$(MAKE) $(build)=arch/x86/tools relocs
--->8---

- Stephan

> On 8. Mar 2018, at 18:59, Pat Riehecky <[log in to unmask]> wrote:
> 
> An updated gcc that supports this option is scheduled for publication on Tuesday.
> 
> Pat
> 
> On 03/08/2018 11:46 AM, Gilles Detillieux wrote:
>> I realize this problem was likely introduced by upsteam updates, but I thought I'd point it out here anyway so you're aware of it. An unintended consequence of this latest kernel update is that it breaks recompilation of third-party kernel modules. The new kernel was built with CONFIG_RETPOLINE enabled, so presumably with a compiler that supports it, but that updated compiler hasn't been released through a corresponding security ERRATA update. (Not yet, anyway.) When I try to build a third-party device driver, I get the following error:
>> 
>> make[1]: Entering directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64'
>> arch/x86/Makefile:166: *** CONFIG_RETPOLINE=y, but not supported by the compiler. Toolchain update recommended..  Stop.
>> make[1]: Leaving directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64'
>> make: *** [default] Error 2
>> 
>> Is an update of the compiler toolchain for RHEL7/SL7 through the usual update repos forthcoming? Until then, I don't think I can use this kernel update on systems that rely on that 3rd party driver.
>> 
>> Thanks,
>> Gilles
>> 
>> On 2018-03-07 16:16, Pat Riehecky wrote:
>>> Synopsis:          Important: kernel security and bug fix update
>>> Advisory ID:       SLSA-2018:0395-1
>>> Issue Date:        2018-03-06
>>> CVE Numbers:       CVE-2017-7518
>>>                     CVE-2017-12188
>>> -- 
>>> 
>>> Security Fix(es):
>>> 
>>> * Kernel: KVM: MMU potential stack buffer overrun during page walks
>>> (CVE-2017-12188, Important)
>>> 
>>> * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,
>>> Moderate)
>>> -- 
>>> 
>>> SL7
>>>    x86_64
>>>      kernel-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-debug-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-debug-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-debug-devel-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>>> kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-devel-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-headers-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-tools-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-tools-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-tools-libs-3.10.0-693.21.1.el7.x86_64.rpm
>>>      perf-3.10.0-693.21.1.el7.x86_64.rpm
>>>      perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>>>      python-perf-3.10.0-693.21.1.el7.x86_64.rpm
>>>      python-perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>>>      kernel-tools-libs-devel-3.10.0-693.21.1.el7.x86_64.rpm
>>>    noarch
>>>      kernel-abi-whitelists-3.10.0-693.21.1.el7.noarch.rpm
>>>      kernel-doc-3.10.0-693.21.1.el7.noarch.rpm
>>> 
>>> - Scientific Linux Development Team
>> 

-- 
Stephan Wiesand
DESY -DV-
Platanenallee 6
15738 Zeuthen, Germany