Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation

From: Jiri Kosina
Date: Wed Jan 24 2018 - 09:03:57 EST

Next message: Hans Verkuil: "Re: [Patch v7 10/12] [media] v4l2: Add v4l2 control IDs for HEVC encoder"
Previous message: Ben Whitten: "Re: [RFC] spi: add spi multiplexing functions for dt"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 24 Jan 2018, Greg Kroah-Hartman wrote:

> > > I just thought since you were already using modversions in enterprise
> > > distros already, that adding it there would be the simplest.
> >
> > The patch as-is introduces immediate modversion mismatch between
> > retpolined kernel and non-retpolined module, making each and every one
> > fail to load.
>
> Good, the patch works then, because I thought that not loading
> non-retpolined modules in a kernel that was built with retpoline was the
> goal here.

No, we do not want to break loading of externally-built modules just
because they might contain indirect calls.

Warning in such situations / tainting the kernel / reporting "might be
vulnerable" in sysfs should be the proper way to go.

retpolines are not kernel ABI (towards modules) breaker, so let's not
pretend it is.

Thanks,

--
Jiri Kosina
SUSE Labs

Next message: Hans Verkuil: "Re: [Patch v7 10/12] [media] v4l2: Add v4l2 control IDs for HEVC encoder"
Previous message: Ben Whitten: "Re: [RFC] spi: add spi multiplexing functions for dt"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]