Re: [PATCH 10/11] retpoline/taint: Taint kernel for missing retpoline in compiler

From: Thomas Gleixner
Date: Wed Jan 03 2018 - 19:30:14 EST

Next message: David Lang: "Re: Avoid speculative indirect calls in kernel"
Previous message: Eric Anholt: "Re: [PATCH] drm/vc4: Move IRQ enable to PM path"
In reply to: Andi Kleen: "[PATCH 10/11] retpoline/taint: Taint kernel for missing retpoline in compiler"
Next in thread: Randy Dunlap: "Re: [PATCH 10/11] retpoline/taint: Taint kernel for missing retpoline in compiler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 Jan 2018, Andi Kleen wrote:
> unwind_init();
> +
> +#ifndef RETPOLINE
> + add_taint(TAINT_NO_RETPOLINE, LOCKDEP_STILL_OK);
> + pr_warn("No support for retpoline in kernel compiler\n");
> + pr_warn("Kernel may be vulnerable to data leaks.\n");

That's blantantly wrong.

The kernel is not vulnerable to data leaks. The hardware is.

An that's what the CPU_BUG bit is for. If the mitigation is in place,
activate the proper feature bit like we did with PTI

Thanks,

tglx

Next message: David Lang: "Re: Avoid speculative indirect calls in kernel"
Previous message: Eric Anholt: "Re: [PATCH] drm/vc4: Move IRQ enable to PM path"
In reply to: Andi Kleen: "[PATCH 10/11] retpoline/taint: Taint kernel for missing retpoline in compiler"
Next in thread: Randy Dunlap: "Re: [PATCH 10/11] retpoline/taint: Taint kernel for missing retpoline in compiler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]