Re: [PATCH] retpoline/module: Taint kernel for missing retpoline in module

From: Andi Kleen
Date: Fri Jan 12 2018 - 14:17:07 EST


> It doesn't make a lot of sense to have a taint flag for a *partial*
> retpoline, but not in the case that we have *no* mitigation in place.

The only thing that makes sense checking for is the C compiler
option. Everything else which needs manual changes we cannot check.

So even if we add more things I don't think this particular
check will change.


> So maybe we should drop the taint part, and just make the kernel report
> that it is (partially) vulnerable to Spectre V2, just as in the
> CONFIG_RETPOLINE && !RETPOLINE case?

Ok I can drop the taint part. The reporting is already implemented.

-Andi