Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation

From: Kees Cook
Date: Tue Jan 23 2018 - 19:32:07 EST


On Wed, Jan 24, 2018 at 10:05 AM, Borislav Petkov <bp@xxxxxxxxx> wrote:
> On Tue, Jan 23, 2018 at 11:55:05PM +0100, Jiri Kosina wrote:
>> I think we should start recording CFLAGS the kernel has been compiled with
>> anyway; doesn't hurt and might come handy when debugging.
>>
>> /proc/version is probably not the best place ... /proc/cflags?
>
> Yap, I guess I can find that string with hexdump on the kernel binary too :-)

I've wanted this for a while (especially for the coming detected
support for stack protector). Having more than just the clfags is, I
think, important. We'd likely want to record the entire environment
(compiler version, linker version, flags on both, etc).

-Kees

--
Kees Cook
Pixel Security