Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation

[Greg Kroah-Hartman]

On Wed, Jan 24, 2018 at 03:03:48PM +0100, Jiri Kosina wrote:
> On Wed, 24 Jan 2018, Greg Kroah-Hartman wrote:
> 
> > > > I just thought since you were already using modversions in enterprise 
> > > > distros already, that adding it there would be the simplest.
> > > 
> > > The patch as-is introduces immediate modversion mismatch between 
> > > retpolined kernel and non-retpolined module, making each and every one 
> > > fail to load.
> > 
> > Good, the patch works then, because I thought that not loading
> > non-retpolined modules in a kernel that was built with retpoline was the
> > goal here.
> 
> No, we do not want to break loading of externally-built modules just 
> because they might contain indirect calls.
> 
> Warning in such situations / tainting the kernel / reporting "might be 
> vulnerable" in sysfs should be the proper way to go.
> 
> retpolines are not kernel ABI (towards modules) breaker, so let's not 
> pretend it is.

Ok, my fault, I should not have suggested that Andi do the check this
way then.  I thought we wanted to make this part of the kernel ABI.

I'll go make up a patch to revert this now...

thanks,

greg k-h