Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation
From: Greg Kroah-Hartman
Date: Wed Jan 24 2018 - 09:22:18 EST
On Wed, Jan 24, 2018 at 03:03:48PM +0100, Jiri Kosina wrote:
> On Wed, 24 Jan 2018, Greg Kroah-Hartman wrote:
>
> > > > I just thought since you were already using modversions in enterprise
> > > > distros already, that adding it there would be the simplest.
> > >
> > > The patch as-is introduces immediate modversion mismatch between
> > > retpolined kernel and non-retpolined module, making each and every one
> > > fail to load.
> >
> > Good, the patch works then, because I thought that not loading
> > non-retpolined modules in a kernel that was built with retpoline was the
> > goal here.
>
> No, we do not want to break loading of externally-built modules just
> because they might contain indirect calls.
>
> Warning in such situations / tainting the kernel / reporting "might be
> vulnerable" in sysfs should be the proper way to go.
>
> retpolines are not kernel ABI (towards modules) breaker, so let's not
> pretend it is.
Ok, my fault, I should not have suggested that Andi do the check this
way then. I thought we wanted to make this part of the kernel ABI.
I'll go make up a patch to revert this now...
thanks,
greg k-h