Re: Requirements for retpoline in Linux 4.15 (was: Re: Linux 4.15)
From: David Woodhouse
Date: Mon Jan 29 2018 - 06:35:40 EST
On Mon, 2018-01-29 at 12:19 +0100, Martin Steigerwald wrote:
>
> The whole thing works:
>
> % grep . /sys/devices/system/cpu/vulnerabilities/*ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full genericÂ
> retpoline
>
> I bet the virtualbox modules compiled by virtualbox-dkms will taint theÂ
> support, but I bet sooner or later they will support retpoline as well.Â
> (Another reason to switch to KVM one day.)
As long as those are actually compiled, it should be fine. Any C code
will be built with the correct CFLAGS.
If they have explicit asm which has indirect jumps, that would still be
a problem. We just need to port objtool into the kernel and do it at
module load time, to check for that... :)Attachment:
smime.p7s
Description: S/MIME cryptographic signature