Hello,
I think dmesg/sysfs output messages are not suitable if retpoline config is off:
I intentionally compiled the kernel 4.15.0 with CONFIG_RETPOLINE=n for test and
boot it with the following kernel command line option to check dmesg/sysfs:
(a) no command line option or "spectre_v2=on" or "spectre_v2=auto"
$ dmesg | grep -i spectre
[ 0.017714] Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Minimal generic ASM retpoline
(b) "spectre_v2=off"
$ dmesg | grep -i spectre
[ 0.017002] Spectre V2 mitigation: disabled on command line.
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Vulnerable
(c) "spectre_v2=retpoline"
$ dmesg | grep -i spectre
[ 0.018002] Spectre V2 mitigation: kernel not compiled with retpoline; no mitigation available!
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Vulnerable
I think the output of (c) is correct for this case, or are these outputs actually right?
Also, the output of (a) is the same with following condition:
(1) CONFIG_RETPOLINE=n, and
(2) CONFIG_RETPOLINE=y but the compiler did not support retpoline
These cannot be distinguished unless option of (c) is explicitly used.
Regards,
Tomohiro Misono