• Andi Kleen's avatar
    module/retpoline: Warn about missing retpoline in module · caf7501a
    Andi Kleen authored
    There's a risk that a kernel which has full retpoline mitigations becomes
    vulnerable when a module gets loaded that hasn't been compiled with the
    right compiler or the right option.
    
    To enable detection of that mismatch at module load time, add a module info
    string "retpoline" at build time when the module was compiled with
    retpoline support. This only covers compiled C source, but assembler source
    or prebuilt object files are not checked.
    
    If a retpoline enabled kernel detects a non retpoline protected module at
    load time, print a warning and report it in the sysfs vulnerability file.
    
    [ tglx: Massaged changelog ]
    Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Cc: David Woodhouse <dwmw2@infradead.org>
    Cc: gregkh@linuxfoundation.org
    Cc: torvalds@linux-foundation.org
    Cc: jeyu@kernel.org
    Cc: arjan@linux.intel.com
    Link: https://lkml.kernel.org/r/20180125235028.31211-1-andi@firstfloor.org
    caf7501a
modpost.c 66.4 KB