From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934613AbeAOQsQ (ORCPT + 1 other); Mon, 15 Jan 2018 11:48:16 -0500 Received: from one.firstfloor.org ([193.170.194.197]:48838 "EHLO one.firstfloor.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932174AbeAOQsO (ORCPT ); Mon, 15 Jan 2018 11:48:14 -0500 Date: Mon, 15 Jan 2018 08:48:12 -0800 From: Andi Kleen To: David Laight Cc: 'Andi Kleen' , "tglx@linutronix.de" , "dwmw@amazon.co.uk" , "torvalds@linux-foundation.org" , "linux-kernel@vger.kernel.org" , "gregkh@linuxfoundation.org" , "arjan.van.de.ven@intel.com" , "peterz@infradead.org" , Andi Kleen , "jeyu@kernel.org" Subject: Re: [PATCH] retpoline/module: Taint kernel for missing retpoline in module Message-ID: <20180115164811.oqf5yo56vx255hej@two.firstfloor.org> References: <20180112175507.31750-1-andi@firstfloor.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: > It is not unlikely that most of a module's code is released as a > binary 'blob', with only the part that needs to match the kernel ABI > compiled on the target system. Yes that is true. However such blob build systems are usually done with custom Makefiles, not Kbuild, and those Makefiles don't set -DRETPOLINE, so it would still be caught. Now if someone sets -DRETPOLINE on a blob build it wouldn't warn, but that would be actively malicious and there's no way to protect against that. It's merely aimed at detecting mistakes. -Andi