From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Wed, 24 Jan 2018 15:22:13 +0100
From: Greg Kroah-Hartman <gregkh@linux-foundation.org>
To: Jiri Kosina <jikos@kernel.org>
Cc: Andi Kleen <ak@linux.intel.com>, Borislav Petkov <bp@alien8.de>,
	David Woodhouse <dwmw@amazon.co.uk>, Paul Turner <pjt@google.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Dave Hansen <dave.hansen@intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Kees Cook <keescook@google.com>, Rik van Riel <riel@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Andy Lutomirski <luto@amacapital.net>, gnomes@lxorguk.ukuu.org.uk,
	x86@kernel.org, thomas.lendacky@amd.com,
	Josh Poimboeuf <jpoimboe@redhat.com>
Subject: Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select
 Spectre v2 mitigation
Message-ID: <20180124142213.GA11440@kroah.com>
References: <20180123224014.dsbzps4hydt6h7ed@pd.tnic>
 <nycvar.YFH.7.76.1801232348060.11852@cbobk.fhfr.pm>
 <20180123232125.GS7844@tassilo.jf.intel.com>
 <nycvar.YFH.7.76.1801240022450.11852@cbobk.fhfr.pm>
 <20180123234529.GU7844@tassilo.jf.intel.com>
 <nycvar.YFH.7.76.1801240046580.11852@cbobk.fhfr.pm>
 <20180124042631.GA6920@kroah.com>
 <nycvar.YFH.7.76.1801241046010.11852@cbobk.fhfr.pm>
 <20180124135851.GA22180@kroah.com>
 <nycvar.YFH.7.76.1801241500140.11852@cbobk.fhfr.pm>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <nycvar.YFH.7.76.1801241500140.11852@cbobk.fhfr.pm>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On Wed, Jan 24, 2018 at 03:03:48PM +0100, Jiri Kosina wrote:
> On Wed, 24 Jan 2018, Greg Kroah-Hartman wrote:
> 
> > > > I just thought since you were already using modversions in enterprise 
> > > > distros already, that adding it there would be the simplest.
> > > 
> > > The patch as-is introduces immediate modversion mismatch between 
> > > retpolined kernel and non-retpolined module, making each and every one 
> > > fail to load.
> > 
> > Good, the patch works then, because I thought that not loading
> > non-retpolined modules in a kernel that was built with retpoline was the
> > goal here.
> 
> No, we do not want to break loading of externally-built modules just 
> because they might contain indirect calls.
> 
> Warning in such situations / tainting the kernel / reporting "might be 
> vulnerable" in sysfs should be the proper way to go.
> 
> retpolines are not kernel ABI (towards modules) breaker, so let's not 
> pretend it is.

Ok, my fault, I should not have suggested that Andi do the check this
way then.  I thought we wanted to make this part of the kernel ABI.

I'll go make up a patch to revert this now...

thanks,

greg k-h