On Wed, 3 Jan 2018, Andi Kleen wrote:
> unwind_init();
> +
> +#ifndef RETPOLINE
> + add_taint(TAINT_NO_RETPOLINE, LOCKDEP_STILL_OK);
> + pr_warn("No support for retpoline in kernel compiler\n");
> + pr_warn("Kernel may be vulnerable to data leaks.\n");
That's blantantly wrong.
The kernel is not vulnerable to data leaks. The hardware is.
An that's what the CPU_BUG bit is for. If the mitigation is in place,
activate the proper feature bit like we did with PTI
Thanks,
tglx
