On Wed, 3 Jan 2018, Andi Kleen wrote: > unwind_init(); > + > +#ifndef RETPOLINE > + add_taint(TAINT_NO_RETPOLINE, LOCKDEP_STILL_OK); > + pr_warn("No support for retpoline in kernel compiler\n"); > + pr_warn("Kernel may be vulnerable to data leaks.\n");
That's blantantly wrong. The kernel is not vulnerable to data leaks. The hardware is. An that's what the CPU_BUG bit is for. If the mitigation is in place, activate the proper feature bit like we did with PTI Thanks, tglx