On Wed, 24 Jan 2018, Greg Kroah-Hartman wrote: > > > I just thought since you were already using modversions in enterprise > > > distros already, that adding it there would be the simplest. > > > > The patch as-is introduces immediate modversion mismatch between > > retpolined kernel and non-retpolined module, making each and every one > > fail to load. > > Good, the patch works then, because I thought that not loading > non-retpolined modules in a kernel that was built with retpoline was the > goal here.
No, we do not want to break loading of externally-built modules just because they might contain indirect calls. Warning in such situations / tainting the kernel / reporting "might be vulnerable" in sysfs should be the proper way to go. retpolines are not kernel ABI (towards modules) breaker, so let's not pretend it is. Thanks, -- Jiri Kosina SUSE Labs
