On Wed, Jan 24, 2018 at 03:03:48PM +0100, Jiri Kosina wrote: > On Wed, 24 Jan 2018, Greg Kroah-Hartman wrote: > > > > > I just thought since you were already using modversions in enterprise > > > > distros already, that adding it there would be the simplest. > > > > > > The patch as-is introduces immediate modversion mismatch between > > > retpolined kernel and non-retpolined module, making each and every one > > > fail to load. > > > > Good, the patch works then, because I thought that not loading > > non-retpolined modules in a kernel that was built with retpoline was the > > goal here. > > No, we do not want to break loading of externally-built modules just > because they might contain indirect calls. > > Warning in such situations / tainting the kernel / reporting "might be > vulnerable" in sysfs should be the proper way to go. > > retpolines are not kernel ABI (towards modules) breaker, so let's not > pretend it is.
Ok, my fault, I should not have suggested that Andi do the check this way then. I thought we wanted to make this part of the kernel ABI. I'll go make up a patch to revert this now... thanks, greg k-h
