Hello, I think dmesg/sysfs output messages are not suitable if retpoline config is off:
I intentionally compiled the kernel 4.15.0 with CONFIG_RETPOLINE=n for test and boot it with the following kernel command line option to check dmesg/sysfs: (a) no command line option or "spectre_v2=on" or "spectre_v2=auto" $ dmesg | grep -i spectre [ 0.017714] Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 Minimal generic ASM retpoline (b) "spectre_v2=off" $ dmesg | grep -i spectre [ 0.017002] Spectre V2 mitigation: disabled on command line. $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 Vulnerable (c) "spectre_v2=retpoline" $ dmesg | grep -i spectre [ 0.018002] Spectre V2 mitigation: kernel not compiled with retpoline; no mitigation available! $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 Vulnerable I think the output of (c) is correct for this case, or are these outputs actually right? Also, the output of (a) is the same with following condition: (1) CONFIG_RETPOLINE=n, and (2) CONFIG_RETPOLINE=y but the compiler did not support retpoline These cannot be distinguished unless option of (c) is explicitly used. Regards, Tomohiro Misono