On Sat, Jan 13, 2018 at 04:36:44PM +0100, Greg KH wrote:
> On Sat, Jan 13, 2018 at 06:53:00AM -0800, Andi Kleen wrote:
> > > > When the a module hasn't been compiled with a retpoline
> > > > aware compiler, print a warning and set a taint flag.
> > >
> > > Isn't that caught by the "build with a di
> It is not unlikely that most of a module's code is released as a
> binary 'blob', with only the part that needs to match the kernel ABI
> compiled on the target system.
Yes that is true. However such blob build systems are usually
done with custom Makefiles, not Kbuild, and those Makefiles don't
From: David Woodhouse
> Sent: 15 January 2018 13:01
> On Mon, 2018-01-15 at 12:53 +, Van De Ven, Arjan wrote:
> >
> > binary what? ;-)
> >
> > retpoline (or lack thereof) is part of the kernel ABI at this point
>
> Strictly speaking, only lack thereof.
>
> If you build the kernel without
On Mon, 2018-01-15 at 12:53 +, Van De Ven, Arjan wrote:
>
> binary what? ;-)
>
> retpoline (or lack thereof) is part of the kernel ABI at this pointÂ
Strictly speaking, only lack thereof.
If you build the kernel without CONFIG_RETPOLINE, you can't build
modules with retpoline and then e
> > For modules it is checked at compile time, however it cannot
> > check assembler or other non compiled objects used in the module link.
>
> It is not unlikely that most of a module's code is released as a
> binary 'blob', with only the part that needs to match the kernel ABI
> compiled on the
From: Andi Kleen
> Sent: 12 January 2018 17:55
>
> There's a risk that a kernel that has full retpoline mitigations
> becomes vulnerable when a module gets loaded that hasn't been
> compiled with the right compiler or the right option.
>
> We cannot fix it, but should at least warn the user when
> > Also what's the point of putting this information into every symbol?
>
> It makes it easy to check :)
Easier than nm?
Per symbol still doesn't make any sense to me.
>
> > Once per module is good enough.
> >
> > We already have similar checks for staging etc.
>
> Sure, but this is more of
On Sat, Jan 13, 2018 at 02:38:51PM +, Van De Ven, Arjan wrote:
> > > When the a module hasn't been compiled with a retpoline
> > > aware compiler, print a warning and set a taint flag.
> >
> > Isn't that caught by the "build with a different compiler/version" check
> > that we have? Or used t
On Sat, Jan 13, 2018 at 06:53:00AM -0800, Andi Kleen wrote:
> > > When the a module hasn't been compiled with a retpoline
> > > aware compiler, print a warning and set a taint flag.
> >
> > Isn't that caught by the "build with a different compiler/version" check
> > that we have? Or used to have?
> > When the a module hasn't been compiled with a retpoline
> > aware compiler, print a warning and set a taint flag.
>
> Isn't that caught by the "build with a different compiler/version" check
> that we have? Or used to have? If not, can't we just make it into that
- the compiler version numb
> > When the a module hasn't been compiled with a retpoline
> > aware compiler, print a warning and set a taint flag.
>
> Isn't that caught by the "build with a different compiler/version" check
> that we have? Or used to have? If not, can't we just make it into that
> type of check to catch thi
On Fri, Jan 12, 2018 at 09:55:07AM -0800, Andi Kleen wrote:
> From: Andi Kleen
>
> There's a risk that a kernel that has full retpoline mitigations
> becomes vulnerable when a module gets loaded that hasn't been
> compiled with the right compiler or the right option.
>
> We cannot fix it, but sh
> It doesn't make a lot of sense to have a taint flag for a *partial*
> retpoline, but not in the case that we have *no* mitigation in place.
The only thing that makes sense checking for is the C compiler
option. Everything else which needs manual changes we cannot check.
So even if we add more t
On Fri, 2018-01-12 at 09:55 -0800, Andi Kleen wrote:
> From: Andi Kleen
>
> There's a risk that a kernel that has full retpoline mitigations
> becomes vulnerable when a module gets loaded that hasn't been
> compiled with the right compiler or the right option.
>
> We cannot fix it, but should at
From: Andi Kleen
There's a risk that a kernel that has full retpoline mitigations
becomes vulnerable when a module gets loaded that hasn't been
compiled with the right compiler or the right option.
We cannot fix it, but should at least warn the user when that
happens.
Add a flag to each module
15 matches
Mail list logo
