From: Andi Kleen <[email protected]>
Add a marker for retpoline to the module VERMAGIC. This catches
the case when a non RETPOLINE compiled module gets loaded into
a retpoline kernel, making it insecure.
It doesn't handle the case when retpoline has been runtime disabled.
Even in this case the match of the retcompile status will be enforced.
This implies that even with retpoline run time disabled all modules
loaded need to be recompiled.
This supersedes an earlier patch that did the same checking using
a new module tag (so it's really a v3)
Signed-off-by: Andi Kleen <[email protected]>
---
include/linux/vermagic.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
index bae807eb2933..853291714ae0 100644
--- a/include/linux/vermagic.h
+++ b/include/linux/vermagic.h
@@ -31,11 +31,17 @@
#else
#define MODULE_RANDSTRUCT_PLUGIN
#endif
+#ifdef RETPOLINE
+#define MODULE_VERMAGIC_RETPOLINE "retpoline "
+#else
+#define MODULE_VERMAGIC_RETPOLINE ""
+#endif
#define VERMAGIC_STRING \
UTS_RELEASE " " \
MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \
MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \
MODULE_ARCH_VERMAGIC \
- MODULE_RANDSTRUCT_PLUGIN
+ MODULE_RANDSTRUCT_PLUGIN \
+ MODULE_VERMAGIC_RETPOLINE
--
2.14.3
On Tue, 16 Jan 2018, Andi Kleen wrote:
> From: Andi Kleen <[email protected]>
>
> Add a marker for retpoline to the module VERMAGIC. This catches
> the case when a non RETPOLINE compiled module gets loaded into
> a retpoline kernel, making it insecure.
>
> It doesn't handle the case when retpoline has been runtime disabled.
> Even in this case the match of the retcompile status will be enforced.
> This implies that even with retpoline run time disabled all modules
> loaded need to be recompiled.
>
> This supersedes an earlier patch that did the same checking using
> a new module tag (so it's really a v3)
>
> Signed-off-by: Andi Kleen <[email protected]>
Acked-by: Thomas Gleixner <[email protected]>
> ---
> include/linux/vermagic.h | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
> index bae807eb2933..853291714ae0 100644
> --- a/include/linux/vermagic.h
> +++ b/include/linux/vermagic.h
> @@ -31,11 +31,17 @@
> #else
> #define MODULE_RANDSTRUCT_PLUGIN
> #endif
> +#ifdef RETPOLINE
> +#define MODULE_VERMAGIC_RETPOLINE "retpoline "
> +#else
> +#define MODULE_VERMAGIC_RETPOLINE ""
> +#endif
>
> #define VERMAGIC_STRING \
> UTS_RELEASE " " \
> MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \
> MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \
> MODULE_ARCH_VERMAGIC \
> - MODULE_RANDSTRUCT_PLUGIN
> + MODULE_RANDSTRUCT_PLUGIN \
> + MODULE_VERMAGIC_RETPOLINE
>
> --
> 2.14.3
>
>
On Tue, Jan 16, 2018 at 10:24:53PM +0100, Thomas Gleixner wrote:
> On Tue, 16 Jan 2018, Andi Kleen wrote:
>
> > From: Andi Kleen <[email protected]>
> >
> > Add a marker for retpoline to the module VERMAGIC. This catches
> > the case when a non RETPOLINE compiled module gets loaded into
> > a retpoline kernel, making it insecure.
> >
> > It doesn't handle the case when retpoline has been runtime disabled.
> > Even in this case the match of the retcompile status will be enforced.
> > This implies that even with retpoline run time disabled all modules
> > loaded need to be recompiled.
> >
> > This supersedes an earlier patch that did the same checking using
> > a new module tag (so it's really a v3)
> >
> > Signed-off-by: Andi Kleen <[email protected]>
>
> Acked-by: Thomas Gleixner <[email protected]>
Thanks. Through which tree should this go?
Or Linus, could you take it directly?
-Andi
On Tue, Jan 16, 2018 at 12:52:28PM -0800, Andi Kleen wrote:
> From: Andi Kleen <[email protected]>
>
> Add a marker for retpoline to the module VERMAGIC. This catches
> the case when a non RETPOLINE compiled module gets loaded into
> a retpoline kernel, making it insecure.
>
> It doesn't handle the case when retpoline has been runtime disabled.
> Even in this case the match of the retcompile status will be enforced.
> This implies that even with retpoline run time disabled all modules
> loaded need to be recompiled.
>
> This supersedes an earlier patch that did the same checking using
> a new module tag (so it's really a v3)
>
> Signed-off-by: Andi Kleen <[email protected]>
Reviewed-by: Greg Kroah-Hartman <[email protected]>
On Tue, 16 Jan 2018, Andi Kleen wrote:
> On Tue, Jan 16, 2018 at 10:24:53PM +0100, Thomas Gleixner wrote:
> > On Tue, 16 Jan 2018, Andi Kleen wrote:
> >
> > > From: Andi Kleen <[email protected]>
> > >
> > > Add a marker for retpoline to the module VERMAGIC. This catches
> > > the case when a non RETPOLINE compiled module gets loaded into
> > > a retpoline kernel, making it insecure.
> > >
> > > It doesn't handle the case when retpoline has been runtime disabled.
> > > Even in this case the match of the retcompile status will be enforced.
> > > This implies that even with retpoline run time disabled all modules
> > > loaded need to be recompiled.
> > >
> > > This supersedes an earlier patch that did the same checking using
> > > a new module tag (so it's really a v3)
> > >
> > > Signed-off-by: Andi Kleen <[email protected]>
> >
> > Acked-by: Thomas Gleixner <[email protected]>
>
> Thanks. Through which tree should this go?
> Or Linus, could you take it directly?
I can route it through x86/pti where I have still stuff to send linuswards.
Thanks,
tglx
Commit-ID: 6cfb521ac0d5b97470883ff9b7facae264b7ab12
Gitweb: https://git.kernel.org/tip/6cfb521ac0d5b97470883ff9b7facae264b7ab12
Author: Andi Kleen <[email protected]>
AuthorDate: Tue, 16 Jan 2018 12:52:28 -0800
Committer: Thomas Gleixner <[email protected]>
CommitDate: Wed, 17 Jan 2018 11:35:14 +0100
module: Add retpoline tag to VERMAGIC
Add a marker for retpoline to the module VERMAGIC. This catches the case
when a non RETPOLINE compiled module gets loaded into a retpoline kernel,
making it insecure.
It doesn't handle the case when retpoline has been runtime disabled. Even
in this case the match of the retcompile status will be enforced. This
implies that even with retpoline run time disabled all modules loaded need
to be recompiled.
Signed-off-by: Andi Kleen <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Reviewed-by: Greg Kroah-Hartman <[email protected]>
Acked-by: David Woodhouse <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
---
include/linux/vermagic.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
index bae807e..8532917 100644
--- a/include/linux/vermagic.h
+++ b/include/linux/vermagic.h
@@ -31,11 +31,17 @@
#else
#define MODULE_RANDSTRUCT_PLUGIN
#endif
+#ifdef RETPOLINE
+#define MODULE_VERMAGIC_RETPOLINE "retpoline "
+#else
+#define MODULE_VERMAGIC_RETPOLINE ""
+#endif
#define VERMAGIC_STRING \
UTS_RELEASE " " \
MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \
MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \
MODULE_ARCH_VERMAGIC \
- MODULE_RANDSTRUCT_PLUGIN
+ MODULE_RANDSTRUCT_PLUGIN \
+ MODULE_VERMAGIC_RETPOLINE
On Wed, Jan 17, 2018 at 02:40:43AM -0800, tip-bot for Andi Kleen wrote:
> Commit-ID: 6cfb521ac0d5b97470883ff9b7facae264b7ab12
> Gitweb: https://git.kernel.org/tip/6cfb521ac0d5b97470883ff9b7facae264b7ab12
> Author: Andi Kleen <[email protected]>
> AuthorDate: Tue, 16 Jan 2018 12:52:28 -0800
> Committer: Thomas Gleixner <[email protected]>
> CommitDate: Wed, 17 Jan 2018 11:35:14 +0100
>
> module: Add retpoline tag to VERMAGIC
>
> Add a marker for retpoline to the module VERMAGIC. This catches the case
> when a non RETPOLINE compiled module gets loaded into a retpoline kernel,
> making it insecure.
>
> It doesn't handle the case when retpoline has been runtime disabled. Even
> in this case the match of the retcompile status will be enforced. This
> implies that even with retpoline run time disabled all modules loaded need
> to be recompiled.
If the user overrides the vermagic and loads the module, shouldn't we
update the spectre_v2 sysfs vulnerability status and print a warning
like in v2?
--
Josh
On Thu, 18 Jan 2018, Josh Poimboeuf wrote:
> On Wed, Jan 17, 2018 at 02:40:43AM -0800, tip-bot for Andi Kleen wrote:
> > Commit-ID: 6cfb521ac0d5b97470883ff9b7facae264b7ab12
> > Gitweb: https://git.kernel.org/tip/6cfb521ac0d5b97470883ff9b7facae264b7ab12
> > Author: Andi Kleen <[email protected]>
> > AuthorDate: Tue, 16 Jan 2018 12:52:28 -0800
> > Committer: Thomas Gleixner <[email protected]>
> > CommitDate: Wed, 17 Jan 2018 11:35:14 +0100
> >
> > module: Add retpoline tag to VERMAGIC
> >
> > Add a marker for retpoline to the module VERMAGIC. This catches the case
> > when a non RETPOLINE compiled module gets loaded into a retpoline kernel,
> > making it insecure.
> >
> > It doesn't handle the case when retpoline has been runtime disabled. Even
> > in this case the match of the retcompile status will be enforced. This
> > implies that even with retpoline run time disabled all modules loaded need
> > to be recompiled.
>
> If the user overrides the vermagic and loads the module, shouldn't we
> update the spectre_v2 sysfs vulnerability status and print a warning
> like in v2?
If the user does that then the sysfs output is not our problem anymore,
really.
Thanks,
tglx