> It doesn't make a lot of sense to have a taint flag for a *partial* > retpoline, but not in the case that we have *no* mitigation in place.
The only thing that makes sense checking for is the C compiler option. Everything else which needs manual changes we cannot check. So even if we add more things I don't think this particular check will change. > So maybe we should drop the taint part, and just make the kernel report > that it is (partially) vulnerable to Spectre V2, just as in the > CONFIG_RETPOLINE && !RETPOLINE case? Ok I can drop the taint part. The reporting is already implemented. -Andi
