On Sat, Jan 13, 2018 at 02:38:51PM +0000, Van De Ven, Arjan wrote: > > > When the a module hasn't been compiled with a retpoline > > > aware compiler, print a warning and set a taint flag. > > > > Isn't that caught by the "build with a different compiler/version" check > > that we have? Or used to have? If not, can't we just make it into that > > type of check to catch this type of problem no matter what type of > > feature/option it is trying to catch? > > > making retpoline part of the modversion hash thingy could make sense. > > but I kinda feel this is a bit overkill; it's not a function issue if > you get this wrong, and if you run an ancient or weird out of tree > module there's a real chance you have other security fun as well ;-)
Sure, but take pity on the crazy distro developers who have to support crap like this. They really want to know if a module is built differently from the kernel, to force the user to know they are on their own. modversion seems like a trivial thing to mix this into, and solves the distro issue at the same time. thanks, greg k-h
