On Tue, 16 Jan 2018, Andi Kleen wrote: > From: Andi Kleen <[email protected]> > > Add a marker for retpoline to the module VERMAGIC. This catches > the case when a non RETPOLINE compiled module gets loaded into > a retpoline kernel, making it insecure. > > It doesn't handle the case when retpoline has been runtime disabled. > Even in this case the match of the retcompile status will be enforced. > This implies that even with retpoline run time disabled all modules > loaded need to be recompiled. > > This supersedes an earlier patch that did the same checking using > a new module tag (so it's really a v3) > > Signed-off-by: Andi Kleen <[email protected]>
Acked-by: Thomas Gleixner <[email protected]> > --- > include/linux/vermagic.h | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h > index bae807eb2933..853291714ae0 100644 > --- a/include/linux/vermagic.h > +++ b/include/linux/vermagic.h > @@ -31,11 +31,17 @@ > #else > #define MODULE_RANDSTRUCT_PLUGIN > #endif > +#ifdef RETPOLINE > +#define MODULE_VERMAGIC_RETPOLINE "retpoline " > +#else > +#define MODULE_VERMAGIC_RETPOLINE "" > +#endif > > #define VERMAGIC_STRING \ > UTS_RELEASE " " \ > MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \ > MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \ > MODULE_ARCH_VERMAGIC \ > - MODULE_RANDSTRUCT_PLUGIN > + MODULE_RANDSTRUCT_PLUGIN \ > + MODULE_VERMAGIC_RETPOLINE > > -- > 2.14.3 > >
