diff options
| author | Andi Kleen <ak@linux.intel.com> | 2018-01-25 18:50:28 -0500 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2018-01-26 09:03:56 -0500 |
| commit | caf7501a1b4ec964190f31f9c3f163de252273b8 (patch) | |
| tree | f626e796eb8f30eca268595ca07dc90e00b06ec3 /scripts/mod | |
| parent | c940a3fb1e2e9b7d03228ab28f375fb5a47ff699 (diff) | |
module/retpoline: Warn about missing retpoline in module
There's a risk that a kernel which has full retpoline mitigations becomes
vulnerable when a module gets loaded that hasn't been compiled with the
right compiler or the right option.
To enable detection of that mismatch at module load time, add a module info
string "retpoline" at build time when the module was compiled with
retpoline support. This only covers compiled C source, but assembler source
or prebuilt object files are not checked.
If a retpoline enabled kernel detects a non retpoline protected module at
load time, print a warning and report it in the sysfs vulnerability file.
[ tglx: Massaged changelog ]
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: gregkh@linuxfoundation.org
Cc: torvalds@linux-foundation.org
Cc: jeyu@kernel.org
Cc: arjan@linux.intel.com
Link: https://lkml.kernel.org/r/20180125235028.31211-1-andi@firstfloor.org
Diffstat (limited to 'scripts/mod')
| -rw-r--r-- | scripts/mod/modpost.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 98314b400a95..54deaa1066cf 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c | |||
| @@ -2165,6 +2165,14 @@ static void add_intree_flag(struct buffer *b, int is_intree) | |||
| 2165 | buf_printf(b, "\nMODULE_INFO(intree, \"Y\");\n"); | 2165 | buf_printf(b, "\nMODULE_INFO(intree, \"Y\");\n"); |
| 2166 | } | 2166 | } |
| 2167 | 2167 | ||
| 2168 | /* Cannot check for assembler */ | ||
| 2169 | static void add_retpoline(struct buffer *b) | ||
| 2170 | { | ||
| 2171 | buf_printf(b, "\n#ifdef RETPOLINE\n"); | ||
| 2172 | buf_printf(b, "MODULE_INFO(retpoline, \"Y\");\n"); | ||
| 2173 | buf_printf(b, "#endif\n"); | ||
| 2174 | } | ||
| 2175 | |||
| 2168 | static void add_staging_flag(struct buffer *b, const char *name) | 2176 | static void add_staging_flag(struct buffer *b, const char *name) |
| 2169 | { | 2177 | { |
| 2170 | static const char *staging_dir = "drivers/staging"; | 2178 | static const char *staging_dir = "drivers/staging"; |
| @@ -2506,6 +2514,7 @@ int main(int argc, char **argv) | |||
| 2506 | err |= check_modname_len(mod); | 2514 | err |= check_modname_len(mod); |
| 2507 | add_header(&buf, mod); | 2515 | add_header(&buf, mod); |
| 2508 | add_intree_flag(&buf, !external_module); | 2516 | add_intree_flag(&buf, !external_module); |
| 2517 | add_retpoline(&buf); | ||
| 2509 | add_staging_flag(&buf, mod->name); | 2518 | add_staging_flag(&buf, mod->name); |
| 2510 | err |= add_versions(&buf, mod); | 2519 | err |= add_versions(&buf, mod); |
| 2511 | add_depends(&buf, mod, modules); | 2520 | add_depends(&buf, mod, modules); |