retpoline: Show correct spectrev2 mitigation after loading non-retpoline module
If a loaded kernel module is not built with retpoline capabilities,
the kernel is tainted and sysfs reports the system as "Vulnerable"
to spectre v2, even though the retpoline mitigation is still enabled.
Change the message displayed in sysfs to report when a non-retpoline
module has been loaded using the new format:
Mitigation: Full generic retpoline (non-retpoline module(s) has been loaded), IBRS_FW, IBPB
This enables more precise tracking of the security status by
differentiating the cases where no spectre v2 mitigation is
available (Vulnerable), and when retpoline is available/active but
a vulnerable module has introduced a potential attack vector.
Orabug:
30185537
Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
projects / users / jedix / linux-maple.git / commit