retpoline/module: fall back to another spectre mitigation when disabling retpoline
Commit ("retpoline/module: Taint kernel for missing retpoline in module")
calls the new function disable_retpoline() when check_modinfo() determines
that a LKM being loaded was not compiled with retpoline.
This commit adds code to disable_retpoline() that attempts to fall back to
the Spectre v2 mitigations IBRS/IBPB when disabling retpoline.
Pseudocode for disable_retpoline():
if retpoline is not enabled
No messages/changes
return
if we are allowed to fall back to another mitigation
if IBRS is not in use
if we enabled it
spectre_v2_enabled = SPECTRE_V2_IBRS
pr_err("Spectre v2 mitigation set to IBRS.\n")
if we enabled IBPB mitigation
pr_err("Spectre v2 mitigation IBPB enabled.\n")
else
pr_err("Could not enable IBRS.\n")
spectre_v2_enabled = SPECTRE_V2_NONE
pr_err("No Spectre v2 mitigation to fall back to.\n")
else
spectre_v2_enabled = SPECTRE_V2_IBRS;
pr_err("Spectre v2 mitigation IBRS is set.\n")
else
spectre_v2_enabled = SPECTRE_V2_NONE;
pr_err("Cannot choose another Spectre v2 mitigation because retpoline_fallback is off.\n")
if spectre_v2_enabled == SPECTRE_V2_NONE
pr_err("system may be vulnerable to spectre\n")
The attempt to fall back can be disabled with the new kernel boot parameter
spectre_v2_heuristics=[retpoline_fallback=off]
Disabling retpoline fallback can also be done through debugfs
"retpoline_fallback".
Orabug:
27457549
Suggested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Chuck Anderson <chuck.anderson@oracle.com>
Reviewed-by: Todd Vierling <todd.vierling@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Conflicts:
Documentation/kernel-parameters.txt
arch/x86/include/asm/spec_ctrl.h
arch/x86/kernel/cpu/spec_ctrl.c
projects / users / jedix / linux-maple.git / commit