Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation

From: Jiri Kosina
Date: Tue Jan 23 2018 - 18:07:02 EST

Next message: Bart Van Assche: "Re: [PATCH v2] bsg: use pr_debug instead of hand craftet macros"
Previous message: Andi Kleen: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
In reply to: Kees Cook: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Next in thread: Andi Kleen: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 23 Jan 2018, Jiri Kosina wrote:

> So that vermagic patch doesn't really help anything in real world (FWIW
> I've just dropped it from SLE kernel). "Potentially insecure" doesn't mean
> it shouldn't be loaded if the user wishes so. Only "functionally
> incorrect" (which is the kernel ABI compatibility check) should be the
> show stopper.

... one of the supporting arguments here obviously is: those external
modules are quite often opening so many *other* holes into the system,
that refusing to load it *just* because of kernel being retpolined while
the module is not sounds more like not lettting a drunk and armed
terrorist drive a plane, with the justification being the lack of a proper
stamped license.

--
Jiri Kosina
SUSE Labs

Next message: Bart Van Assche: "Re: [PATCH v2] bsg: use pr_debug instead of hand craftet macros"
Previous message: Andi Kleen: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
In reply to: Kees Cook: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Next in thread: Andi Kleen: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]