module/retpoline: Warn about missing retpoline in module

[pandora-kernel.git] / arch / x86 / kernel / cpu / bugs.c

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index a61b785..8838d31 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -10,6 +10,7 @@
 #include <linux/init.h>
 #include <linux/utsname.h>
 #include <linux/cpu.h>
+#include <linux/module.h>
 
 #include <asm/nospec-branch.h>
 #include <asm/cmdline.h>
@@ -235,6 +236,19 @@ static const char *spectre_v2_strings[] = {
 #define pr_fmt(fmt)     "Spectre V2 mitigation: " fmt
 
 static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
+static bool spectre_v2_bad_module;
+
+#ifdef RETPOLINE
+bool retpoline_module_ok(bool has_retpoline)
+{
+       if (spectre_v2_enabled == SPECTRE_V2_NONE || has_retpoline)
+               return true;
+
+       pr_err("System may be vunerable to spectre v2\n");
+       spectre_v2_bad_module = true;
+       return false;
+}
+#endif
 
 static void __init spec2_print_if_insecure(const char *reason)
 {
@@ -420,6 +434,7 @@ ssize_t cpu_show_spectre_v2(struct sysdev_class *dev,
        if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
                return sprintf(buf, "Not affected\n");
 
-       return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]);
+       return sprintf(buf, "%s%s\n", spectre_v2_strings[spectre_v2_enabled],
+                      spectre_v2_bad_module ? " - vulnerable module loaded" : "");
 }
 #endif