module/retpoline: Warn about missing retpoline in module

[linux.git] / arch / x86 / kernel / cpu / bugs.c

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 390b3dc3d43827a88537e3208462755b565cb838..4a39d7bb4bd87b50891fb06dfb248c8e388bdc08 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -11,6 +11,7 @@
 #include <linux/init.h>
 #include <linux/utsname.h>
 #include <linux/cpu.h>
+#include <linux/module.h>
 
 #include <asm/nospec-branch.h>
 #include <asm/cmdline.h>
@@ -93,6 +94,19 @@ static const char *spectre_v2_strings[] = {
 #define pr_fmt(fmt)     "Spectre V2 mitigation: " fmt
 
 static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
+static bool spectre_v2_bad_module;
+
+#ifdef RETPOLINE
+bool retpoline_module_ok(bool has_retpoline)
+{
+       if (spectre_v2_enabled == SPECTRE_V2_NONE || has_retpoline)
+               return true;
+
+       pr_err("System may be vunerable to spectre v2\n");
+       spectre_v2_bad_module = true;
+       return false;
+}
+#endif
 
 static void __init spec2_print_if_insecure(const char *reason)
 {
@@ -278,6 +292,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev,
        if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
                return sprintf(buf, "Not affected\n");
 
-       return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]);
+       return sprintf(buf, "%s%s\n", spectre_v2_strings[spectre_v2_enabled],
+                      spectre_v2_bad_module ? " - vulnerable module loaded" : "");
 }
 #endif