1 files changed, 0 insertions, 159 deletions

diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0007-module-retpoline-Warn-about-missing-retpoline-in-mod.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0007-module-retpoline-Warn-about-missing-retpoline-in-mod.patch
deleted file mode 100644
index be5712b6..00000000
--- a/common/recipes-kernel/linux/linux-yocto-4.9.21/0007-module-retpoline-Warn-about-missing-retpoline-in-mod.patch
+++ /dev/null
@@ -1,159 +0,0 @@
-From dabd9b2a92eda21c93aeee9f7bf8f369fed15833 Mon Sep 17 00:00:00 2001
-From: Andi Kleen <ak@linux.intel.com>
-Date: Thu, 25 Jan 2018 15:50:28 -0800
-Subject: [PATCH 07/42] module/retpoline: Warn about missing retpoline in
- module
-
-(cherry picked from commit caf7501a1b4ec964190f31f9c3f163de252273b8)
-
-There's a risk that a kernel which has full retpoline mitigations becomes
-vulnerable when a module gets loaded that hasn't been compiled with the
-right compiler or the right option.
-
-To enable detection of that mismatch at module load time, add a module info
-string "retpoline" at build time when the module was compiled with
-retpoline support. This only covers compiled C source, but assembler source
-or prebuilt object files are not checked.
-
-If a retpoline enabled kernel detects a non retpoline protected module at
-load time, print a warning and report it in the sysfs vulnerability file.
-
-[ tglx: Massaged changelog ]
-
-Signed-off-by: Andi Kleen <ak@linux.intel.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: David Woodhouse <dwmw2@infradead.org>
-Cc: gregkh@linuxfoundation.org
-Cc: torvalds@linux-foundation.org
-Cc: jeyu@kernel.org
-Cc: arjan@linux.intel.com
-Link: https://lkml.kernel.org/r/20180125235028.31211-1-andi@firstfloor.org
-Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/x86/kernel/cpu/bugs.c | 17 ++++++++++++++++-
- include/linux/module.h     |  9 +++++++++
- kernel/module.c            | 11 +++++++++++
- scripts/mod/modpost.c      |  9 +++++++++
- 4 files changed, 45 insertions(+), 1 deletion(-)
-
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index 8cacf62..4cea7d4 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -10,6 +10,7 @@
- #include <linux/init.h>
- #include <linux/utsname.h>
- #include <linux/cpu.h>
-+#include <linux/module.h>
- 
- #include <asm/nospec-branch.h>
- #include <asm/cmdline.h>
-@@ -92,6 +93,19 @@ static const char *spectre_v2_strings[] = {
- #define pr_fmt(fmt)     "Spectre V2 mitigation: " fmt
- 
- static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
-+static bool spectre_v2_bad_module;
-+
-+#ifdef RETPOLINE
-+bool retpoline_module_ok(bool has_retpoline)
-+{
-+	if (spectre_v2_enabled == SPECTRE_V2_NONE || has_retpoline)
-+		return true;
-+
-+	pr_err("System may be vunerable to spectre v2\n");
-+	spectre_v2_bad_module = true;
-+	return false;
-+}
-+#endif
- 
- static void __init spec2_print_if_insecure(const char *reason)
- {
-@@ -277,6 +291,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev,
- 	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
- 		return sprintf(buf, "Not affected\n");
- 
--	return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]);
-+	return sprintf(buf, "%s%s\n", spectre_v2_strings[spectre_v2_enabled],
-+		       spectre_v2_bad_module ? " - vulnerable module loaded" : "");
- }
- #endif
-diff --git a/include/linux/module.h b/include/linux/module.h
-index 0c3207d..d2224a0 100644
---- a/include/linux/module.h
-+++ b/include/linux/module.h
-@@ -791,6 +791,15 @@ static inline void module_bug_finalize(const Elf_Ehdr *hdr,
- static inline void module_bug_cleanup(struct module *mod) {}
- #endif	/* CONFIG_GENERIC_BUG */
- 
-+#ifdef RETPOLINE
-+extern bool retpoline_module_ok(bool has_retpoline);
-+#else
-+static inline bool retpoline_module_ok(bool has_retpoline)
-+{
-+	return true;
-+}
-+#endif
-+
- #ifdef CONFIG_MODULE_SIG
- static inline bool module_sig_ok(struct module *module)
- {
-diff --git a/kernel/module.c b/kernel/module.c
-index 0e54d5b..07bfb99 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -2817,6 +2817,15 @@ static int check_modinfo_livepatch(struct module *mod, struct load_info *info)
- }
- #endif /* CONFIG_LIVEPATCH */
- 
-+static void check_modinfo_retpoline(struct module *mod, struct load_info *info)
-+{
-+	if (retpoline_module_ok(get_modinfo(info, "retpoline")))
-+		return;
-+
-+	pr_warn("%s: loading module not compiled with retpoline compiler.\n",
-+		mod->name);
-+}
-+
- /* Sets info->hdr and info->len. */
- static int copy_module_from_user(const void __user *umod, unsigned long len,
- 				  struct load_info *info)
-@@ -2969,6 +2978,8 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
- 		add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
- 	}
- 
-+	check_modinfo_retpoline(mod, info);
-+
- 	if (get_modinfo(info, "staging")) {
- 		add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
- 		pr_warn("%s: module is from the staging directory, the quality "
-diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 325f1af..96a8047 100644
---- a/scripts/mod/modpost.c
-+++ b/scripts/mod/modpost.c
-@@ -2130,6 +2130,14 @@ static void add_intree_flag(struct buffer *b, int is_intree)
- 		buf_printf(b, "\nMODULE_INFO(intree, \"Y\");\n");
- }
- 
-+/* Cannot check for assembler */
-+static void add_retpoline(struct buffer *b)
-+{
-+	buf_printf(b, "\n#ifdef RETPOLINE\n");
-+	buf_printf(b, "MODULE_INFO(retpoline, \"Y\");\n");
-+	buf_printf(b, "#endif\n");
-+}
-+
- static void add_staging_flag(struct buffer *b, const char *name)
- {
- 	static const char *staging_dir = "drivers/staging";
-@@ -2474,6 +2482,7 @@ int main(int argc, char **argv)
- 
- 		add_header(&buf, mod);
- 		add_intree_flag(&buf, !external_module);
-+		add_retpoline(&buf);
- 		add_staging_flag(&buf, mod->name);
- 		err |= add_versions(&buf, mod);
- 		add_depends(&buf, mod, modules);
--- 
-2.7.4
-