Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Borislav Petkov <bp@alien8.de>
To: Kernel User <linux-kernel@riseup.net>
Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, x86@kernel.org
Subject: Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities
Date: Wed, 14 Aug 2019 09:04:57 +0200	[thread overview]
Message-ID: <20190814070457.GA26456@zn.tnic> (raw)
In-Reply-To: <20190814010041.098fe4be@localhost>

On Wed, Aug 14, 2019 at 01:00:41AM +0300, Kernel User wrote:
> That could be clarified like:
> 
> vulnerability1 - mitigation MDS
> vulnerability2 - mitigation MDS
> vulnerability3 - mitigation 3 (another mitigation)
> ...
>
> Then it could be a file with content saying "No mitigation".

And keep adding a sysfs file for each new variant and CVE?

Hell no.

> Knowing that there is no mitigation or that a CPU is not affected is
> quite different from not knowing anything. So I don't see why you
> conclude that knowledge is unnecessary.

IMO, what you want does not belong in sysfs but in documentation.

I partially see your point that a table of sorts mapping all those CPU
vulnerability names to (possible) mitigations is needed for users which
would like to know whether they're covered, without having to run some
scripts from github, but sysfs just ain't the place.

Again, this is only my opinion.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

next prev parent reply	other threads:[~2019-08-14  7:04 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-13 20:28 /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities Kernel User
2019-08-13 21:21 ` Borislav Petkov
2019-08-13 22:00   ` Kernel User
2019-08-14  7:04     ` Borislav Petkov [this message]
2019-08-14  9:11       ` Kernel User
2019-08-15  9:03         ` Thomas Gleixner
2019-08-15 19:37           ` Kernel User
2019-08-15 20:04             ` Thomas Gleixner
2019-08-17 20:41               ` Kernel User

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190814070457.GA26456@zn.tnic \
    --to=bp@alien8.de \
    --cc=linux-kernel@riseup.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mhocko@suse.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.