Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

[Borislav Petkov]

On Wed, Aug 14, 2019 at 01:00:41AM +0300, Kernel User wrote:
> That could be clarified like:
> 
> vulnerability1 - mitigation MDS
> vulnerability2 - mitigation MDS
> vulnerability3 - mitigation 3 (another mitigation)
> ...
>
> Then it could be a file with content saying "No mitigation".

And keep adding a sysfs file for each new variant and CVE?

Hell no.

> Knowing that there is no mitigation or that a CPU is not affected is
> quite different from not knowing anything. So I don't see why you
> conclude that knowledge is unnecessary.

IMO, what you want does not belong in sysfs but in documentation.

I partially see your point that a table of sorts mapping all those CPU
vulnerability names to (possible) mitigations is needed for users which
would like to know whether they're covered, without having to run some
scripts from github, but sysfs just ain't the place.

Again, this is only my opinion.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.