Re: [PATCHv6 01/16] x86/cpu: Enumerate the LASS feature bits

[Kirill A. Shutemov]

On Mon, Jun 23, 2025 at 12:21:05PM +0200, Borislav Petkov wrote:
> On Mon, Jun 23, 2025 at 11:17:02AM +0300, Kirill A. Shutemov wrote:
> > What about this:
> > 
> > LASS provides protection against a class of speculative attacks, such as
> > SLAM[1]. Add the "lass" flag to /proc/cpuinfo to indicate that the feature
> > is supported by hardware and enabled by the kernel. This allows userspace
> > to determine if the setup is secure against such attacks.
> 
> Yeah, thanks.
> 
> I'm still not fully on board with userspace determining whether they're
> mitigated or not but that's a general problem with our mitigations.
> 
> Also, I haven't looked at the patchset yet but I think it should be also
> adding code to bugs.c to make all those vulns which it addresses, report that
> they're mitigated by LASS now in
> 
> grep -r . /sys/devices/system/cpu/vulnerabilities/
> 
> output.
> 
> Which makes your cpuinfo flag not really needed as we already have a special
> method for the mitigations reporting.
> 
> But ok, it has gotten kernel enablement so stating so in cpuinfo is ok.

Due to SLAM, we decided to postpone LAM enabling, until LASS is landed.

I am not sure if we want to add static
/sys/devices/system/cpu/vulnerabilities/slam with "Mitigation: LASS".

There might be other yet-to-be-discovered speculative attacks that LASS
mitigates. Security features have to visible to userspace independently of
known vulnerabilities.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov