Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

2019-08-17 Thread Kernel User
Thomas Gleixner, Alright. Then I guess I am wasting everyone's time and everything is as it should be according to you. I will unsubscribe from this mailing list because it is flooding my mail box with so many messages and I don't know of any way to subscribe only to this particular thread.

Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

2019-08-15 Thread Thomas Gleixner
On Thu, 15 Aug 2019, Kernel User wrote: > On Thu, 15 Aug 2019 11:03:35 +0200 (CEST) Thomas Gleixner wrote: > > > It's used to denote vulnerability classes and their mitigations: > > > > - Spectre v1 > > - Spectre v2 > > - Meltdown > > - SSB > > - L1TF > > - MDS > > In the Wikipedia

Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

2019-08-15 Thread Kernel User
On Thu, 15 Aug 2019 11:03:35 +0200 (CEST) Thomas Gleixner wrote: > It's used to denote vulnerability classes and their mitigations: > > - Spectre v1 > - Spectre v2 > - Meltdown > - SSB > - L1TF > - MDS In the Wikipedia article there are: + Bounds Check Bypass (Spectre, Variant 1) +

Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

2019-08-15 Thread Thomas Gleixner
On Wed, 14 Aug 2019, Kernel User wrote: > On Wed, 14 Aug 2019 09:04:57 +0200 Borislav Petkov wrote: > > > IMO, what you want does not belong in sysfs but in documentation. > > How would documentation (a fixed static text file) tell whether a > particular system is vulnerable or not? > > > I

Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

2019-08-14 Thread Kernel User
On Wed, 14 Aug 2019 09:04:57 +0200 Borislav Petkov wrote: > IMO, what you want does not belong in sysfs but in documentation. How would documentation (a fixed static text file) tell whether a particular system is vulnerable or not? > I partially see your point that a table of sorts mapping all

Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

2019-08-14 Thread Borislav Petkov
On Wed, Aug 14, 2019 at 01:00:41AM +0300, Kernel User wrote: > That could be clarified like: > > vulnerability1 - mitigation MDS > vulnerability2 - mitigation MDS > vulnerability3 - mitigation 3 (another mitigation) > ... > > Then it could be a file with content saying "No mitigation". And keep

Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

2019-08-13 Thread Kernel User
On Tue, 13 Aug 2019 23:21:15 +0200 Borislav Petkov wrote: > You have to consider that some of those are addressed by a single mitigation like MDS That could be clarified like: vulnerability1 - mitigation MDS vulnerability2 - mitigation MDS vulnerability3 - mitigation 3 (another mitigation) ...

Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

2019-08-13 Thread Borislav Petkov
On Tue, Aug 13, 2019 at 11:28:29PM +0300, Kernel User wrote: > Hi, > > 'ls /sys/devices/system/cpu/vulnerabilities/' doesn't show all known > CPU vulnerabilities and their variants. Only some of them: > > l1tf mds meltdown spec_store_bypass spectre_v1 spectre_v2 > > Wikipedia shows more