On Fri, Jun 20, 2025 at 08:29:43PM +0200, Borislav Petkov wrote: > On Fri, Jun 20, 2025 at 08:33:36PM +0300, Kirill A. Shutemov wrote: > > What is current policy around it ? > > Documentation/arch/x86/cpuinfo.rst > > > I think it is useful to advertise security features in cpuinfo. > > Because who's going to consume them? > > Don't get me wrong - I am trying to see whether the whole use case for this is > well thought out. Because it becomes an ABI. > > But if no one is going to use it, why bother? > > Arguably, for this thing the argument would be - as it is put in that file > above: > > "So, the current use of /proc/cpuinfo is to show features which the > kernel has *enabled* and *supports*." > > as it has been enabled by machinery. > > So that's ok. I'm just making sure we're on the same page and you're not > aiming at something completely different with this. What about this: LASS provides protection against a class of speculative attacks, such as SLAM[1]. Add the "lass" flag to /proc/cpuinfo to indicate that the feature is supported by hardware and enabled by the kernel. This allows userspace to determine if the setup is secure against such attacks. [1] https://download.vusec.net/papers/slam_sp24.pdf -- Kiryl Shutsemau / Kirill A. Shutemov
