On Thu, Jun 26, 2025 at 05:18:37PM +0200, Borislav Petkov wrote:
> On Mon, Jun 23, 2025 at 04:42:41PM +0300, Kirill A. Shutemov wrote:
> > Due to SLAM, we decided to postpone LAM enabling, until LASS is landed.
> >
> > I am not sure if we want to add static
> > /sys/devices/system/cpu/vulnerabilities/slam with "Mitigation: LASS".
> >
> > There might be other yet-to-be-discovered speculative attacks that LASS
> > mitigates. Security features have to visible to userspace independently of
> > known vulnerabilities.
>
> ... and the fact that a vuln is being mitigated by stating that in
> /sys/devices/system/cpu/vulnerabilities/ needs to happen too.
>
> I'm not talking about LAM enablement - I'm talking about adding a
>
> SPECTRE_V1_MITIGATION_LASS
>
> and setting that when X86_FEATURE_LASS is set so that luserspace gets told
> that
>
> "Spectre V1 : Mitigation: LASS"
>
> or so.
>
> Makes more sense?
I meant this crap, ofc:
switch (bug) {
case X86_BUG_CPU_MELTDOWN:
if (boot_cpu_has(X86_FEATURE_PTI))
return sysfs_emit(buf, "Mitigation: PTI\n");
This should say "Mitigation: LASS" if LASS is enabled...
Which begs the question: how do LASS and PTI interact now?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
