Re: /sys/devices/system/cpu/vulnerabilities/ doesn't show all known CPU vulnerabilities

[Kernel User]

On Tue, 13 Aug 2019 23:21:15 +0200 Borislav Petkov wrote:

> You have to consider that some of those are addressed by a single
mitigation like MDS

That could be clarified like:

vulnerability1 - mitigation MDS
vulnerability2 - mitigation MDS
vulnerability3 - mitigation 3 (another mitigation)
...

> the mitigation for others like lazy FPU restore is not even present
> in /sys/devices/system/cpu/vulnerabilities/.

Then it could be a file with content saying "No mitigation".

> Also, depending on the CPU, some are not even affected.

That could say "Not affected" (which AFAIK is the case for some cases).

> So maintaining this in the kernel is unnecessary to say the least.

Knowing that there is no mitigation or that a CPU is not affected is
quite different from not knowing anything. So I don't see why you
conclude that knowledge is unnecessary.