From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B79F6C7115B for ; Mon, 23 Jun 2025 13:42:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 487E96B00A2; Mon, 23 Jun 2025 09:42:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 438586B00BA; Mon, 23 Jun 2025 09:42:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 326B16B00BB; Mon, 23 Jun 2025 09:42:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 1C8446B00A2 for ; Mon, 23 Jun 2025 09:42:58 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id ACBE61039EE for ; Mon, 23 Jun 2025 13:42:57 +0000 (UTC) X-FDA: 83586781194.13.F657A84 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) by imf06.hostedemail.com (Postfix) with ESMTP id 05EFD180012 for ; Mon, 23 Jun 2025 13:42:54 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=YQSdNa7A; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf06.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 198.175.65.12) smtp.mailfrom=kirill.shutemov@linux.intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750686175; a=rsa-sha256; cv=none; b=Hq5jvBj76TQWBryX+MkToAYXTrrfCp1NObBK8ByqkzAA/qm01KxwNj6BJAR6esZl9HjNJd sCrB7GFEfvt5j0GZcq8fdmtn15D2mU6jY0eXja2A67R77vfOjMx0BJYt+1vM+yockDF7Gl 7wKb07xFFptim5REWyyVU2g7EULKt6w= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=YQSdNa7A; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf06.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 198.175.65.12) smtp.mailfrom=kirill.shutemov@linux.intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750686175; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=puM7ZEF+ykp2iLBZdvc+UxbMu3wRY9TFHy9kRgjgIok=; b=ka3ZegleESPbKsEJxbu75ta34RLyoDsN0lR9nNXGRLTIKiUmzwOyQkfgSAq6/M+BRs9g/I GNEPxRav03xBXdzbqFHq2jTn0GkSxLqrCXVaPt2zSeTmmN5LVlMyc1LRU0ewqEZFORoWvD QpBg66vhlFOsWcuRYbu4WN10Hxn6l0g= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750686175; x=1782222175; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=N/wybOTy4smjB16l7nsGvyZZFI/vEE7f4zQ+AuUb+fM=; b=YQSdNa7ArIa8/u+Di8H6PZZZm0G/fZNl0KfHZgCQat3WMHa4dbKCbgQs UWpNtiFvGkW6ejLeyEThY5QnDISfU+cjNc1WevnmVNcFZG6OX1i21mJq3 0FoVndkrZudpjU9Z/PpIp9GmZKLlkiWi4ArI7rrZgYT4kV+ORxuEUEQNA Wc2VYVPhpchf6ODlo/cdl4T2E2q41hjJBZV7oJETKQmbIihrndh+MC8Rh IynwEmhvX1gKOE3xAfJ36uU22bSwVNIUDL9Va1FbCkgGYrbDgf+Asl5L/ Dr2mhhHTzQNqAoIG+RCJ8U08+cLcRtVvZozkb07miNSNRYqzkI37FI/qF A==; X-CSE-ConnectionGUID: NCrRJv3SRl2i6uQ3dugYbw== X-CSE-MsgGUID: oMpBvIOUQMa22YrDU7ixJQ== X-IronPort-AV: E=McAfee;i="6800,10657,11473"; a="64325171" X-IronPort-AV: E=Sophos;i="6.16,258,1744095600"; d="scan'208";a="64325171" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2025 06:42:54 -0700 X-CSE-ConnectionGUID: sWHx9E82TwqF7r/zmduUmw== X-CSE-MsgGUID: A5WspalTSpmZe+o8bh522g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,258,1744095600"; d="scan'208";a="152286392" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa010.fm.intel.com with ESMTP; 23 Jun 2025 06:42:42 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 2FACC108; Mon, 23 Jun 2025 16:42:41 +0300 (EEST) Date: Mon, 23 Jun 2025 16:42:41 +0300 From: "Kirill A. Shutemov" To: Borislav Petkov Cc: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin , Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, Yian Chen Subject: Re: [PATCHv6 01/16] x86/cpu: Enumerate the LASS feature bits Message-ID: References: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> <20250620135325.3300848-2-kirill.shutemov@linux.intel.com> <20250620163504.GCaFWNuI-8QFqAM0yI@fat_crate.local> <6y2iqv6c2idn7yebaec7tyhzl5zcsrwqq4lcsokumlqeophzaf@ljnmxorblgcj> <20250620182943.GDaFWolxhwogB2tTxb@fat_crate.local> <20250623102105.GCaFkqkatFSbyl1YeN@fat_crate.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250623102105.GCaFkqkatFSbyl1YeN@fat_crate.local> X-Rspam-User: X-Rspamd-Queue-Id: 05EFD180012 X-Rspamd-Server: rspam10 X-Stat-Signature: au4n9at534jem6do9msohdra51ed6dqr X-HE-Tag: 1750686174-459668 X-HE-Meta: U2FsdGVkX1/zcduwi2KrqU/y0wD3GlvYfj7jnS+FiNO4V56wmd18wpNnxBCCoctfO8TiX5/9uYec7zKE9nA9Jg8dlBRLnd3DN6CRI66WVi7mY4rQhNUfUtHbnZ72CVB5PxPWryyjqmzmxrI6BIA9Ny+vtexzmyL5b0dnq4qVHwUZohbAYQ4B6Ro8lwrnovw1kkYlEkSOUmiGF3/Gzhqhz9o2omWYAFUPz/m6FoSOCUVKR8mzZ2yoy9qx01qWKw3YJ2F4yQyejP4pAygWBy7Idx7Yxfr79BKQCJTx+8lytHyxeyFH+UzKq+L/wTLsgkjsJYujl4m990as/s8HQSZ3OBgew1BnWpaHRm03ilaq59BJdq8ijJu5L7DVYbf8srS0a/Kd38ws0yrNGfqM2qNT4ICagtb1txSfo+TpFD+4WHRcjqNeSso7qg+aBu4GtTO1fK8JZvY6KsdVtWynUFZ9x3AtfxI4OAj08aCvcoeSUmyPM+bYw7GI0nDD/uczgy6tHxrct2Gy/6Y0PE7EJZdOdhRE3XpGjHlDYYk2BMUACEPs5mgDdGR/BzAsyNcY+3PUx2Cyxz4dMxXuhJ/vu4K7X9YSmN78kPdZmt+uOnj7B3V06v81E/fHHWtnY7DqyfBowBjOCWya54VWFERfGA5RQqwgTnr44ustEuivgsIf2IZw4C05PAqVai/ax3SSWTpfgs+bTTLmaRm6UZzycflLPRvbZzKHAHCGLRt4B9MHSBCYIgEOHqo+GntLhtABg02gAITrRoEBhDj3XTmymw0KVzfpQjpTOO6lZ707vX/nHlRrF4nVMsbGD5k9vv/Sd8V4TLFV9I0raiYCZz8bgfSG+GLLsiM7KxtmLCPqYrcR7Xop552Nkvz0M93chLSC6LmNk9LRNmsrMVF2AtlX6uOStuJfrZ/0y+VTRrcK5ZlXxkv9DxDgzfRlMgSMw8fDU3NZ4PoWYWw8OLWx1N0b48q duSgTwSi Z7tp6nAGuD5h9l4WK5unvgzUOWxgTWdhZ9Anp5I6WyMf0XljbJUpl/sfBPv66fYvlofjnB7M98G7UEHH9l3hn1NfsEtc/AACVbv3k3p/jhnDAqb+JgaX84u9RtYtNn+QqlYYm/KXsZdEg/EiowbCvFNe5Us9n42x/OTO4ia7NzNzK6JlHNFwqnbuNhvtbQwzhpWpS5sUZ8Lbgf6bi9Qe1yrMfPETBhJWiWEuYL6jQ340YVtPl+c//3W154QFPBt1DWyPx+zs8GFUPLRU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jun 23, 2025 at 12:21:05PM +0200, Borislav Petkov wrote: > On Mon, Jun 23, 2025 at 11:17:02AM +0300, Kirill A. Shutemov wrote: > > What about this: > > > > LASS provides protection against a class of speculative attacks, such as > > SLAM[1]. Add the "lass" flag to /proc/cpuinfo to indicate that the feature > > is supported by hardware and enabled by the kernel. This allows userspace > > to determine if the setup is secure against such attacks. > > Yeah, thanks. > > I'm still not fully on board with userspace determining whether they're > mitigated or not but that's a general problem with our mitigations. > > Also, I haven't looked at the patchset yet but I think it should be also > adding code to bugs.c to make all those vulns which it addresses, report that > they're mitigated by LASS now in > > grep -r . /sys/devices/system/cpu/vulnerabilities/ > > output. > > Which makes your cpuinfo flag not really needed as we already have a special > method for the mitigations reporting. > > But ok, it has gotten kernel enablement so stating so in cpuinfo is ok. Due to SLAM, we decided to postpone LAM enabling, until LASS is landed. I am not sure if we want to add static /sys/devices/system/cpu/vulnerabilities/slam with "Mitigation: LASS". There might be other yet-to-be-discovered speculative attacks that LASS mitigates. Security features have to visible to userspace independently of known vulnerabilities. -- Kiryl Shutsemau / Kirill A. Shutemov