From 3980e7714f0c29c6aacdda9e4e2a06a4390f4554 Mon Sep 17 00:00:00 2001
From: alxndrv <>
Date: Wed, 12 Feb 2025 22:11:34 +0200
Subject: [PATCH] `lscpu`: Show CPU vulnerability mitigation info

---
 src/uu/lscpu/src/lscpu.rs | 11 +++++++++++
 src/uu/lscpu/src/sysfs.rs | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 src/uu/lscpu/src/sysfs.rs

diff --git a/src/uu/lscpu/src/lscpu.rs b/src/uu/lscpu/src/lscpu.rs
index 3150e53..4cd5647 100644
--- a/src/uu/lscpu/src/lscpu.rs
+++ b/src/uu/lscpu/src/lscpu.rs
@@ -15,6 +15,8 @@ mod options {
     pub const JSON: &str = "json";
 }
 
+mod sysfs;
+
 const ABOUT: &str = help_about!("lscpu.md");
 const USAGE: &str = help_usage!("lscpu.md");
 
@@ -126,6 +128,15 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
         cpu_infos.push(vendor_info);
     }
 
+    let vulns = sysfs::read_cpu_vulnerabilities();
+    if !vulns.is_empty() {
+        let mut vuln_info = CpuInfo::new("Vulnerabilities", "", None);
+        for vuln in vulns {
+            vuln_info.add_child(CpuInfo::new(&vuln.name, &vuln.mitigation, None));
+        }
+        cpu_infos.push(vuln_info);
+    }
+
     print_output(cpu_infos, output_opts);
 
     Ok(())
diff --git a/src/uu/lscpu/src/sysfs.rs b/src/uu/lscpu/src/sysfs.rs
new file mode 100644
index 0000000..62adc05
--- /dev/null
+++ b/src/uu/lscpu/src/sysfs.rs
@@ -0,0 +1,33 @@
+use std::fs;
+
+pub struct CpuVulnerability {
+    pub name: String,
+    pub mitigation: String,
+}
+
+pub fn read_cpu_vulnerabilities() -> Vec<CpuVulnerability> {
+    let mut out: Vec<CpuVulnerability> = vec![];
+
+    if let Ok(dir) = fs::read_dir("/sys/devices/system/cpu/vulnerabilities") {
+        let mut files: Vec<_> = dir
+            .flatten()
+            .map(|x| x.path())
+            .filter(|x| !x.is_dir())
+            .collect();
+
+        files.sort_by(|a, b| a.file_name().cmp(&b.file_name()));
+
+        for file in files {
+            if let Ok(content) = fs::read_to_string(&file) {
+                let name = file.file_name().unwrap().to_str().unwrap();
+
+                out.push(CpuVulnerability {
+                    name: (name[..1].to_uppercase() + &name[1..]).replace("_", " "),
+                    mitigation: content.trim().to_string(),
+                });
+            }
+        }
+    };
+
+    out
+}