Metrics for kernel vulnerabilities

[bobrik]

Newer kernels have this:

$ ls /sys/devices/system/cpu/vulnerabilities
meltdown  spectre_v1  spectre_v2

$ cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI

I wonder if we should export these as metrics in node_exporter:

node_kernel_vulnerabilities{name="meltdown", value="Mitigation: PTI"} 1

[discordianfish]

Seems reasonable feature request. But parsing of this should go into procfs.

[knweiss]

Side note: spectre-meltdown-checker has a --batch prometheus option and is able to export the kernel Spectre/Meltdown vulnerability status via node-exporter's textfile collector. Example.

[palash25]

hi i was looking to contribute and just wanted to know is this still a valid feature request? as i see the vulnerability parsing code was added to procfs https://github.com/prometheus/procfs/pull/190/files but the CPUVulnerabilities() method is not used anywhere in node_exporter, is there a reason for not using it? and is this issue still up for grabs?

[discordianfish]

@palash25 Unless I missed some open PR, yeah a PR to add a collector for this here is very welcome!