On Wed, Jul 15, 2020 at 10:18:20AM -0700, Pawan Gupta wrote: > On Tue, Jul 14, 2020 at 05:51:30PM -0700, Sean Christopherson wrote: > > On Tue, Jul 14, 2020 at 02:20:59PM -0700, Dave Hansen wrote: > > > On 7/14/20 2:04 PM, Pawan Gupta wrote: > > > >> I see three inputs and four possible states (sorry for the ugly table, > > > >> it was this or a spreadsheet :): > > > >> > > > >> X86_FEATURE_VMX CONFIG_KVM_* hpage split Result Reason > > > >> N x x Not Affected No VMX > > > >> Y N x Not affected No KVM > > > > This line item is pointless, the relevant itlb_multihit_show_state() > > implementation depends on CONFIG_KVM_INTEL. The !KVM_INTEL version simply > > prints ""Processor vulnerable". > > While we are on it, for CONFIG_KVM_INTEL=n would it make sense to report "Not > affected(No KVM)"? "Processor vulnerable" is not telling much about the > mitigation. I know we don't care too much about out-of-tree hypervisors, but IMO stating "Not affected" is unnecessarily hostile and "Processor vulnerable" is an accurate statement.
