On Thu, Mar 23, 2023, Huang, Kai wrote: > On Thu, 2023-03-23 at 07:20 -0700, Sean Christopherson wrote: > > On Thu, Mar 23, 2023, lirongqing@xxxxxxxxx wrote: > > > From: Li RongQing <lirongqing@xxxxxxxxx> > > > > > > if CPU has not X86_BUG_ITLB_MULTIHIT bug, kvm-nx-lpage-re kthread > > > is not needed to create > > > > Unless userspace forces the mitigation to be enabled, which can be done while KVM > > is running. � > > > > Wondering why does userspace want to force the mitigation to be enabled if CPU > doesn't have such bug? It's definitely useful for testing, but the real motivation is so that the mitgation can be enabled without a kernel reboot (or reloading KVM), i.e. without having to drain VMs off the host, if it turns out that the host CPU actually is vulnerable. I.e. to guard against "Nope, not vulnerable! Oh, wait, just kidding!".
