On Thu, 2023-03-23 at 15:40 -0700, Sean Christopherson wrote: > On Thu, Mar 23, 2023, Huang, Kai wrote: > > On Thu, 2023-03-23 at 07:20 -0700, Sean Christopherson wrote: > > > On Thu, Mar 23, 2023, lirongqing@xxxxxxxxx wrote: > > > > From: Li RongQing <lirongqing@xxxxxxxxx> > > > > > > > > if CPU has not X86_BUG_ITLB_MULTIHIT bug, kvm-nx-lpage-re kthread > > > > is not needed to create > > > > > > Unless userspace forces the mitigation to be enabled, which can be done while KVM > > > is running. � > > > > > > > Wondering why does userspace want to force the mitigation to be enabled if CPU > > doesn't have such bug? > > It's definitely useful for testing, but the real motivation is so that the > mitgation can be enabled without a kernel reboot (or reloading KVM), i.e. without > having to drain VMs off the host, if it turns out that the host CPU actually is > vulnerable. I.e. to guard against "Nope, not vulnerable! Oh, wait, just kidding!". Never thought about this case. Thanks!
