On Mon, May 1, 2023 at 7:07 PM Robert Hoo <robert.hoo.linux@xxxxxxxxx> wrote: > With regards to NX_hugepage, I see people dislike it [1][2][3], but on HW > with itlb_multihit, they've no choice but to use it to mitigate. I think it's safe to say that no one likes the NX-hugepage mitigation. It seems that we've gone to extremes to prevent this one specific DoS vector. Do we have confidence that we have comparable protection from *all* DoS vectors? If we let just one slip through, then there isn't much point in going crazy about others.
