On 5/6/2023 3:12 PM, zhuangel570 wrote:
The "never" parameter works for environments without ITLB MULTIHIT issue. But for vulnerable environments, should we prohibit users from turning off software mitigations? As for the nx_huge_page_recovery_thread worker thread, this is a solution to optimize software mitigation, maybe not needed in all cases. For example, on a vulnerable machine, software mitigations need to be enabled, but worker threads may not be needed when the VM determines that huge pages are not in use (not sure).
Then nx_hugepage is totally not needed:)
Do you think it is possible to introduce a new parameter to disable worker threads?
I suggest no. I would perceive this kthread as ingredient of nx_hugepage solution.
