[libvirt-users] Intel's latest L1TF vulnerability and libvirt

Hi, with regards Intels L1TF vulnerabilities, it seems they are somewhat non-committal on whether turning off HyperThreading is required, suggesting people https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.... What is the consensus in the Libvirt community about the risks (or not) of leaving Hyperthreading enabled?  After updates my hosts are showing they have conditional cache flushing enabled yet still report as "SMT vulnerable": root@trk-kvm-03:~# cat /sys/devices/system/cpu/vulnerabilities/l1tf Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable Thoughts? -- *Paul O'Rorke* *Tracker Software Products (Canada) Limited * www.tracker-software.com <http://www.tracker-software.com/> Tel: +1 (250) 324 1621 Fax: +1 (250) 324 1623 <http://www.tracker-software.com/> Support: http://www.tracker-software.com/support Download latest Releases http://www.tracker-software.com/downloads/