Hi,

with regards Intels L1TF vulnerabilities, it seems they are somewhat non-committal on whether turning off HyperThreading is required, suggesting people

Consult with your hypervisor vendor for more guidance.

What is the consensus in the Libvirt community about the risks (or not) of leaving Hyperthreading enabled?  After updates my hosts are showing they have conditional cache flushing enabled yet still report as "SMT vulnerable":

root@trk-kvm-03:~# cat /sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable

Thoughts?