mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2026-06-06 22:53:03 +02:00
Stéphane Lesimple
1e33f40f0a
Inside a Xen PVH domU (and any guest where the kernel sets X86_FEATURE_HYPERVISOR), the kernel appends "; SMT Host state unknown" to the MDS/MMIO sysfs vuln string: the host controls SMT scheduling and the guest genuinely can't see it. The "SMT is either mitigated or disabled" check only matched 'SMT (disabled|mitigated)', so this read as "not mitigated" and --paranoid flipped the verdict to a misleading VULN "you must disable SMT (Hyper-Threading)". Make *_smt_mitigated a tri-state: 1 (disabled/mitigated), 0 (vulnerable), and 2 (host state unknown). In paranoid mode, when the in-guest mitigation is active but SMT host state is unknown, report UNK with an explanation that cross-thread protection depends on the hypervisor host's SMT/core-scheduling config, instead of VULN. PV DomUs (kernel reports "SMT vulnerable", no HYPERVISOR bit) are unchanged and still flagged.