The latest releases of Qubes (after 4.0) actually default to boot with smt=off so it was not vulnerable
in that context.
Are the performance trade-offs worth it to disable SMT(Hyperthreading)? Depends on your use case.
If you are a gamer, why do you even care about these attacks?
If you are a Qubes user, 1-10% performance drop for having reasonably better isolation is negligible.
Many setups who don’t care about those vulnerabilities, such as single user machines with high IO
disable all those recent flags altogether, with the following kernel boot flag:
nopti nospectre_v2 spectre_v2_user=off spec_store_bypass_disable=off l1tf=off
So the best thing you can do for yourself is benchmark the performance of the things you use,
and what matters more to you. Don’t trust all those online tests, they don’t show real life examples.