You are not logged in.
Hello,
Both
lscpu
and
/sys/devices/system/cpu/vulnerabilities/itlb_multihit
concur that my system is
KVM: Vulnerable
I have added
kvm.nx_huge_pages=force
to the kernel parameters from grub on startup, but this did not affect the output of
lscpu
Am I doing something wrong, or is this mitigation just not available for my HW? And if the latter is a possibility, how can I tell? I haven't been able to find any more info than the one in kernel.org
Thanks for your time.
Offline
The kernel i.e. software mitigation does not change the fact, that your CPU, i.e. the hardware has this vulnerability.
Offline
The kvm module is not loaded which provides the mitigation but without the kvm module loaded KVM is not vulnerable as it is not usable.
Last edited by loqs (2020-03-17 21:08:49)
Offline
Thanks for the answers.
Did more digging, turns out my CPU (Intel Pentium B960) is not even able to use KVM. And of course, the kvm module is not loaded.
I would expect cpuinfo to list it as "Not vulnerable". Unless there is some other way to use this iTLB vulnerability that I am not aware of?
Offline
Unless there is some other way to use this iTLB vulnerability that I am not aware of?
Theoretically it is not limited to KVM use see multihit.
Offline