You are not logged in.

#1 2020-03-17 19:46:53

klmp
Member
Registered: 2020-03-17
Posts: 2

iTLB multihit vulnerability - force mitigation ignored

Hello,

Both

lscpu

and

/sys/devices/system/cpu/vulnerabilities/itlb_multihit

concur that my system is

KVM: Vulnerable

I have added

kvm.nx_huge_pages=force

to the kernel parameters from grub on startup, but this did not affect the output of

lscpu

Am I doing something wrong, or is this mitigation just not available for my HW? And if the latter is a possibility, how can I tell? I haven't been able to find any more info than the one in kernel.org

Thanks for your time.

Offline

#2 2020-03-17 20:01:01

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: iTLB multihit vulnerability - force mitigation ignored

The kernel i.e. software mitigation does not change the fact, that your CPU, i.e. the hardware has this vulnerability.

Offline

#3 2020-03-17 20:05:29

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: iTLB multihit vulnerability - force mitigation ignored

The kvm module is not loaded which provides the mitigation but without the kvm module loaded KVM is not vulnerable as it is not usable.

Last edited by loqs (2020-03-17 21:08:49)

Offline

#4 2020-03-18 20:56:10

klmp
Member
Registered: 2020-03-17
Posts: 2

Re: iTLB multihit vulnerability - force mitigation ignored

Thanks for the answers.

Did more digging, turns out my CPU (Intel Pentium B960) is not even able to use KVM. And of course, the kvm module is not loaded.

I would expect cpuinfo to list it as "Not vulnerable". Unless there is some other way to use this iTLB vulnerability that I am not aware of?

Offline

#5 2020-03-18 21:16:14

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: iTLB multihit vulnerability - force mitigation ignored

klmp wrote:

Unless there is some other way to use this iTLB vulnerability that I am not aware of?

Theoretically it is not limited to KVM use see multihit.

Offline

Board footer

Powered by FluxBB