https://bugzilla.suse.com/show_bug.cgi?id=1218231 https://bugzilla.suse.com/show_bug.cgi?id=1218231#c7 --- Comment #7 from Dario Faggioli <dfaggioli@suse.com> --- FTR, my situation is as follows: - I have "nx_huge_pages=off" on the command line - Right after boot, I see:
cat /sys/devices/system/cpu/vulnerabilities/itlb_multihit KVM: Mitigation: VMX disabled
- Still, VMX is there (`lscpu|grep Flags|grep vmx`) and kvm_intel is loaded - As soon as I start a KVM VM, I see:
cat /sys/devices/system/cpu/vulnerabilities/itlb_multihit KVM: Vulnerable
So, the first "VMX disabled", AFAIUI, only really means that VMX is not in use at that time (e.g., there's no VM running!), not that it's really disabled. In fact, you can start using it and you should get "KVM: Split huge pages". I agree it's a bit confusing, but that's how it is right now. If we want it differently, this should be changed in the kernel. -- You are receiving this mail because: You are on the CC list for the bug.