Comment # 7 on bug 1218231 from Dario Faggioli
FTR, my situation is as follows:

- I have "nx_huge_pages=off" on the command line
- Right after boot, I see:

> cat /sys/devices/system/cpu/vulnerabilities/itlb_multihit 
> KVM: Mitigation: VMX disabled

- Still, VMX is there (`lscpu|grep Flags|grep vmx`) and kvm_intel is loaded
- As soon as I start a KVM VM, I see:

> cat /sys/devices/system/cpu/vulnerabilities/itlb_multihit 
> KVM: Vulnerable

So, the first "VMX disabled", AFAIUI, only really means that VMX is not in use
at that time (e.g., there's no VM running!), not that it's really disabled. In
fact, you can start using it and you should get "KVM: Split huge pages".

I agree it's a bit confusing, but that's how it is right now. If we want it
differently, this should be changed in the kernel.


You are receiving this mail because: