https://bugzilla.suse.com/show_bug.cgi?id=1218231 https://bugzilla.suse.com/show_bug.cgi?id=1218231#c8 ell1e <el@horse64.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(el@horse64.org) | --- Comment #8 from ell1e <el@horse64.org> --- Can confirm the output makes more sense once actually launching a VM and then lists mitigations as expected, here's the output after I launched a VM: $ lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 39 bits physical, 48 bits virtual Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0,1 Off-line CPU(s) list: 2,3 Vendor ID: GenuineIntel Model name: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz CPU family: 6 Model: 78 Thread(s) per core: 1 Core(s) per socket: 2 Socket(s): 1 Stepping: 3 CPU(s) scaling MHz: 96% CPU max MHz: 2800.0000 CPU min MHz: 0.0000 BogoMIPS: 4801.00 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mc a cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_ tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cp l vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsav e avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb pti ssbd ibrs ibpb stibp tpr_shadow flexpriority e pt vpid ept_ad fsgsbase tsc_adjust sgx bmi1 avx2 smep b mi2 erms invpcid mpx rdseed adx smap clflushopt intel_p t xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pt s hwp hwp_notify hwp_act_window hwp_epp vnmi md_clear f lush_l1d arch_capabilities Virtualization features: Virtualization: VT-x Caches (sum of all): L1d: 64 KiB (2 instances) L1i: 64 KiB (2 instances) L2: 512 KiB (2 instances) L3: 3 MiB (1 instance) NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0,1 Vulnerabilities: Gather data sampling: Vulnerable: No microcode Itlb multihit: KVM: Mitigation: Split huge pages L1tf: Mitigation; PTE Inversion; VMX conditional cache flushe s, SMT disabled Mds: Mitigation; Clear CPU buffers; SMT disabled Meltdown: Mitigation; PTI Mmio stale data: Mitigation; Clear CPU buffers; SMT disabled Retbleed: Mitigation; IBRS Spec rstack overflow: Not affected Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Spectre v2: Mitigation; IBRS, IBPB conditional, RSB filling, PBRSB- eIBRS Not affected Srbds: Mitigation; Microcode Tsx async abort: Not affected There are two points that still confuse me: 1. The "gather data sampling" line looks surprising to me as well, doesn't OpenSUSE ship microcode updates or are they lacking behind a little? Or did intel just not care to address it? 1. Regarding this:
I agree it's a bit confusing, but that's how it is right now. If we want it differently, this should be changed in the kernel.
I think a less confusing wording would be "VMX unused" instead of "VMX disabled", while no VM is running and no mitigation active. -- You are receiving this mail because: You are on the CC list for the bug.