MX Linux Forum

Support for MX and antiX Linux distros
http://www.forum.mxlinux.org/

KVM: My Processor had Disabled Virtualization features / Vulnerabilities

http://www.forum.mxlinux.org/viewtopic.php?t=78780

Page 1 of 1

KVM: My Processor had Disabled Virtualization features / Vulnerabilities

Posted: Sun Jan 07, 2024 9:03 pm
by nasheayahu
Before installing KVM, I wanted to know based on my Processor in the Virtualization features / Vulnerabilities,

Code: Select all

Architecture:            x86_64
  CPU op-mode(s):        32-bit, 64-bit
  Address sizes:         39 bits physical, 48 bits virtual
  Byte Order:            Little Endian
CPU(s):                  8
  On-line CPU(s) list:   0-7
Vendor ID:               GenuineIntel
  BIOS Vendor ID:        Intel(R) Corporation
  Model name:            Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz
    BIOS Model name:     Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz To Be Filled By O.E.M. CPU @ 2.9GHz
    BIOS CPU family:     198
    CPU family:          6
    Model:               158
    Thread(s) per core:  1
    Core(s) per socket:  8
    Socket(s):           1
    Stepping:            13
    CPU(s) scaling MHz:  17%
    CPU max MHz:         4700.0000
    CPU min MHz:         800.0000
    BogoMIPS:            6000.00
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc ar
                         t arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid 
                         sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault invpcid_single ssbd ibrs ibpb stibp ibrs_enhanc
                         ed tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1
                          xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
Virtualization features: 
  Virtualization:        VT-x
Caches (sum of all):     
  L1d:                   256 KiB (8 instances)
  L1i:                   256 KiB (8 instances)
  L2:                    2 MiB (8 instances)
  L3:                    12 MiB (1 instance)
NUMA:                    
  NUMA node(s):          1
  NUMA node0 CPU(s):     0-7
Vulnerabilities:         
  Gather data sampling:  Mitigation; Microcode
  Itlb multihit:         KVM: Mitigation: VMX disabled
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Mmio stale data:       Mitigation; Clear CPU buffers; SMT disabled
  Retbleed:              Mitigation; Enhanced IBRS
  Spec rstack overflow:  Not affected
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:            Mitigation; Enhanced IBRS, IBPB conditional, RSB filling, PBRSB-eIBRS SW sequence
  Srbds:                 Mitigation; Microcode
  Tsx async abort:       Mitigation; TSX disabled
do I need to enable and / or how do I enable the three disabled features?

Re: KVM: My Processor had Disabled Virtualization features / Vulnerabilities

Posted: Sun Jan 07, 2024 9:59 pm
by CharlesV
You enable Virtualization in your bios.

Re: KVM: My Processor had Disabled Virtualization features / Vulnerabilities

Posted: Sun Jan 07, 2024 10:16 pm
by nasheayahu
CharlesV wrote: Sun Jan 07, 2024 9:59 pm You enable Virtualization in your bios.
Oh yes I know, but I was referring to these Vulnerabilities,

Code: Select all

Itlb multihit:         KVM: Mitigation: VMX disabled
Mmio stale data:       Mitigation; Clear CPU buffers; SMT disabled
Tsx async abort:       Mitigation; TSX disabled
is this because my processor does not have these features to be protected or I do have them and they need to be enabled?

Re: KVM: My Processor had Disabled Virtualization features / Vulnerabilities

Posted: Sun Jan 07, 2024 10:22 pm
by CharlesV
I have that same processor, but the K model and I dont see anything like that.

What command are you running to get that list?

And as far as I can see, they are all saying disabled, so I would check in your bios.

Re: KVM: My Processor had Disabled Virtualization features / Vulnerabilities

Posted: Sun Jan 07, 2024 10:40 pm
by nasheayahu
CharlesV wrote: Sun Jan 07, 2024 10:22 pm What command are you running to get that list?
ran lscpu for the info....
CharlesV wrote: Sun Jan 07, 2024 10:22 pm And as far as I can see, they are all saying disabled, so I would check in your bios.
okay, will take a look.....

Re: KVM: My Processor had Disabled Virtualization features / Vulnerabilities

Posted: Sun Jan 07, 2024 10:43 pm
by CharlesV
as a comparison here is mine:

Code: Select all


$ lscpu
Architecture:                       x86_64
CPU op-mode(s):                     32-bit, 64-bit
Byte Order:                         Little Endian
Address sizes:                      39 bits physical, 48 bits virtual
CPU(s):                             4
On-line CPU(s) list:                0-3
Thread(s) per core:                 1
Core(s) per socket:                 4
Socket(s):                          1
Vendor ID:                          GenuineIntel
CPU family:                         6
Model:                              158
Model name:                         Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Stepping:                           13
CPU MHz:                            3600.044
BogoMIPS:                           7200.08
Hypervisor vendor:                  KVM
Virtualization type:                full
L1d cache:                          128 KiB
L1i cache:                          128 KiB
L2 cache:                           1 MiB
L3 cache:                           48 MiB
Vulnerability Gather data sampling: Unknown: Dependent on hypervisor status
Vulnerability Itlb multihit:        KVM: Mitigation: VMX unsupported
Vulnerability L1tf:                 Mitigation; PTE Inversion
Vulnerability Mds:                  Mitigation; Clear CPU buffers; SMT Host state unknown
Vulnerability Meltdown:             Mitigation; PTI
Vulnerability Mmio stale data:      Mitigation; Clear CPU buffers; SMT Host state unknown
Vulnerability Retbleed:             Vulnerable
Vulnerability Spec rstack overflow: Not affected
Vulnerability Spec store bypass:    Vulnerable
Vulnerability Spectre v1:           Mitigation; usercopy/swapgs barriers and __user pointer sanitiza
                                    tion
Vulnerability Spectre v2:           Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS
                                     Not affected
Vulnerability Srbds:                Unknown: Dependent on hypervisor status
Vulnerability Tsx async abort:      Not affected
Flags:                              fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pa
                                    t pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm consta
                                    nt_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq 
                                    pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 movbe popcnt aes xsa
                                    ve avx rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_singl
                                    e pti fsgsbase bmi1 avx2 bmi2 invpcid rdseed clflushopt md_clear
                                     flush_l1d arch_capabilities

Re: KVM: My Processor had Disabled Virtualization features / Vulnerabilities  [Solved]

Posted: Sun Jan 07, 2024 10:45 pm
by nasheayahu
Just found the answer stating,
They are not disabled, the ‘Mitigation’ is to disable those in the BIOS.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited