Reinderien

Asked: 2021-08-02 13:10:05 +0800 CST2021-08-02 13:10:05 +0800 CST 2021-08-02 13:10:05 +0800 CST

If KVM is working, why does VMX show as disabled?

I have VT-x enabled in the BIOS. I'm running qemu/kvm/Manjaro. lscpu says

$ lscpu
Architecture:            x86_64
  Model name:            Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Flags: ... vmx ... 
Virtualization features:
  Virtualization:        VT-x
Vulnerabilities:         
  Itlb multihit:         KVM: Mitigation: VMX disabled

In addition,

$ sudo rdmsr -f 2:0 0x3A
5

which means that

The VMX configuration is locked
VMX is disabled in the SMX (“Safer Mode Extensions”) state
VMX is enabled outside of the SMX state

This answer gives me hope: if kvm loads, then VMX is working. Indeed, qemu with kvm as its accelerator works just fine (or at least seems to). So then why does it show VMX as being disabled for the purposes of the multihit vulnerability?

An example qemu run:

$ qemu-system-x86_64 -nographic -vga none -net none -nodefaults -machine q35 -accel kvm -cpu host -smp sockets=1,dies=1,cores=2,threads=2 -m 512M ...

QEMU 6.0.0 monitor - type 'help' for more information
(qemu) info kvm
info kvm
kvm support: enabled

The guest (pfSense, in this case) is running fine so far.

If KVM is working, why does VMX show as disabled?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

If KVM is working, why does VMX show as disabled?

0 Answers