Hello,
I followed the procedures to patch the Intel MDS family of bugs that were announced in VMSA-2019-0008. I executed the following steps:
Then, according to VMware Knowledge Base I should have every thing ready to provide hypervisor assited mitigation for Intel MDS to our virtual machines. In order to verify it, I choose one virtual machine with hardware profile greater than 9 (13) and shutdown-start it. I check the cpuid capabilities of the virtual machine:
cat vmware.log | grep "Capability Found: cpuid"
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.Intel = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.FCMD = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.LM = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.MWAIT = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.VMX = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSBD = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSSE3 = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSE3 = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.NX = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSE41 = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.AES = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.STIBP = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.PCLMULQDQ = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SS = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.POPCNT = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.DS = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.RDTSCP = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.LAHF64 = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.IBPB = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.CMPXCHG16B = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSE42 = 0x1
2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.IBRS = 0x1
However there is no "cpuid.MDCLEAR" that according to VMware Knowledge Base should appear if vmware is correctly patched for Intel MDS.
Any idea on what I am doing wrong?
Regards!
Christian
I'd try an additional step: Shutdown an ESXi server to complete power-off state. Deenergize the server (disconnect it from mains). Reconnect and power on. Sometimes this is the only way to refresh these extensions.
I've created a post with some troubleshooting steps for anyone else having this problem.
https://peterc.tech.blog/2020/04/10/vsphere-evc-and-mds-problems/