VMware Cloud Community
socbizkaia
Contributor
Contributor
‎06-05-2019 02:51 AM

No cpuid.MDCLEAR capability found after patching for Intel MDS

Hello,

I followed the procedures to patch the Intel MDS family of bugs that were announced in VMSA-2019-0008​. I executed the following steps:

  1. patch vcenter to the latest 6.5 version: 6.5.0.24100 Build Number 13834586
  2. patch all the ESXi 6.5 servers to the latest version: VMware ESXi, 6.5.0, 13635690
  3. ensure that all the ESXi 6.5 severs had enabled the hyperthreading mitigation (previously applied due to L1TF bug): VMkernel.Boot.hyperthreadingMitigation  = true.

Then, according to VMware Knowledge Base I should have every thing ready to provide hypervisor assited mitigation for Intel MDS to our virtual machines. In order to verify it, I choose one virtual machine with hardware profile greater than 9 (13) and shutdown-start it. I check the cpuid capabilities of the virtual machine:

cat vmware.log  | grep "Capability Found: cpuid"

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.Intel = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.FCMD = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.LM = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.MWAIT = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.VMX = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSBD = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSSE3 = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSE3 = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.NX = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSE41 = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.AES = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.STIBP = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.PCLMULQDQ = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SS = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.POPCNT = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.DS = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.RDTSCP = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.LAHF64 = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.IBPB = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.CMPXCHG16B = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.SSE42 = 0x1

2019-06-04T07:04:42.330Z| vmx| I125: Capability Found: cpuid.IBRS = 0x1

However there is no "cpuid.MDCLEAR" that according to VMware Knowledge Base should appear if vmware is correctly patched for Intel MDS.

Any idea on what I am doing wrong?

Regards!

Christian

0 Kudos
2 Replies
daphnissov
Immortal
Immortal
‎06-09-2019 06:59 AM

I'd try an additional step: Shutdown an ESXi server to complete power-off state. Deenergize the server (disconnect it from mains). Reconnect and power on. Sometimes this is the only way to refresh these extensions.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
PeterCr
Enthusiast
Enthusiast
‎04-09-2020 09:36 PM

I've created a post with some troubleshooting steps for anyone else having this problem.

https://peterc.tech.blog/2020/04/10/vsphere-evc-and-mds-problems/

0 Kudos