Why does vmware guest running on Intel CPU like Broadwell and Haswell show as Affected by RETBleed?
Issue
- Why does VMware guests running on Intel CPU, like Broadwell and Haswell cpu's, show as Affected by RETBleed?
# cat /sys/devices/system/cpu/vulnerabilities/retbleed
Mitigation: IBRS
- Why physical server running same CPU model of Intel CPU, like Broadwell and Haswell cpu's family, show RETBleed as
Not Affectedbut virtual machines running on VMware ESX show it as vulnerable?
OUTPUT FROM PHYSICAL SERVER
***************************
# lscpu
CPU(s): 16
On-line CPU(s) list: 0-15
Thread(s) per core: 2
Core(s) per socket: 8
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 79
Model name: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
Stepping: 1
NUMA node0 CPU(s): 0-15
# cat /sys/devices/system/cpu/vulnerabilities/retbleed
Not affected
OUTPUT FROM VMWARE GUEST WITH SAME CPU MODEL
********************************************
# lscpu
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 79
Model name: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz <--- [same cpu model]
Stepping: 1
Hypervisor vendor: VMware <---
Virtualization type: full <---
NUMA node0 CPU(s): 0-3
# cat /sys/devices/system/cpu/vulnerabilities/retbleed
Mitigation: IBRS
- After updating to kernel from CVE-2022-29901, there is noticeable performance issue with updated kernel having retbleed mitigation on VMware guest, even though same kernel on physical server having same cpu model does not show any performance impact. Why?
Environment
- Red Hat Enterprise Linux 7.
- Red Hat Enterprise Linux 8.
- Red Hat Enterprise Linux 9.
- kernel version listed in CVE-2022-29901 or higher.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
