Comment # 10 on bug 1227900 from Fabian Vogt 
I switched to another affected host which is currently not used in production,
so I don't have to be as careful with tests ;-)

I installed kernel 6.10.0 from Kernel:stable:Backport and latest
ucode-amd-20240712 and when booting that, the warning is gone from the host
dmesg:

openqaworker28:~ # journalctl -b | grep -E 'Mitigation|micro'
Jul 17 08:27:54 openqaworker28 kernel: Spectre V1 : Mitigation: usercopy/swapgs
barriers and __user pointer sanitization
Jul 17 08:27:54 openqaworker28 kernel: Spectre V2 : Mitigation: Retpolines
Jul 17 08:27:54 openqaworker28 kernel: Spectre V2 : User space: Mitigation:
STIBP always-on protection
Jul 17 08:27:54 openqaworker28 kernel: Speculative Store Bypass: Mitigation:
Speculative Store Bypass disabled via prctl
Jul 17 08:27:54 openqaworker28 kernel: Speculative Return Stack Overflow:
Mitigation: Safe RET
Jul 17 08:27:54 openqaworker28 kernel: microcode: Current revision: 0x0a001238
Jul 17 08:27:54 openqaworker28 kernel: microcode: Updated early from:
0x0a001229

FTR, with the 15.5 kernel the messages were:

openqaworker28:~ # journalctl -b -1 | grep -E 'Mitigation|micro'
Jul 17 08:20:16 openqaworker28 kernel: Spectre V1 : Mitigation: usercopy/swapgs
barriers and __user pointer sanitization
Jul 17 08:20:16 openqaworker28 kernel: Spectre V2 : Mitigation: Retpolines
Jul 17 08:20:16 openqaworker28 kernel: Spectre V2 : User space: Mitigation:
STIBP always-on protection
Jul 17 08:20:16 openqaworker28 kernel: Speculative Store Bypass: Mitigation:
Speculative Store Bypass disabled via prctl and seccomp
Jul 17 08:20:16 openqaworker28 kernel: Speculative Return Stack Overflow:
IBPB-extending microcode not applied!
Jul 17 08:20:16 openqaworker28 kernel: Speculative Return Stack Overflow:
Mitigation: Safe RET
Jul 17 08:20:16 openqaworker28 kernel: microcode: microcode updated early to
new patch_level=0x0a001238
Jul 17 08:20:16 openqaworker28 kernel: microcode: CPU0: patch_level=0x0a001238
...

However, booting a TW VM on this host still causes the warning to appear
inside.

You are receiving this mail because: