https://bugzilla.suse.com/show_bug.cgi?id=1227900 https://bugzilla.suse.com/show_bug.cgi?id=1227900#c2 --- Comment #2 from Nikolay Borisov <nik.borisov@suse.com> --- The timing of those printk's can't be trusted. The early microcode patcher is being run right after the kernel has been loaded from

x86_64_start_kernel -> load_ucode_bsp

While the mitigation related code gets executed from :

arch_cpu_finalize_init -> cpu_select_mitigations -> ssb_select_mitigation

And the default (if seccomp is not compiled) is to use the prctl bypass. So the only worrying thing here would be the ibpb-related warn about using microcode that fixes the rstack vulnerability. According to the AMD security bulletin https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html the require microcode for AMD MILAN (which this Epyc seems to be is): Milan B0 – 0x0A001079 Milan B1 – 0x0A0011CF or 0x0A0011D1 -- You are receiving this mail because: You are the assignee for the bug.