What is the difference between the IBRS suffix and no-suffix CPU models in QEMU? Which one should I choose?
Asked
Active
Viewed 1,315 times
1 Answers
3
The CPU model with the -IBRS suffix has Spectre V2 (CVE-2017-5715) mitigation turned on by default in the guest.
The CPU model without the suffix has the mitigation off by default.
Unless you have a specific, extremely compelling reason to not have this mitigation, you should always use the IBRS variant of the virtual CPU.
Michael Hampton
- 237,123
- 42
- 477
- 940
-
1Does this fix have any kind of impact on performances? – user2965433 Nov 11 '20 at 21:49
-
1@user2965433 There's the normal performance impact of Spectre mitigations. You can measure it if you really need to, but it should not be significant enough to bother. – Michael Hampton Nov 11 '20 at 21:53