IBRS suffix of CPU models in QEMU

Question

What is the difference between the IBRS suffix and no-suffix CPU models in QEMU? Which one should I choose?

score 3 · Accepted Answer · answered Nov 11 '20 at 21:34

3

The CPU model with the -IBRS suffix has Spectre V2 (CVE-2017-5715) mitigation turned on by default in the guest.

The CPU model without the suffix has the mitigation off by default.

Unless you have a specific, extremely compelling reason to not have this mitigation, you should always use the IBRS variant of the virtual CPU.

answered Nov 11 '20 at 21:34

Michael Hampton

1

Does this fix have any kind of impact on performances? – user2965433 Nov 11 '20 at 21:49
1

@user2965433 There's the normal performance impact of Spectre mitigations. You can measure it if you really need to, but it should not be significant enough to bother. – Michael Hampton Nov 11 '20 at 21:53

1 Answers1