2

What is the difference between the IBRS suffix and no-suffix CPU models in QEMU? Which one should I choose?

user2965433
  • 180
  • 9

1 Answers1

3

The CPU model with the -IBRS suffix has Spectre V2 (CVE-2017-5715) mitigation turned on by default in the guest.

The CPU model without the suffix has the mitigation off by default.

Unless you have a specific, extremely compelling reason to not have this mitigation, you should always use the IBRS variant of the virtual CPU.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940