What is the difference between the IBRS suffix and no-suffix CPU models in QEMU?
Which one should I choose?
The CPU model with the -IBRS suffix has Spectre V2 (CVE-2017-5715) mitigation turned on by default in the guest.
The CPU model without the suffix has the mitigation off by default.
Unless you have a specific, extremely compelling reason to not have this mitigation, you should always use the IBRS variant of the virtual CPU.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.