IBRS suffix of CPU models in QEMU

user2965433 asked:

What is the difference between the IBRS suffix and no-suffix CPU models in QEMU?
Which one should I choose?

My answer:

The CPU model with the -IBRS suffix has Spectre V2 (CVE-2017-5715) mitigation turned on by default in the guest.

The CPU model without the suffix has the mitigation off by default.

Unless you have a specific, extremely compelling reason to not have this mitigation, you should always use the IBRS variant of the virtual CPU.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.