(I've also posted this to the KVM mailing list)

Hey All

A hopefully simple question:

If a KVM Hypervisor is using a kernel that identifies itself as using
"Full generic retpoline", does this mean that the hypervisor and other
guests are safe from a malicious guest trying to exploit Spectre V2,
even if we haven't updated our CPU microcode to support IBPB or IBRS?

My confusion arrises from the Intel Retpoline PDF which states:
"RET has this behavior on all processors which are based on the Intel=C2=AE
microarchitecture codename Broadwell and earlier when updated with the
latest microcode."

https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Br=
anch-Target-Injection-Mitigation.pdf

I understand that RET has nothing to do with IBPB or IBRS, but how do
I know if my CPU has this RET behaviour that retpoline can make use
of?

Thanks

Reply via email to