[Qemu-discuss] KVM without microcode

qemu-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-discuss] KVM without microcode

From:	JT
Subject:	[Qemu-discuss] KVM without microcode
Date:	Wed, 11 Apr 2018 20:08:57 +0100

(I've also posted this to the KVM mailing list)

Hey All

A hopefully simple question:

If a KVM Hypervisor is using a kernel that identifies itself as using
"Full generic retpoline", does this mean that the hypervisor and other
guests are safe from a malicious guest trying to exploit Spectre V2,
even if we haven't updated our CPU microcode to support IBPB or IBRS?

My confusion arrises from the Intel Retpoline PDF which states:
"RET has this behavior on all processors which are based on the Intel=C2=AE
microarchitecture codename Broadwell and earlier when updated with the
latest microcode."

https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Br=
anch-Target-Injection-Mitigation.pdf

I understand that RET has nothing to do with IBPB or IBRS, but how do
I know if my CPU has this RET behaviour that retpoline can make use
of?

Thanks

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-discuss] KVM without microcode, JT, 2018/04/11
- Re: [Qemu-discuss] KVM without microcode, Jakob Bohm, 2018/04/12
- [Qemu-discuss] KVM without microcode, JT <=

Prev by Date: [Qemu-discuss] KVM without microcode
Next by Date: Re: [Qemu-discuss] How to run qemu with -nographic and -monitor but still be able to send Ctrl+C to the guest?
Previous by thread: Re: [Qemu-discuss] KVM without microcode
Next by thread: [Qemu-discuss] Ivshmem
Index(es):
- Date
- Thread