(I've also posted this to the KVM mailing list) Hey All
A hopefully simple question: If a KVM Hypervisor is using a kernel that identifies itself as using "Full generic retpoline", does this mean that the hypervisor and other guests are safe from a malicious guest trying to exploit Spectre V2, even if we haven't updated our CPU microcode to support IBPB or IBRS? My confusion arrises from the Intel Retpoline PDF which states: "RET has this behavior on all processors which are based on the Intel=C2=AE microarchitecture codename Broadwell and earlier when updated with the latest microcode." https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Br= anch-Target-Injection-Mitigation.pdf I understand that RET has nothing to do with IBPB or IBRS, but how do I know if my CPU has this RET behaviour that retpoline can make use of? Thanks
