Hey All A hopefully simple question: If a KVM Hypervisor is using a kernel that identifies itself as using "Full generic retpoline", does this mean that the hypervisor and other guests are safe from a malicious guest trying to exploit Spectre V2, even if we haven't updated our CPU microcode to support IBPB or IBRS? My confusion arrises from the Intel Retpoline PDF which states: "RET has this behavior on all processors which are based on the Intel® microarchitecture codename Broadwell and earlier when updated with the latest microcode." https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Branch-Target-Injection-Mitigation.pdf I understand that RET has nothing to do with IBPB or IBRS, but how do I know if my CPU has this RET behaviour that retpoline can make use of? Thanks
