Meaning we basically have enabled INSIDE the GUEST:
* Hardware support (CPU microcode) for mitigation techniques
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: YES
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
and
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
TL;DR:
HOST MITIGATION FEATURES REPORT: /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 15
https:/
OLD QEMU GUEST MIT FEATURES REPORT: /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 16
https:/
NEW QEMU GUEST MIT FEATURES REPORT: /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 17
https:/
MIT FEATURES REPORT DELTA FROM OLD TO NEW: /bugs.launchpad .net/intel/ +bug/1828495/ comments/ 18
https:/
Meaning we basically have enabled INSIDE the GUEST:
* Hardware support (CPU microcode) for mitigation techniques
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: YES
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): YES
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO
and
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO