docs: add note about stibp CPU feature for spectre v2

While the stibp CPU feature is not commonly used by guest OS for spectre
mitigation due to its performance impact, it is none the less best
practice to expose it to all guest OS. This allows the guest OS to
decide whether to make use or it.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190307121838.6345-3-berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>

1 files changed, 22 insertions, 0 deletions

diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
index 0ce528806d..23c11dc86f 100644
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@@ -168,6 +168,17 @@ Requires the host CPU microcode to support this feature before it
 can be used for guest CPUs.
 
 
+@item @code{stibp}
+
+Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
+operating systems.
+
+Must be explicitly turned on for all Intel CPU models.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
+
+
 @item @code{ssbd}
 
 Required to enable the CVE-2018-3639 fix
@@ -258,6 +269,17 @@ Requires the host CPU microcode to support this feature before it
 can be used for guest CPUs.
 
 
+@item @code{stibp}
+
+Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
+operating systems.
+
+Must be explicitly turned on for all AMD CPU models.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
+
+
 @item @code{virt-ssbd}
 
 Required to enable the CVE-2018-3639 fix