On 10/16/23 06:27, Michael Roth wrote: > Without SEV-SNP, Automatic IBRS protects only the kernel. But when > SEV-SNP is enabled, the Automatic IBRS protection umbrella widens to all > host-side code, including userspace. This protection comes at a cost: > reduced userspace indirect branch performance. > > To avoid this performance loss, don't use Automatic IBRS on SEV-SNP > hosts. Fall back to retpolines instead. Thanks for the updated changelog: Acked-by: Dave Hansen <dave.hansen@xxxxxxxxx> BTW, have you given your hardware folks a hard time about this? It seems _kinda_ silly to be using retpolines when the hardware has a perfectly good IBRS implementation for the kernel. Just please make sure there's a good underlying reason for this behavior and as opposed to being some kind of inadvertent side effect. I assume Auto-IBRS and SEV-SNP are going to be with us for a long time, so it would be nice to have a long term solution here.
