> On Tue, Feb 18, 2025 at 02:42:57PM +0000, Patrick Bellasi wrote: > > Maybe a small improvement we could add on top is to have a separate and > > dedicated cmdline option? > > > > Indeed, with `X86_FEATURE_SRSO_USER_KERNEL_NO` we are not effectively using an > > IBPB on VM-Exit anymore. Something like the diff down below? > > Except that I don't see the point of this yet one more cmdline option. Our > mitigations options space is a nightmare. Why do we want to add another one? The changelog of the following patch provides the motivations. Do you think something like the following self contained change can be added on top of your change? Best, Patrick ---
