On Wed, Feb 26, 2025 at 07:51:08PM +0000, Yosry Ahmed wrote:
> To add more details about this, we are using ASI as our main mitigation
> for SRSO. However, it's likely that bp-spec-reduce is cheaper, so we
> basically want to always use bp-spec-reduce if available, if not, we
> don't want the ibpb-on-vmexit or safe-ret as they are a lot more
> expensive than ASI.
>
> So we want the cmdline option to basically say only use bp-spec-reduce
> if it's available, but don't fallback if it isn't.
Yap, that should also be a part of the commit message.
> On the other hand we are enlighting ASI to skip mitigating SRSO if
> X86_FEATURE_SRSO_BP_SPEC_REDUCE is enabled
Yap, makes sense.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
