On 1/9/23 08:08, Randy Dunlap wrote: > + stuff - Enables "stuffing" mode mitigation, > + which uses return thunking and call depth > + tracking. Only in effect if > + CONFIG_CALL_DEPTH_TRACKING is set and > + Spectre V2 mitigation mode is > + "retpoline". > + IBRS is fully secure mitigation but is > + more costly (slower) than stuffing. The "fully secure" thing makes me cringe a bit. I'd suggest saying: IBRS is a stronger mitigation but is more costly than stuffing (slower).
