On Sun, 18 Nov 2018, Jiri Kosina wrote: > It's probably not just browsers, but anything running JITed sandboxed > code. So the most straightforward way might be the prctl() aproach, where > userspace would claim "I do care about this, please fix it up for me". So > prctl() + perhaps SECCOMP. I've just sent SECCOMP handling as a followup to Tim's set. I still feel like we should make STIBP and IBPB behavior consistent (in a sense they should always be used both, or none of them), but that might be additional 4.21 optimization. Thanks, -- Jiri Kosina SUSE Labs