On 10/16/23 06:27, Michael Roth wrote:
> Without SEV-SNP, Automatic IBRS protects only the kernel. But when
> SEV-SNP is enabled, the Automatic IBRS protection umbrella widens to all
> host-side code, including userspace. This protection comes at a cost:
> reduced userspace indirect branch performance.
>
> To avoid this performance loss, don't use Automatic IBRS on SEV-SNP
> hosts. Fall back to retpolines instead.
Thanks for the updated changelog:
Acked-by: Dave Hansen <[email protected]>
BTW, have you given your hardware folks a hard time about this? It
seems _kinda_ silly to be using retpolines when the hardware has a
perfectly good IBRS implementation for the kernel.
Just please make sure there's a good underlying reason for this behavior
and as opposed to being some kind of inadvertent side effect.
I assume Auto-IBRS and SEV-SNP are going to be with us for a long time,
so it would be nice to have a long term solution here.