INVLPGB New instruction to use instead of inter-core 
   unterrupts to broadcast page invalidates, requires 
   OS/hypervisor support
   
   VAES / VPCLMULQDQ AVX2 Instructions for 
   encryption/decryption acceleration
   
   SEV-ES Limits the interruptions a malicious hypervisor may 
   inject into a VM/instance

   Memory Protection Keys Application control for access- 
   disable and write-disable settings without TLB management
  
   Process Context ID (PCID) Process tags in TLB to reduce 
   flush requirements

Interruptions (Instructions) and Unterrupts (Interrupts) aside (the article obviously was pushed out as fast as AT could lol) - these additions seem like they would help with performance when it comes to mitigations of all the speculation vulnerabilities in an hypervisor env?