Re: [PATCH 5/7] x86: Use IBRS for firmware update path

From: Alan Cox
Date: Thu Jan 04 2018 - 13:49:13 EST


On Thu, 4 Jan 2018 09:56:46 -0800
Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx> wrote:

> From: David Woodhouse <dwmw@xxxxxxxxxxxx>
>
> We are impervious to the indirect branch prediction attack with retpoline
> but firmware won't be, so we still need to set IBRS to protect
> firmware code execution when calling into firmware at runtime.

If you are going to care about APM then you also need to care about
BIOS32 interfaces (arch/x86/pc/pcibios.c) and PNPBIOS
(drivers/pnp/pnpbios/bioscalls.c)

Alan