Re: [PATCH 0/2] efivars: reading variables can generate SMIs
From: Andi Kleen
Date: Sat Feb 17 2018 - 11:18:08 EST
> Would rate limiting (but not only for non-root) help mitigate Spectre
> v1 issues in UEFI runtime services code as well? I have been looking
> into unmapping the entire kernel while such calls are in progress,
> because firmware is likely to remain vulnerable long after the OSes
> have been fixed, and we may be able to kill two birds with one stone
> here (and not break userland in the process)
Yes a global rate limit would seem like a good compromise.
-Andi