Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752486AbeADStK (ORCPT + 1 other); Thu, 4 Jan 2018 13:49:10 -0500 Received: from www.llwyncelyn.cymru ([82.70.14.225]:46600 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751294AbeADStJ (ORCPT ); Thu, 4 Jan 2018 13:49:09 -0500 Date: Thu, 4 Jan 2018 18:48:45 +0000 From: Alan Cox To: Tim Chen Cc: Thomas Gleixner , Andy Lutomirski , Linus Torvalds , Greg KH , Dave Hansen , Andrea Arcangeli , Andi Kleen , Arjan Van De Ven , linux-kernel@vger.kernel.org, David Woodhouse Subject: Re: [PATCH 5/7] x86: Use IBRS for firmware update path Message-ID: <20180104184845.7a40525a@alans-desktop> In-Reply-To: <8d3710432534b27d224283557c4629cd1aa5b0ea.1515086770.git.tim.c.chen@linux.intel.com> References: <8d3710432534b27d224283557c4629cd1aa5b0ea.1515086770.git.tim.c.chen@linux.intel.com> Organization: Intel Corporation X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Thu, 4 Jan 2018 09:56:46 -0800 Tim Chen wrote: > From: David Woodhouse > > We are impervious to the indirect branch prediction attack with retpoline > but firmware won't be, so we still need to set IBRS to protect > firmware code execution when calling into firmware at runtime. If you are going to care about APM then you also need to care about BIOS32 interfaces (arch/x86/pc/pcibios.c) and PNPBIOS (drivers/pnp/pnpbios/bioscalls.c) Alan