> Would rate limiting (but not only for non-root) help mitigate Spectre > v1 issues in UEFI runtime services code as well? I have been looking > into unmapping the entire kernel while such calls are in progress, > because firmware is likely to remain vulnerable long after the OSes > have been fixed, and we may be able to kill two birds with one stone > here (and not break userland in the process)
Yes a global rate limit would seem like a good compromise. -Andi
