CVE-2018-3639 (x86)

This is a partial backport of dd84441a
  "x86/speculation: Use IBRS if available before calling into firmware"
as later patches rely on the call.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Juerg Haefliger <juergh@canonical.com>