[$] Addressing Meltdown and Spectre in the kernel
When the Meltdown and Spectre vulnerabilities were disclosed onJanuary 3, attention quickly turned to mitigations. There was alreadya clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but thedefenses against the two Spectre variants had not been developed in public and stilldo not exist in the mainline kernel. Initial versions of proposeddefenses have now been disclosed. The resulting picture shows what hasbeen done to fend off Spectre-based attacks in the near future, but thesituation remains chaotic, to put it lightly.