[$] Taming STIBP

The Spectre class of hardware vulnerabilities was apparently so-namedbecause it can be expected to haunt us for some time. One aspect of thathaunting can be seen in the fact that, nearly one year after Spectre wasdisclosed, the kernel is still unable to prevent one user-space processfrom attacking another in some situations. An attempt to provide thatprotection using a new x86 microcode feature called STIBP has run intotrouble once its performance impact was understood; now a more nuancedapproach may succeed in providing protection where it is needed withoutslowing down everybody else.