[$] Live patching for CPU vulnerabilities

The kernel's live-patching (KLP) mechanism can apply a wide variety offixes to a running kernel but, at a first glance, the sort of highlyintrusive changes needed to address vulnerabilities like Meltdown or L1TFwould not seem like likely candidates for live patches.The most notable obstacles are the requiredmodifications of global semantics on a running system, as well as theneed for live patching the kernel's entry code. However, we at the SUSE livepatching team started working on proof-of-concept live patches for thesevulnerabilities as afun project and have been able to overcome these hurdles. The techniques we developed are generic and might become handy again whenfixing future vulnerabilities.