Post Syndicated from original https://lwn.net/Articles/835342/rss

Address-space isolation is the technique of removing a range of memory from
one or more address spaces as a way of preventing accidental or malicious
access to that memory. Since the disclosure of the Meltdown and Spectre
vulnerabilities, the kernel has used one form
of address-space isolation to make kernel memory completely
inaccessible to user-space processes, for example. There has been a steady
level of interest in using similar techniques to protect memory in other
contexts; two patches implementing new isolation mechanisms are getting
closer to being ready for merging into the mainline kernel.