Post Syndicated from original https://lwn.net/Articles/886494/

The disclosure of the Meltdown and Spectre vulnerabilities put a spotlight
on the risks that come with sharing address spaces too widely. Even if the
protection mechanisms provided by the hardware should prevent access to
sensitive data,
those vulnerabilities can often be used to leak that data anyway. So, from
the beginning, mitigation strategies have included reducing the sharing of
address spaces, but there is more that could be done and ongoing interest in doing so. Now, this
patch set posted by Junaid Shahid (containing work from Ofir Weisse and
inspired by earlier
patches from Alexandre Chartre) shows what would be required to create
a general address-space isolation (ASI) mechanism for the kernel.