Post Syndicated from original https://lwn.net/Articles/909469/

When the kernel is running, it has access to its entire address space —
usually including all of physical memory — even
if only a small portion of that address space is actually needed. That
increases the kernel’s vulnerability to speculative attacks. An address-space
isolation patch set aiming to change this situation has been
circulating for a few years, but has never been seriously considered for
merging into the mainline. At the 2022 Linux
Plumbers Conference, Ofir Weisse sought to convince the development
community to reconsider address-space isolation.