[1]https://lkml.org/lkml/2018/1/3/797

     A *competent* CPU engineer would fix this by making sure speculation
     doesn't happen across protection domains. Maybe even a L1 I$ that is
     keyed by CPL.

[2]https://news.ycombinator.com/item?id=10518480

     Aye, too many people have this defeatist attitude that since perfect
     security will never be possible, therefore the only valid solution
     is reactive security (bug-patch cycles). Patch dependence is
     considered too entrenched for making some changes like replacing
     ambient authority with capabilities, using failure-oblivious
     computing [1] to redirect invalid reads and writes, using separation
     kernels, information flow control, proper MLS [2], program
     shepherding for origin and control flow monitoring [3] and general
     fault tolerance/self-healing [4].
     I used to look up to Linus Torvalds as many did, but am increasingly
     beginning to see him as a threat to the advancement of the industry
     with his faux pragmatism that has led him to speak out against
     everything from security to microkernels and kernel debuggers.
     [1] [3]https://www.doc.ic.ac.uk/~cristic/papers/fo-osdi-04.pdf
     [2]
     [4]http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.52....
     [3]
     [5]https://www.usenix.org/legacy/events/sec02/full_papers/kiria...
     [4]
     [6]https://www.cs.columbia.edu/~angelos/Papers/2007/mmm-acns-se...

References

   1. https://lkml.org/lkml/2018/1/3/797
   2. https://news.ycombinator.com/item?id=10518480
   3. https://www.doc.ic.ac.uk/~cristic/papers/fo-osdi-04.pdf
   4. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.52..
   5. https://www.usenix.org/legacy/events/sec02/full_papers/kiria.
   6. https://www.cs.columbia.edu/~angelos/Papers/2007/mmm-acns-se.