Spectre v1 — CVE-2017-5753
Microsoft implemented a compiler-based mitigation on day one, but there is little public details about it.
Grsecurity had respectre since the 5th of October 2018, a gcc plugin doing some fancy analysis to detect and eliminate speculation-based side channels gadgets. Unfortunately, it’s only available to its customers, so I can’t elaborate on its implementation, but odds are that this mitigation is on par, quality-wise, with the rest of the work from spender an pipacs.
On Linux, since 2018, people are manually auditing the source code to use the magical
array_index_nospec
annotation to remove
gadgets,
offering only very partial
coverage.
As spender snarkily highlighted in March 2018, OpenBSD has no mitigation, not even manually removing gadgets, against Spectre v1: the only solution there is to upgrade the hardware.