This
grsecurity blog entry looks at how an ineffective Spectre fix found its
way into the stable kernel releases. If one looks past the advertising,
it’s a good summary of how the kernel processes can produce the wrong
result. “Despite this warning, this code was merged into Thomas
Gleixner’s x86/tip tree verbatim, as can be seen here.
Prior to merging the fix for 5.3-rc1, Linus Torvalds noticed the warning as
seen on the LKML mailing list here and fixed it correctly.
However, when the actual merge
of the tree was performed, no mention was made of the correction to the
fix, and with no specific commit mentioning the correction and fixing it
alone, everyone else’s processes that depended on cherry-picking specific
commits ended up grabbing the bad warning-inducing change.
As a further failure, instead of looking at Linus’ correct fix (observable
by checking out the master tree at the time), the approach seems to have
been to naively silence the warning by simply swapping the order of the two
lines.”

Source: LWN.net – grsecurity: Teardown of a Failed Linux LTS Spectre Fix