A change first proposed last year to the Linux kernel's Spectre mitigation defaults looks like it will soon be sent in for the mainline kernel. The change is in regards to the default mitigation value for Spectre V2 for user-space tasks and Spectre V4 / Speculative Store Bypass. For the kernel options of "spec_store_bypass_disable" and "spectre_v2_user", the current default is the "seccomp" mode. With that default behavior the mitigations are only applied when opted into per-thread via the PRCTL interface (or otherwise a process inherits the mitigation when forked) or is enabled by default for all SECCOMP threads.