Huh? Hardware TSS has nothing to do with separating address spaces. It’s just a trick for switching the address space, and it’s really quite slow on modern CPUs. In theory, a kernel could use hardware task switching to switch address spaces on user/kernel transitions by forcing a hardware task switch when this happens, but the performance impacts would be considerably worse than KPTI.
What does seem to mitigate Meltdown on some CPUs is enabling segment limits for user code. This does nothing for 64-bit code, though.
edit: not to mention that there are no hardware context switches on 64-bit kernels. AMD removed support entirely in 64-bit mode. The TSS still exists, but it’s just an awkward dumping ground for a couple of data structures.
The main reason seemed to be the relatively bad performance of the hardware task switch (loading segment registers and the page table base) that would be required for any system call.
Of course, that turns out to be the fix for meltdown, unless you have the process-context identifiers (PCID) available on Haswell chips and newer. The meltdown fix for older CPUs, such as the Pentium III and Intel Core, is roughly the same as the 4g4g kernel changes.
BTW, the 4g4g kernels were created for a different reason. The kernel needed more virtual address space for itself, and thus couldn't share with user code. This was for a time when people were trying to run 32-bit kernels on systems with 32 gigabytes of RAM.
TSS switching is incompatible with running in 64-bit mode. It is very slow. Doing most of the same actions (reload segment registers and the page table base) in software is also very slow. Prior to the meltdown issue, Linux system calls had avoided most reloads of the segment registers and page table base.
PCIDs are incompatible with older hardware. They are modestly slow. I think the PCID state includes the TLB.
That pretty much means the kernel must support both methods. The PCIDs is used when possible. When the hardware doesn't support PCIDs, Linux must instead reload segment registers and the page table base, either step-by-step in software or via a TSS switch.
BTW, I had to implement x86 hardware task switching for an x86 emulator. The complexity is insane. See my "Who is Hiring?" post if that sounds fun for you.
I think you may be a bit confused here. PCID is a feature that lets the kernel avoid a TLB when CR3 is written. With or without PCID, CR3 gets written. The segment registers have nothing whatsoever to do with this on a 64-bit system.