The bug seems to be about the processor leaving speculatively read privileged data in some of the caches, even if execution failed [1].
If so, clearing all caches upon a failed privilege check sounds like something within the capabilities of microcode
and without unreasonable performance penalties.
Unfortunately, that would not explain the complex in-kernel fix...
EDIT: what remains in cache is not "speculatively read privileged data" but more "unprivileged data whose address is correlated to speculatively read privileged data". Retrieving later such address allows one to infer what the privileged data was. Still, the point about clearing all caches as countermeasure holds...
If so, clearing all caches upon a failed privilege check sounds like something within the capabilities of microcode and without unreasonable performance penalties.
Unfortunately, that would not explain the complex in-kernel fix...
[1] https://plus.google.com/+KristianK%C3%B6hntopp/posts/Ep26AoA...
EDIT: what remains in cache is not "speculatively read privileged data" but more "unprivileged data whose address is correlated to speculatively read privileged data". Retrieving later such address allows one to infer what the privileged data was. Still, the point about clearing all caches as countermeasure holds...