How can CPU designers prevent information leaks from speculated execution?
We know about short-term measures to mitigate the Meltdown and Spectre vulnerabilities in certain microprocessors where speculative execution has measurable effects on cache timings (mainly patches to microcode, operating systems and any applications containing trust boundaries).
What are the long-term solutions to the problem?
Obvious, simple solutions such as "don't speculate" or "ignore cache when speculating" are unlikely to be acceptable due to the performance considerations that introduced speculation in the first place.
Perhaps speculated instructions could use a separate cache, which is only copied to main cache if the speculation succeeds? If not, why not?
Could processors add privilege information to page table entries, to make Kernel Page Table Isolation automatic (and reduce its performance impact)?
Are there other design changes that improve security without a big performance hit?
