[$] Fighting Spectre with cache flushes

One of the more difficult aspects of the Spectre hardware vulnerability is
finding all of the locations in the code that might be exploitable. There
are many locations that look vulnerable that aren't, and others that are
exploitable without being obvious. It has long been clear that finding all
of the exploitable spots is a long-term task, and keeping new ones from
being introduced will not be easy. But there may be a simple technique that
can block a large subset of the possible exploits with a minimal cost.