On the note of OS mitigations, I've been thinking that a heavy-handed but possibly necessary (at least for highly untrusted programs) approach is to trample all over a process' cache and other relevant microarchitectural affordances whenever the process is entered. Then it should prevent a wide range of attacks, including those unknown until now. A more targeted method is messing up, say, branch predictor state when a process is being exited (i.e. preempted). I find that less intuitively reassuring, but it would reduce performance impact. In any case, I don't find techniques like retpolines or Intel IBRS plausible in the general case, so I'm inclined to go scorched earth. Not that it would likely be popular with the performance cost.