Re: I'm going to use up my stupid question of the day quota here...
Am I correct in thinking that if speculative execution obeyed memory access restrictions (no user process peeking at lower ring address spaces like the kernel) regardless of whether or not that memory is cached, then these problems would go away?
No.
The Spectre vulnerabilities use side channels to extract information. They don't "peek[] at lower ring address spaces".
Meltdown is a Spectre variant that leaks privileged memory, and the (obvious) fix for it was to prevent spec-ex from crossing privilege boundaries. But Meltdown is only one of many Spectre variants.