[$] Injecting speculation barriers into BPF programs

The disclosure of the Spectreclass of hardware vulnerabilities created a lot of pain for kerneldevelopers (and many others). That pain was especially acutely felt in theBPF community. While an attacker might have to painfully search the kernelcode base for exploitable code, an attacker using BPF can simply write andload their own speculation gadgets, which is a much more efficient way ofoperating. The BPF community reacted by, among other things, disallowingthe loading of programs that may include speculation gadgets. LuisGerhorst would like to change that situation with this patchseries that takes a more direct approach to the problem.