The description in the article would seem to allow a fairly simple fix in the OS.
When the original page fault occurs, control is passed from user-space (or guest space) to kernel space (or host space). The handler can determine whether the faulting address is outside user-space or not. In fact, it probably already has to do that in order to process the fault. If not, the fault is legitimate and will be related to (say) stack guard pages or virtual memory paging. We wouldn't want to penalise those, so we proceed as usual.
However, if it *is* outside user-space, I can't see any reason not to "punish" the application program (or guest kernel) by performing a full cache flush. This blocks the information disclosure. It is obviously quite costly, but as long as the bill is charged to the offending application (or guest, and in the case of cloud providers that will really mean *charged* so the provider is still happy) then it doesn't count as a DoS attack and no properly written application will ever have to pay the bill.
What have I missed?