Wha?
Okay, I'm more than just a bit confused by this discussion. To review, I spent a decade doing microprocessor validation at AMD & IBM for a decade starting in the mid 90's. As I understand it, Spectre works by poisoning the branch prediction mechanism to cause a speculative memory fetch involving a value in a register which was read from an address controlled by an attacker. Timing of subsequent reads from the possible locations of the speculative read reveals the contents of the attacked address.
What about this requires a cache flush operation? All you need to do is to execute enough reads on the caches aliases. That seems a lot more difficult to detect than a straight cache flush operation.
Biting the hand that feeds IT
