From 15d68c5e1d910498d38c219565b56a1b3dace95d Mon Sep 17 00:00:00 2001
From: Greg Kurz <groug@kaod.org>
Date: Tue, 26 Mar 2019 11:21:11 +0100
Subject: [PATCH] target/ppc: Improve comment of bcctr used for spectre v2
 mitigation

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <155359567174.1794128.3183997593369465355.stgit@bahia.lan>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target/ppc/translate.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 576210d901..badc1ae1a3 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -3753,7 +3753,15 @@ static void gen_bcond(DisasContext *ctx, int type)
              * All ISAs up to v3 describe this form of bcctr as invalid but
              * some processors, ie. 64-bit server processors compliant with
              * arch 2.x, do implement a "test and decrement" logic instead,
-             * as described in their respective UMs.
+             * as described in their respective UMs. This logic involves CTR
+             * to act as both the branch target and a counter, which makes
+             * it basically useless and thus never used in real code.
+             *
+             * This form was hence chosen to trigger extra micro-architectural
+             * side-effect on real HW needed for the Spectre v2 workaround.
+             * It is up to guests that implement such workaround, ie. linux, to
+             * use this form in a way it just triggers the side-effect without
+             * doing anything else harmful.
              */
             if (unlikely(!is_book3s_arch2x(ctx))) {
                 gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
-- 
2.11.4.GIT