File xsa297-0c.patch of Package xen.11298

x86/spec-ctrl: Misc non-functional cleanup

 * Identify BTI in the spec_ctrl_{enter,exit}_idle() comments, as other
   mitigations will shortly appear.
 * Use alternative_input() and cover the lack of memory cobber with a further
   barrier.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/include/asm-x86/spec_ctrl.h
+++ b/xen/include/asm-x86/spec_ctrl.h
@@ -65,6 +65,8 @@ static always_inline void spec_ctrl_ente
     uint32_t val = 0;
 
     /*
+     * Branch Target Injection:
+     *
      * Latch the new shadow value, then enable shadowing, then update the MSR.
      * There are no SMP issues here; only local processor ordering concerns.
      */
@@ -72,10 +74,10 @@ static always_inline void spec_ctrl_ente
     barrier();
     info->spec_ctrl_flags |= SCF_use_shadow;
     barrier();
-    asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", %c3)
-                   :: "a" (val), "c" (MSR_SPEC_CTRL), "d" (0),
-                      "i" (X86_FEATURE_SC_MSR_IDLE)
-                   : "memory" );
+    alternative_input(ASM_NOP3, "wrmsr", %c3,
+                      "a" (val), "c" (MSR_SPEC_CTRL), "d" (0),
+                      "i" (X86_FEATURE_SC_MSR_IDLE));
+    barrier();
 }
 
 /* WARNING! `ret`, `call *`, `jmp *` not safe before this call. */
@@ -84,15 +86,17 @@ static always_inline void spec_ctrl_exit
     uint32_t val = info->xen_spec_ctrl;
 
     /*
+     * Branch Target Injection:
+     *
      * Disable shadowing before updating the MSR.  There are no SMP issues
      * here; only local processor ordering concerns.
      */
     info->spec_ctrl_flags &= ~SCF_use_shadow;
     barrier();
-    asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", %c3)
-                   :: "a" (val), "c" (MSR_SPEC_CTRL), "d" (0),
-                      "i" (X86_FEATURE_SC_MSR_IDLE)
-                   : "memory" );
+    alternative_input(ASM_NOP3, "wrmsr", %c3,
+                      "a" (val), "c" (MSR_SPEC_CTRL), "d" (0),
+                      "i" (X86_FEATURE_SC_MSR_IDLE));
+    barrier();
 }
 
 #endif /* !__X86_SPEC_CTRL_H__ */
--- a/xen/include/asm-x86/alternative.h
+++ b/xen/include/asm-x86/alternative.h
@@ -5,6 +5,7 @@
 #include <asm/nops.h>
 
 #ifndef __ASSEMBLY__
+#include <xen/stringify.h>
 #include <xen/types.h>
 
 struct alt_instr {
@@ -66,6 +67,25 @@ extern void alternative_instructions(voi
 #define alternative(oldinstr, newinstr, feature)                        \
         asm volatile (ALTERNATIVE(oldinstr, newinstr, feature) : : : "memory")
 
+/*
+ * Alternative inline assembly with input.
+ *
+ * Pecularities:
+ * No memory clobber here.
+ * Argument numbers start with 1.
+ * Best is to use constraints that are fixed size (like (%1) ... "r")
+ * If you use variable sized constraints like "m" or "g" in the
+ * replacement make sure to pad to the worst case length.
+ */
+#define alternative_input(oldinstr, newinstr, feature, input...)	\
+	asm volatile (ALTERNATIVE(oldinstr, newinstr, feature)		\
+		      : : input)
+
+/* Like alternative_input, but with a single output argument */
+#define alternative_io(oldinstr, newinstr, feature, output, input...)	\
+	asm volatile (ALTERNATIVE(oldinstr, newinstr, feature)		\
+		      : output : input)
+
 #endif /*  !__ASSEMBLY__  */
 
 #endif /* __X86_ALTERNATIVE_H__ */