--- /dev/null
+From 3fe57e22a8feac83268a9a4a289f1eac5a657718 Mon Sep 17 00:00:00 2001
+From: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+Date: Wed, 8 Jan 2020 12:44:47 -0800
+Subject: drm/i915/gen9: Clear residual context state on context switch
+
+From: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+
+commit bc8a76a152c5f9ef3b48104154a65a68a8b76946 upstream.
+
+Intel ID: PSIRT-TA-201910-001
+CVEID: CVE-2019-14615
+
+Intel GPU Hardware prior to Gen11 does not clear EU state
+during a context switch. This can result in information
+leakage between contexts.
+
+For Gen8 and Gen9, hardware provides a mechanism for
+fast cleardown of the EU state, by issuing a PIPE_CONTROL
+with bit 27 set. We can use this in a context batch buffer
+to explicitly cleardown the state on every context switch.
+
+As this workaround is already in place for gen8, we can borrow
+the code verbatim for Gen9.
+
+Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
+Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+Cc: Kumar Valsan Prathap <prathap.kumar.valsan@intel.com>
+Cc: Chris Wilson <chris.p.wilson@intel.com>
+Cc: Balestrieri Francesco <francesco.balestrieri@intel.com>
+Cc: Bloomfield Jon <jon.bloomfield@intel.com>
+Cc: Dutt Sudeep <sudeep.dutt@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/intel_lrc.c | 27 ++++++++++++---------------
+ 1 file changed, 12 insertions(+), 15 deletions(-)
+
+--- a/drivers/gpu/drm/i915/intel_lrc.c
++++ b/drivers/gpu/drm/i915/intel_lrc.c
+@@ -1017,6 +1017,8 @@ static int gen9_init_indirectctx_bb(stru
+ int ret;
+ struct drm_i915_private *dev_priv = engine->i915;
+ uint32_t index = wa_ctx_start(wa_ctx, *offset, CACHELINE_DWORDS);
++ u32 scratch_addr =
++ i915_ggtt_offset(engine->scratch) + 2 * CACHELINE_BYTES;
+
+ /* WaDisableCtxRestoreArbitration:skl,bxt */
+ if (IS_SKL_REVID(dev_priv, 0, SKL_REVID_D0) ||
+@@ -1036,22 +1038,17 @@ static int gen9_init_indirectctx_bb(stru
+ GEN9_DISABLE_GATHER_AT_SET_SHADER_COMMON_SLICE));
+ wa_ctx_emit(batch, index, MI_NOOP);
+
+- /* WaClearSlmSpaceAtContextSwitch:kbl */
++ /* WaClearSlmSpaceAtContextSwitch:skl,bxt,kbl,glk,cfl */
+ /* Actual scratch location is at 128 bytes offset */
+- if (IS_KBL_REVID(dev_priv, 0, KBL_REVID_A0)) {
+- u32 scratch_addr =
+- i915_ggtt_offset(engine->scratch) + 2 * CACHELINE_BYTES;
+-
+- wa_ctx_emit(batch, index, GFX_OP_PIPE_CONTROL(6));
+- wa_ctx_emit(batch, index, (PIPE_CONTROL_FLUSH_L3 |
+- PIPE_CONTROL_GLOBAL_GTT_IVB |
+- PIPE_CONTROL_CS_STALL |
+- PIPE_CONTROL_QW_WRITE));
+- wa_ctx_emit(batch, index, scratch_addr);
+- wa_ctx_emit(batch, index, 0);
+- wa_ctx_emit(batch, index, 0);
+- wa_ctx_emit(batch, index, 0);
+- }
++ wa_ctx_emit(batch, index, GFX_OP_PIPE_CONTROL(6));
++ wa_ctx_emit(batch, index, (PIPE_CONTROL_FLUSH_L3 |
++ PIPE_CONTROL_GLOBAL_GTT_IVB |
++ PIPE_CONTROL_CS_STALL |
++ PIPE_CONTROL_QW_WRITE));
++ wa_ctx_emit(batch, index, scratch_addr);
++ wa_ctx_emit(batch, index, 0);
++ wa_ctx_emit(batch, index, 0);
++ wa_ctx_emit(batch, index, 0);
+
+ /* WaMediaPoolStateCmdInWABB:bxt */
+ if (HAS_POOLED_EU(engine->i915)) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
