From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 14 Jan 2020 18:10:43 +0000 (+0100)
Subject: 4.19-stable patches
X-Git-Tag: v4.4.210~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=933d17b0609cfef86b73438439a6d711d0d30afb;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	drm-i915-gen9-clear-residual-context-state-on-context-switch.patch
---

diff --git a/queue-4.19/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch b/queue-4.19/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch
new file mode 100644
index 00000000000..2cfec87228e
--- /dev/null
+++ b/queue-4.19/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch
@@ -0,0 +1,54 @@
+From 7cb80d14b9d9bd7192bb35e2d945073f0497546f Mon Sep 17 00:00:00 2001
+From: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+Date: Wed, 8 Jan 2020 09:47:11 -0800
+Subject: drm/i915/gen9: Clear residual context state on context switch
+
+From: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+
+commit bc8a76a152c5f9ef3b48104154a65a68a8b76946 upstream.
+
+Intel ID: PSIRT-TA-201910-001
+CVEID: CVE-2019-14615
+
+Intel GPU Hardware prior to Gen11 does not clear EU state
+during a context switch. This can result in information
+leakage between contexts.
+
+For Gen8 and Gen9, hardware provides a mechanism for
+fast cleardown of the EU state, by issuing a PIPE_CONTROL
+with bit 27 set. We can use this in a context batch buffer
+to explicitly cleardown the state on every context switch.
+
+As this workaround is already in place for gen8, we can borrow
+the code verbatim for Gen9.
+
+Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
+Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+Cc: Kumar Valsan Prathap <prathap.kumar.valsan@intel.com>
+Cc: Chris Wilson <chris.p.wilson@intel.com>
+Cc: Balestrieri Francesco <francesco.balestrieri@intel.com>
+Cc: Bloomfield Jon <jon.bloomfield@intel.com>
+Cc: Dutt Sudeep <sudeep.dutt@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/intel_lrc.c |    9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/gpu/drm/i915/intel_lrc.c
++++ b/drivers/gpu/drm/i915/intel_lrc.c
+@@ -1562,6 +1562,15 @@ static u32 *gen9_init_indirectctx_bb(str
+ 	/* WaFlushCoherentL3CacheLinesAtContextSwitch:skl,bxt,glk */
+ 	batch = gen8_emit_flush_coherentl3_wa(engine, batch);
+ 
++	/* WaClearSlmSpaceAtContextSwitch:skl,bxt,kbl,glk,cfl */
++	batch = gen8_emit_pipe_control(batch,
++				       PIPE_CONTROL_FLUSH_L3 |
++				       PIPE_CONTROL_GLOBAL_GTT_IVB |
++				       PIPE_CONTROL_CS_STALL |
++				       PIPE_CONTROL_QW_WRITE,
++				       i915_ggtt_offset(engine->scratch) +
++				       2 * CACHELINE_BYTES);
++
+ 	batch = emit_lri(batch, lri, ARRAY_SIZE(lri));
+ 
+ 	/* WaClearSlmSpaceAtContextSwitch:kbl */
diff --git a/queue-4.19/series b/queue-4.19/series
index f20e3eed207..7ba497f74ff 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -44,3 +44,4 @@ phy-cpcap-usb-fix-flakey-host-idling-and-enumerating-of-devices.patch
 netfilter-arp_tables-init-netns-pointer-in-xt_tgchk_param-struct.patch
 netfilter-conntrack-dccp-sctp-handle-null-timeout-argument.patch
 netfilter-ipset-avoid-null-deref-when-ipset_attr_lineno-is-present.patch
+drm-i915-gen9-clear-residual-context-state-on-context-switch.patch