From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 14 Jan 2020 18:10:42 +0000 (+0100)
Subject: 4.14-stable patches
X-Git-Tag: v4.4.210~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9db2c6bbb94bc054c03a816c2774111104dde1f1;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	drm-i915-gen9-clear-residual-context-state-on-context-switch.patch
---

diff --git a/queue-4.14/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch b/queue-4.14/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch
new file mode 100644
index 00000000000..f1682759048
--- /dev/null
+++ b/queue-4.14/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch
@@ -0,0 +1,64 @@
+From 17405d50f63d41f564f39f9ed6dbe40a30b7ff08 Mon Sep 17 00:00:00 2001
+From: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+Date: Wed, 8 Jan 2020 12:37:25 -0800
+Subject: drm/i915/gen9: Clear residual context state on context switch
+
+From: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+
+commit bc8a76a152c5f9ef3b48104154a65a68a8b76946 upstream.
+
+Intel ID: PSIRT-TA-201910-001
+CVEID: CVE-2019-14615
+
+Intel GPU Hardware prior to Gen11 does not clear EU state
+during a context switch. This can result in information
+leakage between contexts.
+
+For Gen8 and Gen9, hardware provides a mechanism for
+fast cleardown of the EU state, by issuing a PIPE_CONTROL
+with bit 27 set. We can use this in a context batch buffer
+to explicitly cleardown the state on every context switch.
+
+As this workaround is already in place for gen8, we can borrow
+the code verbatim for Gen9.
+
+Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
+Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
+Cc: Kumar Valsan Prathap <prathap.kumar.valsan@intel.com>
+Cc: Chris Wilson <chris.p.wilson@intel.com>
+Cc: Balestrieri Francesco <francesco.balestrieri@intel.com>
+Cc: Bloomfield Jon <jon.bloomfield@intel.com>
+Cc: Dutt Sudeep <sudeep.dutt@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/intel_lrc.c |   19 ++++++++-----------
+ 1 file changed, 8 insertions(+), 11 deletions(-)
+
+--- a/drivers/gpu/drm/i915/intel_lrc.c
++++ b/drivers/gpu/drm/i915/intel_lrc.c
+@@ -1101,17 +1101,14 @@ static u32 *gen9_init_indirectctx_bb(str
+ 
+ 	*batch++ = MI_NOOP;
+ 
+-	/* WaClearSlmSpaceAtContextSwitch:kbl */
+-	/* Actual scratch location is at 128 bytes offset */
+-	if (IS_KBL_REVID(engine->i915, 0, KBL_REVID_A0)) {
+-		batch = gen8_emit_pipe_control(batch,
+-					       PIPE_CONTROL_FLUSH_L3 |
+-					       PIPE_CONTROL_GLOBAL_GTT_IVB |
+-					       PIPE_CONTROL_CS_STALL |
+-					       PIPE_CONTROL_QW_WRITE,
+-					       i915_ggtt_offset(engine->scratch)
+-					       + 2 * CACHELINE_BYTES);
+-	}
++	/* WaClearSlmSpaceAtContextSwitch:skl,bxt,kbl,glk,cfl */
++	batch = gen8_emit_pipe_control(batch,
++				       PIPE_CONTROL_FLUSH_L3 |
++				       PIPE_CONTROL_GLOBAL_GTT_IVB |
++				       PIPE_CONTROL_CS_STALL |
++				       PIPE_CONTROL_QW_WRITE,
++				       i915_ggtt_offset(engine->scratch) +
++				       2 * CACHELINE_BYTES);
+ 
+ 	/* WaMediaPoolStateCmdInWABB:bxt,glk */
+ 	if (HAS_POOLED_EU(engine->i915)) {
diff --git a/queue-4.14/series b/queue-4.14/series
index 04ef3a2ba42..8d5b90ecefa 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -37,3 +37,4 @@ phy-cpcap-usb-fix-error-path-when-no-host-driver-is-loaded.patch
 phy-cpcap-usb-fix-flakey-host-idling-and-enumerating-of-devices.patch
 netfilter-arp_tables-init-netns-pointer-in-xt_tgchk_param-struct.patch
 netfilter-ipset-avoid-null-deref-when-ipset_attr_lineno-is-present.patch
+drm-i915-gen9-clear-residual-context-state-on-context-switch.patch