From 92d06d5faec47607578a2b69063824eacdadce82 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 14 Jan 2020 19:10:40 +0100 Subject: [PATCH] 4.9-stable patches added patches: drm-i915-gen9-clear-residual-context-state-on-context-switch.patch --- ...dual-context-state-on-context-switch.patch | 80 +++++++++++++++++++ queue-4.9/series | 1 + 2 files changed, 81 insertions(+) create mode 100644 queue-4.9/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch diff --git a/queue-4.9/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch b/queue-4.9/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch new file mode 100644 index 00000000000..500225aa729 --- /dev/null +++ b/queue-4.9/drm-i915-gen9-clear-residual-context-state-on-context-switch.patch @@ -0,0 +1,80 @@ +From 3fe57e22a8feac83268a9a4a289f1eac5a657718 Mon Sep 17 00:00:00 2001 +From: Akeem G Abodunrin +Date: Wed, 8 Jan 2020 12:44:47 -0800 +Subject: drm/i915/gen9: Clear residual context state on context switch + +From: Akeem G Abodunrin + +commit bc8a76a152c5f9ef3b48104154a65a68a8b76946 upstream. + +Intel ID: PSIRT-TA-201910-001 +CVEID: CVE-2019-14615 + +Intel GPU Hardware prior to Gen11 does not clear EU state +during a context switch. This can result in information +leakage between contexts. + +For Gen8 and Gen9, hardware provides a mechanism for +fast cleardown of the EU state, by issuing a PIPE_CONTROL +with bit 27 set. We can use this in a context batch buffer +to explicitly cleardown the state on every context switch. + +As this workaround is already in place for gen8, we can borrow +the code verbatim for Gen9. + +Signed-off-by: Mika Kuoppala +Signed-off-by: Akeem G Abodunrin +Cc: Kumar Valsan Prathap +Cc: Chris Wilson +Cc: Balestrieri Francesco +Cc: Bloomfield Jon +Cc: Dutt Sudeep +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/intel_lrc.c | 27 ++++++++++++--------------- + 1 file changed, 12 insertions(+), 15 deletions(-) + +--- a/drivers/gpu/drm/i915/intel_lrc.c ++++ b/drivers/gpu/drm/i915/intel_lrc.c +@@ -1017,6 +1017,8 @@ static int gen9_init_indirectctx_bb(stru + int ret; + struct drm_i915_private *dev_priv = engine->i915; + uint32_t index = wa_ctx_start(wa_ctx, *offset, CACHELINE_DWORDS); ++ u32 scratch_addr = ++ i915_ggtt_offset(engine->scratch) + 2 * CACHELINE_BYTES; + + /* WaDisableCtxRestoreArbitration:skl,bxt */ + if (IS_SKL_REVID(dev_priv, 0, SKL_REVID_D0) || +@@ -1036,22 +1038,17 @@ static int gen9_init_indirectctx_bb(stru + GEN9_DISABLE_GATHER_AT_SET_SHADER_COMMON_SLICE)); + wa_ctx_emit(batch, index, MI_NOOP); + +- /* WaClearSlmSpaceAtContextSwitch:kbl */ ++ /* WaClearSlmSpaceAtContextSwitch:skl,bxt,kbl,glk,cfl */ + /* Actual scratch location is at 128 bytes offset */ +- if (IS_KBL_REVID(dev_priv, 0, KBL_REVID_A0)) { +- u32 scratch_addr = +- i915_ggtt_offset(engine->scratch) + 2 * CACHELINE_BYTES; +- +- wa_ctx_emit(batch, index, GFX_OP_PIPE_CONTROL(6)); +- wa_ctx_emit(batch, index, (PIPE_CONTROL_FLUSH_L3 | +- PIPE_CONTROL_GLOBAL_GTT_IVB | +- PIPE_CONTROL_CS_STALL | +- PIPE_CONTROL_QW_WRITE)); +- wa_ctx_emit(batch, index, scratch_addr); +- wa_ctx_emit(batch, index, 0); +- wa_ctx_emit(batch, index, 0); +- wa_ctx_emit(batch, index, 0); +- } ++ wa_ctx_emit(batch, index, GFX_OP_PIPE_CONTROL(6)); ++ wa_ctx_emit(batch, index, (PIPE_CONTROL_FLUSH_L3 | ++ PIPE_CONTROL_GLOBAL_GTT_IVB | ++ PIPE_CONTROL_CS_STALL | ++ PIPE_CONTROL_QW_WRITE)); ++ wa_ctx_emit(batch, index, scratch_addr); ++ wa_ctx_emit(batch, index, 0); ++ wa_ctx_emit(batch, index, 0); ++ wa_ctx_emit(batch, index, 0); + + /* WaMediaPoolStateCmdInWABB:bxt */ + if (HAS_POOLED_EU(engine->i915)) { diff --git a/queue-4.9/series b/queue-4.9/series index eb8ef59d0bb..1816b639369 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -29,3 +29,4 @@ rtl8xxxu-prevent-leaking-urb.patch usb-fix-don-t-skip-endpoint-descriptors-with-maxpacket-0.patch netfilter-arp_tables-init-netns-pointer-in-xt_tgchk_param-struct.patch netfilter-ipset-avoid-null-deref-when-ipset_attr_lineno-is-present.patch +drm-i915-gen9-clear-residual-context-state-on-context-switch.patch -- 2.47.3