ac9be12...
by
Akeem G Abodunrin <email address hidden>
drm/i915/gen9: Clear residual context state on context switch
Intel GPU Hardware prior to Gen11 does not clear EU state
during a context switch. This can result in information
leakage between contexts.
For Gen8 and Gen9, hardware provides a mechanism for
fast cleardown of the EU state, by issuing a PIPE_CONTROL
with bit 27 set. We can use this in a context batch buffer
to explicitly cleardown the state on every context switch.
As this workaround is already in place for gen8, we can borrow
the code verbatim for Gen9.
Signed-off-by: Mika Kuoppala <email address hidden>
Signed-off-by: Akeem G Abodunrin <email address hidden>
CVE-2019-14615
(backported from commit bc8a76a152c5f9ef3b48104154a65a68a8b76946)
[tyhicks: Backport to 5.3:
- Use (i915_scratch_offset(engine->i915) + 2 * CACHELINE_BYTES) in
place of LRC_PPHWSP_SCRATCH_ADDR and PIPE_CONTROL_GLOBAL_GTT_IVB in
place of PIPE_CONTROL_STORE_DATA_INDEX since we're missing commit
e1237523749e ("drm/i915/execlists: Use per-process HWSP as scratch")]
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Connor Kuehl <email address hidden>
Acked-by: Marcelo Henrique Cerri <email address hidden>
Signed-off-by: Marcelo Henrique Cerri <email address hidden>
The ARMv8 64-bit architecture supports execute-only user permissions by
clearing the PTE_USER and PTE_UXN bits, practically making it a mostly
privileged mapping but from which user running at EL0 can still execute.
The downside, however, is that the kernel at EL1 inadvertently reading
such mapping would not trip over the PAN (privileged access never)
protection.
Revert the relevant bits from commit cab15ce604e5 ("arm64: Introduce
execute-only page access permissions") so that PROT_EXEC implies
PROT_READ (and therefore PTE_USER) until the architecture gains proper
support for execute-only user mappings.