From 23b83d20ee925f9c6fd81e24e56081f35fec4c7c Mon Sep 17 00:00:00 2001
From: Yannick Cote <ycote@redhat.com>
Date: Mon, 12 Dec 2022 18:57:27 -0500
Subject: [KPATCH CVE-2022-4139] kpatch fixes for CVE-2022-4139
Kernels:
5.14.0-162.6.1.el9_1
Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-9/-/merge_requests/13
Approved-by: Joe Lawrence (@joe.lawrence)
Changes since last build:
[x86_64]:
ax88179_178a.o: changed function: ax88179_rx_fixup
callback_xdr.o: changed function: nfs_callback_dispatch
intel_gt.o: changed function: intel_gt_invalidate_tlbs
nfs3proc.o: changed function: nfsd3_init_dirlist_pages
nfs3proc.o: changed function: nfsd3_proc_read
nfsproc.o: changed function: nfsd_proc_read
nfsproc.o: changed function: nfsd_proc_readdir
nfssvc.o: changed function: nfsd_dispatch
pipe.o: changed function: pipe_resize_ring
svc.o: changed function: nlmsvc_dispatch
[ppc64le]:
ax88179_178a.o: changed function: ax88179_rx_fixup
callback_xdr.o: changed function: nfs_callback_dispatch
nfs3proc.o: changed function: nfsd3_init_dirlist_pages
nfs3proc.o: changed function: nfsd3_proc_read
nfsproc.o: changed function: nfsd_proc_read
nfsproc.o: changed function: nfsd_proc_readdir
nfssvc.o: changed function: nfsd_dispatch
pipe.o: changed function: pipe_resize_ring
svc.o: changed function: nlmsvc_dispatch
---------------------------
Modifications: none
commit 77eddcf995483fabb6d7c81bef19dc69c697b16e
Author: Wander Lairson Costa <wander@redhat.com>
Date: Thu Dec 1 10:24:37 2022 -0300
drm/i915: fix TLB invalidation for Gen12 video and compute engines
Bugzilla: https://bugzilla.redhat.com/2148152
CVE: CVE-2022-4139
Y-Commit: 98336d51bfacb10fd4b73432beac0fe95d73bf7c
O-Bugzilla: https://bugzilla.redhat.com/2148153
O-CVE: CVE-2022-4139
commit 04aa64375f48a5d430b5550d9271f8428883e550
Author: Andrzej Hajda <andrzej.hajda@intel.com>
Date: Mon Nov 14 11:38:24 2022 +0100
drm/i915: fix TLB invalidation for Gen12 video and compute engines
In case of Gen12 video and compute engines, TLB_INV registers are masked -
to modify one bit, corresponding bit in upper half of the register must
be enabled, otherwise nothing happens.
CVE: CVE-2022-4139
Suggested-by: Chris Wilson <chris.p.wilson@intel.com>
Signed-off-by: Andrzej Hajda <andrzej.hajda@intel.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Fixes: 7938d61591d3 ("drm/i915: Flush TLBs before releasing backing store")
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Patrick Talbert <ptalbert@redhat.com>
Signed-off-by: Yannick Cote <ycote@redhat.com>
---
drivers/gpu/drm/i915/gt/intel_gt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpu/drm/i915/gt/intel_gt.c b/drivers/gpu/drm/i915/gt/intel_gt.c
index f4375479e6f0..1cb9971759d2 100644
--- a/drivers/gpu/drm/i915/gt/intel_gt.c
+++ b/drivers/gpu/drm/i915/gt/intel_gt.c
@@ -1021,6 +1021,11 @@ void intel_gt_invalidate_tlbs(struct intel_gt *gt)
if (!i915_mmio_reg_offset(rb.reg))
continue;
+ if (GRAPHICS_VER(i915) == 12 && (engine->class == VIDEO_DECODE_CLASS ||
+ engine->class == VIDEO_ENHANCEMENT_CLASS ||
+ engine->class == COMPUTE_CLASS))
+ rb.bit = _MASKED_BIT_ENABLE(rb.bit);
+
intel_uncore_write_fw(uncore, rb.reg, rb.bit);
}
--
2.39.0