drm/i915/gen9: Clear residual context state on context switch

commit bc8a76a152c5f9ef3b48104154a65a68a8b76946 upstream.

Intel ID: PSIRT-TA-201910-001
CVEID: CVE-2019-14615

Intel GPU Hardware prior to Gen11 does not clear EU state
during a context switch. This can result in information
leakage between contexts.

For Gen8 and Gen9, hardware provides a mechanism for
fast cleardown of the EU state, by issuing a PIPE_CONTROL
with bit 27 set. We can use this in a context batch buffer
to explicitly cleardown the state on every context switch.

As this workaround is already in place for gen8, we can borrow
the code verbatim for Gen9.

Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
Cc: Kumar Valsan Prathap <prathap.kumar.valsan@intel.com>
Cc: Chris Wilson <chris.p.wilson@intel.com>
Cc: Balestrieri Francesco <francesco.balestrieri@intel.com>
Cc: Bloomfield Jon <jon.bloomfield@intel.com>
Cc: Dutt Sudeep <sudeep.dutt@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c
index 62bcc770a18109264b3a0fc7958b4630b64de1ee..b935d62be91804e3521ca2752f9d04f1988a0a5c 100644 (file)
--- a/drivers/gpu/drm/i915/intel_lrc.c
+++ b/drivers/gpu/drm/i915/intel_lrc.c
@@ -1017,6 +1017,8 @@ static int gen9_init_indirectctx_bb(struct intel_engine_cs *engine,
        int ret;
        struct drm_i915_private *dev_priv = engine->i915;
        uint32_t index = wa_ctx_start(wa_ctx, *offset, CACHELINE_DWORDS);
+       u32 scratch_addr =
+                       i915_ggtt_offset(engine->scratch) + 2 * CACHELINE_BYTES;
 
        /* WaDisableCtxRestoreArbitration:skl,bxt */
        if (IS_SKL_REVID(dev_priv, 0, SKL_REVID_D0) ||
@@ -1036,22 +1038,17 @@ static int gen9_init_indirectctx_bb(struct intel_engine_cs *engine,
                            GEN9_DISABLE_GATHER_AT_SET_SHADER_COMMON_SLICE));
        wa_ctx_emit(batch, index, MI_NOOP);
 
-       /* WaClearSlmSpaceAtContextSwitch:kbl */
+       /* WaClearSlmSpaceAtContextSwitch:skl,bxt,kbl,glk,cfl */
        /* Actual scratch location is at 128 bytes offset */
-       if (IS_KBL_REVID(dev_priv, 0, KBL_REVID_A0)) {
-               u32 scratch_addr =
-                       i915_ggtt_offset(engine->scratch) + 2 * CACHELINE_BYTES;
-
-               wa_ctx_emit(batch, index, GFX_OP_PIPE_CONTROL(6));
-               wa_ctx_emit(batch, index, (PIPE_CONTROL_FLUSH_L3 |
-                                          PIPE_CONTROL_GLOBAL_GTT_IVB |
-                                          PIPE_CONTROL_CS_STALL |
-                                          PIPE_CONTROL_QW_WRITE));
-               wa_ctx_emit(batch, index, scratch_addr);
-               wa_ctx_emit(batch, index, 0);
-               wa_ctx_emit(batch, index, 0);
-               wa_ctx_emit(batch, index, 0);
-       }
+       wa_ctx_emit(batch, index, GFX_OP_PIPE_CONTROL(6));
+       wa_ctx_emit(batch, index, (PIPE_CONTROL_FLUSH_L3 |
+                                  PIPE_CONTROL_GLOBAL_GTT_IVB |
+                                  PIPE_CONTROL_CS_STALL |
+                                  PIPE_CONTROL_QW_WRITE));
+       wa_ctx_emit(batch, index, scratch_addr);
+       wa_ctx_emit(batch, index, 0);
+       wa_ctx_emit(batch, index, 0);
+       wa_ctx_emit(batch, index, 0);
 
        /* WaMediaPoolStateCmdInWABB:bxt */
        if (HAS_POOLED_EU(engine->i915)) {