drm/i915/gen9: Clear residual context state on context switch

Intel GPU Hardware prior to Gen11 does not clear EU state
during a context switch. This can result in information
leakage between contexts.

For Gen8 and Gen9, hardware provides a mechanism for
fast cleardown of the EU state, by issuing a PIPE_CONTROL
with bit 27 set. We can use this in a context batch buffer
to explicitly cleardown the state on every context switch.

As this workaround is already in place for gen8, we can borrow
the code verbatim for Gen9.

Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
CVE-2019-14615

(backported from commit bc8a76a152c5f9ef3b48104154a65a68a8b76946)
[tyhicks: Backport to 4.15:
 - Use (i915_scratch_offset(engine->i915) + 2 * CACHELINE_BYTES) in
   place of LRC_PPHWSP_SCRATCH_ADDR and PIPE_CONTROL_GLOBAL_GTT_IVB in
   place of PIPE_CONTROL_STORE_DATA_INDEX since we're missing commit
   e1237523749e ("drm/i915/execlists: Use per-process HWSP as scratch")
 - Context adjustment in gen9_init_indirectctx_bb() due to missing
   commit 5ee4a7a6db8e ("drm/i915/execlists: Pull the w/a LRI emission
   into a helper")
 - Replace the existing WaClearSlmSpaceAtContextSwitch that was being
   used for pre-production Kaby Lake]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Acked-by: Connor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>

diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c
index e696f5dd1f14561644b745f80469bad03e9524bc..be4e7dbe89283d863e71fe97b1f4d89c0604616b 100644 (file)
--- a/drivers/gpu/drm/i915/intel_lrc.c
+++ b/drivers/gpu/drm/i915/intel_lrc.c
@@ -1311,17 +1311,14 @@ static u32 *gen9_init_indirectctx_bb(struct intel_engine_cs *engine, u32 *batch)
 
        *batch++ = MI_NOOP;
 
-       /* WaClearSlmSpaceAtContextSwitch:kbl */
-       /* Actual scratch location is at 128 bytes offset */
-       if (IS_KBL_REVID(engine->i915, 0, KBL_REVID_A0)) {
-               batch = gen8_emit_pipe_control(batch,
-                                              PIPE_CONTROL_FLUSH_L3 |
-                                              PIPE_CONTROL_GLOBAL_GTT_IVB |
-                                              PIPE_CONTROL_CS_STALL |
-                                              PIPE_CONTROL_QW_WRITE,
-                                              i915_ggtt_offset(engine->scratch)
-                                              + 2 * CACHELINE_BYTES);
-       }
+       /* WaClearSlmSpaceAtContextSwitch:skl,bxt,kbl,glk,cfl */
+       batch = gen8_emit_pipe_control(batch,
+                                      PIPE_CONTROL_FLUSH_L3 |
+                                      PIPE_CONTROL_GLOBAL_GTT_IVB |
+                                      PIPE_CONTROL_CS_STALL |
+                                      PIPE_CONTROL_QW_WRITE,
+                                      i915_ggtt_offset(engine->scratch) +
+                                      2 * CACHELINE_BYTES);
 
        /* WaMediaPoolStateCmdInWABB:bxt,glk */
        if (HAS_POOLED_EU(engine->i915)) {