]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/commit
projects / mirror_ubuntu-eoan-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1873846) | patch
UBUNTU: SAUCE: drm/i915: Disable Secure Batches for gen6+
authorJon Bloomfield <jon.bloomfield@intel.com>
Fri, 8 Jun 2018 15:53:46 +0000 (08:53 -0700)
committerStefan Bader <stefan.bader@canonical.com>
Mon, 4 Nov 2019 17:03:27 +0000 (18:03 +0100)
commit62dd0a0994f88b02c18c5b03407cef2a7b3b016d
treef2626dec3d045f4dedf2fed967f679a1290b5694tree
parent187384690c1fc7fe4712128a45eaff1842e5e45bcommit | diff
UBUNTU: SAUCE: drm/i915: Disable Secure Batches for gen6+

CVE-2019-0155

Retroactively stop reporting support for secure batches
through the api for gen6+ so that older binaries trigger
the fallback path instead.

Older binaries use secure batches pre gen6 to access resources
that are not available to normal usermode processes. However,
all known userspace explicitly checks for HAS_SECURE_BATCHES
before relying on the secure batch feature.

Since there are no known binaries relying on this for newer gens
we can kill secure batches from gen6, via I915_PARAM_HAS_SECURE_BATCHES.

v2: rebase (Mika)
v3: rebase (Mika)

Signed-off-by: Jon Bloomfield <jon.bloomfield@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
[tyhicks: Backport to 5.3
 - i915_getparam_ioctl() is in 915_drv.c]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Timo Aaltonen <tjaalton@ubuntu.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c diff | blob | blame | history
drivers/gpu/drm/i915/i915_drv.c diff | blob | blame | history
drivers/gpu/drm/i915/i915_drv.h diff | blob | blame | history
Ubuntu Eoan Linux kernel mirror