From 23b83d20ee925f9c6fd81e24e56081f35fec4c7c Mon Sep 17 00:00:00 2001

From: Yannick Cote <ycote@redhat.com>

Date: Mon, 12 Dec 2022 18:57:27 -0500

Subject: [KPATCH CVE-2022-4139] kpatch fixes for CVE-2022-4139

Kernels:

5.14.0-162.6.1.el9_1

Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-9/-/merge_requests/13

Approved-by: Joe Lawrence (@joe.lawrence)

Changes since last build:

[x86_64]:

ax88179_178a.o: changed function: ax88179_rx_fixup

callback_xdr.o: changed function: nfs_callback_dispatch

intel_gt.o: changed function: intel_gt_invalidate_tlbs

nfs3proc.o: changed function: nfsd3_init_dirlist_pages

nfs3proc.o: changed function: nfsd3_proc_read

nfsproc.o: changed function: nfsd_proc_read

nfsproc.o: changed function: nfsd_proc_readdir

nfssvc.o: changed function: nfsd_dispatch

pipe.o: changed function: pipe_resize_ring

svc.o: changed function: nlmsvc_dispatch

[ppc64le]:

ax88179_178a.o: changed function: ax88179_rx_fixup

callback_xdr.o: changed function: nfs_callback_dispatch

nfs3proc.o: changed function: nfsd3_init_dirlist_pages

nfs3proc.o: changed function: nfsd3_proc_read

nfsproc.o: changed function: nfsd_proc_read

nfsproc.o: changed function: nfsd_proc_readdir

nfssvc.o: changed function: nfsd_dispatch

pipe.o: changed function: pipe_resize_ring

svc.o: changed function: nlmsvc_dispatch

---------------------------

Modifications: none

commit 77eddcf995483fabb6d7c81bef19dc69c697b16e

Author: Wander Lairson Costa <wander@redhat.com>

Date:   Thu Dec 1 10:24:37 2022 -0300

    drm/i915: fix TLB invalidation for Gen12 video and compute engines

    Bugzilla: https://bugzilla.redhat.com/2148152

    CVE: CVE-2022-4139

    Y-Commit: 98336d51bfacb10fd4b73432beac0fe95d73bf7c

    O-Bugzilla: https://bugzilla.redhat.com/2148153

    O-CVE: CVE-2022-4139

    commit 04aa64375f48a5d430b5550d9271f8428883e550

    Author: Andrzej Hajda <andrzej.hajda@intel.com>

    Date:   Mon Nov 14 11:38:24 2022 +0100

        drm/i915: fix TLB invalidation for Gen12 video and compute engines

        In case of Gen12 video and compute engines, TLB_INV registers are masked -

        to modify one bit, corresponding bit in upper half of the register must

        be enabled, otherwise nothing happens.

        CVE: CVE-2022-4139

        Suggested-by: Chris Wilson <chris.p.wilson@intel.com>

        Signed-off-by: Andrzej Hajda <andrzej.hajda@intel.com>

        Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>

        Fixes: 7938d61591d3 ("drm/i915: Flush TLBs before releasing backing store")

        Cc: stable@vger.kernel.org

        Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

    Signed-off-by: Wander Lairson Costa <wander@redhat.com>

    Signed-off-by: Patrick Talbert <ptalbert@redhat.com>

Signed-off-by: Yannick Cote <ycote@redhat.com>

---

 drivers/gpu/drm/i915/gt/intel_gt.c | 5 +++++

 1 file changed, 5 insertions(+)

diff --git a/drivers/gpu/drm/i915/gt/intel_gt.c b/drivers/gpu/drm/i915/gt/intel_gt.c

index f4375479e6f0..1cb9971759d2 100644

--- a/drivers/gpu/drm/i915/gt/intel_gt.c

+++ b/drivers/gpu/drm/i915/gt/intel_gt.c

@@ -1021,6 +1021,11 @@ void intel_gt_invalidate_tlbs(struct intel_gt *gt)

 		if (!i915_mmio_reg_offset(rb.reg))

 			continue;

+		if (GRAPHICS_VER(i915) == 12 && (engine->class == VIDEO_DECODE_CLASS ||

+		    engine->class == VIDEO_ENHANCEMENT_CLASS ||

+		    engine->class == COMPUTE_CLASS))

+			rb.bit = _MASKED_BIT_ENABLE(rb.bit);

+

 		intel_uncore_write_fw(uncore, rb.reg, rb.bit);

 	}

-- 

2.39.0