From 23b83d20ee925f9c6fd81e24e56081f35fec4c7c Mon Sep 17 00:00:00 2001
From: Yannick Cote <ycote@redhat.com>
Date: Mon, 12 Dec 2022 18:57:27 -0500
Subject: [KPATCH CVE-2022-4139] kpatch fixes for CVE-2022-4139

Kernels:
5.14.0-162.6.1.el9_1


Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-9/-/merge_requests/13
Approved-by: Joe Lawrence (@joe.lawrence)
Changes since last build:
[x86_64]:
ax88179_178a.o: changed function: ax88179_rx_fixup
callback_xdr.o: changed function: nfs_callback_dispatch
intel_gt.o: changed function: intel_gt_invalidate_tlbs
nfs3proc.o: changed function: nfsd3_init_dirlist_pages
nfs3proc.o: changed function: nfsd3_proc_read
nfsproc.o: changed function: nfsd_proc_read
nfsproc.o: changed function: nfsd_proc_readdir
nfssvc.o: changed function: nfsd_dispatch
pipe.o: changed function: pipe_resize_ring
svc.o: changed function: nlmsvc_dispatch

[ppc64le]:
ax88179_178a.o: changed function: ax88179_rx_fixup
callback_xdr.o: changed function: nfs_callback_dispatch
nfs3proc.o: changed function: nfsd3_init_dirlist_pages
nfs3proc.o: changed function: nfsd3_proc_read
nfsproc.o: changed function: nfsd_proc_read
nfsproc.o: changed function: nfsd_proc_readdir
nfssvc.o: changed function: nfsd_dispatch
pipe.o: changed function: pipe_resize_ring
svc.o: changed function: nlmsvc_dispatch

---------------------------

Modifications: none

commit 77eddcf995483fabb6d7c81bef19dc69c697b16e
Author: Wander Lairson Costa <wander@redhat.com>
Date:   Thu Dec 1 10:24:37 2022 -0300

    drm/i915: fix TLB invalidation for Gen12 video and compute engines

    Bugzilla: https://bugzilla.redhat.com/2148152
    CVE: CVE-2022-4139
    Y-Commit: 98336d51bfacb10fd4b73432beac0fe95d73bf7c

    O-Bugzilla: https://bugzilla.redhat.com/2148153
    O-CVE: CVE-2022-4139

    commit 04aa64375f48a5d430b5550d9271f8428883e550
    Author: Andrzej Hajda <andrzej.hajda@intel.com>
    Date:   Mon Nov 14 11:38:24 2022 +0100

        drm/i915: fix TLB invalidation for Gen12 video and compute engines

        In case of Gen12 video and compute engines, TLB_INV registers are masked -
        to modify one bit, corresponding bit in upper half of the register must
        be enabled, otherwise nothing happens.

        CVE: CVE-2022-4139
        Suggested-by: Chris Wilson <chris.p.wilson@intel.com>
        Signed-off-by: Andrzej Hajda <andrzej.hajda@intel.com>
        Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
        Fixes: 7938d61591d3 ("drm/i915: Flush TLBs before releasing backing store")
        Cc: stable@vger.kernel.org
        Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

    Signed-off-by: Wander Lairson Costa <wander@redhat.com>
    Signed-off-by: Patrick Talbert <ptalbert@redhat.com>

Signed-off-by: Yannick Cote <ycote@redhat.com>
---
 drivers/gpu/drm/i915/gt/intel_gt.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/gpu/drm/i915/gt/intel_gt.c b/drivers/gpu/drm/i915/gt/intel_gt.c
index f4375479e6f0..1cb9971759d2 100644
--- a/drivers/gpu/drm/i915/gt/intel_gt.c
+++ b/drivers/gpu/drm/i915/gt/intel_gt.c
@@ -1021,6 +1021,11 @@ void intel_gt_invalidate_tlbs(struct intel_gt *gt)
 		if (!i915_mmio_reg_offset(rb.reg))
 			continue;
 
+		if (GRAPHICS_VER(i915) == 12 && (engine->class == VIDEO_DECODE_CLASS ||
+		    engine->class == VIDEO_ENHANCEMENT_CLASS ||
+		    engine->class == COMPUTE_CLASS))
+			rb.bit = _MASKED_BIT_ENABLE(rb.bit);
+
 		intel_uncore_write_fw(uncore, rb.reg, rb.bit);
 	}
 
-- 
2.39.0