94 lines
3.3 KiB
Diff
94 lines
3.3 KiB
Diff
From: Jon Bloomfield <jon.bloomfield@intel.com>
|
|
Date: Fri, 8 Jun 2018 08:53:46 -0700
|
|
Subject: drm/i915: Disable Secure Batches for gen6+
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-0155
|
|
|
|
commit 44157641d448cbc0c4b73c5231d2b911f0cb0427 upstream.
|
|
|
|
Retroactively stop reporting support for secure batches
|
|
through the api for gen6+ so that older binaries trigger
|
|
the fallback path instead.
|
|
|
|
Older binaries use secure batches pre gen6 to access resources
|
|
that are not available to normal usermode processes. However,
|
|
all known userspace explicitly checks for HAS_SECURE_BATCHES
|
|
before relying on the secure batch feature.
|
|
|
|
Since there are no known binaries relying on this for newer gens
|
|
we can kill secure batches from gen6, via I915_PARAM_HAS_SECURE_BATCHES.
|
|
|
|
v2: rebase (Mika)
|
|
v3: rebase (Mika)
|
|
|
|
Signed-off-by: Jon Bloomfield <jon.bloomfield@intel.com>
|
|
Cc: Tony Luck <tony.luck@intel.com>
|
|
Cc: Dave Airlie <airlied@redhat.com>
|
|
Cc: Takashi Iwai <tiwai@suse.de>
|
|
Cc: Tyler Hicks <tyhicks@canonical.com>
|
|
Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
|
|
Reviewed-by: Chris Wilson <chris.p.wilson@intel.com>
|
|
---
|
|
drivers/gpu/drm/i915/i915_drv.c | 2 +-
|
|
drivers/gpu/drm/i915/i915_drv.h | 2 ++
|
|
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 12 ++++++++++--
|
|
3 files changed, 13 insertions(+), 3 deletions(-)
|
|
|
|
--- a/drivers/gpu/drm/i915/i915_drv.c
|
|
+++ b/drivers/gpu/drm/i915/i915_drv.c
|
|
@@ -351,7 +351,7 @@ static int i915_getparam_ioctl(struct dr
|
|
value = HAS_LEGACY_SEMAPHORES(dev_priv);
|
|
break;
|
|
case I915_PARAM_HAS_SECURE_BATCHES:
|
|
- value = capable(CAP_SYS_ADMIN);
|
|
+ value = HAS_SECURE_BATCHES(dev_priv) && capable(CAP_SYS_ADMIN);
|
|
break;
|
|
case I915_PARAM_CMD_PARSER_VERSION:
|
|
value = i915_cmd_parser_get_version(dev_priv);
|
|
--- a/drivers/gpu/drm/i915/i915_drv.h
|
|
+++ b/drivers/gpu/drm/i915/i915_drv.h
|
|
@@ -2517,6 +2517,8 @@ intel_info(const struct drm_i915_private
|
|
|
|
#define HAS_LEGACY_SEMAPHORES(dev_priv) IS_GEN7(dev_priv)
|
|
|
|
+#define HAS_SECURE_BATCHES(dev_priv) (INTEL_GEN(dev_priv) < 6)
|
|
+
|
|
#define HAS_LLC(dev_priv) ((dev_priv)->info.has_llc)
|
|
#define HAS_SNOOP(dev_priv) ((dev_priv)->info.has_snoop)
|
|
#define HAS_EDRAM(dev_priv) (!!((dev_priv)->edram_cap & EDRAM_ENABLED))
|
|
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
|
|
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
|
|
@@ -2177,6 +2177,7 @@ i915_gem_do_execbuffer(struct drm_device
|
|
struct drm_i915_gem_exec_object2 *exec,
|
|
struct drm_syncobj **fences)
|
|
{
|
|
+ struct drm_i915_private *i915 = to_i915(dev);
|
|
struct i915_execbuffer eb;
|
|
struct dma_fence *in_fence = NULL;
|
|
struct sync_file *out_fence = NULL;
|
|
@@ -2187,7 +2188,7 @@ i915_gem_do_execbuffer(struct drm_device
|
|
BUILD_BUG_ON(__EXEC_OBJECT_INTERNAL_FLAGS &
|
|
~__EXEC_OBJECT_UNKNOWN_FLAGS);
|
|
|
|
- eb.i915 = to_i915(dev);
|
|
+ eb.i915 = i915;
|
|
eb.file = file;
|
|
eb.args = args;
|
|
if (DBG_FORCE_RELOC || !(args->flags & I915_EXEC_NO_RELOC))
|
|
@@ -2209,8 +2210,15 @@ i915_gem_do_execbuffer(struct drm_device
|
|
|
|
eb.batch_flags = 0;
|
|
if (args->flags & I915_EXEC_SECURE) {
|
|
+ if (INTEL_GEN(i915) >= 11)
|
|
+ return -ENODEV;
|
|
+
|
|
+ /* Return -EPERM to trigger fallback code on old binaries. */
|
|
+ if (!HAS_SECURE_BATCHES(i915))
|
|
+ return -EPERM;
|
|
+
|
|
if (!drm_is_current_master(file) || !capable(CAP_SYS_ADMIN))
|
|
- return -EPERM;
|
|
+ return -EPERM;
|
|
|
|
eb.batch_flags |= I915_DISPATCH_SECURE;
|
|
}
|