# git rev-parse -q --verify 100d46bd72ec689a5582c2f5f4deadc5bcb92d60^{commit} 100d46bd72ec689a5582c2f5f4deadc5bcb92d60 already have revision, skipping fetch # git checkout -q -f -B kisskb 100d46bd72ec689a5582c2f5f4deadc5bcb92d60 # git clean -qxdf # < git log -1 # commit 100d46bd72ec689a5582c2f5f4deadc5bcb92d60 # Merge: de620fb99ef2 ea0b163b13ff # Author: Linus Torvalds # Date: Mon Nov 11 16:27:46 2019 -0800 # # Merge Intel Gen8/Gen9 graphics fixes from Jon Bloomfield. # # This fixes two different classes of bugs in the Intel graphics hardware: # # MMIO register read hang: # "On Intels Gen8 and Gen9 Graphics hardware, a read of specific graphics # MMIO registers when the product is in certain low power states causes # a system hang. # # There are two potential triggers for DoS: # a) H/W corruption of the RC6 save/restore vector # b) Hard hang within the MIPI hardware # # This prevents the DoS in two areas of the hardware: # 1) Detect corruption of RC6 address on exit from low-power state, # and if we find it corrupted, disable RC6 and RPM # 2) Permanently lower the MIPI MMIO timeout" # # Blitter command streamer unrestricted memory accesses: # "On Intels Gen9 Graphics hardware the Blitter Command Streamer (BCS) # allows writing to Memory Mapped Input Output (MMIO) that should be # blocked. With modifications of page tables, this can lead to privilege # escalation. This exposure is limited to the Guest Physical Address # space and does not allow for access outside of the graphics virtual # machine. # # This series establishes a software parser into the Blitter command # stream to scan for, and prevent, reads or writes to MMIO's that should # not be accessible to non-privileged contexts. # # Much of the command parser infrastructure has existed for some time, # and is used on Ivybridge/Haswell/Valleyview derived products to allow # the use of features normally blocked by hardware. In this legacy # context, the command parser is employed to allow normally unprivileged # submissions to be run with elevated privileges in order to grant # access to a limited set of extra capabilities. In this mode the parser # is optional; In the event that the parser finds any construct that it # cannot properly validate (e.g. nested command buffers), it simply # aborts the scan and submits the buffer in non-privileged mode. # # For Gen9 Graphics, this series makes the parser mandatory for all # Blitter submissions. The incoming user buffer is first copied to a # kernel owned buffer, and parsed. If all checks are successful the # kernel owned buffer is mapped READ-ONLY and submitted on behalf of the # user. If any checks fail, or the parser is unable to complete the scan # (nested buffers), it is forcibly rejected. The successfully scanned # buffer is executed with NORMAL user privileges (key difference from # legacy usage). # # Modern usermode does not use the Blitter on later hardware, having # switched over to using the 3D engine instead for performance reasons. # There are however some legacy usermode apps that rely on Blitter, # notably the SNA X-Server. There are no known usermode applications # that require nested command buffers on the Blitter, so the forcible # rejection of such buffers in this patch series is considered an # acceptable limitation" # # * Intel graphics fixes in emailed bundle from Jon Bloomfield : # drm/i915/cmdparser: Fix jump whitelist clearing # drm/i915/gen8+: Add RC6 CTX corruption WA # drm/i915: Lower RM timeout to avoid DSI hard hangs # drm/i915/cmdparser: Ignore Length operands during command matching # drm/i915/cmdparser: Add support for backward jumps # drm/i915/cmdparser: Use explicit goto for error paths # drm/i915: Add gen9 BCS cmdparsing # drm/i915: Allow parsing of unsized batches # drm/i915: Support ro ppgtt mapped cmdparser shadow buffers # drm/i915: Add support for mandatory cmdparsing # drm/i915: Remove Master tables from cmdparser # drm/i915: Disable Secure Batches for gen6+ # drm/i915: Rename gen7 cmdparser tables # < /opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux-gcc --version # < /opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux-ld --version # < git log --format=%s --max-count=1 100d46bd72ec689a5582c2f5f4deadc5bcb92d60 # < make -s -j 48 ARCH=um O=/kisskb/build/linus_um-allyesconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux- SUBARCH=x86_64 allyesconfig # Added to kconfig CONFIG_STANDALONE=y # Added to kconfig CONFIG_KCOV=n # Added to kconfig CONFIG_GCC_PLUGINS=n # Added to kconfig CONFIG_GCC_PLUGIN_CYC_COMPLEXITY=n # Added to kconfig CONFIG_GCC_PLUGIN_SANCOV=n # Added to kconfig CONFIG_GCC_PLUGIN_LATENT_ENTROPY=n # Added to kconfig CONFIG_GCC_PLUGIN_STRUCTLEAK=n # Added to kconfig CONFIG_GCC_PLUGIN_RANDSTRUCT=n # Added to kconfig CONFIG_UML_NET=n # Added to kconfig CONFIG_UML_NET_ETHERTAP=n # Added to kconfig CONFIG_UML_NET_TUNTAP=n # Added to kconfig CONFIG_UML_NET_SLIP=n # Added to kconfig CONFIG_UML_NET_DAEMON=n # Added to kconfig CONFIG_UML_NET_VDE=n # Added to kconfig CONFIG_UML_NET_MCAST=n # Added to kconfig CONFIG_UML_NET_PCAP=n # Added to kconfig CONFIG_UML_NET_SLIRP=n # Added to kconfig CONFIG_GCOV_KERNEL=n # yes \n | make -s -j 48 ARCH=um O=/kisskb/build/linus_um-allyesconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux- SUBARCH=x86_64 oldconfig yes: standard output: Broken pipe # make -s -j 48 ARCH=um O=/kisskb/build/linus_um-allyesconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux- SUBARCH=x86_64 /kisskb/src/arch/um/os-Linux/signal.c: In function 'sig_handler_common': /kisskb/src/arch/um/os-Linux/signal.c:51:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] } ^ /kisskb/src/arch/um/os-Linux/signal.c: In function 'timer_real_alarm_handler': /kisskb/src/arch/um/os-Linux/signal.c:95:1: warning: the frame size of 2960 bytes is larger than 2048 bytes [-Wframe-larger-than=] } ^ /kisskb/src/security/apparmor/policy_unpack.c: In function 'unpack_profile': /kisskb/src/security/apparmor/policy_unpack.c:523:9: warning: 'pos' may be used uninitialized in this function [-Wmaybe-uninitialized] str[pos] = ':'; ^ /kisskb/src/security/apparmor/policy_unpack.c:494:14: note: 'pos' was declared here int c, j, pos, size2 = unpack_strdup(e, &str, NULL); ^ /kisskb/src/lib/lz4/lz4hc_compress.c: In function 'LZ4HC_compress_generic': /kisskb/src/lib/lz4/lz4hc_compress.c:579:1: warning: the frame size of 2144 bytes is larger than 2048 bytes [-Wframe-larger-than=] } ^ /kisskb/src/drivers/misc/lkdtm/bugs.c: In function 'lkdtm_UNSET_SMEP': /kisskb/src/drivers/misc/lkdtm/bugs.c:284:8: error: implicit declaration of function 'native_read_cr4' [-Werror=implicit-function-declaration] cr4 = native_read_cr4(); ^ /kisskb/src/drivers/misc/lkdtm/bugs.c:286:13: error: 'X86_CR4_SMEP' undeclared (first use in this function) if ((cr4 & X86_CR4_SMEP) != X86_CR4_SMEP) { ^ /kisskb/src/drivers/misc/lkdtm/bugs.c:286:13: note: each undeclared identifier is reported only once for each function it appears in /kisskb/src/drivers/misc/lkdtm/bugs.c:293:2: error: implicit declaration of function 'native_write_cr4' [-Werror=implicit-function-declaration] native_write_cr4(cr4); ^ cc1: some warnings being treated as errors make[4]: *** [/kisskb/src/scripts/Makefile.build:266: drivers/misc/lkdtm/bugs.o] Error 1 make[3]: *** [/kisskb/src/scripts/Makefile.build:509: drivers/misc/lkdtm] Error 2 make[2]: *** [/kisskb/src/scripts/Makefile.build:509: drivers/misc] Error 2 make[2]: *** Waiting for unfinished jobs.... make[1]: *** [/kisskb/src/Makefile:1649: drivers] Error 2 make[1]: *** Waiting for unfinished jobs.... make: *** [Makefile:179: sub-make] Error 2 Command 'make -s -j 48 ARCH=um O=/kisskb/build/linus_um-allyesconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux- SUBARCH=x86_64 ' returned non-zero exit status 2 # rm -rf /kisskb/build/linus_um-allyesconfig_um-x86_64 # Build took: 0:05:24.596393