New vulnerability: CVE-2019-14615 / INTEL-SA-00314

[johnnyapol]

"Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access."

Intel Security Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2019-14615

[speed47]

Thanks for the notice.
This CVE is part of the now-monthly batch of Intel CVEs, and this one is about the GPU part of the Intel CPU. As the fix is simply to update the driver, I wont implement it in spectre-meltdown-checker.
Leaving this open and tagged as "information". For reference, the below commit is the fix.

:

commit 53b9bd37af59d1def99b20707536105857eb9bd0
Author: Akeem G Abodunrin <[email protected]>
Date:   Wed Jan 8 09:34:16 2020 -0800

    drm/i915/gen9: Clear residual context state on context switch

    commit bc8a76a152c5f9ef3b48104154a65a68a8b76946 upstream.

    Intel ID: PSIRT-TA-201910-001
    CVEID: CVE-2019-14615

    Intel GPU Hardware prior to Gen11 does not clear EU state
    during a context switch. This can result in information
    leakage between contexts.

    For Gen8 and Gen9, hardware provides a mechanism for
    fast cleardown of the EU state, by issuing a PIPE_CONTROL
    with bit 27 set. We can use this in a context batch buffer
    to explicitly cleardown the state on every context switch.

    As this workaround is already in place for gen8, we can borrow
    the code verbatim for Gen9.

    Signed-off-by: Mika Kuoppala <[email protected]>
    Signed-off-by: Akeem G Abodunrin <[email protected]>
    Cc: Kumar Valsan Prathap <[email protected]>
    Cc: Chris Wilson <[email protected]>
    Cc: Balestrieri Francesco <[email protected]>
    Cc: Bloomfield Jon <[email protected]>
    Cc: Dutt Sudeep <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

diff --git a/drivers/gpu/drm/i915/gt/intel_lrc.c b/drivers/gpu/drm/i915/gt/intel_lrc.c
index 1ba31969c7d2..4949b5ad860f 100644
--- a/drivers/gpu/drm/i915/gt/intel_lrc.c
+++ b/drivers/gpu/drm/i915/gt/intel_lrc.c
@@ -2132,6 +2132,14 @@ static u32 *gen9_init_indirectctx_bb(struct intel_engine_cs *engine, u32 *batch)
        /* WaFlushCoherentL3CacheLinesAtContextSwitch:skl,bxt,glk */
        batch = gen8_emit_flush_coherentl3_wa(engine, batch);

+       /* WaClearSlmSpaceAtContextSwitch:skl,bxt,kbl,glk,cfl */
+       batch = gen8_emit_pipe_control(batch,
+                                      PIPE_CONTROL_FLUSH_L3 |
+                                      PIPE_CONTROL_GLOBAL_GTT_IVB |
+                                      PIPE_CONTROL_CS_STALL |
+                                      PIPE_CONTROL_QW_WRITE,
+                                      slm_offset(engine));
+
        batch = emit_lri(batch, lri, ARRAY_SIZE(lri));

        /* WaMediaPoolStateCmdInWABB:bxt,glk */