search

FreeBSDDesktop / kms-drm

the DRM part of the linuxkpi-based KMS
63 stars 26 forks source link

INTEL-SA-00242 and INTEL-SA-00260 updates (drm-v4.16-fbsd12.0) #188

Closed d-scott-phillips closed 4 years ago

d-scott-phillips commented 4 years ago

As part of IPU 2019.2[1], INTEL-SA-00242[2] advises that insufficient access control may allow an authenticated user to potentially enable escalation of privilege via local access. INTEL-SA-00260[3] advises that insufficient access control may allow an authenticated user to potentially enable denial of service via local access. These patches along with system firmware updates mitigate the issue.

[1] https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu [2] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html [3] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html

zeising commented 4 years ago

Hi! Where is the code originally from? The reason I ask is that perhaps it should be imported another way, if it comes from upstream. @johalun knows more. Can it be prepared for the other branches, drm-v4.16 and drm-v5.0 as well? How has it been tested on FreeBSD?

d-scott-phillips commented 4 years ago

All these patches are picked from https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch linux-4.19.y

The patches are present on these stable branches: linux-5.3.y linux-4.19.y linux-4.14.y linux-4.9.y linux-4.4.y

Let me know if you have other automation or something to pick the patches. Otherwise I'm working on porting them to drm-v5.0 next

zeising commented 4 years ago

Since we're not tracking any of those branches (to my knowledge), it might be best to just merge this. I want @johalun to have a chance to chime in though, since he knows the code and port best.

johalun commented 4 years ago

Thanks for patches! Our 4.16 branches are currently Linux stable 4.16.18. 5.0 branches are Linux master 5.0.

The patching/updating process is a manual one using git format-patch and git am over minor version steps. I'd really appreciate it if you create PRs like this.

johalun commented 4 years ago

How are these tested, compiled? run?

d-scott-phillips commented 4 years ago

How are these tested, compiled? run?

The patch sets I've submitted here have been lightly validated by me, just running on a few laptops and checking that X works and suspend/resume works.

zeising commented 4 years ago

Is this applicable for drm-v4.11 branch as well? I know it's an old branch, with an old version, but it's still in use on FreeBSD 11.3

zeising commented 4 years ago

Do we need to update GPU firmwares as well?