From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29B07364E96 for ; Thu, 16 Apr 2026 05:19:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.19 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776316802; cv=none; b=dOxQHGPUBto2Z5CDgR+cSH/mmlqDE8jJ2QPAtzAxavy4cDFQzNYby208qGCJNHuxMq48Oe0My+/+qTb5H9ITYzccRkyRIstgyCWZcOCz5v34VclxCXNsZYEaRMo7t4TntQSFl7DuZs29LQ85BtwMiABJqTatigqon+aEv07Npx0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776316802; c=relaxed/simple; bh=elGYqx/Z14BeFhPGLadiUyA/IPF5DhUfqybOP7FGtb4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=PP8i55hSFUM7RinpST08VgGkDHV4/qHLwfbXp5TXE1xElaOZqMr3nsFSaOAO7Relxo6IMrzt++usQR6WJQhXxtE4Qd5WVj0SqbWZ6zCcIOKOY1QZ9kRGT/qUB4WmgPt8/O+yjCKj69p+ij2xfVJsKsS0nwcJG+vW5Y7kUPkbgN8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Va+aeXMr; arc=none smtp.client-ip=198.175.65.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Va+aeXMr" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1776316800; x=1807852800; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=elGYqx/Z14BeFhPGLadiUyA/IPF5DhUfqybOP7FGtb4=; b=Va+aeXMrLZ04WsoTaPZfNfkPxpoKsblN4wmUzSb11vLBkeMuseh3Fgke 1IICWDtl6S2sdU68l31PaT+pAxZ07EOPsr0eUtad0l1XFFzLo9xHcmIlF wImN77usFNhoJIHoQh9gsVlHtN024LKuxrsrnKuMcFloQ3dmk1Q6a/NAn g1SXB071SSa3pnM/70h80IVbSxmnOMtsuIlbLsqWx1N4AdvXBnJbYJTpc T9EPFKtusq4td6B3ZXmIkSBw1OXwjYU3I33QJ+Fubbhr0KoPyqBdmwAn1 OB8DfkvPF3p3PvEpUs9cd7JnNTcGOneFqsHut9BrXhj9B7Xa+braSec3a Q==; X-CSE-ConnectionGUID: 5pJkRrYSSNKGQFL4/7iUaA== X-CSE-MsgGUID: hfQFSMYyT0iGxP/dMaZnwA== X-IronPort-AV: E=McAfee;i="6800,10657,11760"; a="77213044" X-IronPort-AV: E=Sophos;i="6.23,181,1770624000"; d="scan'208";a="77213044" Received: from fmviesa008.fm.intel.com ([10.60.135.148]) by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Apr 2026 22:20:00 -0700 X-CSE-ConnectionGUID: qK63HcOuRXyR19i4o7dcbw== X-CSE-MsgGUID: kqUI+3ipQ+GwjSPe8A/Z5Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,181,1770624000"; d="scan'208";a="227963720" Received: from dut6094bmgfrd.fm.intel.com ([10.80.55.31]) by fmviesa008.fm.intel.com with ESMTP; 15 Apr 2026 22:19:59 -0700 From: Jia Yao To: intel-xe@lists.freedesktop.org Cc: Jia Yao , stable@vger.kernel.org, Shuicheng Lin , Mathew Alwin , Michal Mrozek , Matthew Brost , Matthew Auld Subject: [PATCH v8 0/2] drm/xe: Reject unsafe PAT indices for CPU cached memory Date: Thu, 16 Apr 2026 05:19:55 +0000 Message-ID: <20260416051957.651337-1-jia.yao@intel.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This series strengthens PAT index validation to reject unsafe configurations for CPU cached memory, preventing cases where the GPU may bypass CPU caches and observe stale or sensitive data. Patch 1 enforces PAT validation for the madvise ioctl path, ensuring XE_COH_NONE cannot be used on CPU cached buffers, including CPU address mirror and userptr-backed memory. Patch 2 applies the same validation to vm_bind, treating DRM_XE_VM_BIND_FLAG_CPU_ADDR_MIRROR the same as MAP_USERPTR with respect to permissible PAT indices. Together, these patches close a security gap affecting CPU cached memory access when incoherent PAT values are used. v9: - Limit the restrictions to iGPU Changes since v7: - Rebased onto latest drm/xe tree, no functional changes. Changes since v6: - Corrected Fixes tags. Fixes: ada7486c5668 ("drm/xe: Implement madvise ioctl for xe") Fixes: b43e864af0d4 ("drm/xe/uapi: Add DRM_XE_VM_BIND_FLAG_CPU_ADDR_MIRROR") Cc: stable@vger.kernel.org # v6.18 Cc: Shuicheng Lin Cc: Mathew Alwin Cc: Michal Mrozek Cc: Matthew Brost Cc: Matthew Auld Jia Yao (2): drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise drm/xe: Reject coh_none PAT index for CPU_ADDR_MIRROR drivers/gpu/drm/xe/xe_vm.c | 2 +- drivers/gpu/drm/xe/xe_vm_madvise.c | 45 ++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) -- 2.43.0