From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74D04C43381 for ; Mon, 1 Apr 2019 17:09:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4569521924 for ; Mon, 1 Apr 2019 17:09:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1554138590; bh=mY/HMRPAFU1ZNO58Pu02+ULGdtdLiQA4aC5tAel4x6Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=MFaBQcNQctGmk85f0onB0wp61Sqhnp+PohKF59oc51UAes6wt6+jXVzAe2g0AcnXQ mKiU6aMxqx06xv0jbhZnNi9pXrpO9mNXf57W5/acMNIL2hgTC+g80dcxCJN06GmP/q LUDbz8Q2cX4hZgFY5ArsWhhWjcF39xxATKuxPuXw= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729847AbfDARJt (ORCPT ); Mon, 1 Apr 2019 13:09:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:56900 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729025AbfDARJp (ORCPT ); Mon, 1 Apr 2019 13:09:45 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4770321924; Mon, 1 Apr 2019 17:09:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1554138584; bh=mY/HMRPAFU1ZNO58Pu02+ULGdtdLiQA4aC5tAel4x6Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vI3zK0MubBcWKWyNJgQnM09s7q4CZjLRZpIK1xaBYpwpOuvrP9iaBLJquSM/nU7Wt nuFU9P+V3N+amomUVvBg6YSKp5LuaS+AsO5T+J6X/z5wrwnwprOP0JQq0JQWRQuX91 ZchDA67rAFGxnOW4hTX0DaLrzuC0tCkz7vz86H4U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Zhao, Yan Y" , Zhenyu Wang Subject: [PATCH 5.0 109/146] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check Date: Mon, 1 Apr 2019 19:02:01 +0200 Message-Id: <20190401170057.766937322@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190401170048.449559024@linuxfoundation.org> References: <20190401170048.449559024@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 5.0-stable review patch. If anyone has any objections, please let me know. ------------------ From: Zhenyu Wang commit 13bcb80b7ee79431fce361e060611134cb19e209 upstream. When MI_FLUSH_DW post write hw status page in index mode, the index value is in dword step and turned into address offset in cmd dword1. As status page size is 4K, so can't exceed that. This fixed upper bound check in cmd parser code which incorrectly stopped VM for reason of invalid MI_FLUSH_DW write index. v2: - Fix upper bound as 4K page size because index value is address offset. Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner") Cc: stable@vger.kernel.org # v4.10+ Cc: "Zhao, Yan Y" Reviewed-by: Yan Zhao Signed-off-by: Zhenyu Wang Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c @@ -1446,7 +1446,7 @@ static inline int cmd_address_audit(stru } if (index_mode) { - if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) { + if (guest_gma >= I915_GTT_PAGE_SIZE) { ret = -EFAULT; goto err; }