Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp483874yba; Mon, 1 Apr 2019 10:12:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqw6ZkM4BUGVJ1pvjfOMy0XRJJ4X8H2g6PqLLGaU+hcCZxziPiSnT+wCkVMU9OwCnyhqKnYh X-Received: by 2002:a62:524e:: with SMTP id g75mr43796763pfb.106.1554138758624; Mon, 01 Apr 2019 10:12:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554138758; cv=none; d=google.com; s=arc-20160816; b=bqTHRVRWvthMnqeruTVwoqyfRKKmnee1Crm5TTwMNBveFueeXNEun0WbJJLRKbVO1B K/MUgIZIhPp+pJ0ABgMKm4rOTAPzWBKIs30g1s1VQlK/weDnz2KHq9+/wfWRcEzbyoaY TOU6FFqOpqOmGNwMPrSSYm8IpY+Q3PeyeZ/34428xJrlaHONZ5E5W6fXhGoNSrqxFBHF FK3zH+GpRe29PX8hcE0J3GLS8i9VqHxQbINjdV3HbwsSFoV427xh2TCVWuCgbUKwc6Lw 4UxNWFLoBqtSmoKDKR2z3VN2+Zud+p1LYXYvCmRLIDT84lw1WZHUaP9x6pVAsMMIOrND WP9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=R6ENKsKo1W6XeJ8FbXgpzDi+5R0wrZjUrJesCejhNyg=; b=H3Uom2B2levs+UwM46XGc3CrhCrvLL9jTWbraTxf26VOVPTHdncPa4GzJ1S04DJJGG 4Rh2A4sNVGewgPqKWE7erDXN9UGrcFI6m/AR9o5SSDywARpRUUod9s/VLV5bayawTu6C jG/gMPCMS3Jdgw9DPYTtJlAAMo1ewEBjb0DVzZdVyD8cbRdN4SvklhE6TwUEmtq1mfFQ EpTTsaIJMMXUFB0t1olbxamIj2t1EGjbJZnQcK9YmrcP61gYH5hg/iwXxPrnbyyGL5Hx Lx5HmQjhxmtzws7Y7dNK2r7QfGds4nsNSQaHXXdv9XCvEcYKi/DwU7Yu0N3c/m5FxPNA Cpjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vI3zK0Mu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p10si8989759plr.137.2019.04.01.10.12.23; Mon, 01 Apr 2019 10:12:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vI3zK0Mu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729843AbfDARJs (ORCPT + 99 others); Mon, 1 Apr 2019 13:09:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:56900 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729025AbfDARJp (ORCPT ); Mon, 1 Apr 2019 13:09:45 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4770321924; Mon, 1 Apr 2019 17:09:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1554138584; bh=mY/HMRPAFU1ZNO58Pu02+ULGdtdLiQA4aC5tAel4x6Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vI3zK0MubBcWKWyNJgQnM09s7q4CZjLRZpIK1xaBYpwpOuvrP9iaBLJquSM/nU7Wt nuFU9P+V3N+amomUVvBg6YSKp5LuaS+AsO5T+J6X/z5wrwnwprOP0JQq0JQWRQuX91 ZchDA67rAFGxnOW4hTX0DaLrzuC0tCkz7vz86H4U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Zhao, Yan Y" , Zhenyu Wang Subject: [PATCH 5.0 109/146] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check Date: Mon, 1 Apr 2019 19:02:01 +0200 Message-Id: <20190401170057.766937322@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190401170048.449559024@linuxfoundation.org> References: <20190401170048.449559024@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 5.0-stable review patch. If anyone has any objections, please let me know. ------------------ From: Zhenyu Wang commit 13bcb80b7ee79431fce361e060611134cb19e209 upstream. When MI_FLUSH_DW post write hw status page in index mode, the index value is in dword step and turned into address offset in cmd dword1. As status page size is 4K, so can't exceed that. This fixed upper bound check in cmd parser code which incorrectly stopped VM for reason of invalid MI_FLUSH_DW write index. v2: - Fix upper bound as 4K page size because index value is address offset. Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner") Cc: stable@vger.kernel.org # v4.10+ Cc: "Zhao, Yan Y" Reviewed-by: Yan Zhao Signed-off-by: Zhenyu Wang Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c @@ -1446,7 +1446,7 @@ static inline int cmd_address_audit(stru } if (index_mode) { - if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) { + if (guest_gma >= I915_GTT_PAGE_SIZE) { ret = -EFAULT; goto err; }