Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp489880yba; Mon, 1 Apr 2019 10:19:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqyyfVAa021/PYk6Ix5sIagKjp/eu0FQYoe+1Ku1KQPQ7Mt+k4AGlS3HhtvR0WOKX1SLnpPI X-Received: by 2002:a63:7e10:: with SMTP id z16mr8617863pgc.40.1554139176274; Mon, 01 Apr 2019 10:19:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554139176; cv=none; d=google.com; s=arc-20160816; b=CocR/oCQWb3wVxDnOk1VNTisSMKu3oWMgF8XG3/CbZPnbu34mvkx6llqMgVEJiUdOM 8SAzLJdx+tvMFPNzTD8feiXdX1hrosh55LRu3X3ANsoauVp3J1mWyVq1As+yCYbISMOj XYhR74ZulGn/1EVen6DlX41weQsib3S7zHTsuKE8P4jONwMdBoE2tmcj0sCvTfjKTs+k mNOPY8gUixaMI5+ayh5zki8JfALeIZPXYMfiYXNYpGjiM2pJQV4nuLfKa1z8jCF7kjfg YR0VcyA+LXlikzKagk016NO/FxAJvhWepp4wWe9KwvWHPD9fG+j3SrCHfTX3efrIvMjt QN4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=hc8/ufTyKZjwUgEZJoQlF/wLY8oL5cZMUe9ViZep5Jg=; b=cRDFyOhyyT0WIy+IbHwkXv04+2lxAidy0iZIAQmWaEUKyW1tTZNx6wvLeFAUSmn2Ei C4bGZUy5F/AsXaBecVPILOhBnMs0F9Km7WgMrBB9E8Ua0Fc7IEE/Vh/exfbJS3PzqHXO mzhKi5rBSORJH8xnNkYQfxzWQTteZTHW62iCW7JjHrnnXS4vK+bP6wZTw2771qSvIkX7 DXQZmN1xfjJiE5dnB51XzvmZgbIObHwJnLlFmiBwAJqgUC/Wc0XE/UBLB4UClCmgUE/J Sewi1DrGyRJcejehkXVREdtBYLs5Gm6kRM5CpSEH4gNolXQYa7Hhg3tBC0KKp+epcwxO mGsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1hU8TUNQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w10si8871199plq.328.2019.04.01.10.19.20; Mon, 01 Apr 2019 10:19:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1hU8TUNQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731196AbfDARRg (ORCPT + 99 others); Mon, 1 Apr 2019 13:17:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:43842 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730408AbfDARRe (ORCPT ); Mon, 1 Apr 2019 13:17:34 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4C2D820856; Mon, 1 Apr 2019 17:17:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1554139053; bh=eQIqaQ2N6YliSGFm8UsU8VPSDc2teTIggXS8kX4f+Pc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1hU8TUNQpwitP94F9l0y4ezPEuo5e0EtVbuIHFM/dSdkd5hrKkbvvTuvdBKfQ2B54 txKY3pF/DNE6PQziR1mNw9eVce9bnlXIJ7UZbL+z3bE+rLGtEM9hoZuea1P8QqiBLW E2zQus331Q1ra3bcl+yAZ24uX7nY7eSJl7yQZY5A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Zhao, Yan Y" , Zhenyu Wang Subject: [PATCH 4.19 099/134] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check Date: Mon, 1 Apr 2019 19:02:15 +0200 Message-Id: <20190401170053.517080312@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190401170044.243719205@linuxfoundation.org> References: <20190401170044.243719205@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Zhenyu Wang commit 13bcb80b7ee79431fce361e060611134cb19e209 upstream. When MI_FLUSH_DW post write hw status page in index mode, the index value is in dword step and turned into address offset in cmd dword1. As status page size is 4K, so can't exceed that. This fixed upper bound check in cmd parser code which incorrectly stopped VM for reason of invalid MI_FLUSH_DW write index. v2: - Fix upper bound as 4K page size because index value is address offset. Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner") Cc: stable@vger.kernel.org # v4.10+ Cc: "Zhao, Yan Y" Reviewed-by: Yan Zhao Signed-off-by: Zhenyu Wang Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c @@ -1446,7 +1446,7 @@ static inline int cmd_address_audit(stru } if (index_mode) { - if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) { + if (guest_gma >= I915_GTT_PAGE_SIZE) { ret = -EFAULT; goto err; }