Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2282018ybl; Thu, 19 Dec 2019 10:58:19 -0800 (PST) X-Google-Smtp-Source: APXvYqy2VdCo0PHSaIglLgz9gYoYpl1/V13ON3a25m92Z27JPu7GSAcxRrFJeUakC67AqQUQ4LI7 X-Received: by 2002:a9d:6a8f:: with SMTP id l15mr10089382otq.59.1576781899492; Thu, 19 Dec 2019 10:58:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576781899; cv=none; d=google.com; s=arc-20160816; b=gZoUeM+pwHZTzlsSmu8BSDE7WDE72vC5XQllmWX17PdblzUS6TcqF4EH7ODU4cATTm mNHZi+RcDjADn76jSrLHkOGS9ugfUqfQPfMJfmWzROP2jV6Taai+WE1eOgotnP1eiM3e OWepEQrxd4NxcyFsV0j36jl4LXImysZ1K4G1PGHPiVLkxU5j2mFcZV4f3V92HhRHYQsL /AvbbOKmQsxLG1WsCweHKY0dhKfoMomlIbpdILmI7HwJZbX192/m9rL4gLggWNKXriAC nMeXEWy3FQoTAgekSClJ9t1UmYjpWTedfuDDc1hqyEBtE8POc0jA4njlRuy4KFPza5bu m9Zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/Gugn5diR0MSJm0gSilUfogUAo5+QFMgTqTS5NWspgQ=; b=IRhFXFq+lGEbejXJb+c026LC0JFqxi/SB5it1N7xgy3lSGQn9vubp+VUn5SZH5a92p Hu+iKlG63yzQQbjzYZeuP4jB5ZiQmNtjdJn6jcMkaorxGoqWS/B/Sc6R5ktRx4tbcpy3 a+9YKrh2/tyfsulN0zJKTPguUYBxl23BCKv2eWSau1WQiyHoXuht4K2Phbp3tBVj9YEa dhQVHz9WxW3aHzas8pX0jhnJh5SLqG2v5hF1IvXtJnQXu0LvlOSFP0+R0OfdvY8NshjG kcGRL9ij6NSC281ZrrYNmIRH1mN9c/DMHyCN+5SDrvPJ5G1zfk1lMFNuUGJECF8ijcED WK/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Q67NzVKf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e192si3583029oib.82.2019.12.19.10.58.08; Thu, 19 Dec 2019 10:58:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Q67NzVKf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730815AbfLSS5H (ORCPT + 99 others); Thu, 19 Dec 2019 13:57:07 -0500 Received: from mail.kernel.org ([198.145.29.99]:53308 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730847AbfLSS4i (ORCPT ); Thu, 19 Dec 2019 13:56:38 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D932624684; Thu, 19 Dec 2019 18:56:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1576781798; bh=AS6wJQWRcUrr/XYiBzTLgIYCQuq2dVk5CsAwC9pgx+s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Q67NzVKf3Kg0c8BO3RCE0JfPp8MN+i9UxZGR0Fz0zqxmdDb4mmCDJzGCyHF/Ipmid KeQ+KOyFaSzu2GZJ/6uR/Mwu/QN90XDH0ZxYWYFdUxyLk+/CtF1wSrCZuGzF+LJWur 8uUw6FstMnS3cQFzVIMNL2WAZd3ik4t7Udfn1/Hg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alex Williamson , Gao Fred , Zhenyu Wang Subject: [PATCH 5.4 78/80] drm/i915/gvt: Fix cmd length check for MI_ATOMIC Date: Thu, 19 Dec 2019 19:35:10 +0100 Message-Id: <20191219183147.737569155@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191219183031.278083125@linuxfoundation.org> References: <20191219183031.278083125@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhenyu Wang commit 92b1aa773fadb4e2a90ed5d3beecb422d568ad9a upstream. Correct valid command length check for MI_ATOMIC, need to check inline data available field instead of operand data length for whole command. Fixes: 00a33be40634 ("drm/i915/gvt: Add valid length check for MI variable commands") Reported-by: Alex Williamson Acked-by: Gao Fred Cc: stable@vger.kernel.org Signed-off-by: Zhenyu Wang Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/i915/gvt/cmd_parser.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c @@ -1597,9 +1597,9 @@ static int cmd_handler_mi_op_2f(struct p if (!(cmd_val(s, 0) & (1 << 22))) return ret; - /* check if QWORD */ - if (DWORD_FIELD(0, 20, 19) == 1) - valid_len += 8; + /* check inline data */ + if (cmd_val(s, 0) & BIT(18)) + valid_len = CMD_LEN(9); ret = gvt_check_valid_cmd_length(cmd_length(s), valid_len); if (ret)