Quoting Chris Wilson (2018-02-05 16:04:25)
> Quoting Michal Srb (2018-02-05 15:17:45)
> > The command MEDIA_VFE_STATE checks bits at offset +2 dwords. However, it is
> > possible to have MEDIA_VFE_STATE command with length = 0 + LENGTH_BIAS = 2.
> > In that case check_cmd will read bits from the following command, or even past
> > the end of the buffer.
> >
> > If the offset ends up outside of the command length, reject the command.
> >
> > Signed-off-by: Michal Srb <msrb@xxxxxxxx>
>
> Looks good, both
> Reviewed-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
>
> I'll resend them to intel-gfx@ so CI picks them up for the checklist.
Added
Fixes: 76ff480ec963 ("drm/i915/cmdparser: Use binary search for faster
register lookup"
and
Fixes: 351e3db2b363 ("drm/i915: Implement command buffer parsing logic")
respectively and pushed. Thanks for the patches,
-Chris
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
