Looks good to me.
Reviewed-by: Yan Zhao <yan.y.zhao@xxxxxxxxx>
On Wed, Feb 20, 2019 at 04:25:04PM +0800, Zhenyu Wang wrote:
> When MI_FLUSH_DW post write hw status page in index mode, the index
> value is in dword step and turned into address offset in cmd dword1.
> As status page size is 4K, so can't exceed that.
>
> This fixed upper bound check in cmd parser code which incorrectly
> stopped VM for reason of invalid MI_FLUSH_DW write index.
>
> v2:
> - Fix upper bound as 4K page size because index value is address offset.
>
> Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner")
> Cc: stable@xxxxxxxxxxxxxxx # v4.10+
> Cc: "Zhao, Yan Y" <yan.y.zhao@xxxxxxxxx>
> Signed-off-by: Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx>
> ---
> drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> index 35b4ec3f7618..3592d04c33b2 100644
> --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> @@ -1441,7 +1441,7 @@ static inline int cmd_address_audit(struct parser_exec_state *s,
> }
>
> if (index_mode) {
> - if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) {
> + if (guest_gma >= I915_GTT_PAGE_SIZE) {
> ret = -EFAULT;
> goto err;
> }
> --
> 2.20.1
>
