The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@xxxxxxxxxxxxxxx>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 13bcb80b7ee79431fce361e060611134cb19e209 Mon Sep 17 00:00:00 2001
From: Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx>
Date: Wed, 20 Feb 2019 16:25:04 +0800
Subject: [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index
check
When MI_FLUSH_DW post write hw status page in index mode, the index
value is in dword step and turned into address offset in cmd dword1.
As status page size is 4K, so can't exceed that.
This fixed upper bound check in cmd parser code which incorrectly
stopped VM for reason of invalid MI_FLUSH_DW write index.
v2:
- Fix upper bound as 4K page size because index value is address offset.
Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner")
Cc: stable@xxxxxxxxxxxxxxx # v4.10+
Cc: "Zhao, Yan Y" <yan.y.zhao@xxxxxxxxx>
Reviewed-by: Yan Zhao <yan.y.zhao@xxxxxxxxx>
Signed-off-by: Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx>
diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
index 77ae634eb11c..bd95fd6b4ac8 100644
--- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
+++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
@@ -1446,7 +1446,7 @@ static inline int cmd_address_audit(struct parser_exec_state *s,
}
if (index_mode) {
- if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) {
+ if (guest_gma >= I915_GTT_PAGE_SIZE) {
ret = -EFAULT;
goto err;
}
