drm/i915/gvt: Fix cmd length check for MI_ATOMIC

commit 92b1aa773fadb4e2a90ed5d3beecb422d568ad9a upstream.

Correct valid command length check for MI_ATOMIC, need to check inline
data available field instead of operand data length for whole command.

Fixes: 00a33be40634 ("drm/i915/gvt: Add valid length check for MI variable commands")
Reported-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Gao Fred <fred.gao@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
index e753b1e..fc29a37 100644 (file)
--- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
+++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
@@ -1597,9 +1597,9 @@ static int cmd_handler_mi_op_2f(struct parser_exec_state *s)
        if (!(cmd_val(s, 0) & (1 << 22)))
                return ret;
 
-       /* check if QWORD */
-       if (DWORD_FIELD(0, 20, 19) == 1)
-               valid_len += 8;
+       /* check inline data */
+       if (cmd_val(s, 0) & BIT(18))
+               valid_len = CMD_LEN(9);
        ret = gvt_check_valid_cmd_length(cmd_length(s),
                        valid_len);
        if (ret)