* [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
@ 2019-02-18 6:46 Zhenyu Wang
2019-02-19 3:30 ` Zhao, Yan Y
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Zhenyu Wang @ 2019-02-18 6:46 UTC (permalink / raw)
To: intel-gvt-dev; +Cc: stable
When MI_FLUSH_DW post write hw status page in index mode, the index
value is in dword step. This fixes wrong qword step in cmd parser code
which incorrectly stopped VM for invalid MI_FLUSH_DW write index.
Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner")
Cc: stable@vger.kernel.org # v4.10+
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
---
drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
index 35b4ec3f7618..d42f7a2dc82f 100644
--- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
+++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
@@ -1441,7 +1441,7 @@ static inline int cmd_address_audit(struct parser_exec_state *s,
}
if (index_mode) {
- if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) {
+ if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u32)) {
ret = -EFAULT;
goto err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* RE: [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
2019-02-18 6:46 [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check Zhenyu Wang
@ 2019-02-19 3:30 ` Zhao, Yan Y
2019-02-20 5:13 ` Zhenyu Wang
2019-02-20 8:25 ` [PATCH v2] " Zhenyu Wang
2019-02-22 15:24 ` [PATCH] " Sasha Levin
2 siblings, 1 reply; 7+ messages in thread
From: Zhao, Yan Y @ 2019-02-19 3:30 UTC (permalink / raw)
To: Zhenyu Wang, intel-gvt-dev; +Cc: stable
Do we need to check whether the index is in DWORD or QWORD, which is specified in DWORD 0 of the command?
BTW, maybe we also need to check whether gma is QWORD aligned ?
> -----Original Message-----
> From: intel-gvt-dev [mailto:intel-gvt-dev-bounces@lists.freedesktop.org] On
> Behalf Of Zhenyu Wang
> Sent: Monday, February 18, 2019 2:47 PM
> To: intel-gvt-dev@lists.freedesktop.org
> Cc: stable@vger.kernel.org
> Subject: [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index
> check
>
> When MI_FLUSH_DW post write hw status page in index mode, the index value
> is in dword step. This fixes wrong qword step in cmd parser code which
> incorrectly stopped VM for invalid MI_FLUSH_DW write index.
>
> Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner")
> Cc: stable@vger.kernel.org # v4.10+
> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
> ---
> drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> index 35b4ec3f7618..d42f7a2dc82f 100644
> --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> @@ -1441,7 +1441,7 @@ static inline int cmd_address_audit(struct
> parser_exec_state *s,
> }
>
> if (index_mode) {
> - if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) {
> + if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u32)) {
> ret = -EFAULT;
> goto err;
> }
> --
> 2.20.1
>
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
2019-02-19 3:30 ` Zhao, Yan Y
@ 2019-02-20 5:13 ` Zhenyu Wang
0 siblings, 0 replies; 7+ messages in thread
From: Zhenyu Wang @ 2019-02-20 5:13 UTC (permalink / raw)
To: Zhao, Yan Y; +Cc: intel-gvt-dev, stable
[-- Attachment #1: Type: text/plain, Size: 2394 bytes --]
On 2019.02.19 03:30:43 +0000, Zhao, Yan Y wrote:
> Do we need to check whether the index is in DWORD or QWORD, which is specified in DWORD 0 of the command?
>
That is for MI_FLUSH_DW cmd length instead of index size I believe.
And index is always Qword aligned, but take steps of u32. So this
patch is to fix the upper bound.
> BTW, maybe we also need to check whether gma is QWORD aligned ?
>
Current code did masking on it before checking gma..
> > -----Original Message-----
> > From: intel-gvt-dev [mailto:intel-gvt-dev-bounces@lists.freedesktop.org] On
> > Behalf Of Zhenyu Wang
> > Sent: Monday, February 18, 2019 2:47 PM
> > To: intel-gvt-dev@lists.freedesktop.org
> > Cc: stable@vger.kernel.org
> > Subject: [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index
> > check
> >
> > When MI_FLUSH_DW post write hw status page in index mode, the index value
> > is in dword step. This fixes wrong qword step in cmd parser code which
> > incorrectly stopped VM for invalid MI_FLUSH_DW write index.
> >
> > Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner")
> > Cc: stable@vger.kernel.org # v4.10+
> > Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
> > ---
> > drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> > b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> > index 35b4ec3f7618..d42f7a2dc82f 100644
> > --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> > +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> > @@ -1441,7 +1441,7 @@ static inline int cmd_address_audit(struct
> > parser_exec_state *s,
> > }
> >
> > if (index_mode) {
> > - if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) {
> > + if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u32)) {
> > ret = -EFAULT;
> > goto err;
> > }
> > --
> > 2.20.1
> >
> > _______________________________________________
> > intel-gvt-dev mailing list
> > intel-gvt-dev@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
--
Open Source Technology Center, Intel ltd.
$gpg --keyserver wwwkeys.pgp.net --recv-keys 4D781827
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
2019-02-18 6:46 [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check Zhenyu Wang
2019-02-19 3:30 ` Zhao, Yan Y
@ 2019-02-20 8:25 ` Zhenyu Wang
2019-02-21 3:33 ` Zhao Yan
2019-02-22 15:24 ` Sasha Levin
2019-02-22 15:24 ` [PATCH] " Sasha Levin
2 siblings, 2 replies; 7+ messages in thread
From: Zhenyu Wang @ 2019-02-20 8:25 UTC (permalink / raw)
To: intel-gvt-dev; +Cc: stable, Zhao, Yan Y
When MI_FLUSH_DW post write hw status page in index mode, the index
value is in dword step and turned into address offset in cmd dword1.
As status page size is 4K, so can't exceed that.
This fixed upper bound check in cmd parser code which incorrectly
stopped VM for reason of invalid MI_FLUSH_DW write index.
v2:
- Fix upper bound as 4K page size because index value is address offset.
Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner")
Cc: stable@vger.kernel.org # v4.10+
Cc: "Zhao, Yan Y" <yan.y.zhao@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
---
drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
index 35b4ec3f7618..3592d04c33b2 100644
--- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
+++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
@@ -1441,7 +1441,7 @@ static inline int cmd_address_audit(struct parser_exec_state *s,
}
if (index_mode) {
- if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) {
+ if (guest_gma >= I915_GTT_PAGE_SIZE) {
ret = -EFAULT;
goto err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
2019-02-20 8:25 ` [PATCH v2] " Zhenyu Wang
@ 2019-02-21 3:33 ` Zhao Yan
2019-02-22 15:24 ` Sasha Levin
1 sibling, 0 replies; 7+ messages in thread
From: Zhao Yan @ 2019-02-21 3:33 UTC (permalink / raw)
To: Zhenyu Wang; +Cc: intel-gvt-dev, stable
Looks good to me.
Reviewed-by: Yan Zhao <yan.y.zhao@intel.com>
On Wed, Feb 20, 2019 at 04:25:04PM +0800, Zhenyu Wang wrote:
> When MI_FLUSH_DW post write hw status page in index mode, the index
> value is in dword step and turned into address offset in cmd dword1.
> As status page size is 4K, so can't exceed that.
>
> This fixed upper bound check in cmd parser code which incorrectly
> stopped VM for reason of invalid MI_FLUSH_DW write index.
>
> v2:
> - Fix upper bound as 4K page size because index value is address offset.
>
> Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner")
> Cc: stable@vger.kernel.org # v4.10+
> Cc: "Zhao, Yan Y" <yan.y.zhao@intel.com>
> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
> ---
> drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> index 35b4ec3f7618..3592d04c33b2 100644
> --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> @@ -1441,7 +1441,7 @@ static inline int cmd_address_audit(struct parser_exec_state *s,
> }
>
> if (index_mode) {
> - if (guest_gma >= I915_GTT_PAGE_SIZE / sizeof(u64)) {
> + if (guest_gma >= I915_GTT_PAGE_SIZE) {
> ret = -EFAULT;
> goto err;
> }
> --
> 2.20.1
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
2019-02-20 8:25 ` [PATCH v2] " Zhenyu Wang
2019-02-21 3:33 ` Zhao Yan
@ 2019-02-22 15:24 ` Sasha Levin
1 sibling, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2019-02-22 15:24 UTC (permalink / raw)
To: Sasha Levin, Zhenyu Wang, intel-gvt-dev
Cc: stable, Zhao, Yan Y, Zhao, Yan Y, stable
Hi,
[This is an automated email]
This commit has been processed because it contains a "Fixes:" tag,
fixing commit: be1da7070aea drm/i915/gvt: vGPU command scanner.
The bot has tested the following trees: v4.20.11, v4.19.24, v4.14.102.
v4.14.102: Failed to apply! Possible dependencies:
0a53bc07f044 ("drm/i915/gvt: Separate cmd scan from request allocation")
0cce2823ed37 ("drm/i915/gvt: Refine error handling for prepare_execlist_workload")
1406a14b0ed9 ("drm/i915/gvt: Introduce intel_vgpu_submission")
1e3197d6ad73 ("drm/i915/gvt: Refine error handling for perform_bb_shadow")
21527a8dafc4 ("drm/i915/gvt: Factor out vGPU workload creation/destroy")
54cff6479fd8 ("drm/i915/gvt: Make elsp_dwords in the right order")
5c56883a9531 ("drm/i915/gvt: Change the return type during command scan")
5d5fe176155e ("drm/i915/kvmgt: Sanitize PCI bar emulation")
6d76303553ba ("drm/i915/gvt: Move common vGPU workload creation into scheduler.c")
7d1e5cdf0178 ("drm/i915/gvt: Factor intel_vgpu_page_track")
9556e1188892 ("drm/i915/gvt: Use I915_GTT_PAGE_SIZE")
9a9829e9eb8b ("drm/i915/gvt: Move workload cache init/clean into intel_vgpu_{setup, clean}_submission()")
f090a00df9ec ("drm/i915/gvt: Add emulation for BAR2 (aperture) with normal file RW approach")
How should we proceed with this patch?
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
2019-02-18 6:46 [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check Zhenyu Wang
2019-02-19 3:30 ` Zhao, Yan Y
2019-02-20 8:25 ` [PATCH v2] " Zhenyu Wang
@ 2019-02-22 15:24 ` Sasha Levin
2 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2019-02-22 15:24 UTC (permalink / raw)
To: Sasha Levin, Zhenyu Wang, intel-gvt-dev; +Cc: stable, stable
Hi,
[This is an automated email]
This commit has been processed because it contains a "Fixes:" tag,
fixing commit: be1da7070aea drm/i915/gvt: vGPU command scanner.
The bot has tested the following trees: v4.20.11, v4.19.24, v4.14.102.
v4.14.102: Failed to apply! Possible dependencies:
0a53bc07f044 ("drm/i915/gvt: Separate cmd scan from request allocation")
0cce2823ed37 ("drm/i915/gvt: Refine error handling for prepare_execlist_workload")
1406a14b0ed9 ("drm/i915/gvt: Introduce intel_vgpu_submission")
1e3197d6ad73 ("drm/i915/gvt: Refine error handling for perform_bb_shadow")
21527a8dafc4 ("drm/i915/gvt: Factor out vGPU workload creation/destroy")
54cff6479fd8 ("drm/i915/gvt: Make elsp_dwords in the right order")
5c56883a9531 ("drm/i915/gvt: Change the return type during command scan")
5d5fe176155e ("drm/i915/kvmgt: Sanitize PCI bar emulation")
6d76303553ba ("drm/i915/gvt: Move common vGPU workload creation into scheduler.c")
7d1e5cdf0178 ("drm/i915/gvt: Factor intel_vgpu_page_track")
9556e1188892 ("drm/i915/gvt: Use I915_GTT_PAGE_SIZE")
9a9829e9eb8b ("drm/i915/gvt: Move workload cache init/clean into intel_vgpu_{setup, clean}_submission()")
f090a00df9ec ("drm/i915/gvt: Add emulation for BAR2 (aperture) with normal file RW approach")
How should we proceed with this patch?
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-02-22 15:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-18 6:46 [PATCH] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check Zhenyu Wang
2019-02-19 3:30 ` Zhao, Yan Y
2019-02-20 5:13 ` Zhenyu Wang
2019-02-20 8:25 ` [PATCH v2] " Zhenyu Wang
2019-02-21 3:33 ` Zhao Yan
2019-02-22 15:24 ` Sasha Levin
2019-02-22 15:24 ` [PATCH] " Sasha Levin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.