• Changbin Du's avatar
    drm/i915/gvt: Fix the validation on size field of dp aux header · 2f24636b
    Changbin Du authored
    The assertion for len is wrong, so fix it. And for where to validate
    user input, we should not warn by call trace.
    
    [ 290.584739] WARNING: CPU: 0 PID: 1471 at drivers/gpu/drm/i915/gvt/handlers.c:969 dp_aux_ch_ctl_mmio_write+0x394/0x430 [i915]
    [ 290.586113] task: ffff880111fe8000 task.stack: ffffc90044a9c000
    [ 290.586192] RIP: e030:dp_aux_ch_ctl_mmio_write+0x394/0x430 [i915]
    [ 290.586258] RSP: e02b:ffffc90044a9fd88 EFLAGS: 00010282
    [ 290.586315] RAX: 0000000000000017 RBX: 0000000000000003 RCX: ffffffff82461148
    [ 290.586391] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000201
    [ 290.586468] RBP: ffffc90043ed1000 R08: 0000000000000248 R09: 00000000000003d8
    [ 290.586544] R10: ffffc90044bdd314 R11: 0000000000000011 R12: 0000000000064310
    [ 290.586621] R13: 00000000fe4003ff R14: ffffc900432d1008 R15: ffff88010fa7cb40
    [ 290.586701] FS: 0000000000000000(0000) GS:ffff880123200000(0000) knlGS:0000000000000000
    [ 290.586787] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
    [ 290.586849] CR2: 00007f67ea44e000 CR3: 0000000116078000 CR4: 0000000000042660
    [ 290.586926] Call Trace:
    [ 290.586958] ? __switch_to_asm+0x40/0x70
    [ 290.587017] intel_vgpu_mmio_reg_rw+0x1ec/0x3c0 [i915]
    [ 290.587087] intel_vgpu_emulate_mmio_write+0xa8/0x2c0 [i915]
    [ 290.587151] xengt_emulation_thread+0x501/0x7a0 [xengt]
    [ 290.587208] ? __schedule+0x3c6/0x890
    [ 290.587250] ? wait_woken+0x80/0x80
    [ 290.587290] kthread+0xfc/0x130
    [ 290.587326] ? xengt_gpa_to_va+0x1f0/0x1f0 [xengt]
    [ 290.587378] ? kthread_create_on_node+0x70/0x70
    [ 290.587429] ? do_group_exit+0x3a/0xa0
    [ 290.587471] ret_from_fork+0x35/0x40
    
    Fixes: 04d348ae ("drm/i915/gvt: vGPU display virtualization")
    Signed-off-by: default avatarChangbin Du <changbin.du@intel.com>
    Signed-off-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
    2f24636b
handlers.c 96.6 KB