FAILED: patch "[PATCH] drm/i915: Fix cmd parser desc matching with masks" failed to apply to 5.4-stable tree - Linux-stable-mirror

31 Aug 2020

The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
...
From e5f10d6385cda083037915c12b130887c8831d2b Mon Sep 17 00:00:00 2001
From: Mika Kuoppala mika.kuoppala@linux.intel.com
Date: Mon, 17 Aug 2020 22:59:26 +0300
Subject: [PATCH] drm/i915: Fix cmd parser desc matching with masks
Our variety of defined gpu commands have the actual
command id field and possibly length and flags applied.
We did start to apply the mask during initialization of
the cmd descriptors but forgot to also apply it on comparisons.
Fix comparisons in order to properly deny access with
associated commands.
v2: fix lri with correct mask (Chris)
References: 926abff21a8f ("drm/i915/cmdparser: Ignore Length operands during command matching")
Reported-by: Nicolai Stange nstange@suse.de
Cc: stable@vger.kernel.org # v5.4+
Cc: Miroslav Benes mbenes@suse.cz
Cc: Takashi Iwai tiwai@suse.de
Cc: Tyler Hicks tyhicks@canonical.com
Cc: Jon Bloomfield jon.bloomfield@intel.com
Cc: Chris Wilson chris.p.wilson@intel.com
Signed-off-by: Mika Kuoppala mika.kuoppala@linux.intel.com
Reviewed-by: Chris Wilson chris@chris-wilson.co.uk
Link: https://patchwork.freedesktop.org/patch/msgid/20200817195926.12671-1-mika.ku...
(cherry picked from commit 3b4efa148da36f158cce3f662e831af2834b8e0f)
Signed-off-by: Jani Nikula jani.nikula@intel.com

diff --git a/drivers/gpu/drm/i915/i915_cmd_parser.c b/drivers/gpu/drm/i915/i915_cmd_parser.c
index 372354d33f55..5ac4a999f05a 100644
--- a/drivers/gpu/drm/i915/i915_cmd_parser.c
+++ b/drivers/gpu/drm/i915/i915_cmd_parser.c
@@ -1204,6 +1204,12 @@ static u32 *copy_batch(struct drm_i915_gem_object *dst_obj,
    return dst;
 }
+static inline bool cmd_desc_is(const struct drm_i915_cmd_descriptor * const desc,
+			       const u32 cmd)
+{
+	return desc->cmd.value == (cmd & desc->cmd.mask);
+}
+
 static bool check_cmd(const struct intel_engine_cs *engine,
    	      const struct drm_i915_cmd_descriptor *desc,
    	      const u32 *cmd, u32 length)
@@ -1242,19 +1248,19 @@ static bool check_cmd(const struct intel_engine_cs *engine,
    		 * allowed mask/value pair given in the whitelist entry.
    		 */
    		if (reg->mask) {
-				if (desc->cmd.value == MI_LOAD_REGISTER_MEM) {
+				if (cmd_desc_is(desc, MI_LOAD_REGISTER_MEM)) {
    				DRM_DEBUG("CMD: Rejected LRM to masked register 0x%08X\n",
    					  reg_addr);
    				return false;
    			}
-				if (desc->cmd.value == MI_LOAD_REGISTER_REG) {
+				if (cmd_desc_is(desc, MI_LOAD_REGISTER_REG)) {
    				DRM_DEBUG("CMD: Rejected LRR to masked register 0x%08X\n",
    					  reg_addr);
    				return false;
    			}
-				if (desc->cmd.value == MI_LOAD_REGISTER_IMM(1) &&
+				if (cmd_desc_is(desc, MI_LOAD_REGISTER_IMM(1)) &&
    			    (offset + 2 > length ||
    			     (cmd[offset + 1] & reg->mask) != reg->value)) {
    				DRM_DEBUG("CMD: Rejected LRI to masked register 0x%08X\n",
@@ -1478,7 +1484,7 @@ int intel_engine_cmd_parser(struct intel_engine_cs *engine,
    		break;
    	}
-		if (desc->cmd.value == MI_BATCH_BUFFER_START) {
+		if (cmd_desc_is(desc, MI_BATCH_BUFFER_START)) {
    		ret = check_bbstart(cmd, offset, length, batch_length,
    				    batch_addr, shadow_addr,
    				    jump_whitelist);

    