[PATCH 5.4 78/80] drm/i915/gvt: Fix cmd length check for MI_ATOMIC

[Greg Kroah-Hartman]

From: Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx>

commit 92b1aa773fadb4e2a90ed5d3beecb422d568ad9a upstream.

Correct valid command length check for MI_ATOMIC, need to check inline
data available field instead of operand data length for whole command.

Fixes: 00a33be40634 ("drm/i915/gvt: Add valid length check for MI variable commands")
Reported-by: Alex Williamson <alex.williamson@xxxxxxxxxx>
Acked-by: Gao Fred <fred.gao@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/gpu/drm/i915/gvt/cmd_parser.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
+++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
@@ -1597,9 +1597,9 @@ static int cmd_handler_mi_op_2f(struct p
 	if (!(cmd_val(s, 0) & (1 << 22)))
 		return ret;
 
-	/* check if QWORD */
-	if (DWORD_FIELD(0, 20, 19) == 1)
-		valid_len += 8;
+	/* check inline data */
+	if (cmd_val(s, 0) & BIT(18))
+		valid_len = CMD_LEN(9);
 	ret = gvt_check_valid_cmd_length(cmd_length(s),
 			valid_len);
 	if (ret)