UBUNTU: SAUCE: i915_bpo: drm/i915/cmdparser: Ignore Length operands during command matching

Some of the gen instruction macros (e.g. MI_DISPLAY_FLIP) have the
length directly encoded in them. Since these are used directly in
the tables, the Length becomes part of the comparison used for
matching during parsing. Thus, if the cmd being parsed has a
different length to that in the table, it is not matched and the
cmd is accepted via the default variable length path.

Fix by masking out everything except the Opcode in the cmd tables
Signed-off-by: Jon Bloomfield <jon.bloomfield@intel.com>

CVE-2019-0155
Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

ubuntu/i915/i915_cmd_parser.c

@@ -92,7 +92,7 @@
 #define CMD(op, opm, f, lm, fl, ...)				\
 	{							\
 		.flags = (fl) | ((f) ? CMD_DESC_FIXED : 0),	\
-		.cmd = { (op), (opm) },				\
+		.cmd = { (op) & (opm), (opm) },			\
 		.length = { (lm) },				\
 		__VA_ARGS__					\
 	}