git: a78e46a7dbb3 - main - xen: take struct size into account for video information

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Roger Pau Monné <royger_at_FreeBSD.org>
Date: Tue, 14 Mar 2023 09:01:33 UTC
The branch main has been updated by royger:

URL: https://cgit.FreeBSD.org/src/commit/?id=a78e46a7dbb37dcb537fbc3b17f3980458978bc9

commit a78e46a7dbb37dcb537fbc3b17f3980458978bc9
Author:     Roger Pau Monné <royger@FreeBSD.org>
AuthorDate: 2023-03-13 14:17:21 +0000
Commit:     Roger Pau Monné <royger@FreeBSD.org>
CommitDate: 2023-03-14 08:59:08 +0000

    xen: take struct size into account for video information
    
    The xenpf_dom0_console_t structure can grow as more data is added, and
    hence we need to check that the fields we accesses have been filled by
    Xen.  The only extra field FreeBSD currently uses is the top 32 bits
    for the frame buffer physical address.
    
    Note that this field is present in all the versions that make the
    information available from the platform hypercall interface, so the
    check here is mostly cosmetic, and to remember us that newly added
    fields require checking the size of the returned data.
    
    Fixes: 6f80738b228c ('xen: fetch dom0 video console information from Xen')
    Sponsored by: Citrix Systems R&D
---
 sys/x86/xen/pv.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/sys/x86/xen/pv.c b/sys/x86/xen/pv.c
index d721e9bb530e..3411f4b6b030 100644
--- a/sys/x86/xen/pv.c
+++ b/sys/x86/xen/pv.c
@@ -347,11 +347,11 @@ fixup_console(caddr_t kmdp)
 		struct efi_fb efi;
 		struct vbe_fb vbe;
 	} *fb = NULL;
-	int ret;
+	int size;
 
-	ret = HYPERVISOR_platform_op(&op);
-	if (ret != 0) {
-		xc_printf("Failed to get dom0 video console info\n");
+	size = HYPERVISOR_platform_op(&op);
+	if (size < 0) {
+		xc_printf("Failed to get dom0 video console info: %d\n", size);
 		return;
 	}
 
@@ -381,8 +381,11 @@ fixup_console(caddr_t kmdp)
 			}
 		}
 
-		fb->efi.fb_addr = console->u.vesa_lfb.lfb_base |
-		    ((uint64_t)console->u.vesa_lfb.ext_lfb_base << 32);
+		fb->efi.fb_addr = console->u.vesa_lfb.lfb_base;
+		if (size >
+		    offsetof(xenpf_dom0_console_t, u.vesa_lfb.ext_lfb_base))
+			fb->efi.fb_addr |=
+			    (uint64_t)console->u.vesa_lfb.ext_lfb_base << 32;
 		fb->efi.fb_size = console->u.vesa_lfb.lfb_size << 16;
 		fb->efi.fb_height = console->u.vesa_lfb.height;
 		fb->efi.fb_width = console->u.vesa_lfb.width;