From a78e46a7dbb37dcb537fbc3b17f3980458978bc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Date: Mon, 13 Mar 2023 15:17:21 +0100 Subject: [PATCH] xen: take struct size into account for video information The xenpf_dom0_console_t structure can grow as more data is added, and hence we need to check that the fields we accesses have been filled by Xen. The only extra field FreeBSD currently uses is the top 32 bits for the frame buffer physical address. Note that this field is present in all the versions that make the information available from the platform hypercall interface, so the check here is mostly cosmetic, and to remember us that newly added fields require checking the size of the returned data. Fixes: 6f80738b228c ('xen: fetch dom0 video console information from Xen') Sponsored by: Citrix Systems R&D --- sys/x86/xen/pv.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/sys/x86/xen/pv.c b/sys/x86/xen/pv.c index d721e9bb530e..3411f4b6b030 100644 --- a/sys/x86/xen/pv.c +++ b/sys/x86/xen/pv.c @@ -347,11 +347,11 @@ fixup_console(caddr_t kmdp) struct efi_fb efi; struct vbe_fb vbe; } *fb = NULL; - int ret; + int size; - ret = HYPERVISOR_platform_op(&op); - if (ret != 0) { - xc_printf("Failed to get dom0 video console info\n"); + size = HYPERVISOR_platform_op(&op); + if (size < 0) { + xc_printf("Failed to get dom0 video console info: %d\n", size); return; } @@ -381,8 +381,11 @@ fixup_console(caddr_t kmdp) } } - fb->efi.fb_addr = console->u.vesa_lfb.lfb_base | - ((uint64_t)console->u.vesa_lfb.ext_lfb_base << 32); + fb->efi.fb_addr = console->u.vesa_lfb.lfb_base; + if (size > + offsetof(xenpf_dom0_console_t, u.vesa_lfb.ext_lfb_base)) + fb->efi.fb_addr |= + (uint64_t)console->u.vesa_lfb.ext_lfb_base << 32; fb->efi.fb_size = console->u.vesa_lfb.lfb_size << 16; fb->efi.fb_height = console->u.vesa_lfb.height; fb->efi.fb_width = console->u.vesa_lfb.width;