From 0600b575402feb180ba9aed52ebad1c4c08ead71 Mon Sep 17 00:00:00 2001 From: Robert Wing Date: Fri, 29 Dec 2023 10:18:15 -0900 Subject: [PATCH] bhyve: verify that user provided fbuf values fall within limits The upper limits for height/width are already checked, this commit enforces the lower limit as well. The behavior is also changed such that, the framebuffer fails to initialize if the provided values don't parse cleanly. Reviewed by: corvink, jhb Differential Revision: https://reviews.freebsd.org/D42692 --- usr.sbin/bhyve/bhyve.8 | 4 ++-- usr.sbin/bhyve/pci_fbuf.c | 33 +++++++++++++++------------------ 2 files changed, 17 insertions(+), 20 deletions(-) diff --git a/usr.sbin/bhyve/bhyve.8 b/usr.sbin/bhyve/bhyve.8 index 3612251d7f7b..12e3f3ba926e 100644 --- a/usr.sbin/bhyve/bhyve.8 +++ b/usr.sbin/bhyve/bhyve.8 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 20, 2023 +.Dd December 29, 2023 .Dt BHYVE 8 .Os .Sh NAME @@ -778,7 +778,7 @@ optional zone identifier. A display resolution, width and height, respectively. If not specified, a default resolution of 1024x768 pixels will be used. Minimal supported resolution is 640x480 pixels, -and maximum is 1920x1200 pixels. +and maximum is 3840x2160 pixels. .It Cm vga= Ns Ar vgaconf Possible values for this option are .Cm io diff --git a/usr.sbin/bhyve/pci_fbuf.c b/usr.sbin/bhyve/pci_fbuf.c index 247b7cb69c9a..798e9b41f0b0 100644 --- a/usr.sbin/bhyve/pci_fbuf.c +++ b/usr.sbin/bhyve/pci_fbuf.c @@ -312,26 +312,23 @@ pci_fbuf_parse_config(struct pci_fbuf_softc *sc, nvlist_t *nvl) } value = get_config_value_node(nvl, "w"); - if (value != NULL) { - sc->memregs.width = atoi(value); - if (sc->memregs.width > COLS_MAX) { - EPRINTLN("fbuf: width %d too large", sc->memregs.width); - return (-1); - } - if (sc->memregs.width == 0) - sc->memregs.width = 1920; - } + if (value != NULL) + sc->memregs.width = strtol(value, NULL, 10); value = get_config_value_node(nvl, "h"); - if (value != NULL) { - sc->memregs.height = atoi(value); - if (sc->memregs.height > ROWS_MAX) { - EPRINTLN("fbuf: height %d too large", - sc->memregs.height); - return (-1); - } - if (sc->memregs.height == 0) - sc->memregs.height = 1080; + if (value != NULL) + sc->memregs.height = strtol(value, NULL, 10); + + if (sc->memregs.width > COLS_MAX || + sc->memregs.height > ROWS_MAX) { + EPRINTLN("fbuf: max resolution is %ux%u", COLS_MAX, ROWS_MAX); + return (-1); + } + if (sc->memregs.width < COLS_MIN || + sc->memregs.height < ROWS_MIN) { + EPRINTLN("fbuf: minimum resolution is %ux%u", + COLS_MIN, ROWS_MIN); + return (-1); } value = get_config_value_node(nvl, "password");