From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D57E421ECCB2A for ; Wed, 20 Sep 2017 19:54:35 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga105.jf.intel.com with ESMTP; 20 Sep 2017 19:57:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.42,423,1500966000"; d="scan'208";a="1016820828" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga003.jf.intel.com with ESMTP; 20 Sep 2017 19:57:39 -0700 Received: from fmsmsx119.amr.corp.intel.com (10.18.124.207) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 20 Sep 2017 19:57:31 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX119.amr.corp.intel.com (10.18.124.207) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 20 Sep 2017 19:57:30 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.175]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.213]) with mapi id 14.03.0319.002; Thu, 21 Sep 2017 10:57:29 +0800 From: "Zeng, Star" To: Paolo Bonzini , "Wu, Hao A" , "edk2-devel@lists.01.org" CC: "Dong, Eric" , "Zeng, Star" Thread-Topic: [edk2] [PATCH 3/6] MdeModulePkg/Tpl: Fix negative value left shift Thread-Index: AQHTMTyd9dKvgc0odUOBD8mkFUBCOqK76Z2AgAK91/A= Date: Thu, 21 Sep 2017 02:57:28 +0000 Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103B976FBB@shsmsx102.ccr.corp.intel.com> References: <20170919114351.18448-1-hao.a.wu@intel.com> <20170919114351.18448-4-hao.a.wu@intel.com> <55cbb690-9ae1-56ed-d5a5-e100d9dd98da@redhat.com> In-Reply-To: <55cbb690-9ae1-56ed-d5a5-e100d9dd98da@redhat.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 3/6] MdeModulePkg/Tpl: Fix negative value left shift X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2017 02:54:36 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable There is a case must be considered that gEventPending is 0, HighBitSet64 wi= ll return -1, then the code will be wrong. The code maybe: while (gEventPending !=3D 0) { PendingTpl =3D (UINTN) HighBitSet64 (gEventPending); if (NewTpl >=3D PendingTpl) { break; } gEfiCurrentTpl =3D PendingTpl; ... } Thanks, Star -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Paol= o Bonzini Sent: Wednesday, September 20, 2017 1:03 AM To: Wu, Hao A ; edk2-devel@lists.01.org Cc: Dong, Eric ; Zeng, Star Subject: Re: [edk2] [PATCH 3/6] MdeModulePkg/Tpl: Fix negative value left s= hift On 19/09/2017 13:43, Hao Wu wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D695 >=20 > Within function CoreRestoreTpl(), left shift a negative value -2 is=20 > used > in: > "while (((-2 << NewTpl) & gEventPending) !=3D 0) {" >=20 > which involves undefined behavior. >=20 > According to the C11 spec, Section 6.5.7: >> 4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated >> bits are filled with zeros. If E1 has an unsigned type, the value >> of the result is E1 * 2^E2 , reduced modulo one more than the >> maximum value representable in the result type. If E1 has a signed >> type and nonnegative value, and E1 * 2^E2 is representable in the >> result type, then that is the resulting value; otherwise, the >> behavior is undefined. >=20 > This commit explicitly cast '-2' with UINTN to resolve this issue. >=20 > Cc: Steven Shi > Cc: Star Zeng > Cc: Eric Dong > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu > --- > MdeModulePkg/Core/Dxe/Event/Tpl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/MdeModulePkg/Core/Dxe/Event/Tpl.c=20 > b/MdeModulePkg/Core/Dxe/Event/Tpl.c > index 8ad0a33701..8c50f61117 100644 > --- a/MdeModulePkg/Core/Dxe/Event/Tpl.c > +++ b/MdeModulePkg/Core/Dxe/Event/Tpl.c > @@ -123,7 +123,7 @@ CoreRestoreTpl ( > // > // Dispatch any pending events > // > - while (((-2 << NewTpl) & gEventPending) !=3D 0) { > + while (((((UINTN)-2) << NewTpl) & gEventPending) !=3D 0) { > gEfiCurrentTpl =3D (UINTN) HighBitSet64 (gEventPending); > if (gEfiCurrentTpl < TPL_HIGH_LEVEL) { > CoreSetInterruptState (TRUE); >=20 Maybe: for (;;) { PendingTpl =3D (UINTN) HighBitSet64 (gEventPending); if (NewTpl >=3D PendingTpl) { break; } gEfiCurrentTpl =3D PendingTpl; } This is much more readable, and HighBitSet64 should be efficient on most mo= dern processors. Paolo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel