From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 69ED021E1B75A for ; Sun, 24 Sep 2017 23:18:15 -0700 (PDT) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP; 24 Sep 2017 23:21:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.42,435,1500966000"; d="scan'208";a="152913960" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga005.jf.intel.com with ESMTP; 24 Sep 2017 23:21:25 -0700 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 24 Sep 2017 23:21:15 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 24 Sep 2017 23:21:15 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.175]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.93]) with mapi id 14.03.0319.002; Mon, 25 Sep 2017 14:21:12 +0800 From: "Zeng, Star" To: "Wu, Hao A" , "edk2-devel@lists.01.org" CC: "Shi, Steven" , "Dong, Eric" , Paolo Bonzini , "Kinney, Michael D" , "Gao, Liming" , "Zeng, Star" Thread-Topic: [PATCH v2 3/6] MdeModulePkg/Tpl: Fix negative value left shift Thread-Index: AQHTMqVZy+gZ5DYZek2GwN2EpXRmC6LFJ4sA Date: Mon, 25 Sep 2017 06:21:12 +0000 Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103B9796D8@shsmsx102.ccr.corp.intel.com> References: <20170921064617.2628-1-hao.a.wu@intel.com> <20170921064617.2628-4-hao.a.wu@intel.com> In-Reply-To: <20170921064617.2628-4-hao.a.wu@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2 3/6] MdeModulePkg/Tpl: Fix negative value left shift X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Sep 2017 06:18:15 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Star Zeng -----Original Message----- From: Wu, Hao A=20 Sent: Thursday, September 21, 2017 2:46 PM To: edk2-devel@lists.01.org Cc: Wu, Hao A ; Shi, Steven ; Zen= g, Star ; Dong, Eric ; Paolo Bonz= ini ; Kinney, Michael D ; = Gao, Liming Subject: [PATCH v2 3/6] MdeModulePkg/Tpl: Fix negative value left shift REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D695 Within function CoreRestoreTpl(), left shift a negative value -2 is used in: "while (((-2 << NewTpl) & gEventPending) !=3D 0) {" which involves undefined behavior. According to the C11 spec, Section 6.5.7: > 4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated > bits are filled with zeros. If E1 has an unsigned type, the value > of the result is E1 * 2^E2 , reduced modulo one more than the > maximum value representable in the result type. If E1 has a signed > type and nonnegative value, and E1 * 2^E2 is representable in the > result type, then that is the resulting value; otherwise, the > behavior is undefined. This commit refines the code logic to avoid left shifting the negative valu= e. Cc: Steven Shi Cc: Star Zeng Cc: Eric Dong Cc: Paolo Bonzini Cc: Michael Kinney Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu --- MdeModulePkg/Core/Dxe/Event/Tpl.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Event/Tpl.c b/MdeModulePkg/Core/Dxe/Even= t/Tpl.c index 8ad0a33701..e3caf832b8 100644 --- a/MdeModulePkg/Core/Dxe/Event/Tpl.c +++ b/MdeModulePkg/Core/Dxe/Event/Tpl.c @@ -1,7 +1,7 @@ /** @file Task priority (TPL) functions. =20 -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -103,6 +10= 3,7 @@ CoreRestoreTpl ( ) { EFI_TPL OldTpl; + EFI_TPL PendingTpl; =20 OldTpl =3D gEfiCurrentTpl; if (NewTpl > OldTpl) { @@ -123,8 +124,13 @@ CoreRestoreTpl ( // // Dispatch any pending events // - while (((-2 << NewTpl) & gEventPending) !=3D 0) { - gEfiCurrentTpl =3D (UINTN) HighBitSet64 (gEventPending); + while (gEventPending !=3D 0) { + PendingTpl =3D (UINTN) HighBitSet64 (gEventPending); + if (PendingTpl <=3D NewTpl) { + break; + } + + gEfiCurrentTpl =3D PendingTpl; if (gEfiCurrentTpl < TPL_HIGH_LEVEL) { CoreSetInterruptState (TRUE); } -- 2.12.0.windows.1