public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
@ 2017-08-23  5:29 Eric Dong
  2017-08-23 21:50 ` Kinney, Michael D
  0 siblings, 1 reply; 5+ messages in thread
From: Eric Dong @ 2017-08-23  5:29 UTC (permalink / raw)
  To: edk2-devel; +Cc: Michael Kinney, Ruiyu Ni

Current calculate timeout logic may have overflow if the input
timeout value too large. This patch fix this potential overflow
issue.

Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 UefiCpuPkg/Library/MpInitLib/MpLib.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index ed1f55e..005dec4 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -1001,6 +1001,9 @@ CalculateTimeout (
   OUT UINT64  *CurrentTime
   )
 {
+  UINT64 TimeoutInSeconds;
+  UINT64 TimestampCounterFreq;
+
   //
   // Read the current value of the performance counter
   //
@@ -1019,13 +1022,26 @@ CalculateTimeout (
   // in Hz. So multiply the return value with TimeoutInMicroseconds and then divide
   // it by 1,000,000, to get the number of ticks for the timeout value.
   //
-  return DivU64x32 (
-           MultU64x64 (
-             GetPerformanceCounterProperties (NULL, NULL),
-             TimeoutInMicroseconds
-             ),
-           1000000
-           );
+  TimestampCounterFreq = GetPerformanceCounterProperties (NULL, NULL);
+  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds, NULL) < TimestampCounterFreq) {
+    //
+    // Convert microseconds into seconds if direct multiplication overflows
+    //
+    TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds, 1000000);
+    //
+    // Assertion if the final tick count exceeds MAX_UINT64
+    //
+    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds, NULL) >= TimestampCounterFreq);
+    return MultU64x64 (TimestampCounterFreq, TimeoutInSeconds);
+  } else {
+    return DivU64x32 (
+             MultU64x64 (
+               GetPerformanceCounterProperties (NULL, NULL),
+               TimeoutInMicroseconds
+               ),
+             1000000
+             );
+  }
 }
 
 /**
-- 
2.7.0.windows.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
@ 2017-08-24  2:56 Eric Dong
  2017-08-25  0:36 ` Kinney, Michael D
  0 siblings, 1 reply; 5+ messages in thread
From: Eric Dong @ 2017-08-24  2:56 UTC (permalink / raw)
  To: edk2-devel; +Cc: Michael Kinney, Ruiyu Ni

Current calculate timeout logic may have overflow if the input
timeout value too large. This patch fix this potential overflow
issue.

V2: Use local variable instead of call GetPerformanceCounterProperties
twice. Also correct some comments.

Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 UefiCpuPkg/Library/MpInitLib/MpLib.c | 43 +++++++++++++++++++++++++++---------
 1 file changed, 33 insertions(+), 10 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index ed1f55e..8394572 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -1001,6 +1001,9 @@ CalculateTimeout (
   OUT UINT64  *CurrentTime
   )
 {
+  UINT64 TimeoutInSeconds;
+  UINT64 TimestampCounterFreq;
+
   //
   // Read the current value of the performance counter
   //
@@ -1016,16 +1019,36 @@ CalculateTimeout (
 
   //
   // GetPerformanceCounterProperties () returns the timestamp counter's frequency
-  // in Hz. So multiply the return value with TimeoutInMicroseconds and then divide
-  // it by 1,000,000, to get the number of ticks for the timeout value.
-  //
-  return DivU64x32 (
-           MultU64x64 (
-             GetPerformanceCounterProperties (NULL, NULL),
-             TimeoutInMicroseconds
-             ),
-           1000000
-           );
+  // in Hz. 
+  //
+  TimestampCounterFreq = GetPerformanceCounterProperties (NULL, NULL);
+
+  //
+  // Check the potential overflow before calculate the number of ticks for the timeout value.
+  //
+  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds, NULL) < TimestampCounterFreq) {
+    //
+    // Convert microseconds into seconds if direct multiplication overflows
+    //
+    TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds, 1000000);
+    //
+    // Assertion if the final tick count exceeds MAX_UINT64
+    //
+    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds, NULL) >= TimestampCounterFreq);
+    return MultU64x64 (TimestampCounterFreq, TimeoutInSeconds);
+  } else {
+    //
+    // No overflow case, multiply the return value with TimeoutInMicroseconds and then divide
+    // it by 1,000,000, to get the number of ticks for the timeout value.
+    //
+    return DivU64x32 (
+             MultU64x64 (
+               TimestampCounterFreq,
+               TimeoutInMicroseconds
+               ),
+             1000000
+             );
+  }
 }
 
 /**
-- 
2.7.0.windows.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-08-25  0:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-23  5:29 [Patch] UefiCpuPkg/MpLib: fix potential overflow issue Eric Dong
2017-08-23 21:50 ` Kinney, Michael D
2017-08-24  3:04   ` Dong, Eric
  -- strict thread matches above, loose matches on Subject: below --
2017-08-24  2:56 Eric Dong
2017-08-25  0:36 ` Kinney, Michael D

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox