* [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
@ 2017-08-23 5:29 Eric Dong
2017-08-23 21:50 ` Kinney, Michael D
0 siblings, 1 reply; 5+ messages in thread
From: Eric Dong @ 2017-08-23 5:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Michael Kinney, Ruiyu Ni
Current calculate timeout logic may have overflow if the input
timeout value too large. This patch fix this potential overflow
issue.
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
UefiCpuPkg/Library/MpInitLib/MpLib.c | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index ed1f55e..005dec4 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -1001,6 +1001,9 @@ CalculateTimeout (
OUT UINT64 *CurrentTime
)
{
+ UINT64 TimeoutInSeconds;
+ UINT64 TimestampCounterFreq;
+
//
// Read the current value of the performance counter
//
@@ -1019,13 +1022,26 @@ CalculateTimeout (
// in Hz. So multiply the return value with TimeoutInMicroseconds and then divide
// it by 1,000,000, to get the number of ticks for the timeout value.
//
- return DivU64x32 (
- MultU64x64 (
- GetPerformanceCounterProperties (NULL, NULL),
- TimeoutInMicroseconds
- ),
- 1000000
- );
+ TimestampCounterFreq = GetPerformanceCounterProperties (NULL, NULL);
+ if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds, NULL) < TimestampCounterFreq) {
+ //
+ // Convert microseconds into seconds if direct multiplication overflows
+ //
+ TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds, 1000000);
+ //
+ // Assertion if the final tick count exceeds MAX_UINT64
+ //
+ ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds, NULL) >= TimestampCounterFreq);
+ return MultU64x64 (TimestampCounterFreq, TimeoutInSeconds);
+ } else {
+ return DivU64x32 (
+ MultU64x64 (
+ GetPerformanceCounterProperties (NULL, NULL),
+ TimeoutInMicroseconds
+ ),
+ 1000000
+ );
+ }
}
/**
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
2017-08-23 5:29 Eric Dong
@ 2017-08-23 21:50 ` Kinney, Michael D
2017-08-24 3:04 ` Dong, Eric
0 siblings, 1 reply; 5+ messages in thread
From: Kinney, Michael D @ 2017-08-23 21:50 UTC (permalink / raw)
To: Dong, Eric, edk2-devel@lists.01.org, Kinney, Michael D; +Cc: Ni, Ruiyu
Hi Eric,
With this patch GetPerformanceCounterProperties() is called
twice. I think you can use TimestampCounterFreq in the else
clause.
Also, the comment blocks are no longer correct. The original
comment block goes with the else clause, and you need a new
comment block for the if statement that describes the check
for an overflow.
Mike
> -----Original Message-----
> From: Dong, Eric
> Sent: Tuesday, August 22, 2017 10:30 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ruiyu
> <ruiyu.ni@intel.com>
> Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow
> issue.
>
> Current calculate timeout logic may have overflow if the input
> timeout value too large. This patch fix this potential overflow
> issue.
>
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
> UefiCpuPkg/Library/MpInitLib/MpLib.c | 30
> +++++++++++++++++++++++-------
> 1 file changed, 23 insertions(+), 7 deletions(-)
>
> diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> index ed1f55e..005dec4 100644
> --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> @@ -1001,6 +1001,9 @@ CalculateTimeout (
> OUT UINT64 *CurrentTime
> )
> {
> + UINT64 TimeoutInSeconds;
> + UINT64 TimestampCounterFreq;
> +
> //
> // Read the current value of the performance counter
> //
> @@ -1019,13 +1022,26 @@ CalculateTimeout (
> // in Hz. So multiply the return value with
> TimeoutInMicroseconds and then divide
> // it by 1,000,000, to get the number of ticks for the
> timeout value.
> //
> - return DivU64x32 (
> - MultU64x64 (
> - GetPerformanceCounterProperties (NULL, NULL),
> - TimeoutInMicroseconds
> - ),
> - 1000000
> - );
> + TimestampCounterFreq = GetPerformanceCounterProperties
> (NULL, NULL);
> + if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds,
> NULL) < TimestampCounterFreq) {
> + //
> + // Convert microseconds into seconds if direct
> multiplication overflows
> + //
> + TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds,
> 1000000);
> + //
> + // Assertion if the final tick count exceeds MAX_UINT64
> + //
> + ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds,
> NULL) >= TimestampCounterFreq);
> + return MultU64x64 (TimestampCounterFreq,
> TimeoutInSeconds);
> + } else {
> + return DivU64x32 (
> + MultU64x64 (
> + GetPerformanceCounterProperties (NULL, NULL),
Use TimestampCounterFreq instead.
> + TimeoutInMicroseconds
> + ),
> + 1000000
> + );
> + }
> }
>
> /**
> --
> 2.7.0.windows.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
@ 2017-08-24 2:56 Eric Dong
2017-08-25 0:36 ` Kinney, Michael D
0 siblings, 1 reply; 5+ messages in thread
From: Eric Dong @ 2017-08-24 2:56 UTC (permalink / raw)
To: edk2-devel; +Cc: Michael Kinney, Ruiyu Ni
Current calculate timeout logic may have overflow if the input
timeout value too large. This patch fix this potential overflow
issue.
V2: Use local variable instead of call GetPerformanceCounterProperties
twice. Also correct some comments.
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
UefiCpuPkg/Library/MpInitLib/MpLib.c | 43 +++++++++++++++++++++++++++---------
1 file changed, 33 insertions(+), 10 deletions(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index ed1f55e..8394572 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -1001,6 +1001,9 @@ CalculateTimeout (
OUT UINT64 *CurrentTime
)
{
+ UINT64 TimeoutInSeconds;
+ UINT64 TimestampCounterFreq;
+
//
// Read the current value of the performance counter
//
@@ -1016,16 +1019,36 @@ CalculateTimeout (
//
// GetPerformanceCounterProperties () returns the timestamp counter's frequency
- // in Hz. So multiply the return value with TimeoutInMicroseconds and then divide
- // it by 1,000,000, to get the number of ticks for the timeout value.
- //
- return DivU64x32 (
- MultU64x64 (
- GetPerformanceCounterProperties (NULL, NULL),
- TimeoutInMicroseconds
- ),
- 1000000
- );
+ // in Hz.
+ //
+ TimestampCounterFreq = GetPerformanceCounterProperties (NULL, NULL);
+
+ //
+ // Check the potential overflow before calculate the number of ticks for the timeout value.
+ //
+ if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds, NULL) < TimestampCounterFreq) {
+ //
+ // Convert microseconds into seconds if direct multiplication overflows
+ //
+ TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds, 1000000);
+ //
+ // Assertion if the final tick count exceeds MAX_UINT64
+ //
+ ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds, NULL) >= TimestampCounterFreq);
+ return MultU64x64 (TimestampCounterFreq, TimeoutInSeconds);
+ } else {
+ //
+ // No overflow case, multiply the return value with TimeoutInMicroseconds and then divide
+ // it by 1,000,000, to get the number of ticks for the timeout value.
+ //
+ return DivU64x32 (
+ MultU64x64 (
+ TimestampCounterFreq,
+ TimeoutInMicroseconds
+ ),
+ 1000000
+ );
+ }
}
/**
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
2017-08-23 21:50 ` Kinney, Michael D
@ 2017-08-24 3:04 ` Dong, Eric
0 siblings, 0 replies; 5+ messages in thread
From: Dong, Eric @ 2017-08-24 3:04 UTC (permalink / raw)
To: Kinney, Michael D, edk2-devel@lists.01.org; +Cc: Ni, Ruiyu
Mike,
Thanks for the comments, I updated the patch, please help to review the new patch.
Thanks,
Eric
-----Original Message-----
From: Kinney, Michael D
Sent: Thursday, August 24, 2017 5:51 AM
To: Dong, Eric <eric.dong@intel.com>; edk2-devel@lists.01.org; Kinney, Michael D <michael.d.kinney@intel.com>
Cc: Ni, Ruiyu <ruiyu.ni@intel.com>
Subject: RE: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
Hi Eric,
With this patch GetPerformanceCounterProperties() is called twice. I think you can use TimestampCounterFreq in the else clause.
Also, the comment blocks are no longer correct. The original comment block goes with the else clause, and you need a new comment block for the if statement that describes the check for an overflow.
Mike
> -----Original Message-----
> From: Dong, Eric
> Sent: Tuesday, August 22, 2017 10:30 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ruiyu
> <ruiyu.ni@intel.com>
> Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
>
> Current calculate timeout logic may have overflow if the input timeout
> value too large. This patch fix this potential overflow issue.
>
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
> UefiCpuPkg/Library/MpInitLib/MpLib.c | 30
> +++++++++++++++++++++++-------
> 1 file changed, 23 insertions(+), 7 deletions(-)
>
> diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> index ed1f55e..005dec4 100644
> --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> @@ -1001,6 +1001,9 @@ CalculateTimeout (
> OUT UINT64 *CurrentTime
> )
> {
> + UINT64 TimeoutInSeconds;
> + UINT64 TimestampCounterFreq;
> +
> //
> // Read the current value of the performance counter
> //
> @@ -1019,13 +1022,26 @@ CalculateTimeout (
> // in Hz. So multiply the return value with TimeoutInMicroseconds
> and then divide
> // it by 1,000,000, to get the number of ticks for the timeout
> value.
> //
> - return DivU64x32 (
> - MultU64x64 (
> - GetPerformanceCounterProperties (NULL, NULL),
> - TimeoutInMicroseconds
> - ),
> - 1000000
> - );
> + TimestampCounterFreq = GetPerformanceCounterProperties
> (NULL, NULL);
> + if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds,
> NULL) < TimestampCounterFreq) {
> + //
> + // Convert microseconds into seconds if direct
> multiplication overflows
> + //
> + TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds,
> 1000000);
> + //
> + // Assertion if the final tick count exceeds MAX_UINT64
> + //
> + ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds,
> NULL) >= TimestampCounterFreq);
> + return MultU64x64 (TimestampCounterFreq,
> TimeoutInSeconds);
> + } else {
> + return DivU64x32 (
> + MultU64x64 (
> + GetPerformanceCounterProperties (NULL, NULL),
Use TimestampCounterFreq instead.
> + TimeoutInMicroseconds
> + ),
> + 1000000
> + );
> + }
> }
>
> /**
> --
> 2.7.0.windows.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
2017-08-24 2:56 [Patch] UefiCpuPkg/MpLib: fix potential overflow issue Eric Dong
@ 2017-08-25 0:36 ` Kinney, Michael D
0 siblings, 0 replies; 5+ messages in thread
From: Kinney, Michael D @ 2017-08-25 0:36 UTC (permalink / raw)
To: Dong, Eric, edk2-devel@lists.01.org, Kinney, Michael D; +Cc: Ni, Ruiyu
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Mike
> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, August 23, 2017 7:57 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ruiyu
> <ruiyu.ni@intel.com>
> Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow
> issue.
>
> Current calculate timeout logic may have overflow if the input
> timeout value too large. This patch fix this potential
> overflow
> issue.
>
> V2: Use local variable instead of call
> GetPerformanceCounterProperties
> twice. Also correct some comments.
>
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
> UefiCpuPkg/Library/MpInitLib/MpLib.c | 43
> +++++++++++++++++++++++++++---------
> 1 file changed, 33 insertions(+), 10 deletions(-)
>
> diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> index ed1f55e..8394572 100644
> --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> @@ -1001,6 +1001,9 @@ CalculateTimeout (
> OUT UINT64 *CurrentTime
> )
> {
> + UINT64 TimeoutInSeconds;
> + UINT64 TimestampCounterFreq;
> +
> //
> // Read the current value of the performance counter
> //
> @@ -1016,16 +1019,36 @@ CalculateTimeout (
>
> //
> // GetPerformanceCounterProperties () returns the timestamp
> counter's frequency
> - // in Hz. So multiply the return value with
> TimeoutInMicroseconds and then divide
> - // it by 1,000,000, to get the number of ticks for the
> timeout value.
> - //
> - return DivU64x32 (
> - MultU64x64 (
> - GetPerformanceCounterProperties (NULL, NULL),
> - TimeoutInMicroseconds
> - ),
> - 1000000
> - );
> + // in Hz.
> + //
> + TimestampCounterFreq = GetPerformanceCounterProperties
> (NULL, NULL);
> +
> + //
> + // Check the potential overflow before calculate the number
> of ticks for the timeout value.
> + //
> + if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds,
> NULL) < TimestampCounterFreq) {
> + //
> + // Convert microseconds into seconds if direct
> multiplication overflows
> + //
> + TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds,
> 1000000);
> + //
> + // Assertion if the final tick count exceeds MAX_UINT64
> + //
> + ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds,
> NULL) >= TimestampCounterFreq);
> + return MultU64x64 (TimestampCounterFreq,
> TimeoutInSeconds);
> + } else {
> + //
> + // No overflow case, multiply the return value with
> TimeoutInMicroseconds and then divide
> + // it by 1,000,000, to get the number of ticks for the
> timeout value.
> + //
> + return DivU64x32 (
> + MultU64x64 (
> + TimestampCounterFreq,
> + TimeoutInMicroseconds
> + ),
> + 1000000
> + );
> + }
> }
>
> /**
> --
> 2.7.0.windows.1
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-08-25 0:34 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-24 2:56 [Patch] UefiCpuPkg/MpLib: fix potential overflow issue Eric Dong
2017-08-25 0:36 ` Kinney, Michael D
-- strict thread matches above, loose matches on Subject: below --
2017-08-23 5:29 Eric Dong
2017-08-23 21:50 ` Kinney, Michael D
2017-08-24 3:04 ` Dong, Eric
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox