public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
@ 2017-08-23  5:29 Eric Dong
  2017-08-23 21:50 ` Kinney, Michael D
  0 siblings, 1 reply; 5+ messages in thread
From: Eric Dong @ 2017-08-23  5:29 UTC (permalink / raw)
  To: edk2-devel; +Cc: Michael Kinney, Ruiyu Ni

Current calculate timeout logic may have overflow if the input
timeout value too large. This patch fix this potential overflow
issue.

Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 UefiCpuPkg/Library/MpInitLib/MpLib.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index ed1f55e..005dec4 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -1001,6 +1001,9 @@ CalculateTimeout (
   OUT UINT64  *CurrentTime
   )
 {
+  UINT64 TimeoutInSeconds;
+  UINT64 TimestampCounterFreq;
+
   //
   // Read the current value of the performance counter
   //
@@ -1019,13 +1022,26 @@ CalculateTimeout (
   // in Hz. So multiply the return value with TimeoutInMicroseconds and then divide
   // it by 1,000,000, to get the number of ticks for the timeout value.
   //
-  return DivU64x32 (
-           MultU64x64 (
-             GetPerformanceCounterProperties (NULL, NULL),
-             TimeoutInMicroseconds
-             ),
-           1000000
-           );
+  TimestampCounterFreq = GetPerformanceCounterProperties (NULL, NULL);
+  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds, NULL) < TimestampCounterFreq) {
+    //
+    // Convert microseconds into seconds if direct multiplication overflows
+    //
+    TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds, 1000000);
+    //
+    // Assertion if the final tick count exceeds MAX_UINT64
+    //
+    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds, NULL) >= TimestampCounterFreq);
+    return MultU64x64 (TimestampCounterFreq, TimeoutInSeconds);
+  } else {
+    return DivU64x32 (
+             MultU64x64 (
+               GetPerformanceCounterProperties (NULL, NULL),
+               TimeoutInMicroseconds
+               ),
+             1000000
+             );
+  }
 }
 
 /**
-- 
2.7.0.windows.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
  2017-08-23  5:29 Eric Dong
@ 2017-08-23 21:50 ` Kinney, Michael D
  2017-08-24  3:04   ` Dong, Eric
  0 siblings, 1 reply; 5+ messages in thread
From: Kinney, Michael D @ 2017-08-23 21:50 UTC (permalink / raw)
  To: Dong, Eric, edk2-devel@lists.01.org, Kinney, Michael D; +Cc: Ni, Ruiyu

Hi Eric,

With this patch GetPerformanceCounterProperties() is called 
twice.  I think you can use TimestampCounterFreq in the else
clause.

Also, the comment blocks are no longer correct.  The original
comment block goes with the else clause, and you need a new
comment block for the if statement that describes the check
for an overflow.

Mike

> -----Original Message-----
> From: Dong, Eric
> Sent: Tuesday, August 22, 2017 10:30 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ruiyu
> <ruiyu.ni@intel.com>
> Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow
> issue.
> 
> Current calculate timeout logic may have overflow if the input
> timeout value too large. This patch fix this potential overflow
> issue.
> 
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
>  UefiCpuPkg/Library/MpInitLib/MpLib.c | 30
> +++++++++++++++++++++++-------
>  1 file changed, 23 insertions(+), 7 deletions(-)
> 
> diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> index ed1f55e..005dec4 100644
> --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> @@ -1001,6 +1001,9 @@ CalculateTimeout (
>    OUT UINT64  *CurrentTime
>    )
>  {
> +  UINT64 TimeoutInSeconds;
> +  UINT64 TimestampCounterFreq;
> +
>    //
>    // Read the current value of the performance counter
>    //
> @@ -1019,13 +1022,26 @@ CalculateTimeout (
>    // in Hz. So multiply the return value with
> TimeoutInMicroseconds and then divide
>    // it by 1,000,000, to get the number of ticks for the
> timeout value.
>    //
> -  return DivU64x32 (
> -           MultU64x64 (
> -             GetPerformanceCounterProperties (NULL, NULL),
> -             TimeoutInMicroseconds
> -             ),
> -           1000000
> -           );
> +  TimestampCounterFreq = GetPerformanceCounterProperties
> (NULL, NULL);
> +  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds,
> NULL) < TimestampCounterFreq) {
> +    //
> +    // Convert microseconds into seconds if direct
> multiplication overflows
> +    //
> +    TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds,
> 1000000);
> +    //
> +    // Assertion if the final tick count exceeds MAX_UINT64
> +    //
> +    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds,
> NULL) >= TimestampCounterFreq);
> +    return MultU64x64 (TimestampCounterFreq,
> TimeoutInSeconds);
> +  } else {
> +    return DivU64x32 (
> +             MultU64x64 (
> +               GetPerformanceCounterProperties (NULL, NULL),

Use TimestampCounterFreq instead.

> +               TimeoutInMicroseconds
> +               ),
> +             1000000
> +             );
> +  }
>  }
> 
>  /**
> --
> 2.7.0.windows.1



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
@ 2017-08-24  2:56 Eric Dong
  2017-08-25  0:36 ` Kinney, Michael D
  0 siblings, 1 reply; 5+ messages in thread
From: Eric Dong @ 2017-08-24  2:56 UTC (permalink / raw)
  To: edk2-devel; +Cc: Michael Kinney, Ruiyu Ni

Current calculate timeout logic may have overflow if the input
timeout value too large. This patch fix this potential overflow
issue.

V2: Use local variable instead of call GetPerformanceCounterProperties
twice. Also correct some comments.

Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 UefiCpuPkg/Library/MpInitLib/MpLib.c | 43 +++++++++++++++++++++++++++---------
 1 file changed, 33 insertions(+), 10 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index ed1f55e..8394572 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -1001,6 +1001,9 @@ CalculateTimeout (
   OUT UINT64  *CurrentTime
   )
 {
+  UINT64 TimeoutInSeconds;
+  UINT64 TimestampCounterFreq;
+
   //
   // Read the current value of the performance counter
   //
@@ -1016,16 +1019,36 @@ CalculateTimeout (
 
   //
   // GetPerformanceCounterProperties () returns the timestamp counter's frequency
-  // in Hz. So multiply the return value with TimeoutInMicroseconds and then divide
-  // it by 1,000,000, to get the number of ticks for the timeout value.
-  //
-  return DivU64x32 (
-           MultU64x64 (
-             GetPerformanceCounterProperties (NULL, NULL),
-             TimeoutInMicroseconds
-             ),
-           1000000
-           );
+  // in Hz. 
+  //
+  TimestampCounterFreq = GetPerformanceCounterProperties (NULL, NULL);
+
+  //
+  // Check the potential overflow before calculate the number of ticks for the timeout value.
+  //
+  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds, NULL) < TimestampCounterFreq) {
+    //
+    // Convert microseconds into seconds if direct multiplication overflows
+    //
+    TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds, 1000000);
+    //
+    // Assertion if the final tick count exceeds MAX_UINT64
+    //
+    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds, NULL) >= TimestampCounterFreq);
+    return MultU64x64 (TimestampCounterFreq, TimeoutInSeconds);
+  } else {
+    //
+    // No overflow case, multiply the return value with TimeoutInMicroseconds and then divide
+    // it by 1,000,000, to get the number of ticks for the timeout value.
+    //
+    return DivU64x32 (
+             MultU64x64 (
+               TimestampCounterFreq,
+               TimeoutInMicroseconds
+               ),
+             1000000
+             );
+  }
 }
 
 /**
-- 
2.7.0.windows.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
  2017-08-23 21:50 ` Kinney, Michael D
@ 2017-08-24  3:04   ` Dong, Eric
  0 siblings, 0 replies; 5+ messages in thread
From: Dong, Eric @ 2017-08-24  3:04 UTC (permalink / raw)
  To: Kinney, Michael D, edk2-devel@lists.01.org; +Cc: Ni, Ruiyu

Mike, 

Thanks for the comments, I updated the patch, please help to review the new patch.

Thanks,
Eric
-----Original Message-----
From: Kinney, Michael D 
Sent: Thursday, August 24, 2017 5:51 AM
To: Dong, Eric <eric.dong@intel.com>; edk2-devel@lists.01.org; Kinney, Michael D <michael.d.kinney@intel.com>
Cc: Ni, Ruiyu <ruiyu.ni@intel.com>
Subject: RE: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.

Hi Eric,

With this patch GetPerformanceCounterProperties() is called twice.  I think you can use TimestampCounterFreq in the else clause.

Also, the comment blocks are no longer correct.  The original comment block goes with the else clause, and you need a new comment block for the if statement that describes the check for an overflow.

Mike

> -----Original Message-----
> From: Dong, Eric
> Sent: Tuesday, August 22, 2017 10:30 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ruiyu 
> <ruiyu.ni@intel.com>
> Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
> 
> Current calculate timeout logic may have overflow if the input timeout 
> value too large. This patch fix this potential overflow issue.
> 
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
>  UefiCpuPkg/Library/MpInitLib/MpLib.c | 30
> +++++++++++++++++++++++-------
>  1 file changed, 23 insertions(+), 7 deletions(-)
> 
> diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> index ed1f55e..005dec4 100644
> --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> @@ -1001,6 +1001,9 @@ CalculateTimeout (
>    OUT UINT64  *CurrentTime
>    )
>  {
> +  UINT64 TimeoutInSeconds;
> +  UINT64 TimestampCounterFreq;
> +
>    //
>    // Read the current value of the performance counter
>    //
> @@ -1019,13 +1022,26 @@ CalculateTimeout (
>    // in Hz. So multiply the return value with TimeoutInMicroseconds 
> and then divide
>    // it by 1,000,000, to get the number of ticks for the timeout 
> value.
>    //
> -  return DivU64x32 (
> -           MultU64x64 (
> -             GetPerformanceCounterProperties (NULL, NULL),
> -             TimeoutInMicroseconds
> -             ),
> -           1000000
> -           );
> +  TimestampCounterFreq = GetPerformanceCounterProperties
> (NULL, NULL);
> +  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds,
> NULL) < TimestampCounterFreq) {
> +    //
> +    // Convert microseconds into seconds if direct
> multiplication overflows
> +    //
> +    TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds,
> 1000000);
> +    //
> +    // Assertion if the final tick count exceeds MAX_UINT64
> +    //
> +    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds,
> NULL) >= TimestampCounterFreq);
> +    return MultU64x64 (TimestampCounterFreq,
> TimeoutInSeconds);
> +  } else {
> +    return DivU64x32 (
> +             MultU64x64 (
> +               GetPerformanceCounterProperties (NULL, NULL),

Use TimestampCounterFreq instead.

> +               TimeoutInMicroseconds
> +               ),
> +             1000000
> +             );
> +  }
>  }
> 
>  /**
> --
> 2.7.0.windows.1



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
  2017-08-24  2:56 [Patch] UefiCpuPkg/MpLib: fix potential overflow issue Eric Dong
@ 2017-08-25  0:36 ` Kinney, Michael D
  0 siblings, 0 replies; 5+ messages in thread
From: Kinney, Michael D @ 2017-08-25  0:36 UTC (permalink / raw)
  To: Dong, Eric, edk2-devel@lists.01.org, Kinney, Michael D; +Cc: Ni, Ruiyu

Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>

Mike

> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, August 23, 2017 7:57 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ruiyu
> <ruiyu.ni@intel.com>
> Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow
> issue.
> 
> Current calculate timeout logic may have overflow if the input
> timeout value too large. This patch fix this potential
> overflow
> issue.
> 
> V2: Use local variable instead of call
> GetPerformanceCounterProperties
> twice. Also correct some comments.
> 
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
>  UefiCpuPkg/Library/MpInitLib/MpLib.c | 43
> +++++++++++++++++++++++++++---------
>  1 file changed, 33 insertions(+), 10 deletions(-)
> 
> diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> index ed1f55e..8394572 100644
> --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> @@ -1001,6 +1001,9 @@ CalculateTimeout (
>    OUT UINT64  *CurrentTime
>    )
>  {
> +  UINT64 TimeoutInSeconds;
> +  UINT64 TimestampCounterFreq;
> +
>    //
>    // Read the current value of the performance counter
>    //
> @@ -1016,16 +1019,36 @@ CalculateTimeout (
> 
>    //
>    // GetPerformanceCounterProperties () returns the timestamp
> counter's frequency
> -  // in Hz. So multiply the return value with
> TimeoutInMicroseconds and then divide
> -  // it by 1,000,000, to get the number of ticks for the
> timeout value.
> -  //
> -  return DivU64x32 (
> -           MultU64x64 (
> -             GetPerformanceCounterProperties (NULL, NULL),
> -             TimeoutInMicroseconds
> -             ),
> -           1000000
> -           );
> +  // in Hz.
> +  //
> +  TimestampCounterFreq = GetPerformanceCounterProperties
> (NULL, NULL);
> +
> +  //
> +  // Check the potential overflow before calculate the number
> of ticks for the timeout value.
> +  //
> +  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds,
> NULL) < TimestampCounterFreq) {
> +    //
> +    // Convert microseconds into seconds if direct
> multiplication overflows
> +    //
> +    TimeoutInSeconds = DivU64x32 (TimeoutInMicroseconds,
> 1000000);
> +    //
> +    // Assertion if the final tick count exceeds MAX_UINT64
> +    //
> +    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds,
> NULL) >= TimestampCounterFreq);
> +    return MultU64x64 (TimestampCounterFreq,
> TimeoutInSeconds);
> +  } else {
> +    //
> +    // No overflow case, multiply the return value with
> TimeoutInMicroseconds and then divide
> +    // it by 1,000,000, to get the number of ticks for the
> timeout value.
> +    //
> +    return DivU64x32 (
> +             MultU64x64 (
> +               TimestampCounterFreq,
> +               TimeoutInMicroseconds
> +               ),
> +             1000000
> +             );
> +  }
>  }
> 
>  /**
> --
> 2.7.0.windows.1



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2017-08-25  0:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-24  2:56 [Patch] UefiCpuPkg/MpLib: fix potential overflow issue Eric Dong
2017-08-25  0:36 ` Kinney, Michael D
  -- strict thread matches above, loose matches on Subject: below --
2017-08-23  5:29 Eric Dong
2017-08-23 21:50 ` Kinney, Michael D
2017-08-24  3:04   ` Dong, Eric

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox