* [RFC PATCH 0/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation @ 2020-02-13 18:29 Philippe Mathieu-Daudé 2020-02-13 18:29 ` [RFC PATCH 1/1] " Philippe Mathieu-Daudé 0 siblings, 1 reply; 7+ messages in thread From: Philippe Mathieu-Daudé @ 2020-02-13 18:29 UTC (permalink / raw) To: devel Cc: Philippe Mathieu-Daude, Jian J Wang, Hao A Wu, Eric Dong, Laszlo Ersek Commit 322ac05f8bbc added truncation checks to fix CVE-2019-14563. I found the 'a * b > d - c' reverse notation not obvious to review, and suggested to write 'a * b + c > d'. Laszlo explained me this is the EDK2 standard pattern to check against each overflow, but pointed out the SafeIntLib which have pretty readable calls. This is my try at using it. Regards, Phil. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Philippe Mathieu-Daudé (1): MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation .../DxeS3BootScriptLib.inf | 1 + .../InternalBootScriptLib.h | 1 + .../PiDxeS3BootScriptLib/BootScriptSave.c | 114 +++++++++++------- 3 files changed, 73 insertions(+), 43 deletions(-) -- 2.21.1 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [RFC PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation 2020-02-13 18:29 [RFC PATCH 0/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation Philippe Mathieu-Daudé @ 2020-02-13 18:29 ` Philippe Mathieu-Daudé 2020-02-13 18:33 ` Philippe Mathieu-Daudé 0 siblings, 1 reply; 7+ messages in thread From: Philippe Mathieu-Daudé @ 2020-02-13 18:29 UTC (permalink / raw) To: devel Cc: Philippe Mathieu-Daude, Jian J Wang, Hao A Wu, Eric Dong, Laszlo Ersek Math expressions written in terms of SafeIntLib function calls are easily readable, making review trivial. Convert the truncation checks added by commit 322ac05f8 to SafeIntLib calls. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Eric Dong <eric.dong@intel.com> Suggested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> --- .../DxeS3BootScriptLib.inf | 1 + .../InternalBootScriptLib.h | 1 + .../PiDxeS3BootScriptLib/BootScriptSave.c | 114 +++++++++++------- 3 files changed, 73 insertions(+), 43 deletions(-) diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf index 2b894c99da55..698039fe8e69 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf @@ -40,15 +40,16 @@ [Packages] [LibraryClasses] UefiBootServicesTableLib BaseLib BaseMemoryLib TimerLib DebugLib PcdLib UefiLib SmbusLib PciSegmentLib IoLib LockBoxLib + SafeIntLib [Protocols] gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h index 9485994087d0..7513220c15ac 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h @@ -1,49 +1,50 @@ /** @file Support for S3 boot script lib. This file defined some internal macro and internal data structure Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent **/ #ifndef __INTERNAL_BOOT_SCRIPT_LIB__ #define __INTERNAL_BOOT_SCRIPT_LIB__ #include <PiDxe.h> #include <Guid/EventGroup.h> #include <Protocol/SmmBase2.h> #include <Protocol/DxeSmmReadyToLock.h> #include <Protocol/SmmReadyToLock.h> #include <Protocol/SmmExitBootServices.h> #include <Protocol/SmmLegacyBoot.h> #include <Library/S3BootScriptLib.h> #include <Library/UefiBootServicesTableLib.h> #include <Library/BaseLib.h> #include <Library/PcdLib.h> #include <Library/SmbusLib.h> #include <Library/IoLib.h> #include <Library/PciSegmentLib.h> #include <Library/DebugLib.h> #include <Library/BaseMemoryLib.h> #include <Library/TimerLib.h> #include <Library/UefiLib.h> #include <Library/LockBoxLib.h> +#include <Library/SafeIntLib.h> #include "BootScriptInternalFormat.h" #define MAX_IO_ADDRESS 0xFFFF // // Macro to convert a UEFI PCI address + segment to a PCI Segment Library PCI address // #define PCI_ADDRESS_ENCODE(S, A) PCI_SEGMENT_LIB_ADDRESS( \ S, \ ((((UINTN)(A)) & 0xff000000) >> 24), \ ((((UINTN)(A)) & 0x00ff0000) >> 16), \ ((((UINTN)(A)) & 0xff00) >> 8), \ ((RShiftU64 ((A), 32) & 0xfff) | ((A) & 0xff)) \ ) diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c index 9315fc9f0188..d229263638fc 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c @@ -995,55 +995,60 @@ EFIAPI S3BootScriptSaveIoWrite ( IN S3_BOOT_SCRIPT_LIB_WIDTH Width, IN UINT64 Address, IN UINTN Count, IN VOID *Buffer ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; UINT8 WidthInByte; EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite; - WidthInByte = (UINT8) (0x01 << (Width & 0x03)); + Status = SafeUintnToUint8 (Count, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status = SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } - // - // Truncation check - // - if ((Count > MAX_UINT8) || - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) { + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_IO_WRITE), &Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count)); Script = S3BootScriptGetEntryAddAddress (Length); if (Script == NULL) { return RETURN_OUT_OF_RESOURCES; } // // save script data // ScriptIoWrite.OpCode = EFI_BOOT_SCRIPT_IO_WRITE_OPCODE; ScriptIoWrite.Length = Length; ScriptIoWrite.Width = Width; ScriptIoWrite.Address = Address; ScriptIoWrite.Count = (UINT32) Count; CopyMem ((VOID*)Script, (VOID*)&ScriptIoWrite, sizeof(EFI_BOOT_SCRIPT_IO_WRITE)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_IO_WRITE)), Buffer, WidthInByte * Count); SyncBootScript (Script); return RETURN_SUCCESS; } /** Adds a record for an I/O modify operation into a S3 boot script table @param Width The width of the I/O operations.Enumerated in S3_BOOT_SCRIPT_LIB_WIDTH. @param Address The base address of the I/O operations. @param Data A pointer to the data to be OR-ed. @param DataMask A pointer to the data mask to be AND-ed with the data read from the register @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do operation. @retval RETURN_SUCCESS Opcode is added. **/ @@ -1100,54 +1105,59 @@ EFIAPI S3BootScriptSaveMemWrite ( IN S3_BOOT_SCRIPT_LIB_WIDTH Width, IN UINT64 Address, IN UINTN Count, IN VOID *Buffer ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; UINT8 WidthInByte; EFI_BOOT_SCRIPT_MEM_WRITE ScriptMemWrite; - WidthInByte = (UINT8) (0x01 << (Width & 0x03)); + Status = SafeUintnToUint8 (Count, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status = SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } - // - // Truncation check - // - if ((Count > MAX_UINT8) || - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE))) { + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_MEM_WRITE), &Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * Count)); Script = S3BootScriptGetEntryAddAddress (Length); if (Script == NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptMemWrite.OpCode = EFI_BOOT_SCRIPT_MEM_WRITE_OPCODE; ScriptMemWrite.Length = Length; ScriptMemWrite.Width = Width; ScriptMemWrite.Address = Address; ScriptMemWrite.Count = (UINT32) Count; CopyMem ((VOID*)Script, (VOID*)&ScriptMemWrite, sizeof(EFI_BOOT_SCRIPT_MEM_WRITE)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_MEM_WRITE)), Buffer, WidthInByte * Count); SyncBootScript (Script); return RETURN_SUCCESS; } /** Adds a record for a memory modify operation into a specified boot script table. @param Width The width of the I/O operations.Enumerated in S3_BOOT_SCRIPT_LIB_WIDTH. @param Address The base address of the memory operations. Address needs alignment if required @param Data A pointer to the data to be OR-ed. @param DataMask A pointer to the data mask to be AND-ed with the data read from the register. @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do operation. @retval RETURN_SUCCESS Opcode is added. **/ @@ -1206,62 +1216,67 @@ EFIAPI S3BootScriptSavePciCfgWrite ( IN S3_BOOT_SCRIPT_LIB_WIDTH Width, IN UINT64 Address, IN UINTN Count, IN VOID *Buffer ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; UINT8 WidthInByte; EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE ScriptPciWrite; if (Width == S3BootScriptWidthUint64 || Width == S3BootScriptWidthFifoUint64 || Width == S3BootScriptWidthFillUint64) { return EFI_INVALID_PARAMETER; } - WidthInByte = (UINT8) (0x01 << (Width & 0x03)); + Status = SafeUintnToUint8 (Count, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status = SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } - // - // Truncation check - // - if ((Count > MAX_UINT8) || - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE))) { + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE), &Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE) + (WidthInByte * Count)); Script = S3BootScriptGetEntryAddAddress (Length); if (Script == NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptPciWrite.OpCode = EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE_OPCODE; ScriptPciWrite.Length = Length; ScriptPciWrite.Width = Width; ScriptPciWrite.Address = Address; ScriptPciWrite.Count = (UINT32) Count; CopyMem ((VOID*)Script, (VOID*)&ScriptPciWrite, sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE)), Buffer, WidthInByte * Count); SyncBootScript (Script); return RETURN_SUCCESS; } /** Adds a record for a PCI configuration space modify operation into a specified boot script table. @param Width The width of the I/O operations.Enumerated in S3_BOOT_SCRIPT_LIB_WIDTH. @param Address The address within the PCI configuration space. @param Data A pointer to the data to be OR-ed.The size depends on Width. @param DataMask A pointer to the data mask to be AND-ed. @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do operation. @retval RETURN__SUCCESS Opcode is added. @note A known Limitations in the implementation which is 64bits operations are not supported. **/ @@ -1331,65 +1346,70 @@ EFIAPI S3BootScriptSavePciCfg2Write ( IN S3_BOOT_SCRIPT_LIB_WIDTH Width, IN UINT16 Segment, IN UINT64 Address, IN UINTN Count, IN VOID *Buffer ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; UINT8 WidthInByte; EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE ScriptPciWrite2; if (Width == S3BootScriptWidthUint64 || Width == S3BootScriptWidthFifoUint64 || Width == S3BootScriptWidthFillUint64) { return EFI_INVALID_PARAMETER; } - WidthInByte = (UINT8) (0x01 << (Width & 0x03)); + Status = SafeUintnToUint8 (Count, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status = SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } - // - // Truncation check - // - if ((Count > MAX_UINT8) || - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE))) { + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE), &Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE) + (WidthInByte * Count)); Script = S3BootScriptGetEntryAddAddress (Length); if (Script == NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptPciWrite2.OpCode = EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE_OPCODE; ScriptPciWrite2.Length = Length; ScriptPciWrite2.Width = Width; ScriptPciWrite2.Address = Address; ScriptPciWrite2.Segment = Segment; ScriptPciWrite2.Count = (UINT32)Count; CopyMem ((VOID*)Script, (VOID*)&ScriptPciWrite2, sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE)), Buffer, WidthInByte * Count); SyncBootScript (Script); return RETURN_SUCCESS; } /** Adds a record for a PCI configuration 2 space modify operation into a specified boot script table. @param Width The width of the I/O operations.Enumerated in S3_BOOT_SCRIPT_LIB_WIDTH. @param Segment The PCI segment number for Address. @param Address The address within the PCI configuration space. @param Data A pointer to the data to be OR-ed. The size depends on Width. @param DataMask A pointer to the data mask to be AND-ed. @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do operation. @retval RETURN_SUCCESS Opcode is added. @note A known Limitations in the implementation which is 64bits operations are not supported. **/ @@ -1560,64 +1580,66 @@ EFIAPI S3BootScriptSaveSmbusExecute ( IN UINTN SmBusAddress, IN EFI_SMBUS_OPERATION Operation, IN UINTN *Length, IN VOID *Buffer ) { EFI_STATUS Status; UINTN BufferLength; UINT8 DataSize; UINT8 *Script; EFI_BOOT_SCRIPT_SMBUS_EXECUTE ScriptSmbusExecute; if (Length == NULL) { BufferLength = 0; } else { BufferLength = *Length; } Status = CheckParameters (SmBusAddress, Operation, &BufferLength, Buffer); if (EFI_ERROR (Status)) { return Status; } - // - // Truncation check - // - if (BufferLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)) { + Status = SafeUintnToUint8 (BufferLength, &DataSize); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status = SafeUint8Add (DataSize, sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE), &DataSize); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - DataSize = (UINT8)(sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE) + BufferLength); Script = S3BootScriptGetEntryAddAddress (DataSize); if (Script == NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptSmbusExecute.OpCode = EFI_BOOT_SCRIPT_SMBUS_EXECUTE_OPCODE; ScriptSmbusExecute.Length = DataSize; ScriptSmbusExecute.SmBusAddress = (UINT64) SmBusAddress; ScriptSmbusExecute.Operation = Operation; ScriptSmbusExecute.DataSize = (UINT32) BufferLength; CopyMem ((VOID*)Script, (VOID*)&ScriptSmbusExecute, sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)); CopyMem ( (VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)), Buffer, BufferLength ); SyncBootScript (Script); return RETURN_SUCCESS; } /** Adds a record for an execution stall on the processor into a specified boot script table. @param Duration Duration in microseconds of the stall @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do operation. @retval RETURN_SUCCESS Opcode is added. **/ @@ -1768,48 +1790,51 @@ EFIAPI S3BootScriptSaveInformation ( IN UINT32 InformationLength, IN VOID *Information ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; EFI_BOOT_SCRIPT_INFORMATION ScriptInformation; - // - // Truncation check - // - if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) { + Status = SafeUint32ToUint8 (InformationLength, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_INFORMATION), &Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength); Script = S3BootScriptGetEntryAddAddress (Length); if (Script == NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptInformation.OpCode = EFI_BOOT_SCRIPT_INFORMATION_OPCODE; ScriptInformation.Length = Length; ScriptInformation.InformationLength = InformationLength; CopyMem ((VOID*)Script, (VOID*)&ScriptInformation, sizeof (EFI_BOOT_SCRIPT_INFORMATION)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_INFORMATION)), (VOID *) Information, (UINTN) InformationLength); SyncBootScript (Script); return RETURN_SUCCESS; } /** Store a string in the boot script table. This opcode is a no-op on dispatch and is only used for debugging script issues. @param String The string to save to boot script table @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do operation. @retval RETURN_SUCCESS Opcode is added. **/ @@ -2231,62 +2256,65 @@ EFIAPI S3BootScriptLabelInternal ( IN BOOLEAN BeforeOrAfter, IN OUT VOID **Position OPTIONAL, IN UINT32 InformationLength, IN CONST CHAR8 *Information ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; EFI_BOOT_SCRIPT_INFORMATION ScriptInformation; - // - // Truncation check - // - if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) { + Status = SafeUint32ToUint8 (InformationLength, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_INFORMATION), &Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength); Script = S3BootScriptGetEntryAddAddress (Length); if (Script == NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptInformation.OpCode = S3_BOOT_SCRIPT_LIB_LABEL_OPCODE; ScriptInformation.Length = Length; ScriptInformation.InformationLength = InformationLength; CopyMem ((VOID*)Script, (VOID*)&ScriptInformation, sizeof (EFI_BOOT_SCRIPT_INFORMATION)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_INFORMATION)), (VOID *) Information, (UINTN) InformationLength); SyncBootScript (Script); return S3BootScriptMoveLastOpcode (BeforeOrAfter, Position); } /** Find a label within the boot script table and, if not present, optionally create it. @param BeforeOrAfter Specifies whether the opcode is stored before (TRUE) or after (FALSE) the position in the boot script table specified by Position. @param CreateIfNotFound Specifies whether the label will be created if the label does not exists (TRUE) or not (FALSE). @param Position On entry, specifies the position in the boot script table where the opcode will be inserted, either before or after, depending on BeforeOrAfter. On exit, specifies the position of the inserted opcode in the boot script table. @param Label Points to the label which will be inserted in the boot script table. @retval EFI_SUCCESS The operation succeeded. A record was added into the specified script table. @retval EFI_INVALID_PARAMETER The parameter is illegal or the given boot script is not supported. If the opcode is unknow or not supported because of the PCD Feature Flags. @retval EFI_OUT_OF_RESOURCES There is insufficient memory to store the boot script. **/ -- 2.21.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [RFC PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation 2020-02-13 18:29 ` [RFC PATCH 1/1] " Philippe Mathieu-Daudé @ 2020-02-13 18:33 ` Philippe Mathieu-Daudé 2020-02-17 9:32 ` [edk2-devel] " Laszlo Ersek 0 siblings, 1 reply; 7+ messages in thread From: Philippe Mathieu-Daudé @ 2020-02-13 18:33 UTC (permalink / raw) To: devel; +Cc: Jian J Wang, Hao A Wu, Eric Dong, Laszlo Ersek On 2/13/20 7:29 PM, Philippe Mathieu-Daude wrote: > Math expressions written in terms of SafeIntLib function calls > are easily readable, making review trivial. Convert the truncation > checks added by commit 322ac05f8 to SafeIntLib calls. > > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Eric Dong <eric.dong@intel.com> > Suggested-by: Laszlo Ersek <lersek@redhat.com> > Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> > --- > .../DxeS3BootScriptLib.inf | 1 + > .../InternalBootScriptLib.h | 1 + > .../PiDxeS3BootScriptLib/BootScriptSave.c | 114 +++++++++++------- > 3 files changed, 73 insertions(+), 43 deletions(-) > > diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > index 2b894c99da55..698039fe8e69 100644 > --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > @@ -40,15 +40,16 @@ [Packages] > [LibraryClasses] > UefiBootServicesTableLib > BaseLib > BaseMemoryLib > TimerLib > DebugLib > PcdLib > UefiLib > SmbusLib > PciSegmentLib > IoLib > LockBoxLib > + SafeIntLib > > [Protocols] > gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES > diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h > index 9485994087d0..7513220c15ac 100644 > --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h > +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h > @@ -1,49 +1,50 @@ > /** @file > Support for S3 boot script lib. This file defined some internal macro and internal > data structure > > Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > #ifndef __INTERNAL_BOOT_SCRIPT_LIB__ > #define __INTERNAL_BOOT_SCRIPT_LIB__ > > #include <PiDxe.h> > > #include <Guid/EventGroup.h> > #include <Protocol/SmmBase2.h> > #include <Protocol/DxeSmmReadyToLock.h> > #include <Protocol/SmmReadyToLock.h> > #include <Protocol/SmmExitBootServices.h> > #include <Protocol/SmmLegacyBoot.h> > > #include <Library/S3BootScriptLib.h> > > #include <Library/UefiBootServicesTableLib.h> > #include <Library/BaseLib.h> > #include <Library/PcdLib.h> > #include <Library/SmbusLib.h> > #include <Library/IoLib.h> > #include <Library/PciSegmentLib.h> > #include <Library/DebugLib.h> > #include <Library/BaseMemoryLib.h> > #include <Library/TimerLib.h> > #include <Library/UefiLib.h> > #include <Library/LockBoxLib.h> > +#include <Library/SafeIntLib.h> > > #include "BootScriptInternalFormat.h" > > #define MAX_IO_ADDRESS 0xFFFF > > // > // Macro to convert a UEFI PCI address + segment to a PCI Segment Library PCI address > // > #define PCI_ADDRESS_ENCODE(S, A) PCI_SEGMENT_LIB_ADDRESS( \ > S, \ > ((((UINTN)(A)) & 0xff000000) >> 24), \ > ((((UINTN)(A)) & 0x00ff0000) >> 16), \ > ((((UINTN)(A)) & 0xff00) >> 8), \ > ((RShiftU64 ((A), 32) & 0xfff) | ((A) & 0xff)) \ > ) > diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c > index 9315fc9f0188..d229263638fc 100644 > --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c > +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c > @@ -995,55 +995,60 @@ EFIAPI > S3BootScriptSaveIoWrite ( > IN S3_BOOT_SCRIPT_LIB_WIDTH Width, > IN UINT64 Address, > IN UINTN Count, > IN VOID *Buffer > ) > > { > + EFI_STATUS Status; > UINT8 Length; > UINT8 *Script; > UINT8 WidthInByte; > EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite; > > - WidthInByte = (UINT8) (0x01 << (Width & 0x03)); > + Status = SafeUintnToUint8 (Count, &Length); > + if (EFI_ERROR (Status)) { > + return RETURN_OUT_OF_RESOURCES; > + } > + > + Status = SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); > + if (EFI_ERROR (Status)) { > + return RETURN_OUT_OF_RESOURCES; > + } > > - // > - // Truncation check > - // > - if ((Count > MAX_UINT8) || > - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) { > + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_IO_WRITE), &Length); > + if (EFI_ERROR (Status)) { > return RETURN_OUT_OF_RESOURCES; > } > - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count)); > > Script = S3BootScriptGetEntryAddAddress (Length); > if (Script == NULL) { > return RETURN_OUT_OF_RESOURCES; > } > // > // save script data > // > ScriptIoWrite.OpCode = EFI_BOOT_SCRIPT_IO_WRITE_OPCODE; > ScriptIoWrite.Length = Length; > ScriptIoWrite.Width = Width; > ScriptIoWrite.Address = Address; > ScriptIoWrite.Count = (UINT32) Count; > CopyMem ((VOID*)Script, (VOID*)&ScriptIoWrite, sizeof(EFI_BOOT_SCRIPT_IO_WRITE)); > CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_IO_WRITE)), Buffer, WidthInByte * Count); > > SyncBootScript (Script); > > return RETURN_SUCCESS; > } Oops wrong version (WidthInByte is uninitialized). ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation 2020-02-13 18:33 ` Philippe Mathieu-Daudé @ 2020-02-17 9:32 ` Laszlo Ersek 2020-02-18 6:51 ` GuoMinJ ` (2 more replies) 0 siblings, 3 replies; 7+ messages in thread From: Laszlo Ersek @ 2020-02-17 9:32 UTC (permalink / raw) To: devel, philmd; +Cc: Jian J Wang, Hao A Wu, Eric Dong On 02/13/20 19:33, Philippe Mathieu-Daudé wrote: > On 2/13/20 7:29 PM, Philippe Mathieu-Daude wrote: >> Math expressions written in terms of SafeIntLib function calls >> are easily readable, making review trivial. Convert the truncation >> checks added by commit 322ac05f8 to SafeIntLib calls. >> >> Cc: Jian J Wang <jian.j.wang@intel.com> >> Cc: Hao A Wu <hao.a.wu@intel.com> >> Cc: Eric Dong <eric.dong@intel.com> >> Suggested-by: Laszlo Ersek <lersek@redhat.com> >> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> >> --- >> .../DxeS3BootScriptLib.inf | 1 + >> .../InternalBootScriptLib.h | 1 + >> .../PiDxeS3BootScriptLib/BootScriptSave.c | 114 +++++++++++------- >> 3 files changed, 73 insertions(+), 43 deletions(-) >> >> diff --git >> a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf >> b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf >> index 2b894c99da55..698039fe8e69 100644 >> --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf >> +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf >> @@ -40,15 +40,16 @@ [Packages] >> [LibraryClasses] >> UefiBootServicesTableLib >> BaseLib >> BaseMemoryLib >> TimerLib >> DebugLib >> PcdLib >> UefiLib >> SmbusLib >> PciSegmentLib >> IoLib >> LockBoxLib >> + SafeIntLib >> [Protocols] >> gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES >> diff --git >> a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h >> b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h >> index 9485994087d0..7513220c15ac 100644 >> --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h >> +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h >> @@ -1,49 +1,50 @@ >> /** @file >> Support for S3 boot script lib. This file defined some internal >> macro and internal >> data structure >> Copyright (c) 2006 - 2016, Intel Corporation. All rights >> reserved.<BR> >> SPDX-License-Identifier: BSD-2-Clause-Patent >> **/ >> #ifndef __INTERNAL_BOOT_SCRIPT_LIB__ >> #define __INTERNAL_BOOT_SCRIPT_LIB__ >> #include <PiDxe.h> >> #include <Guid/EventGroup.h> >> #include <Protocol/SmmBase2.h> >> #include <Protocol/DxeSmmReadyToLock.h> >> #include <Protocol/SmmReadyToLock.h> >> #include <Protocol/SmmExitBootServices.h> >> #include <Protocol/SmmLegacyBoot.h> >> #include <Library/S3BootScriptLib.h> >> #include <Library/UefiBootServicesTableLib.h> >> #include <Library/BaseLib.h> >> #include <Library/PcdLib.h> >> #include <Library/SmbusLib.h> >> #include <Library/IoLib.h> >> #include <Library/PciSegmentLib.h> >> #include <Library/DebugLib.h> >> #include <Library/BaseMemoryLib.h> >> #include <Library/TimerLib.h> >> #include <Library/UefiLib.h> >> #include <Library/LockBoxLib.h> >> +#include <Library/SafeIntLib.h> >> #include "BootScriptInternalFormat.h" >> #define MAX_IO_ADDRESS 0xFFFF >> // >> // Macro to convert a UEFI PCI address + segment to a PCI Segment >> Library PCI address >> // >> #define PCI_ADDRESS_ENCODE(S, A) PCI_SEGMENT_LIB_ADDRESS( \ >> S, \ >> ((((UINTN)(A)) & 0xff000000) >> >> 24), \ >> ((((UINTN)(A)) & 0x00ff0000) >> >> 16), \ >> ((((UINTN)(A)) & 0xff00) >> 8), \ >> ((RShiftU64 ((A), 32) & 0xfff) | >> ((A) & 0xff)) \ >> ) >> diff --git >> a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c >> b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c >> index 9315fc9f0188..d229263638fc 100644 >> --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c >> +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c >> @@ -995,55 +995,60 @@ EFIAPI >> S3BootScriptSaveIoWrite ( >> IN S3_BOOT_SCRIPT_LIB_WIDTH Width, >> IN UINT64 Address, >> IN UINTN Count, >> IN VOID *Buffer >> ) >> { >> + EFI_STATUS Status; >> UINT8 Length; >> UINT8 *Script; >> UINT8 WidthInByte; >> EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite; >> - WidthInByte = (UINT8) (0x01 << (Width & 0x03)); >> + Status = SafeUintnToUint8 (Count, &Length); >> + if (EFI_ERROR (Status)) { >> + return RETURN_OUT_OF_RESOURCES; >> + } >> + >> + Status = SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); >> + if (EFI_ERROR (Status)) { >> + return RETURN_OUT_OF_RESOURCES; >> + } >> - // >> - // Truncation check >> - // >> - if ((Count > MAX_UINT8) || >> - (WidthInByte * Count > MAX_UINT8 - sizeof >> (EFI_BOOT_SCRIPT_IO_WRITE))) { >> + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_IO_WRITE), >> &Length); >> + if (EFI_ERROR (Status)) { >> return RETURN_OUT_OF_RESOURCES; >> } >> - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * >> Count)); >> Script = S3BootScriptGetEntryAddAddress (Length); >> if (Script == NULL) { >> return RETURN_OUT_OF_RESOURCES; >> } >> // >> // save script data >> // >> ScriptIoWrite.OpCode = EFI_BOOT_SCRIPT_IO_WRITE_OPCODE; >> ScriptIoWrite.Length = Length; >> ScriptIoWrite.Width = Width; >> ScriptIoWrite.Address = Address; >> ScriptIoWrite.Count = (UINT32) Count; >> CopyMem ((VOID*)Script, (VOID*)&ScriptIoWrite, >> sizeof(EFI_BOOT_SCRIPT_IO_WRITE)); >> CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_IO_WRITE)), >> Buffer, WidthInByte * Count); >> SyncBootScript (Script); >> return RETURN_SUCCESS; >> } > > Oops wrong version (WidthInByte is uninitialized). Also -- if the MdeModulePkg maintainers like the appraoch in general --, you could eliminate the "WidthInByte * Count" multiplication from the CopyMem() call altogether. Instead, you could save the SafeUint8Mult() result in an intermediate variable, and reuse it here. Just an idea (again, only for the case when the MdeModulePkg actually like this refactoring). Thanks! Laszlo ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation 2020-02-17 9:32 ` [edk2-devel] " Laszlo Ersek @ 2020-02-18 6:51 ` GuoMinJ 2020-02-18 7:04 ` GuoMinJ 2020-02-18 7:10 ` GuoMinJ 2 siblings, 0 replies; 7+ messages in thread From: GuoMinJ @ 2020-02-18 6:51 UTC (permalink / raw) To: Laszlo Ersek, devel [-- Attachment #1: Type: text/plain, Size: 47 bytes --] I agree with this comment. Thanks. Guomin [-- Attachment #2: Type: text/html, Size: 59 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation 2020-02-17 9:32 ` [edk2-devel] " Laszlo Ersek 2020-02-18 6:51 ` GuoMinJ @ 2020-02-18 7:04 ` GuoMinJ 2020-02-18 7:10 ` GuoMinJ 2 siblings, 0 replies; 7+ messages in thread From: GuoMinJ @ 2020-02-18 7:04 UTC (permalink / raw) To: Laszlo Ersek, devel [-- Attachment #1: Type: text/plain, Size: 28 bytes --] I agree with this comment. [-- Attachment #2: Type: text/html, Size: 28 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [RFC PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation 2020-02-17 9:32 ` [edk2-devel] " Laszlo Ersek 2020-02-18 6:51 ` GuoMinJ 2020-02-18 7:04 ` GuoMinJ @ 2020-02-18 7:10 ` GuoMinJ 2 siblings, 0 replies; 7+ messages in thread From: GuoMinJ @ 2020-02-18 7:10 UTC (permalink / raw) To: devel, lersek; +Cc: philmd, Jian J Wang, Hao A Wu, Eric Dong [-- Attachment #1: Type: text/plain, Size: 6996 bytes --] I agree with this comment. Laszlo Ersek <lersek@redhat.com> 于2020年2月17日周一 下午5:32写道: > On 02/13/20 19:33, Philippe Mathieu-Daudé wrote: > > On 2/13/20 7:29 PM, Philippe Mathieu-Daude wrote: > >> Math expressions written in terms of SafeIntLib function calls > >> are easily readable, making review trivial. Convert the truncation > >> checks added by commit 322ac05f8 to SafeIntLib calls. > >> > >> Cc: Jian J Wang <jian.j.wang@intel.com> > >> Cc: Hao A Wu <hao.a.wu@intel.com> > >> Cc: Eric Dong <eric.dong@intel.com> > >> Suggested-by: Laszlo Ersek <lersek@redhat.com> > >> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> > >> --- > >> .../DxeS3BootScriptLib.inf | 1 + > >> .../InternalBootScriptLib.h | 1 + > >> .../PiDxeS3BootScriptLib/BootScriptSave.c | 114 +++++++++++------- > >> 3 files changed, 73 insertions(+), 43 deletions(-) > >> > >> diff --git > >> a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > >> b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > >> index 2b894c99da55..698039fe8e69 100644 > >> --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > >> +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > >> @@ -40,15 +40,16 @@ [Packages] > >> [LibraryClasses] > >> UefiBootServicesTableLib > >> BaseLib > >> BaseMemoryLib > >> TimerLib > >> DebugLib > >> PcdLib > >> UefiLib > >> SmbusLib > >> PciSegmentLib > >> IoLib > >> LockBoxLib > >> + SafeIntLib > >> [Protocols] > >> gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES > >> diff --git > >> a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h > >> b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h > >> index 9485994087d0..7513220c15ac 100644 > >> --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h > >> +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h > >> @@ -1,49 +1,50 @@ > >> /** @file > >> Support for S3 boot script lib. This file defined some internal > >> macro and internal > >> data structure > >> Copyright (c) 2006 - 2016, Intel Corporation. All rights > >> reserved.<BR> > >> SPDX-License-Identifier: BSD-2-Clause-Patent > >> **/ > >> #ifndef __INTERNAL_BOOT_SCRIPT_LIB__ > >> #define __INTERNAL_BOOT_SCRIPT_LIB__ > >> #include <PiDxe.h> > >> #include <Guid/EventGroup.h> > >> #include <Protocol/SmmBase2.h> > >> #include <Protocol/DxeSmmReadyToLock.h> > >> #include <Protocol/SmmReadyToLock.h> > >> #include <Protocol/SmmExitBootServices.h> > >> #include <Protocol/SmmLegacyBoot.h> > >> #include <Library/S3BootScriptLib.h> > >> #include <Library/UefiBootServicesTableLib.h> > >> #include <Library/BaseLib.h> > >> #include <Library/PcdLib.h> > >> #include <Library/SmbusLib.h> > >> #include <Library/IoLib.h> > >> #include <Library/PciSegmentLib.h> > >> #include <Library/DebugLib.h> > >> #include <Library/BaseMemoryLib.h> > >> #include <Library/TimerLib.h> > >> #include <Library/UefiLib.h> > >> #include <Library/LockBoxLib.h> > >> +#include <Library/SafeIntLib.h> > >> #include "BootScriptInternalFormat.h" > >> #define MAX_IO_ADDRESS 0xFFFF > >> // > >> // Macro to convert a UEFI PCI address + segment to a PCI Segment > >> Library PCI address > >> // > >> #define PCI_ADDRESS_ENCODE(S, A) PCI_SEGMENT_LIB_ADDRESS( \ > >> S, \ > >> ((((UINTN)(A)) & 0xff000000) >> > >> 24), \ > >> ((((UINTN)(A)) & 0x00ff0000) >> > >> 16), \ > >> ((((UINTN)(A)) & 0xff00) >> 8), \ > >> ((RShiftU64 ((A), 32) & 0xfff) | > >> ((A) & 0xff)) \ > >> ) > >> diff --git > >> a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c > >> b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c > >> index 9315fc9f0188..d229263638fc 100644 > >> --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c > >> +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c > >> @@ -995,55 +995,60 @@ EFIAPI > >> S3BootScriptSaveIoWrite ( > >> IN S3_BOOT_SCRIPT_LIB_WIDTH Width, > >> IN UINT64 Address, > >> IN UINTN Count, > >> IN VOID *Buffer > >> ) > >> { > >> + EFI_STATUS Status; > >> UINT8 Length; > >> UINT8 *Script; > >> UINT8 WidthInByte; > >> EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite; > >> - WidthInByte = (UINT8) (0x01 << (Width & 0x03)); > >> + Status = SafeUintnToUint8 (Count, &Length); > >> + if (EFI_ERROR (Status)) { > >> + return RETURN_OUT_OF_RESOURCES; > >> + } > >> + > >> + Status = SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); > >> + if (EFI_ERROR (Status)) { > >> + return RETURN_OUT_OF_RESOURCES; > >> + } > >> - // > >> - // Truncation check > >> - // > >> - if ((Count > MAX_UINT8) || > >> - (WidthInByte * Count > MAX_UINT8 - sizeof > >> (EFI_BOOT_SCRIPT_IO_WRITE))) { > >> + Status = SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_IO_WRITE), > >> &Length); > >> + if (EFI_ERROR (Status)) { > >> return RETURN_OUT_OF_RESOURCES; > >> } > >> - Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * > >> Count)); > >> Script = S3BootScriptGetEntryAddAddress (Length); > >> if (Script == NULL) { > >> return RETURN_OUT_OF_RESOURCES; > >> } > >> // > >> // save script data > >> // > >> ScriptIoWrite.OpCode = EFI_BOOT_SCRIPT_IO_WRITE_OPCODE; > >> ScriptIoWrite.Length = Length; > >> ScriptIoWrite.Width = Width; > >> ScriptIoWrite.Address = Address; > >> ScriptIoWrite.Count = (UINT32) Count; > >> CopyMem ((VOID*)Script, (VOID*)&ScriptIoWrite, > >> sizeof(EFI_BOOT_SCRIPT_IO_WRITE)); > >> CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_IO_WRITE)), > >> Buffer, WidthInByte * Count); > >> SyncBootScript (Script); > >> return RETURN_SUCCESS; > >> } > > > > Oops wrong version (WidthInByte is uninitialized). > > Also -- if the MdeModulePkg maintainers like the appraoch in general --, > you could eliminate the "WidthInByte * Count" multiplication from the > CopyMem() call altogether. Instead, you could save the SafeUint8Mult() > result in an intermediate variable, and reuse it here. > > Just an idea (again, only for the case when the MdeModulePkg actually > like this refactoring). > > Thanks! > Laszlo > > > > > [-- Attachment #2: Type: text/html, Size: 9763 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-02-18 7:10 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-02-13 18:29 [RFC PATCH 0/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation Philippe Mathieu-Daudé 2020-02-13 18:29 ` [RFC PATCH 1/1] " Philippe Mathieu-Daudé 2020-02-13 18:33 ` Philippe Mathieu-Daudé 2020-02-17 9:32 ` [edk2-devel] " Laszlo Ersek 2020-02-18 6:51 ` GuoMinJ 2020-02-18 7:04 ` GuoMinJ 2020-02-18 7:10 ` GuoMinJ
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox