Re: [PATCH 1/3] MdeModulePkg/PciHostBridge: Enhance boundary check in Io/Mem.Read/Write

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ni, Ruiyu" <ruiyu.ni@Intel.com>
To: "Zeng, Star" <star.zeng@intel.com>, edk2-devel@lists.01.org
Subject: Re: [PATCH 1/3] MdeModulePkg/PciHostBridge: Enhance boundary check in Io/Mem.Read/Write
Date: Tue, 25 Sep 2018 10:43:35 +0800	[thread overview]
Message-ID: <33222c6c-74d8-1efb-6656-79c3ef75de5d@Intel.com> (raw)
In-Reply-To: <73f95487-2316-401a-3129-aee0e52eed9f@intel.com>

On 9/25/2018 10:14 AM, Zeng, Star wrote:
> Two very small comments are added below.
> 
> On 2018/9/21 15:25, Ruiyu Ni wrote:
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
>> Cc: Star Zeng <star.zeng@intel.com>
>> ---
>>   .../Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c     | 26 
>> +++++++++++++++++-----
>>   1 file changed, 21 insertions(+), 5 deletions(-)
>>
>> diff --git a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c 
>> b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
>> index f8a1239ceb..0b6b56f846 100644
>> --- a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
>> +++ b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
>> @@ -321,6 +321,7 @@ RootBridgeIoCheckParameter (
>>     UINT64                                       Base;
>>     UINT64                                       Limit;
>>     UINT32                                       Size;
>> +  UINT64                                       Length;
>>     //
>>     // Check to see if Buffer is NULL
>> @@ -337,7 +338,7 @@ RootBridgeIoCheckParameter (
>>     }
>>     //
>> -  // For FIFO type, the target address won't increase during the access,
>> +  // For FIFO type, the device address won't increase during the access,
>>     // so treat Count as 1
>>     //
>>     if (Width >= EfiPciWidthFifoUint8 && Width <= 
>> EfiPciWidthFifoUint64) {
>> @@ -347,6 +348,13 @@ RootBridgeIoCheckParameter (
>>     Width = (EFI_PCI_ROOT_BRIDGE_IO_PROTOCOL_WIDTH) (Width & 0x03);
>>     Size  = 1 << Width;
>> +  //
>> +  // Make sure (Count * Size) doesn't exceed MAX_UINT64
>> +  //
>> +  if (Count > DivU64x32 (MAX_UINT64, Size)) {
>> +    return EFI_INVALID_PARAMETER;
>> +  }
>> +
> 
> Mark as "Code Block 1".
> 
>>     //
>>     // Check to see if Address is aligned
>>     //
>> @@ -354,6 +362,14 @@ RootBridgeIoCheckParameter (
>>       return EFI_UNSUPPORTED;
>>     }
>> +  //
>> +  // Make sure (Address + Count * Size) doesn't exceed MAX_UINT64
>> +  //
>> +  Length = MultU64x32 (Count, Size);
>> +  if (Address > MAX_UINT64 - Length) {
>> +    return EFI_INVALID_PARAMETER;
>> +  }
>> +
> 
> Is there some reason this code block is not put together with the "Code 
> Block 1"? Both are checking integer overflow.

This code block is to check whether the Address is valid.
I group the code by the parameter. If you check the original code, you 
will see the checks performed on parameters: Buffer, Width, Count, Address.


> 
> How about also enhancing the function description a little to add one 
> line for describing the overflow invalid parameter cases?
> 
>    @retval EFI_INVALID_PARAMETER  XXX.

Sure, I will send V2 with the updated function description.

> 
> or just updating the line below?
> 
>    @retval EFI_UNSUPPORTED        The address range specified by 
> Address, Width,
>                                   and Count is not valid for this PI 
> system.
> 
> 
> Thanks,
> Star
> 
>>     RootBridge = ROOT_BRIDGE_FROM_THIS (This);
>>     //
>> @@ -372,7 +388,7 @@ RootBridgeIoCheckParameter (
>>       //
>>       // Allow Legacy IO access
>>       //
>> -    if (Address + MultU64x32 (Count, Size) <= 0x1000) {
>> +    if (Address + Length <= 0x1000) {
>>         if ((RootBridge->Attributes & (
>>              EFI_PCI_ATTRIBUTE_ISA_IO | 
>> EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO | EFI_PCI_ATTRIBUTE_VGA_IO |
>>              EFI_PCI_ATTRIBUTE_IDE_PRIMARY_IO | 
>> EFI_PCI_ATTRIBUTE_IDE_SECONDARY_IO |
>> @@ -386,7 +402,7 @@ RootBridgeIoCheckParameter (
>>       //
>>       // Allow Legacy MMIO access
>>       //
>> -    if ((Address >= 0xA0000) && (Address + MultU64x32 (Count, Size)) 
>> <= 0xC0000) {
>> +    if ((Address >= 0xA0000) && (Address + Length) <= 0xC0000) {
>>         if ((RootBridge->Attributes & EFI_PCI_ATTRIBUTE_VGA_MEMORY) != 
>> 0) {
>>           return EFI_SUCCESS;
>>         }
>> @@ -395,7 +411,7 @@ RootBridgeIoCheckParameter (
>>       // By comparing the Address against Limit we know which range to 
>> be used
>>       // for checking
>>       //
>> -    if (Address + MultU64x32 (Count, Size) <= RootBridge->Mem.Limit + 
>> 1) {
>> +    if (Address + Length <= RootBridge->Mem.Limit + 1) {
>>         Base = RootBridge->Mem.Base;
>>         Limit = RootBridge->Mem.Limit;
>>       } else {
>> @@ -427,7 +443,7 @@ RootBridgeIoCheckParameter (
>>         return EFI_INVALID_PARAMETER;
>>     }
>> -  if (Address + MultU64x32 (Count, Size) > Limit + 1) {
>> +  if (Address + Length > Limit + 1) {
>>       return EFI_INVALID_PARAMETER;
>>     }
>>
> 


-- 
Thanks,
Ray

next prev parent reply	other threads:[~2018-09-25  2:43 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-21  7:25 [PATCH 0/3] Fix a bug that prevents PMEM access Ruiyu Ni
2018-09-21  7:25 ` [PATCH 1/3] MdeModulePkg/PciHostBridge: Enhance boundary check in Io/Mem.Read/Write Ruiyu Ni
2018-09-21 10:53   ` Laszlo Ersek
2018-09-24 13:18   ` Kirkendall, Garrett
2018-09-25  2:14   ` Zeng, Star
2018-09-25  2:43     ` Ni, Ruiyu [this message]
2018-09-25  3:02       ` Zeng, Star
2018-09-21  7:25 ` [PATCH 2/3] MdeModulePkg/PciHostBridge: Fix a bug that prevents PMEM access Ruiyu Ni
2018-09-21 11:06   ` Laszlo Ersek
2018-09-25  2:11     ` Ni, Ruiyu
2018-09-24 13:19   ` Kirkendall, Garrett
2018-09-25  2:15   ` Zeng, Star
2018-09-21  7:25 ` [PATCH 3/3] MdeModulePkg/PciHostBridge: Add RESOURCE_VALID() to simplify code Ruiyu Ni
2018-09-21 11:12   ` Laszlo Ersek
2018-09-25  2:25     ` Ni, Ruiyu
2018-09-25  2:35     ` Zeng, Star
2018-09-25  2:47       ` Ni, Ruiyu
2018-09-25  3:13         ` Zeng, Star
2018-09-25  5:03           ` Ni, Ruiyu
2018-09-24 13:20   ` Kirkendall, Garrett

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=33222c6c-74d8-1efb-6656-79c3ef75de5d@Intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox