* [PATCH v2 0/1] Refine casting expression result to bigger size @ 2017-01-24 7:25 Hao Wu 2017-01-24 7:25 ` [PATCH v2 1/1] MdePkg: " Hao Wu 0 siblings, 1 reply; 7+ messages in thread From: Hao Wu @ 2017-01-24 7:25 UTC (permalink / raw) To: edk2-devel Cc: Hao Wu, Michael Kinney, Liming Gao, Eric Dong, Laszlo Ersek, Ard Biesheuvel Please note that this patch is maily for feedback collection and the patch only covers MdePkg. We are working on patches for other packages. V2: Follow the below rules to refine codes: 1). When the expression will not overflow within the rank of "int", remove the explicit type casts: c = a + b; 2). When the expression is possible to overflow the range of unsigned int/ int: c = (UINT64)a + b; V1: There are cases that the operands of an expression are all with rank less than UINT64/INT64 and the result of the expression is casted to UINT64/INT64 to fit the target size. An example will be: UINT32 a,b; // a and b can be any unsigned int type with rank less than UINT64, like // UINT8, UINT16, etc. UINT64 c; c = (UINT64) (a + b); Some static code checkers may warn that the expression result might overflow within the rank of int (integer promotions) and the result is then cast to a bigger size. For the consideration of generated binaries size, the commit will keep the size of the operands as the size of int, and explitly add a type cast before converting the result to UINT64/INT64. 1). When there is no operand with type UINTN (UINTN) (a + b) -> (UINTN)(UINT32) (a + b) or (UINT64) (a + b) -> (UINT64)(UINT32) (a + b) 2). Otherwise (UINT64) (a + b) -> (UINT64)(UINTN) (a + b) Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Hao Wu (1): MdePkg: Refine casting expression result to bigger size MdePkg/Library/BaseLib/String.c | 4 ++-- MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 12 +++++------- MdePkg/Library/BaseS3PciLib/S3PciLib.c | 4 ++-- MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c | 4 ++-- MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c | 4 ++-- 5 files changed, 13 insertions(+), 15 deletions(-) -- 1.9.5.msysgit.0 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 1/1] MdePkg: Refine casting expression result to bigger size 2017-01-24 7:25 [PATCH v2 0/1] Refine casting expression result to bigger size Hao Wu @ 2017-01-24 7:25 ` Hao Wu 2017-01-24 9:53 ` Laszlo Ersek 0 siblings, 1 reply; 7+ messages in thread From: Hao Wu @ 2017-01-24 7:25 UTC (permalink / raw) To: edk2-devel; +Cc: Hao Wu There are cases that the operands of an expression are all with rank less than UINT64/INT64 and the result of the expression is explicitly casted to UINT64/INT64 to fit the target size. An example will be: UINT32 a,b; // a and b can be any unsigned int type with rank less than UINT64, like // UINT8, UINT16, etc. UINT64 c; c = (UINT64) (a + b); Some static code checkers may warn that the expression result might overflow within the rank of "int" (integer promotions) and the result is then cast to a bigger size. The commit refines codes by the following rules: 1). When the expression will not overflow within the rank of "int", remove the explicit type casts: c = a + b; 2). When the expression is possible to overflow the range of unsigned int/ int: c = (UINT64)a + b; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> --- MdePkg/Library/BaseLib/String.c | 4 ++-- MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 12 +++++------- MdePkg/Library/BaseS3PciLib/S3PciLib.c | 4 ++-- MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c | 4 ++-- MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c | 4 ++-- 5 files changed, 13 insertions(+), 15 deletions(-) diff --git a/MdePkg/Library/BaseLib/String.c b/MdePkg/Library/BaseLib/String.c index e84bf50..4151e0e 100644 --- a/MdePkg/Library/BaseLib/String.c +++ b/MdePkg/Library/BaseLib/String.c @@ -586,7 +586,7 @@ InternalHexCharToUintn ( return Char - L'0'; } - return (UINTN) (10 + InternalCharToUpper (Char) - L'A'); + return (10 + InternalCharToUpper (Char) - L'A'); } /** @@ -1211,7 +1211,7 @@ InternalAsciiHexCharToUintn ( return Char - '0'; } - return (UINTN) (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); + return (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); } diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c index 33cad23..8d1daba 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c @@ -15,7 +15,7 @@ PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF header. PeCoffLoaderGetImageInfo() routine will do basic check for whole PE/COFF image. - Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -703,12 +703,10 @@ PeCoffLoaderGetImageInfo ( // DebugDirectoryEntryFileOffset = 0; - SectionHeaderOffset = (UINTN)( - ImageContext->PeCoffHeaderOffset + - sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER) + - Hdr.Pe32->FileHeader.SizeOfOptionalHeader - ); + SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + Hdr.Pe32->FileHeader.SizeOfOptionalHeader; for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { // diff --git a/MdePkg/Library/BaseS3PciLib/S3PciLib.c b/MdePkg/Library/BaseS3PciLib/S3PciLib.c index e29f7fe..27342b0 100644 --- a/MdePkg/Library/BaseS3PciLib/S3PciLib.c +++ b/MdePkg/Library/BaseS3PciLib/S3PciLib.c @@ -3,7 +3,7 @@ the PCI operations to be replayed during an S3 resume. This library class maps directly on top of the PciLib class. - Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions @@ -25,7 +25,7 @@ #include <Library/S3PciLib.h> #define PCILIB_TO_COMMON_ADDRESS(Address) \ - ((UINT64) ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) (Address & 0xfff )))) + ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) (Address & 0xfff ))) /** Saves a PCI configuration value to the boot script. diff --git a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c index 937165a..592cced 100644 --- a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c +++ b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c @@ -12,7 +12,7 @@ allocation for the Reserved memory types are not supported and will always return NULL. - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -343,7 +343,7 @@ InternalAllocateAlignedPages ( Status = gSmst->SmmFreePages (Memory, UnalignedPages); ASSERT_EFI_ERROR (Status); } - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + EFI_PAGES_TO_SIZE (Pages)); + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); UnalignedPages = RealPages - Pages - UnalignedPages; if (UnalignedPages > 0) { // diff --git a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c index 3da5e211..3bd3aef 100644 --- a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c +++ b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c @@ -2,7 +2,7 @@ Support routines for memory allocation routines based on boot services for Dxe phase drivers. - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -216,7 +216,7 @@ InternalAllocateAlignedPages ( Status = gBS->FreePages (Memory, UnalignedPages); ASSERT_EFI_ERROR (Status); } - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + EFI_PAGES_TO_SIZE (Pages)); + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); UnalignedPages = RealPages - Pages - UnalignedPages; if (UnalignedPages > 0) { // -- 1.9.5.msysgit.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] MdePkg: Refine casting expression result to bigger size 2017-01-24 7:25 ` [PATCH v2 1/1] MdePkg: " Hao Wu @ 2017-01-24 9:53 ` Laszlo Ersek 2017-01-25 0:25 ` Wu, Hao A 0 siblings, 1 reply; 7+ messages in thread From: Laszlo Ersek @ 2017-01-24 9:53 UTC (permalink / raw) To: Hao Wu; +Cc: edk2-devel On 01/24/17 08:25, Hao Wu wrote: > There are cases that the operands of an expression are all with rank less > than UINT64/INT64 and the result of the expression is explicitly casted to > UINT64/INT64 to fit the target size. > > An example will be: > UINT32 a,b; > // a and b can be any unsigned int type with rank less than UINT64, like > // UINT8, UINT16, etc. > UINT64 c; > c = (UINT64) (a + b); > > Some static code checkers may warn that the expression result might > overflow within the rank of "int" (integer promotions) and the result is > then cast to a bigger size. > > The commit refines codes by the following rules: > 1). When the expression will not overflow within the rank of "int", remove > the explicit type casts: > c = a + b; > > 2). When the expression is possible to overflow the range of unsigned int/ > int: > c = (UINT64)a + b; > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Hao Wu <hao.a.wu@intel.com> > --- > MdePkg/Library/BaseLib/String.c | 4 ++-- > MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 12 +++++------- > MdePkg/Library/BaseS3PciLib/S3PciLib.c | 4 ++-- > MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c | 4 ++-- > MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c | 4 ++-- > 5 files changed, 13 insertions(+), 15 deletions(-) > > diff --git a/MdePkg/Library/BaseLib/String.c b/MdePkg/Library/BaseLib/String.c > index e84bf50..4151e0e 100644 > --- a/MdePkg/Library/BaseLib/String.c > +++ b/MdePkg/Library/BaseLib/String.c > @@ -586,7 +586,7 @@ InternalHexCharToUintn ( > return Char - L'0'; > } > > - return (UINTN) (10 + InternalCharToUpper (Char) - L'A'); > + return (10 + InternalCharToUpper (Char) - L'A'); > } > > /** > @@ -1211,7 +1211,7 @@ InternalAsciiHexCharToUintn ( > return Char - '0'; > } > > - return (UINTN) (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); > + return (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); > } > > > diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > index 33cad23..8d1daba 100644 > --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > @@ -15,7 +15,7 @@ > PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF header. > PeCoffLoaderGetImageInfo() routine will do basic check for whole PE/COFF image. > > - Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD License > @@ -703,12 +703,10 @@ PeCoffLoaderGetImageInfo ( > // > DebugDirectoryEntryFileOffset = 0; > > - SectionHeaderOffset = (UINTN)( > - ImageContext->PeCoffHeaderOffset + > - sizeof (UINT32) + > - sizeof (EFI_IMAGE_FILE_HEADER) + > - Hdr.Pe32->FileHeader.SizeOfOptionalHeader > - ); > + SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + > + sizeof (UINT32) + > + sizeof (EFI_IMAGE_FILE_HEADER) + > + Hdr.Pe32->FileHeader.SizeOfOptionalHeader; > > for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { > // > diff --git a/MdePkg/Library/BaseS3PciLib/S3PciLib.c b/MdePkg/Library/BaseS3PciLib/S3PciLib.c > index e29f7fe..27342b0 100644 > --- a/MdePkg/Library/BaseS3PciLib/S3PciLib.c > +++ b/MdePkg/Library/BaseS3PciLib/S3PciLib.c > @@ -3,7 +3,7 @@ > the PCI operations to be replayed during an S3 resume. This library class > maps directly on top of the PciLib class. > > - Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > > This program and the accompanying materials > are licensed and made available under the terms and conditions > @@ -25,7 +25,7 @@ > #include <Library/S3PciLib.h> > > #define PCILIB_TO_COMMON_ADDRESS(Address) \ > - ((UINT64) ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) (Address & 0xfff )))) > + ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) (Address & 0xfff ))) > > /** > Saves a PCI configuration value to the boot script. I think this change is potentially unsafe, without auditing all uses of PCILIB_TO_COMMON_ADDRESS(). In a 32-bit build, the type of the result will no longer be UINT64 but UINT32, and that can cause problems in several contexts. For example: - as an operand to the sizeof operator - when it's being relied upon to cause conversion to UINT64, for example another (UINT32) operand could be added to it - when it is passed through a variable argument list It might be safe, but there's no way to tell without auditing all the call sites. So let me see... Apparently this macro is only passed to S3BootScriptSavePciCfgWrite() as second argument, within the same file, and that argument is covered by the function prototype explicitly, with type UINT64. So the change should be safe. (I see the same macro definition and kind of invocation in "QuarkPlatformPkg/Acpi/DxeSmm/AcpiSmm/AcpiSmmPlatform.c"; I didn't try to audit that file.) The rest looks okay too. Reviewed-by: Laszlo Ersek <lersek@redhat.com> (If you go ahead and submit a 30-part series that does this kind of fixup all over the tree, please don't expect me to review it all -- I'm okay reviewing OvmfPkg and ArmVirtPkg changes, but I can't take on the rest. This kind of patch cannot be reviewed without consulting a really wide context.) Thanks Laszlo > diff --git a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > index 937165a..592cced 100644 > --- a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > +++ b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > @@ -12,7 +12,7 @@ > allocation for the Reserved memory types are not supported and will always > return NULL. > > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD License > which accompanies this distribution. The full text of the license may be found at > @@ -343,7 +343,7 @@ InternalAllocateAlignedPages ( > Status = gSmst->SmmFreePages (Memory, UnalignedPages); > ASSERT_EFI_ERROR (Status); > } > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + EFI_PAGES_TO_SIZE (Pages)); > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); > UnalignedPages = RealPages - Pages - UnalignedPages; > if (UnalignedPages > 0) { > // > diff --git a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > index 3da5e211..3bd3aef 100644 > --- a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > +++ b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > @@ -2,7 +2,7 @@ > Support routines for memory allocation routines based > on boot services for Dxe phase drivers. > > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD License > which accompanies this distribution. The full text of the license may be found at > @@ -216,7 +216,7 @@ InternalAllocateAlignedPages ( > Status = gBS->FreePages (Memory, UnalignedPages); > ASSERT_EFI_ERROR (Status); > } > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + EFI_PAGES_TO_SIZE (Pages)); > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); > UnalignedPages = RealPages - Pages - UnalignedPages; > if (UnalignedPages > 0) { > // > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] MdePkg: Refine casting expression result to bigger size 2017-01-24 9:53 ` Laszlo Ersek @ 2017-01-25 0:25 ` Wu, Hao A 2017-01-25 5:57 ` Gao, Liming 0 siblings, 1 reply; 7+ messages in thread From: Wu, Hao A @ 2017-01-25 0:25 UTC (permalink / raw) To: Laszlo Ersek; +Cc: edk2-devel@ml01.01.org > -----Original Message----- > From: Laszlo Ersek [mailto:lersek@redhat.com] > Sent: Tuesday, January 24, 2017 5:54 PM > To: Wu, Hao A > Cc: edk2-devel@ml01.01.org > Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result to > bigger size > > On 01/24/17 08:25, Hao Wu wrote: > > There are cases that the operands of an expression are all with rank less > > than UINT64/INT64 and the result of the expression is explicitly casted to > > UINT64/INT64 to fit the target size. > > > > An example will be: > > UINT32 a,b; > > // a and b can be any unsigned int type with rank less than UINT64, like > > // UINT8, UINT16, etc. > > UINT64 c; > > c = (UINT64) (a + b); > > > > Some static code checkers may warn that the expression result might > > overflow within the rank of "int" (integer promotions) and the result is > > then cast to a bigger size. > > > > The commit refines codes by the following rules: > > 1). When the expression will not overflow within the rank of "int", remove > > the explicit type casts: > > c = a + b; > > > > 2). When the expression is possible to overflow the range of unsigned int/ > > int: > > c = (UINT64)a + b; > > > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Hao Wu <hao.a.wu@intel.com> > > --- > > MdePkg/Library/BaseLib/String.c | 4 ++-- > > MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 12 +++++------- > > MdePkg/Library/BaseS3PciLib/S3PciLib.c | 4 ++-- > > MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c | 4 ++-- > > MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c | 4 ++-- > > 5 files changed, 13 insertions(+), 15 deletions(-) > > > > diff --git a/MdePkg/Library/BaseLib/String.c > b/MdePkg/Library/BaseLib/String.c > > index e84bf50..4151e0e 100644 > > --- a/MdePkg/Library/BaseLib/String.c > > +++ b/MdePkg/Library/BaseLib/String.c > > @@ -586,7 +586,7 @@ InternalHexCharToUintn ( > > return Char - L'0'; > > } > > > > - return (UINTN) (10 + InternalCharToUpper (Char) - L'A'); > > + return (10 + InternalCharToUpper (Char) - L'A'); > > } > > > > /** > > @@ -1211,7 +1211,7 @@ InternalAsciiHexCharToUintn ( > > return Char - '0'; > > } > > > > - return (UINTN) (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); > > + return (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); > > } > > > > > > diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > > index 33cad23..8d1daba 100644 > > --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > > +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > > @@ -15,7 +15,7 @@ > > PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF header. > > PeCoffLoaderGetImageInfo() routine will do basic check for whole PE/COFF > image. > > > > - Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> > > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > > Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> > > This program and the accompanying materials > > are licensed and made available under the terms and conditions of the BSD > License > > @@ -703,12 +703,10 @@ PeCoffLoaderGetImageInfo ( > > // > > DebugDirectoryEntryFileOffset = 0; > > > > - SectionHeaderOffset = (UINTN)( > > - ImageContext->PeCoffHeaderOffset + > > - sizeof (UINT32) + > > - sizeof (EFI_IMAGE_FILE_HEADER) + > > - Hdr.Pe32->FileHeader.SizeOfOptionalHeader > > - ); > > + SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + > > + sizeof (UINT32) + > > + sizeof (EFI_IMAGE_FILE_HEADER) + > > + Hdr.Pe32->FileHeader.SizeOfOptionalHeader; > > > > for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) > { > > // > > diff --git a/MdePkg/Library/BaseS3PciLib/S3PciLib.c > b/MdePkg/Library/BaseS3PciLib/S3PciLib.c > > index e29f7fe..27342b0 100644 > > --- a/MdePkg/Library/BaseS3PciLib/S3PciLib.c > > +++ b/MdePkg/Library/BaseS3PciLib/S3PciLib.c > > @@ -3,7 +3,7 @@ > > the PCI operations to be replayed during an S3 resume. This library class > > maps directly on top of the PciLib class. > > > > - Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> > > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > > > > This program and the accompanying materials > > are licensed and made available under the terms and conditions > > @@ -25,7 +25,7 @@ > > #include <Library/S3PciLib.h> > > > > #define PCILIB_TO_COMMON_ADDRESS(Address) \ > > - ((UINT64) ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) > ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + > ((UINTN) (Address & 0xfff )))) > > + ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) ((Address>>15) & > 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) (Address & > 0xfff ))) > > > > /** > > Saves a PCI configuration value to the boot script. > > I think this change is potentially unsafe, without auditing all uses of > PCILIB_TO_COMMON_ADDRESS(). In a 32-bit build, the type of the result > will no longer be UINT64 but UINT32, and that can cause problems in > several contexts. For example: > > - as an operand to the sizeof operator > - when it's being relied upon to cause conversion to UINT64, for example > another (UINT32) operand could be added to it > - when it is passed through a variable argument list > > It might be safe, but there's no way to tell without auditing all the > call sites. So let me see... > > Apparently this macro is only passed to S3BootScriptSavePciCfgWrite() as > second argument, within the same file, and that argument is covered by > the function prototype explicitly, with type UINT64. So the change > should be safe. > Thanks for the checking. I did search the whole edk2 repository for the reference of "PCILIB_TO_COMMON_ADDRESS" and it is only comsumed by the function you mentioned. > (I see the same macro definition and kind of invocation in > "QuarkPlatformPkg/Acpi/DxeSmm/AcpiSmm/AcpiSmmPlatform.c"; I didn't try > to audit that file.) > > The rest looks okay too. > > Reviewed-by: Laszlo Ersek <lersek@redhat.com> > Many thanks for the feedbacks and the effort for reviewing the patch. > (If you go ahead and submit a 30-part series that does this kind of > fixup all over the tree, please don't expect me to review it all -- I'm > okay reviewing OvmfPkg and ArmVirtPkg changes, but I can't take on the > rest. This kind of patch cannot be reviewed without consulting a really > wide context.) > I am thinking if the package level patch contains too many changes, I might break it into multiple module-level patches and include module owners/experts to help reviewing them. Best Regards, Hao Wu > Thanks > Laszlo > > > > diff --git > a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > > index 937165a..592cced 100644 > > --- a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > > +++ b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > > @@ -12,7 +12,7 @@ > > allocation for the Reserved memory types are not supported and will > always > > return NULL. > > > > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > > This program and the accompanying materials > > are licensed and made available under the terms and conditions of the BSD > License > > which accompanies this distribution. The full text of the license may be > found at > > @@ -343,7 +343,7 @@ InternalAllocateAlignedPages ( > > Status = gSmst->SmmFreePages (Memory, UnalignedPages); > > ASSERT_EFI_ERROR (Status); > > } > > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + > EFI_PAGES_TO_SIZE (Pages)); > > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); > > UnalignedPages = RealPages - Pages - UnalignedPages; > > if (UnalignedPages > 0) { > > // > > diff --git a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > > index 3da5e211..3bd3aef 100644 > > --- a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > > +++ b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > > @@ -2,7 +2,7 @@ > > Support routines for memory allocation routines based > > on boot services for Dxe phase drivers. > > > > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > > This program and the accompanying materials > > are licensed and made available under the terms and conditions of the BSD > License > > which accompanies this distribution. The full text of the license may be > found at > > @@ -216,7 +216,7 @@ InternalAllocateAlignedPages ( > > Status = gBS->FreePages (Memory, UnalignedPages); > > ASSERT_EFI_ERROR (Status); > > } > > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + > EFI_PAGES_TO_SIZE (Pages)); > > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); > > UnalignedPages = RealPages - Pages - UnalignedPages; > > if (UnalignedPages > 0) { > > // > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] MdePkg: Refine casting expression result to bigger size 2017-01-25 0:25 ` Wu, Hao A @ 2017-01-25 5:57 ` Gao, Liming 2017-01-25 6:16 ` Wu, Hao A 0 siblings, 1 reply; 7+ messages in thread From: Gao, Liming @ 2017-01-25 5:57 UTC (permalink / raw) To: Wu, Hao A, Laszlo Ersek; +Cc: edk2-devel@ml01.01.org Hao: For PCILIB_TO_COMMON_ADDRESS, we can't assume its usage in the consumer code. There may be some usage in other projects. So, I suggest to provide the safe fix. Thanks Liming >-----Original Message----- >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Wu, >Hao A >Sent: Wednesday, January 25, 2017 8:26 AM >To: Laszlo Ersek <lersek@redhat.com> >Cc: edk2-devel@ml01.01.org >Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result >to bigger size > >> -----Original Message----- >> From: Laszlo Ersek [mailto:lersek@redhat.com] >> Sent: Tuesday, January 24, 2017 5:54 PM >> To: Wu, Hao A >> Cc: edk2-devel@ml01.01.org >> Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result >to >> bigger size >> >> On 01/24/17 08:25, Hao Wu wrote: >> > There are cases that the operands of an expression are all with rank less >> > than UINT64/INT64 and the result of the expression is explicitly casted to >> > UINT64/INT64 to fit the target size. >> > >> > An example will be: >> > UINT32 a,b; >> > // a and b can be any unsigned int type with rank less than UINT64, like >> > // UINT8, UINT16, etc. >> > UINT64 c; >> > c = (UINT64) (a + b); >> > >> > Some static code checkers may warn that the expression result might >> > overflow within the rank of "int" (integer promotions) and the result is >> > then cast to a bigger size. >> > >> > The commit refines codes by the following rules: >> > 1). When the expression will not overflow within the rank of "int", remove >> > the explicit type casts: >> > c = a + b; >> > >> > 2). When the expression is possible to overflow the range of unsigned int/ >> > int: >> > c = (UINT64)a + b; >> > >> > Contributed-under: TianoCore Contribution Agreement 1.0 >> > Signed-off-by: Hao Wu <hao.a.wu@intel.com> >> > --- >> > MdePkg/Library/BaseLib/String.c | 4 ++-- >> > MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 12 +++++------- >> > MdePkg/Library/BaseS3PciLib/S3PciLib.c | 4 ++-- >> > MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c | 4 >++-- >> > MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c | 4 >++-- >> > 5 files changed, 13 insertions(+), 15 deletions(-) >> > >> > diff --git a/MdePkg/Library/BaseLib/String.c >> b/MdePkg/Library/BaseLib/String.c >> > index e84bf50..4151e0e 100644 >> > --- a/MdePkg/Library/BaseLib/String.c >> > +++ b/MdePkg/Library/BaseLib/String.c >> > @@ -586,7 +586,7 @@ InternalHexCharToUintn ( >> > return Char - L'0'; >> > } >> > >> > - return (UINTN) (10 + InternalCharToUpper (Char) - L'A'); >> > + return (10 + InternalCharToUpper (Char) - L'A'); >> > } >> > >> > /** >> > @@ -1211,7 +1211,7 @@ InternalAsciiHexCharToUintn ( >> > return Char - '0'; >> > } >> > >> > - return (UINTN) (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); >> > + return (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); >> > } >> > >> > >> > diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> > index 33cad23..8d1daba 100644 >> > --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> > +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> > @@ -15,7 +15,7 @@ >> > PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF >header. >> > PeCoffLoaderGetImageInfo() routine will do basic check for whole >PE/COFF >> image. >> > >> > - Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> >> > Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> >> > This program and the accompanying materials >> > are licensed and made available under the terms and conditions of the >BSD >> License >> > @@ -703,12 +703,10 @@ PeCoffLoaderGetImageInfo ( >> > // >> > DebugDirectoryEntryFileOffset = 0; >> > >> > - SectionHeaderOffset = (UINTN)( >> > - ImageContext->PeCoffHeaderOffset + >> > - sizeof (UINT32) + >> > - sizeof (EFI_IMAGE_FILE_HEADER) + >> > - Hdr.Pe32->FileHeader.SizeOfOptionalHeader >> > - ); >> > + SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + >> > + sizeof (UINT32) + >> > + sizeof (EFI_IMAGE_FILE_HEADER) + >> > + Hdr.Pe32->FileHeader.SizeOfOptionalHeader; >> > >> > for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; >Index++) >> { >> > // >> > diff --git a/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> b/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> > index e29f7fe..27342b0 100644 >> > --- a/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> > +++ b/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> > @@ -3,7 +3,7 @@ >> > the PCI operations to be replayed during an S3 resume. This library class >> > maps directly on top of the PciLib class. >> > >> > - Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> >> > >> > This program and the accompanying materials >> > are licensed and made available under the terms and conditions >> > @@ -25,7 +25,7 @@ >> > #include <Library/S3PciLib.h> >> > >> > #define PCILIB_TO_COMMON_ADDRESS(Address) \ >> > - ((UINT64) ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) >> ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + >> ((UINTN) (Address & 0xfff )))) >> > + ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) >((Address>>15) & >> 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) >(Address & >> 0xfff ))) >> > >> > /** >> > Saves a PCI configuration value to the boot script. >> >> I think this change is potentially unsafe, without auditing all uses of >> PCILIB_TO_COMMON_ADDRESS(). In a 32-bit build, the type of the result >> will no longer be UINT64 but UINT32, and that can cause problems in >> several contexts. For example: >> >> - as an operand to the sizeof operator >> - when it's being relied upon to cause conversion to UINT64, for example >> another (UINT32) operand could be added to it >> - when it is passed through a variable argument list >> >> It might be safe, but there's no way to tell without auditing all the >> call sites. So let me see... >> >> Apparently this macro is only passed to S3BootScriptSavePciCfgWrite() as >> second argument, within the same file, and that argument is covered by >> the function prototype explicitly, with type UINT64. So the change >> should be safe. >> > >Thanks for the checking. I did search the whole edk2 repository for the >reference of "PCILIB_TO_COMMON_ADDRESS" and it is only comsumed by >the >function you mentioned. > >> (I see the same macro definition and kind of invocation in >> "QuarkPlatformPkg/Acpi/DxeSmm/AcpiSmm/AcpiSmmPlatform.c"; I didn't >try >> to audit that file.) >> >> The rest looks okay too. >> >> Reviewed-by: Laszlo Ersek <lersek@redhat.com> >> > >Many thanks for the feedbacks and the effort for reviewing the patch. > >> (If you go ahead and submit a 30-part series that does this kind of >> fixup all over the tree, please don't expect me to review it all -- I'm >> okay reviewing OvmfPkg and ArmVirtPkg changes, but I can't take on the >> rest. This kind of patch cannot be reviewed without consulting a really >> wide context.) >> > >I am thinking if the package level patch contains too many changes, I >might break it into multiple module-level patches and include module >owners/experts to help reviewing them. > >Best Regards, >Hao Wu > >> Thanks >> Laszlo >> >> >> > diff --git >> a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> > index 937165a..592cced 100644 >> > --- a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> > +++ b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> > @@ -12,7 +12,7 @@ >> > allocation for the Reserved memory types are not supported and will >> always >> > return NULL. >> > >> > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> >> > This program and the accompanying materials >> > are licensed and made available under the terms and conditions of the >BSD >> License >> > which accompanies this distribution. The full text of the license may be >> found at >> > @@ -343,7 +343,7 @@ InternalAllocateAlignedPages ( >> > Status = gSmst->SmmFreePages (Memory, UnalignedPages); >> > ASSERT_EFI_ERROR (Status); >> > } >> > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + >> EFI_PAGES_TO_SIZE (Pages)); >> > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); >> > UnalignedPages = RealPages - Pages - UnalignedPages; >> > if (UnalignedPages > 0) { >> > // >> > diff --git >a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> > index 3da5e211..3bd3aef 100644 >> > --- a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> > +++ b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> > @@ -2,7 +2,7 @@ >> > Support routines for memory allocation routines based >> > on boot services for Dxe phase drivers. >> > >> > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> >> > This program and the accompanying materials >> > are licensed and made available under the terms and conditions of the >BSD >> License >> > which accompanies this distribution. The full text of the license may be >> found at >> > @@ -216,7 +216,7 @@ InternalAllocateAlignedPages ( >> > Status = gBS->FreePages (Memory, UnalignedPages); >> > ASSERT_EFI_ERROR (Status); >> > } >> > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + >> EFI_PAGES_TO_SIZE (Pages)); >> > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); >> > UnalignedPages = RealPages - Pages - UnalignedPages; >> > if (UnalignedPages > 0) { >> > // >> > > >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.01.org >https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] MdePkg: Refine casting expression result to bigger size 2017-01-25 5:57 ` Gao, Liming @ 2017-01-25 6:16 ` Wu, Hao A 2017-01-25 6:19 ` Gao, Liming 0 siblings, 1 reply; 7+ messages in thread From: Wu, Hao A @ 2017-01-25 6:16 UTC (permalink / raw) To: Gao, Liming; +Cc: edk2-devel@ml01.01.org > -----Original Message----- > From: Gao, Liming > Sent: Wednesday, January 25, 2017 1:58 PM > To: Wu, Hao A; Laszlo Ersek > Cc: edk2-devel@ml01.01.org > Subject: RE: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result to > bigger size > > Hao: > For PCILIB_TO_COMMON_ADDRESS, we can't assume its usage in the > consumer code. There may be some usage in other projects. So, I suggest to > provide the safe fix. > Hi Liming, The definition "PCILIB_TO_COMMON_ADDRESS" is defined in MdePkg/Library/BaseS3PciLib/S3PciLib.c. It will not be consumed outside. Best Regards, Hao Wu > Thanks > Liming > >-----Original Message----- > >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Wu, > >Hao A > >Sent: Wednesday, January 25, 2017 8:26 AM > >To: Laszlo Ersek <lersek@redhat.com> > >Cc: edk2-devel@ml01.01.org > >Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result > >to bigger size > > > >> -----Original Message----- > >> From: Laszlo Ersek [mailto:lersek@redhat.com] > >> Sent: Tuesday, January 24, 2017 5:54 PM > >> To: Wu, Hao A > >> Cc: edk2-devel@ml01.01.org > >> Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result > >to > >> bigger size > >> > >> On 01/24/17 08:25, Hao Wu wrote: > >> > There are cases that the operands of an expression are all with rank less > >> > than UINT64/INT64 and the result of the expression is explicitly casted to > >> > UINT64/INT64 to fit the target size. > >> > > >> > An example will be: > >> > UINT32 a,b; > >> > // a and b can be any unsigned int type with rank less than UINT64, like > >> > // UINT8, UINT16, etc. > >> > UINT64 c; > >> > c = (UINT64) (a + b); > >> > > >> > Some static code checkers may warn that the expression result might > >> > overflow within the rank of "int" (integer promotions) and the result is > >> > then cast to a bigger size. > >> > > >> > The commit refines codes by the following rules: > >> > 1). When the expression will not overflow within the rank of "int", remove > >> > the explicit type casts: > >> > c = a + b; > >> > > >> > 2). When the expression is possible to overflow the range of unsigned int/ > >> > int: > >> > c = (UINT64)a + b; > >> > > >> > Contributed-under: TianoCore Contribution Agreement 1.0 > >> > Signed-off-by: Hao Wu <hao.a.wu@intel.com> > >> > --- > >> > MdePkg/Library/BaseLib/String.c | 4 ++-- > >> > MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 12 +++++------- > >> > MdePkg/Library/BaseS3PciLib/S3PciLib.c | 4 ++-- > >> > MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c | 4 > >++-- > >> > MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c | 4 > >++-- > >> > 5 files changed, 13 insertions(+), 15 deletions(-) > >> > > >> > diff --git a/MdePkg/Library/BaseLib/String.c > >> b/MdePkg/Library/BaseLib/String.c > >> > index e84bf50..4151e0e 100644 > >> > --- a/MdePkg/Library/BaseLib/String.c > >> > +++ b/MdePkg/Library/BaseLib/String.c > >> > @@ -586,7 +586,7 @@ InternalHexCharToUintn ( > >> > return Char - L'0'; > >> > } > >> > > >> > - return (UINTN) (10 + InternalCharToUpper (Char) - L'A'); > >> > + return (10 + InternalCharToUpper (Char) - L'A'); > >> > } > >> > > >> > /** > >> > @@ -1211,7 +1211,7 @@ InternalAsciiHexCharToUintn ( > >> > return Char - '0'; > >> > } > >> > > >> > - return (UINTN) (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); > >> > + return (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); > >> > } > >> > > >> > > >> > diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > >> b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > >> > index 33cad23..8d1daba 100644 > >> > --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > >> > +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > >> > @@ -15,7 +15,7 @@ > >> > PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF > >header. > >> > PeCoffLoaderGetImageInfo() routine will do basic check for whole > >PE/COFF > >> image. > >> > > >> > - Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> > >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > >> > Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> > >> > This program and the accompanying materials > >> > are licensed and made available under the terms and conditions of the > >BSD > >> License > >> > @@ -703,12 +703,10 @@ PeCoffLoaderGetImageInfo ( > >> > // > >> > DebugDirectoryEntryFileOffset = 0; > >> > > >> > - SectionHeaderOffset = (UINTN)( > >> > - ImageContext->PeCoffHeaderOffset + > >> > - sizeof (UINT32) + > >> > - sizeof (EFI_IMAGE_FILE_HEADER) + > >> > - Hdr.Pe32->FileHeader.SizeOfOptionalHeader > >> > - ); > >> > + SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + > >> > + sizeof (UINT32) + > >> > + sizeof (EFI_IMAGE_FILE_HEADER) + > >> > + Hdr.Pe32->FileHeader.SizeOfOptionalHeader; > >> > > >> > for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; > >Index++) > >> { > >> > // > >> > diff --git a/MdePkg/Library/BaseS3PciLib/S3PciLib.c > >> b/MdePkg/Library/BaseS3PciLib/S3PciLib.c > >> > index e29f7fe..27342b0 100644 > >> > --- a/MdePkg/Library/BaseS3PciLib/S3PciLib.c > >> > +++ b/MdePkg/Library/BaseS3PciLib/S3PciLib.c > >> > @@ -3,7 +3,7 @@ > >> > the PCI operations to be replayed during an S3 resume. This library class > >> > maps directly on top of the PciLib class. > >> > > >> > - Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> > >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > >> > > >> > This program and the accompanying materials > >> > are licensed and made available under the terms and conditions > >> > @@ -25,7 +25,7 @@ > >> > #include <Library/S3PciLib.h> > >> > > >> > #define PCILIB_TO_COMMON_ADDRESS(Address) \ > >> > - ((UINT64) ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) > >> ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + > >> ((UINTN) (Address & 0xfff )))) > >> > + ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) > >((Address>>15) & > >> 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) > >(Address & > >> 0xfff ))) > >> > > >> > /** > >> > Saves a PCI configuration value to the boot script. > >> > >> I think this change is potentially unsafe, without auditing all uses of > >> PCILIB_TO_COMMON_ADDRESS(). In a 32-bit build, the type of the result > >> will no longer be UINT64 but UINT32, and that can cause problems in > >> several contexts. For example: > >> > >> - as an operand to the sizeof operator > >> - when it's being relied upon to cause conversion to UINT64, for example > >> another (UINT32) operand could be added to it > >> - when it is passed through a variable argument list > >> > >> It might be safe, but there's no way to tell without auditing all the > >> call sites. So let me see... > >> > >> Apparently this macro is only passed to S3BootScriptSavePciCfgWrite() as > >> second argument, within the same file, and that argument is covered by > >> the function prototype explicitly, with type UINT64. So the change > >> should be safe. > >> > > > >Thanks for the checking. I did search the whole edk2 repository for the > >reference of "PCILIB_TO_COMMON_ADDRESS" and it is only comsumed by > >the > >function you mentioned. > > > >> (I see the same macro definition and kind of invocation in > >> "QuarkPlatformPkg/Acpi/DxeSmm/AcpiSmm/AcpiSmmPlatform.c"; I didn't > >try > >> to audit that file.) > >> > >> The rest looks okay too. > >> > >> Reviewed-by: Laszlo Ersek <lersek@redhat.com> > >> > > > >Many thanks for the feedbacks and the effort for reviewing the patch. > > > >> (If you go ahead and submit a 30-part series that does this kind of > >> fixup all over the tree, please don't expect me to review it all -- I'm > >> okay reviewing OvmfPkg and ArmVirtPkg changes, but I can't take on the > >> rest. This kind of patch cannot be reviewed without consulting a really > >> wide context.) > >> > > > >I am thinking if the package level patch contains too many changes, I > >might break it into multiple module-level patches and include module > >owners/experts to help reviewing them. > > > >Best Regards, > >Hao Wu > > > >> Thanks > >> Laszlo > >> > >> > >> > diff --git > >> a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > >> b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > >> > index 937165a..592cced 100644 > >> > --- a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > >> > +++ b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c > >> > @@ -12,7 +12,7 @@ > >> > allocation for the Reserved memory types are not supported and will > >> always > >> > return NULL. > >> > > >> > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > >> > This program and the accompanying materials > >> > are licensed and made available under the terms and conditions of the > >BSD > >> License > >> > which accompanies this distribution. The full text of the license may be > >> found at > >> > @@ -343,7 +343,7 @@ InternalAllocateAlignedPages ( > >> > Status = gSmst->SmmFreePages (Memory, UnalignedPages); > >> > ASSERT_EFI_ERROR (Status); > >> > } > >> > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + > >> EFI_PAGES_TO_SIZE (Pages)); > >> > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); > >> > UnalignedPages = RealPages - Pages - UnalignedPages; > >> > if (UnalignedPages > 0) { > >> > // > >> > diff --git > >a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > >> b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > >> > index 3da5e211..3bd3aef 100644 > >> > --- a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > >> > +++ b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c > >> > @@ -2,7 +2,7 @@ > >> > Support routines for memory allocation routines based > >> > on boot services for Dxe phase drivers. > >> > > >> > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> > >> > This program and the accompanying materials > >> > are licensed and made available under the terms and conditions of the > >BSD > >> License > >> > which accompanies this distribution. The full text of the license may be > >> found at > >> > @@ -216,7 +216,7 @@ InternalAllocateAlignedPages ( > >> > Status = gBS->FreePages (Memory, UnalignedPages); > >> > ASSERT_EFI_ERROR (Status); > >> > } > >> > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + > >> EFI_PAGES_TO_SIZE (Pages)); > >> > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); > >> > UnalignedPages = RealPages - Pages - UnalignedPages; > >> > if (UnalignedPages > 0) { > >> > // > >> > > > > >_______________________________________________ > >edk2-devel mailing list > >edk2-devel@lists.01.org > >https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/1] MdePkg: Refine casting expression result to bigger size 2017-01-25 6:16 ` Wu, Hao A @ 2017-01-25 6:19 ` Gao, Liming 0 siblings, 0 replies; 7+ messages in thread From: Gao, Liming @ 2017-01-25 6:19 UTC (permalink / raw) To: Wu, Hao A; +Cc: edk2-devel@ml01.01.org Got it. Thanks for your clarification. >-----Original Message----- >From: Wu, Hao A >Sent: Wednesday, January 25, 2017 2:17 PM >To: Gao, Liming <liming.gao@intel.com> >Cc: edk2-devel@ml01.01.org >Subject: RE: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result >to bigger size > >> -----Original Message----- >> From: Gao, Liming >> Sent: Wednesday, January 25, 2017 1:58 PM >> To: Wu, Hao A; Laszlo Ersek >> Cc: edk2-devel@ml01.01.org >> Subject: RE: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression result >to >> bigger size >> >> Hao: >> For PCILIB_TO_COMMON_ADDRESS, we can't assume its usage in the >> consumer code. There may be some usage in other projects. So, I suggest to >> provide the safe fix. >> > >Hi Liming, > >The definition "PCILIB_TO_COMMON_ADDRESS" is defined in >MdePkg/Library/BaseS3PciLib/S3PciLib.c. It will not be consumed outside. > >Best Regards, >Hao Wu > >> Thanks >> Liming >> >-----Original Message----- >> >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >Wu, >> >Hao A >> >Sent: Wednesday, January 25, 2017 8:26 AM >> >To: Laszlo Ersek <lersek@redhat.com> >> >Cc: edk2-devel@ml01.01.org >> >Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression >result >> >to bigger size >> > >> >> -----Original Message----- >> >> From: Laszlo Ersek [mailto:lersek@redhat.com] >> >> Sent: Tuesday, January 24, 2017 5:54 PM >> >> To: Wu, Hao A >> >> Cc: edk2-devel@ml01.01.org >> >> Subject: Re: [edk2] [PATCH v2 1/1] MdePkg: Refine casting expression >result >> >to >> >> bigger size >> >> >> >> On 01/24/17 08:25, Hao Wu wrote: >> >> > There are cases that the operands of an expression are all with rank >less >> >> > than UINT64/INT64 and the result of the expression is explicitly casted >to >> >> > UINT64/INT64 to fit the target size. >> >> > >> >> > An example will be: >> >> > UINT32 a,b; >> >> > // a and b can be any unsigned int type with rank less than UINT64, like >> >> > // UINT8, UINT16, etc. >> >> > UINT64 c; >> >> > c = (UINT64) (a + b); >> >> > >> >> > Some static code checkers may warn that the expression result might >> >> > overflow within the rank of "int" (integer promotions) and the result is >> >> > then cast to a bigger size. >> >> > >> >> > The commit refines codes by the following rules: >> >> > 1). When the expression will not overflow within the rank of "int", >remove >> >> > the explicit type casts: >> >> > c = a + b; >> >> > >> >> > 2). When the expression is possible to overflow the range of unsigned >int/ >> >> > int: >> >> > c = (UINT64)a + b; >> >> > >> >> > Contributed-under: TianoCore Contribution Agreement 1.0 >> >> > Signed-off-by: Hao Wu <hao.a.wu@intel.com> >> >> > --- >> >> > MdePkg/Library/BaseLib/String.c | 4 ++-- >> >> > MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 12 +++++----- >-- >> >> > MdePkg/Library/BaseS3PciLib/S3PciLib.c | 4 ++-- >> >> > MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c | >4 >> >++-- >> >> > MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c | 4 >> >++-- >> >> > 5 files changed, 13 insertions(+), 15 deletions(-) >> >> > >> >> > diff --git a/MdePkg/Library/BaseLib/String.c >> >> b/MdePkg/Library/BaseLib/String.c >> >> > index e84bf50..4151e0e 100644 >> >> > --- a/MdePkg/Library/BaseLib/String.c >> >> > +++ b/MdePkg/Library/BaseLib/String.c >> >> > @@ -586,7 +586,7 @@ InternalHexCharToUintn ( >> >> > return Char - L'0'; >> >> > } >> >> > >> >> > - return (UINTN) (10 + InternalCharToUpper (Char) - L'A'); >> >> > + return (10 + InternalCharToUpper (Char) - L'A'); >> >> > } >> >> > >> >> > /** >> >> > @@ -1211,7 +1211,7 @@ InternalAsciiHexCharToUintn ( >> >> > return Char - '0'; >> >> > } >> >> > >> >> > - return (UINTN) (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); >> >> > + return (10 + InternalBaseLibAsciiToUpper (Char) - 'A'); >> >> > } >> >> > >> >> > >> >> > diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> >> b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> >> > index 33cad23..8d1daba 100644 >> >> > --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> >> > +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c >> >> > @@ -15,7 +15,7 @@ >> >> > PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF >> >header. >> >> > PeCoffLoaderGetImageInfo() routine will do basic check for whole >> >PE/COFF >> >> image. >> >> > >> >> > - Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> >> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> >> >> > Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> >> >> > This program and the accompanying materials >> >> > are licensed and made available under the terms and conditions of >the >> >BSD >> >> License >> >> > @@ -703,12 +703,10 @@ PeCoffLoaderGetImageInfo ( >> >> > // >> >> > DebugDirectoryEntryFileOffset = 0; >> >> > >> >> > - SectionHeaderOffset = (UINTN)( >> >> > - ImageContext->PeCoffHeaderOffset + >> >> > - sizeof (UINT32) + >> >> > - sizeof (EFI_IMAGE_FILE_HEADER) + >> >> > - Hdr.Pe32->FileHeader.SizeOfOptionalHeader >> >> > - ); >> >> > + SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + >> >> > + sizeof (UINT32) + >> >> > + sizeof (EFI_IMAGE_FILE_HEADER) + >> >> > + Hdr.Pe32->FileHeader.SizeOfOptionalHeader; >> >> > >> >> > for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; >> >Index++) >> >> { >> >> > // >> >> > diff --git a/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> >> b/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> >> > index e29f7fe..27342b0 100644 >> >> > --- a/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> >> > +++ b/MdePkg/Library/BaseS3PciLib/S3PciLib.c >> >> > @@ -3,7 +3,7 @@ >> >> > the PCI operations to be replayed during an S3 resume. This library >class >> >> > maps directly on top of the PciLib class. >> >> > >> >> > - Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> >> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> >> >> > >> >> > This program and the accompanying materials >> >> > are licensed and made available under the terms and conditions >> >> > @@ -25,7 +25,7 @@ >> >> > #include <Library/S3PciLib.h> >> >> > >> >> > #define PCILIB_TO_COMMON_ADDRESS(Address) \ >> >> > - ((UINT64) ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) >> >> ((Address>>15) & 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) >+ >> >> ((UINTN) (Address & 0xfff )))) >> >> > + ((((UINTN) ((Address>>20) & 0xff)) << 24) + (((UINTN) >> >((Address>>15) & >> >> 0x1f)) << 16) + (((UINTN) ((Address>>12) & 0x07)) << 8) + ((UINTN) >> >(Address & >> >> 0xfff ))) >> >> > >> >> > /** >> >> > Saves a PCI configuration value to the boot script. >> >> >> >> I think this change is potentially unsafe, without auditing all uses of >> >> PCILIB_TO_COMMON_ADDRESS(). In a 32-bit build, the type of the result >> >> will no longer be UINT64 but UINT32, and that can cause problems in >> >> several contexts. For example: >> >> >> >> - as an operand to the sizeof operator >> >> - when it's being relied upon to cause conversion to UINT64, for example >> >> another (UINT32) operand could be added to it >> >> - when it is passed through a variable argument list >> >> >> >> It might be safe, but there's no way to tell without auditing all the >> >> call sites. So let me see... >> >> >> >> Apparently this macro is only passed to S3BootScriptSavePciCfgWrite() as >> >> second argument, within the same file, and that argument is covered by >> >> the function prototype explicitly, with type UINT64. So the change >> >> should be safe. >> >> >> > >> >Thanks for the checking. I did search the whole edk2 repository for the >> >reference of "PCILIB_TO_COMMON_ADDRESS" and it is only comsumed >by >> >the >> >function you mentioned. >> > >> >> (I see the same macro definition and kind of invocation in >> >> "QuarkPlatformPkg/Acpi/DxeSmm/AcpiSmm/AcpiSmmPlatform.c"; I >didn't >> >try >> >> to audit that file.) >> >> >> >> The rest looks okay too. >> >> >> >> Reviewed-by: Laszlo Ersek <lersek@redhat.com> >> >> >> > >> >Many thanks for the feedbacks and the effort for reviewing the patch. >> > >> >> (If you go ahead and submit a 30-part series that does this kind of >> >> fixup all over the tree, please don't expect me to review it all -- I'm >> >> okay reviewing OvmfPkg and ArmVirtPkg changes, but I can't take on the >> >> rest. This kind of patch cannot be reviewed without consulting a really >> >> wide context.) >> >> >> > >> >I am thinking if the package level patch contains too many changes, I >> >might break it into multiple module-level patches and include module >> >owners/experts to help reviewing them. >> > >> >Best Regards, >> >Hao Wu >> > >> >> Thanks >> >> Laszlo >> >> >> >> >> >> > diff --git >> >> a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> >> b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> >> > index 937165a..592cced 100644 >> >> > --- >a/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> >> > +++ >b/MdePkg/Library/SmmMemoryAllocationLib/MemoryAllocationLib.c >> >> > @@ -12,7 +12,7 @@ >> >> > allocation for the Reserved memory types are not supported and will >> >> always >> >> > return NULL. >> >> > >> >> > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> >> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> >> >> > This program and the accompanying materials >> >> > are licensed and made available under the terms and conditions of >the >> >BSD >> >> License >> >> > which accompanies this distribution. The full text of the license may >be >> >> found at >> >> > @@ -343,7 +343,7 @@ InternalAllocateAlignedPages ( >> >> > Status = gSmst->SmmFreePages (Memory, UnalignedPages); >> >> > ASSERT_EFI_ERROR (Status); >> >> > } >> >> > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + >> >> EFI_PAGES_TO_SIZE (Pages)); >> >> > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); >> >> > UnalignedPages = RealPages - Pages - UnalignedPages; >> >> > if (UnalignedPages > 0) { >> >> > // >> >> > diff --git >> >a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> >> b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> >> > index 3da5e211..3bd3aef 100644 >> >> > --- >a/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> >> > +++ >b/MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c >> >> > @@ -2,7 +2,7 @@ >> >> > Support routines for memory allocation routines based >> >> > on boot services for Dxe phase drivers. >> >> > >> >> > - Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> >> >> > + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> >> >> > This program and the accompanying materials >> >> > are licensed and made available under the terms and conditions of >the >> >BSD >> >> License >> >> > which accompanies this distribution. The full text of the license may >be >> >> found at >> >> > @@ -216,7 +216,7 @@ InternalAllocateAlignedPages ( >> >> > Status = gBS->FreePages (Memory, UnalignedPages); >> >> > ASSERT_EFI_ERROR (Status); >> >> > } >> >> > - Memory = (EFI_PHYSICAL_ADDRESS) (AlignedMemory + >> >> EFI_PAGES_TO_SIZE (Pages)); >> >> > + Memory = AlignedMemory + EFI_PAGES_TO_SIZE (Pages); >> >> > UnalignedPages = RealPages - Pages - UnalignedPages; >> >> > if (UnalignedPages > 0) { >> >> > // >> >> > >> > >> >_______________________________________________ >> >edk2-devel mailing list >> >edk2-devel@lists.01.org >> >https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-01-25 6:19 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-01-24 7:25 [PATCH v2 0/1] Refine casting expression result to bigger size Hao Wu 2017-01-24 7:25 ` [PATCH v2 1/1] MdePkg: " Hao Wu 2017-01-24 9:53 ` Laszlo Ersek 2017-01-25 0:25 ` Wu, Hao A 2017-01-25 5:57 ` Gao, Liming 2017-01-25 6:16 ` Wu, Hao A 2017-01-25 6:19 ` Gao, Liming
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox