From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, sean.brogan@microsoft.com,
Liran Alon <liran.alon@oracle.com>
Subject: Re: [edk2-devel] [PATCH] OvmfPkg/PvScsiDxe: Fix VS2019 build error because of implicit cast
Date: Tue, 31 Mar 2020 23:56:51 +0200 [thread overview]
Message-ID: <4b90b41a-2cf1-8b6e-6619-1c652820265e@redhat.com> (raw)
In-Reply-To: <22866.1585670000047029434@groups.io>
On 03/31/20 17:53, Sean via Groups.Io wrote:
> A couple of thoughts.
> 1. I would suggest that ASSERT should not be the only protection for an invalid operation as ASSERT is usually disabled on release builds.
> 2. We do have a library to make this more explicit and common. https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Library/SafeIntLib.h#L548
In this case, when "Response->ScsiStatus" does not fit in
"Packet->TargetStatus", the device model is obviously (and blatantly)
misbehaving, so I would agree with Liran that trying to recover from
that (or to cover it up with a nice error code passed out) is futile.
I do agree with the observation however that ASSERT()s disappear from
RELEASE builds.
Mike Kinney taught me a pattern to deal with this. There are various
ways to write it; one example (for this case) is:
ASSERT (Response->ScsiStatus <= MAX_UINT8);
if (Response->ScsiStatus > MAX_UINT8) {
CpuDeadLoop ();
}
Packet->TargetStatus = (UINT8)Response->ScsiStatus;
An alternative way to write it is (by moving the ASSERT into the block):
if (Response->ScsiStatus > MAX_UINT8) {
ASSERT (Response->ScsiStatus <= MAX_UINT8);
CpuDeadLoop ();
}
Packet->TargetStatus = (UINT8)Response->ScsiStatus;
Yet another (simply assert FALSE in the block):
if (Response->ScsiStatus > MAX_UINT8) {
ASSERT (FALSE);
CpuDeadLoop ();
}
Packet->TargetStatus = (UINT8)Response->ScsiStatus;
Why:
- in DEBUG builds, the assertion failure will be logged, and the proper
assertion failure action will be triggered (CpuDeadLoop / exception /
..., as configured by the platform)
- in RELEASE builds, we'll still hang, and might have a chance to
investigate (get a stack dump perhaps).
Regarding SafeIntLib, I'm a fan in general. In this case, I did not
think of it (possible integer truncations seem so rare in this driver).
For this patch, I'm OK either way (with or without using SafeIntLib), as
long as we add both the ASSERT and the explicit CpuDeadLoop (either
variant of the three).
Thanks
Laszlo
next prev parent reply other threads:[~2020-03-31 21:56 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-31 11:04 [PATCH] OvmfPkg/PvScsiDxe: Fix VS2019 build error because of implicit cast Liran Alon
2020-03-31 15:53 ` [edk2-devel] " Sean
2020-03-31 21:56 ` Laszlo Ersek [this message]
2020-03-31 22:13 ` Liran Alon
2020-03-31 22:17 ` Liran Alon
2020-03-31 22:54 ` Sean
2020-04-01 11:02 ` Laszlo Ersek
2020-04-01 8:36 ` Laszlo Ersek
2020-04-01 8:50 ` Ard Biesheuvel
2020-04-01 11:47 ` Laszlo Ersek
2020-04-01 8:22 ` Laszlo Ersek
2020-04-01 14:46 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4b90b41a-2cf1-8b6e-6619-1c652820265e@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox