From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Permerror (SPF Permanent Error: More than 10 MX records returned) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=ruiyu.ni@intel.com; receiver=edk2-devel@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 215DD220EE115 for ; Wed, 13 Dec 2017 00:44:31 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Dec 2017 00:49:11 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,397,1508828400"; d="scan'208";a="183783150" Received: from ray-dev.ccr.corp.intel.com (HELO [10.239.9.14]) ([10.239.9.14]) by orsmga005.jf.intel.com with ESMTP; 13 Dec 2017 00:49:01 -0800 To: Laszlo Ersek , "Song, BinX" , "edk2-devel@lists.01.org" Cc: "Dong, Eric" References: <559D2DF22BC9A3468B4FA1AA547F0EF1025C22DA@shsmsx102.ccr.corp.intel.com> From: "Ni, Ruiyu" Message-ID: <912ea27f-0500-ca54-c8f8-37124c61e1a9@Intel.com> Date: Wed, 13 Dec 2017 16:49:01 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Subject: Re: [PATCH V2] UefiCpuPkg: Check invalid RegisterCpuFeature parameter X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2017 08:44:32 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 12/13/2017 4:44 PM, Laszlo Ersek wrote: > On 12/13/17 03:35, Song, BinX wrote: >> V2: >> Update function name, add more detail description. >> V1: >> Check and assert invalid RegisterCpuFeature function parameter >> >> Cc: Eric Dong >> Cc: Laszlo Ersek >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Bell Song >> --- >> .../Include/Library/RegisterCpuFeaturesLib.h | 5 ++++ >> .../RegisterCpuFeaturesLib.c | 29 ++++++++++++++++++++++ >> 2 files changed, 34 insertions(+) >> >> diff --git a/UefiCpuPkg/Include/Library/RegisterCpuFeaturesLib.h b/UefiCpuPkg/Include/Library/RegisterCpuFeaturesLib.h >> index 9331e49..fc3ccda 100644 >> --- a/UefiCpuPkg/Include/Library/RegisterCpuFeaturesLib.h >> +++ b/UefiCpuPkg/Include/Library/RegisterCpuFeaturesLib.h >> @@ -71,6 +71,11 @@ >> #define CPU_FEATURE_APIC_TPR_UPDATE_MESSAGE (32+9) >> #define CPU_FEATURE_ENERGY_PERFORMANCE_BIAS (32+10) >> #define CPU_FEATURE_PPIN (32+11) >> +// >> +// Currently, CPU_FEATURE_PROC_TRACE is the MAX feature we support. >> +// If you define a feature bigger than it, please also replace it >> +// in RegisterCpuFeatureLibIsFeatureValid function. >> +// >> #define CPU_FEATURE_PROC_TRACE (32+12) >> >> #define CPU_FEATURE_BEFORE_ALL BIT27 >> diff --git a/UefiCpuPkg/Library/RegisterCpuFeaturesLib/RegisterCpuFeaturesLib.c b/UefiCpuPkg/Library/RegisterCpuFeaturesLib/RegisterCpuFeaturesLib.c >> index dd6a82b..6ec26e1 100644 >> --- a/UefiCpuPkg/Library/RegisterCpuFeaturesLib/RegisterCpuFeaturesLib.c >> +++ b/UefiCpuPkg/Library/RegisterCpuFeaturesLib/RegisterCpuFeaturesLib.c >> @@ -81,6 +81,34 @@ DumpCpuFeature ( >> } >> >> /** >> + Determines if the CPU feature is valid. >> + >> + @param[in] Feature Pointer to CPU feature >> + >> + @retval TRUE The CPU feature is valid. >> + @retval FALSE The CPU feature is invalid. >> +**/ >> +BOOLEAN >> +RegisterCpuFeatureLibIsFeatureValid ( >> + IN UINT32 Feature >> + ) >> +{ >> + UINT32 Data; >> + >> + Data = Feature; >> + Data &= ~(CPU_FEATURE_BEFORE | CPU_FEATURE_AFTER | CPU_FEATURE_BEFORE_ALL | CPU_FEATURE_AFTER_ALL); >> + // >> + // Currently, CPU_FEATURE_PROC_TRACE is the MAX feature we support. >> + // If you define a feature bigger than it, please replace it at below. >> + // >> + if (Data > CPU_FEATURE_PROC_TRACE) { >> + DEBUG ((DEBUG_ERROR, "Invalid CPU feature: 0x%x ", Feature)); >> + return FALSE; >> + } >> + return TRUE; >> +} >> + >> +/** >> Determines if the feature bit mask is in dependent CPU feature bit mask buffer. >> >> @param[in] FeatureMask Pointer to CPU feature bit mask >> @@ -444,6 +472,7 @@ RegisterCpuFeature ( >> >> VA_START (Marker, InitializeFunc); >> Feature = VA_ARG (Marker, UINT32); >> + ASSERT (RegisterCpuFeatureLibIsFeatureValid(Feature)); >> while (Feature != CPU_FEATURE_END) { >> ASSERT ((Feature & (CPU_FEATURE_BEFORE | CPU_FEATURE_AFTER)) >> != (CPU_FEATURE_BEFORE | CPU_FEATURE_AFTER)); >> > > The consensus thus far seems to be that we should not add a separate > _MAX macro for this purpose. I don't understand why -- in my opinion it > would be easier to update the macro in one place only. > > Now, I realize we have a library class header file here, and a library > instance. Those things are separate; it is conceivable that another > library instance is developed independently, and thus we should not tie > the MAX feature of *all* library instances to the same central class header. > > However, this separation is already being violated in this patch: the > RegisterCpuFeatureLibIsFeatureValid() function is an implementation > detail of the (currently only one) library instance. Thus, the lib class > header should not refer to it, even in a comment. > > So, I don't understand why we can't just add a _MAX macro. The central > library instance could use _MAX; all other (out of tree) instances would > not use _MAX. > I do not understand either:) But if the change doesn't expose more interfaces (_MAX in this case), I feel safe because we can change much freely in future. > Anyway, this doesn't mean the patch is not correct. > > Acked-by: Laszlo Ersek > > Thanks > Laszlo > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > -- Thanks, Ray