From: "Ranbir Singh" <rsingh@ventanamicro.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: devel@edk2.groups.io, Ray Ni <ray.ni@intel.com>,
Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: Re: [edk2-devel] [PATCH v2 3/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix ARRAY_VS_SINGLETON Coverity issues
Date: Fri, 10 Nov 2023 11:29:14 +0530 [thread overview]
Message-ID: <CAA9DWXADe9AtNceWDFeZrVJvy-faUkhqppNc1Uq4FrCVw0fucw@mail.gmail.com> (raw)
In-Reply-To: <b028f82a-86f3-d144-9d55-9dc59e268624@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 6889 bytes --]
I was apprehensive about this from the very beginning.
Anyway, for now I will be dropping this issue from the series.
On Tue, Nov 7, 2023 at 10:11 PM Laszlo Ersek <lersek@redhat.com> wrote:
> On 11/7/23 07:19, Ranbir Singh wrote:
> > From: Ranbir Singh <Ranbir.Singh3@Dell.com>
> >
> > The function PciHostBridgeResourceAllocator is not making use of the
> > generic approach as is used in one of the other function namely -
> > DumpResourceMap. As a result, the following warnings can be seen as
> > reported by Coverity e.g.
> >
> > (30) Event address_of: Taking address with "&IoBridge" yields a
> > singleton pointer.
> > (31) Event callee_ptr_arith: Passing "&IoBridge" to function
> > "FindResourceNode" which uses it as an array. This might corrupt
> > or misinterpret adjacent memory locations.
> >
> > Hence, adopt the generic approach to fix the issues at relevant points.
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4239
> >
> > Cc: Ray Ni <ray.ni@intel.com>
> > Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
> > Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
> > Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
> > ---
> > MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 37 ++++++++++++++++----
> > 1 file changed, 31 insertions(+), 6 deletions(-)
> >
> > diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
> b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
> > index 84fc0161a19c..71767d3793d4 100644
> > --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
> > +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
> > @@ -485,6 +485,8 @@ PciHostBridgeResourceAllocator (
> > UINT64 Mem64ResStatus;
> > UINT64 PMem64ResStatus;
> > UINT32 MaxOptionRomSize;
> > + PCI_RESOURCE_NODE **ChildResources;
> > + UINTN ChildResourceCount;
> > PCI_RESOURCE_NODE *IoBridge;
> > PCI_RESOURCE_NODE *Mem32Bridge;
> > PCI_RESOURCE_NODE *PMem32Bridge;
> > @@ -895,16 +897,39 @@ PciHostBridgeResourceAllocator (
> > // Create the entire system resource map from the information
> collected by
> > // enumerator. Several resource tree was created
> > //
> > - FindResourceNode (RootBridgeDev, &IoPool, &IoBridge);
> > - FindResourceNode (RootBridgeDev, &Mem32Pool, &Mem32Bridge);
> > - FindResourceNode (RootBridgeDev, &PMem32Pool, &PMem32Bridge);
> > - FindResourceNode (RootBridgeDev, &Mem64Pool, &Mem64Bridge);
> > - FindResourceNode (RootBridgeDev, &PMem64Pool, &PMem64Bridge);
> > -
> > + ChildResourceCount = FindResourceNode (RootBridgeDev, &IoPool,
> NULL);
> > + ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) *
> ChildResourceCount);
> > + ASSERT (ChildResources != NULL);
> > + FindResourceNode (RootBridgeDev, &IoPool, &ChildResources[0]);
> > + IoBridge = ChildResources[0];
> > ASSERT (IoBridge != NULL);
> > +
> > + ChildResourceCount = FindResourceNode (RootBridgeDev, &Mem32Pool,
> NULL);
> > + ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) *
> ChildResourceCount);
> > + ASSERT (ChildResources != NULL);
> > + FindResourceNode (RootBridgeDev, &Mem32Pool, &ChildResources[0]);
> > + Mem32Bridge = ChildResources[0];
> > ASSERT (Mem32Bridge != NULL);
> > +
> > + ChildResourceCount = FindResourceNode (RootBridgeDev, &PMem32Pool,
> NULL);
> > + ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) *
> ChildResourceCount);
> > + ASSERT (ChildResources != NULL);
> > + FindResourceNode (RootBridgeDev, &PMem32Pool, &ChildResources[0]);
> > + PMem32Bridge = ChildResources[0];
> > ASSERT (PMem32Bridge != NULL);
> > +
> > + ChildResourceCount = FindResourceNode (RootBridgeDev, &Mem64Pool,
> NULL);
> > + ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) *
> ChildResourceCount);
> > + ASSERT (ChildResources != NULL);
> > + FindResourceNode (RootBridgeDev, &Mem64Pool, &ChildResources[0]);
> > + Mem64Bridge = ChildResources[0];
> > ASSERT (Mem64Bridge != NULL);
> > +
> > + ChildResourceCount = FindResourceNode (RootBridgeDev, &PMem64Pool,
> NULL);
> > + ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) *
> ChildResourceCount);
> > + ASSERT (ChildResources != NULL);
> > + FindResourceNode (RootBridgeDev, &PMem64Pool, &ChildResources[0]);
> > + PMem64Bridge = ChildResources[0];
> > ASSERT (PMem64Bridge != NULL);
> >
> > //
>
> Sorry, but this is terrible.
>
> * First of all, Coverity is *wrong*. The C spec clearly states that, for
> the purposes of pointer arithmetic, a singleton object behaves
> identically to the first element of an array.
>
> So, immediately, the idea arises that we should just use
>
> PCI_RESOURCE_NODE *IoBridgeArray[1];
>
> FindResourceNode (RootBridgeDev, &IoPool, IoBridgeArray)
>
> to shut up Coverity.
>
> * Unfortunately, I expect that would only create a different warning: a
> warning about potentially overflowing this single-element array. Which
> is in fact a deeper problem in FindResourceNode() -- it happily
> overwrites an array that is too small.
>
> * Finally, this generic approach is both ugly (lots of code
> duplication!), and worse, it allocates memory without proper error
> checking (ASSERT() is not error checking), and then it leaks
> ChildResources *multiple times*!
>
> I suggest the following, for solving all of these issues:
>
> - create a function called FindFirstResourceNode(). It should have the
> same function prototype as FindResourceNode(), except the last parameter
> should be mandatory, not OPTIONAL.
>
> - the internal logic should be the same, except we shouldn't be
> counting, the return value should be a BOOLEAN. If we find a match, then
> output the first match and return TRUE. Otherwise, set the output to
> NULL and return FALSE.
>
> - replace the FindResourceNode calls with FindFirstResourceNode calls
>
> - Those call sites are already followed by ASSERT()s, saying that all
> search attempts will succeed. If coverity is happy with them, that's
> good; otherwise, we'll have to find a solution for them as well.
>
> Laszlo
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111016): https://edk2.groups.io/g/devel/message/111016
Mute This Topic: https://groups.io/mt/102438300/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 8824 bytes --]
next prev parent reply other threads:[~2023-11-10 5:59 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-07 6:19 [edk2-devel] [PATCH v2 0/5] BZ 4239: Fix MdeModulePkg/Bus/Pci/PciBusDxe issues pointed by Coverity Ranbir Singh
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 1/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix DEADCODE Coverity issue Ranbir Singh
2023-11-07 16:21 ` Laszlo Ersek
2023-11-10 6:14 ` Ranbir Singh
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 2/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix MISSING_BREAK Coverity issues Ranbir Singh
2023-11-07 8:15 ` Ni, Ray
2023-11-07 16:23 ` Laszlo Ersek
2023-11-07 17:59 ` Michael D Kinney
2023-11-08 3:51 ` Ranbir Singh
2023-11-08 4:05 ` Michael D Kinney
2023-11-08 4:29 ` Ranbir Singh
2023-11-13 11:24 ` Laszlo Ersek
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 3/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix ARRAY_VS_SINGLETON " Ranbir Singh
2023-11-07 16:41 ` Laszlo Ersek
2023-11-10 5:59 ` Ranbir Singh [this message]
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 4/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix NULL_RETURNS Coverity issue Ranbir Singh
2023-11-07 16:48 ` Laszlo Ersek
2023-11-10 6:11 ` Ranbir Singh
2023-11-13 11:28 ` Laszlo Ersek
2023-11-14 15:08 ` Ranbir Singh
2023-11-14 16:21 ` Michael D Kinney
2023-11-14 16:53 ` Ranbir Singh
2023-11-15 10:02 ` Laszlo Ersek
2023-11-14 19:37 ` Michael Kubacki
2023-11-15 10:10 ` Laszlo Ersek
2023-11-20 14:05 ` Michael Kubacki
2023-11-15 9:50 ` Laszlo Ersek
2023-11-20 3:57 ` Ranbir Singh
2023-11-21 17:07 ` Laszlo Ersek
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 5/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix UNUSED_VALUE Coverity issues Ranbir Singh
2023-11-07 17:20 ` Laszlo Ersek
2023-11-10 6:31 ` Ranbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA9DWXADe9AtNceWDFeZrVJvy-faUkhqppNc1Uq4FrCVw0fucw@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox