From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <michael.d.kinney@intel.com>
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D0BA021E47D52
 for <edk2-devel@lists.01.org>; Wed, 23 Aug 2017 14:48:00 -0700 (PDT)
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 23 Aug 2017 14:50:34 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.41,417,1498546800"; d="scan'208";a="893497006"
Received: from orsmsx105.amr.corp.intel.com ([10.22.225.132])
 by FMSMGA003.fm.intel.com with ESMTP; 23 Aug 2017 14:50:34 -0700
Received: from orsmsx155.amr.corp.intel.com (10.22.240.21) by
 ORSMSX105.amr.corp.intel.com (10.22.225.132) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 23 Aug 2017 14:50:34 -0700
Received: from orsmsx113.amr.corp.intel.com ([169.254.9.211]) by
 ORSMSX155.amr.corp.intel.com ([169.254.7.162]) with mapi id 14.03.0319.002;
 Wed, 23 Aug 2017 14:50:33 -0700
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: "Dong, Eric" <eric.dong@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>, "Kinney, Michael D" <michael.d.kinney@intel.com>
CC: "Ni, Ruiyu" <ruiyu.ni@intel.com>
Thread-Topic: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
Thread-Index: AQHTG9DUwbCU2GRLPkCvyW78FKnEj6KSew9A
Date: Wed, 23 Aug 2017 21:50:33 +0000
Message-ID: <E92EE9817A31E24EB0585FDF735412F5A7D84A1F@ORSMSX113.amr.corp.intel.com>
References: <1503466180-15548-1-git-send-email-eric.dong@intel.com>
In-Reply-To: <1503466180-15548-1-git-send-email-eric.dong@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 10.0.102.7
dlp-reaction: no-action
x-originating-ip: [10.22.254.139]
MIME-Version: 1.0
Subject: Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2017 21:48:01 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Eric,

With this patch GetPerformanceCounterProperties() is called=20
twice.  I think you can use TimestampCounterFreq in the else
clause.

Also, the comment blocks are no longer correct.  The original
comment block goes with the else clause, and you need a new
comment block for the if statement that describes the check
for an overflow.

Mike

> -----Original Message-----
> From: Dong, Eric
> Sent: Tuesday, August 22, 2017 10:30 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ruiyu
> <ruiyu.ni@intel.com>
> Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow
> issue.
>=20
> Current calculate timeout logic may have overflow if the input
> timeout value too large. This patch fix this potential overflow
> issue.
>=20
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
>  UefiCpuPkg/Library/MpInitLib/MpLib.c | 30
> +++++++++++++++++++++++-------
>  1 file changed, 23 insertions(+), 7 deletions(-)
>=20
> diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> index ed1f55e..005dec4 100644
> --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> @@ -1001,6 +1001,9 @@ CalculateTimeout (
>    OUT UINT64  *CurrentTime
>    )
>  {
> +  UINT64 TimeoutInSeconds;
> +  UINT64 TimestampCounterFreq;
> +
>    //
>    // Read the current value of the performance counter
>    //
> @@ -1019,13 +1022,26 @@ CalculateTimeout (
>    // in Hz. So multiply the return value with
> TimeoutInMicroseconds and then divide
>    // it by 1,000,000, to get the number of ticks for the
> timeout value.
>    //
> -  return DivU64x32 (
> -           MultU64x64 (
> -             GetPerformanceCounterProperties (NULL, NULL),
> -             TimeoutInMicroseconds
> -             ),
> -           1000000
> -           );
> +  TimestampCounterFreq =3D GetPerformanceCounterProperties
> (NULL, NULL);
> +  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds,
> NULL) < TimestampCounterFreq) {
> +    //
> +    // Convert microseconds into seconds if direct
> multiplication overflows
> +    //
> +    TimeoutInSeconds =3D DivU64x32 (TimeoutInMicroseconds,
> 1000000);
> +    //
> +    // Assertion if the final tick count exceeds MAX_UINT64
> +    //
> +    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds,
> NULL) >=3D TimestampCounterFreq);
> +    return MultU64x64 (TimestampCounterFreq,
> TimeoutInSeconds);
> +  } else {
> +    return DivU64x32 (
> +             MultU64x64 (
> +               GetPerformanceCounterProperties (NULL, NULL),

Use TimestampCounterFreq instead.

> +               TimeoutInMicroseconds
> +               ),
> +             1000000
> +             );
> +  }
>  }
>=20
>  /**
> --
> 2.7.0.windows.1