From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <michael.d.kinney@intel.com>
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 0E3982095DCB2
 for <edk2-devel@lists.01.org>; Thu, 24 Aug 2017 17:34:26 -0700 (PDT)
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 24 Aug 2017 17:36:57 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.41,423,1498546800"; d="scan'208";a="304179891"
Received: from orsmsx104.amr.corp.intel.com ([10.22.225.131])
 by fmsmga004.fm.intel.com with ESMTP; 24 Aug 2017 17:36:56 -0700
Received: from orsmsx111.amr.corp.intel.com (10.22.240.12) by
 ORSMSX104.amr.corp.intel.com (10.22.225.131) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 24 Aug 2017 17:36:56 -0700
Received: from orsmsx113.amr.corp.intel.com ([169.254.9.25]) by
 ORSMSX111.amr.corp.intel.com ([169.254.12.91]) with mapi id 14.03.0319.002;
 Thu, 24 Aug 2017 17:36:56 -0700
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: "Dong, Eric" <eric.dong@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>, "Kinney, Michael D" <michael.d.kinney@intel.com>
CC: "Ni, Ruiyu" <ruiyu.ni@intel.com>
Thread-Topic: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
Thread-Index: AQHTHISvOjgWRq1ADUKUn3isxhVWMKKUO1zA
Date: Fri, 25 Aug 2017 00:36:55 +0000
Message-ID: <E92EE9817A31E24EB0585FDF735412F5A7D999BE@ORSMSX113.amr.corp.intel.com>
References: <1503543407-7936-1-git-send-email-eric.dong@intel.com>
In-Reply-To: <1503543407-7936-1-git-send-email-eric.dong@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 11.0.0.116
dlp-reaction: no-action
x-originating-ip: [10.22.254.140]
MIME-Version: 1.0
Subject: Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Aug 2017 00:34:26 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>

Mike

> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, August 23, 2017 7:57 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ruiyu
> <ruiyu.ni@intel.com>
> Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow
> issue.
>=20
> Current calculate timeout logic may have overflow if the input
> timeout value too large. This patch fix this potential
> overflow
> issue.
>=20
> V2: Use local variable instead of call
> GetPerformanceCounterProperties
> twice. Also correct some comments.
>=20
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
>  UefiCpuPkg/Library/MpInitLib/MpLib.c | 43
> +++++++++++++++++++++++++++---------
>  1 file changed, 33 insertions(+), 10 deletions(-)
>=20
> diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> index ed1f55e..8394572 100644
> --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> @@ -1001,6 +1001,9 @@ CalculateTimeout (
>    OUT UINT64  *CurrentTime
>    )
>  {
> +  UINT64 TimeoutInSeconds;
> +  UINT64 TimestampCounterFreq;
> +
>    //
>    // Read the current value of the performance counter
>    //
> @@ -1016,16 +1019,36 @@ CalculateTimeout (
>=20
>    //
>    // GetPerformanceCounterProperties () returns the timestamp
> counter's frequency
> -  // in Hz. So multiply the return value with
> TimeoutInMicroseconds and then divide
> -  // it by 1,000,000, to get the number of ticks for the
> timeout value.
> -  //
> -  return DivU64x32 (
> -           MultU64x64 (
> -             GetPerformanceCounterProperties (NULL, NULL),
> -             TimeoutInMicroseconds
> -             ),
> -           1000000
> -           );
> +  // in Hz.
> +  //
> +  TimestampCounterFreq =3D GetPerformanceCounterProperties
> (NULL, NULL);
> +
> +  //
> +  // Check the potential overflow before calculate the number
> of ticks for the timeout value.
> +  //
> +  if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds,
> NULL) < TimestampCounterFreq) {
> +    //
> +    // Convert microseconds into seconds if direct
> multiplication overflows
> +    //
> +    TimeoutInSeconds =3D DivU64x32 (TimeoutInMicroseconds,
> 1000000);
> +    //
> +    // Assertion if the final tick count exceeds MAX_UINT64
> +    //
> +    ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds,
> NULL) >=3D TimestampCounterFreq);
> +    return MultU64x64 (TimestampCounterFreq,
> TimeoutInSeconds);
> +  } else {
> +    //
> +    // No overflow case, multiply the return value with
> TimeoutInMicroseconds and then divide
> +    // it by 1,000,000, to get the number of ticks for the
> timeout value.
> +    //
> +    return DivU64x32 (
> +             MultU64x64 (
> +               TimestampCounterFreq,
> +               TimeoutInMicroseconds
> +               ),
> +             1000000
> +             );
> +  }
>  }
>=20
>  /**
> --
> 2.7.0.windows.1