From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0E3982095DCB2 for ; Thu, 24 Aug 2017 17:34:26 -0700 (PDT) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Aug 2017 17:36:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.41,423,1498546800"; d="scan'208";a="304179891" Received: from orsmsx104.amr.corp.intel.com ([10.22.225.131]) by fmsmga004.fm.intel.com with ESMTP; 24 Aug 2017 17:36:56 -0700 Received: from orsmsx111.amr.corp.intel.com (10.22.240.12) by ORSMSX104.amr.corp.intel.com (10.22.225.131) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 24 Aug 2017 17:36:56 -0700 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.25]) by ORSMSX111.amr.corp.intel.com ([169.254.12.91]) with mapi id 14.03.0319.002; Thu, 24 Aug 2017 17:36:56 -0700 From: "Kinney, Michael D" To: "Dong, Eric" , "edk2-devel@lists.01.org" , "Kinney, Michael D" CC: "Ni, Ruiyu" Thread-Topic: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue. Thread-Index: AQHTHISvOjgWRq1ADUKUn3isxhVWMKKUO1zA Date: Fri, 25 Aug 2017 00:36:55 +0000 Message-ID: References: <1503543407-7936-1-git-send-email-eric.dong@intel.com> In-Reply-To: <1503543407-7936-1-git-send-email-eric.dong@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.22.254.140] MIME-Version: 1.0 Subject: Re: [Patch] UefiCpuPkg/MpLib: fix potential overflow issue. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Aug 2017 00:34:26 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Kinney Mike > -----Original Message----- > From: Dong, Eric > Sent: Wednesday, August 23, 2017 7:57 PM > To: edk2-devel@lists.01.org > Cc: Kinney, Michael D ; Ni, Ruiyu > > Subject: [Patch] UefiCpuPkg/MpLib: fix potential overflow > issue. >=20 > Current calculate timeout logic may have overflow if the input > timeout value too large. This patch fix this potential > overflow > issue. >=20 > V2: Use local variable instead of call > GetPerformanceCounterProperties > twice. Also correct some comments. >=20 > Cc: Michael Kinney > Cc: Ruiyu Ni > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Eric Dong > --- > UefiCpuPkg/Library/MpInitLib/MpLib.c | 43 > +++++++++++++++++++++++++++--------- > 1 file changed, 33 insertions(+), 10 deletions(-) >=20 > diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c > b/UefiCpuPkg/Library/MpInitLib/MpLib.c > index ed1f55e..8394572 100644 > --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c > +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c > @@ -1001,6 +1001,9 @@ CalculateTimeout ( > OUT UINT64 *CurrentTime > ) > { > + UINT64 TimeoutInSeconds; > + UINT64 TimestampCounterFreq; > + > // > // Read the current value of the performance counter > // > @@ -1016,16 +1019,36 @@ CalculateTimeout ( >=20 > // > // GetPerformanceCounterProperties () returns the timestamp > counter's frequency > - // in Hz. So multiply the return value with > TimeoutInMicroseconds and then divide > - // it by 1,000,000, to get the number of ticks for the > timeout value. > - // > - return DivU64x32 ( > - MultU64x64 ( > - GetPerformanceCounterProperties (NULL, NULL), > - TimeoutInMicroseconds > - ), > - 1000000 > - ); > + // in Hz. > + // > + TimestampCounterFreq =3D GetPerformanceCounterProperties > (NULL, NULL); > + > + // > + // Check the potential overflow before calculate the number > of ticks for the timeout value. > + // > + if (DivU64x64Remainder (MAX_UINT64, TimeoutInMicroseconds, > NULL) < TimestampCounterFreq) { > + // > + // Convert microseconds into seconds if direct > multiplication overflows > + // > + TimeoutInSeconds =3D DivU64x32 (TimeoutInMicroseconds, > 1000000); > + // > + // Assertion if the final tick count exceeds MAX_UINT64 > + // > + ASSERT (DivU64x64Remainder (MAX_UINT64, TimeoutInSeconds, > NULL) >=3D TimestampCounterFreq); > + return MultU64x64 (TimestampCounterFreq, > TimeoutInSeconds); > + } else { > + // > + // No overflow case, multiply the return value with > TimeoutInMicroseconds and then divide > + // it by 1,000,000, to get the number of ticks for the > timeout value. > + // > + return DivU64x32 ( > + MultU64x64 ( > + TimestampCounterFreq, > + TimeoutInMicroseconds > + ), > + 1000000 > + ); > + } > } >=20 > /** > -- > 2.7.0.windows.1