From: "Zeng, Star" <star.zeng@intel.com>
To: "Ni, Ruiyu" <ruiyu.ni@Intel.com>, edk2-devel@lists.01.org
Cc: star.zeng@intel.com
Subject: Re: [PATCH 1/3] MdeModulePkg/PciHostBridge: Enhance boundary check in Io/Mem.Read/Write
Date: Tue, 25 Sep 2018 11:02:00 +0800 [thread overview]
Message-ID: <a843a309-48c4-bc0d-460d-e7c950c5e8e1@intel.com> (raw)
In-Reply-To: <33222c6c-74d8-1efb-6656-79c3ef75de5d@Intel.com>
On 2018/9/25 10:43, Ni, Ruiyu wrote:
> On 9/25/2018 10:14 AM, Zeng, Star wrote:
>> Two very small comments are added below.
>>
>> On 2018/9/21 15:25, Ruiyu Ni wrote:
>>> Contributed-under: TianoCore Contribution Agreement 1.1
>>> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
>>> Cc: Star Zeng <star.zeng@intel.com>
>>> ---
>>> .../Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c | 26
>>> +++++++++++++++++-----
>>> 1 file changed, 21 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
>>> b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
>>> index f8a1239ceb..0b6b56f846 100644
>>> --- a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
>>> +++ b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c
>>> @@ -321,6 +321,7 @@ RootBridgeIoCheckParameter (
>>> UINT64 Base;
>>> UINT64 Limit;
>>> UINT32 Size;
>>> + UINT64 Length;
>>> //
>>> // Check to see if Buffer is NULL
>>> @@ -337,7 +338,7 @@ RootBridgeIoCheckParameter (
>>> }
>>> //
>>> - // For FIFO type, the target address won't increase during the
>>> access,
>>> + // For FIFO type, the device address won't increase during the
>>> access,
>>> // so treat Count as 1
>>> //
>>> if (Width >= EfiPciWidthFifoUint8 && Width <=
>>> EfiPciWidthFifoUint64) {
>>> @@ -347,6 +348,13 @@ RootBridgeIoCheckParameter (
>>> Width = (EFI_PCI_ROOT_BRIDGE_IO_PROTOCOL_WIDTH) (Width & 0x03);
>>> Size = 1 << Width;
>>> + //
>>> + // Make sure (Count * Size) doesn't exceed MAX_UINT64
>>> + //
>>> + if (Count > DivU64x32 (MAX_UINT64, Size)) {
>>> + return EFI_INVALID_PARAMETER;
>>> + }
>>> +
>>
>> Mark as "Code Block 1".
>>
>>> //
>>> // Check to see if Address is aligned
>>> //
>>> @@ -354,6 +362,14 @@ RootBridgeIoCheckParameter (
>>> return EFI_UNSUPPORTED;
>>> }
>>> + //
>>> + // Make sure (Address + Count * Size) doesn't exceed MAX_UINT64
>>> + //
>>> + Length = MultU64x32 (Count, Size);
>>> + if (Address > MAX_UINT64 - Length) {
>>> + return EFI_INVALID_PARAMETER;
>>> + }
>>> +
>>
>> Is there some reason this code block is not put together with the
>> "Code Block 1"? Both are checking integer overflow.
>
> This code block is to check whether the Address is valid.
> I group the code by the parameter. If you check the original code, you
> will see the checks performed on parameters: Buffer, Width, Count, Address.
Got it about the checking sequence.
But even this code block is moved to before "Check to see if Address is
aligned" and after "Make sure (Count * Size) doesn't exceed MAX_UINT64",
the checking sequence is kept. Only difference is first checking
unsupported or first checking invalid for Address parameter.
Anyway, I have no strong opinion for that. You can decide. :)
>
>
>>
>> How about also enhancing the function description a little to add one
>> line for describing the overflow invalid parameter cases?
>>
>> @retval EFI_INVALID_PARAMETER XXX.
>
> Sure, I will send V2 with the updated function description.
Thanks. You may consider just updating the below EFI_UNSUPPORTED to
EFI_INVALID_PARAMETER.
@retval EFI_UNSUPPORTED The address range specified by
Address, Width,
and Count is not valid for this PI system.
Star
>
>>
>> or just updating the line below?
>>
>> @retval EFI_UNSUPPORTED The address range specified by
>> Address, Width,
>> and Count is not valid for this PI
>> system.
>>
>>
>> Thanks,
>> Star
>>
>>> RootBridge = ROOT_BRIDGE_FROM_THIS (This);
>>> //
>>> @@ -372,7 +388,7 @@ RootBridgeIoCheckParameter (
>>> //
>>> // Allow Legacy IO access
>>> //
>>> - if (Address + MultU64x32 (Count, Size) <= 0x1000) {
>>> + if (Address + Length <= 0x1000) {
>>> if ((RootBridge->Attributes & (
>>> EFI_PCI_ATTRIBUTE_ISA_IO |
>>> EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO | EFI_PCI_ATTRIBUTE_VGA_IO |
>>> EFI_PCI_ATTRIBUTE_IDE_PRIMARY_IO |
>>> EFI_PCI_ATTRIBUTE_IDE_SECONDARY_IO |
>>> @@ -386,7 +402,7 @@ RootBridgeIoCheckParameter (
>>> //
>>> // Allow Legacy MMIO access
>>> //
>>> - if ((Address >= 0xA0000) && (Address + MultU64x32 (Count, Size))
>>> <= 0xC0000) {
>>> + if ((Address >= 0xA0000) && (Address + Length) <= 0xC0000) {
>>> if ((RootBridge->Attributes & EFI_PCI_ATTRIBUTE_VGA_MEMORY)
>>> != 0) {
>>> return EFI_SUCCESS;
>>> }
>>> @@ -395,7 +411,7 @@ RootBridgeIoCheckParameter (
>>> // By comparing the Address against Limit we know which range
>>> to be used
>>> // for checking
>>> //
>>> - if (Address + MultU64x32 (Count, Size) <= RootBridge->Mem.Limit
>>> + 1) {
>>> + if (Address + Length <= RootBridge->Mem.Limit + 1) {
>>> Base = RootBridge->Mem.Base;
>>> Limit = RootBridge->Mem.Limit;
>>> } else {
>>> @@ -427,7 +443,7 @@ RootBridgeIoCheckParameter (
>>> return EFI_INVALID_PARAMETER;
>>> }
>>> - if (Address + MultU64x32 (Count, Size) > Limit + 1) {
>>> + if (Address + Length > Limit + 1) {
>>> return EFI_INVALID_PARAMETER;
>>> }
>>>
>>
>
>
next prev parent reply other threads:[~2018-09-25 3:04 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-21 7:25 [PATCH 0/3] Fix a bug that prevents PMEM access Ruiyu Ni
2018-09-21 7:25 ` [PATCH 1/3] MdeModulePkg/PciHostBridge: Enhance boundary check in Io/Mem.Read/Write Ruiyu Ni
2018-09-21 10:53 ` Laszlo Ersek
2018-09-24 13:18 ` Kirkendall, Garrett
2018-09-25 2:14 ` Zeng, Star
2018-09-25 2:43 ` Ni, Ruiyu
2018-09-25 3:02 ` Zeng, Star [this message]
2018-09-21 7:25 ` [PATCH 2/3] MdeModulePkg/PciHostBridge: Fix a bug that prevents PMEM access Ruiyu Ni
2018-09-21 11:06 ` Laszlo Ersek
2018-09-25 2:11 ` Ni, Ruiyu
2018-09-24 13:19 ` Kirkendall, Garrett
2018-09-25 2:15 ` Zeng, Star
2018-09-21 7:25 ` [PATCH 3/3] MdeModulePkg/PciHostBridge: Add RESOURCE_VALID() to simplify code Ruiyu Ni
2018-09-21 11:12 ` Laszlo Ersek
2018-09-25 2:25 ` Ni, Ruiyu
2018-09-25 2:35 ` Zeng, Star
2018-09-25 2:47 ` Ni, Ruiyu
2018-09-25 3:13 ` Zeng, Star
2018-09-25 5:03 ` Ni, Ruiyu
2018-09-24 13:20 ` Kirkendall, Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a843a309-48c4-bc0d-460d-e7c950c5e8e1@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox