Re: [edk2-devel] [PATCH v2 3/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix ARRAY_VS_SINGLETON Coverity issues

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, rsingh@ventanamicro.com
Cc: Ray Ni <ray.ni@intel.com>,
	Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: Re: [edk2-devel] [PATCH v2 3/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix ARRAY_VS_SINGLETON Coverity issues
Date: Tue, 7 Nov 2023 17:41:24 +0100	[thread overview]
Message-ID: <b028f82a-86f3-d144-9d55-9dc59e268624@redhat.com> (raw)
In-Reply-To: <20231107061959.113213-4-rsingh@ventanamicro.com>

On 11/7/23 07:19, Ranbir Singh wrote:
> From: Ranbir Singh <Ranbir.Singh3@Dell.com>
> 
> The function PciHostBridgeResourceAllocator is not making use of the
> generic approach as is used in one of the other function namely -
> DumpResourceMap. As a result, the following warnings can be seen as
> reported by Coverity e.g.
> 
> (30) Event address_of:	Taking address with "&IoBridge" yields a
>      singleton pointer.
> (31) Event callee_ptr_arith:	Passing "&IoBridge" to function
>      "FindResourceNode" which uses it as an array. This might corrupt
>      or misinterpret adjacent memory locations.
> 
> Hence, adopt the generic approach to fix the issues at relevant points.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4239
> 
> Cc: Ray Ni <ray.ni@intel.com>
> Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
> Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
> Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
> ---
>  MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 37 ++++++++++++++++----
>  1 file changed, 31 insertions(+), 6 deletions(-)
> 
> diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
> index 84fc0161a19c..71767d3793d4 100644
> --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
> +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
> @@ -485,6 +485,8 @@ PciHostBridgeResourceAllocator (
>    UINT64                                         Mem64ResStatus;
>    UINT64                                         PMem64ResStatus;
>    UINT32                                         MaxOptionRomSize;
> +  PCI_RESOURCE_NODE                              **ChildResources;
> +  UINTN                                          ChildResourceCount;
>    PCI_RESOURCE_NODE                              *IoBridge;
>    PCI_RESOURCE_NODE                              *Mem32Bridge;
>    PCI_RESOURCE_NODE                              *PMem32Bridge;
> @@ -895,16 +897,39 @@ PciHostBridgeResourceAllocator (
>      // Create the entire system resource map from the information collected by
>      // enumerator. Several resource tree was created
>      //
> -    FindResourceNode (RootBridgeDev, &IoPool, &IoBridge);
> -    FindResourceNode (RootBridgeDev, &Mem32Pool, &Mem32Bridge);
> -    FindResourceNode (RootBridgeDev, &PMem32Pool, &PMem32Bridge);
> -    FindResourceNode (RootBridgeDev, &Mem64Pool, &Mem64Bridge);
> -    FindResourceNode (RootBridgeDev, &PMem64Pool, &PMem64Bridge);
> -
> +    ChildResourceCount = FindResourceNode (RootBridgeDev, &IoPool, NULL);
> +    ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) * ChildResourceCount);
> +    ASSERT (ChildResources != NULL);
> +    FindResourceNode (RootBridgeDev, &IoPool, &ChildResources[0]);
> +    IoBridge = ChildResources[0];
>      ASSERT (IoBridge     != NULL);
> +
> +    ChildResourceCount = FindResourceNode (RootBridgeDev, &Mem32Pool, NULL);
> +    ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) * ChildResourceCount);
> +    ASSERT (ChildResources != NULL);
> +    FindResourceNode (RootBridgeDev, &Mem32Pool, &ChildResources[0]);
> +    Mem32Bridge = ChildResources[0];
>      ASSERT (Mem32Bridge  != NULL);
> +
> +    ChildResourceCount = FindResourceNode (RootBridgeDev, &PMem32Pool, NULL);
> +    ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) * ChildResourceCount);
> +    ASSERT (ChildResources != NULL);
> +    FindResourceNode (RootBridgeDev, &PMem32Pool, &ChildResources[0]);
> +    PMem32Bridge = ChildResources[0];
>      ASSERT (PMem32Bridge != NULL);
> +
> +    ChildResourceCount = FindResourceNode (RootBridgeDev, &Mem64Pool, NULL);
> +    ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) * ChildResourceCount);
> +    ASSERT (ChildResources != NULL);
> +    FindResourceNode (RootBridgeDev, &Mem64Pool, &ChildResources[0]);
> +    Mem64Bridge = ChildResources[0];
>      ASSERT (Mem64Bridge  != NULL);
> +
> +    ChildResourceCount = FindResourceNode (RootBridgeDev, &PMem64Pool, NULL);
> +    ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) * ChildResourceCount);
> +    ASSERT (ChildResources != NULL);
> +    FindResourceNode (RootBridgeDev, &PMem64Pool, &ChildResources[0]);
> +    PMem64Bridge = ChildResources[0];
>      ASSERT (PMem64Bridge != NULL);
>  
>      //

Sorry, but this is terrible.

* First of all, Coverity is *wrong*. The C spec clearly states that, for
the purposes of pointer arithmetic, a singleton object behaves
identically to the first element of an array.

So, immediately, the idea arises that we should just use

  PCI_RESOURCE_NODE *IoBridgeArray[1];

  FindResourceNode (RootBridgeDev, &IoPool, IoBridgeArray)

to shut up Coverity.

* Unfortunately, I expect that would only create a different warning: a
warning about potentially overflowing this single-element array. Which
is in fact a deeper problem in FindResourceNode() -- it happily
overwrites an array that is too small.

* Finally, this generic approach is both ugly (lots of code
duplication!), and worse, it allocates memory without proper error
checking (ASSERT() is not error checking), and then it leaks
ChildResources *multiple times*!

I suggest the following, for solving all of these issues:

- create a function called FindFirstResourceNode(). It should have the
same function prototype as FindResourceNode(), except the last parameter
should be mandatory, not OPTIONAL.

- the internal logic should be the same, except we shouldn't be
counting, the return value should be a BOOLEAN. If we find a match, then
output the first match and return TRUE. Otherwise, set the output to
NULL and return FALSE.

- replace the FindResourceNode calls with FindFirstResourceNode calls

- Those call sites are already followed by ASSERT()s, saying that all
search attempts will succeed. If coverity is happy with them, that's
good; otherwise, we'll have to find a solution for them as well.

Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110864): https://edk2.groups.io/g/devel/message/110864
Mute This Topic: https://groups.io/mt/102438300/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2023-11-07 16:41 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-07  6:19 [edk2-devel] [PATCH v2 0/5] BZ 4239: Fix MdeModulePkg/Bus/Pci/PciBusDxe issues pointed by Coverity Ranbir Singh
2023-11-07  6:19 ` [edk2-devel] [PATCH v2 1/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix DEADCODE Coverity issue Ranbir Singh
2023-11-07 16:21   ` Laszlo Ersek
2023-11-10  6:14     ` Ranbir Singh
2023-11-07  6:19 ` [edk2-devel] [PATCH v2 2/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix MISSING_BREAK Coverity issues Ranbir Singh
2023-11-07  8:15   ` Ni, Ray
2023-11-07 16:23   ` Laszlo Ersek
2023-11-07 17:59     ` Michael D Kinney
2023-11-08  3:51       ` Ranbir Singh
2023-11-08  4:05         ` Michael D Kinney
2023-11-08  4:29           ` Ranbir Singh
2023-11-13 11:24             ` Laszlo Ersek
2023-11-07  6:19 ` [edk2-devel] [PATCH v2 3/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix ARRAY_VS_SINGLETON " Ranbir Singh
2023-11-07 16:41   ` Laszlo Ersek [this message]
2023-11-10  5:59     ` Ranbir Singh
2023-11-07  6:19 ` [edk2-devel] [PATCH v2 4/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix NULL_RETURNS Coverity issue Ranbir Singh
2023-11-07 16:48   ` Laszlo Ersek
2023-11-10  6:11     ` Ranbir Singh
2023-11-13 11:28       ` Laszlo Ersek
2023-11-14 15:08         ` Ranbir Singh
2023-11-14 16:21           ` Michael D Kinney
2023-11-14 16:53             ` Ranbir Singh
2023-11-15 10:02               ` Laszlo Ersek
2023-11-14 19:37             ` Michael Kubacki
2023-11-15 10:10               ` Laszlo Ersek
2023-11-20 14:05                 ` Michael Kubacki
2023-11-15  9:50             ` Laszlo Ersek
2023-11-20  3:57               ` Ranbir Singh
2023-11-21 17:07                 ` Laszlo Ersek
2023-11-07  6:19 ` [edk2-devel] [PATCH v2 5/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix UNUSED_VALUE Coverity issues Ranbir Singh
2023-11-07 17:20   ` Laszlo Ersek
2023-11-10  6:31     ` Ranbir Singh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b028f82a-86f3-d144-9d55-9dc59e268624@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox