[Patch] MdePkg/BaseSafeIntLib: Fix VS20xx IA32 link failures

[Patch] MdePkg/BaseSafeIntLib: Fix VS20xx IA32 link failures

[Michael D Kinney]

https://bugzilla.tianocore.org/show_bug.cgi?id=2525

SafeUint64Mult() looks for 64-bit overflows and performs
several 32-bit multiples with 64-bit results to check for
all possible overflow conditions.  IA32 builds using VS20xx
with optimizations enabled are producing a reference to
the _allmull intrinsic.

The fix is to use MultU64x64() instead of '*' for
these operations.  These are safe because the inputs
are guaranteed to have the upper 32-bits clear, which
means MultU64x64() can never overflow with those inputs.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 MdePkg/Library/BaseSafeIntLib/SafeIntLib.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c b/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
index 0f6be6e064..eec8ac1ffd 100644
--- a/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
+++ b/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
@@ -3380,14 +3380,14 @@ SafeUint64Mult (
       //
       // a * d must be less than 2^32 or there would be bits set in the high 64-bits
       //
-      ProductAD = (((UINT64)DwordA) *(UINT64)DwordD);
+      ProductAD = MultU64x64 ((UINT64)DwordA, (UINT64)DwordD);
       if ((ProductAD & 0xffffffff00000000) == 0) {
         DwordB = (UINT32)Multiplicand;
 
         //
         // b * c must be less than 2^32 or there would be bits set in the high 64-bits
         //
-        ProductBC = (((UINT64)DwordB) *(UINT64)DwordC);
+        ProductBC = MultU64x64 ((UINT64)DwordB, (UINT64)DwordC);
         if ((ProductBC & 0xffffffff00000000) == 0) {
           //
           // now sum them all up checking for overflow.
@@ -3397,7 +3397,7 @@ SafeUint64Mult (
             //
             // b * d
             //
-            ProductBD = (((UINT64)DwordB) *(UINT64)DwordD);
+            ProductBD = MultU64x64 ((UINT64)DwordB, (UINT64)DwordD);
 
             if (!RETURN_ERROR (SafeUint64Add (UnsignedResult, ProductBD, &UnsignedResult))) {
               *Result = UnsignedResult;
-- 
2.21.0.windows.1

Re: [EXTERNAL] [Patch] MdePkg/BaseSafeIntLib: Fix VS20xx IA32 link failures

[Bret Barkelew]

[-- Attachment #1: Type: text/plain, Size: 2964 bytes --]

Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>

- Bret

________________________________
From: Michael D Kinney <michael.d.kinney@intel.com>
Sent: Wednesday, February 12, 2020 2:45:11 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Liming Gao <liming.gao@intel.com>; Sean Brogan <sean.brogan@microsoft.com>; Bret Barkelew <Bret.Barkelew@microsoft.com>
Subject: [EXTERNAL] [Patch] MdePkg/BaseSafeIntLib: Fix VS20xx IA32 link failures

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2525&amp;data=02%7C01%7CBret.Barkelew%40microsoft.com%7C42f4119d0b1e4cb0fa0e08d7b00d3970%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637171443157049083&amp;sdata=whRKJqlUj7Hq%2F%2BGtPO2ofn97iKwfKXV93RmYCair5l0%3D&amp;reserved=0

SafeUint64Mult() looks for 64-bit overflows and performs
several 32-bit multiples with 64-bit results to check for
all possible overflow conditions.  IA32 builds using VS20xx
with optimizations enabled are producing a reference to
the _allmull intrinsic.

The fix is to use MultU64x64() instead of '*' for
these operations.  These are safe because the inputs
are guaranteed to have the upper 32-bits clear, which
means MultU64x64() can never overflow with those inputs.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 MdePkg/Library/BaseSafeIntLib/SafeIntLib.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c b/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
index 0f6be6e064..eec8ac1ffd 100644
--- a/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
+++ b/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
@@ -3380,14 +3380,14 @@ SafeUint64Mult (
       //
       // a * d must be less than 2^32 or there would be bits set in the high 64-bits
       //
-      ProductAD = (((UINT64)DwordA) *(UINT64)DwordD);
+      ProductAD = MultU64x64 ((UINT64)DwordA, (UINT64)DwordD);
       if ((ProductAD & 0xffffffff00000000) == 0) {
         DwordB = (UINT32)Multiplicand;

         //
         // b * c must be less than 2^32 or there would be bits set in the high 64-bits
         //
-        ProductBC = (((UINT64)DwordB) *(UINT64)DwordC);
+        ProductBC = MultU64x64 ((UINT64)DwordB, (UINT64)DwordC);
         if ((ProductBC & 0xffffffff00000000) == 0) {
           //
           // now sum them all up checking for overflow.
@@ -3397,7 +3397,7 @@ SafeUint64Mult (
             //
             // b * d
             //
-            ProductBD = (((UINT64)DwordB) *(UINT64)DwordD);
+            ProductBD = MultU64x64 ((UINT64)DwordB, (UINT64)DwordD);

             if (!RETURN_ERROR (SafeUint64Add (UnsignedResult, ProductBD, &UnsignedResult))) {
               *Result = UnsignedResult;
--
2.21.0.windows.1


[-- Attachment #2: Type: text/html, Size: 6283 bytes --]

Re: [Patch] MdePkg/BaseSafeIntLib: Fix VS20xx IA32 link failures

[Liming Gao]

Reviewed-by: Liming Gao <liming.gao@intel.com>

> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Thursday, February 13, 2020 6:45 AM
> To: devel@edk2.groups.io
> Cc: Gao, Liming <liming.gao@intel.com>; Sean Brogan <sean.brogan@microsoft.com>; Bret Barkelew <Bret.Barkelew@microsoft.com>
> Subject: [Patch] MdePkg/BaseSafeIntLib: Fix VS20xx IA32 link failures
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=2525
> 
> SafeUint64Mult() looks for 64-bit overflows and performs
> several 32-bit multiples with 64-bit results to check for
> all possible overflow conditions.  IA32 builds using VS20xx
> with optimizations enabled are producing a reference to
> the _allmull intrinsic.
> 
> The fix is to use MultU64x64() instead of '*' for
> these operations.  These are safe because the inputs
> are guaranteed to have the upper 32-bits clear, which
> means MultU64x64() can never overflow with those inputs.
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>  MdePkg/Library/BaseSafeIntLib/SafeIntLib.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c b/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
> index 0f6be6e064..eec8ac1ffd 100644
> --- a/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
> +++ b/MdePkg/Library/BaseSafeIntLib/SafeIntLib.c
> @@ -3380,14 +3380,14 @@ SafeUint64Mult (
>        //
>        // a * d must be less than 2^32 or there would be bits set in the high 64-bits
>        //
> -      ProductAD = (((UINT64)DwordA) *(UINT64)DwordD);
> +      ProductAD = MultU64x64 ((UINT64)DwordA, (UINT64)DwordD);
>        if ((ProductAD & 0xffffffff00000000) == 0) {
>          DwordB = (UINT32)Multiplicand;
> 
>          //
>          // b * c must be less than 2^32 or there would be bits set in the high 64-bits
>          //
> -        ProductBC = (((UINT64)DwordB) *(UINT64)DwordC);
> +        ProductBC = MultU64x64 ((UINT64)DwordB, (UINT64)DwordC);
>          if ((ProductBC & 0xffffffff00000000) == 0) {
>            //
>            // now sum them all up checking for overflow.
> @@ -3397,7 +3397,7 @@ SafeUint64Mult (
>              //
>              // b * d
>              //
> -            ProductBD = (((UINT64)DwordB) *(UINT64)DwordD);
> +            ProductBD = MultU64x64 ((UINT64)DwordB, (UINT64)DwordD);
> 
>              if (!RETURN_ERROR (SafeUint64Add (UnsignedResult, ProductBD, &UnsignedResult))) {
>                *Result = UnsignedResult;
> --
> 2.21.0.windows.1