From cb0dd58b37b22f7731cd81da8024934040fafdc0 Mon Sep 17 00:00:00 2001 From: Edward O'Callaghan Date: Sun, 7 Dec 2014 05:20:14 +1100 Subject: [PATCH] amd/agesa/f*/Lib/amdlib.c: Integer overflow in loop construct As is the case in commit: 3312ed7 amd/agesa/f1?/Lib/amdlib.c: Integer overflow in loop construct The semantics of this loop relies on an integer overflow in Index >=0 that implies a return value of (UINT8)-1 which around wraps to 0xFF, or VOLT_UNSUPPORTED. Also fix an infinite loop. Change-Id: Iced3eff3ae7b8935db3bdd6147372cf3b540883c Signed-off-by: Edward O'Callaghan Reviewed-on: http://review.coreboot.org/7676 Reviewed-by: Bruce Griffith Tested-by: build bot (Jenkins) Reviewed-by: Alexandru Gagniuc --- src/vendorcode/amd/agesa/f10/Lib/amdlib.c | 18 +++++++++++++----- src/vendorcode/amd/agesa/f12/Lib/amdlib.c | 18 +++++++++++++----- src/vendorcode/amd/agesa/f14/Lib/amdlib.c | 18 +++++++++++++----- src/vendorcode/amd/agesa/f15/Lib/amdlib.c | 17 ++++++++++++----- src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c | 18 +++++++++++++----- src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c | 18 +++++++++++++----- 6 files changed, 77 insertions(+), 30 deletions(-) diff --git a/src/vendorcode/amd/agesa/f10/Lib/amdlib.c b/src/vendorcode/amd/agesa/f10/Lib/amdlib.c index 83e6a009ab..860fb540f7 100644 --- a/src/vendorcode/amd/agesa/f10/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f10/Lib/amdlib.c @@ -339,17 +339,25 @@ LibAmdBitScanForward ( } return (UINT8) Index; } + UINT8 LibAmdBitScanReverse ( IN UINT32 value ) { - UINT8 Index; - for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) return Index; - } - return 0xFF; + uint8_t bit = 31; + do { + if (value & (1 << 31)) + return bit; + + value <<= 1; + bit--; + + } while (value != 0); + + return 0xFF; /* Error code indicating no bit found */ } + VOID LibAmdMsrRead ( IN UINT32 MsrAddress, diff --git a/src/vendorcode/amd/agesa/f12/Lib/amdlib.c b/src/vendorcode/amd/agesa/f12/Lib/amdlib.c index 1ca9b552b8..9ce10b635d 100644 --- a/src/vendorcode/amd/agesa/f12/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f12/Lib/amdlib.c @@ -343,17 +343,25 @@ LibAmdBitScanForward ( } return (UINT8) Index; } + UINT8 LibAmdBitScanReverse ( IN UINT32 value ) { - UINT8 Index; - for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) return Index; - } - return 0xFF; + uint8_t bit = 31; + do { + if (value & (1 << 31)) + return bit; + + value <<= 1; + bit--; + + } while (value != 0); + + return 0xFF; /* Error code indicating no bit found */ } + VOID LibAmdMsrRead ( IN UINT32 MsrAddress, diff --git a/src/vendorcode/amd/agesa/f14/Lib/amdlib.c b/src/vendorcode/amd/agesa/f14/Lib/amdlib.c index 963aa7e2e1..24c162a731 100644 --- a/src/vendorcode/amd/agesa/f14/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f14/Lib/amdlib.c @@ -343,17 +343,25 @@ LibAmdBitScanForward ( } return (UINT8) Index; } + UINT8 LibAmdBitScanReverse ( IN UINT32 value ) { - UINT8 Index; - for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) return Index; - } - return 0xFF; + uint8_t bit = 31; + do { + if (value & (1 << 31)) + return bit; + + value <<= 1; + bit--; + + } while (value != 0); + + return 0xFF; /* Error code indicating no bit found */ } + VOID LibAmdMsrRead ( IN UINT32 MsrAddress, diff --git a/src/vendorcode/amd/agesa/f15/Lib/amdlib.c b/src/vendorcode/amd/agesa/f15/Lib/amdlib.c index 1180ad29a6..90b0272916 100644 --- a/src/vendorcode/amd/agesa/f15/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f15/Lib/amdlib.c @@ -343,16 +343,23 @@ LibAmdBitScanForward ( } return (UINT8) Index; } + UINT8 LibAmdBitScanReverse ( IN UINT32 value ) { - UINT8 Index; - for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) return Index; - } - return 0xFF; + uint8_t bit = 31; + do { + if (value & (1 << 31)) + return bit; + + value <<= 1; + bit--; + + } while (value != 0); + + return 0xFF; /* Error code indicating no bit found */ } UINT64 diff --git a/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c b/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c index a2c424ab87..1e2e349b4c 100644 --- a/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c @@ -354,17 +354,25 @@ LibAmdBitScanForward ( } return (UINT8) Index; } + UINT8 LibAmdBitScanReverse ( IN UINT32 value ) { - UINT8 Index; - for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) return Index; - } - return 0xFF; + uint8_t bit = 31; + do { + if (value & (1 << 31)) + return bit; + + value <<= 1; + bit--; + + } while (value != 0); + + return 0xFF; /* Error code indicating no bit found */ } + VOID LibAmdMsrRead ( IN UINT32 MsrAddress, diff --git a/src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c b/src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c index d0e66b9fc9..75354f9cf1 100644 --- a/src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c @@ -355,17 +355,25 @@ LibAmdBitScanForward ( } return (UINT8) Index; } + UINT8 LibAmdBitScanReverse ( IN UINT32 value ) { - UINTN Index; - for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) break; - } - return (UINT8) Index; + uint8_t bit = 31; + do { + if (value & (1 << 31)) + return bit; + + value <<= 1; + bit--; + + } while (value != 0); + + return 0xFF; /* Error code indicating no bit found */ } + VOID LibAmdMsrRead ( IN UINT32 MsrAddress,