Commit Graph

35 Commits

Author SHA1 Message Date
Sean Brogan d7a09cb86a MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance
https://bugzilla.tianocore.org/show_bug.cgi?id=798

SafeIntLib provides helper functions to prevent integer overflow
during type conversion, addition, subtraction, and multiplication.

Conversion Functions
====================
* Converting from a signed type to an unsigned type of the same
  size, or vice-versa.
* Converting to a smaller type that could possibly overflow.
* Converting from a signed type to a larger unsigned type.

Unsigned Addition, Subtraction, Multiplication
===============================================
* Unsigned integer math functions protect from overflow and
  underflow (in case of subtraction).

Signed Addition, Subtraction, Multiplication
============================================
* Strongly consider using unsigned numbers.
* Signed numbers are often used where unsigned numbers should
  be used. For example file sizes and array indices should always
  be unsigned. Subtracting a larger positive signed number from a
  smaller positive signed number with SafeInt32Sub() will succeed,
  producing a negative number, that then must not be used as an
  array index (but can occasionally be used as a pointer index.)
  Similarly for adding a larger magnitude negative number to a
  smaller magnitude positive number.
* SafeIntLib does not protect you from such errors. It tells you
  if your integer operations overflowed, not if you are doing the
  right thing with your non-overflowed integers.
* Likewise you can overflow a buffer with a non-overflowed
  unsigned index.

Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport
21ef3a321c
ca516b1a61
33bab4031a

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-01-25 09:42:20 -08:00
Liming Gao c0f7a5d4b3 MdePkg: Disable VS warning 4701 & 4703 for VS2017
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2017-11-29 16:03:10 +08:00
Ard Biesheuvel 08855193ca MdePkg/ProcessorBind: add defines for page allocation granularity
The UEFI spec differs between architectures in the minimum alignment
and granularity of page allocations that are visible to the OS as
EFI_MEMORY_RUNTIME regions.

So define macros that carry these values to the respective ProcessorBind.h
header files.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-03-06 11:27:00 +01:00
Thomas Huth 00b7cc0fe3 MdePkg: Fix some typing errors in the header files
Correct the typos in some header files of MdePkg.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
2016-10-07 18:09:09 -07:00
Ard Biesheuvel 4a8466d4ba BaseTools GCC: introduce GCC5 toolchain to support GCC v5.x in LTO mode
This adds support for GCC 5.x in LTO mode for IA32, X64, ARM and
AARCH64. Due to the fact that the GCC project switched to a new
numbering scheme where the first digit is now incremented for every
major release, the new toolchain is simply called 'GCC5', and is
intended to support all GCC v5.x releases.

Since IA32 and X64 enable compiler optimizations (-Os) for both DEBUG
and RELEASE builds, LTO support is equally enabled for both targets.
On ARM and AARCH64, DEBUG builds are not optimized, and so the LTO
optimizations are only enabled for RELEASE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-02 10:54:11 +02:00
Ard Biesheuvel 28ade7b802 MdePkg: move to 'hidden' visibility for all symbols under GCC/X64
When using GCC to build for X64, we switched to the position independent
small code model, which is much more efficient in terms of code generation
and runtime relocation footprint, and produces binaries that can execute
correctly from any offset.

However, the PIC routines are by default geared towards hosted binaries
containing symbol references that may resolve to definitions in other
dynamic objects, and for this reason, most symbol references are indirected
via a GOT entry (which also results in a .reloc fixup entry) unless we
annotate them.

For this reason, we introduced the 'protected' visibility annotation for
all symbol definitions and references, by setting the GCC visibility
pragma. However, as it turns out, this is not sufficient for all versions
of GCC, and in some cases (GCC 5.x using the GCC49 toolchain tag), may
still result in GOT based relocations.

So switch to 'hidden' visibility instead, which is slightly stronger, and
fixes this issue for the versions of GCC that exhibit the problem.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-02 08:20:08 +02:00
Ard Biesheuvel 1252a681a6 MdePkg X64: force 'protected' visibility when building with -fpic
When building position independent (PIC) ELF objects, the GCC compiler
assumes that each symbol with external linkage may potentially end up
being exported from a shared library, which means that each of those
symbols may be subject to symbol preemption, i.e., the executable
linking to the shared library at runtime may override symbols exported
by the shared library, and every internal reference held by the shared
library itself *must* be made to point to the overridden version instead.

For this reason, PIC code symbol references always go via the Global
Offset Table (GOT), even if the code in question references symbols that
are defined in the same compilation unit. The GOT refers to each symbol
by absolute address, and so each entry is subject to runtime relocation.

Since not every symbol with external linkage is ultimately exported from
a shared library, the GCC compiler allows control over symbol visibility
using attributes, command line arguments and pragmas, where 'protected'
means that the symbol is only referenced by the shared library itself.
Due to the poor hygiene in EDK2 regarding the use of the 'static'
modifier, many symbols that are local to their compilation unit end up
being referenced indirectly via the GOT when building PIC code.

In UEFI, there are no shared libraries and so there is no need to deal
with symbol preemption, and we can mark every symbol reference protected.
The only method that applies to all symbol definitions as well as
declarations is the #pragma. So set the visibility 'protected' pragma when
building PIC code for X64 using GCC. Note that this affects code generated
with the -fpie compiler switch as well as the -fpic compiler switch.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-07-21 13:32:09 +02:00
Liming Gao 592a3790d8 MdePkg: Disable VS2015 warning C4701 & C4703
C4701 & C4703 may cause false positive issues.
They have been disabled in VS2013.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19111 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-04 03:05:28 +00:00
Shumin Qiu a5077fd0d2 MdePkg IA32/X64 ProcessorBind.h : Disable the C4701 and C4703 warnings for VS2013.
As they may be raised as false positive in building.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shumin Qiu <shumin.qiu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16594 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-09 04:50:11 +00:00
Chen Fan f9080cdd08 MdePkg: fix comments typo about EFIAPI for X64
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16299 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-04 09:17:37 +00:00
Jordan Justen 02eef55311 MdePkg Base.h: Always define ASM_PFX
Some compilers may define __USER_LABEL_PREFIX__ to determine the
prefix used with ASM_PFX. Otherwise, IA32 will use a single underscore
'_' character, and all other architectures will use an empty prefix.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16019 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-01 17:23:10 +00:00
Liming Gao 068a82fc5a 1. Add defines for MAX values for UEFI data types.
2. Remove the #defines and add the extern declarations for gEfiDebugPortVariableGuid and gEfiDebugPortDevicePathGuid.

Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: michael.d.kinney@intel.com
Reviewed-by: Star Zeng <star.zeng@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14465 6f19259b-4bc3-4df7-8a09-765794883524
2013-07-12 02:48:08 +00:00
lgao4 d22ebbe39f Update MdePkg and EdkCompatibilityPkg INT8 definition to be typedef signed char to follow UEFI spec.
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael D. Kinney <michael.d.kinney@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13312 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-16 00:42:21 +00:00
hhtian 9df063a06a Update the copyright notice format
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10403 6f19259b-4bc3-4df7-8a09-765794883524
2010-04-23 15:46:20 +00:00
geekboy15a 52aa9e136b Updating processor bindings to not use stdint.h. Also added code to verify at compile time that data widths are correct.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10232 6f19259b-4bc3-4df7-8a09-765794883524
2010-03-11 20:52:54 +00:00
eric_tian 8fe69f133e disable ICC compiler warning #593: variable was set but never used.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9705 6f19259b-4bc3-4df7-8a09-765794883524
2010-01-11 02:29:54 +00:00
mdkinney 8992ce066e Fix file headers and a few comments
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9188 6f19259b-4bc3-4df7-8a09-765794883524
2009-08-24 23:37:52 +00:00
mdkinney fc0072c87e Move content from CPU specific ProcessorBind.h files into Base.h if the content is the same for all supported CPU architectures.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9097 6f19259b-4bc3-4df7-8a09-765794883524
2009-08-18 20:47:01 +00:00
eric_tian d4cf6b6c97 redefine the ASM_PFX to let it can work on Apple/NetBSD and other Unix* platform.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9073 6f19259b-4bc3-4df7-8a09-765794883524
2009-08-14 09:39:55 +00:00
mdkinney 68167fed0e Fix build breaks from comment clean up checkin
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8468 6f19259b-4bc3-4df7-8a09-765794883524
2009-06-04 18:57:44 +00:00
pkandel 1a2f870c9b Second set of changes based on a review of the code comments in the Include directory for typos, grammar issues, and language clarity.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8467 6f19259b-4bc3-4df7-8a09-765794883524
2009-06-04 16:16:15 +00:00
xli24 7b2cc5499f Remove __APPLE__ usage in ProcessorBind.h files.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8362 6f19259b-4bc3-4df7-8a09-765794883524
2009-05-21 02:24:02 +00:00
xli24 d5172f911d 1. Remove .extern from GCC assembly.
2. Define macro for .global/.globl in GCC assembly.


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8344 6f19259b-4bc3-4df7-8a09-765794883524
2009-05-20 09:42:59 +00:00
jljusten 6149e6bb4f Allow EFIAPI to be defined on the compiler command line.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8061 6f19259b-4bc3-4df7-8a09-765794883524
2009-04-10 20:58:10 +00:00
klu2 5cfbd05587 1, Use #if defined() to judge the switching macro such as compiler macro.
Original, some code directly judge the value of these macros, but linux ICC compiler will report error as "zero used for undefined preprocessing identifier". So it is better judge whether these macros are defined before accessing their value.
2, Use #if defined() style to replace #ifdef style.
It is good to keep consistent style for this case.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@7596 6f19259b-4bc3-4df7-8a09-765794883524
2009-02-23 05:51:02 +00:00
qhuang8 373ade0eb6 Update copyright for files modified in this year
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@7148 6f19259b-4bc3-4df7-8a09-765794883524
2008-12-29 14:07:07 +00:00
mdkinney f4ec40abd6 Add more detailed comments for many of the Base Types
Remove all declarations of UINT8_MAX.  Use BIT8-1 instead.


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@6909 6f19259b-4bc3-4df7-8a09-765794883524
2008-12-07 23:10:08 +00:00
mdkinney 9a1d00cbb5 Update FUNCTION_ENTRY_POINT() to be compatible with a wider variety of input parameters.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@6883 6f19259b-4bc3-4df7-8a09-765794883524
2008-12-05 23:23:59 +00:00
qhuang8 030cd1a2e9 Update the text to use "x64" instead of "X64" in MdePkg.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@6854 6f19259b-4bc3-4df7-8a09-765794883524
2008-12-05 03:23:13 +00:00
gikidy 3963c4bf44 Add comments for the MACRO follow the Spec, and change some definition not match the Spec.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@6852 6f19259b-4bc3-4df7-8a09-765794883524
2008-12-05 02:28:51 +00:00
lgao4 14996c9669 Correct Minor Comments in M3 to M4 review.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@6842 6f19259b-4bc3-4df7-8a09-765794883524
2008-12-04 08:35:07 +00:00
vanjeff 9510db651c update comments and refine code.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@6559 6f19259b-4bc3-4df7-8a09-765794883524
2008-11-17 08:13:37 +00:00
eric_tian 6b3a2ca003 wrap ASM_PFX macro to avoid generating symbols preceded by underscore in Linux Gcc or Mingw Gcc
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@6192 6f19259b-4bc3-4df7-8a09-765794883524
2008-10-23 05:28:43 +00:00
jljusten 4ef8fb487f trunk/edk2/MdePkg/Include/X64/ProcessorBind.h:
trunk/edk2/MdePkg/Include/Ia32/ProcessorBind.h:
trunk/edk2/MdePkg/Include/Ipf/ProcessorBind.h:
* Do not ignore this warning (Intel Compiler warning #593; Local
  Variable is set, but not used.)  We will attempt to clean up
  code that generates this particular warning.


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@6083 6f19259b-4bc3-4df7-8a09-765794883524
2008-10-07 16:40:43 +00:00
vanjeff 81c749f767 Changed x64 into X64.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@5811 6f19259b-4bc3-4df7-8a09-765794883524
2008-09-04 06:20:32 +00:00