Date   

[PATCH edk2-platforms 6/8] Silicon/NXP: Add LX2160A Soc package

Pankaj Bansal
 

From: Pankaj Bansal <pankaj.bansal@...>

LX2160A is QorIq Layerscape multicore communications processor with
sixteen Arm Cortex-A72 cores.
This SOC is based on Layerscape Chassis v3.2.

Signed-off-by: Pankaj Bansal <pankaj.bansal@...>
---
Silicon/NXP/LX2160A/LX2160A.dec | 13 ++++
Silicon/NXP/LX2160A/LX2160A.dsc.inc | 50 ++++++++++++
Silicon/NXP/LX2160A/Library/SocLib/SocLib.inf | 27 +++++++
Silicon/NXP/LX2160A/Include/Soc.h | 38 ++++++++++
Silicon/NXP/LX2160A/Library/SocLib/SocLib.c | 80 ++++++++++++++++++++
5 files changed, 208 insertions(+)

diff --git a/Silicon/NXP/LX2160A/LX2160A.dec b/Silicon/NXP/LX2160A/LX2160A.dec
new file mode 100644
index 000000000000..b39a44692361
--- /dev/null
+++ b/Silicon/NXP/LX2160A/LX2160A.dec
@@ -0,0 +1,13 @@
+# LX2160A.dec
+#
+# Copyright 2020 NXP
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+
+[Defines]
+ DEC_SPECIFICATION = 0x0001001A
+
+[Includes]
+ Include
diff --git a/Silicon/NXP/LX2160A/LX2160A.dsc.inc b/Silicon/NXP/LX2160A/LX2160A.dsc.inc
new file mode 100644
index 000000000000..65c1b6e567b3
--- /dev/null
+++ b/Silicon/NXP/LX2160A/LX2160A.dsc.inc
@@ -0,0 +1,50 @@
+# LX2160A.dsc
+# LX2160A Soc package.
+#
+# Copyright 2020 NXP
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+
+!include Silicon/NXP/Chassis3V2/Chassis3V2.dsc.inc
+
+[LibraryClasses.common]
+ SocLib|Silicon/NXP/LX2160A/Library/SocLib/SocLib.inf
+
+ PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
+ SerialPortLib|ArmPlatformPkg/Library/PL011SerialPortLib/PL011SerialPortLib.inf
+ PL011UartClockLib|Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.inf
+
+################################################################################
+#
+# Pcd Section - list of all EDK II PCD Entries defined by this Platform
+#
+################################################################################
+[PcdsDynamicDefault.common]
+ #
+ # ARM General Interrupt Controller
+ gArmTokenSpaceGuid.PcdGicDistributorBase|0x6000000
+ gArmTokenSpaceGuid.PcdGicRedistributorsBase|0x6200000
+ gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase|0xC0C0000
+
+[PcdsFixedAtBuild.common]
+ gArmTokenSpaceGuid.PcdGenericWatchdogControlBase|0x23A0000
+ gArmTokenSpaceGuid.PcdGenericWatchdogRefreshBase|0x2390000
+ gArmTokenSpaceGuid.PcdGenericWatchdogEl2IntrNum|91
+
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultReceiveFifoDepth|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x21C0000
+
+[PcdsFeatureFlag]
+ gNxpQoriqLsTokenSpaceGuid.PcdI2cErratumA009203|TRUE
+
+################################################################################
+#
+# Components Section - list of all EDK II Modules needed by this Platform
+#
+################################################################################
+[Components.common]
+ ArmPkg/Drivers/GenericWatchdogDxe/GenericWatchdogDxe.inf
+
+##
diff --git a/Silicon/NXP/LX2160A/Library/SocLib/SocLib.inf b/Silicon/NXP/LX2160A/Library/SocLib/SocLib.inf
new file mode 100644
index 000000000000..70e14bbabe64
--- /dev/null
+++ b/Silicon/NXP/LX2160A/Library/SocLib/SocLib.inf
@@ -0,0 +1,27 @@
+# @file
+#
+# Copyright 2020 NXP
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+[Defines]
+ INF_VERSION = 0x0001001A
+ BASE_NAME = SocLib
+ FILE_GUID = e868c5ca-9729-43ae-bff4-438c67de8c68
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = SocLib
+
+[Packages]
+ MdePkg/MdePkg.dec
+ Silicon/NXP/Chassis3V2/Chassis3V2.dec
+ Silicon/NXP/LX2160A/LX2160A.dec
+ Silicon/NXP/NxpQoriqLs.dec
+
+[LibraryClasses]
+ ChassisLib
+ DebugLib
+
+[Sources.common]
+ SocLib.c
diff --git a/Silicon/NXP/LX2160A/Include/Soc.h b/Silicon/NXP/LX2160A/Include/Soc.h
new file mode 100644
index 000000000000..626e3a0cee07
--- /dev/null
+++ b/Silicon/NXP/LX2160A/Include/Soc.h
@@ -0,0 +1,38 @@
+/** @file
+
+ Copyright 2020 NXP
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#ifndef SOC_H__
+#define SOC_H__
+
+#include <Chassis.h>
+
+/**
+ Soc Memory Map
+**/
+#define LX2160A_DRAM0_PHYS_ADDRESS (BASE_2GB)
+#define LX2160A_DRAM0_SIZE (SIZE_2GB)
+#define LX2160A_DRAM1_PHYS_ADDRESS (BASE_128GB + BASE_2GB)
+#define LX2160A_DRAM1_SIZE (SIZE_128GB - SIZE_2GB) // 126 GB
+#define LX2160A_DRAM2_PHYS_ADDRESS (BASE_256GB + BASE_128GB)
+#define LX2160A_DRAM2_SIZE (SIZE_128GB)
+
+#define LX2160A_CCSR_PHYS_ADDRESS (BASE_16MB)
+#define LX2160A_CCSR_SIZE (SIZE_256MB - SIZE_16MB) // 240MB
+
+#define LX2160A_FSPI0_PHYS_ADDRESS (BASE_512MB)
+#define LX2160A_FSPI0_SIZE (SIZE_256MB)
+
+#define LX2160A_DCFG_ADDRESS NXP_LAYERSCAPE_CHASSIS3V2_DCFG_ADDRESS
+
+/**
+ Reset Control Word (RCW) Bits
+**/
+#define SYS_PLL_RAT(x) (((x) & 0x7c) >> 2) // Bits 2-6
+
+typedef NXP_LAYERSCAPE_CHASSIS3V2_DEVICE_CONFIG LX2160A_DEVICE_CONFIG;
+
+#endif // SOC_H__
diff --git a/Silicon/NXP/LX2160A/Library/SocLib/SocLib.c b/Silicon/NXP/LX2160A/Library/SocLib/SocLib.c
new file mode 100644
index 000000000000..ed6b30ae8599
--- /dev/null
+++ b/Silicon/NXP/LX2160A/Library/SocLib/SocLib.c
@@ -0,0 +1,80 @@
+/** @Soc.c
+ SoC specific Library containg functions to initialize various SoC components
+
+ Copyright 2020 NXP
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/ChassisLib.h>
+#include <Library/DebugLib.h>
+#include <Library/SocLib.h>
+#include <Soc.h>
+
+/**
+ Return the input clock frequency to an IP Module.
+ This function reads the RCW bits and calculates the PLL multiplier/divider
+ values to be applied to various IP modules.
+ If a module is disabled or doesn't exist on platform, then return zero.
+
+ @param[in] BaseClock Base clock to which PLL multiplier/divider values is
+ to be applied.
+ @param[in] ClockType Variable of Type NXP_IP_CLOCK. Indicates which IP clock
+ is to be retrieved.
+ @param[in] Args Variable argument list which is parsed based on
+ ClockType. e.g. if the ClockType is NXP_I2C_CLOCK, then
+ the second argument will be interpreted as controller
+ number. e.g. if there are four i2c controllers in SOC,
+ then this value can be 0, 1, 2, 3
+ e.g. if ClockType is NXP_CORE_CLOCK, then second
+ argument is interpreted as cluster number and third
+ argument is interpreted as core number (within the
+ cluster)
+
+ @return Actual Clock Frequency. Return value 0 should be
+ interpreted as clock not being provided to IP.
+**/
+UINT64
+SocGetClock (
+ IN UINT64 BaseClock,
+ IN NXP_IP_CLOCK ClockType,
+ IN VA_LIST Args
+ )
+{
+ LX2160A_DEVICE_CONFIG *Dcfg;
+ UINT32 RcwSr;
+ UINT64 ReturnValue;
+
+ ReturnValue = 0;
+ Dcfg = (LX2160A_DEVICE_CONFIG *)LX2160A_DCFG_ADDRESS;
+
+ switch (ClockType) {
+ case NXP_UART_CLOCK:
+ RcwSr = DcfgRead32 ((UINTN)&Dcfg->RcwSr[0]);
+ ReturnValue = (BaseClock * SYS_PLL_RAT (RcwSr)) >> 3;
+ break;
+ case NXP_I2C_CLOCK:
+ RcwSr = DcfgRead32 ((UINTN)&Dcfg->RcwSr[0]);
+ ReturnValue = (BaseClock * SYS_PLL_RAT (RcwSr)) >> 4;
+ break;
+ default:
+ break;
+ }
+
+ return ReturnValue;
+}
+
+/**
+ Function to initialize SoC specific constructs
+ **/
+VOID
+SocInit (
+ VOID
+ )
+{
+ ChassisInit ();
+
+ return;
+}
--
2.17.1


[PATCH edk2-platforms 5/8] Silicon/NXP: Add Chassis3V2 Package

Pankaj Bansal
 

From: Pankaj Bansal <pankaj.bansal@...>

Chassis3V2 is the new chassis on which LS1028A and LX2160A SOCs
are based.
Add the Chassis3V2 package.

Signed-off-by: Pankaj Bansal <pankaj.bansal@...>
---
Silicon/NXP/Chassis3V2/Chassis3V2.dec | 22 ++++++
Silicon/NXP/Chassis3V2/Chassis3V2.dsc.inc | 10 +++
Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.inf | 33 +++++++++
Silicon/NXP/Chassis3V2/Include/Chassis.h | 26 +++++++
Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.c | 71 ++++++++++++++++++++
5 files changed, 162 insertions(+)

diff --git a/Silicon/NXP/Chassis3V2/Chassis3V2.dec b/Silicon/NXP/Chassis3V2/Chassis3V2.dec
new file mode 100644
index 000000000000..d3674cd6dff9
--- /dev/null
+++ b/Silicon/NXP/Chassis3V2/Chassis3V2.dec
@@ -0,0 +1,22 @@
+# @file
+# NXP Layerscape processor package.
+#
+# Copyright 2020 NXP
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+
+[Defines]
+ DEC_SPECIFICATION = 1.27
+ PACKAGE_VERSION = 0.1
+
+################################################################################
+#
+# Include Section - list of Include Paths that are provided by this package.
+# Comments are used for Keywords and Module Types.
+#
+#
+################################################################################
+[Includes.common]
+ Include # Root include for the package
diff --git a/Silicon/NXP/Chassis3V2/Chassis3V2.dsc.inc b/Silicon/NXP/Chassis3V2/Chassis3V2.dsc.inc
new file mode 100644
index 000000000000..dabe2ae23054
--- /dev/null
+++ b/Silicon/NXP/Chassis3V2/Chassis3V2.dsc.inc
@@ -0,0 +1,10 @@
+# @file
+#
+# Copyright 2020 NXP
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+
+[LibraryClasses.common]
+ ChassisLib|Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.inf
diff --git a/Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.inf b/Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.inf
new file mode 100644
index 000000000000..75b68cc4ca2d
--- /dev/null
+++ b/Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.inf
@@ -0,0 +1,33 @@
+# @file
+#
+# Copyright 2020 NXP
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+
+[Defines]
+ INF_VERSION = 1.27
+ BASE_NAME = Chassis3V2Lib
+ FILE_GUID = fae0d077-5fc2-494f-b8e1-c51a3023ee3e
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = ChassisLib
+
+[Packages]
+ ArmPkg/ArmPkg.dec
+ MdePkg/MdePkg.dec
+ Silicon/NXP/Chassis3V2/Chassis3V2.dec
+ Silicon/NXP/NxpQoriqLs.dec
+
+[LibraryClasses]
+ IoAccessLib
+ IoLib
+ PcdLib
+ SerialPortLib
+
+[Sources.common]
+ ChassisLib.c
+
+[FeaturePcd]
+ gNxpQoriqLsTokenSpaceGuid.PcdDcfgBigEndian
diff --git a/Silicon/NXP/Chassis3V2/Include/Chassis.h b/Silicon/NXP/Chassis3V2/Include/Chassis.h
new file mode 100644
index 000000000000..1f8a3fb129df
--- /dev/null
+++ b/Silicon/NXP/Chassis3V2/Include/Chassis.h
@@ -0,0 +1,26 @@
+/** @file
+
+ Copyright 2020 NXP
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#ifndef CHASSIS_H__
+#define CHASSIS_H__
+
+#include <Uefi.h>
+
+#define NXP_LAYERSCAPE_CHASSIS3V2_DCFG_ADDRESS 0x1E00000
+
+/**
+ The Device Configuration Unit provides general purpose configuration and
+ status for the device. These registers only support 32-bit accesses.
+**/
+#pragma pack(1)
+typedef struct {
+ UINT8 Reserved0[0x100 - 0x0];
+ UINT32 RcwSr[32]; // Reset Control Word Status Register
+} NXP_LAYERSCAPE_CHASSIS3V2_DEVICE_CONFIG;
+#pragma pack()
+
+#endif // CHASSIS_H__
diff --git a/Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.c b/Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.c
new file mode 100644
index 000000000000..2d1157d05174
--- /dev/null
+++ b/Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.c
@@ -0,0 +1,71 @@
+/** @file
+ Chassis specific functions common to all SOCs based on a specific Chessis
+
+ Copyright 2020 NXP
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Chassis.h>
+#include <Uefi.h>
+#include <Library/IoAccessLib.h>
+#include <Library/IoLib.h>
+#include <Library/PcdLib.h>
+#include <Library/SerialPortLib.h>
+
+/**
+ Read Dcfg register
+
+ @param Address The MMIO register to read.
+
+ @return The value read.
+**/
+UINT32
+EFIAPI
+DcfgRead32 (
+ IN UINTN Address
+ )
+{
+ MMIO_OPERATIONS *DcfgOps;
+
+ DcfgOps = GetMmioOperations (FeaturePcdGet (PcdDcfgBigEndian));
+
+ return DcfgOps->Read32 (Address);
+}
+
+/**
+ Write Dcfg register
+
+ @param Address The MMIO register to write.
+ @param Value The value to write to the MMIO register.
+
+ @return Value.
+**/
+UINT32
+EFIAPI
+DcfgWrite32 (
+ IN UINTN Address,
+ IN UINT32 Value
+ )
+{
+ MMIO_OPERATIONS *DcfgOps;
+
+ DcfgOps = GetMmioOperations (FeaturePcdGet (PcdDcfgBigEndian));
+
+ return DcfgOps->Write32 (Address, Value);
+}
+
+/**
+ Function to initialize Chassis Specific functions
+ **/
+VOID
+ChassisInit (
+ VOID
+ )
+{
+ //
+ // Early init serial Port to get board information.
+ //
+ SerialPortInitialize ();
+}
--
2.17.1


[PATCH edk2-platforms 4/8] Silicon/NXP: Implement PL011UartClockLib for NXP platforms

Pankaj Bansal
 

From: Pankaj Bansal <pankaj.bansal@...>

In NXP SOCs the UART clock is derived from System clock after PLL
multiplication. Therefore, add the PL011UartClockLib implementation
for NXP platforms.

Signed-off-by: Pankaj Bansal <pankaj.bansal@...>
---
Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.inf | 24 ++++++++++++++++++++
Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.c | 22 ++++++++++++++++++
2 files changed, 46 insertions(+)

diff --git a/Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.inf b/Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.inf
new file mode 100644
index 000000000000..b771dba7697f
--- /dev/null
+++ b/Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.inf
@@ -0,0 +1,24 @@
+#/* @file
+# Copyright 2018, 2020 NXP
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#*/
+
+[Defines]
+ INF_VERSION = 0x0001001A
+ BASE_NAME = PL011UartClockLib
+ FILE_GUID = af8fef24-afbb-472a-b8b7-13101a79703c
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = PL011UartClockLib
+
+[Packages]
+ MdePkg/MdePkg.dec
+ Silicon/NXP/NxpQoriqLs.dec
+
+[Sources.common]
+ PL011UartClockLib.c
+
+[LibraryClasses]
+ ArmPlatformLib
diff --git a/Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.c b/Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.c
new file mode 100644
index 000000000000..3814685585eb
--- /dev/null
+++ b/Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.c
@@ -0,0 +1,22 @@
+/** @file
+*
+* Copyright 2018, 2020 NXP
+*
+* SPDX-License-Identifier: BSD-2-Clause-Patent
+*
+**/
+
+#include <Base.h>
+#include <Ppi/NxpPlatformGetClock.h>
+
+/**
+ Return clock in for PL011 Uart IP
+**/
+UINT32
+EFIAPI
+PL011UartClockGetFreq (
+ VOID
+ )
+{
+ return gPlatformGetClockPpi.PlatformGetClock (NXP_UART_CLOCK, 0);
+}
--
2.17.1


[PATCH edk2-platforms 3/8] Silicon/NXP: Use edk2 recommended compilation flags

Pankaj Bansal
 

From: Pankaj Bansal <pankaj.bansal@...>

edk2 recommends to use MDEPKG_NDEBUG for release builds and to use
DISABLE_NEW_DEPRECATED_INTERFACES for all new platforms.

Therefore, enable these flags for NXP platforms as well

Signed-off-by: Pankaj Bansal <pankaj.bansal@...>
---
Silicon/NXP/NxpQoriqLs.dsc.inc | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Silicon/NXP/NxpQoriqLs.dsc.inc b/Silicon/NXP/NxpQoriqLs.dsc.inc
index 12e2b89fac58..ee639d552483 100644
--- a/Silicon/NXP/NxpQoriqLs.dsc.inc
+++ b/Silicon/NXP/NxpQoriqLs.dsc.inc
@@ -173,7 +173,12 @@
NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf

[BuildOptions]
- RVCT:*_*_ARM_PLATFORM_FLAGS == --cpu cortex-a9
+ GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG
+
+ #
+ # Disable deprecated APIs.
+ #
+ GCC:*_*_*_CC_FLAGS = -DDISABLE_NEW_DEPRECATED_INTERFACES

[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000
--
2.17.1


[PATCH edk2-platforms 2/8] Platform/NXP: Use Monotonic counter from MdeModulePkg

Pankaj Bansal
 

From: Pankaj Bansal <pankaj.bansal@...>

Monotonic counter module from EmbeddedPkg doesn't treat the
high 32 bit as non volatile, which is needed as per spec.

Therefore, use Monotonic counter module from MdeModulePkg

Signed-off-by: Pankaj Bansal <pankaj.bansal@...>
---
Silicon/NXP/NxpQoriqLs.dsc.inc | 2 +-
Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Silicon/NXP/NxpQoriqLs.dsc.inc b/Silicon/NXP/NxpQoriqLs.dsc.inc
index 54236e19531c..12e2b89fac58 100644
--- a/Silicon/NXP/NxpQoriqLs.dsc.inc
+++ b/Silicon/NXP/NxpQoriqLs.dsc.inc
@@ -337,7 +337,7 @@
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
- EmbeddedPkg/EmbeddedMonotonicCounter/EmbeddedMonotonicCounter.inf
+ MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf

# FDT installation
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
diff --git a/Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf b/Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf
index fede51ced10e..49d8885477c7 100644
--- a/Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf
+++ b/Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf
@@ -98,7 +98,7 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
- INF EmbeddedPkg/EmbeddedMonotonicCounter/EmbeddedMonotonicCounter.inf
+ INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf

--
2.17.1


[PATCH edk2-platforms 1/8] Silicon/NXP: Use Metronome implementation from MdeModulePkg

Pankaj Bansal
 

From: Pankaj Bansal <pankaj.bansal@...>

There are two implementations of Metronome protocol.

EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
MdeModulePkg/Universal/Metronome/Metronome.inf

Although nowhere it has been specified, which one to use, but we are
going by the general practice of preferring MdeModulePkg/MdePkg over
EmbeddedPkg.

Signed-off-by: Pankaj Bansal <pankaj.bansal@...>
---
Silicon/NXP/NxpQoriqLs.dsc.inc | 4 +---
Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf | 2 +-
2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/Silicon/NXP/NxpQoriqLs.dsc.inc b/Silicon/NXP/NxpQoriqLs.dsc.inc
index 03759c7cee7c..54236e19531c 100644
--- a/Silicon/NXP/NxpQoriqLs.dsc.inc
+++ b/Silicon/NXP/NxpQoriqLs.dsc.inc
@@ -218,8 +218,6 @@
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|10

[PcdsFixedAtBuild.common]
- gEmbeddedTokenSpaceGuid.PcdMetronomeTickPeriod|1000
- gEmbeddedTokenSpaceGuid.PcdTimerPeriod|10000 # expressed in 100ns units, 100,000 x 100 ns = 10,000,000 ns = 10 ms
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
@@ -348,7 +346,7 @@
MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
- EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
+ MdeModulePkg/Universal/Metronome/Metronome.inf
ArmPkg/Drivers/TimerDxe/TimerDxe.inf
ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
EmbeddedPkg/SimpleTextInOutSerial/SimpleTextInOutSerial.inf
diff --git a/Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf b/Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf
index 931d0bb14f9b..fede51ced10e 100644
--- a/Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf
+++ b/Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf
@@ -115,7 +115,7 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
INF MdeModulePkg/Universal/SerialDxe/SerialDxe.inf

- INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
+ INF MdeModulePkg/Universal/Metronome/Metronome.inf
INF EmbeddedPkg/SimpleTextInOutSerial/SimpleTextInOutSerial.inf

#
--
2.17.1


[PATCH edk2-platforms 0/8] Add LX2160ARDB Platform

Pankaj Bansal
 

From: Pankaj Bansal <pankaj.bansal@...>

LX2160A Reference Design Board (RDB) is a high-performance development
platform that supports the QorIQ LX2160A Layerscape Architecture SOCs.

This Platform is based on Layerscape Chassis3V2.

The code structure is same as Chassis2 and LS1043A SOC and LS1043ARDB
platform.

Pankaj Bansal (8):
Silicon/NXP: Use Metronome implementation from MdeModulePkg
Platform/NXP: Use Monotonic counter from MdeModulePkg
Silicon/NXP: Use edk2 recommended compilation flags
Silicon/NXP: Implement PL011UartClockLib for NXP platforms
Silicon/NXP: Add Chassis3V2 Package
Silicon/NXP: Add LX2160A Soc package
Platform/NXP: Add LX2160ARDB Platform
Platform/NXP/LX2160aRdbPkg: Add VarStore

Platform/NXP/LX2160aRdbPkg/LX2160aRdbPkg.dec | 23 +++
Silicon/NXP/Chassis3V2/Chassis3V2.dec | 22 +++
Silicon/NXP/LX2160A/LX2160A.dec | 13 ++
Silicon/NXP/Chassis3V2/Chassis3V2.dsc.inc | 10 ++
Silicon/NXP/LX2160A/LX2160A.dsc.inc | 50 ++++++
Silicon/NXP/NxpQoriqLs.dsc.inc | 13 +-
Platform/NXP/LX2160aRdbPkg/LX2160aRdbPkg.dsc | 46 ++++++
Platform/NXP/LS1043aRdbPkg/LS1043aRdbPkg.fdf | 4 +-
.../LX2160aRdbPkg.fdf} | 33 ++--
.../Library/ArmPlatformLib/ArmPlatformLib.inf | 41 +++++
.../Library/ChassisLib/ChassisLib.inf | 33 ++++
Silicon/NXP/LX2160A/Library/SocLib/SocLib.inf | 27 ++++
.../PL011UartClockLib/PL011UartClockLib.inf | 24 +++
Silicon/NXP/Chassis3V2/Include/Chassis.h | 26 +++
Silicon/NXP/LX2160A/Include/Soc.h | 38 +++++
.../Library/ArmPlatformLib/ArmPlatformLib.c | 150 ++++++++++++++++++
.../ArmPlatformLib/ArmPlatformLibMem.c | 85 ++++++++++
.../Library/ChassisLib/ChassisLib.c | 71 +++++++++
Silicon/NXP/LX2160A/Library/SocLib/SocLib.c | 80 ++++++++++
.../PL011UartClockLib/PL011UartClockLib.c | 22 +++
.../AArch64/ArmPlatformHelper.S | 45 ++++++
Platform/NXP/LX2160aRdbPkg/VarStore.fdf.inc | 91 +++++++++++
22 files changed, 920 insertions(+), 27 deletions(-)
create mode 100644 Platform/NXP/LX2160aRdbPkg/LX2160aRdbPkg.dec
create mode 100644 Silicon/NXP/Chassis3V2/Chassis3V2.dec
create mode 100644 Silicon/NXP/LX2160A/LX2160A.dec
create mode 100644 Silicon/NXP/Chassis3V2/Chassis3V2.dsc.inc
create mode 100644 Silicon/NXP/LX2160A/LX2160A.dsc.inc
create mode 100644 Platform/NXP/LX2160aRdbPkg/LX2160aRdbPkg.dsc
copy Platform/NXP/{LS1043aRdbPkg/LS1043aRdbPkg.fdf => LX2160aRdbPkg/LX2160aRdbPkg.fdf} (88%)
create mode 100644 Platform/NXP/LX2160aRdbPkg/Library/ArmPlatformLib/ArmPlatformLib.inf
create mode 100644 Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.inf
create mode 100644 Silicon/NXP/LX2160A/Library/SocLib/SocLib.inf
create mode 100644 Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.inf
create mode 100644 Silicon/NXP/Chassis3V2/Include/Chassis.h
create mode 100644 Silicon/NXP/LX2160A/Include/Soc.h
create mode 100644 Platform/NXP/LX2160aRdbPkg/Library/ArmPlatformLib/ArmPlatformLib.c
create mode 100644 Platform/NXP/LX2160aRdbPkg/Library/ArmPlatformLib/ArmPlatformLibMem.c
create mode 100644 Silicon/NXP/Chassis3V2/Library/ChassisLib/ChassisLib.c
create mode 100644 Silicon/NXP/LX2160A/Library/SocLib/SocLib.c
create mode 100644 Silicon/NXP/Library/PL011UartClockLib/PL011UartClockLib.c
create mode 100644 Platform/NXP/LX2160aRdbPkg/Library/ArmPlatformLib/AArch64/ArmPlatformHelper.S
create mode 100644 Platform/NXP/LX2160aRdbPkg/VarStore.fdf.inc

--
2.17.1


Re: Official way to build BaseTools - Edk2ToolsBuild.py?

Sean
 

I am not sure what the community wants to do with it. It was created for the CI build so it is tailored to the needs of the CI build but I have no problem with updates.

I agree with your feedback and see no reason either of those would be a problem for the CI use case.

Although not convenient for local builds it does currently output full build log to BaseTools/BaseToolsBuild/BASETOOLS_BUILD.txt.

Thanks
Sean

On 5/19/2020 8:23 PM, Rebecca Cran wrote:
I'm wondering if using BaseTools/Edk2ToolsBuild.py will become the official/standard way users are expected to build BaseTools? If so, there are a few problems that I'd like to see fixed, which I'll see if I can find some time to work on.
For example: on Linux, running it without arguments gives "ValueError: Bad VC" - because it defaults to the VS2017 toolchain.
If you break something in BaseTools and so it fails to build, it prints "Exception: Failed to build." with no further details.
I'd like to improve it so it detects being run on a non-Windows platform and tries to use GCC, Clang etc. - and perhaps also to add a '--verbose' argument that can be used to give a more specific error message when it fails.


[PATCH] IntelFsp2Pkg: Add FunctionParametePtr to FspGlobalData.

Chiu, Chasel
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2726

When FSP switching stack and calling bootloader functions,
the function parameter in stack may not be accessible easily.
We can store the function parameter pointer to FspGlobalData
and retrieve it after stack switched.

Also need to add Loader2PeiSwitchStack () to header file
as public function for platform FSP code to consume.

Cc: Maurice Ma <maurice.ma@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Star Zeng <star.zeng@...>
Signed-off-by: Chasel Chiu <chasel.chiu@...>
---
IntelFsp2Pkg/Include/FspGlobalData.h | 12 ++++++++++--
IntelFsp2Pkg/Include/Library/FspSwitchStackLib.h | 18 +++++++++++++++++-
2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/IntelFsp2Pkg/Include/FspGlobalData.h b/IntelFsp2Pkg/Include/FspGlobalData.h
index 5bde316893..dba9b48e1a 100644
--- a/IntelFsp2Pkg/Include/FspGlobalData.h
+++ b/IntelFsp2Pkg/Include/FspGlobalData.h
@@ -52,12 +52,20 @@ typedef struct {
VOID *MemoryInitUpdPtr;
VOID *SiliconInitUpdPtr;
UINT8 ApiIdx;
- UINT8 FspMode; // 0: FSP in API mode; 1: FSP in DISPATCH mode
+ ///
+ /// 0: FSP in API mode; 1: FSP in DISPATCH mode
+ ///
+ UINT8 FspMode;
UINT8 OnSeparateStack;
UINT8 Reserved3;
UINT32 NumberOfPhases;
UINT32 PhasesExecuted;
- UINT8 Reserved4[20];
+ ///
+ /// To store function parameters pointer
+ /// so it can be retrieved after stack switched.
+ ///
+ VOID *FunctionParameterPtr;
+ UINT8 Reserved4[16];
UINT32 PerfSig;
UINT16 PerfLen;
UINT16 Reserved5;
diff --git a/IntelFsp2Pkg/Include/Library/FspSwitchStackLib.h b/IntelFsp2Pkg/Include/Library/FspSwitchStackLib.h
index 0c76e9f022..bed2a5d677 100644
--- a/IntelFsp2Pkg/Include/Library/FspSwitchStackLib.h
+++ b/IntelFsp2Pkg/Include/Library/FspSwitchStackLib.h
@@ -1,6 +1,6 @@
/** @file

- Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -36,4 +36,20 @@ Pei2LoaderSwitchStack (
VOID
);

+/**
+
+ This function is equilivant to Pei2LoaderSwitchStack () but just indicates
+ the stack after switched is FSP stack.
+
+ @return ReturnKey After switching to the saved stack,
+ this value will be saved in eax before returning.
+
+
+**/
+UINT32
+EFIAPI
+Loader2PeiSwitchStack (
+ VOID
+ );
+
#endif
--
2.13.3.windows.1


Re: [PATCH edk2-test] Maintainers: replace Supreeth with Edhaya as SCT maintainer

Eric Jin
 

-----Original Message-----
From: Ard Biesheuvel <ard.biesheuvel@...>
Sent: Thursday, May 14, 2020 6:12 AM
To: devel@edk2.groups.io
Cc: Samer.El-Haj-Mahmoud@...; Ard Biesheuvel
<ard.biesheuvel@...>; Jin, Eric <eric.jin@...>; G Edhaya
Chandran <Edhaya.Chandran@...>; Andrew Fish <afish@...>;
Laszlo Ersek <lersek@...>; Leif Lindholm <leif@...>;
Kinney, Michael D <michael.d.kinney@...>
Subject: [PATCH edk2-test] Maintainers: replace Supreeth with Edhaya as
SCT maintainer

Supreeth Venkatesh no longer works for ARM, and left before we had the
chance of finding a successor. Edhaya is willing to take over SCT
maintainership so let's make it official.

Cc: Eric Jin <eric.jin@...>
Cc: G Edhaya Chandran <Edhaya.Chandran@...>
Cc: Andrew Fish <afish@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@...>
---
uefi-sct/Maintainers.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/uefi-sct/Maintainers.txt b/uefi-sct/Maintainers.txt index
59f3912e1de2..1ebf03fec65b 100644
--- a/uefi-sct/Maintainers.txt
+++ b/uefi-sct/Maintainers.txt
@@ -39,7 +39,7 @@ UEFI-SCT:
----------------

M: Eric Jin <eric.jin@...>
-M: Supreeth Venkatesh <supreeth.venkatesh@...>
+M: G Edhaya Chandran <Edhaya.Chandran@...>
Reviewed-by: Eric Jin <eric.jin@...>


General questions on UEFI-SCT with the subject [edk2-test] can be sent to
L: edk2-list <edk2-devel@...>
--
2.17.1


Official way to build BaseTools - Edk2ToolsBuild.py?

Rebecca Cran
 

I'm wondering if using BaseTools/Edk2ToolsBuild.py will become the official/standard way users are expected to build BaseTools? If so, there are a few problems that I'd like to see fixed, which I'll see if I can find some time to work on.


For example: on Linux, running it without arguments gives "ValueError: Bad VC" - because it defaults to the VS2017 toolchain.

If you break something in BaseTools and so it fails to build, it prints "Exception: Failed to build." with no further details.


I'd like to improve it so it detects being run on a non-Windows platform and tries to use GCC, Clang etc. - and perhaps also to add a '--verbose' argument that can be used to give a more specific error message when it fails.


--
Rebecca Cran


[Patch v8 2/2] MdePkg/Test/BaseLib: Add SAFE_STRING_CONSTRAINT_CHECK unit test

Michael D Kinney
 

Use the safe string function StrCpyS() in BaseLib to test the
SAFE_STRING_CONSTRAINT_CHECK() macro.

Cc: Andrew Fish <afish@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Cc: Bret Barkelew <bret.barkelew@...>
Cc: Brian J. Johnson <brian.johnson@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Leif Lindholm <leif@...>
Cc: Liming Gao <liming.gao@...>
Cc: Marvin H?user <mhaeuser@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Vincent Zimmer <vincent.zimmer@...>
Cc: Zhichao Gao <zhichao.gao@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Vitaly Cheptsov <vit9696@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>
---
.../UnitTest/Library/BaseLib/Base64UnitTest.c | 85 +++++++++++++++++++
1 file changed, 85 insertions(+)

diff --git a/MdePkg/Test/UnitTest/Library/BaseLib/Base64UnitTest.c b/MdePkg/Test/UnitTest/Library/BaseLib/Base64UnitTest.c
index 8952f9da6c..5aced69e0d 100644
--- a/MdePkg/Test/UnitTest/Library/BaseLib/Base64UnitTest.c
+++ b/MdePkg/Test/UnitTest/Library/BaseLib/Base64UnitTest.c
@@ -290,6 +290,77 @@ RfcDecodeTest(
return UNIT_TEST_PASSED;
}

+#define SOURCE_STRING L"Hello"
+
+STATIC
+UNIT_TEST_STATUS
+EFIAPI
+SafeStringContraintCheckTest (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ RETURN_STATUS Status;
+ CHAR16 Destination[20];
+
+ //
+ // Positive test case copy source unicode string to destination
+ //
+ Status = StrCpyS (Destination, sizeof (Destination) / sizeof (CHAR16), SOURCE_STRING);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_MEM_EQUAL (Destination, SOURCE_STRING, sizeof (SOURCE_STRING));
+
+ //
+ // Positive test case with DestMax the same as Source size
+ //
+ Status = StrCpyS (Destination, sizeof (SOURCE_STRING) / sizeof (CHAR16), SOURCE_STRING);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_MEM_EQUAL (Destination, SOURCE_STRING, sizeof (SOURCE_STRING));
+
+ //
+ // Negative test case with Destination NULL
+ //
+ Status = StrCpyS (NULL, sizeof (Destination) / sizeof (CHAR16), SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_INVALID_PARAMETER);
+
+ //
+ // Negative test case with Source NULL
+ //
+ Status = StrCpyS (Destination, sizeof (Destination) / sizeof (CHAR16), NULL);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_INVALID_PARAMETER);
+
+ //
+ // Negative test case with DestMax too big
+ //
+ Status = StrCpyS (Destination, MAX_UINTN, SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_INVALID_PARAMETER);
+
+ //
+ // Negative test case with DestMax 0
+ //
+ Status = StrCpyS (Destination, 0, SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_INVALID_PARAMETER);
+
+ //
+ // Negative test case with DestMax smaller than Source size
+ //
+ Status = StrCpyS (Destination, 1, SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // Negative test case with DestMax smaller than Source size by one character
+ //
+ Status = StrCpyS (Destination, sizeof (SOURCE_STRING) / sizeof (CHAR16) - 1, SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // Negative test case with DestMax smaller than Source size
+ //
+ Status = StrCpyS (Destination, sizeof (Destination) / sizeof (CHAR16), Destination);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_ACCESS_DENIED);
+
+ return UNIT_TEST_PASSED;
+}
+
/**
Initialze the unit test framework, suite, and unit tests for the
Base64 conversion APIs of BaseLib and run the unit tests.
@@ -309,6 +380,7 @@ UnitTestingEntry (
UNIT_TEST_FRAMEWORK_HANDLE Fw;
UNIT_TEST_SUITE_HANDLE b64EncodeTests;
UNIT_TEST_SUITE_HANDLE b64DecodeTests;
+ UNIT_TEST_SUITE_HANDLE SafeStringTests;

Fw = NULL;

@@ -367,6 +439,19 @@ UnitTestingEntry (
AddTestCase (b64DecodeTests, "Incorrectly placed padding character", "Error4", RfcDecodeTest, NULL, CleanUpB64TestContext, &mBasicDecodeError4);
AddTestCase (b64DecodeTests, "Too small of output buffer", "Error5", RfcDecodeTest, NULL, CleanUpB64TestContext, &mBasicDecodeError5);

+ //
+ // Populate the safe string Unit Test Suite.
+ //
+ Status = CreateUnitTestSuite (&SafeStringTests, Fw, "Safe String", "BaseLib.SafeString", NULL, NULL);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SafeStringTests\n"));
+ Status = EFI_OUT_OF_RESOURCES;
+ goto EXIT;
+ }
+
+ // --------------Suite-----------Description--------------Class Name----------Function--------Pre---Post-------------------Context-----------
+ AddTestCase (SafeStringTests, "SAFE_STRING_CONSTRAINT_CHECK", "SafeStringContraintCheckTest", SafeStringContraintCheckTest, NULL, NULL, NULL);
+
//
// Execute the tests.
//
--
2.21.0.windows.1


[Patch v8 1/2] MdePkg: Fix SafeString performing assertions on runtime checks

Michael D Kinney
 

From: Vitaly Cheptsov <vit9696@...>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054

Runtime checks returned via status return code should not work as
assertions to permit parsing not trusted data with SafeString
interfaces. Replace ASSERT() with a DEBUG_VERBOSE message.

Cc: Andrew Fish <afish@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Cc: Bret Barkelew <bret.barkelew@...>
Cc: Brian J. Johnson <brian.johnson@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Leif Lindholm <leif@...>
Cc: Liming Gao <liming.gao@...>
Cc: Marvin H?user <mhaeuser@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Vincent Zimmer <vincent.zimmer@...>
Cc: Zhichao Gao <zhichao.gao@...>
Cc: Jiewen Yao <jiewen.yao@...>
Signed-off-by: Vitaly Cheptsov <vit9696@...>
---
MdePkg/Include/Library/BaseLib.h | 111 ---------------------------
MdePkg/Library/BaseLib/SafeString.c | 115 +---------------------------
2 files changed, 3 insertions(+), 223 deletions(-)

diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index b0bbe8cef8..8e7b87cbda 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -216,7 +216,6 @@ StrnSizeS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -252,7 +251,6 @@ StrCpyS (

If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -290,7 +288,6 @@ StrnCpyS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -330,7 +327,6 @@ StrCatS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -377,12 +373,7 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -433,12 +424,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -494,12 +480,7 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -555,12 +536,7 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -649,8 +625,6 @@ AsciiStrnSizeS (

This function is similar as strcpy_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -683,8 +657,6 @@ AsciiStrCpyS (

This function is similar as strncpy_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -719,8 +691,6 @@ AsciiStrnCpyS (

This function is similar as strcat_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -757,8 +727,6 @@ AsciiStrCatS (

This function is similar as strncat_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -804,12 +772,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -859,12 +821,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -918,12 +874,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -977,12 +927,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -1533,16 +1477,8 @@ StrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().

- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1594,16 +1530,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().

- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1667,8 +1595,6 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]

- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().

@param String Pointer to a Null-terminated Unicode string.
@@ -1703,17 +1629,6 @@ StrToGuid (

If String is not aligned in a 16-bit boundary, then ASSERT().

- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumUnicodeStringLength is not zero and Length is greater than
- PcdMaximumUnicodeStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -1804,7 +1719,6 @@ UnicodeStrToAsciiStr (
the upper 8 bits, then ASSERT().

If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -1851,7 +1765,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -2415,10 +2328,6 @@ AsciiStrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -2470,10 +2379,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -2535,9 +2440,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]

- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.

@@ -2568,17 +2470,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.

- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumAsciiStringLength is not zero and Length is greater than
- PcdMaximumAsciiStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -2659,7 +2550,6 @@ AsciiStrToUnicodeStr (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.

If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -2705,7 +2595,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.

If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then Destination and DestinationLength are
unmodified.
diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7dc03d2caa..3bb23ca1a1 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -14,8 +14,10 @@

#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
do { \
- ASSERT (Expression); \
if (!(Expression)) { \
+ DEBUG ((DEBUG_VERBOSE, \
+ "%a(%d) %a: SAFE_STRING_CONSTRAINT_CHECK(%a) failed. Return %r\n", \
+ __FILE__, __LINE__, __FUNCTION__, #Expression, Status)); \
return Status; \
} \
} while (FALSE)
@@ -197,7 +199,6 @@ StrnSizeS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -279,7 +280,6 @@ StrCpyS (

If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -372,7 +372,6 @@ StrnCpyS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -473,7 +472,6 @@ StrCatS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -590,12 +588,7 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -705,12 +698,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -825,12 +813,7 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -956,12 +939,7 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -1091,16 +1069,8 @@ StrHexToUint64S (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().

- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1317,16 +1287,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().

- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1482,8 +1444,6 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]

- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().

@param String Pointer to a Null-terminated Unicode string.
@@ -1589,17 +1549,6 @@ StrToGuid (

If String is not aligned in a 16-bit boundary, then ASSERT().

- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumUnicodeStringLength is not zero and Length is greater than
- PcdMaximumUnicodeStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -1779,8 +1728,6 @@ AsciiStrnSizeS (

This function is similar as strcpy_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -1856,8 +1803,6 @@ AsciiStrCpyS (

This function is similar as strncpy_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -1944,8 +1889,6 @@ AsciiStrnCpyS (

This function is similar as strcat_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -2040,8 +1983,6 @@ AsciiStrCatS (

This function is similar as strncat_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -2154,12 +2095,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -2266,12 +2201,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -2382,12 +2311,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -2509,12 +2432,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -2635,7 +2552,6 @@ AsciiStrHexToUint64S (
the upper 8 bits, then ASSERT().

If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -2735,7 +2651,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then Destination and DestinationLength are
unmodified.
@@ -2855,7 +2770,6 @@ UnicodeStrnToAsciiStrS (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.

If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -2948,7 +2862,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.

If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then Destination and DestinationLength are
unmodified.
@@ -3072,10 +2985,6 @@ AsciiStrnToUnicodeStrS (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -3291,10 +3200,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -3448,9 +3353,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]

- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.

@@ -3550,17 +3452,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.

- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumAsciiStringLength is not zero and Length is greater than
- PcdMaximumAsciiStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@param Buffer Pointer to the converted bytes array.
--
2.21.0.windows.1


[Patch v8 0/2] Disable safe string constraint assertions

Michael D Kinney
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054

V8 Add DEBUG_VERBOSE message and unit test
V7 addressed review comments (only documentation changes).

Current implementation of SafeString does not let one parse untrusted
data with its interfaces as they ASSERT on failing runtime checks and
require one to effectively reimplement the function on the caller side.

All the former proposals made it clear that the attempts to introduce
a solution preserving this behavior require a lot of changes
throughout the codebase including platform code (e.g. introducing
constraint assertions and updating all DebugLib implementations)
or require all sorts of hacks.

Since the original code has roughly no benefit except in some very
special cases and the effort required to preserve it is very high,
I propose to remove it as agreed on with several other parties.

Please note, that this patch does not change the behaviour of the
functions in RELEASE builds. I.e. they will still check for NULL
and return RETURN_INVALID_PARAMETER. In the future we may (or may
not) want them to simply ASSERT in this case. Regardless this should
be done in a separate BZ entry and a separate commit. For this reason
I ask everyone not to touch this subject.

Due to the amount of discussion this has already undergone after
almost a year I kindly request everyone to reduce the communication
to the minimum and abstain from proposing another approach.

Requesting to merge this into edk2-stable202005.

Cc: Andrew Fish afish@...
Cc: Ard Biesheuvel ard.biesheuvel@...
Cc: Bret Barkelew bret.barkelew@...
Cc: Brian J. Johnson brian.johnson@...
Cc: Chasel Chiu chasel.chiu@...
Cc: Jordan Justen jordan.l.justen@...
Cc: Laszlo Ersek lersek@...
Cc: Leif Lindholm leif@...
Cc: Liming Gao liming.gao@...
Cc: Marvin Häuser mhaeuser@...
Cc: Michael D Kinney michael.d.kinney@...
Cc: Vincent Zimmer vincent.zimmer@...
Cc: Zhichao Gao zhichao.gao@...
Cc: Jiewen Yao jiewen.yao@...
Signed-off-by: Vitaly Cheptsov vit9696@...

Michael D Kinney (1):
MdePkg/Test/BaseLib: Add SAFE_STRING_CONSTRAINT_CHECK unit test

Vitaly Cheptsov (1):
MdePkg: Fix SafeString performing assertions on runtime checks

MdePkg/Include/Library/BaseLib.h | 111 -----------------
MdePkg/Library/BaseLib/SafeString.c | 115 +-----------------
.../UnitTest/Library/BaseLib/Base64UnitTest.c | 85 +++++++++++++
3 files changed, 88 insertions(+), 223 deletions(-)

--
2.21.0.windows.1


Re: [PATCH v2] NetworkPkg/DxeNetLib: Change the order of conditions in IF statement

Zhang, Shenglei
 

Hi,

For this patch, I'd like to catch this stable tag.

Thanks,
Shenglei

-----Original Message-----
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
Zhang, Shenglei
Sent: Wednesday, May 20, 2020 11:09 AM
To: devel@edk2.groups.io
Cc: Maciej Rabeda <maciej.rabeda@...>; Fu, Siyuan
<siyuan.fu@...>; Wu, Jiaxin <jiaxin.wu@...>
Subject: [edk2-devel] [PATCH v2] NetworkPkg/DxeNetLib: Change the order
of conditions in IF statement

The condition, NET_HEADSPACE(&(Nbuf->BlockOp[Index])) < Len, is
meaningless if Index = 0. So checking 'Index != 0' should be
performed first in the if statement.

Cc: Maciej Rabeda <maciej.rabeda@...>
Cc: Siyuan Fu <siyuan.fu@...>
Cc: Jiaxin Wu <jiaxin.wu@...>
Signed-off-by: Shenglei Zhang <shenglei.zhang@...>
---

v2: Update 'Index > 0' to 'Index != 0'

NetworkPkg/Library/DxeNetLib/NetBuffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NetworkPkg/Library/DxeNetLib/NetBuffer.c
b/NetworkPkg/Library/DxeNetLib/NetBuffer.c
index a232802c9a21..329a17623d94 100644
--- a/NetworkPkg/Library/DxeNetLib/NetBuffer.c
+++ b/NetworkPkg/Library/DxeNetLib/NetBuffer.c
@@ -1063,7 +1063,7 @@ NetbufAllocSpace (
} else {
NetbufGetByte (Nbuf, 0, &Index);

- if ((NET_HEADSPACE(&(Nbuf->BlockOp[Index])) < Len) && (Index > 0)) {
+ if ((Index != 0) && (NET_HEADSPACE(&(Nbuf->BlockOp[Index])) < Len))
{
Index--;
}
}
--
2.18.0.windows.1



[PATCH v2] NetworkPkg/DxeNetLib: Change the order of conditions in IF statement

Zhang, Shenglei
 

The condition, NET_HEADSPACE(&(Nbuf->BlockOp[Index])) < Len, is
meaningless if Index = 0. So checking 'Index != 0' should be
performed first in the if statement.

Cc: Maciej Rabeda <maciej.rabeda@...>
Cc: Siyuan Fu <siyuan.fu@...>
Cc: Jiaxin Wu <jiaxin.wu@...>
Signed-off-by: Shenglei Zhang <shenglei.zhang@...>
---

v2: Update 'Index > 0' to 'Index != 0'

NetworkPkg/Library/DxeNetLib/NetBuffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NetworkPkg/Library/DxeNetLib/NetBuffer.c b/NetworkPkg/Library/DxeNetLib/NetBuffer.c
index a232802c9a21..329a17623d94 100644
--- a/NetworkPkg/Library/DxeNetLib/NetBuffer.c
+++ b/NetworkPkg/Library/DxeNetLib/NetBuffer.c
@@ -1063,7 +1063,7 @@ NetbufAllocSpace (
} else {
NetbufGetByte (Nbuf, 0, &Index);

- if ((NET_HEADSPACE(&(Nbuf->BlockOp[Index])) < Len) && (Index > 0)) {
+ if ((Index != 0) && (NET_HEADSPACE(&(Nbuf->BlockOp[Index])) < Len)) {
Index--;
}
}
--
2.18.0.windows.1


[Patch v8 2/2] MdePkg/Test/BaseLib: Add SAFE_STRING_CONSTRAINT_CHECK unit test

Michael D Kinney
 

Use the safe string function StrCpyS() in BaseLib to test the
SAFE_STRING_CONSTRAINT_CHECK() macro.

Cc: Andrew Fish <afish@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Cc: Bret Barkelew <bret.barkelew@...>
Cc: Brian J. Johnson <brian.johnson@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Leif Lindholm <leif@...>
Cc: Liming Gao <liming.gao@...>
Cc: Marvin H?user <mhaeuser@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Vincent Zimmer <vincent.zimmer@...>
Cc: Zhichao Gao <zhichao.gao@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Vitaly Cheptsov <vit9696@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>
---
.../UnitTest/Library/BaseLib/Base64UnitTest.c | 85 +++++++++++++++++++
1 file changed, 85 insertions(+)

diff --git a/MdePkg/Test/UnitTest/Library/BaseLib/Base64UnitTest.c b/MdePkg/Test/UnitTest/Library/BaseLib/Base64UnitTest.c
index 8952f9da6c..5aced69e0d 100644
--- a/MdePkg/Test/UnitTest/Library/BaseLib/Base64UnitTest.c
+++ b/MdePkg/Test/UnitTest/Library/BaseLib/Base64UnitTest.c
@@ -290,6 +290,77 @@ RfcDecodeTest(
return UNIT_TEST_PASSED;
}

+#define SOURCE_STRING L"Hello"
+
+STATIC
+UNIT_TEST_STATUS
+EFIAPI
+SafeStringContraintCheckTest (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ RETURN_STATUS Status;
+ CHAR16 Destination[20];
+
+ //
+ // Positive test case copy source unicode string to destination
+ //
+ Status = StrCpyS (Destination, sizeof (Destination) / sizeof (CHAR16), SOURCE_STRING);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_MEM_EQUAL (Destination, SOURCE_STRING, sizeof (SOURCE_STRING));
+
+ //
+ // Positive test case with DestMax the same as Source size
+ //
+ Status = StrCpyS (Destination, sizeof (SOURCE_STRING) / sizeof (CHAR16), SOURCE_STRING);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_MEM_EQUAL (Destination, SOURCE_STRING, sizeof (SOURCE_STRING));
+
+ //
+ // Negative test case with Destination NULL
+ //
+ Status = StrCpyS (NULL, sizeof (Destination) / sizeof (CHAR16), SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_INVALID_PARAMETER);
+
+ //
+ // Negative test case with Source NULL
+ //
+ Status = StrCpyS (Destination, sizeof (Destination) / sizeof (CHAR16), NULL);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_INVALID_PARAMETER);
+
+ //
+ // Negative test case with DestMax too big
+ //
+ Status = StrCpyS (Destination, MAX_UINTN, SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_INVALID_PARAMETER);
+
+ //
+ // Negative test case with DestMax 0
+ //
+ Status = StrCpyS (Destination, 0, SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_INVALID_PARAMETER);
+
+ //
+ // Negative test case with DestMax smaller than Source size
+ //
+ Status = StrCpyS (Destination, 1, SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // Negative test case with DestMax smaller than Source size by one character
+ //
+ Status = StrCpyS (Destination, sizeof (SOURCE_STRING) / sizeof (CHAR16) - 1, SOURCE_STRING);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // Negative test case with DestMax smaller than Source size
+ //
+ Status = StrCpyS (Destination, sizeof (Destination) / sizeof (CHAR16), Destination);
+ UT_ASSERT_STATUS_EQUAL (Status, RETURN_ACCESS_DENIED);
+
+ return UNIT_TEST_PASSED;
+}
+
/**
Initialze the unit test framework, suite, and unit tests for the
Base64 conversion APIs of BaseLib and run the unit tests.
@@ -309,6 +380,7 @@ UnitTestingEntry (
UNIT_TEST_FRAMEWORK_HANDLE Fw;
UNIT_TEST_SUITE_HANDLE b64EncodeTests;
UNIT_TEST_SUITE_HANDLE b64DecodeTests;
+ UNIT_TEST_SUITE_HANDLE SafeStringTests;

Fw = NULL;

@@ -367,6 +439,19 @@ UnitTestingEntry (
AddTestCase (b64DecodeTests, "Incorrectly placed padding character", "Error4", RfcDecodeTest, NULL, CleanUpB64TestContext, &mBasicDecodeError4);
AddTestCase (b64DecodeTests, "Too small of output buffer", "Error5", RfcDecodeTest, NULL, CleanUpB64TestContext, &mBasicDecodeError5);

+ //
+ // Populate the safe string Unit Test Suite.
+ //
+ Status = CreateUnitTestSuite (&SafeStringTests, Fw, "Safe String", "BaseLib.SafeString", NULL, NULL);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SafeStringTests\n"));
+ Status = EFI_OUT_OF_RESOURCES;
+ goto EXIT;
+ }
+
+ // --------------Suite-----------Description--------------Class Name----------Function--------Pre---Post-------------------Context-----------
+ AddTestCase (SafeStringTests, "SAFE_STRING_CONSTRAINT_CHECK", "SafeStringContraintCheckTest", SafeStringContraintCheckTest, NULL, NULL, NULL);
+
//
// Execute the tests.
//
--
2.21.0.windows.1


[Patch v8 1/2] MdePkg: Fix SafeString performing assertions on runtime checks

Michael D Kinney
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054

Runtime checks returned via status return code should not work as
assertions to permit parsing not trusted data with SafeString
interfaces. Replace ASSERT() with a DEBUG_VERBOSE message.

Cc: Andrew Fish <afish@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Cc: Bret Barkelew <bret.barkelew@...>
Cc: Brian J. Johnson <brian.johnson@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Leif Lindholm <leif@...>
Cc: Liming Gao <liming.gao@...>
Cc: Marvin H?user <mhaeuser@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Vincent Zimmer <vincent.zimmer@...>
Cc: Zhichao Gao <zhichao.gao@...>
Cc: Jiewen Yao <jiewen.yao@...>
Signed-off-by: Vitaly Cheptsov <vit9696@...>
---
MdePkg/Include/Library/BaseLib.h | 111 ---------------------------
MdePkg/Library/BaseLib/SafeString.c | 115 +---------------------------
2 files changed, 3 insertions(+), 223 deletions(-)

diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index b0bbe8cef8..8e7b87cbda 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -216,7 +216,6 @@ StrnSizeS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -252,7 +251,6 @@ StrCpyS (

If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -290,7 +288,6 @@ StrnCpyS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -330,7 +327,6 @@ StrCatS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -377,12 +373,7 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -433,12 +424,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -494,12 +480,7 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -555,12 +536,7 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -649,8 +625,6 @@ AsciiStrnSizeS (

This function is similar as strcpy_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -683,8 +657,6 @@ AsciiStrCpyS (

This function is similar as strncpy_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -719,8 +691,6 @@ AsciiStrnCpyS (

This function is similar as strcat_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -757,8 +727,6 @@ AsciiStrCatS (

This function is similar as strncat_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -804,12 +772,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -859,12 +821,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -918,12 +874,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -977,12 +927,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -1533,16 +1477,8 @@ StrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().

- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1594,16 +1530,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().

- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1667,8 +1595,6 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]

- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().

@param String Pointer to a Null-terminated Unicode string.
@@ -1703,17 +1629,6 @@ StrToGuid (

If String is not aligned in a 16-bit boundary, then ASSERT().

- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumUnicodeStringLength is not zero and Length is greater than
- PcdMaximumUnicodeStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -1804,7 +1719,6 @@ UnicodeStrToAsciiStr (
the upper 8 bits, then ASSERT().

If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -1851,7 +1765,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -2415,10 +2328,6 @@ AsciiStrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -2470,10 +2379,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -2535,9 +2440,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]

- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.

@@ -2568,17 +2470,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.

- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumAsciiStringLength is not zero and Length is greater than
- PcdMaximumAsciiStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -2659,7 +2550,6 @@ AsciiStrToUnicodeStr (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.

If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -2705,7 +2595,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.

If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then Destination and DestinationLength are
unmodified.
diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7dc03d2caa..3bb23ca1a1 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -14,8 +14,10 @@

#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
do { \
- ASSERT (Expression); \
if (!(Expression)) { \
+ DEBUG ((DEBUG_VERBOSE, \
+ "%a(%d) %a: SAFE_STRING_CONSTRAINT_CHECK(%a) failed. Return %r\n", \
+ __FILE__, __LINE__, __FUNCTION__, #Expression, Status)); \
return Status; \
} \
} while (FALSE)
@@ -197,7 +199,6 @@ StrnSizeS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -279,7 +280,6 @@ StrCpyS (

If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -372,7 +372,6 @@ StrnCpyS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -473,7 +472,6 @@ StrCatS (

If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -590,12 +588,7 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -705,12 +698,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -825,12 +813,7 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -956,12 +939,7 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().

If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -1091,16 +1069,8 @@ StrHexToUint64S (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().

- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1317,16 +1287,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().

- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1482,8 +1444,6 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]

- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().

@param String Pointer to a Null-terminated Unicode string.
@@ -1589,17 +1549,6 @@ StrToGuid (

If String is not aligned in a 16-bit boundary, then ASSERT().

- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumUnicodeStringLength is not zero and Length is greater than
- PcdMaximumUnicodeStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -1779,8 +1728,6 @@ AsciiStrnSizeS (

This function is similar as strcpy_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -1856,8 +1803,6 @@ AsciiStrCpyS (

This function is similar as strncpy_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -1944,8 +1889,6 @@ AsciiStrnCpyS (

This function is similar as strcat_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -2040,8 +1983,6 @@ AsciiStrCatS (

This function is similar as strncat_s defined in C11.

- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.

@param Destination A pointer to a Null-terminated Ascii string.
@@ -2154,12 +2095,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -2266,12 +2201,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -2382,12 +2311,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -2509,12 +2432,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.

- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -2635,7 +2552,6 @@ AsciiStrHexToUint64S (
the upper 8 bits, then ASSERT().

If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -2735,7 +2651,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then Destination and DestinationLength are
unmodified.
@@ -2855,7 +2770,6 @@ UnicodeStrnToAsciiStrS (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.

If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then the Destination is unmodified.

@@ -2948,7 +2862,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.

If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().

If an error is returned, then Destination and DestinationLength are
unmodified.
@@ -3072,10 +2985,6 @@ AsciiStrnToUnicodeStrS (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -3291,10 +3200,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.

- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -3448,9 +3353,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]

- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.

@@ -3550,17 +3452,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.

- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumAsciiStringLength is not zero and Length is greater than
- PcdMaximumAsciiStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@param Buffer Pointer to the converted bytes array.
--
2.21.0.windows.1


[Patch v8 0/2] Disable safe string constraint assertions

Michael D Kinney
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054

V8 Add DEBUG_VERBOSE message and unit test
V7 addressed review comments (only documentation changes).

Current implementation of SafeString does not let one parse untrusted
data with its interfaces as they ASSERT on failing runtime checks and
require one to effectively reimplement the function on the caller side.

All the former proposals made it clear that the attempts to introduce
a solution preserving this behavior require a lot of changes
throughout the codebase including platform code (e.g. introducing
constraint assertions and updating all DebugLib implementations)
or require all sorts of hacks.

Since the original code has roughly no benefit except in some very
special cases and the effort required to preserve it is very high,
I propose to remove it as agreed on with several other parties.

Please note, that this patch does not change the behaviour of the
functions in RELEASE builds. I.e. they will still check for NULL
and return RETURN_INVALID_PARAMETER. In the future we may (or may
not) want them to simply ASSERT in this case. Regardless this should
be done in a separate BZ entry and a separate commit. For this reason
I ask everyone not to touch this subject.

Due to the amount of discussion this has already undergone after
almost a year I kindly request everyone to reduce the communication
to the minimum and abstain from proposing another approach.

Requesting to merge this into edk2-stable202005.

Cc: Andrew Fish afish@...
Cc: Ard Biesheuvel ard.biesheuvel@...
Cc: Bret Barkelew bret.barkelew@...
Cc: Brian J. Johnson brian.johnson@...
Cc: Chasel Chiu chasel.chiu@...
Cc: Jordan Justen jordan.l.justen@...
Cc: Laszlo Ersek lersek@...
Cc: Leif Lindholm leif@...
Cc: Liming Gao liming.gao@...
Cc: Marvin Häuser mhaeuser@...
Cc: Michael D Kinney michael.d.kinney@...
Cc: Vincent Zimmer vincent.zimmer@...
Cc: Zhichao Gao zhichao.gao@...
Cc: Jiewen Yao jiewen.yao@...
Signed-off-by: Vitaly Cheptsov vit9696@...

Michael D Kinney (2):
MdePkg: Fix SafeString performing assertions on runtime checks
MdePkg/Test/BaseLib: Add SAFE_STRING_CONSTRAINT_CHECK unit test

MdePkg/Include/Library/BaseLib.h | 111 -----------------
MdePkg/Library/BaseLib/SafeString.c | 115 +-----------------
.../UnitTest/Library/BaseLib/Base64UnitTest.c | 85 +++++++++++++
3 files changed, 88 insertions(+), 223 deletions(-)

--
2.21.0.windows.1


Re: [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks

Michael D Kinney
 

Hi Vitaly,

I think this should work. ASSERT() removed. DEBUG_VERBOSE message added.

#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
do { \
if (!(Expression)) { \
DEBUG ((DEBUG_VERBOSE, "SAFE_STRING_CONSTRAINT_CHECK(%a) failed. Return %r\n", #Expression, Status)); \
return Status; \
} \
} while (FALSE)

I have made this change in the following PR to run the all the CI checks
and also added a unit test to verify the ASSERT() has been replaced with
a DEBUG_VERBOSE message. I made some minor updates to the commit
messages to pass PatchCheck.py.

https://github.com/tianocore/edk2/pull/632


This is a portion of the CI build log that shows the host based unit
test running and generates the DEBUG_VERBOSE messages for the negative
test cases sent to StrCpyS().

INFO - ---------------------------------------------------------
INFO - RUNNING TEST SUITE: Safe String
INFO - ---------------------------------------------------------
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(236) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((Destination != NULL)) failed. Return Invalid Parameter
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(237) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((Source != NULL)) failed. Return Invalid Parameter
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(243) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((DestMax <= RSIZE_MAX)) failed. Return Invalid Parameter
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(249) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((DestMax != 0)) failed. Return Invalid Parameter
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(255) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((DestMax > SourceLen)) failed. Return Buffer Too Small
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(255) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((DestMax > SourceLen)) failed. Return Buffer Too Small
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(260) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK(InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1)) failed. Return Access Denied
INFO - ------------------------------------------------
INFO - --------------Cmd Output Finished---------------

I will send the updated V8 series email patches for review shortly.

Best regards,

Mike

-----Original Message-----
From: Vitaly Cheptsov <cheptsov@...>
Sent: Monday, May 18, 2020 11:08 AM
To: Kinney, Michael D <michael.d.kinney@...>
Cc: devel@edk2.groups.io; Andrew Fish
<afish@...>; Ard Biesheuvel
<ard.biesheuvel@...>; Bret Barkelew
<bret.barkelew@...>; Brian J . Johnson
<brian.johnson@...>; Chiu, Chasel
<chasel.chiu@...>; Justen, Jordan L
<jordan.l.justen@...>; Laszlo Ersek
<lersek@...>; Leif Lindholm <leif@...>;
Gao, Liming <liming.gao@...>; Marvin Häuser
<mhaeuser@...>; Zimmer, Vincent
<vincent.zimmer@...>; Gao, Zhichao
<zhichao.gao@...>
Subject: Re: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix
SafeString performing assertions on runtime checks

Mike,

Your suggestion sounds ok to me. As long as it is
verbose I will not mind its addition. However, I do not
have a good idea of how can it look like. If you post
something I can include it.

Thanks,
Vitaly

18 мая 2020 г., в 20:04, Kinney, Michael D
<michael.d.kinney@...> написал(а):

Vitaly,

Reviewed-by: Michael D Kinney
<michael.d.kinney@...>

I agree that can go in now for the stable tag.

The only additional comment I have received is if a
DEBUG() message
can be added where the ASSERT() was removed. Perhaps
only at the
DEBUG_VERBOSE level that is not usually enabled by
default. A
developer that wants to see
SAFE_STRING_CONSTRAINT_CHECK() conditions
that fail would need to enable DEBUG_VERBOSE
messages.

Thanks,

Mike


-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On
Behalf Of Vitaly Cheptsov
Sent: Thursday, May 14, 2020 10:32 AM
To: devel@edk2.groups.io
Cc: Andrew Fish <afish@...>; Ard Biesheuvel
<ard.biesheuvel@...>; Bret Barkelew
<bret.barkelew@...>; Brian J . Johnson
<brian.johnson@...>; Chiu, Chasel
<chasel.chiu@...>; Justen, Jordan L
<jordan.l.justen@...>; Laszlo Ersek
<lersek@...>; Leif Lindholm
<leif@...>;
Gao, Liming <liming.gao@...>; Marvin Häuser
<mhaeuser@...>; Kinney, Michael D
<michael.d.kinney@...>; Zimmer, Vincent
<vincent.zimmer@...>; Gao, Zhichao
<zhichao.gao@...>
Subject: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix
SafeString performing assertions on runtime checks

REF:
https://bugzilla.tianocore.org/show_bug.cgi?id=2054

Runtime checks returned via status return code
should
not work as
assertions to permit parsing not trusted data with
SafeString
interfaces.

CC: Andrew Fish <afish@...>
CC: Ard Biesheuvel <ard.biesheuvel@...>
CC: Bret Barkelew <bret.barkelew@...>
CC: Brian J. Johnson <brian.johnson@...>
CC: Chasel Chiu <chasel.chiu@...>
CC: Jordan Justen <jordan.l.justen@...>
CC: Laszlo Ersek <lersek@...>
CC: Leif Lindholm <leif@...>
CC: Liming Gao <liming.gao@...>
CC: Marvin Häuser <mhaeuser@...>
CC: Mike Kinney <michael.d.kinney@...>
CC: Vincent Zimmer <vincent.zimmer@...>
CC: Zhichao Gao <zhichao.gao@...>
Signed-off-by: Vitaly Cheptsov
<vit9696@...>
---
MdePkg/Include/Library/BaseLib.h | 111 ----------
--
-------
MdePkg/Library/BaseLib/SafeString.c | 112 ----------
--
--------
2 files changed, 223 deletions(-)

diff --git a/MdePkg/Include/Library/BaseLib.h
b/MdePkg/Include/Library/BaseLib.h
index ecadff8b23..2c194ad943 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -189,7 +189,6 @@ StrnSizeS (



If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -225,7 +224,6 @@ StrCpyS (



If Length > 0 and Destination is not aligned on a
16-bit boundary, then ASSERT().


If Length > 0 and Source is not aligned on a 16-
bit
boundary, then ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -263,7 +261,6 @@ StrnCpyS (



If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -303,7 +300,6 @@ StrCatS (



If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -350,12 +346,7 @@ StrnCatS (
be ignored. Then, the function stops at the first
character that is a not a


valid decimal character or a Null-terminator,
whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().


- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().





If String has no valid decimal digits in the above
format, then 0 is stored


at the location pointed to by Data.


@@ -406,12 +397,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first
character that is a not a


valid decimal character or a Null-terminator,
whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().


- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().





If String has no valid decimal digits in the above
format, then 0 is stored


at the location pointed to by Data.


@@ -467,12 +453,7 @@ StrDecimalToUint64S (
the first character that is a not a valid
hexadecimal character or NULL,


whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().


- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().





If String has no valid hexadecimal digits in the
above format, then 0 is


stored at the location pointed to by Data.


@@ -528,12 +509,7 @@ StrHexToUintnS (
the first character that is a not a valid
hexadecimal character or NULL,


whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().


- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().





If String has no valid hexadecimal digits in the
above format, then 0 is


stored at the location pointed to by Data.


@@ -622,8 +598,6 @@ AsciiStrnSizeS (



This function is similar as strcpy_s defined in
C11.





- If an error would be returned, then the function
will also ASSERT().


-


If an error is returned, then the Destination is
unmodified.





@param Destination A pointer to a
Null-terminated Ascii string.


@@ -656,8 +630,6 @@ AsciiStrCpyS (



This function is similar as strncpy_s defined in
C11.





- If an error would be returned, then the function
will also ASSERT().


-


If an error is returned, then the Destination is
unmodified.





@param Destination A pointer to a
Null-terminated Ascii string.


@@ -692,8 +664,6 @@ AsciiStrnCpyS (



This function is similar as strcat_s defined in
C11.





- If an error would be returned, then the function
will also ASSERT().


-


If an error is returned, then the Destination is
unmodified.





@param Destination A pointer to a
Null-terminated Ascii string.


@@ -730,8 +700,6 @@ AsciiStrCatS (



This function is similar as strncat_s defined in
C11.





- If an error would be returned, then the function
will also ASSERT().


-


If an error is returned, then the Destination is
unmodified.





@param Destination A pointer to a
Null-terminated Ascii string.


@@ -777,12 +745,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first
character that is a not a


valid decimal character or a Null-terminator,
whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


- If PcdMaximumAsciiStringLength is not zero, and
String contains more than


- PcdMaximumAsciiStringLength Ascii characters, not
including the


- Null-terminator, then ASSERT().


-


If String has no valid decimal digits in the above
format, then 0 is stored


at the location pointed to by Data.


If the number represented by String exceeds the
range defined by UINTN, then


@@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first
character that is a not a


valid decimal character or a Null-terminator,
whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


- If PcdMaximumAsciiStringLength is not zero, and
String contains more than


- PcdMaximumAsciiStringLength Ascii characters, not
including the


- Null-terminator, then ASSERT().


-


If String has no valid decimal digits in the above
format, then 0 is stored


at the location pointed to by Data.


If the number represented by String exceeds the
range defined by UINT64, then


@@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal
character or Null-terminator,


whichever on comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


- If PcdMaximumAsciiStringLength is not zero, and
String contains more than


- PcdMaximumAsciiStringLength Ascii characters, not
including the


- Null-terminator, then ASSERT().


-


If String has no valid hexadecimal digits in the
above format, then 0 is


stored at the location pointed to by Data.


If the number represented by String exceeds the
range defined by UINTN, then


@@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal
character or Null-terminator,


whichever on comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


- If PcdMaximumAsciiStringLength is not zero, and
String contains more than


- PcdMaximumAsciiStringLength Ascii characters, not
including the


- Null-terminator, then ASSERT().


-


If String has no valid hexadecimal digits in the
above format, then 0 is


stored at the location pointed to by Data.


If the number represented by String exceeds the
range defined by UINT64, then


@@ -1506,16 +1450,8 @@ StrHexToUint64 (
"::" can be used to compress one or more groups of
X
when X contains only 0.


The "::" can only appear once in the String.





- If String is NULL, then ASSERT().


-


- If Address is NULL, then ASSERT().


-


If String is not aligned in a 16-bit boundary,
then
ASSERT().





- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().


-


If EndPointer is not NULL and Address is
translated
from String, a pointer


to the character that stopped the scan is stored
at
the location pointed to


by EndPointer.


@@ -1567,16 +1503,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at
the
first character that is not


a valid decimal digit character after P is
converted.





- If String is NULL, then ASSERT().


-


- If Address is NULL, then ASSERT().


-


If String is not aligned in a 16-bit boundary,
then
ASSERT().





- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().


-


If EndPointer is not NULL and Address is
translated
from String, a pointer


to the character that stopped the scan is stored
at
the location pointed to


by EndPointer.


@@ -1640,8 +1568,6 @@ StrToIpv4Address (
oo Data4[48:55]


pp Data4[56:63]





- If String is NULL, then ASSERT().


- If Guid is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().





@param String Pointer to a
Null-
terminated Unicode string.


@@ -1676,17 +1602,6 @@ StrToGuid (



If String is not aligned in a 16-bit boundary,
then
ASSERT().





- If String is NULL, then ASSERT().


-


- If Buffer is NULL, then ASSERT().


-


- If Length is not multiple of 2, then ASSERT().


-


- If PcdMaximumUnicodeStringLength is not zero and
Length is greater than


- PcdMaximumUnicodeStringLength, then ASSERT().


-


- If MaxBufferSize is less than (Length / 2), then
ASSERT().


-


@param String Pointer to a
Null-
terminated Unicode string.


@param Length The number of
Unicode characters to decode.


@param Buffer Pointer to the
converted bytes array.


@@ -1777,7 +1692,6 @@ UnicodeStrToAsciiStr (
the upper 8 bits, then ASSERT().





If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -1824,7 +1738,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-
zero
value in the upper 8


bits, then ASSERT().


If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -2388,10 +2301,6 @@ AsciiStrHexToUint64 (
"::" can be used to compress one or more groups of
X
when X contains only 0.


The "::" can only appear once in the String.





- If String is NULL, then ASSERT().


-


- If Address is NULL, then ASSERT().


-


If EndPointer is not NULL and Address is
translated
from String, a pointer


to the character that stopped the scan is stored
at
the location pointed to


by EndPointer.


@@ -2443,10 +2352,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at
the
first character that is not


a valid decimal digit character after P is
converted.





- If String is NULL, then ASSERT().


-


- If Address is NULL, then ASSERT().


-


If EndPointer is not NULL and Address is
translated
from String, a pointer


to the character that stopped the scan is stored
at
the location pointed to


by EndPointer.


@@ -2508,9 +2413,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]


pp Data4[56:63]





- If String is NULL, then ASSERT().


- If Guid is NULL, then ASSERT().


-


@param String Pointer to a
Null-
terminated ASCII string.


@param Guid Pointer to the
converted GUID.





@@ -2541,17 +2443,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and
outputs Buffer containing


(Length / 2) bytes.





- If String is NULL, then ASSERT().


-


- If Buffer is NULL, then ASSERT().


-


- If Length is not multiple of 2, then ASSERT().


-


- If PcdMaximumAsciiStringLength is not zero and
Length is greater than


- PcdMaximumAsciiStringLength, then ASSERT().


-


- If MaxBufferSize is less than (Length / 2), then
ASSERT().


-


@param String Pointer to a
Null-
terminated ASCII string.


@param Length The number of
ASCII
characters to decode.


@param Buffer Pointer to the
converted bytes array.


@@ -2632,7 +2523,6 @@ AsciiStrToUnicodeStr (
equal or greater than ((AsciiStrLen (Source) + 1)
*
sizeof (CHAR16)) in bytes.





If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -2678,7 +2568,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
(CHAR8)) in bytes.





If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then Destination and
DestinationLength are


unmodified.


diff --git a/MdePkg/Library/BaseLib/SafeString.c
b/MdePkg/Library/BaseLib/SafeString.c
index 7dc03d2caa..41d9137b83 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -14,7 +14,6 @@



#define SAFE_STRING_CONSTRAINT_CHECK(Expression,
Status) \


do { \


- ASSERT (Expression); \


if (!(Expression)) { \


return Status; \


} \


@@ -197,7 +196,6 @@ StrnSizeS (



If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -279,7 +277,6 @@ StrCpyS (



If Length > 0 and Destination is not aligned on a
16-bit boundary, then ASSERT().


If Length > 0 and Source is not aligned on a 16-
bit
boundary, then ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -372,7 +369,6 @@ StrnCpyS (



If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -473,7 +469,6 @@ StrCatS (



If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -590,12 +585,7 @@ StrnCatS (
be ignored. Then, the function stops at the first
character that is a not a


valid decimal character or a Null-terminator,
whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().


- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().





If String has no valid decimal digits in the above
format, then 0 is stored


at the location pointed to by Data.


@@ -705,12 +695,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first
character that is a not a


valid decimal character or a Null-terminator,
whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().


- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().





If String has no valid decimal digits in the above
format, then 0 is stored


at the location pointed to by Data.


@@ -825,12 +810,7 @@ StrDecimalToUint64S (
the first character that is a not a valid
hexadecimal character or NULL,


whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().


- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().





If String has no valid hexadecimal digits in the
above format, then 0 is


stored at the location pointed to by Data.


@@ -956,12 +936,7 @@ StrHexToUintnS (
the first character that is a not a valid
hexadecimal character or NULL,


whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().


- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().





If String has no valid hexadecimal digits in the
above format, then 0 is


stored at the location pointed to by Data.


@@ -1091,16 +1066,8 @@ StrHexToUint64S (
"::" can be used to compress one or more groups of
X
when X contains only 0.


The "::" can only appear once in the String.





- If String is NULL, then ASSERT().


-


- If Address is NULL, then ASSERT().


-


If String is not aligned in a 16-bit boundary,
then
ASSERT().





- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().


-


If EndPointer is not NULL and Address is
translated
from String, a pointer


to the character that stopped the scan is stored
at
the location pointed to


by EndPointer.


@@ -1317,16 +1284,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at
the
first character that is not


a valid decimal digit character after P is
converted.





- If String is NULL, then ASSERT().


-


- If Address is NULL, then ASSERT().


-


If String is not aligned in a 16-bit boundary,
then
ASSERT().





- If PcdMaximumUnicodeStringLength is not zero, and
String contains more than


- PcdMaximumUnicodeStringLength Unicode characters,
not including the


- Null-terminator, then ASSERT().


-


If EndPointer is not NULL and Address is
translated
from String, a pointer


to the character that stopped the scan is stored
at
the location pointed to


by EndPointer.


@@ -1482,8 +1441,6 @@ StrToIpv4Address (
oo Data4[48:55]


pp Data4[56:63]





- If String is NULL, then ASSERT().


- If Guid is NULL, then ASSERT().


If String is not aligned in a 16-bit boundary,
then
ASSERT().





@param String Pointer to a
Null-
terminated Unicode string.


@@ -1589,17 +1546,6 @@ StrToGuid (



If String is not aligned in a 16-bit boundary,
then
ASSERT().





- If String is NULL, then ASSERT().


-


- If Buffer is NULL, then ASSERT().


-


- If Length is not multiple of 2, then ASSERT().


-


- If PcdMaximumUnicodeStringLength is not zero and
Length is greater than


- PcdMaximumUnicodeStringLength, then ASSERT().


-


- If MaxBufferSize is less than (Length / 2), then
ASSERT().


-


@param String Pointer to a
Null-
terminated Unicode string.


@param Length The number of
Unicode characters to decode.


@param Buffer Pointer to the
converted bytes array.


@@ -1779,8 +1725,6 @@ AsciiStrnSizeS (



This function is similar as strcpy_s defined in
C11.





- If an error would be returned, then the function
will also ASSERT().


-


If an error is returned, then the Destination is
unmodified.





@param Destination A pointer to a
Null-terminated Ascii string.


@@ -1856,8 +1800,6 @@ AsciiStrCpyS (



This function is similar as strncpy_s defined in
C11.





- If an error would be returned, then the function
will also ASSERT().


-


If an error is returned, then the Destination is
unmodified.





@param Destination A pointer to a
Null-terminated Ascii string.


@@ -1944,8 +1886,6 @@ AsciiStrnCpyS (



This function is similar as strcat_s defined in
C11.





- If an error would be returned, then the function
will also ASSERT().


-


If an error is returned, then the Destination is
unmodified.





@param Destination A pointer to a
Null-terminated Ascii string.


@@ -2040,8 +1980,6 @@ AsciiStrCatS (



This function is similar as strncat_s defined in
C11.





- If an error would be returned, then the function
will also ASSERT().


-


If an error is returned, then the Destination is
unmodified.





@param Destination A pointer to a
Null-terminated Ascii string.


@@ -2154,12 +2092,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first
character that is a not a


valid decimal character or a Null-terminator,
whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


- If PcdMaximumAsciiStringLength is not zero, and
String contains more than


- PcdMaximumAsciiStringLength Ascii characters, not
including the


- Null-terminator, then ASSERT().


-


If String has no valid decimal digits in the above
format, then 0 is stored


at the location pointed to by Data.


If the number represented by String exceeds the
range defined by UINTN, then


@@ -2266,12 +2198,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first
character that is a not a


valid decimal character or a Null-terminator,
whichever one comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


- If PcdMaximumAsciiStringLength is not zero, and
String contains more than


- PcdMaximumAsciiStringLength Ascii characters, not
including the


- Null-terminator, then ASSERT().


-


If String has no valid decimal digits in the above
format, then 0 is stored


at the location pointed to by Data.


If the number represented by String exceeds the
range defined by UINT64, then


@@ -2382,12 +2308,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal
character or Null-terminator,


whichever on comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


- If PcdMaximumAsciiStringLength is not zero, and
String contains more than


- PcdMaximumAsciiStringLength Ascii characters, not
including the


- Null-terminator, then ASSERT().


-


If String has no valid hexadecimal digits in the
above format, then 0 is


stored at the location pointed to by Data.


If the number represented by String exceeds the
range defined by UINTN, then


@@ -2509,12 +2429,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal
character or Null-terminator,


whichever on comes first.





- If String is NULL, then ASSERT().


- If Data is NULL, then ASSERT().


- If PcdMaximumAsciiStringLength is not zero, and
String contains more than


- PcdMaximumAsciiStringLength Ascii characters, not
including the


- Null-terminator, then ASSERT().


-


If String has no valid hexadecimal digits in the
above format, then 0 is


stored at the location pointed to by Data.


If the number represented by String exceeds the
range defined by UINT64, then


@@ -2635,7 +2549,6 @@ AsciiStrHexToUint64S (
the upper 8 bits, then ASSERT().





If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -2735,7 +2648,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-
zero
value in the upper 8


bits, then ASSERT().


If Source is not aligned on a 16-bit boundary,
then
ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then Destination and
DestinationLength are


unmodified.


@@ -2855,7 +2767,6 @@ UnicodeStrnToAsciiStrS (
equal or greater than ((AsciiStrLen (Source) + 1)
*
sizeof (CHAR16)) in bytes.





If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then the Destination is
unmodified.





@@ -2948,7 +2859,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
(CHAR8)) in bytes.





If Destination is not aligned on a 16-bit
boundary,
then ASSERT().


- If an error would be returned, then the function
will also ASSERT().





If an error is returned, then Destination and
DestinationLength are


unmodified.


@@ -3072,10 +2982,6 @@ AsciiStrnToUnicodeStrS (
"::" can be used to compress one or more groups of
X
when X contains only 0.


The "::" can only appear once in the String.





- If String is NULL, then ASSERT().


-


- If Address is NULL, then ASSERT().


-


If EndPointer is not NULL and Address is
translated
from String, a pointer


to the character that stopped the scan is stored
at
the location pointed to


by EndPointer.


@@ -3291,10 +3197,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at
the
first character that is not


a valid decimal digit character after P is
converted.





- If String is NULL, then ASSERT().


-


- If Address is NULL, then ASSERT().


-


If EndPointer is not NULL and Address is
translated
from String, a pointer


to the character that stopped the scan is stored
at
the location pointed to


by EndPointer.


@@ -3448,9 +3350,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]


pp Data4[56:63]





- If String is NULL, then ASSERT().


- If Guid is NULL, then ASSERT().


-


@param String Pointer to a
Null-
terminated ASCII string.


@param Guid Pointer to the
converted GUID.





@@ -3550,17 +3449,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and
outputs Buffer containing


(Length / 2) bytes.





- If String is NULL, then ASSERT().


-


- If Buffer is NULL, then ASSERT().


-


- If Length is not multiple of 2, then ASSERT().


-


- If PcdMaximumAsciiStringLength is not zero and
Length is greater than


- PcdMaximumAsciiStringLength, then ASSERT().


-


- If MaxBufferSize is less than (Length / 2), then
ASSERT().


-


@param String Pointer to a
Null-
terminated ASCII string.


@param Length The number of
ASCII
characters to decode.


@param Buffer Pointer to the
converted bytes array.


--
2.24.2 (Apple Git-127)