Thanks for your info, Yakovlev. Did you see problem with XHCI? If yes, I can provide a patch and could you help verify it?
Thanks Feng -----Original Message----- From: Evgeny Yakovlev [mailto:[email protected]] Sent: Monday, June 13, 2016 5:29 PM To: Tian, Feng <[email protected]> Cc: [email protected] Subject: Re: [edk2] [PATCH] MdeModulePkg/UsbBusDxe: Fixed USB descriptor length check Hi Feng. Sorry, i was AFK for the past week. We have encountered this with Platronix USB headset. This device was reporting *USB Interface* descriptor sizes 1 byte larger than what the spec says. Headset was simply plugged in when we booted our firmware and UsbCreateDesc failed to parse that and returned NULL which eventually crashed the firmware later (i will try and send a separate patch to fix that). We fixed UsbCreateDesc and device enumeration went fine, all descriptors it sends are correct except for this odd size field. Evgeny > On 13 Jun 2016, at 05:32, Tian, Feng <[email protected]> wrote: > > Hi, Yakovlev > > Any response on this? > > Thanks > Feng > > -----Original Message----- > From: Tian, Feng > Sent: Monday, June 6, 2016 9:27 AM > To: Evgeny Yakovlev <[email protected]>; [email protected] > Cc: Tian, Feng <[email protected]> > Subject: RE: [edk2] [PATCH] MdeModulePkg/UsbBusDxe: Fixed USB descriptor > length check > > Hi, Evgenv > > Thanks for your contribution, Evgenv > > Could you let me know what error case you met? Is the Device Desc or Config > Desc larger than expected or other descs? > > Why I ask this question is because it would impact Xhci driver's > implementation in which we store some desc contents at internal. So looks > like XHCI driver also needs to be updated. > > Thanks > Feng > > -----Original Message----- > From: edk2-devel [mailto:[email protected]] On Behalf Of Evgeny > Yakovlev > Sent: Sunday, June 5, 2016 10:29 PM > To: [email protected] > Subject: [edk2] [PATCH] MdeModulePkg/UsbBusDxe: Fixed USB descriptor length > check > > According to spec if the length of a descriptor is smaller than what the > specification defines, then the host shall ignore it. > However if the size is greater than expected the host will ignore the extra > bytes and start looking for the next descriptor at the end of actual length > returned. Original check did not handle the latter case correctly and only > allowed descriptors with lengths exactly as defined in specification. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Evgeny Yakovlev <[email protected]> > --- > MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c > b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c > index 5b8b1aa..fba60da 100644 > --- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c > +++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c > @@ -199,8 +199,8 @@ UsbCreateDesc ( > } > } > > - if ((Len <= Offset) || (Len < Offset + DescLen) || > - (Head->Type != Type) || (Head->Len != DescLen)) { > + if ((Len <= Offset) || (Len < Offset + Head->Len) || > + (Head->Type != Type) || (Head->Len < DescLen)) { > DEBUG (( EFI_D_ERROR, "UsbCreateDesc: met mal-format descriptor\n")); > return NULL; > } > -- > 2.7.4 (Apple Git-66) > > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
