The patches contain logic to check the data from HW before using. It can avoid corrupted data from HW causes software behave abnormally.
V2: adopt all comments from Star. The block size 0/64K handle is in a separate patch "MdeModulePkg/UsbMass: Reject device whose block size is 0 or > 64K" Hao Wu (1): MdeModulePkg/Bus/Ufs: Ensure device not return more data than expected Ruiyu Ni (11): MdeModulePkg/UsbMass: Merge UsbBoot(Read|Write)Blocks(16) MdeModulePkg/UsbMass: Fix integer overflow when BlockSize is 1 MdeModulePkg/UsbBus: Fix out-of-bound read access to descriptors MdeModulePkg/UsbBus: Reject descriptor whose length is bad MdeModulePkg/Usb: Make sure data from HW is no more than expected SourceLevelDebugPkg/Usb3: Make sure data from HW can fit in buffer MdeModulePkg/UsbKb: Don't access key codes when length is wrong MdeModulePkg/AbsPointer: Don't access key codes when length is wrong MdeModulePkg/UsbMouse: Don't access key codes when length is wrong MdeModulePkg/UsbBus: Deny when the string descriptor length is odd MdeModulePkg/UsbMass: Reject device whose block size is 0 or > 64K MdeModulePkg/Bus/Pci/EhciDxe/EhciSched.c | 9 +- MdeModulePkg/Bus/Pci/UhciDxe/UhciSched.c | 7 +- MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c | 9 +- MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHci.c | 19 +- .../Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c | 30 ++- MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c | 70 +++++- MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c | 4 + .../Bus/Usb/UsbMassStorageDxe/UsbMassBoot.c | 276 ++++++--------------- .../Bus/Usb/UsbMassStorageDxe/UsbMassBoot.h | 76 ++---- .../Bus/Usb/UsbMassStorageDxe/UsbMassImpl.c | 8 +- .../UsbMouseAbsolutePointer.c | 8 +- MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c | 8 +- .../DebugCommunicationLibUsb3Transfer.c | 7 + 13 files changed, 237 insertions(+), 294 deletions(-) -- 2.16.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel