From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7510921AE30DB for ; Tue, 25 Sep 2018 17:30:24 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Sep 2018 17:30:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,304,1534834800"; d="scan'208";a="77280705" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga006.jf.intel.com with ESMTP; 25 Sep 2018 17:30:14 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 25 Sep 2018 17:30:13 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.140]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.245]) with mapi id 14.03.0319.002; Wed, 26 Sep 2018 08:30:12 +0800 From: "Zeng, Star" To: Marcin Wojtas , "edk2-devel@lists.01.org" CC: "Tian, Feng" , "Kinney, Michael D" , "Gao, Liming" , "leif.lindholm@linaro.org" , "ard.biesheuvel@linaro.org" , "nadavh@marvell.com" , "jsd@semihalf.com" , "jaz@semihalf.com" , "Ni, Ruiyu" , "Wang, Fei1" , "Zeng, Star" Thread-Topic: [PATCH v2] MdeModulePkg: XhciDxe: Prevent illegal memory access in XhcSetHsee Thread-Index: AQHUVRrj3JZY/U1VX0q9DLGxaCLsk6UBtbhA Date: Wed, 26 Sep 2018 00:30:11 +0000 Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103BBEF22F@shsmsx102.ccr.corp.intel.com> References: <1537912671-20013-1-git-send-email-mw@semihalf.com> In-Reply-To: <1537912671-20013-1-git-send-email-mw@semihalf.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2] MdeModulePkg: XhciDxe: Prevent illegal memory access in XhcSetHsee X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2018 00:30:24 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Good observation. Reviewed-by: Star Zeng Thanks, Star -----Original Message----- From: Marcin Wojtas [mailto:mw@semihalf.com]=20 Sent: Wednesday, September 26, 2018 5:58 AM To: edk2-devel@lists.01.org Cc: Tian, Feng ; Kinney, Michael D ; Gao, Liming ; leif.lindholm@linaro.org; ar= d.biesheuvel@linaro.org; nadavh@marvell.com; mw@semihalf.com; jsd@semihalf.= com; jaz@semihalf.com; Ni, Ruiyu ; Wang, Fei1 ; Zeng, Star Subject: [PATCH v2] MdeModulePkg: XhciDxe: Prevent illegal memory access in= XhcSetHsee REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1206 Newly added XhcSetHsee() routine reads 4 bytes into a UINT16 variable causi= ng issues on PCIE and NonDiscoverable Xhci controllers. Fix that. Cc: Ruiyu Ni Cc: Fei1 Wang Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Marcin Wojtas --- MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c b/MdeModulePkg/Bus/Pci/= XhciDxe/XhciReg.c index 89f073e..3ed1a55 100644 --- a/MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c +++ b/MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c @@ -609,7 +609,7 @@ XhcSetHsee ( PciIo, EfiPciIoWidthUint16, PCI_COMMAND_OFFSET, - sizeof (XhciCmd), + sizeof (XhciCmd) / sizeof (UINT16), &XhciCmd ); if (!EFI_ERROR (Status)) { -- 2.7.4