From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: None (no SPF record) identity=mailfrom; client-ip=2a00:1450:4864:20::22f; helo=mail-lj1-x22f.google.com; envelope-from=mw@semihalf.com; receiver=edk2-devel@lists.01.org Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C211B2194D387 for ; Tue, 25 Sep 2018 14:58:21 -0700 (PDT) Received: by mail-lj1-x22f.google.com with SMTP id p89-v6so7079794ljb.3 for ; Tue, 25 Sep 2018 14:58:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=h/T0XiL7YTCGN88PQXTMs0pA5aCv8Y6kMQhIv7E2Bfs=; b=Us/8mgJUByccMOYWEMhrWP/6FCkhF055Miu4rvnZd8bu3Tj9s92GRzym3zDqOVS6kH pAxvwRZPlW1uJpwlc8YeETvDOYQ16upItaw+e2jMlZZlF3SgXdmm7vppp8n3EM9JCtul tctWTUmOcjWEkXezhuUl66OEVL8VnoG+hfHgguNHn2+iw9wgqVuqrJrainWQDp5XUirJ vE49wG4vcnZbBifRMLDQ+wP2E/9RQBtIP73xqiy4FgSUrmJ2jQl1+Z/OT4Oit6MnZrZv 00J1gRu1G8R8TLx5+PJSoMFQJODQERllmr1/5owcrXNJyHECQz/sswKoEYeRl5gNFqS+ 1u5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=h/T0XiL7YTCGN88PQXTMs0pA5aCv8Y6kMQhIv7E2Bfs=; b=mAJOIRo0lYto+5Kf0q4tXbV8kKaV3zoclVgOMPPnjESTwYHWe+B45ZQAAXIMxqCBDl +4nSiNT5T765tqRdUdPcgcU+cJh687lHKy10SeiH0bGraWlYSZzN/q+h12BO+zJ9wi9s MYTiC3wItedouHF0VLKtrdrTyjMmVxk42hbuePSQS8KykCeA3aysOmD4uncWgMQgl0DT TmdVJOqLLpK4aE4psfC4vl50xsLWcZWrM7KnyxpmVmrkjpXAamHmcJP/7pLvCm8U3gEk T13Ej9P5xQO0M5nmGxkIYtTs9v4hNVbHJKAxv94bclgIn1PoI3lsNbZ/D741yT4Ze4jM 5Prg== X-Gm-Message-State: ABuFfogCx+GFLXKx5Q4ijvrT2HMm+wo2Q/NL8T7lm/bF9dedhUrh0TV6 TBRAKHGDVr7MlOpMoFjH6fUZ+dqaW1U= X-Google-Smtp-Source: ACcGV60SbZPclRlSi5eRLzB9hhR7KER4p82rY5pgozoC9m1gGUfWtXgCFWIJZmZFvIHf23/nLd/MfQ== X-Received: by 2002:a2e:2025:: with SMTP id g37-v6mr2404570ljg.40.1537912699529; Tue, 25 Sep 2018 14:58:19 -0700 (PDT) Received: from gilgamesh.semihalf.com (31-172-191-173.noc.fibertech.net.pl. [31.172.191.173]) by smtp.gmail.com with ESMTPSA id v10-v6sm599500ljg.12.2018.09.25.14.58.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Sep 2018 14:58:18 -0700 (PDT) From: Marcin Wojtas To: edk2-devel@lists.01.org Cc: feng.tian@intel.com, michael.d.kinney@intel.com, liming.gao@intel.com, leif.lindholm@linaro.org, ard.biesheuvel@linaro.org, nadavh@marvell.com, mw@semihalf.com, jsd@semihalf.com, jaz@semihalf.com, Ruiyu Ni , Fei1 Wang , Star Zeng Date: Tue, 25 Sep 2018 23:57:51 +0200 Message-Id: <1537912671-20013-1-git-send-email-mw@semihalf.com> X-Mailer: git-send-email 2.7.4 Subject: [PATCH v2] MdeModulePkg: XhciDxe: Prevent illegal memory access in XhcSetHsee X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2018 21:58:22 -0000 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1206 Newly added XhcSetHsee() routine reads 4 bytes into a UINT16 variable causing issues on PCIE and NonDiscoverable Xhci controllers. Fix that. Cc: Ruiyu Ni Cc: Fei1 Wang Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Marcin Wojtas --- MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c b/MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c index 89f073e..3ed1a55 100644 --- a/MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c +++ b/MdeModulePkg/Bus/Pci/XhciDxe/XhciReg.c @@ -609,7 +609,7 @@ XhcSetHsee ( PciIo, EfiPciIoWidthUint16, PCI_COMMAND_OFFSET, - sizeof (XhciCmd), + sizeof (XhciCmd) / sizeof (UINT16), &XhciCmd ); if (!EFI_ERROR (Status)) { -- 2.7.4