From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruiyu.ni@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.31; helo=mga06.intel.com;
 envelope-from=ruiyu.ni@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 41EB4211799C2
 for <edk2-devel@lists.01.org>; Mon, 15 Oct 2018 22:42:25 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 15 Oct 2018 22:42:25 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,387,1534834800"; d="scan'208";a="81760143"
Received: from ray-dev.ccr.corp.intel.com ([10.239.9.11])
 by orsmga008.jf.intel.com with ESMTP; 15 Oct 2018 22:42:24 -0700
From: Ruiyu Ni <ruiyu.ni@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 16 Oct 2018 13:43:23 +0800
Message-Id: <20181016054335.47460-1-ruiyu.ni@intel.com>
X-Mailer: git-send-email 2.16.1.windows.1
Subject: [PATCH v2 00/12] Need to validate data from HW
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 05:42:26 -0000

The patches contain logic to check the data from HW before using.
It can avoid corrupted data from HW causes software behave abnormally.

V2: adopt all comments from Star. The block size 0/64K handle is in a
separate patch
"MdeModulePkg/UsbMass: Reject device whose block size is 0 or > 64K"

Hao Wu (1):
  MdeModulePkg/Bus/Ufs: Ensure device not return more data than expected

Ruiyu Ni (11):
  MdeModulePkg/UsbMass: Merge UsbBoot(Read|Write)Blocks(16)
  MdeModulePkg/UsbMass: Fix integer overflow when BlockSize is 1
  MdeModulePkg/UsbBus: Fix out-of-bound read access to descriptors
  MdeModulePkg/UsbBus: Reject descriptor whose length is bad
  MdeModulePkg/Usb: Make sure data from HW is no more than expected
  SourceLevelDebugPkg/Usb3: Make sure data from HW can fit in buffer
  MdeModulePkg/UsbKb: Don't access key codes when length is wrong
  MdeModulePkg/AbsPointer: Don't access key codes when length is wrong
  MdeModulePkg/UsbMouse: Don't access key codes when length is wrong
  MdeModulePkg/UsbBus: Deny when the string descriptor length is odd
  MdeModulePkg/UsbMass: Reject device whose block size is 0 or > 64K

 MdeModulePkg/Bus/Pci/EhciDxe/EhciSched.c           |   9 +-
 MdeModulePkg/Bus/Pci/UhciDxe/UhciSched.c           |   7 +-
 MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c           |   9 +-
 MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHci.c        |  19 +-
 .../Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c        |  30 ++-
 MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c           |  70 +++++-
 MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c           |   4 +
 .../Bus/Usb/UsbMassStorageDxe/UsbMassBoot.c        | 276 ++++++---------------
 .../Bus/Usb/UsbMassStorageDxe/UsbMassBoot.h        |  76 ++----
 .../Bus/Usb/UsbMassStorageDxe/UsbMassImpl.c        |   8 +-
 .../UsbMouseAbsolutePointer.c                      |   8 +-
 MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c        |   8 +-
 .../DebugCommunicationLibUsb3Transfer.c            |   7 +
 13 files changed, 237 insertions(+), 294 deletions(-)

-- 
2.16.1.windows.1