From 333e9638ad29828f4cac64ad966b0e7f8c9b0c66 Mon Sep 17 00:00:00 2001 From: Aniket_Surekar Date: Thu, 14 Nov 2024 21:27:15 +0530 Subject: [PATCH] MdeModulePkg/Bus/Pci: Fix Descriptor Misalignment in USB Config Handling The issue with locating the expected interface and endpoint descriptors arises because `configDesc` (USB_CONFIG_DESCRIPTOR) and `IfDesc` (USB_INTERFACE_DESCRIPTOR) are incremented by structure size rather than by actual descriptor length. Specifically: - `configDesc` should be incremented by its actual length. - `IfDesc` should be incremented by its actual length. This incorrect increment causes misalignment, preventing access to the subsequent interface and endpoint descriptors. [Suggested Solution] Update the code to increment the pointers by the actual descriptor lengths, ensuring proper access to all descriptors in the USB configuration. Signed-off-by: Aniket Surekar --- MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c | 12 ++++++------ MdeModulePkg/Bus/Pci/XhciPei/XhciSched.c | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c b/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c index 3caa060f35..fe48a72121 100644 --- a/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c +++ b/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c @@ -2848,7 +2848,7 @@ XhcInitializeEndpointContext ( MaxDci = 1; } - EpDesc = (USB_ENDPOINT_DESCRIPTOR *)(IfDesc + 1); + EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length); for (EpIndex = 0; EpIndex < NumEp; EpIndex++) { while (EpDesc->DescriptorType != USB_DESC_TYPE_ENDPOINT) { EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length); @@ -3051,7 +3051,7 @@ XhcInitializeEndpointContext64 ( MaxDci = 1; } - EpDesc = (USB_ENDPOINT_DESCRIPTOR *)(IfDesc + 1); + EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length); for (EpIndex = 0; EpIndex < NumEp; EpIndex++) { while (EpDesc->DescriptorType != USB_DESC_TYPE_ENDPOINT) { EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length); @@ -3260,7 +3260,7 @@ XhcSetConfigCmd ( MaxDci = 0; - IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1); + IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)ConfigDesc + ConfigDesc->Length); for (Index = 0; Index < ConfigDesc->NumInterfaces; Index++) { while ((IfDesc->DescriptorType != USB_DESC_TYPE_INTERFACE) || (IfDesc->AlternateSetting != 0)) { IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length); @@ -3353,7 +3353,7 @@ XhcSetConfigCmd64 ( MaxDci = 0; - IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1); + IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)ConfigDesc + ConfigDesc->Length); for (Index = 0; Index < ConfigDesc->NumInterfaces; Index++) { while ((IfDesc->DescriptorType != USB_DESC_TYPE_INTERFACE) || (IfDesc->AlternateSetting != 0)) { IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length); @@ -3644,7 +3644,7 @@ XhcSetInterface ( IfDescActive = NULL; IfDescSet = NULL; - IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1); + IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)ConfigDesc + ConfigDesc->Length); while ((UINTN)IfDesc < ((UINTN)ConfigDesc + ConfigDesc->TotalLength)) { if ((IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) && (IfDesc->Length >= sizeof (USB_INTERFACE_DESCRIPTOR))) { if (IfDesc->InterfaceNumber == (UINT8)Request->Index) { @@ -3851,7 +3851,7 @@ XhcSetInterface64 ( IfDescActive = NULL; IfDescSet = NULL; - IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1); + IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)ConfigDesc + ConfigDesc->Length); while ((UINTN)IfDesc < ((UINTN)ConfigDesc + ConfigDesc->TotalLength)) { if ((IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) && (IfDesc->Length >= sizeof (USB_INTERFACE_DESCRIPTOR))) { if (IfDesc->InterfaceNumber == (UINT8)Request->Index) { diff --git a/MdeModulePkg/Bus/Pci/XhciPei/XhciSched.c b/MdeModulePkg/Bus/Pci/XhciPei/XhciSched.c index c956e45907..158749b53c 100644 --- a/MdeModulePkg/Bus/Pci/XhciPei/XhciSched.c +++ b/MdeModulePkg/Bus/Pci/XhciPei/XhciSched.c @@ -1748,7 +1748,7 @@ XhcPeiSetConfigCmd ( MaxDci = 0; - IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1); + IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)ConfigDesc + ConfigDesc->Length); for (Index = 0; Index < ConfigDesc->NumInterfaces; Index++) { while ((IfDesc->DescriptorType != USB_DESC_TYPE_INTERFACE) || (IfDesc->AlternateSetting != 0)) { IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length); @@ -1759,7 +1759,7 @@ XhcPeiSetConfigCmd ( MaxDci = 1; } - EpDesc = (USB_ENDPOINT_DESCRIPTOR *)(IfDesc + 1); + EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length); for (EpIndex = 0; EpIndex < NumEp; EpIndex++) { while (EpDesc->DescriptorType != USB_DESC_TYPE_ENDPOINT) { EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length); @@ -1974,7 +1974,7 @@ XhcPeiSetConfigCmd64 ( MaxDci = 0; - IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1); + IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)ConfigDesc + ConfigDesc->Length); for (Index = 0; Index < ConfigDesc->NumInterfaces; Index++) { while ((IfDesc->DescriptorType != USB_DESC_TYPE_INTERFACE) || (IfDesc->AlternateSetting != 0)) { IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length); @@ -1985,7 +1985,7 @@ XhcPeiSetConfigCmd64 ( MaxDci = 1; } - EpDesc = (USB_ENDPOINT_DESCRIPTOR *)(IfDesc + 1); + EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length); for (EpIndex = 0; EpIndex < NumEp; EpIndex++) { while (EpDesc->DescriptorType != USB_DESC_TYPE_ENDPOINT) { EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);