From nobody Thu Dec 18 22:22:58 2025 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) client-ip=78.46.105.101; envelope-from=seabios-bounces@seabios.org; helo=coreboot.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1576209105; cv=none; d=zohomail.com; s=zohoarc; b=Vm0taZL2o/MiKkxRL7mnRkn9IIt1EaChyq1TbEuTWsDjdIce/DHPlkbcLiHyMem/uvKFgHDVLtPdIOAT6L041zqrMc5KezI/1+5z7lauBqgd11L5MZ6CGF1Gv3krZkbJqo+qYDF3qqYmQuxyUcL9rfmzk4rk6Bka9NH33zUa8Uk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1576209105; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Subject:To; bh=LRb1Mp83Mp85DIXN/Tk0NUwkeg/UZucC6gsU9QfWFi8=; b=JTZh8s81H0R8qrSwWJEZPk+c/EP2G44Jeum1agy436r0vP17esqiXqEpdVdbPn0FkHWFAvv4nHpMpl4LjB1NfOsA27HMUOw9tx7U+rULwvYPLZyEacu6p5d6+LEEkgyCDZZzJBf9rus1d/tyWNhR17nw6CkoesmAkMWot3Pn04Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from coreboot.org (coreboot.org [78.46.105.101]) by mx.zohomail.com with SMTPS id 1576209105080735.7638881206002; Thu, 12 Dec 2019 19:51:45 -0800 (PST) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by coreboot.org (Postfix) with ESMTPA id B391B24580; Fri, 13 Dec 2019 03:51:40 +0000 (UTC) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by coreboot.org (Postfix) with ESMTP id 43AC52207C for ; Fri, 13 Dec 2019 03:51:27 +0000 (UTC) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) for ; Thu, 12 Dec 2019 19:51:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Fp3jEqJfAZzaSk+Fbsys/cJuOnzb0Ugcqx9GF4e5eEA=; b=uYcVfe3q4okz9hlr2HuetctCHssWZOgZPjuKP5r1+UmcKR++IC5eEs3Re3LSlLTCRd Bh8mB8ZbXTadDy/CUu9MfqY2wTrk3eBzhcNq1nHFADIzHDoot98BEa+L6Je6ZmwOLc8+ BxLVZfA3wpaxB/qPtc3nIA5mXOmscrAhuYRj+lR+a60wyOilvavMgKQwlwNfLkaOQFxt T9sRcPdZ+53ez94XnPSeHvNLPH6gxJhn8uRD35FD1v7cuqq0poRFVNxkPOhPJeopdgcz 9aYSoHkBymvharVUhnQ9igSvQME14mKlz5uT1NpZBQb0AjHYlKrvQM7v78/BcXvEpdX1 6JsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Fp3jEqJfAZzaSk+Fbsys/cJuOnzb0Ugcqx9GF4e5eEA=; b=Itk5/Klkeo1LE9UeCVCCigr/vY+ozAhI4DOYrHynPeySA4uwywHaeGotOVefEuinah LJsuQRX8JyHdknV3vOwe60XEsNeudj5I2f4pFmch8cJ4UGqtdkx6qfv2+281XsSan46U XOu7ji/c3gwZm48GUgjj+fOx57VmaSl+/xv8H925eU49n1NCvddpEJmslosTBs+182L4 uNeAeUBmP6v4Lvhg2adz3Eips1gQ8FbfKPXWAJumoPHxYc2+aLJ2XX7AeJeOSFptnobU FkWxLqFJfeg3n9rkvHhe9QZDuepBpsayCPtJgewJaiTmIWsTaWlcffTKjsnLmky5q0PV pIsw== X-Gm-Message-State: APjAAAVrdOBGDy9ajHST4PA6jlsx2PUrSoUV73c7mMtdmmwnTIpF1Ghf TT89gANoV8QdV1USwHSAE3EzyV4L5J2eTKqulezy5ETFKSE= X-Google-Smtp-Source: APXvYqy01Y4LYF/EIOTB9RpU1o8Fbg2RF5adv1iLPtAufBWzf9yOixodwR8vYTziZDMQqfxX09EL61rZq6tEnjmnZQU= X-Received: by 2002:a02:ce8a:: with SMTP id y10mr11543365jaq.21.1576209085640; Thu, 12 Dec 2019 19:51:25 -0800 (PST) MIME-Version: 1.0 From: Matt DeVillier Date: Thu, 12 Dec 2019 21:51:14 -0600 Message-ID: To: seabios Message-ID-Hash: TMHXJUNJE2EYVOSETPFK36SZVF3FFVLF X-Message-ID-Hash: TMHXJUNJE2EYVOSETPFK36SZVF3FFVLF X-MailFrom: matt.devillier@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-seabios.seabios.org-0; header-match-seabios.seabios.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.3.1 Precedence: list Subject: [SeaBIOS] Subject: [PATCH 1/2] hw/usb-hid: handle devices with illegal max packet size List-Id: SeaBIOS mailing list Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: +++ X-Spam-Level: *** Authentication-Results: coreboot.org; auth=pass smtp.auth=mailman@coreboot.org smtp.mailfrom=seabios-bounces@seabios.org X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Some USB keyboards report 9 or 10-byte max packet sizes, instead of the 8-byte max specified by the USB HID spec. Handle this by increasing the size of the keyevent struct to 10 bytes, zeroizing it before use, and using the key array size of the usbkeyinfo struct as loop bounds rather than that of the keyevent struct (since the former will always be smaller, and within spec). Test: built/boot on Google Pixel Slate, observe keyboard functional Signed-off-by: Matt DeVillier --- src/hw/usb-hid.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/hw/usb-hid.c b/src/hw/usb-hid.c index fa4d9a2..cedec0b 100644 --- a/src/hw/usb-hid.c +++ b/src/hw/usb-hid.c @@ -8,6 +8,7 @@ #include "config.h" // CONFIG_* #include "output.h" // dprintf #include "ps2port.h" // ATKBD_CMD_GETID +#include //memset #include "usb.h" // usb_ctrlrequest #include "usb-hid.h" // usb_keyboard_setup #include "util.h" // process_key @@ -59,7 +60,7 @@ usb_kbd_setup(struct usbdevice_s *usbdev // XXX - this enables the first found keyboard (could be random) return -1; - if (epdesc->wMaxPacketSize !=3D 8) + if (epdesc->wMaxPacketSize > 10) return -1; // Enable "boot" protocol. @@ -163,11 +164,15 @@ static u16 ModifierToScanCode[] VAR16 =3D { #define RELEASEBIT 0x80 -// Format of USB keyboard event data +// Format of USB keyboard event data. +// Some keyboards use a 9/10 byte packet size, +// so account for that here to prevent buffer +// overflow. We'll ignore the 9th/10th bytes +// as it's out of spec. struct keyevent { u8 modifiers; u8 reserved; - u8 keys[6]; + u8 keys[8]; }; // Translate data from KeyToScanCode[] to calls to process_key(). @@ -253,7 +258,7 @@ handle_key(struct keyevent *data) break; int j; for (j=3D0;; j++) { - if (j>=3DARRAY_SIZE(data->keys)) { + if (j>=3DARRAY_SIZE(old.keys)) { // Key released. procscankey(key, RELEASEBIT, data->modifiers); if (i+1 >=3D ARRAY_SIZE(old.keys) || !old.keys[i+1]) @@ -274,7 +279,7 @@ handle_key(struct keyevent *data) // Process new keys procmodkey(data->modifiers & ~old.modifiers, 0); old.modifiers =3D data->modifiers; - for (i=3D0; ikeys); i++) { + for (i=3D0; ikeys[i]; if (!key) continue; @@ -310,6 +315,8 @@ usb_check_key(void) for (;;) { struct keyevent data; + //zeroize struct as most keyboards won't fill it + memset(&data, 0, sizeof(data)); int ret =3D usb_poll_intr(pipe, &data); if (ret) break; --=20 2.20.1 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org