During USB mass storage enumeration, if a USB transfer fails due to any
other reason, UsbMassStorageDxe will attempt to reset the device.
With the commit ed07a2bb11 ("MdeModulePkg/UsbBusDxe: USB issue fix when
the port reset"), UsbIoPortReset now tears down the USB device context
and reinstalls it (via DisconnectController & ConnectController).
This process is not handled by the UsbMassDriver, causing the upper
layer to access an old pointer that has been freed during the teardown,
leading to a crash.
Example:
UsbMassReadBlocks (Failed)
-> UsbMassReset
-> UsbBotResetDevice
-> UsbIoPortReset (teardown + reinstall and return)
Now the UsbBot context pointer is invalidated and pointing to freed
memory.
-> UsbBot->UsbIo->UsbControlTransfer() therefore accesses a invalid
pointer and crashes.
The fix is to ignore the ExtendedVerification, which is supposed to
perform a more exhaustive verification operation during the reset. In
MassStorageDxe, ExtendedVerification perform the parent port reset
(UsbIoPortReset). Ultimately, the MassStorage device should not reset
the parent port due to a transfer error. By not performing any extended
verification, the teardown is prevented, thereby avoiding the crash.
Signed-off-by: Jack Pham <jackp@qti.qualcomm.com>
b917a5b7b3