audk/MdeModulePkg
Laszlo Ersek 5abc2a70da MdeModulePkg: ScsiDiskDxe: adapt SectorCount when shortening transfers
The specification of the EFI_EXT_SCSI_PASS_THRU_PROTOCOL.PassThru()
function documents the EFI_BAD_BUFFER_SIZE return status, and the
EFI_EXT_SCSI_STATUS_HOST_ADAPTER_DATA_OVERRUN_UNDERRUN host adapter
status.

These allow an EFI_EXT_SCSI_PASS_THRU_PROTOCOL implementation to request
higher layers in the stack (in this instance, UefiScsiLib and ScsiDiskDxe)
to break up the transfer into smaller pieces.

These conditions percolate up the stack correctly: the retry loops in
ScsiDiskDxe's ScsiDiskReadSectors() and ScsiDiskWriteSectors() functions
correctly and transparently update the transfer size (ByteCount),
accommodating any shortening requested by lower levels of the stack. After
the loop -- if the request ultimately succeeds -- SectorCount is even
recalculated from the final ByteCount, to see how many sectors the outer
loop should advance.

However, the inner (ie. retry) loops both have the same error: when the
underlying protocols request the transfer to be shortened, the decrease in
transfer size (ie. ByteCount) should immediately be reflected in
SectorCount. Otherwise the sector count encoded in the CDB will exceed the
transfer size, which is a permanent error.

This issue has been witnessed while booting

  en_windows_8.1_pro_n_vl_with_update_x86_dvd_6051127.iso

on the 32-bit build of OVMF, from a virtio-scsi CD-ROM:

(1) "cdboot.efi" correctly requested (from far atop) a long read:

    Timeout=940000000
    CdbLength=10
    DataDir=Read
    InTransferLength=134215680
    OutTransferLength=0
    SenseDataLength=108

    Cdb: 28 00 00 00 25 DD 00 FF FF 00
         ^     ^^^^^^^^^^^    ^^^^^
         |          |            |
         |          |     number of 2KB sectors to read,
         |          |     corresponding to 2048 * 65535 = 134215680 bytes
         |          |     (see InTransferLength above)
         |          |
         |   LBA to read from
         |
      READ (10)

(2) In turn, the EFI_EXT_SCSI_PASS_THRU_PROTOCOL.PassThru() function
    provided by "OvmfPkg/VirtioScsiDxe/VirtioScsi.c" asked for the request
    to be shortened:

    InTransferLength=16776704
    OutTransferLength=16776704
    SenseDataLength=0
    HostAdapterStatus=EFI_EXT_SCSI_STATUS_HOST_ADAPTER_DATA_OVERRUN_UNDERRUN
    TargetStatus=0
    Status=EFI_BAD_BUFFER_SIZE

(3) Then ScsiDiskReadSectors() in
    "MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c" retried the request
    with correctly shortened transfer length, but incorrectly unchanged
    sector count:

    Timeout=940000000
    CdbLength=10
    DataDir=Read
    InTransferLength=16776704 <--- updated as requested
    OutTransferLength=0
    SenseDataLength=108

    Cdb: 28 00 00 00 25 DD 00 FF FF 00
         ^     ^^^^^^^^^^^    ^^^^^
         |          |            |
         |          |       not changed!
         |          |
         |   LBA to read from
         |
      READ (10)

(4) Since 65535 sectors of 2KB each wouldn't fit in a buffer of approx.
    16MB, QEMU's virtio-scsi controller unconditionally rejected this
    request with VIRTIO_SCSI_S_OVERRUN, which VirtioScsiDxe then mapped
    to:

    InTransferLength=16776704
    OutTransferLength=0
    SenseDataLength=0
    HostAdapterStatus=EFI_EXT_SCSI_STATUS_HOST_ADAPTER_DATA_OVERRUN_UNDERRUN
    TargetStatus=0
    Status=EFI_DEVICE_ERROR

(5) After two more tries of the same, ScsiDiskDxe passed up the error,
    which ultimately caused "cdboot.efi" to BSOD.

Many thanks to Larry Cleeton from Microsoft for helping debug
"cdboot.efi".

Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18438 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-10 11:25:09 +00:00
..
Application MdeModulePkg: Add the missing module UNI files. 2015-08-28 02:46:46 +00:00
Bus MdeModulePkg: ScsiDiskDxe: adapt SectorCount when shortening transfers 2015-09-10 11:25:09 +00:00
Core MdeModulePkg PiSmmCore: Prevent overlap for gSmmCorePrivate and CommBuffer 2015-08-26 01:10:39 +00:00
Include MdeModulePkg: Convert the UNIX to DOS end of line format 2015-08-27 01:04:59 +00:00
Library MdeModulePkg: Fix a performance data buffer overrun issue 2015-09-09 05:43:44 +00:00
Logo MdeModulePkg: Convert non DOS format files to DOS format and remove unused module UNI files. 2014-09-03 08:39:12 +00:00
Universal MdeModulePkg: PXE Driver's LoadFile protocol should check FilePath 2015-09-10 09:46:59 +00:00
Contributions.txt */Contributions.txt: Update example email address 2015-02-03 17:29:14 +00:00
License.txt Update copyright format 2012-04-24 06:49:39 +00:00
MdeModulePkg.dec MdeModulePkg: Add PlatformVarCleanupLib library 2015-08-25 03:11:06 +00:00
MdeModulePkg.dsc Not support EBC arch for regular expression protocol driver. 2015-09-09 06:28:32 +00:00
MdeModulePkg.uni MdeModulePkg: Add VarCheckHiiLib NULL class library 2015-08-25 03:10:04 +00:00
MdeModulePkgExtra.uni MdeModulePkg: INF/DEC file updates to EDK II packages 2014-08-28 06:55:48 +00:00