The "SCSI Block Commands - 2" (SBC-2) standard defines bits [7:5] of the
CDB byte 1 as Reserved, for the READ and WRITE commands.
The updated "SCSI Block Commands - 3" (SBC-3) standard defines the same
bitfield as RDPROTECT and WRPROTECT, respectively.
After reviewing the above standards, and the following commits:
- SVN r8331 (git 676e2a32),
- SVN r8334 (git 6b3ecf5c),
we've determined that UefiScsiLib is incorrect in encoding the LUN in this
bitfield for the READ and WRITE commands.
Encoding a nonzero LUN there creates unintended RDPROTECT and WRPROTECT
values, which the recipient device is required to reject if it does not
support protection information, with CHECK CONDITION, ILLEGAL REQUEST,
INVALID FIELD IN CDB:
ScsiDiskRead10: Check Condition happened!
ScsiDisk: Sense Key = 0x5 ASC = 0x24!
ScsiDiskRead10: Check Condition happened!
ScsiDisk: Sense Key = 0x5 ASC = 0x24!
ScsiDiskRead10: Check Condition happened!
ScsiDisk: Sense Key = 0x5 ASC = 0x24!
ScsiDiskRead10: Check Condition happened!
ScsiDisk: Sense Key = 0x5 ASC = 0x24!
FatOpenDevice: read of part_lba failed Device Error
In practice this flaw breaks UefiScsiLib minimally on SCSI disks with
nonzero LUNs that are emulated by QEMU (after QEMU commit 96bdbbab, part
of v1.2.0).
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1166971
Reported-by: Cole Robinson <crobinso@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16454 6f19259b-4bc3-4df7-8a09-765794883524
c128d5281f