* [PATCH 1/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs, part 1
2017-08-18 3:37 [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs Laszlo Ersek
@ 2017-08-18 3:37 ` Laszlo Ersek
2017-08-18 3:37 ` [PATCH 2/3] MdeModulePkg/ScsiBusDxe: remove redundant "else" after "break" statement Laszlo Ersek
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Laszlo Ersek @ 2017-08-18 3:37 UTC (permalink / raw)
To: edk2-devel-01
Cc: Eric Dong, Feng Tian, Hannes Reinecke, Paolo Bonzini, Star Zeng
The SPC-4 spec says about the INQUIRY data, in "Table 138 -- Peripheral
qualifier":
> Qualifier = 011b The device server is not capable of supporting a
> peripheral device on this logical unit. For this
> peripheral qualifier the peripheral device type shall
> be set to 1Fh. All other peripheral device type values
> are reserved for this peripheral qualifier.
Accordingly, the DiscoverScsiDevice() function returns FALSE if
Peripheral_Qualifier is 3 decimal, but Peripheral_Type differs from 1Fh.
This is a valid sanity check -- such combinations are reserved.
When Peripheral_Qualifier is 3, and Peripheral_Type is 1Fh, then
DiscoverScsiDevice() returns TRUE. While this combination is not reserved,
returning TRUE for it is incorrect: Peripheral_Type 1Fh stands for
"Unknown or no device type", and this combination is returned in
particular when the INQUIRY command was directed to a nonexistent LUN.
Quoting the spec:
> In response to an INQUIRY command received by an incorrect logical unit,
> the SCSI target device shall return the INQUIRY data with the peripheral
> qualifier set to the value defined in 6.4.2. [...]
>
> [...]
>
> The PERIPHERAL QUALIFIER field and PERIPHERAL DEVICE TYPE field identify
> the peripheral device connected to the logical unit. If the SCSI target
> device is not capable of supporting a peripheral device connected to
> this logical unit, the device server shall set these fields to 7Fh
> (i.e., PERIPHERAL QUALIFIER field set to 011b and PERIPHERAL DEVICE TYPE
> field set to 1Fh).
The consequence of this bug is that for each nonexistent Target/LUN pair,
we produce a useless ScsiIo protocol interface. The internal
"ScsiIoDevice->ScsiDeviceType" field will be set to 0x1f, and it will be
returned to higher-level SCSI drivers when they call
ScsiIo->GetDeviceType().
Given that 0x1f means "Unknown or no device type", no higher-level driver
can ever support it, so these ScsiIo protocol interfaces are useless.
The fix is to return FALSE for the (Peripheral_Qualifier=3,
Peripheral_Type=0x1f) combination. With that however we reject the whole
Peripheral_Qualifier=3 space (justifiedly -- see the definition above),
which lets us simplify the code.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
index 0802b617268f..72e3da8967b2 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
+++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
@@ -1348,21 +1348,13 @@ DiscoverScsiDevice (
//
// Retrieved inquiry data successfully
//
- if ((InquiryData->Peripheral_Qualifier != 0) &&
- (InquiryData->Peripheral_Qualifier != 3)) {
+ if (InquiryData->Peripheral_Qualifier != 0) {
ScsiDeviceFound = FALSE;
goto Done;
}
- if (InquiryData->Peripheral_Qualifier == 3) {
- if (InquiryData->Peripheral_Type != 0x1f) {
- ScsiDeviceFound = FALSE;
- goto Done;
- }
- }
-
if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 0xa) {
ScsiDeviceFound = FALSE;
goto Done;
}
--
2.14.1.3.gb7cf6e02401b
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/3] MdeModulePkg/ScsiBusDxe: remove redundant "else" after "break" statement
2017-08-18 3:37 [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs Laszlo Ersek
2017-08-18 3:37 ` [PATCH 1/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs, part 1 Laszlo Ersek
@ 2017-08-18 3:37 ` Laszlo Ersek
2017-08-18 3:37 ` [PATCH 3/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs, part 2 Laszlo Ersek
2017-08-18 14:20 ` [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs Zeng, Star
3 siblings, 0 replies; 6+ messages in thread
From: Laszlo Ersek @ 2017-08-18 3:37 UTC (permalink / raw)
To: edk2-devel-01
Cc: Eric Dong, Feng Tian, Hannes Reinecke, Paolo Bonzini, Star Zeng
The code after the "if" statement is only reachable if the first branch
with the "break" is not taken. Therefore we can move the "else" branch
after the "if" statement, simplifying the code.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
index 72e3da8967b2..1068770cd87f 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
+++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
@@ -1332,11 +1332,12 @@ DiscoverScsiDevice (
FALSE
);
if (!EFI_ERROR (Status)) {
break;
- } else if ((Status == EFI_BAD_BUFFER_SIZE) ||
- (Status == EFI_INVALID_PARAMETER) ||
- (Status == EFI_UNSUPPORTED)) {
+ }
+ if ((Status == EFI_BAD_BUFFER_SIZE) ||
+ (Status == EFI_INVALID_PARAMETER) ||
+ (Status == EFI_UNSUPPORTED)) {
ScsiDeviceFound = FALSE;
goto Done;
}
}
--
2.14.1.3.gb7cf6e02401b
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs, part 2
2017-08-18 3:37 [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs Laszlo Ersek
2017-08-18 3:37 ` [PATCH 1/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs, part 1 Laszlo Ersek
2017-08-18 3:37 ` [PATCH 2/3] MdeModulePkg/ScsiBusDxe: remove redundant "else" after "break" statement Laszlo Ersek
@ 2017-08-18 3:37 ` Laszlo Ersek
2017-08-18 14:20 ` [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs Zeng, Star
3 siblings, 0 replies; 6+ messages in thread
From: Laszlo Ersek @ 2017-08-18 3:37 UTC (permalink / raw)
To: edk2-devel-01
Cc: Eric Dong, Feng Tian, Hannes Reinecke, Paolo Bonzini, Star Zeng
The SPC-4 says about INQUIRY,
> In response to an INQUIRY command received by an incorrect logical unit,
> the SCSI target device shall return the INQUIRY data with the peripheral
> qualifier set to the value defined in 6.4.2. The INQUIRY command shall
> return CHECK CONDITION status only when the device server is unable to
> return the requested INQUIRY data.
When a device server takes the second branch, and returns CHECK CONDITION
for a nonexistent LUN, the InquiryData structure in the
DiscoverScsiDevice() function remains filled with the original zeros.
DiscoverScsiDevice() then sees zero in both Peripheral_Qualifier and
Peripheral_Type, and therefore ScsiBusDxe produces a ScsiIo protocol
instance with device type zero, for the nonexistent LUN.
Device type zero is EFI_SCSI_TYPE_DISK. Thus ScsiDiskDxe binds the bogus
ScsiIo protocol interface, and produces a similarly bogus BlockIo
interface on top. This ripples up to BDS, where UefiBootManagerLib can
auto-generate bogus UEFI boot options for the nonexistent LUNs.
This has been encountered with QEMU, after commit ded6ddc5a7b9 ("scsi:
clarify sense codes for LUN0 emulation", 2017-08-04). QEMU now answers
INQUIRY commands that were directed to nonexistent LUNs with:
> DiscoverScsiDevice:1361: Lun=2 HostAdapterStatus=0 TargetStatus=2
> SenseDataLength=18 InquiryDataLength=96
> Sense {
> Sense 000000 70 00 05 00 00 00 00 0A 00 00 00 00 25 00 00 00
> Sense 000010 00 00
> Sense }
> Inquiry {
> Inquiry 000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Inquiry 000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Inquiry 000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Inquiry 000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Inquiry 000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Inquiry 000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Inquiry }
The interesting fields are:
- HostAdapterStatus=0 (OK),
- TargetStatus=2 (CHECK CONDITION),
- Sense/Error_Code=0x70 (Current error, Fixed description)
- Sense/Sense_Key=0x05 (ILLEGAL REQUEST)
According to SPC-4 "Table 41 -- Sense key descriptions (part 2 of 2)",
ILLEGAL REQUEST is justified when "the command was addressed to an
incorrect logical unit number".
Thus, recognize this kind of answer for nonexistent LUNs.
(
Checking the status fields and the sense data is justified anyway,
according to the documentation of ScsiInquiryCommand():
> @retval EFI_SUCCESS The command was executed
> successfully. See
> HostAdapterStatus,
> TargetStatus, SenseDataLength,
> and SenseData in that order for
> additional status information.
)
Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 24 ++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
index 1068770cd87f..21034aab19f7 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
+++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
@@ -1297,42 +1297,61 @@ DiscoverScsiDevice (
UINT8 SenseDataLength;
UINT8 HostAdapterStatus;
UINT8 TargetStatus;
EFI_SCSI_INQUIRY_DATA *InquiryData;
+ EFI_SCSI_SENSE_DATA *SenseData;
UINT8 MaxRetry;
UINT8 Index;
BOOLEAN ScsiDeviceFound;
HostAdapterStatus = 0;
TargetStatus = 0;
+ SenseData = NULL;
InquiryData = AllocateAlignedBuffer (ScsiIoDevice, sizeof (EFI_SCSI_INQUIRY_DATA));
if (InquiryData == NULL) {
ScsiDeviceFound = FALSE;
goto Done;
}
+ SenseData = AllocateAlignedBuffer (
+ ScsiIoDevice,
+ sizeof (EFI_SCSI_SENSE_DATA)
+ );
+ if (SenseData == NULL) {
+ ScsiDeviceFound = FALSE;
+ goto Done;
+ }
+
//
// Using Inquiry command to scan for the device
//
InquiryDataLength = sizeof (EFI_SCSI_INQUIRY_DATA);
- SenseDataLength = 0;
+ SenseDataLength = sizeof (EFI_SCSI_SENSE_DATA);
ZeroMem (InquiryData, InquiryDataLength);
+ ZeroMem (SenseData, SenseDataLength);
MaxRetry = 2;
for (Index = 0; Index < MaxRetry; Index++) {
Status = ScsiInquiryCommand (
&ScsiIoDevice->ScsiIo,
SCSI_BUS_TIMEOUT,
- NULL,
+ SenseData,
&SenseDataLength,
&HostAdapterStatus,
&TargetStatus,
(VOID *) InquiryData,
&InquiryDataLength,
FALSE
);
if (!EFI_ERROR (Status)) {
+ if ((HostAdapterStatus == EFI_SCSI_IO_STATUS_HOST_ADAPTER_OK) &&
+ (TargetStatus == EFI_SCSI_IO_STATUS_TARGET_CHECK_CONDITION) &&
+ (SenseData->Error_Code == 0x70) &&
+ (SenseData->Sense_Key == EFI_SCSI_SK_ILLEGAL_REQUEST)) {
+ ScsiDeviceFound = FALSE;
+ goto Done;
+ }
break;
}
if ((Status == EFI_BAD_BUFFER_SIZE) ||
(Status == EFI_INVALID_PARAMETER) ||
@@ -1376,8 +1395,9 @@ DiscoverScsiDevice (
ScsiDeviceFound = TRUE;
Done:
+ FreeAlignedBuffer (SenseData, sizeof (EFI_SCSI_SENSE_DATA));
FreeAlignedBuffer (InquiryData, sizeof (EFI_SCSI_INQUIRY_DATA));
return ScsiDeviceFound;
}
--
2.14.1.3.gb7cf6e02401b
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs
2017-08-18 3:37 [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs Laszlo Ersek
` (2 preceding siblings ...)
2017-08-18 3:37 ` [PATCH 3/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs, part 2 Laszlo Ersek
@ 2017-08-18 14:20 ` Zeng, Star
2017-08-18 22:41 ` Laszlo Ersek
3 siblings, 1 reply; 6+ messages in thread
From: Zeng, Star @ 2017-08-18 14:20 UTC (permalink / raw)
To: Laszlo Ersek, edk2-devel-01
Cc: Dong, Eric, Tian, Feng, Hannes Reinecke, Paolo Bonzini,
Zeng, Star
Reviewed-by: Star Zeng <star.zeng@intel.com>
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Friday, August 18, 2017 11:38 AM
To: edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Dong, Eric <eric.dong@intel.com>; Tian, Feng <feng.tian@intel.com>; Hannes Reinecke <hare@suse.com>; Paolo Bonzini <pbonzini@redhat.com>; Zeng, Star <star.zeng@intel.com>
Subject: [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs
The commit messages say it all.
Repo: https://github.com/lersek/edk2.git
Branch: nonexistent_luns
Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Thanks
Laszlo
Laszlo Ersek (3):
MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs,
part 1
MdeModulePkg/ScsiBusDxe: remove redundant "else" after "break"
statement
MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs,
part 2
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 41 +++++++++++++-------
1 file changed, 27 insertions(+), 14 deletions(-)
--
2.14.1.3.gb7cf6e02401b
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs
2017-08-18 14:20 ` [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs Zeng, Star
@ 2017-08-18 22:41 ` Laszlo Ersek
0 siblings, 0 replies; 6+ messages in thread
From: Laszlo Ersek @ 2017-08-18 22:41 UTC (permalink / raw)
To: Zeng, Star, edk2-devel-01
Cc: Dong, Eric, Tian, Feng, Hannes Reinecke, Paolo Bonzini
On 08/18/17 16:20, Zeng, Star wrote:
> Reviewed-by: Star Zeng <star.zeng@intel.com>
Thank you very much, pushed as commit range ba40cb31b69d..ce13d2d8c81f.
Cheers
Laszlo
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Friday, August 18, 2017 11:38 AM
> To: edk2-devel-01 <edk2-devel@lists.01.org>
> Cc: Dong, Eric <eric.dong@intel.com>; Tian, Feng <feng.tian@intel.com>; Hannes Reinecke <hare@suse.com>; Paolo Bonzini <pbonzini@redhat.com>; Zeng, Star <star.zeng@intel.com>
> Subject: [PATCH 0/3] MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs
>
> The commit messages say it all.
>
> Repo: https://github.com/lersek/edk2.git
> Branch: nonexistent_luns
>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Hannes Reinecke <hare@suse.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Star Zeng <star.zeng@intel.com>
>
> Thanks
> Laszlo
>
> Laszlo Ersek (3):
> MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs,
> part 1
> MdeModulePkg/ScsiBusDxe: remove redundant "else" after "break"
> statement
> MdeModulePkg/ScsiBusDxe: don't produce ScsiIo for nonexistent LUNs,
> part 2
>
> MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 41 +++++++++++++-------
> 1 file changed, 27 insertions(+), 14 deletions(-)
>
^ permalink raw reply [flat|nested] 6+ messages in thread