From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from de-smtp-delivery-102.mimecast.com (de-smtp-delivery-102.mimecast.com [62.140.7.102]) by mx.groups.io with SMTP id smtpd.web11.14081.1593576350827509902 for ; Tue, 30 Jun 2020 21:05:51 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: suse.com, ip: 62.140.7.102, mailfrom: glin@suse.com) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp2053.outbound.protection.outlook.com [104.47.4.53]) (Using TLS) by relay.mimecast.com with ESMTP id de-mta-4-MLL0Bxg9MKe-A2ULweAfRw-1; Wed, 01 Jul 2020 06:05:48 +0200 X-MC-Unique: MLL0Bxg9MKe-A2ULweAfRw-1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=blGO3jYf8upZ+YOONf63igT42k0hKwnabo5a7u9KZCDg7WCoA74IzyXa0CVn+NDtJ8Uyt8c6Sr7qGwZJeP93QMLvNviERf0PPi6lpIeEQ2WAFWDb827hiVGRPlu0ZxR/28J+GVuUl4bu7DEw7RswRMEUbmXDioEJ0Bg15OgaeMGA1SvUPg6JhnhVCfvOjOQ3RHe/GXWGiKwBXVLl+7DbzXZ7E6iQ3a1SQfEx280bpVqdfdoZLGqSjHGKdYSjvxTolIDlOpN1YOx/GmuTbJJwfNIc+e3jJmfFUbuTkvLYi/Z66/UUUr+WyCJhhsZM8QVTp6FbYqQXv+zUknduEgZHww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ek8htU3KuhCSMUiX0+IlAJ9pHgbL9+cCmvUZI3VsAGI=; b=Yw0ceE46H4cwIZ7a4SC8F80N6WkRbJEQ4f0fZMjH7E1Rao3x4ZOnu1um8LtLmIsTBBem5D4CasohK5M/slVmJX8BJe5vLgvA+Kqs+Hj3HiO1W4v6Ta3HT+KViwI5cb95x/01TqXJCwyHX190cXDXR0FTNPGQj8qE6nuHjherGPqiLE6n7JNwnFisSwT20UYFR5rxGiiNjAoIC4Q+i5x1bUY5j32LQTHiMjFte0TFPGmX0ZVnUOkB6CGJhXjtSHb/3Et+OwpVLplEMCgCg4zjakIzYTa3nFU3irCLmLRASnImJXBHDOm5+heLQC8Msgi/1a9/9tTqxJ6k9JwBfPDAJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=suse.com; Received: from AM0PR0402MB3809.eurprd04.prod.outlook.com (2603:10a6:208:10::30) by AM0PR04MB4481.eurprd04.prod.outlook.com (2603:10a6:208:70::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.21; Wed, 1 Jul 2020 04:05:47 +0000 Received: from AM0PR0402MB3809.eurprd04.prod.outlook.com ([fe80::8806:715f:1409:8c6b]) by AM0PR0402MB3809.eurprd04.prod.outlook.com ([fe80::8806:715f:1409:8c6b%7]) with mapi id 15.20.3153.021; Wed, 1 Jul 2020 04:05:47 +0000 From: "Gary Lin" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel Subject: [PATCH 09/11] OvmfPkg/LsiScsiDxe: Examine the incoming SCSI Request Packet Date: Wed, 1 Jul 2020 12:04:46 +0800 Message-Id: <20200701040448.14871-10-glin@suse.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200701040448.14871-1-glin@suse.com> References: <20200701040448.14871-1-glin@suse.com> X-ClientProxiedBy: AM0PR10CA0047.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:150::27) To AM0PR0402MB3809.eurprd04.prod.outlook.com (2603:10a6:208:10::30) Return-Path: glin@suse.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from GaryWorkstation.suse.cz (60.251.47.115) by AM0PR10CA0047.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:150::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.21 via Frontend Transport; Wed, 1 Jul 2020 04:05:45 +0000 X-Mailer: git-send-email 2.25.1 X-Originating-IP: [60.251.47.115] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cd403d8c-d75c-4a0e-3e7e-08d81d7408b0 X-MS-TrafficTypeDiagnostic: AM0PR04MB4481: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-Forefront-PRVS: 04519BA941 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: aDm3PB+UQwSe5XCTMdRqVrXNqoJp1wLP3Hxur3tURyZvFJPPQey78Z0UEJPr76F3WdaM81fs3WFxWWpTWYPyxoCK7RajGG1zUKrKjHPDwPIG+hOiaXFUixCUSIBJ/0OPH1Vgtis0nzj0U8vdfFGKRV5JkGL3BYAxZ50mU68Gn+T8WFpuqY7xAL+y53n1N+PXAyEvRfbYOQpmLvJp+/2NtDu089G0O9Li70Qjv5iXpIfEBLpbM3AtIAinm9U2msqBKOXW5iI1C9nVpEuzIPh6i3TXgiqb5wixofuf2Tenif26wplNqfNIbwk5J8YIXZOechd0xMDHB3lXAOb2v9X9Kw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM0PR0402MB3809.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(366004)(136003)(376002)(39860400002)(396003)(346002)(2616005)(83380400001)(26005)(54906003)(4326008)(16526019)(1076003)(956004)(86362001)(6506007)(186003)(66476007)(66556008)(8936002)(6486002)(52116002)(6916009)(5660300002)(8676002)(36756003)(66946007)(55236004)(316002)(6512007)(478600001)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: YJQMhN5ZumMnjTa1MYOf3B7SQ6wO0KwnuFasfOGRj3TKdODaKdiWAGQXZy/82K724VEiPnWBZqb7wGFupAGxdFq8yqCnAe5PJlgQeMRycFaPsAanNcJan1pd5chfC5Hs4MSNYNFunl8mScVic0GPJOpPbNclCDkX1xBWSePKZCOFPZmRD4PQyxekPDGB0LuIq0tYH3wFdO/L72qHUo60yXEu6/XHqpPl1qOwG9sT7Vpbfi74aqgGHlnk0xH4AU8QRq1TsW0SNpR6sLdOkV+fG0sKaSokL3NC4kQAC9XJZgMZw1SR14K8zYRpgAf8K5jiua2fb5May3/ThaCV0q/fDGQcqaXR6MG1t6k8kYxUgb0JqbE8f1CgmacrRDH5WXq/eXHogI4FDAT2F8rgWndcC4GRdMsULJ1zWz1fjLnFL/FDo9xIakgGsZiVKp3002CglCIUmBI5F6RRMqvtZC2FPdSfrka4viTIdTSkJLAZsBc= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: cd403d8c-d75c-4a0e-3e7e-08d81d7408b0 X-MS-Exchange-CrossTenant-AuthSource: AM0PR0402MB3809.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2020 04:05:47.5533 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wTEDtHXjMjF6LXyycImRARqYmfhMQ/43wXYbZYQlNfyD0+MVXcGp+Fzf/aacNgF+ X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB4481 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain This is the first part of LsiScsiPassThru(). Before processing the SCSI Request packet, we have to make sure whether the packet is valid or not. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Gary Lin --- OvmfPkg/LsiScsiDxe/LsiScsi.c | 100 ++++++++++++++++++++++++++++++++++- OvmfPkg/LsiScsiDxe/LsiScsi.h | 4 ++ 2 files changed, 103 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/LsiScsiDxe/LsiScsi.c b/OvmfPkg/LsiScsiDxe/LsiScsi.c index b728d18d51df..1bcebd92e455 100644 --- a/OvmfPkg/LsiScsiDxe/LsiScsi.c +++ b/OvmfPkg/LsiScsiDxe/LsiScsi.c @@ -52,6 +52,95 @@ LsiScsiReset ( return Out8 (Dev, LSI_REG_ISTAT0, LSI_ISTAT0_SRST);=0D }=0D =0D +STATIC=0D +EFI_STATUS=0D +ReportHostAdapterOverrunError (=0D + OUT EFI_EXT_SCSI_PASS_THRU_SCSI_REQUEST_PACKET *Packet=0D + )=0D +{=0D + Packet->SenseDataLength =3D 0;=0D + Packet->HostAdapterStatus =3D=0D + EFI_EXT_SCSI_STATUS_HOST_ADAPTER_DATA_OVERRUN_UNDERRUN;=0D + Packet->TargetStatus =3D EFI_EXT_SCSI_STATUS_TARGET_GOOD;=0D + return EFI_BAD_BUFFER_SIZE;=0D +}=0D +=0D +/**=0D +=0D + Check the request packet from the Extended SCSI Pass Thru Protocol. The= =0D + request packet is modified, to be forwarded outwards by LsiScsiPassThru(= ),=0D + if invalid or unsupported parameters are detected.=0D +=0D + @param[in] Dev The LSI 53C895A SCSI device the packet targets.= =0D +=0D + @param[in] Target The SCSI target controlled by the LSI 53C895A SC= SI=0D + device.=0D +=0D + @param[in] Lun The Logical Unit Number under the SCSI target.=0D +=0D + @param[in out] Packet The Extended SCSI Pass Thru Protocol packet.=0D +=0D +=0D + @retval EFI_SUCCESS The Extended SCSI Pass Thru Protocol packet was val= id.=0D +=0D + @return Otherwise, invalid or unsupported parameters were=0D + detected. Status codes are meant for direct forward= ing=0D + by the EFI_EXT_SCSI_PASS_THRU_PROTOCOL.PassThru()=0D + implementation.=0D +=0D + **/=0D +STATIC=0D +EFI_STATUS=0D +LsiScsiCheckRequest (=0D + IN LSI_SCSI_DEV *Dev,=0D + IN UINT8 Target,=0D + IN UINT64 Lun,=0D + IN OUT EFI_EXT_SCSI_PASS_THRU_SCSI_REQUEST_PACKET *Packet=0D + )=0D +{=0D + if (Target > Dev->MaxTarget || Lun > Dev->MaxLun ||=0D + Packet->DataDirection > EFI_EXT_SCSI_DATA_DIRECTION_BIDIRECTIONAL ||= =0D + //=0D + // Trying to receive, but destination pointer is NULL, or contradict= ing=0D + // transfer direction=0D + //=0D + (Packet->InTransferLength > 0 &&=0D + (Packet->InDataBuffer =3D=3D NULL ||=0D + Packet->DataDirection =3D=3D EFI_EXT_SCSI_DATA_DIRECTION_WRITE=0D + )=0D + ) ||=0D +=0D + //=0D + // Trying to send, but source pointer is NULL, or contradicting tran= sfer=0D + // direction=0D + //=0D + (Packet->OutTransferLength > 0 &&=0D + (Packet->OutDataBuffer =3D=3D NULL ||=0D + Packet->DataDirection =3D=3D EFI_EXT_SCSI_DATA_DIRECTION_READ=0D + )=0D + )=0D + ) {=0D + return EFI_INVALID_PARAMETER;=0D + }=0D +=0D + if (Packet->DataDirection =3D=3D EFI_EXT_SCSI_DATA_DIRECTION_BIDIRECTION= AL ||=0D + (Packet->InTransferLength > 0 && Packet->OutTransferLength > 0) ||=0D + Packet->CdbLength > sizeof Dev->Dma->Cdb) {=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D + if (Packet->InTransferLength > sizeof Dev->Dma->Data) {=0D + Packet->InTransferLength =3D sizeof Dev->Dma->Data;=0D + return ReportHostAdapterOverrunError (Packet);=0D + }=0D + if (Packet->OutTransferLength > sizeof Dev->Dma->Data) {=0D + Packet->OutTransferLength =3D sizeof Dev->Dma->Data;=0D + return ReportHostAdapterOverrunError (Packet);=0D + }=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D //=0D // The next seven functions implement EFI_EXT_SCSI_PASS_THRU_PROTOCOL=0D // for the LSI 53C895A SCSI Controller. Refer to UEFI Spec 2.3.1 + Errata = C,=0D @@ -70,7 +159,16 @@ LsiScsiPassThru ( IN EFI_EVENT Event OPTIONAL=0D )=0D {=0D - return EFI_UNSUPPORTED;=0D + EFI_STATUS Status;=0D + LSI_SCSI_DEV *Dev;=0D +=0D + Dev =3D LSI_SCSI_FROM_PASS_THRU (This);=0D + Status =3D LsiScsiCheckRequest (Dev, *Target, Lun, Packet);=0D + if (EFI_ERROR (Status)) {=0D + return Status;=0D + }=0D +=0D + return EFI_SUCCESS;=0D }=0D =0D EFI_STATUS=0D diff --git a/OvmfPkg/LsiScsiDxe/LsiScsi.h b/OvmfPkg/LsiScsiDxe/LsiScsi.h index 1e4bbc56f933..9272eb7506c7 100644 --- a/OvmfPkg/LsiScsiDxe/LsiScsi.h +++ b/OvmfPkg/LsiScsiDxe/LsiScsi.h @@ -13,6 +13,10 @@ #define _LSI_SCSI_DXE_H_=0D =0D typedef struct {=0D + //=0D + // The max size of CDB is 32.=0D + //=0D + UINT8 Cdb[32];=0D //=0D // Allocate 64KB for read/write buffer.=0D //=0D --=20 2.25.1