Re: [PATCH v2 3/4] Ovmfpkg/VirtioScsiDxe: map virtio-scsi request and response buffers

[Laszlo Ersek <lersek@redhat.com>]

On 08/31/17 15:23, Laszlo Ersek wrote:
> On 08/30/17 22:45, Brijesh Singh wrote:

>> @@ -492,10 +645,50 @@ VirtioScsiPassThru (
>>    //
>>    if (VirtioFlush (Dev->VirtIo, VIRTIO_SCSI_REQUEST_QUEUE, &Dev->Ring,
>>          &Indices, NULL) != EFI_SUCCESS) {
>> -    return ReportHostAdapterError (Packet);
>> +    Status = ReportHostAdapterError (Packet);
>> +    goto UnmapResponseBuffer;
>>    }
>>
>> -  return ParseResponse (Packet, &Response);
>> +  Status = ParseResponse (Packet, Response);
>> +
>> +  //
>> +  // If virtio request was successful and it was a CPU read request then we
>> +  // have used an intermediate buffer. Copy the data from intermediate buffer
>> +  // to the final buffer.
>> +  //
>> +  if (!EFI_ERROR (Status) && (Packet->InTransferLength > 0)) {
>> +    CopyMem (Packet->InDataBuffer, InDataBuffer, Packet->InTransferLength);
>> +  }
>
> (7) The comment is exactly right, but the condition that you check
> after is incorrect.
>
> The right thing to do is to call CopyMem() *unconditionally*.
>
> Namely, at this point we are past ParseResponse(). As I wrote before,
> ParseResponse() updates the Packet->... fields in every case, even if
> it reports an EFI_STATUS that is different from EFI_SUCCESS. And
> whatever we expose to the caller through "Packet->InTransferLength"
> *must* be reflected in "Packet->InDataBuffer" regardless of return
> status.
>
> Therefore the Status check must be dropped. And then we need not check
> (Packet->InTransferLength>0) either, because the CopyMem() will deal
> with it internally.
>
> Think of it like this: the "worst" that can happen, on error, is that
> "Packet->InTransferLength" is unchanged from its "input" value, and we
> overwrite the caller's "Packet->InDataBuffer" entirely. What is the
> data we are going to put there? It's all zeroes, from your
>
>   ZeroMem (InDataBuffer, Packet->InTransferLength);
>
> higher up.
>
> So, again, this CopyMem() needs to be unconditional -- as the comment
> says, if the *virtio* request was successful (== we talked to the
> virtio-scsi adapter), then we have to copy the data, even if the
> *SCSI* request produced an error status in ParseResponse.

I have to correct myself a little bit -- although I think you would have
caught me anyway :) --, namely we should keep the "if", but the
condition should be:

  InDataBuffer != NULL

Admittedly, it is likely that none of the CopyMem() implementations
would have problems with a NULL "SourceBuffer", if "Length" was zero.

Nonetheless, the interface contract in

  MdePkg/Include/Library/BaseMemoryLib.h

does not mark SourceBuffer OPTIONAL -- neither does the UEFI spec, for
the similar gBS->CopyMem() boot service --, for the case when Length==0,
so we should do an explicit check:

  if (InDataBuffer != NULL) {
    CopyMem (Packet->InDataBuffer, InDataBuffer, Packet->InTransferLength);
  }

Thank you,
Laszlo