From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.54]) by mx.groups.io with SMTP id smtpd.web11.20556.1590176815106895092 for ; Fri, 22 May 2020 12:46:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@vmware.com header.s=selector2 header.b=iX589k5t; spf=pass (domain: vmware.com, ip: 40.107.244.54, mailfrom: awarkentin@vmware.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ncLJq7jhd7JNnSTMvusZlriQcJoEmrFyoxADVzvGUe2GO2BYOPXi/W5SrMcA2uTf37G9gXVZtpnTttNVetwU1unrYqUbW8Zl0N7EbS0Tvd0XrWwJCVHYXadVKCn0xtlWbJA81/9MDbcwFhbhE+gExpuLJC2eJPegv8i/nvlRO4V9XW5tV/QrFuFADUDum9ARy+hychVd3gWp8GpP/8xZH+YVxhhoDKIg28lA/gviiDrqyqfeF2KCKHUmk6k34QNnmKVvg2yNLvmLAw4k14y33EdV9ayF1oifklQUt/DJWGP3S/CGJHYHFbSAZT14s23C90kcvfT2jsMyER5Z7uuKnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rW5HaXk99uL3Zpj5FRr7PU20GJq/1njvCGZsToT0TnU=; b=WUAjexYdoIDlBkAAIJmgcsJBfiqrGA5qBh5Kk9DK8aGaRxxxLJh23p/d9fo8KRH6TQtDhLhxCINUx6Oe0PxpAhCLk7DddaoNZ3Uj5/3/LAa862DJTMfXGtiN5Fkk+97nqe9RKeibtKz92jbaBRbr9Pve6WZ/FcpIQ3bv0RAy3a+wv1vrZBeqk455kECXuQlVe3Qa3zQEFg6pUEvZ2iCPU1pWHI0dE+qhNvaQSvYNxqRZeVZghYqK4hOUzMwgUSbCeQP6cdllOKFWj7lpyFXNUrzMYw+SWSIs6UvpuY2bIIQtO+i877+hYa6b8b3eWZ3cH4jpLXgAZIQjUFw5TTGhVg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vmware.com; dmarc=pass action=none header.from=vmware.com; dkim=pass header.d=vmware.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vmware.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rW5HaXk99uL3Zpj5FRr7PU20GJq/1njvCGZsToT0TnU=; b=iX589k5tpkLo8dRrrpmolKI3mCovyQWm0XAWrqltoBrJzTbuvMFwQVrVEWcd+wPOOSD5zmsEab0ZFtOwo7Z/gfjZyAdX2xXbRJWR1WlJlwYy58KQogjj6Dq2XJg9DkIsxjCiQOzHShU+UmrwcLblFDmG/xkZ/n6aBwxCAYNi1r0= Received: from MWHPR05MB3422.namprd05.prod.outlook.com (2603:10b6:301:3e::19) by MWHPR05MB3519.namprd05.prod.outlook.com (2603:10b6:301:45::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.13; Fri, 22 May 2020 19:46:51 +0000 Received: from MWHPR05MB3422.namprd05.prod.outlook.com ([fe80::558d:2877:bcf6:d3e3]) by MWHPR05MB3422.namprd05.prod.outlook.com ([fe80::558d:2877:bcf6:d3e3%7]) with mapi id 15.20.3021.019; Fri, 22 May 2020 19:46:51 +0000 From: "Andrei Warkentin" To: Andrei Warkentin , "devel@edk2.groups.io" , "maciej.rabeda@linux.intel.com" CC: "jiaxin.wu@intel.com" , "siyuan.fu@intel.com" Subject: Re: [edk2-devel] [edk2][PATCH 1/1] HttpBoot: handle servers which may FIN after file sizing in HttpBootLoadFile Thread-Topic: [edk2-devel] [edk2][PATCH 1/1] HttpBoot: handle servers which may FIN after file sizing in HttpBootLoadFile Thread-Index: AQHWKb2ljqhLZ3odGE+9UoW/mm+ucqivVzsAgAU4rcI= Date: Fri, 22 May 2020 19:46:51 +0000 Message-ID: References: <20200514070223.48194-1-andrey.warkentin@gmail.com>,<0b179e68-1454-75a1-18c8-fb26aab4dc2a@linux.intel.com> In-Reply-To: <0b179e68-1454-75a1-18c8-fb26aab4dc2a@linux.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=vmware.com; x-originating-ip: [98.214.99.181] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 933fd4ac-dbac-4390-5b53-08d7fe88df51 x-ms-traffictypediagnostic: MWHPR05MB3519: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2887; x-forefront-prvs: 04111BAC64 x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: iG+zI6ilf87aGdYloiovUikGWum5ErpVoZm7PK2zl/jsMGpCJvlFm80vALJ45axgCPWaVsgJdVEg5k/Qr6Lw23V1bVl2xCSG/rG0h5JU9IXL09kaRwL7h1IjWdS1ICutYUunB8IhWkwbOrrHYiL4LR1YrNNxPV16tFEh4ofvgFhVfDNpHYfQ6OZtUvVkSJteyySPYu+YLTt/wZ95x7Qvts4hgscKxmHWsdW0ZFjTF6dH7ssAZximhDOANoPrbVjqzwEETQAqd6WsgA2Zsa5vfVOVYdj064ftEpKF1wizAxCgAWJ18/UwaXCi7Kaf+s5qtX0lgOKUwIJSEcB2wYFbF+yN7e9yYuUQ1gvEG3SRlLaGur2PDFF58shHPzH0nk75QYHY3IWLn43ejGgIHlaYxg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR05MB3422.namprd05.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(366004)(376002)(396003)(136003)(346002)(39860400002)(316002)(186003)(53546011)(2906002)(4326008)(478600001)(19627405001)(71200400001)(8936002)(33656002)(6506007)(45080400002)(5660300002)(86362001)(26005)(966005)(76116006)(66556008)(110136005)(66446008)(54906003)(7696005)(9686003)(64756008)(66476007)(91956017)(66946007)(166002)(55016002)(8676002)(52536014);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: seL8V68suZVNZ+0Zu7tsz5wsI62SuQqCoVubGqcSr9/qIPNoRnHn/2S3X7qpNEpIOnAmdT1UDEefNdy4jnt5hFJp5LooxjI5qeceFB6V4UJkbH4mBglj+3rQGRv33mVDfRsAl0b8TG8VByyU7YPVK1wg/TDRQLKBMxHLbIsvvd9S1Ccw/2NLvzRjkHrFD8a3S28i5S0MwYmrCSGeskyW2pjzXgMVsbaJWSr+gm3ZxdBR7YJ9dPlHh9IO8r6XQgqZ2rTDsxiCBc36cCyeFy3xj09EmgCpzSfKzjcpSv++eHATmfuTRo2ONk5jNfTQox+lIhK9O9FF1oGrPeD4tqnFeW1YymE8ezi8fO2I+hMVS4rWakhbyqGjxAL5uLlzROUSgqtTyux5YFA+t5oX/respke8CksyRd7jyhmNS3M5CJADMU0Jl8/RzCGmPssMWNK0RSNtgsnKWQyDR5/NnE4/mzAzOeK4KeKZ+KV0hdqKJU39Z4V9C0WBCfKy4AG9RILX x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: vmware.com X-MS-Exchange-CrossTenant-Network-Message-Id: 933fd4ac-dbac-4390-5b53-08d7fe88df51 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 May 2020 19:46:51.0703 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: mDhbNdp4QjybuxlQ4eOUaNmg5g3RYZFJu6FiDx5z+6fp98xS+2FDcN6ajv9sqJQKJRyjxikuUCH6cKqrkOnyTg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB3519 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MWHPR05MB3422F9459065E06D5876DCE0B9B40MWHPR05MB3422namp_" --_000_MWHPR05MB3422F9459065E06D5876DCE0B9B40MWHPR05MB3422namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thank you. I made the updates and will now send v2. A ________________________________ From: devel@edk2.groups.io on behalf of Maciej Rabe= da via groups.io Sent: Tuesday, May 19, 2020 7:02 AM To: Andrei Warkentin ; devel@edk2.groups.io Cc: jiaxin.wu@intel.com ; siyuan.fu@intel.com Subject: Re: [edk2-devel] [edk2][PATCH 1/1] HttpBoot: handle servers which= may FIN after file sizing in HttpBootLoadFile Hi Andrei, Thanks for catching this. Smells a bit like a potential issue with Python's implementation of underlying socketserver and interoperability with Windows. https://nam04.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fstacko= verflow.com%2Fquestions%2F46785946%2Fpython-socketserver-sends-fin-flag&= ;data=3D02%7C01%7Cawarkentin%40vmware.com%7Cf607c49796204ebaffe108d7fbec88f= 1%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637254865643641251&sdata= = =3DWC0rfvSVDu%2Fbq2IhqgBRJCSOMeq%2BQNYu9VZBhG1H4cY%3D&reserved=3D0 Nevertheless, HTTP client should be aware that it can receive TCP FIN from HTTP server at any time. As for your patch: 1. Please add maintainer and reviewers as CC: to the patch before 'Signed-off-by:'. Example: https://nam04.safelinks.protection.outlook.com/= ?url=3Dhttps%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F58045&data= =3D02%7C01%7Cawarkentin%40vmware.com%7Cf607c49796204ebaffe108d7fbec88f1%7C= b39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637254865643641251&sdata=3Df= j9mXIvN7Vvq7M1gOd0DmFKTwnfGIoh2oY%2FthJkAGf0%3D&reserved=3D0 2. Patch & commit title should contain names of package and driver that are subject to changes - so it should start with 'NetworkPkg/HttpBootDxe:' 3. HttpBootDxeLoadFile is an implementation of EFI_LOAD_FILE_PROTOCOL.LoadFile() protocol function and UEFI specification clearly describes possible error codes. Whatever code is handling boot menu and that protocol, it may not be able to react correctly to that error code. From the error codes that are available, EFI_ABORTED best fits the 'Load process was cancelled by the server' narrative. HttpBootDxeLoadFile, line 602 contains an if (EFI_ERROR (Status)) clause. Please, catch EFI_CONNECTION_FIN error inside that clause. Use AsciiPrint to report the following message to the user: "\n Error: Server has terminated the connection." Set Status to EFI_ABORTED before the whole function returns it. Thanks, Maciej On 14-May-20 09:02, Andrei Warkentin wrote: > Python http.server seems to FIN after the first HEAD request to size > the loaded file is completed and ACKed. What happens next is interesting= . > On low latency connections, the GET request to download may get sent > after the server sends the FIN but before the client has a chance to > process it. The net result is: > - Server ignores GET > - HttpBootLoadFile returns EFI_CONNECTION_FIN. Boot fails. > > In the other case, client handles the FIN before attempting the GET, > so there's a proper three-way handshake as part of GET. > > The solution is to retry HttpBootLoadFile 2 times if it returns > EFI_CONNECTION_FIN. This is because HttpBootLoadFile may issue up to > 3 requests: HEAD/GET to get size and final GET to load. Some servers > may send a FIN after each request. The first request (HEAD) is not > supposed to fail this way, so only the two subsequent GET request > may result in a FIN. > > Fixes https://nam04.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%= 2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2720&data=3D02%7C01%7Caw= arkentin%40vmware.com%7Cf607c49796204ebaffe108d7fbec88f1%7Cb39138ca3cee4b4a= a4d6cd83d9dd62f0%7C0%7C0%7C637254865643641251&sdata=3DkKFG8ZhccLHTdW%2B= Bs7iQcqNK2yG%2FQaLgcVS%2BtQ2O59o%3D&reserved=3D0 > > Signed-off-by: Andrei Warkentin > --- > NetworkPkg/HttpBootDxe/HttpBootImpl.c | 27 +++++++++++++++++++- > NetworkPkg/HttpDxe/HttpImpl.c | 5 ++++ > 2 files changed, 31 insertions(+), 1 deletion(-) > > diff --git a/NetworkPkg/HttpBootDxe/HttpBootImpl.c b/NetworkPkg/HttpBoot= Dxe/HttpBootImpl.c > index 4a51f35cdd..2d74d5f293 100644 > --- a/NetworkPkg/HttpBootDxe/HttpBootImpl.c > +++ b/NetworkPkg/HttpBootDxe/HttpBootImpl.c > @@ -288,6 +288,7 @@ HttpBootDhcp ( > @retval EFI_NOT_STARTED The driver is in stopped state. > @retval EFI_BUFFER_TOO_SMALL The BufferSize is too small to r= ead the boot file. BufferSize has > been updated with the size neede= d to complete the request. > + @retval EFI_CONNECTION_FIN Server had closed the connection = while we were waiting downloading. > @retval EFI_DEVICE_ERROR An unexpected network error occu= rred. > @retval Others Other errors as indicated. > > @@ -535,6 +536,7 @@ HttpBootStop ( > @retval EFI_BUFFER_TOO_SMALL The BufferSize is too small to read th= e current directory entry. > BufferSize has been updated with the s= ize needed to complete > the request. > + @retval EFI_CONNECTION_FIN Server had closed the connection while = we were waiting for a response. > > **/ > EFI_STATUS > @@ -553,6 +555,7 @@ HttpBootDxeLoadFile ( > BOOLEAN UsingIpv6; > EFI_STATUS Status; > HTTP_BOOT_IMAGE_TYPE ImageType; > + UINTN MaxTries; > > if (This =3D=3D NULL || BufferSize =3D=3D NULL || FilePath =3D=3D NU= LL) { > return EFI_INVALID_PARAMETER; > @@ -598,7 +601,29 @@ HttpBootDxeLoadFile ( > // Load the boot file. > // > ImageType =3D ImageTypeMax; > - Status =3D HttpBootLoadFile (Private, BufferSize, Buffer, &ImageType)= ; > + // > + // HttpBootLoadFile may issue up to 2 requests: HEAD/GET to get > + // size and final GET to load. Some servers may send a FIN after > + // each request. The first request (HEAD) is not supposed to > + // fail this way, so only the two possible GETs need the special > + // handling. > + // > + MaxTries =3D 2; > + do { > + Status =3D HttpBootLoadFile (Private, BufferSize, Buffer, &ImageTyp= e); > + if (Status =3D=3D EFI_CONNECTION_FIN) { > + if (Private->HttpCreated) { > + // > + // Tear down HTTP/TCP state entirely. Http->Configure (NULL) is= not > + // sufficient (EFI_ACCESS_DENIED from TCP stack on subsequent > + // HttpBootLoadFile. > + // > + HttpIoDestroyIo (&Private->HttpIo); > + Private->HttpCreated =3D FALSE; > + } > + } > + } while (MaxTries-- && Status =3D=3D EFI_CONNECTION_FIN); > + > if (EFI_ERROR (Status)) { > if (Status =3D=3D EFI_BUFFER_TOO_SMALL && (ImageType =3D=3D ImageT= ypeVirtualCd || ImageType =3D=3D ImageTypeVirtualDisk)) { > Status =3D EFI_WARN_FILE_SYSTEM; > diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl= .c > index 5a6ecbc9d9..34a33b09f7 100644 > --- a/NetworkPkg/HttpDxe/HttpImpl.c > +++ b/NetworkPkg/HttpDxe/HttpImpl.c > @@ -959,6 +959,8 @@ HttpBodyParserCallback ( > @retval EFI_OUT_OF_RESOURCES Failed to complete the operation due= to lack of resources. > @retval EFI_NOT_READY Can't find a corresponding Tx4Token/= Tx6Token or > the EFI_HTTP_UTILITIES_PROTOCOL is n= ot available. > + @retval EFI_CONNECTION_FIN Server had closed the connection whil= e we were waiting for > + a response. > > **/ > EFI_STATUS > @@ -1528,6 +1530,9 @@ Error: > @retval EFI_OUT_OF_RESOURCES Could not allocate enough system res= ources. > @retval EFI_ACCESS_DENIED An open TCP connection is not presen= t with the host > specified by response URL. > + > + @retval EFI_CONNECTION_FIN Server had closed the connection whil= e we were waiting for > + a response. > **/ > EFI_STATUS > EFIAPI --_000_MWHPR05MB3422F9459065E06D5876DCE0B9B40MWHPR05MB3422namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Thank you. I made the updates and will now send v2.

A
From: devel@edk2.groups.io= <devel@edk2.groups.io> on behalf of Maciej Rabeda via groups.io <= maciej.rabeda=3Dlinux.intel.com@groups.io>
Sent: Tuesday, May 19, 2020 7:02 AM
To: Andrei Warkentin <andrey.warkentin@gmail.com>; devel@edk2= .groups.io <devel@edk2.groups.io>
Cc: jiaxin.wu@intel.com <jiaxin.wu@intel.com>; siyuan.fu@inte= l.com <siyuan.fu@intel.com>
Subject: Re: [edk2-devel] [edk2][PATCH 1/1] HttpBoot: handle server= s which may FIN after file sizing in HttpBootLoadFile
 
Hi Andrei,

Thanks for catching this.

Smells a bit like a potential issue with Python's implementation of
underlying socketserver and interoperability with Windows.
https://nam04.safelinks.protection.outlook.com/?url=3Dh= ttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F46785946%2Fpython-socketserver= -sends-fin-flag&amp;data=3D02%7C01%7Cawarkentin%40vmware.com%7Cf607c497= 96204ebaffe108d7fbec88f1%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C63725= 4865643641251&amp;sdata=3DWC0rfvSVDu%2Fbq2IhqgBRJCSOMeq%2BQNYu9VZBhG1H4= cY%3D&amp;reserved=3D0
Nevertheless, HTTP client should be aware that it can receive TCP FIN
from HTTP server at any time.

As for your patch:
1. Please add maintainer and reviewers as CC: to the patch before
'Signed-off-by:'. Example: https://nam04.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.g= roups.io%2Fg%2Fdevel%2Fmessage%2F58045&amp;data=3D02%7C01%7Cawarkentin%= 40vmware.com%7Cf607c49796204ebaffe108d7fbec88f1%7Cb39138ca3cee4b4aa4d6cd83d= 9dd62f0%7C0%7C0%7C637254865643641251&amp;sdata=3Dfj9mXIvN7Vvq7M1gOd0DmF= KTwnfGIoh2oY%2FthJkAGf0%3D&amp;reserved=3D0
2. Patch & commit title should contain names of package and driver tha= t
are subject to changes - so it should start with 'NetworkPkg/HttpBootDxe:'=
3. HttpBootDxeLoadFile is an implementation of
EFI_LOAD_FILE_PROTOCOL.LoadFile() protocol function and UEFI
specification clearly describes possible error codes.
Whatever code is handling boot menu and that protocol, it may not be
able to react correctly to that error code.
 From the error codes that are available, EFI_ABORTED best fits the <= br> 'Load process was cancelled by the server' narrative.

HttpBootDxeLoadFile, line 602 contains an if (EFI_ERROR (Status)) clause.<= br> Please, catch EFI_CONNECTION_FIN error inside that clause.
Use AsciiPrint to report the following message to the user: "\n Error= :
Server has terminated the connection."
Set Status to EFI_ABORTED before the whole function returns it.

Thanks,
Maciej

On 14-May-20 09:02, Andrei Warkentin wrote:
> Python http.server seems to FIN after the first HEAD request to size<= br> > the loaded file is completed and ACKed. What happens next is interest= ing.
> On low latency connections, the GET request to download may get sent<= br> > after the server sends the FIN but before the client has a chance to<= br> > process it. The net result is:
> - Server ignores GET
> - HttpBootLoadFile returns EFI_CONNECTION_FIN. Boot fails.
>
> In the other case, client handles the FIN before attempting the GET,<= br> > so there's a proper three-way handshake as part of GET.
>
> The solution is to retry HttpBootLoadFile 2 times if it returns
> EFI_CONNECTION_FIN. This is because HttpBootLoadFile may issue up to<= br> > 3 requests: HEAD/GET to get size and final GET to load. Some servers<= br> > may send a FIN after each request. The first request (HEAD) is not > supposed to fail this way, so only the two subsequent GET request
> may result in a FIN.
>
> Fixes https://nam04.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugzil= la.tianocore.org%2Fshow_bug.cgi%3Fid%3D2720&amp;data=3D02%7C01%7Cawarke= ntin%40vmware.com%7Cf607c49796204ebaffe108d7fbec88f1%7Cb39138ca3cee4b4aa4d6= cd83d9dd62f0%7C0%7C0%7C637254865643641251&amp;sdata=3DkKFG8ZhccLHTdW%2B= Bs7iQcqNK2yG%2FQaLgcVS%2BtQ2O59o%3D&amp;reserved=3D0
>
> Signed-off-by: Andrei Warkentin <andrey.warkentin@gmail.com> > ---
>   NetworkPkg/HttpBootDxe/HttpBootImpl.c | 27 +++= ;+++++++++++++++= ;+-
>   NetworkPkg/HttpDxe/HttpImpl.c    &nbs= p;    |  5 ++++
>   2 files changed, 31 insertions(+), 1 deletion(-)
>
> diff --git a/NetworkPkg/HttpBootDxe/HttpBootImpl.c b/NetworkPkg/HttpB= ootDxe/HttpBootImpl.c
> index 4a51f35cdd..2d74d5f293 100644
> --- a/NetworkPkg/HttpBootDxe/HttpBootImpl.c
> +++ b/NetworkPkg/HttpBootDxe/HttpBootImpl.c
> @@ -288,6 +288,7 @@ HttpBootDhcp (
>     @retval EFI_NOT_STARTED   &nbs= p;         The driver is in stopped= state.
>     @retval EFI_BUFFER_TOO_SMALL   = ;     The BufferSize is too small to read the boot file= . BufferSize has
>           &nbs= p;            &= nbsp;           &nbs= p;    been updated with the size needed to complete the requ= est.
> +  @retval EFI_CONNECTION_FIN     &= nbsp;    Server had closed the connection while we were wait= ing downloading.
>     @retval EFI_DEVICE_ERROR   &nb= sp;        An unexpected network error o= ccurred.
>     @retval Others     &= nbsp;           &nbs= p;    Other errors as indicated.
>  
> @@ -535,6 +536,7 @@ HttpBootStop (
>     @retval EFI_BUFFER_TOO_SMALL  The Buffer= Size is too small to read the current directory entry.
>           &nbs= p;            &= nbsp;          BufferSize has = been updated with the size needed to complete
>           &nbs= p;            &= nbsp;          the request. > +  @retval EFI_CONNECTION_FIN    Server had c= losed the connection while we were waiting for a response.
>  
>   **/
>   EFI_STATUS
> @@ -553,6 +555,7 @@ HttpBootDxeLoadFile (
>     BOOLEAN      &n= bsp;            = ;    UsingIpv6;
>     EFI_STATUS      = ;            &n= bsp; Status;
>     HTTP_BOOT_IMAGE_TYPE    &= nbsp;     ImageType;
> +  UINTN        &nbs= p;            &= nbsp;   MaxTries;
>  
>     if (This =3D=3D NULL || BufferSize =3D=3D NUL= L || FilePath =3D=3D NULL) {
>       return EFI_INVALID_PARAMETER;
> @@ -598,7 +601,29 @@ HttpBootDxeLoadFile (
>     // Load the boot file.
>     //
>     ImageType =3D ImageTypeMax;
> -  Status =3D HttpBootLoadFile (Private, BufferSize, Buffer, &am= p;ImageType);
> +  //
> +  // HttpBootLoadFile may issue up to 2 requests: HEAD/GET = to get
> +  // size and final GET to load. Some servers may send a FI= N after
> +  // each request. The first request (HEAD) is not supposed= to
> +  // fail this way, so only the two possible GETs need the = special
> +  // handling.
> +  //
> +  MaxTries =3D 2;
> +  do {
> +    Status =3D HttpBootLoadFile (Private, BufferS= ize, Buffer, &ImageType);
> +    if (Status =3D=3D EFI_CONNECTION_FIN) {
> +      if (Private->HttpCreated) { > +        //
> +        // Tear down HTTP/TCP= state entirely. Http->Configure (NULL) is not
> +        // sufficient (EFI_AC= CESS_DENIED from TCP stack on subsequent
> +        // HttpBootLoadFile.<= br> > +        //
> +        HttpIoDestroyIo (&= ;Private->HttpIo);
> +        Private->HttpCreat= ed =3D FALSE;
> +      }
> +    }
> +  } while (MaxTries-- && Status =3D=3D EFI_CONNECTI= ON_FIN);
> +
>     if (EFI_ERROR (Status)) {
>       if (Status =3D=3D EFI_BUFFER_TOO_= SMALL && (ImageType =3D=3D ImageTypeVirtualCd || ImageType =3D=3D I= mageTypeVirtualDisk)) {
>         Status =3D EFI_WARN_F= ILE_SYSTEM;
> diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpI= mpl.c
> index 5a6ecbc9d9..34a33b09f7 100644
> --- a/NetworkPkg/HttpDxe/HttpImpl.c
> +++ b/NetworkPkg/HttpDxe/HttpImpl.c
> @@ -959,6 +959,8 @@ HttpBodyParserCallback (
>     @retval EFI_OUT_OF_RESOURCES   = ; Failed to complete the operation due to lack of resources.
>     @retval EFI_NOT_READY    =        Can't find a corresponding Tx4Token/Tx= 6Token or
>           &nbs= p;            &= nbsp;            the= EFI_HTTP_UTILITIES_PROTOCOL is not available.
> +  @retval EFI_CONNECTION_FIN      = Server had closed the connection while we were waiting for
> +          &nbs= p;            &= nbsp;          a response.
>  
>   **/
>   EFI_STATUS
> @@ -1528,6 +1530,9 @@ Error:
>     @retval EFI_OUT_OF_RESOURCES   = ; Could not allocate enough system resources.
>     @retval EFI_ACCESS_DENIED   &n= bsp;   An open TCP connection is not present with the host
>           &nbs= p;            &= nbsp;            spe= cified by response URL.
> +
> +  @retval EFI_CONNECTION_FIN      = Server had closed the connection while we were waiting for
> +          &nbs= p;            &= nbsp;          a response.
>   **/
>   EFI_STATUS
>   EFIAPI




--_000_MWHPR05MB3422F9459065E06D5876DCE0B9B40MWHPR05MB3422namp_--