On 08/31/17 15:23, Laszlo Ersek wrote:
> On 08/30/17 22:45, Brijesh Singh wrote:
>> @@ -492,10 +645,50 @@ VirtioScsiPassThru (
>> //
>> if (VirtioFlush (Dev->VirtIo, VIRTIO_SCSI_REQUEST_QUEUE, &Dev->Ring,
>> &Indices, NULL) != EFI_SUCCESS) {
>> - return ReportHostAdapterError (Packet);
>> + Status = ReportHostAdapterError (Packet);
>> + goto UnmapResponseBuffer;
>> }
>>
>> - return ParseResponse (Packet, &Response);
>> + Status = ParseResponse (Packet, Response);
>> +
>> + //
>> + // If virtio request was successful and it was a CPU read request then we
>> + // have used an intermediate buffer. Copy the data from intermediate
>> buffer
>> + // to the final buffer.
>> + //
>> + if (!EFI_ERROR (Status) && (Packet->InTransferLength > 0)) {
>> + CopyMem (Packet->InDataBuffer, InDataBuffer, Packet->InTransferLength);
>> + }
>
> (7) The comment is exactly right, but the condition that you check
> after is incorrect.
>
> The right thing to do is to call CopyMem() *unconditionally*.
>
> Namely, at this point we are past ParseResponse(). As I wrote before,
> ParseResponse() updates the Packet->... fields in every case, even if
> it reports an EFI_STATUS that is different from EFI_SUCCESS. And
> whatever we expose to the caller through "Packet->InTransferLength"
> *must* be reflected in "Packet->InDataBuffer" regardless of return
> status.
>
> Therefore the Status check must be dropped. And then we need not check
> (Packet->InTransferLength>0) either, because the CopyMem() will deal
> with it internally.
>
> Think of it like this: the "worst" that can happen, on error, is that
> "Packet->InTransferLength" is unchanged from its "input" value, and we
> overwrite the caller's "Packet->InDataBuffer" entirely. What is the
> data we are going to put there? It's all zeroes, from your
>
> ZeroMem (InDataBuffer, Packet->InTransferLength);
>
> higher up.
>
> So, again, this CopyMem() needs to be unconditional -- as the comment
> says, if the *virtio* request was successful (== we talked to the
> virtio-scsi adapter), then we have to copy the data, even if the
> *SCSI* request produced an error status in ParseResponse.
I have to correct myself a little bit -- although I think you would have
caught me anyway :) --, namely we should keep the "if", but the
condition should be:
InDataBuffer != NULL
Admittedly, it is likely that none of the CopyMem() implementations
would have problems with a NULL "SourceBuffer", if "Length" was zero.
Nonetheless, the interface contract in
MdePkg/Include/Library/BaseMemoryLib.h
does not mark SourceBuffer OPTIONAL -- neither does the UEFI spec, for
the similar gBS->CopyMem() boot service --, for the case when Length==0,
so we should do an explicit check:
if (InDataBuffer != NULL) {
CopyMem (Packet->InDataBuffer, InDataBuffer, Packet->InTransferLength);
}
Thank you,
Laszlo
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
