From nobody Mon Feb  9 01:20:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+62663+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+62663+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1594885614081916.7027881399559;
 Thu, 16 Jul 2020 00:46:54 -0700 (PDT)
Return-Path: <bounce+27952+62663+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id QdUVYY1788612xwbHLZC0YVV;
 Thu, 16 Jul 2020 00:46:53 -0700
X-Received: from de-smtp-delivery-102.mimecast.com
 (de-smtp-delivery-102.mimecast.com [62.140.7.102])
 by mx.groups.io with SMTP id smtpd.web11.10946.1594885613071820969
 for <devel@edk2.groups.io>;
 Thu, 16 Jul 2020 00:46:53 -0700
X-Received: from EUR05-VI1-obe.outbound.protection.outlook.com
 (mail-vi1eur05lp2177.outbound.protection.outlook.com [104.47.17.177])
 (Using TLS) by relay.mimecast.com with ESMTP id
 de-mta-26-JfV3JUdfP5eu6bWsyqNWxQ-1; Thu, 16 Jul 2020 09:46:50 +0200
X-MC-Unique: JfV3JUdfP5eu6bWsyqNWxQ-1
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=C6X453UZn3essIwX/+qOyg6z0ezl6z7bfMHWGpfYkWJhX7rKI8Fuplep1UCIhZWuOd7OouNZ9LAxE8J0E9GUiL6uk5DiFMHSsmQU1xaBEbFlvqRie3bGUAuRBkGWYZNCFrh2Pqu8ppO0ZbJwwNKd4vmWEikAYH4TswTC7jKHHcVTQml0HIdsSGunc/5qqBYJiBx2R4KaxJxJCb7ReD9XJjLPxL/3U6LB5uWkl4RjA05N3DRpU/vWqqybMXpBw0HgJ4jnIrtxZkrdFFrpYivmVogt5RVLQ0dX0lFYTJzTQ+M7dhCdnIUOrf0kngIoHV/+L5CjAowJEC+1uKYFqX5Wng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=GTqVTlPBL7s9yX1288TZLA/gDdeay+qcOjs7f18qvro=;
 b=HXcQuPrR+VjAyeOEFHMhNKhTwTnyuKgPLI+SqhA/DeO1BDweBxMjL/daqcc4wLMuWj/jUHI2EbMcf9887zZrBvhTY8NKXoo52xY84A4VWwimpJpiFgtyqRF3HiNRW6cesKctUZWAnjFILbfX+eGIG1NQG/XNYTfCLDLv+FhXhsiISo/cunUxCm/4XBO4FK4JIsuasn+MA11lSZBJlt5/nb6hiIcT6ioyg+Oz0XsZ7HNE4t/ceDuV+qqKejQl91q3zozyFPdN1rOfaMcb6qZ5A0hcOsql5yAqIxY5hr4+/46JOCbEJQ6fIIGurfqhUscy8PsT5pGcgLtr0o88VOkjQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com;
 dkim=pass header.d=suse.com; arc=none
X-Received: from AM0PR0402MB3809.eurprd04.prod.outlook.com
 (2603:10a6:208:10::30) by AM0PR04MB4740.eurprd04.prod.outlook.com
 (2603:10a6:208:c8::22) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.17; Thu, 16 Jul
 2020 07:46:44 +0000
X-Received: from AM0PR0402MB3809.eurprd04.prod.outlook.com
 ([fe80::a14c:d441:c8a9:77ba]) by AM0PR0402MB3809.eurprd04.prod.outlook.com
 ([fe80::a14c:d441:c8a9:77ba%6]) with mapi id 15.20.3174.026; Thu, 16 Jul 2020
 07:46:44 +0000
From: "Gary Lin" <glin@suse.com>
To: devel@edk2.groups.io
Cc: Jordan Justen <jordan.l.justen@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ard.biesheuvel@arm.com>
Subject: [edk2-devel] [PATCH v2 09/12] OvmfPkg/LsiScsiDxe: Examine the
 incoming SCSI Request Packet
Date: Thu, 16 Jul 2020 15:46:04 +0800
Message-Id: <20200716074607.18048-10-glin@suse.com>
In-Reply-To: <20200716074607.18048-1-glin@suse.com>
References: <20200716074607.18048-1-glin@suse.com>
X-ClientProxiedBy: AM3PR07CA0118.eurprd07.prod.outlook.com
 (2603:10a6:207:7::28) To AM0PR0402MB3809.eurprd04.prod.outlook.com
 (2603:10a6:208:10::30)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-Received: from GaryWorkstation.suse.cz (60.251.47.115) by
 AM3PR07CA0118.eurprd07.prod.outlook.com (2603:10a6:207:7::28) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.17 via Frontend
 Transport; Thu, 16 Jul 2020 07:46:42 +0000
X-Originating-IP: [60.251.47.115]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5f3c21fa-ad85-499a-44a6-08d8295c6271
X-MS-TrafficTypeDiagnostic: AM0PR04MB4740:
X-Microsoft-Antispam-PRVS: 
 <AM0PR04MB474062782F344B855F0333B4A97F0@AM0PR04MB4740.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 
 AsJeILjkjlA3U3C3tgnyW3v3j5p36OIHKmIxhRkjSbAnPENb2M2JsYb7flIfkcXDaUTdRYG/jBw0u118c5Lk0HomkpCOpNNEh50GBjis5v1LzsNLQ41eWt7Cnkf5jHNPwiBmLV/hWEY2tNI91s+4q9Ohiob0lcVdOmg6ax+6QGV6XFcwCj5a7gQ3x/L1qlR01D528V2nD1XJTIkvUX2nUc1GnBOpQcnRfv1Ol/LRPci28wkcQc8/q0MPesaS3Af0z+31+CWZa7e1jKLC0fDwgpeoZNT2pFOmNalrkY/hxNzoNwO0RoEn0Cs7OPo4/JONmYigjDE25thPVY+xO2OMeg==
X-MS-Exchange-AntiSpam-MessageData: 
 RPRatpDWMLhXZK3OjcliZxO2S0lymlOA5bMOM32/iH2H/3bW+hfu5SvPi6UYPODHH7wSD6AFef0udSICD6anANml5sRtbxTdQ1/p4JS6BhfIoaaDHJ46H5/efrMA2rqoEp3QZ/55bw85VNOOwD4ya8wGSArBP55ziNWVi9h2GHeEdRRE9HtKHt8JZvlTPxN4aYfs33RglR6Hx3NLmo6oOyUZXZ0LSCQb4n6yJyVa2SlJ6Ar4Yk4+ObE0ntmGLiPouBK4t/TsWsczX22SOh+1kuIn24eqAxRJiKNhLrRt4B8c8a6vCe/pjjcFwmE7RqagUWDlwwRrYS4Ll/+DZI+vqIcjayXGj73J20nv3vzQCQbNAYs8QhC0oxcWBxQyli8k/H5cEAVl9Kq8ybhIDTQysJVd1gCFQ07Jwt2arwRNQHaHjBaRiWxJRvC5rXfSNLHp+wFkl3X6hQFmUphUlBMK/f1znuec5K7rV6dwHqLPlUQ=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 5f3c21fa-ad85-499a-44a6-08d8295c6271
X-MS-Exchange-CrossTenant-AuthSource: 
 AM0PR0402MB3809.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jul 2020 07:46:44.4841
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 gjxue7DUrA9pb3l+9aCsQgoAKKi0Q+rQ68hIoSnmLaphpONAz9/wLjE6Gi2Qbji3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB4740
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,glin@suse.com
X-Gm-Message-State: frmynFoJFBRYwgyPGT2pOtXLx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1594885613;
 bh=RW2UuA7+RJ7LjKLOozCRg/EWuRK0P+OKXKvRo/P9uQc=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=r+H0ijYMCxQHOiyfHlfcUgzMuBa89D5yjHgH1uuU/5pFfEm5DCVs9aZAucrN2WJYF8T
 4O/cR9qlWXFVV5nLsVZK9LIzFq6zndMso5UoWFfiv/TJ3DoHTakVSPsAylmj5251Yx+tv
 cc4iiItjIn9ygxVIWNztKNDEy6/P2RLTB30=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

This is the first part of LsiScsiPassThru(). Before processing the SCSI
Request packet, we have to make sure whether the packet is valid or not.

v2: Make LsiScsiPassThru() return EFI_UNSUPPORTED since this function is
    half-implemented

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/LsiScsiDxe/LsiScsi.c | 98 ++++++++++++++++++++++++++++++++++++
 OvmfPkg/LsiScsiDxe/LsiScsi.h |  4 ++
 2 files changed, 102 insertions(+)

diff --git a/OvmfPkg/LsiScsiDxe/LsiScsi.c b/OvmfPkg/LsiScsiDxe/LsiScsi.c
index 4e84afa40085..b3a88cc7119b 100644
--- a/OvmfPkg/LsiScsiDxe/LsiScsi.c
+++ b/OvmfPkg/LsiScsiDxe/LsiScsi.c
@@ -52,6 +52,95 @@ LsiScsiReset (
   return Out8 (Dev, LSI_REG_ISTAT0, LSI_ISTAT0_SRST);
 }
=20
+STATIC
+EFI_STATUS
+ReportHostAdapterOverrunError (
+  OUT EFI_EXT_SCSI_PASS_THRU_SCSI_REQUEST_PACKET *Packet
+  )
+{
+  Packet->SenseDataLength =3D 0;
+  Packet->HostAdapterStatus =3D
+            EFI_EXT_SCSI_STATUS_HOST_ADAPTER_DATA_OVERRUN_UNDERRUN;
+  Packet->TargetStatus =3D EFI_EXT_SCSI_STATUS_TARGET_GOOD;
+  return EFI_BAD_BUFFER_SIZE;
+}
+
+/**
+
+  Check the request packet from the Extended SCSI Pass Thru Protocol. The
+  request packet is modified, to be forwarded outwards by LsiScsiPassThru(=
),
+  if invalid or unsupported parameters are detected.
+
+  @param[in] Dev          The LSI 53C895A SCSI device the packet targets.
+
+  @param[in] Target       The SCSI target controlled by the LSI 53C895A SC=
SI
+                          device.
+
+  @param[in] Lun          The Logical Unit Number under the SCSI target.
+
+  @param[in out] Packet   The Extended SCSI Pass Thru Protocol packet.
+
+
+  @retval EFI_SUCCESS  The Extended SCSI Pass Thru Protocol packet was val=
id.
+
+  @return              Otherwise, invalid or unsupported parameters were
+                       detected. Status codes are meant for direct forward=
ing
+                       by the EFI_EXT_SCSI_PASS_THRU_PROTOCOL.PassThru()
+                       implementation.
+
+ **/
+STATIC
+EFI_STATUS
+LsiScsiCheckRequest (
+  IN LSI_SCSI_DEV                                   *Dev,
+  IN UINT8                                          Target,
+  IN UINT64                                         Lun,
+  IN OUT EFI_EXT_SCSI_PASS_THRU_SCSI_REQUEST_PACKET *Packet
+  )
+{
+  if (Target > Dev->MaxTarget || Lun > Dev->MaxLun ||
+      Packet->DataDirection > EFI_EXT_SCSI_DATA_DIRECTION_BIDIRECTIONAL ||
+      //
+      // Trying to receive, but destination pointer is NULL, or contradict=
ing
+      // transfer direction
+      //
+      (Packet->InTransferLength > 0 &&
+       (Packet->InDataBuffer =3D=3D NULL ||
+        Packet->DataDirection =3D=3D EFI_EXT_SCSI_DATA_DIRECTION_WRITE
+         )
+        ) ||
+
+      //
+      // Trying to send, but source pointer is NULL, or contradicting tran=
sfer
+      // direction
+      //
+      (Packet->OutTransferLength > 0 &&
+       (Packet->OutDataBuffer =3D=3D NULL ||
+        Packet->DataDirection =3D=3D EFI_EXT_SCSI_DATA_DIRECTION_READ
+         )
+        )
+    ) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (Packet->DataDirection =3D=3D EFI_EXT_SCSI_DATA_DIRECTION_BIDIRECTION=
AL ||
+      (Packet->InTransferLength > 0 && Packet->OutTransferLength > 0) ||
+      Packet->CdbLength > sizeof Dev->Dma->Cdb) {
+    return EFI_UNSUPPORTED;
+  }
+
+  if (Packet->InTransferLength > sizeof Dev->Dma->Data) {
+    Packet->InTransferLength =3D sizeof Dev->Dma->Data;
+    return ReportHostAdapterOverrunError (Packet);
+  }
+  if (Packet->OutTransferLength > sizeof Dev->Dma->Data) {
+    Packet->OutTransferLength =3D sizeof Dev->Dma->Data;
+    return ReportHostAdapterOverrunError (Packet);
+  }
+
+  return EFI_SUCCESS;
+}
+
 //
 // The next seven functions implement EFI_EXT_SCSI_PASS_THRU_PROTOCOL
 // for the LSI 53C895A SCSI Controller. Refer to UEFI Spec 2.3.1 + Errata =
C,
@@ -70,6 +159,15 @@ LsiScsiPassThru (
   IN EFI_EVENT                                      Event     OPTIONAL
   )
 {
+  EFI_STATUS   Status;
+  LSI_SCSI_DEV *Dev;
+
+  Dev =3D LSI_SCSI_FROM_PASS_THRU (This);
+  Status =3D LsiScsiCheckRequest (Dev, *Target, Lun, Packet);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
   return EFI_UNSUPPORTED;
 }
=20
diff --git a/OvmfPkg/LsiScsiDxe/LsiScsi.h b/OvmfPkg/LsiScsiDxe/LsiScsi.h
index 9f9e5c7fed00..05deeed379fe 100644
--- a/OvmfPkg/LsiScsiDxe/LsiScsi.h
+++ b/OvmfPkg/LsiScsiDxe/LsiScsi.h
@@ -13,6 +13,10 @@
 #define _LSI_SCSI_DXE_H_
=20
 typedef struct {
+  //
+  // The max size of CDB is 32.
+  //
+  UINT8                           Cdb[32];
   //
   // Allocate 64KB for read/write buffer. It seems sufficient for the comm=
on
   // boot scenarios.
--=20
2.25.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#62663): https://edk2.groups.io/g/devel/message/62663
Mute This Topic: https://groups.io/mt/75537214/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-