MdePkg: UefiScsiLib: do not encode LUN in CDB for READ and WRITE

The "SCSI Block Commands - 2" (SBC-2) standard defines bits [7:5] of the
CDB byte 1 as Reserved, for the READ and WRITE commands.

The updated "SCSI Block Commands - 3" (SBC-3) standard defines the same
bitfield as RDPROTECT and WRPROTECT, respectively.

After reviewing the above standards, and the following commits:
- SVN r8331 (git 676e2a32),
- SVN r8334 (git 6b3ecf5c),
we've determined that UefiScsiLib is incorrect in encoding the LUN in this
bitfield for the READ and WRITE commands.

Encoding a nonzero LUN there creates unintended RDPROTECT and WRPROTECT
values, which the recipient device is required to reject if it does not
support protection information, with CHECK CONDITION, ILLEGAL REQUEST,
INVALID FIELD IN CDB:

  ScsiDiskRead10: Check Condition happened!
  ScsiDisk: Sense Key = 0x5 ASC = 0x24!
  ScsiDiskRead10: Check Condition happened!
  ScsiDisk: Sense Key = 0x5 ASC = 0x24!
  ScsiDiskRead10: Check Condition happened!
  ScsiDisk: Sense Key = 0x5 ASC = 0x24!
  ScsiDiskRead10: Check Condition happened!
  ScsiDisk: Sense Key = 0x5 ASC = 0x24!
  FatOpenDevice: read of part_lba failed Device Error

In practice this flaw breaks UefiScsiLib minimally on SCSI disks with
nonzero LUNs that are emulated by QEMU (after QEMU commit 96bdbbab, part
of v1.2.0).

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1166971

Reported-by: Cole Robinson <crobinso@redhat.com>

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>

Suggested-by: Feng Tian <feng.tian@intel.com>

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16454 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 0 insertions, 28 deletions

diff --git a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
index bd838c4ff..1dbe87411 100644
--- a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
+++ b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
@@ -903,9 +903,6 @@ ScsiRead10Command (
   )

 {

   EFI_SCSI_IO_SCSI_REQUEST_PACKET CommandPacket;

-  UINT64                          Lun;

-  UINT8                           *Target;

-  UINT8                           TargetArray[EFI_SCSI_TARGET_MAX_BYTES];

   EFI_STATUS                      Status;

   UINT8                           Cdb[EFI_SCSI_OP_LENGTH_TEN];

 

@@ -926,11 +923,7 @@ ScsiRead10Command (
   //

   // Fill Cdb for Read (10) Command

   //

-  Target = &TargetArray[0];

-  ScsiIo->GetDeviceLocation (ScsiIo, &Target, &Lun);

-

   Cdb[0]                        = EFI_SCSI_OP_READ10;

-  Cdb[1]                        = (UINT8) (LShiftU64 (Lun, 5) & EFI_SCSI_LOGICAL_UNIT_NUMBER_MASK);

   WriteUnaligned32 ((UINT32 *)&Cdb[2], SwapBytes32 (StartLba));

   WriteUnaligned16 ((UINT16 *)&Cdb[7], SwapBytes16 ((UINT16) SectorSize));

 

@@ -1001,9 +994,6 @@ ScsiWrite10Command (
   )

 {

   EFI_SCSI_IO_SCSI_REQUEST_PACKET CommandPacket;

-  UINT64                          Lun;

-  UINT8                           *Target;

-  UINT8                           TargetArray[EFI_SCSI_TARGET_MAX_BYTES];

   EFI_STATUS                      Status;

   UINT8                           Cdb[EFI_SCSI_OP_LENGTH_TEN];

 

@@ -1024,11 +1014,7 @@ ScsiWrite10Command (
   //

   // Fill Cdb for Write (10) Command

   //

-  Target = &TargetArray[0];

-  ScsiIo->GetDeviceLocation (ScsiIo, &Target, &Lun);

-

   Cdb[0]                        = EFI_SCSI_OP_WRITE10;

-  Cdb[1]                        = (UINT8) (LShiftU64 (Lun, 5) & EFI_SCSI_LOGICAL_UNIT_NUMBER_MASK);

   WriteUnaligned32 ((UINT32 *)&Cdb[2], SwapBytes32 (StartLba));

   WriteUnaligned16 ((UINT16 *)&Cdb[7], SwapBytes16 ((UINT16) SectorSize));

 

@@ -1099,9 +1085,6 @@ ScsiRead16Command (
   )

 {

   EFI_SCSI_IO_SCSI_REQUEST_PACKET CommandPacket;

-  UINT64                          Lun;

-  UINT8                           *Target;

-  UINT8                           TargetArray[EFI_SCSI_TARGET_MAX_BYTES];

   EFI_STATUS                      Status;

   UINT8                           Cdb[EFI_SCSI_OP_LENGTH_SIXTEEN];

 

@@ -1122,11 +1105,7 @@ ScsiRead16Command (
   //

   // Fill Cdb for Read (16) Command

   //

-  Target = &TargetArray[0];

-  ScsiIo->GetDeviceLocation (ScsiIo, &Target, &Lun);

-

   Cdb[0]                        = EFI_SCSI_OP_READ16;

-  Cdb[1]                        = (UINT8) (LShiftU64 (Lun, 5) & EFI_SCSI_LOGICAL_UNIT_NUMBER_MASK);

   WriteUnaligned64 ((UINT64 *)&Cdb[2], SwapBytes64 (StartLba));

   WriteUnaligned32 ((UINT32 *)&Cdb[10], SwapBytes32 (SectorSize));

 

@@ -1197,9 +1176,6 @@ ScsiWrite16Command (
   )

 {

   EFI_SCSI_IO_SCSI_REQUEST_PACKET CommandPacket;

-  UINT64                          Lun;

-  UINT8                           *Target;

-  UINT8                           TargetArray[EFI_SCSI_TARGET_MAX_BYTES];

   EFI_STATUS                      Status;

   UINT8                           Cdb[EFI_SCSI_OP_LENGTH_SIXTEEN];

 

@@ -1220,11 +1196,7 @@ ScsiWrite16Command (
   //

   // Fill Cdb for Write (16) Command

   //

-  Target = &TargetArray[0];

-  ScsiIo->GetDeviceLocation (ScsiIo, &Target, &Lun);

-

   Cdb[0]                        = EFI_SCSI_OP_WRITE16;

-  Cdb[1]                        = (UINT8) (LShiftU64 (Lun, 5) & EFI_SCSI_LOGICAL_UNIT_NUMBER_MASK);

   WriteUnaligned64 ((UINT64 *)&Cdb[2], SwapBytes64 (StartLba));

   WriteUnaligned32 ((UINT32 *)&Cdb[10], SwapBytes32 (SectorSize));