diff options
| author | Star Zeng <star.zeng@intel.com> | 2013-07-03 09:08:40 +0000 |
|---|---|---|
| committer | lzeng14 <lzeng14@6f19259b-4bc3-4df7-8a09-765794883524> | 2013-07-03 09:08:40 +0000 |
| commit | 3e02ebb2bbe0fd4da880511b1f35951e1c4b8404 (patch) | |
| tree | 95fc155e9d76e163cd295db373734cc276f4abc6 /MdeModulePkg/Include | |
| parent | 70066a82a54bd5136556dff3ea76dff035a3aca3 (diff) | |
| download | edk2-platforms-3e02ebb2bbe0fd4da880511b1f35951e1c4b8404.tar.xz | |
MdeModulePkg: Variable drivers robustly handle crashes during Reclaim().
PEI variable implementation checks only the variable header signature for validity. This does not seem robust if system crash occurred during previous Reclaim() operation. If the crash occurred while FTW was rewriting the variable FV, the signature could be valid even though the rest of the FV isn't valid.
Solution: Add a FaultTolerantWritePei driver to check and provide the FTW last write status, then PEI variable and early phase(before FTW protocol ready) of DXE variable can check the status and determine if all or partial variable data has been backed up in spare block, and then use the backed up data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14454 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg/Include')
| -rw-r--r-- | MdeModulePkg/Include/Guid/FaultTolerantWrite.h | 54 | ||||
| -rw-r--r-- | MdeModulePkg/Include/Guid/SystemNvDataGuid.h | 73 |
2 files changed, 118 insertions, 9 deletions
diff --git a/MdeModulePkg/Include/Guid/FaultTolerantWrite.h b/MdeModulePkg/Include/Guid/FaultTolerantWrite.h new file mode 100644 index 0000000000..cb7b454b2b --- /dev/null +++ b/MdeModulePkg/Include/Guid/FaultTolerantWrite.h @@ -0,0 +1,54 @@ +/** @file
+ Define the GUID gEdkiiFaultTolerantWriteGuid that will be used to build
+ FAULT_TOLERANT_WRITE_LAST_WRITE_DATA GUID hob and install PPI to inform the check
+ for FTW last write data has been done. The GUID hob will be only built if FTW last write was
+ still in progress with SpareComplete set and DestinationComplete not set.
+
+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _FAULT_TOLERANT_WRITE_H_
+#define _FAULT_TOLERANT_WRITE_H_
+
+#define EDKII_FAULT_TOLERANT_WRITE_GUID \
+ { \
+ 0x1d3e9cb8, 0x43af, 0x490b, { 0x83, 0xa, 0x35, 0x16, 0xaa, 0x53, 0x20, 0x47 } \
+ }
+
+//
+// FTW Last write data. It will be used as gEdkiiFaultTolerantWriteGuid GUID hob data.
+//
+typedef struct {
+ ///
+ /// Target address to be updated in FTW last write.
+ ///
+ EFI_PHYSICAL_ADDRESS TargetAddress;
+ ///
+ /// Spare address to back up the updated buffer.
+ ///
+ EFI_PHYSICAL_ADDRESS SpareAddress;
+ ///
+ /// The length of data that have been backed up in spare block.
+ /// It is also the length of target block that has been erased.
+ ///
+ UINT64 Length;
+} FAULT_TOLERANT_WRITE_LAST_WRITE_DATA;
+
+//
+// This GUID will be used to install PPI to inform the check for FTW last write data has been done.
+// The related FAULT_TOLERANT_WRITE_LAST_WRITE_DATA GUID hob will be only built if
+// FTW last write was still in progress with SpareComplete set and DestinationComplete not set.
+// It means the target buffer has been backed up in spare block, then target block has been erased,
+// but the target buffer has not been writen in target block from spare block.
+//
+extern EFI_GUID gEdkiiFaultTolerantWriteGuid;
+
+#endif
diff --git a/MdeModulePkg/Include/Guid/SystemNvDataGuid.h b/MdeModulePkg/Include/Guid/SystemNvDataGuid.h index 4e21888356..40446bcc10 100644 --- a/MdeModulePkg/Include/Guid/SystemNvDataGuid.h +++ b/MdeModulePkg/Include/Guid/SystemNvDataGuid.h @@ -1,10 +1,10 @@ /** @file
- This file defines NvDataFv GUID and FTW working block structure header.
- This guid can be used as FileSystemGuid in EFI_FIRMWARE_VOLUME_HEADER if
+ This file defines NvDataFv GUID and FTW working block structures.
+ The NvDataFv GUID can be used as FileSystemGuid in EFI_FIRMWARE_VOLUME_HEADER if
this FV image contains NV data, such as NV variable data.
- This guid can also be used as the signature of FTW working block header.
+ This file also defines WorkingBlockSignature GUID for FTW working block signature.
-Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
@@ -21,10 +21,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define EFI_SYSTEM_NV_DATA_FV_GUID \
{0xfff12b8d, 0x7696, 0x4c8b, {0xa9, 0x85, 0x27, 0x47, 0x7, 0x5b, 0x4f, 0x50} }
-///
-/// An NvDataFv GUID used as the signature of FTW working block header.
-///
+#define EDKII_WORKING_BLOCK_SIGNATURE_GUID \
+ {0x9e58292b, 0x7c68, 0x497d, {0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95} }
+
extern EFI_GUID gEfiSystemNvDataFvGuid;
+extern EFI_GUID gEdkiiWorkingBlockSignatureGuid;
#define WORKING_BLOCK_VALID 0x1
#define WORKING_BLOCK_INVALID 0x2
@@ -35,7 +36,9 @@ extern EFI_GUID gEfiSystemNvDataFvGuid; ///
typedef struct {
///
- /// System Non Volatile FV Guid.
+ /// FTW working block signature.
+ /// Its value has be updated from gEfiSystemNvDataFvGuid to gEdkiiWorkingBlockSignatureGuid,
+ /// because its write queue data format has been updated to support the crossing archs.
///
EFI_GUID Signature;
///
@@ -55,8 +58,60 @@ typedef struct { UINT64 WriteQueueSize;
///
/// Write Queue data.
- /// UINT8 WriteQueue[WriteQueueSize];
+ ///
+ /// EFI_FAULT_TOLERANT_WRITE_HEADER FtwHeader;
+ /// EFI_FAULT_TOLERANT_WRITE_RECORD FtwRecord[FtwHeader.NumberOfWrites]
+ /// EFI_FAULT_TOLERANT_WRITE_HEADER FtwHeader2;
+ /// EFI_FAULT_TOLERANT_WRITE_RECORD FtwRecord2[FtwHeader2.NumberOfWrites]
+ /// ...
///
} EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER;
+#define FTW_VALID_STATE 0
+#define FTW_INVALID_STATE 1
+
+//
+// EFI Fault tolerant block update write queue entry.
+//
+typedef struct {
+ UINT8 HeaderAllocated : 1;
+ UINT8 WritesAllocated : 1;
+ UINT8 Complete : 1;
+ UINT8 Reserved : 5;
+ EFI_GUID CallerId;
+ UINT64 NumberOfWrites;
+ UINT64 PrivateDataSize;
+} EFI_FAULT_TOLERANT_WRITE_HEADER;
+
+//
+// EFI Fault tolerant block update write queue record.
+//
+typedef struct {
+ UINT8 BootBlockUpdate : 1;
+ UINT8 SpareComplete : 1;
+ UINT8 DestinationComplete : 1;
+ UINT8 Reserved : 5;
+ EFI_LBA Lba;
+ UINT64 Offset;
+ UINT64 Length;
+ //
+ // Relative offset to spare block.
+ //
+ INT64 RelativeOffset;
+ //
+ // UINT8 PrivateData[PrivateDataSize]
+ //
+} EFI_FAULT_TOLERANT_WRITE_RECORD;
+
+#define FTW_RECORD_SIZE(PrivateDataSize) (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + (UINTN) PrivateDataSize)
+
+#define FTW_RECORD_TOTAL_SIZE(NumberOfWrites, PrivateDataSize) \
+ ((UINTN) (NumberOfWrites) * (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + (UINTN) PrivateDataSize))
+
+#define FTW_WRITE_TOTAL_SIZE(NumberOfWrites, PrivateDataSize) \
+ ( \
+ sizeof (EFI_FAULT_TOLERANT_WRITE_HEADER) + (UINTN) (NumberOfWrites) * \
+ (sizeof (EFI_FAULT_TOLERANT_WRITE_RECORD) + (UINTN) PrivateDataSize) \
+ )
+
#endif
|