[mirror_edk2.git] / MdeModulePkg / Universal / FaultTolerantWriteDxe / FaultTolerantWrite.c

/** @file\r
\r
  These are the common Fault Tolerant Write (FTW) functions that are shared\r
  by DXE FTW driver and SMM FTW driver.\r
\r
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "FaultTolerantWrite.h"\r
\r
//\r
// Fault Tolerant Write Protocol API\r
//\r
/**\r
  Query the largest block that may be updated in a fault tolerant manner.\r
\r
\r
  @param This            The pointer to this protocol instance.\r
  @param BlockSize       A pointer to a caller allocated UINTN that is updated to\r
                         indicate the size of the largest block that can be updated.\r
\r
  @return EFI_SUCCESS   The function completed successfully\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FtwGetMaxBlockSize (\r
  IN EFI_FAULT_TOLERANT_WRITE_PROTOCOL    *This,\r
  OUT UINTN                               *BlockSize\r
  )\r
{\r
  EFI_FTW_DEVICE  *FtwDevice;\r
\r
  if (!FeaturePcdGet(PcdFullFtwServiceEnable)) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  FtwDevice   = FTW_CONTEXT_FROM_THIS (This);\r
\r
  *BlockSize  = FtwDevice->SpareAreaLength;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Allocates space for the protocol to maintain information about writes.\r
  Since writes must be completed in a fault tolerant manner and multiple\r
  updates will require more resources to be successful, this function\r
  enables the protocol to ensure that enough space exists to track\r
  information about the upcoming writes.\r
\r
  All writes must be completed or aborted before another fault tolerant write can occur.\r
\r
  @param This            The pointer to this protocol instance.\r
  @param CallerId        The GUID identifying the write.\r
  @param PrivateDataSize The size of the caller's private data\r
                         that must be recorded for each write.\r
  @param NumberOfWrites  The number of fault tolerant block writes\r
                         that will need to occur.\r
\r
  @return EFI_SUCCESS        The function completed successfully\r
  @retval EFI_ABORTED        The function could not complete successfully.\r
  @retval EFI_ACCESS_DENIED  All allocated writes have not been completed.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FtwAllocate (\r
  IN EFI_FAULT_TOLERANT_WRITE_PROTOCOL    *This,\r
  IN EFI_GUID                             *CallerId,\r
  IN UINTN                                PrivateDataSize,\r
  IN UINTN                                NumberOfWrites\r
  )\r
{\r
  EFI_STATUS                      Status;\r
  UINTN                           Offset;\r
  EFI_FTW_DEVICE                  *FtwDevice;\r
  EFI_FAULT_TOLERANT_WRITE_HEADER *FtwHeader;\r
\r
  FtwDevice = FTW_CONTEXT_FROM_THIS (This);\r
\r
  Status    = WorkSpaceRefresh (FtwDevice);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
  //\r
  // Check if there is enough space for the coming allocation\r
  //\r
  if (FTW_WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceHeader->WriteQueueSize) {\r
    DEBUG ((EFI_D_ERROR, "Ftw: Allocate() request exceed Workspace, Caller: %g\n", CallerId));\r
    return EFI_BUFFER_TOO_SMALL;\r
  }\r
  //\r
  // Find the last write header and record.\r
  // If the FtwHeader is complete, skip the completed last write header/records\r
  //\r
  FtwHeader = FtwDevice->FtwLastWriteHeader;\r
\r
  //\r
  // Previous write has not completed, access denied.\r
  //\r
  if ((FtwHeader->HeaderAllocated == FTW_VALID_STATE) || (FtwHeader->WritesAllocated == FTW_VALID_STATE)) {\r
    return EFI_ACCESS_DENIED;\r
  }\r
  //\r
  // If workspace is not enough, then reclaim workspace\r
  //\r
  Offset = (UINT8 *) FtwHeader - (UINT8 *) FtwDevice->FtwWorkSpace;\r
  if (Offset + FTW_WRITE_TOTAL_SIZE (NumberOfWrites, PrivateDataSize) > FtwDevice->FtwWorkSpaceSize) {\r
    Status = FtwReclaimWorkSpace (FtwDevice, TRUE);\r
    if (EFI_ERROR (Status)) {\r
      return EFI_ABORTED;\r
    }\r
\r
    FtwHeader = FtwDevice->FtwLastWriteHeader;\r
  }\r
  //\r
  // Prepare FTW write header,\r
  // overwrite the buffer and write to workspace.\r
  //\r
  FtwHeader->WritesAllocated  = FTW_INVALID_STATE;\r
  FtwHeader->Complete         = FTW_INVALID_STATE;\r
  CopyMem (&FtwHeader->CallerId, CallerId, sizeof (EFI_GUID));\r
  FtwHeader->NumberOfWrites   = NumberOfWrites;\r
  FtwHeader->PrivateDataSize  = PrivateDataSize;\r
  FtwHeader->HeaderAllocated  = FTW_VALID_STATE;\r
\r
  Status = WriteWorkSpaceData (\r
             FtwDevice->FtwFvBlock,\r
             FtwDevice->WorkBlockSize,\r
             FtwDevice->FtwWorkSpaceLba,\r
             FtwDevice->FtwWorkSpaceBase + Offset,\r
             sizeof (EFI_FAULT_TOLERANT_WRITE_HEADER),\r
             (UINT8 *) FtwHeader\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
  //\r
  // Update Header->WriteAllocated as VALID\r
  //\r
  Status = FtwUpdateFvState (\r
            FtwDevice->FtwFvBlock,\r
            FtwDevice->WorkBlockSize,\r
            FtwDevice->FtwWorkSpaceLba,\r
            FtwDevice->FtwWorkSpaceBase + Offset,\r
            WRITES_ALLOCATED\r
            );\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  DEBUG (\r
    (EFI_D_INFO,\r
    "Ftw: Allocate() success, Caller:%g, # %d\n",\r
    CallerId,\r
    NumberOfWrites)\r
    );\r
\r
  return EFI_SUCCESS;\r
}\r
\r
\r
/**\r
  Write a record with fault tolerant manner.\r
  Since the content has already backuped in spare block, the write is\r
  guaranteed to be completed with fault tolerant manner.\r
\r
  @param This            The pointer to this protocol instance.\r
  @param Fvb             The FVB protocol that provides services for\r
                         reading, writing, and erasing the target block.\r
  @param BlockSize       The size of the block.\r
\r
  @retval  EFI_SUCCESS          The function completed successfully\r
  @retval  EFI_ABORTED          The function could not complete successfully\r
\r
**/\r
EFI_STATUS\r
FtwWriteRecord (\r
  IN EFI_FAULT_TOLERANT_WRITE_PROTOCOL     *This,\r
  IN EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL    *Fvb,\r
  IN UINTN                                 BlockSize\r
  )\r
{\r
  EFI_STATUS                      Status;\r
  EFI_FTW_DEVICE                  *FtwDevice;\r
  EFI_FAULT_TOLERANT_WRITE_HEADER *Header;\r
  EFI_FAULT_TOLERANT_WRITE_RECORD *Record;\r
  UINTN                           Offset;\r
  UINTN                           NumberOfWriteBlocks;\r
\r
  FtwDevice = FTW_CONTEXT_FROM_THIS (This);\r
\r
  //\r
  // Spare Complete but Destination not complete,\r
  // Recover the target block with the spare block.\r
  //\r
  Header  = FtwDevice->FtwLastWriteHeader;\r
  Record  = FtwDevice->FtwLastWriteRecord;\r
\r
  //\r
  // IF target block is working block, THEN Flush Spare Block To Working Block;\r
  // ELSE flush spare block to target block, which may be boot block after all.\r
  //\r
  if (IsWorkingBlock (FtwDevice, Fvb, Record->Lba)) {\r
    //\r
    // If target block is working block,\r
    // it also need to set SPARE_COMPLETED to spare block.\r
    //\r
    Offset = (UINT8 *) Record - FtwDevice->FtwWorkSpace;\r
    Status = FtwUpdateFvState (\r
              FtwDevice->FtwBackupFvb,\r
              FtwDevice->SpareBlockSize,\r
              FtwDevice->FtwSpareLba + FtwDevice->FtwWorkSpaceLbaInSpare,\r
              FtwDevice->FtwWorkSpaceBaseInSpare + Offset,\r
              SPARE_COMPLETED\r
              );\r
    if (EFI_ERROR (Status)) {\r
      return EFI_ABORTED;\r
    }\r
\r
    Status = FlushSpareBlockToWorkingBlock (FtwDevice);\r
  } else if (IsBootBlock (FtwDevice, Fvb)) {\r
    //\r
    // Update boot block\r
    //\r
    Status = FlushSpareBlockToBootBlock (FtwDevice);\r
  } else {\r
    //\r
    // Update blocks other than working block or boot block\r
    //\r
    NumberOfWriteBlocks = FTW_BLOCKS ((UINTN) (Record->Offset + Record->Length), BlockSize);\r
    Status = FlushSpareBlockToTargetBlock (FtwDevice, Fvb, Record->Lba, BlockSize, NumberOfWriteBlocks);\r
  }\r
\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
  //\r
  // Record the DestionationComplete in record\r
  //\r
  Offset = (UINT8 *) Record - FtwDevice->FtwWorkSpace;\r
  Status = FtwUpdateFvState (\r
            FtwDevice->FtwFvBlock,\r
            FtwDevice->WorkBlockSize,\r
            FtwDevice->FtwWorkSpaceLba,\r
            FtwDevice->FtwWorkSpaceBase + Offset,\r
            DEST_COMPLETED\r
            );\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  Record->DestinationComplete = FTW_VALID_STATE;\r
\r
  //\r
  // If this is the last Write in these write sequence,\r
  // set the complete flag of write header.\r
  //\r
  if (IsLastRecordOfWrites (Header, Record)) {\r
    Offset = (UINT8 *) Header - FtwDevice->FtwWorkSpace;\r
    Status = FtwUpdateFvState (\r
              FtwDevice->FtwFvBlock,\r
              FtwDevice->WorkBlockSize,\r
              FtwDevice->FtwWorkSpaceLba,\r
              FtwDevice->FtwWorkSpaceBase + Offset,\r
              WRITES_COMPLETED\r
              );\r
    Header->Complete = FTW_VALID_STATE;\r
    if (EFI_ERROR (Status)) {\r
      return EFI_ABORTED;\r
    }\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Starts a target block update. This function will record data about write\r
  in fault tolerant storage and will complete the write in a recoverable\r
  manner, ensuring at all times that either the original contents or\r
  the modified contents are available.\r
\r
  @param This            The pointer to this protocol instance.\r
  @param Lba             The logical block address of the target block.\r
  @param Offset          The offset within the target block to place the data.\r
  @param Length          The number of bytes to write to the target block.\r
  @param PrivateData     A pointer to private data that the caller requires to\r
                         complete any pending writes in the event of a fault.\r
  @param FvBlockHandle   The handle of FVB protocol that provides services for\r
                         reading, writing, and erasing the target block.\r
  @param Buffer          The data to write.\r
\r
  @retval EFI_SUCCESS          The function completed successfully\r
  @retval EFI_ABORTED          The function could not complete successfully.\r
  @retval EFI_BAD_BUFFER_SIZE  The input data can't fit within the spare block.\r
                               Offset + *NumBytes > SpareAreaLength.\r
  @retval EFI_ACCESS_DENIED    No writes have been allocated.\r
  @retval EFI_OUT_OF_RESOURCES Cannot allocate enough memory resource.\r
  @retval EFI_NOT_FOUND        Cannot find FVB protocol by handle.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FtwWrite (\r
  IN EFI_FAULT_TOLERANT_WRITE_PROTOCOL     *This,\r
  IN EFI_LBA                               Lba,\r
  IN UINTN                                 Offset,\r
  IN UINTN                                 Length,\r
  IN VOID                                  *PrivateData,\r
  IN EFI_HANDLE                            FvBlockHandle,\r
  IN VOID                                  *Buffer\r
  )\r
{\r
  EFI_STATUS                          Status;\r
  EFI_FTW_DEVICE                      *FtwDevice;\r
  EFI_FAULT_TOLERANT_WRITE_HEADER     *Header;\r
  EFI_FAULT_TOLERANT_WRITE_RECORD     *Record;\r
  EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL  *Fvb;\r
  UINTN                               MyLength;\r
  UINTN                               MyOffset;\r
  UINTN                               MyBufferSize;\r
  UINT8                               *MyBuffer;\r
  UINTN                               SpareBufferSize;\r
  UINT8                               *SpareBuffer;\r
  UINTN                               Index;\r
  UINT8                               *Ptr;\r
  EFI_PHYSICAL_ADDRESS                FvbPhysicalAddress;\r
  UINTN                               BlockSize;\r
  UINTN                               NumberOfBlocks;\r
  UINTN                               NumberOfWriteBlocks;\r
  UINTN                               WriteLength;\r
\r
  FtwDevice = FTW_CONTEXT_FROM_THIS (This);\r
\r
  Status    = WorkSpaceRefresh (FtwDevice);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  Header  = FtwDevice->FtwLastWriteHeader;\r
  Record  = FtwDevice->FtwLastWriteRecord;\r
\r
  if (IsErasedFlashBuffer ((UINT8 *) Header, sizeof (EFI_FAULT_TOLERANT_WRITE_HEADER))) {\r
    if (PrivateData == NULL) {\r
      //\r
      // Ftw Write Header is not allocated.\r
      // No additional private data, the private data size is zero. Number of record can be set to 1.\r
      //\r
      Status = FtwAllocate (This, &gEfiCallerIdGuid, 0, 1);\r
      if (EFI_ERROR (Status)) {\r
        return Status;\r
      }\r
    } else {\r
      //\r
      // Ftw Write Header is not allocated\r
      // Additional private data is not NULL, the private data size can't be determined.\r
      //\r
      DEBUG ((EFI_D_ERROR, "Ftw: no allocates space for write record!\n"));\r
      DEBUG ((EFI_D_ERROR, "Ftw: Allocate service should be called before Write service!\n"));\r
      return EFI_NOT_READY;\r
    }\r
  }\r
\r
  //\r
  // If Record is out of the range of Header, return access denied.\r
  //\r
  if (((UINTN) Record - (UINTN) Header) > FTW_WRITE_TOTAL_SIZE (Header->NumberOfWrites - 1, Header->PrivateDataSize)) {\r
    return EFI_ACCESS_DENIED;\r
  }\r
\r
  //\r
  // Check the COMPLETE flag of last write header\r
  //\r
  if (Header->Complete == FTW_VALID_STATE) {\r
    return EFI_ACCESS_DENIED;\r
  }\r
\r
  if (Record->DestinationComplete == FTW_VALID_STATE) {\r
    return EFI_ACCESS_DENIED;\r
  }\r
\r
  if ((Record->SpareComplete == FTW_VALID_STATE) && (Record->DestinationComplete != FTW_VALID_STATE)) {\r
    return EFI_NOT_READY;\r
  }\r
\r
  //\r
  // Get the FVB protocol by handle\r
  //\r
  Status = FtwGetFvbByHandle (FvBlockHandle, &Fvb);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_NOT_FOUND;\r
  }\r
\r
  Status = Fvb->GetPhysicalAddress (Fvb, &FvbPhysicalAddress);\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "Ftw: Write(), Get FVB physical address - %r\n", Status));\r
    return EFI_ABORTED;\r
  }\r
\r
  //\r
  // Now, one FVB has one type of BlockSize.\r
  //\r
  Status = Fvb->GetBlockSize (Fvb, 0, &BlockSize, &NumberOfBlocks);\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "Ftw: Write(), Get block size - %r\n", Status));\r
    return EFI_ABORTED;\r
  }\r
\r
  NumberOfWriteBlocks = FTW_BLOCKS (Offset + Length, BlockSize);\r
  DEBUG ((EFI_D_INFO, "Ftw: Write(), BlockSize - 0x%x, NumberOfWriteBlock - 0x%x\n", BlockSize, NumberOfWriteBlocks));\r
  WriteLength = NumberOfWriteBlocks * BlockSize;\r
\r
  //\r
  // Check if the input data can fit within the spare block.\r
  //\r
  if (WriteLength > FtwDevice->SpareAreaLength) {\r
    return EFI_BAD_BUFFER_SIZE;\r
  }\r
\r
  //\r
  // Set BootBlockUpdate FLAG if it's updating boot block.\r
  //\r
  if (IsBootBlock (FtwDevice, Fvb)) {\r
    Record->BootBlockUpdate = FTW_VALID_STATE;\r
    //\r
    // Boot Block and Spare Block should have same block size and block numbers.\r
    //\r
    ASSERT ((BlockSize == FtwDevice->SpareBlockSize) && (NumberOfWriteBlocks == FtwDevice->NumberOfSpareBlock));\r
  }\r
  //\r
  // Write the record to the work space.\r
  //\r
  Record->Lba     = Lba;\r
  Record->Offset  = Offset;\r
  Record->Length  = Length;\r
  Record->RelativeOffset = (INT64) (FvbPhysicalAddress + (UINTN) Lba * BlockSize) - (INT64) FtwDevice->SpareAreaAddress;\r
  if (PrivateData != NULL) {\r
    CopyMem ((Record + 1), PrivateData, (UINTN) Header->PrivateDataSize);\r
  }\r
\r
  MyOffset  = (UINT8 *) Record - FtwDevice->FtwWorkSpace;\r
  MyLength  = FTW_RECORD_SIZE (Header->PrivateDataSize);\r
\r
  Status = WriteWorkSpaceData (\r
             FtwDevice->FtwFvBlock,\r
             FtwDevice->WorkBlockSize,\r
             FtwDevice->FtwWorkSpaceLba,\r
             FtwDevice->FtwWorkSpaceBase + MyOffset,\r
             MyLength,\r
             (UINT8 *) Record\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
  //\r
  // Record has written to working block, then do the data.\r
  //\r
  //\r
  // Allocate a memory buffer\r
  //\r
  MyBufferSize  = WriteLength;\r
  MyBuffer      = AllocatePool (MyBufferSize);\r
  if (MyBuffer == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
  //\r
  // Read all original data from target block to memory buffer\r
  //\r
  Ptr = MyBuffer;\r
  for (Index = 0; Index < NumberOfWriteBlocks; Index += 1) {\r
    MyLength  = BlockSize;\r
    Status    = Fvb->Read (Fvb, Lba + Index, 0, &MyLength, Ptr);\r
    if (EFI_ERROR (Status)) {\r
      FreePool (MyBuffer);\r
      return EFI_ABORTED;\r
    }\r
\r
    Ptr += MyLength;\r
  }\r
  //\r
  // Overwrite the updating range data with\r
  // the input buffer content\r
  //\r
  CopyMem (MyBuffer + Offset, Buffer, Length);\r
\r
  //\r
  // Try to keep the content of spare block\r
  // Save spare block into a spare backup memory buffer (Sparebuffer)\r
  //\r
  SpareBufferSize = FtwDevice->SpareAreaLength;\r
  SpareBuffer     = AllocatePool (SpareBufferSize);\r
  if (SpareBuffer == NULL) {\r
    FreePool (MyBuffer);\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  Ptr = SpareBuffer;\r
  for (Index = 0; Index < FtwDevice->NumberOfSpareBlock; Index += 1) {\r
    MyLength = FtwDevice->SpareBlockSize;\r
    Status = FtwDevice->FtwBackupFvb->Read (\r
                                        FtwDevice->FtwBackupFvb,\r
                                        FtwDevice->FtwSpareLba + Index,\r
                                        0,\r
                                        &MyLength,\r
                                        Ptr\r
                                        );\r
    if (EFI_ERROR (Status)) {\r
      FreePool (MyBuffer);\r
      FreePool (SpareBuffer);\r
      return EFI_ABORTED;\r
    }\r
\r
    Ptr += MyLength;\r
  }\r
  //\r
  // Write the memory buffer to spare block\r
  // Do not assume Spare Block and Target Block have same block size\r
  //\r
  Status  = FtwEraseSpareBlock (FtwDevice);\r
  if (EFI_ERROR (Status)) {\r
    FreePool (MyBuffer);\r
    FreePool (SpareBuffer);\r
    return EFI_ABORTED;\r
  }\r
  Ptr     = MyBuffer;\r
  for (Index = 0; MyBufferSize > 0; Index += 1) {\r
    if (MyBufferSize > FtwDevice->SpareBlockSize) {\r
      MyLength = FtwDevice->SpareBlockSize;\r
    } else {\r
      MyLength = MyBufferSize;\r
    }\r
    Status = FtwDevice->FtwBackupFvb->Write (\r
                                        FtwDevice->FtwBackupFvb,\r
                                        FtwDevice->FtwSpareLba + Index,\r
                                        0,\r
                                        &MyLength,\r
                                        Ptr\r
                                        );\r
    if (EFI_ERROR (Status)) {\r
      FreePool (MyBuffer);\r
      FreePool (SpareBuffer);\r
      return EFI_ABORTED;\r
    }\r
\r
    Ptr += MyLength;\r
    MyBufferSize -= MyLength;\r
  }\r
  //\r
  // Free MyBuffer\r
  //\r
  FreePool (MyBuffer);\r
\r
  //\r
  // Set the SpareComplete in the FTW record,\r
  //\r
  MyOffset = (UINT8 *) Record - FtwDevice->FtwWorkSpace;\r
  Status = FtwUpdateFvState (\r
            FtwDevice->FtwFvBlock,\r
            FtwDevice->WorkBlockSize,\r
            FtwDevice->FtwWorkSpaceLba,\r
            FtwDevice->FtwWorkSpaceBase + MyOffset,\r
            SPARE_COMPLETED\r
            );\r
  if (EFI_ERROR (Status)) {\r
    FreePool (SpareBuffer);\r
    return EFI_ABORTED;\r
  }\r
\r
  Record->SpareComplete = FTW_VALID_STATE;\r
\r
  //\r
  //  Since the content has already backuped in spare block, the write is\r
  //  guaranteed to be completed with fault tolerant manner.\r
  //\r
  Status = FtwWriteRecord (This, Fvb, BlockSize);\r
  if (EFI_ERROR (Status)) {\r
    FreePool (SpareBuffer);\r
    return EFI_ABORTED;\r
  }\r
  //\r
  // Restore spare backup buffer into spare block , if no failure happened during FtwWrite.\r
  //\r
  Status  = FtwEraseSpareBlock (FtwDevice);\r
  if (EFI_ERROR (Status)) {\r
    FreePool (SpareBuffer);\r
    return EFI_ABORTED;\r
  }\r
  Ptr     = SpareBuffer;\r
  for (Index = 0; Index < FtwDevice->NumberOfSpareBlock; Index += 1) {\r
    MyLength = FtwDevice->SpareBlockSize;\r
    Status = FtwDevice->FtwBackupFvb->Write (\r
                                        FtwDevice->FtwBackupFvb,\r
                                        FtwDevice->FtwSpareLba + Index,\r
                                        0,\r
                                        &MyLength,\r
                                        Ptr\r
                                        );\r
    if (EFI_ERROR (Status)) {\r
      FreePool (SpareBuffer);\r
      return EFI_ABORTED;\r
    }\r
\r
    Ptr += MyLength;\r
  }\r
  //\r
  // All success.\r
  //\r
  FreePool (SpareBuffer);\r
\r
  DEBUG (\r
    (EFI_D_INFO,\r
    "Ftw: Write() success, (Lba:Offset)=(%lx:0x%x), Length: 0x%x\n",\r
    Lba,\r
    Offset,\r
    Length)\r
    );\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Restarts a previously interrupted write. The caller must provide the\r
  block protocol needed to complete the interrupted write.\r
\r
  @param This            The pointer to this protocol instance.\r
  @param FvBlockHandle   The handle of FVB protocol that provides services for\r
                         reading, writing, and erasing the target block.\r
\r
  @retval  EFI_SUCCESS          The function completed successfully\r
  @retval  EFI_ACCESS_DENIED    No pending writes exist\r
  @retval  EFI_NOT_FOUND        FVB protocol not found by the handle\r
  @retval  EFI_ABORTED          The function could not complete successfully\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FtwRestart (\r
  IN EFI_FAULT_TOLERANT_WRITE_PROTOCOL     *This,\r
  IN EFI_HANDLE                            FvBlockHandle\r
  )\r
{\r
  EFI_STATUS                          Status;\r
  EFI_FTW_DEVICE                      *FtwDevice;\r
  EFI_FAULT_TOLERANT_WRITE_HEADER     *Header;\r
  EFI_FAULT_TOLERANT_WRITE_RECORD     *Record;\r
  EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL  *Fvb;\r
  UINTN                               BlockSize;\r
  UINTN                               NumberOfBlocks;\r
\r
  FtwDevice = FTW_CONTEXT_FROM_THIS (This);\r
\r
  Status    = WorkSpaceRefresh (FtwDevice);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  Header  = FtwDevice->FtwLastWriteHeader;\r
  Record  = FtwDevice->FtwLastWriteRecord;\r
\r
  //\r
  // Spare Complete but Destination not complete,\r
  // Recover the targt block with the spare block.\r
  //\r
  Status = FtwGetFvbByHandle (FvBlockHandle, &Fvb);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_NOT_FOUND;\r
  }\r
\r
  //\r
  // Now, one FVB has one type of BlockSize\r
  //\r
  Status = Fvb->GetBlockSize (Fvb, 0, &BlockSize, &NumberOfBlocks);\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_ERROR, "Ftw: Restart(), Get block size - %r\n", Status));\r
    return EFI_ABORTED;\r
  }\r
\r
  //\r
  // Check the COMPLETE flag of last write header\r
  //\r
  if (Header->Complete == FTW_VALID_STATE) {\r
    return EFI_ACCESS_DENIED;\r
  }\r
\r
  //\r
  // Check the flags of last write record\r
  //\r
  if (Record->DestinationComplete == FTW_VALID_STATE) {\r
    return EFI_ACCESS_DENIED;\r
  }\r
\r
  if ((Record->SpareComplete != FTW_VALID_STATE)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  //\r
  //  Since the content has already backuped in spare block, the write is\r
  //  guaranteed to be completed with fault tolerant manner.\r
  //\r
  Status = FtwWriteRecord (This, Fvb, BlockSize);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  //\r
  // Erase Spare block\r
  // This is restart, no need to keep spareblock content.\r
  //\r
  Status = FtwEraseSpareBlock (FtwDevice);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  DEBUG ((EFI_D_INFO, "%a(): success\n", __FUNCTION__));\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Aborts all previous allocated writes.\r
\r
  @param This                  The pointer to this protocol instance.\r
\r
  @retval EFI_SUCCESS          The function completed successfully\r
  @retval EFI_ABORTED          The function could not complete successfully.\r
  @retval EFI_NOT_FOUND        No allocated writes exist.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FtwAbort (\r
  IN EFI_FAULT_TOLERANT_WRITE_PROTOCOL     *This\r
  )\r
{\r
  EFI_STATUS      Status;\r
  UINTN           Offset;\r
  EFI_FTW_DEVICE  *FtwDevice;\r
\r
  FtwDevice = FTW_CONTEXT_FROM_THIS (This);\r
\r
  Status    = WorkSpaceRefresh (FtwDevice);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  if (FtwDevice->FtwLastWriteHeader->HeaderAllocated != FTW_VALID_STATE) {\r
    return EFI_NOT_FOUND;\r
  }\r
\r
  if (FtwDevice->FtwLastWriteHeader->Complete == FTW_VALID_STATE) {\r
    return EFI_NOT_FOUND;\r
  }\r
  //\r
  // Update the complete state of the header as VALID and abort.\r
  //\r
  Offset = (UINT8 *) FtwDevice->FtwLastWriteHeader - FtwDevice->FtwWorkSpace;\r
  Status = FtwUpdateFvState (\r
            FtwDevice->FtwFvBlock,\r
            FtwDevice->WorkBlockSize,\r
            FtwDevice->FtwWorkSpaceLba,\r
            FtwDevice->FtwWorkSpaceBase + Offset,\r
            WRITES_COMPLETED\r
            );\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  FtwDevice->FtwLastWriteHeader->Complete = FTW_VALID_STATE;\r
\r
  DEBUG ((EFI_D_INFO, "%a(): success\n", __FUNCTION__));\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Starts a target block update. This records information about the write\r
  in fault tolerant storage and will complete the write in a recoverable\r
  manner, ensuring at all times that either the original contents or\r
  the modified contents are available.\r
\r
  @param This            The pointer to this protocol instance.\r
  @param CallerId        The GUID identifying the last write.\r
  @param Lba             The logical block address of the last write.\r
  @param Offset          The offset within the block of the last write.\r
  @param Length          The length of the last write.\r
  @param PrivateDataSize bytes from the private data\r
                         stored for this write.\r
  @param PrivateData     A pointer to a buffer. The function will copy\r
  @param Complete        A Boolean value with TRUE indicating\r
                         that the write was completed.\r
\r
  @retval EFI_SUCCESS           The function completed successfully\r
  @retval EFI_ABORTED           The function could not complete successfully\r
  @retval EFI_NOT_FOUND         No allocated writes exist\r
  @retval EFI_BUFFER_TOO_SMALL  Input buffer is not larget enough\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FtwGetLastWrite (\r
  IN EFI_FAULT_TOLERANT_WRITE_PROTOCOL     *This,\r
  OUT EFI_GUID                             *CallerId,\r
  OUT EFI_LBA                              *Lba,\r
  OUT UINTN                                *Offset,\r
  OUT UINTN                                *Length,\r
  IN OUT UINTN                             *PrivateDataSize,\r
  OUT VOID                                 *PrivateData,\r
  OUT BOOLEAN                              *Complete\r
  )\r
{\r
  EFI_STATUS                      Status;\r
  EFI_FTW_DEVICE                  *FtwDevice;\r
  EFI_FAULT_TOLERANT_WRITE_HEADER *Header;\r
  EFI_FAULT_TOLERANT_WRITE_RECORD *Record;\r
\r
  if (!FeaturePcdGet(PcdFullFtwServiceEnable)) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  FtwDevice = FTW_CONTEXT_FROM_THIS (This);\r
\r
  Status    = WorkSpaceRefresh (FtwDevice);\r
  if (EFI_ERROR (Status)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  Header  = FtwDevice->FtwLastWriteHeader;\r
  Record  = FtwDevice->FtwLastWriteRecord;\r
\r
  //\r
  // If Header is incompleted and the last record has completed, then\r
  // call Abort() to set the Header->Complete FLAG.\r
  //\r
  if ((Header->Complete != FTW_VALID_STATE) &&\r
      (Record->DestinationComplete == FTW_VALID_STATE) &&\r
      IsLastRecordOfWrites (Header, Record)\r
        ) {\r
\r
    Status    = FtwAbort (This);\r
    *Complete = TRUE;\r
    return EFI_NOT_FOUND;\r
  }\r
  //\r
  // If there is no write header/record, return not found.\r
  //\r
  if (Header->HeaderAllocated != FTW_VALID_STATE) {\r
    *Complete = TRUE;\r
    return EFI_NOT_FOUND;\r
  }\r
  //\r
  // If this record SpareComplete has not set, then it can not restart.\r
  //\r
  if (Record->SpareComplete != FTW_VALID_STATE) {\r
    Status = GetPreviousRecordOfWrites (Header, &Record);\r
    if (EFI_ERROR (Status)) {\r
      FtwAbort (This);\r
      *Complete = TRUE;\r
      return EFI_NOT_FOUND;\r
    }\r
    ASSERT (Record != NULL);\r
  }\r
\r
  //\r
  // Fill all the requested values\r
  //\r
  CopyMem (CallerId, &Header->CallerId, sizeof (EFI_GUID));\r
  *Lba      = Record->Lba;\r
  *Offset   = (UINTN) Record->Offset;\r
  *Length   = (UINTN) Record->Length;\r
  *Complete = (BOOLEAN) (Record->DestinationComplete == FTW_VALID_STATE);\r
\r
  if (*PrivateDataSize < Header->PrivateDataSize) {\r
    *PrivateDataSize  = (UINTN) Header->PrivateDataSize;\r
    PrivateData       = NULL;\r
    Status            = EFI_BUFFER_TOO_SMALL;\r
  } else {\r
    *PrivateDataSize = (UINTN) Header->PrivateDataSize;\r
    CopyMem (PrivateData, Record + 1, *PrivateDataSize);\r
    Status = EFI_SUCCESS;\r
  }\r
\r
  DEBUG ((EFI_D_INFO, "%a(): success\n", __FUNCTION__));\r
\r
  return Status;\r
}\r
\r