[efi] Report failed control transfers as expected by the USB core

The USB core reuses the I/O buffer space occupied by the USB setup
packet to hold the completion status for message transfers, assuming
that the message() method will always strip the setup packet before
returning.  This assumption is correct for all of the hardware
controller drivers (XHCI, EHCI, and UHCI), since these drivers are
able to enqueue the transfer as a separate action from waiting for the
transfer to complete.

The EFI_USB_IO_PROTOCOL does not allow us to separate actions in this
way: there is only a single blocking method that both enqueues and
waits for completion.  Our usbio driver therefore currently defers
stripping the setup packet until the control endpoint is polled.

This causes a bug if a message transfer is enqueued but never polled
and is subsequently cancelled, since the cancellation will be reported
with the I/O buffer still containing the setup packet.  This breaks
the assumption that the setup packet has been stripped, and triggers
an assertion failure in usb_control_complete().

Fix by always stripping the setup packet in usbio_endpoint_message(),
and adjusting usbio_control_poll() to match.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/drivers/usb/usbio.c

 	}
 
 	/* Construct transfer */
-	assert ( iob_len ( iobuf ) >= sizeof ( *msg ) );
-	msg = iobuf->data;
+	msg = iob_push ( iobuf, sizeof ( *msg ) );
 	iob_pull ( iobuf, sizeof ( *msg ) );
 	request = le16_to_cpu ( msg->setup.request );
 	len = iob_len ( iobuf );
  */
 static int usbio_endpoint_message ( struct usb_endpoint *ep,
 				    struct io_buffer *iobuf ) {
+	struct usb_setup_packet *setup;
+
+	/* Adjust I/O buffer to start of data payload */
+	assert ( iob_len ( iobuf ) >= sizeof ( *setup ) );
+	iob_pull ( iobuf, sizeof ( *setup ) );
 
 	/* Enqueue transfer */
 	return usbio_endpoint_enqueue ( ep, iobuf, USBIO_MESSAGE );