From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruiyu.ni@intel.com>
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id DDDD521AE30EC
 for <edk2-devel@lists.01.org>; Thu,  1 Jun 2017 04:39:20 -0700 (PDT)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga105.fm.intel.com with ESMTP; 01 Jun 2017 04:40:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.39,279,1493708400"; d="scan'208";a="975531834"
Received: from ray-dev.ccr.corp.intel.com ([10.239.9.1])
 by orsmga003.jf.intel.com with ESMTP; 01 Jun 2017 04:40:21 -0700
From: Ruiyu Ni <ruiyu.ni@intel.com>
To: edk2-devel@lists.01.org
Cc: Feng Tian <feng.tian@intel.com>, Star Zeng <star.zeng@intel.com>,
 Hao A Wu <hao.a.wu@intel.com>
Date: Thu,  1 Jun 2017 19:40:15 +0800
Message-Id: <20170601114016.134288-2-ruiyu.ni@intel.com>
X-Mailer: git-send-email 2.12.2.windows.2
In-Reply-To: <20170601114016.134288-1-ruiyu.ni@intel.com>
References: <20170601114016.134288-1-ruiyu.ni@intel.com>
Subject: [PATCH v2 1/2] MdeModulePkg/UsbBus: Fix system hang when failed to uninstall UsbIo
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2017 11:39:21 -0000

When "reconnect -r" is typed in shell, UsbFreeInterface() is called
to uninstall the UsbIo and DevicePath. But When a UsbIo is opened
by a driver and that driver rejects to close the UsbIo in Stop(),
the uninstall doesn't succeed.
But UsbFreeInterface () frees the DevicePath memory without check
whether the uninstall succeeds.
It leads to the DXE core database contain a DevicePath instance but
that instance's memory is freed.
Assertion happens when someone calls InstallProtocol(DevicePath)
because the InstallProtocol() checks all DevicePath instance to
find whether the same one exits in database.

We haven't seen any USB device driver which rejects to close UsbIo
in Stop(), but it's very likely.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
---
 MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c | 43 +++++++++++++++++++-----------
 1 file changed, 27 insertions(+), 16 deletions(-)

diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
index ea54d37c93..b0e6b835ac 100644
--- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
+++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
@@ -2,7 +2,7 @@
 
     Usb bus enumeration support.
 
-Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -53,28 +53,33 @@ UsbGetEndpointDesc (
 
   @param  UsbIf                 The USB interface to free.
 
+  @retval EFI_ACCESS_DENIED     The interface is still occupied.
+  @retval EFI_SUCCESS           The interface is freed.
 **/
-VOID
+EFI_STATUS
 UsbFreeInterface (
   IN USB_INTERFACE        *UsbIf
   )
 {
-  UsbCloseHostProtoByChild (UsbIf->Device->Bus, UsbIf->Handle);
+  EFI_STATUS              Status;
 
-  gBS->UninstallMultipleProtocolInterfaces (
-         UsbIf->Handle,
-         &gEfiDevicePathProtocolGuid,
-         UsbIf->DevicePath,
-         &gEfiUsbIoProtocolGuid,
-         &UsbIf->UsbIo,
-         NULL
-         );
+  UsbCloseHostProtoByChild (UsbIf->Device->Bus, UsbIf->Handle);
 
-  if (UsbIf->DevicePath != NULL) {
-    FreePool (UsbIf->DevicePath);
+  Status = gBS->UninstallMultipleProtocolInterfaces (
+                  UsbIf->Handle,
+                  &gEfiDevicePathProtocolGuid, UsbIf->DevicePath,
+                  &gEfiUsbIoProtocolGuid,      &UsbIf->UsbIo,
+                  NULL
+                  );
+  if (!EFI_ERROR (Status)) {
+    if (UsbIf->DevicePath != NULL) {
+      FreePool (UsbIf->DevicePath);
+    }
+    FreePool (UsbIf);
+  } else {
+    UsbOpenHostProtoByChild (UsbIf->Device->Bus, UsbIf->Handle);
   }
-
-  FreePool (UsbIf);
+  return Status;
 }
 
 
@@ -525,7 +530,13 @@ UsbRemoveConfig (
 
     Status = UsbDisconnectDriver (UsbIf);
     if (!EFI_ERROR (Status)) {
-      UsbFreeInterface (UsbIf);
+      Status = UsbFreeInterface (UsbIf);
+      if (EFI_ERROR (Status)) {
+        UsbConnectDriver (UsbIf);
+      }
+    }
+
+    if (!EFI_ERROR (Status)) {
       Device->Interfaces[Index] = NULL;
     } else {
       ReturnStatus = Status;
-- 
2.12.2.windows.2