From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruiyu.ni@intel.com>
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D51D981C59
 for <edk2-devel@lists.01.org>; Wed, 14 Dec 2016 02:03:11 -0800 (PST)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by fmsmga105.fm.intel.com with ESMTP; 14 Dec 2016 02:03:11 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,346,1477983600"; d="scan'208";a="1081658465"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by fmsmga001.fm.intel.com with ESMTP; 14 Dec 2016 02:03:11 -0800
Received: from fmsmsx125.amr.corp.intel.com (10.18.125.40) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Wed, 14 Dec 2016 02:03:11 -0800
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 FMSMSX125.amr.corp.intel.com (10.18.125.40) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Wed, 14 Dec 2016 02:03:11 -0800
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.11]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.77]) with mapi id 14.03.0248.002;
 Wed, 14 Dec 2016 18:03:07 +0800
From: "Ni, Ruiyu" <ruiyu.ni@intel.com>
To: Boaz Kahana <Boaz.Kahana@phoenix.com>
CC: "Tian, Feng" <feng.tian@intel.com>, "Ni, Ruiyu" <ruiyu.ni@intel.com>,
 "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Thread-Topic: [edk2] [PATCH] FatPkg/EnhancedFatDxe: Fix potential hang in
 async file IO
Thread-Index: AQHSVfETi3fHvuI2Z02b/aRhDt1ftqEHNm3Q
Date: Wed, 14 Dec 2016 10:03:06 +0000
Message-ID: <734D49CCEBEEF84792F5B80ED585239D5B8308C9@SHSMSX103.ccr.corp.intel.com>
References: <20161214100122.264152-1-ruiyu.ni@intel.com>
In-Reply-To: <20161214100122.264152-1-ruiyu.ni@intel.com>
Accept-Language: en-US, zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] FatPkg/EnhancedFatDxe: Fix potential hang in async file IO
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2016 10:03:11 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Boaz,
Could you please verify this patch in your failed system?
I cannot reproduce the issue in my environment.

Thanks/Ray

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Ruiyu Ni
> Sent: Wednesday, December 14, 2016 6:01 PM
> To: edk2-devel@lists.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Boaz Kahana
> <Boaz.Kahana@phoenix.com>
> Subject: [edk2] [PATCH] FatPkg/EnhancedFatDxe: Fix potential hang in asyn=
c
> file IO
>=20
> FatQueueTask() is running at TPL_APPLICATION, while
> FatDestroySubtask() is running at TPL_NOTIFY, it's possible for a task
> containing 2 sub tasks, when the for-loop executes GetNextNode (&Task-
> >Subtasks, Link), the memory occupied by Link is freed in
> FatDestroySubtask().
>=20
> The fix stores the next link in NextLink so that the delete in
> FatDestroySubtask() is safe.
>=20
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Boaz Kahana <Boaz.Kahana@phoenix.com>
> ---
>  FatPkg/EnhancedFatDxe/Misc.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
>=20
> diff --git a/FatPkg/EnhancedFatDxe/Misc.c b/FatPkg/EnhancedFatDxe/Misc.c
> index c035670..cef1acd 100644
> --- a/FatPkg/EnhancedFatDxe/Misc.c
> +++ b/FatPkg/EnhancedFatDxe/Misc.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Miscellaneous functions.
>=20
> -Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials are licensed and made
> available  under the terms and conditions of the BSD License which
> accompanies this  distribution. The full text of the license may be found=
 at
> @@ -132,6 +132,7 @@ FatQueueTask (  {
>    EFI_STATUS          Status;
>    LIST_ENTRY          *Link;
> +  LIST_ENTRY          *NextLink;
>    FAT_SUBTASK         *Subtask;
>=20
>    //
> @@ -149,9 +150,13 @@ FatQueueTask (
>    EfiReleaseLock (&FatTaskLock);
>=20
>    Status =3D EFI_SUCCESS;
> -  for ( Link =3D GetFirstNode (&Task->Subtasks)
> +  //
> +  // Use NextLink to store the next link since Link might be freed in
> + the end of previous loop,  // resulting next link cannot be retrieved f=
rom
> Link.
> +  //
> +  for ( Link =3D GetFirstNode (&Task->Subtasks), NextLink =3D GetNextNod=
e
> + (&Task->Subtasks, Link)
>        ; !IsNull (&Task->Subtasks, Link)
> -      ; Link =3D GetNextNode (&Task->Subtasks, Link)
> +      ; Link =3D NextLink, NextLink =3D GetNextNode (&Task->Subtasks, Li=
nk)
>        ) {
>      Subtask =3D CR (Link, FAT_SUBTASK, Link, FAT_SUBTASK_SIGNATURE);
>      if (Subtask->Write) {
> --
> 2.9.0.windows.1
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel