From nobody Tue May  7 14:26:25 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1523941470175344.80925608080554;
 Mon, 16 Apr 2018 22:04:30 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id E05AA22590E3F;
	Mon, 16 Apr 2018 22:04:26 -0700 (PDT)
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 2B8BD22590E37
 for <edk2-devel@lists.01.org>; Mon, 16 Apr 2018 22:04:26 -0700 (PDT)
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 16 Apr 2018 22:04:25 -0700
Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.10])
 by orsmga008.jf.intel.com with ESMTP; 16 Apr 2018 22:04:24 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.120; helo=mga04.intel.com;
 envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.48,462,1517904000"; d="scan'208";a="34201954"
From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Date: Tue, 17 Apr 2018 13:04:21 +0800
Message-Id: <20180417050421.43036-1-hao.a.wu@intel.com>
X-Mailer: git-send-email 2.12.0.windows.1
Subject: [edk2] [PATCH] FatPkg/EnhancedFatDxe: Ensure traverse of subtasks
 is delete-safe
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Hao Wu <hao.a.wu@intel.com>, Ruiyu Ni <ruiyu.ni@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Within function FatQueueTask(), the traverse of FAT subtasks for
executing the disk read/write is not delete-safe.

For the below case:

FatDiskIo(): When non-blocking access, creates subtasks and creates
event (FatOnAccessComplete, NOTIFY level) when subtasks finish.

FatQueueTask(): Traverses the subtasks and submits them one by one at
Tpl lower than NOTIFY.

Disk R/W completes really quick.

FatOnAccessComplete(): Removes the finished subtask, causing the
traverse in FatQueueTask() broken.

This commits will refine the subtask traverse in FatQueueTask() to be
delete-safe.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
---
 FatPkg/EnhancedFatDxe/Misc.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/FatPkg/EnhancedFatDxe/Misc.c b/FatPkg/EnhancedFatDxe/Misc.c
index c035670bf7..af66b1d0e3 100644
--- a/FatPkg/EnhancedFatDxe/Misc.c
+++ b/FatPkg/EnhancedFatDxe/Misc.c
@@ -132,6 +132,7 @@ FatQueueTask (
 {
   EFI_STATUS          Status;
   LIST_ENTRY          *Link;
+  LIST_ENTRY          *NextLink;
   FAT_SUBTASK         *Subtask;
=20
   //
@@ -149,9 +150,17 @@ FatQueueTask (
   EfiReleaseLock (&FatTaskLock);
=20
   Status =3D EFI_SUCCESS;
-  for ( Link =3D GetFirstNode (&Task->Subtasks)
-      ; !IsNull (&Task->Subtasks, Link)
-      ; Link =3D GetNextNode (&Task->Subtasks, Link)
+  //
+  // Use NextLink to store the next link of the list, because Link might b=
e remove from the
+  // doubly-linked list and get freed in the end of current loop.
+  //
+  // Also, list operation APIs like IsNull() and GetNextNode() are avoided=
 during the loop, since
+  // they may check the validity of doubly-linked lists by traversing them=
. These APIs cannot
+  // handle list elements being removed during the traverse.
+  //
+  for ( Link =3D GetFirstNode (&Task->Subtasks), NextLink =3D GetNextNode =
(&Task->Subtasks, Link)
+      ; Link !=3D &Task->Subtasks
+      ; Link =3D NextLink, NextLink =3D Link->ForwardLink
       ) {
     Subtask =3D CR (Link, FAT_SUBTASK, Link, FAT_SUBTASK_SIGNATURE);
     if (Subtask->Write) {
--=20
2.12.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel