From: Ruiyu Ni Date: Thu, 1 Jun 2017 10:27:23 +0000 (+0800) Subject: MdeModulePkg/UsbBus: Fix system hang when failed to uninstall UsbIo X-Git-Tag: edk2-stable201903~3974 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=b659b503fa7c43677ccab40d311dbab33366ee97 MdeModulePkg/UsbBus: Fix system hang when failed to uninstall UsbIo When "reconnect -r" is typed in shell, UsbFreeInterface() is called to uninstall the UsbIo and DevicePath. But When a UsbIo is opened by a driver and that driver rejects to close the UsbIo in Stop(), the uninstall doesn't succeed. But UsbFreeInterface () frees the DevicePath memory without check whether the uninstall succeeds. It leads to the DXE core database contain a DevicePath instance but that instance's memory is freed. Assertion happens when someone calls InstallProtocol(DevicePath) because the InstallProtocol() checks all DevicePath instance to find whether the same one exits in database. We haven't seen any USB device driver which rejects to close UsbIo in Stop(), but it's very likely. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni Reviewed-by: Feng Tian Reviewed-by: Star Zeng Cc: Hao A Wu --- diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c index ea54d37c93..b0e6b835ac 100644 --- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c +++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c @@ -2,7 +2,7 @@ Usb bus enumeration support. -Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -53,28 +53,33 @@ UsbGetEndpointDesc ( @param UsbIf The USB interface to free. + @retval EFI_ACCESS_DENIED The interface is still occupied. + @retval EFI_SUCCESS The interface is freed. **/ -VOID +EFI_STATUS UsbFreeInterface ( IN USB_INTERFACE *UsbIf ) { - UsbCloseHostProtoByChild (UsbIf->Device->Bus, UsbIf->Handle); + EFI_STATUS Status; - gBS->UninstallMultipleProtocolInterfaces ( - UsbIf->Handle, - &gEfiDevicePathProtocolGuid, - UsbIf->DevicePath, - &gEfiUsbIoProtocolGuid, - &UsbIf->UsbIo, - NULL - ); + UsbCloseHostProtoByChild (UsbIf->Device->Bus, UsbIf->Handle); - if (UsbIf->DevicePath != NULL) { - FreePool (UsbIf->DevicePath); + Status = gBS->UninstallMultipleProtocolInterfaces ( + UsbIf->Handle, + &gEfiDevicePathProtocolGuid, UsbIf->DevicePath, + &gEfiUsbIoProtocolGuid, &UsbIf->UsbIo, + NULL + ); + if (!EFI_ERROR (Status)) { + if (UsbIf->DevicePath != NULL) { + FreePool (UsbIf->DevicePath); + } + FreePool (UsbIf); + } else { + UsbOpenHostProtoByChild (UsbIf->Device->Bus, UsbIf->Handle); } - - FreePool (UsbIf); + return Status; } @@ -525,7 +530,13 @@ UsbRemoveConfig ( Status = UsbDisconnectDriver (UsbIf); if (!EFI_ERROR (Status)) { - UsbFreeInterface (UsbIf); + Status = UsbFreeInterface (UsbIf); + if (EFI_ERROR (Status)) { + UsbConnectDriver (UsbIf); + } + } + + if (!EFI_ERROR (Status)) { Device->Interfaces[Index] = NULL; } else { ReturnStatus = Status;