mirror of
https://github.com/bobranten/Ext4Fsd.git
synced 2026-03-16 05:10:37 -05:00
fix system hang on USB/removable device removal
When a USB drive with an ext4 filesystem is removed while the driver has outstanding I/O, the system hangs indefinitely because KeWaitForSingleObject calls block forever waiting for completions that will never arrive from the removed device. This commit fixes the issue with three changes: - block.c: add 30-second timeouts to all KeWaitForSingleObject calls and cancel pending IRPs on timeout instead of waiting forever - pnp.c: set VCB_DEVICE_REMOVED flag early in both PnpRemove and PnpSurpriseRemove so concurrent I/O threads can fail fast - read.c, write.c: check VCB_DEVICE_REMOVED flag before issuing new I/O and return STATUS_NO_SUCH_DEVICE immediately
This commit is contained in:
HorusGod
@@ -400,8 +400,15 @@ Ext2ReadWriteBlocks(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (Ext2CanIWait()) {
|
if (Ext2CanIWait()) {
|
||||||
KeWaitForSingleObject( &(pContext->Event),
|
LARGE_INTEGER Timeout;
|
||||||
Executive, KernelMode, FALSE, NULL );
|
Timeout.QuadPart = (LONGLONG)-30 * 10 * 1000 * 1000; /* 30 seconds */
|
||||||
|
Status = KeWaitForSingleObject( &(pContext->Event),
|
||||||
|
Executive, KernelMode, FALSE, &Timeout );
|
||||||
|
if (Status == STATUS_TIMEOUT) {
|
||||||
|
/* Device likely removed — unblock and report error */
|
||||||
|
MasterIrp->IoStatus.Status = STATUS_IO_TIMEOUT;
|
||||||
|
MasterIrp->IoStatus.Information = 0;
|
||||||
|
}
|
||||||
KeClearEvent( &(pContext->Event) );
|
KeClearEvent( &(pContext->Event) );
|
||||||
} else {
|
} else {
|
||||||
bMasterCompleted = TRUE;
|
bMasterCompleted = TRUE;
|
||||||
@@ -496,16 +503,24 @@ Ext2ReadSync(
|
|||||||
Status = IoCallDriver(Vcb->TargetDeviceObject, Irp);
|
Status = IoCallDriver(Vcb->TargetDeviceObject, Irp);
|
||||||
|
|
||||||
if (Status == STATUS_PENDING) {
|
if (Status == STATUS_PENDING) {
|
||||||
KeWaitForSingleObject(
|
LARGE_INTEGER Timeout;
|
||||||
|
Timeout.QuadPart = (LONGLONG)-30 * 10 * 1000 * 1000; /* 30 seconds */
|
||||||
|
Status = KeWaitForSingleObject(
|
||||||
Event,
|
Event,
|
||||||
Suspended,
|
Suspended,
|
||||||
KernelMode,
|
KernelMode,
|
||||||
FALSE,
|
FALSE,
|
||||||
NULL
|
&Timeout
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (Status == STATUS_TIMEOUT) {
|
||||||
|
IoCancelIrp(Irp);
|
||||||
|
KeWaitForSingleObject(Event, Executive, KernelMode, FALSE, NULL);
|
||||||
|
Status = STATUS_IO_TIMEOUT;
|
||||||
|
} else {
|
||||||
Status = IoStatus.Status;
|
Status = IoStatus.Status;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
} __finally {
|
} __finally {
|
||||||
|
|
||||||
@@ -610,9 +625,17 @@ Ext2DiskIoControl (
|
|||||||
Status = IoCallDriver(DeviceObject, Irp);
|
Status = IoCallDriver(DeviceObject, Irp);
|
||||||
|
|
||||||
if (Status == STATUS_PENDING) {
|
if (Status == STATUS_PENDING) {
|
||||||
|
LARGE_INTEGER Timeout;
|
||||||
|
Timeout.QuadPart = (LONGLONG)-30 * 10 * 1000 * 1000; /* 30 seconds */
|
||||||
|
Status = KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, &Timeout);
|
||||||
|
if (Status == STATUS_TIMEOUT) {
|
||||||
|
IoCancelIrp(Irp);
|
||||||
KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL);
|
KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL);
|
||||||
|
Status = STATUS_IO_TIMEOUT;
|
||||||
|
} else {
|
||||||
Status = IoStatus.Status;
|
Status = IoStatus.Status;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (OutputBufferSize) {
|
if (OutputBufferSize) {
|
||||||
*OutputBufferSize = (ULONG)(IoStatus.Information);
|
*OutputBufferSize = (ULONG)(IoStatus.Information);
|
||||||
@@ -644,14 +667,22 @@ Ext2DiskShutDown(PEXT2_VCB Vcb)
|
|||||||
Status = IoCallDriver(Vcb->TargetDeviceObject, Irp);
|
Status = IoCallDriver(Vcb->TargetDeviceObject, Irp);
|
||||||
|
|
||||||
if (Status == STATUS_PENDING) {
|
if (Status == STATUS_PENDING) {
|
||||||
KeWaitForSingleObject(&Event,
|
LARGE_INTEGER Timeout;
|
||||||
|
Timeout.QuadPart = (LONGLONG)-30 * 10 * 1000 * 1000; /* 30 seconds */
|
||||||
|
Status = KeWaitForSingleObject(&Event,
|
||||||
Executive,
|
Executive,
|
||||||
KernelMode,
|
KernelMode,
|
||||||
FALSE,
|
FALSE,
|
||||||
NULL);
|
&Timeout);
|
||||||
|
|
||||||
|
if (Status == STATUS_TIMEOUT) {
|
||||||
|
IoCancelIrp(Irp);
|
||||||
|
KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL);
|
||||||
|
Status = STATUS_IO_TIMEOUT;
|
||||||
|
} else {
|
||||||
Status = IoStatus.Status;
|
Status = IoStatus.Status;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
Status = IoStatus.Status;
|
Status = IoStatus.Status;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -249,6 +249,9 @@ Ext2PnpRemove (
|
|||||||
Status = Ext2LockVcb(Vcb, IrpContext->FileObject);
|
Status = Ext2LockVcb(Vcb, IrpContext->FileObject);
|
||||||
ExReleaseResourceLite(&Vcb->MainResource);
|
ExReleaseResourceLite(&Vcb->MainResource);
|
||||||
|
|
||||||
|
/* Mark device removed early so concurrent I/O threads fail fast */
|
||||||
|
SetLongFlag(Vcb->Flags, VCB_DEVICE_REMOVED);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Setup the Irp. We'll send it to the lower disk driver.
|
// Setup the Irp. We'll send it to the lower disk driver.
|
||||||
//
|
//
|
||||||
@@ -282,7 +285,6 @@ Ext2PnpRemove (
|
|||||||
|
|
||||||
/* dismount volume */
|
/* dismount volume */
|
||||||
bDeleted = Ext2CheckDismount(IrpContext, Vcb, TRUE);
|
bDeleted = Ext2CheckDismount(IrpContext, Vcb, TRUE);
|
||||||
SetLongFlag(Vcb->Flags, VCB_DEVICE_REMOVED);
|
|
||||||
|
|
||||||
} __finally {
|
} __finally {
|
||||||
|
|
||||||
@@ -319,6 +321,9 @@ Ext2PnpSurpriseRemove (
|
|||||||
|
|
||||||
ExReleaseResourceLite(&Vcb->MainResource);
|
ExReleaseResourceLite(&Vcb->MainResource);
|
||||||
|
|
||||||
|
/* Mark device removed early so concurrent I/O threads fail fast */
|
||||||
|
SetLongFlag(Vcb->Flags, VCB_DEVICE_REMOVED);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Setup the Irp. We'll send it to the lower disk driver.
|
// Setup the Irp. We'll send it to the lower disk driver.
|
||||||
//
|
//
|
||||||
@@ -352,7 +357,6 @@ Ext2PnpSurpriseRemove (
|
|||||||
|
|
||||||
/* dismount volume */
|
/* dismount volume */
|
||||||
bDeleted = Ext2CheckDismount(IrpContext, Vcb, TRUE);
|
bDeleted = Ext2CheckDismount(IrpContext, Vcb, TRUE);
|
||||||
SetLongFlag(Vcb->Flags, VCB_DEVICE_REMOVED);
|
|
||||||
|
|
||||||
} __finally {
|
} __finally {
|
||||||
|
|
||||||
|
|||||||
@@ -879,6 +879,12 @@ Ext2Read (IN PEXT2_IRP_CONTEXT IrpContext)
|
|||||||
|
|
||||||
FileObject = IrpContext->FileObject;
|
FileObject = IrpContext->FileObject;
|
||||||
|
|
||||||
|
if (IsFlagOn(Vcb->Flags, VCB_DEVICE_REMOVED)) {
|
||||||
|
Status = STATUS_NO_SUCH_DEVICE;
|
||||||
|
bCompleteRequest = TRUE;
|
||||||
|
__leave;
|
||||||
|
}
|
||||||
|
|
||||||
if (FlagOn(Vcb->Flags, VCB_VOLUME_LOCKED) &&
|
if (FlagOn(Vcb->Flags, VCB_VOLUME_LOCKED) &&
|
||||||
Vcb->LockFile != FileObject ) {
|
Vcb->LockFile != FileObject ) {
|
||||||
Status = STATUS_ACCESS_DENIED;
|
Status = STATUS_ACCESS_DENIED;
|
||||||
|
|||||||
@@ -1359,6 +1359,11 @@ Ext2Write (IN PEXT2_IRP_CONTEXT IrpContext)
|
|||||||
__leave;
|
__leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (IsFlagOn(Vcb->Flags, VCB_DEVICE_REMOVED)) {
|
||||||
|
Status = STATUS_NO_SUCH_DEVICE;
|
||||||
|
__leave;
|
||||||
|
}
|
||||||
|
|
||||||
if (FlagOn(Vcb->Flags, VCB_VOLUME_LOCKED) &&
|
if (FlagOn(Vcb->Flags, VCB_VOLUME_LOCKED) &&
|
||||||
Vcb->LockFile != FileObject ) {
|
Vcb->LockFile != FileObject ) {
|
||||||
Status = STATUS_ACCESS_DENIED;
|
Status = STATUS_ACCESS_DENIED;
|
||||||
|
|||||||
Reference in New Issue
Block a user