From 0ac28aa703459df60e9f18348fb1d4f73d5c042c Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Mon, 16 Apr 2012 15:22:35 -0400
Subject: [PATCH] Windows: Drop Fcb Resource across SetEOF and SetAllocation

If the file size or allocation is being altered, we must hold
the PagingResource and drop the Fcb Resource.  Dropping the
Fcb resource is necessary to avoid a deadlock with TrendMicro's
filter if the size is set to zero and acquiring the PagingResource
is necessary to prevent races now that the Fcb Resource is no
longer held.

Change-Id: Ie72a018adc52c479a4bb2469b2b1abe317644e8b
Reviewed-on: http://gerrit.openafs.org/7224
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
---
 src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp | 73 +++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp b/src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp
index e81e9a7b0..a0188d0f0 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp
@@ -747,6 +747,12 @@ try_exit:
                       "EXCEPTION - AFSSetFileInfo\n");
 
         ntStatus = STATUS_UNSUCCESSFUL;
+
+        if( bReleaseMain)
+        {
+
+            AFSReleaseResource( &pFcb->NPFcb->Resource);
+        }
     }
 
     AFSCompleteRequest( Irp,
@@ -2745,6 +2751,7 @@ AFSSetAllocationInfo( IN PIRP Irp,
             //
             // If this is a truncation we need to grab the paging IO resource.
             //
+
             AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
                           AFS_TRACE_LEVEL_VERBOSE,
                           "AFSSetAllocationInfo Acquiring Fcb PagingIo lock %08lX EXCL %08lX\n",
@@ -2756,6 +2763,13 @@ AFSSetAllocationInfo( IN PIRP Irp,
 
             bReleasePaging = TRUE;
 
+            //
+            // Must drop the Fcb Resource.  When changing the file size
+            // a deadlock can occur with Trend Micro's filter if the file
+            // size is set to zero.
+            //
+
+            AFSReleaseResource( &pFcb->NPFcb->Resource);
 
             pFcb->Header.AllocationSize = pBuffer->AllocationSize;
 
@@ -2786,6 +2800,26 @@ AFSSetAllocationInfo( IN PIRP Irp,
         //
         // Tell Cc if allocation is increased.
         //
+
+        AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
+                      AFS_TRACE_LEVEL_VERBOSE,
+                      "AFSSetAllocationInfo Acquiring Fcb PagingIo lock %08lX EXCL %08lX\n",
+                      &pFcb->NPFcb->PagingResource,
+                      PsGetCurrentThread());
+
+        AFSAcquireExcl( &pFcb->NPFcb->PagingResource,
+                        TRUE);
+
+        bReleasePaging = TRUE;
+
+        //
+        // Must drop the Fcb Resource.  When changing the file size
+        // a deadlock can occur with Trend Micro's filter if the file
+        // size is set to zero.
+        //
+
+        AFSReleaseResource( &pFcb->NPFcb->Resource);
+
         bTellCc = pBuffer->AllocationSize.QuadPart > pFcb->Header.AllocationSize.QuadPart;
 
         pFcb->Header.AllocationSize = pBuffer->AllocationSize;
@@ -2842,6 +2876,9 @@ AFSSetAllocationInfo( IN PIRP Irp,
     {
 
         AFSReleaseResource( &pFcb->NPFcb->PagingResource);
+
+        AFSAcquireExcl( &pFcb->NPFcb->Resource,
+                        TRUE);
     }
 
     return ntStatus;
@@ -2890,6 +2927,7 @@ AFSSetEndOfFileInfo( IN PIRP Irp,
             }
             else
             {
+
                 //
                 // If this is a truncation we need to grab the paging
                 // IO resource.
@@ -2905,6 +2943,14 @@ AFSSetEndOfFileInfo( IN PIRP Irp,
 
                 bReleasePaging = TRUE;
 
+                //
+                // Must drop the Fcb Resource.  When changing the file size
+                // a deadlock can occur with Trend Micro's filter if the file
+                // size is set to zero.
+                //
+
+                AFSReleaseResource( &pFcb->NPFcb->Resource);
+
                 pFcb->Header.AllocationSize = pBuffer->EndOfFile;
 
                 pFcb->Header.FileSize = pBuffer->EndOfFile;
@@ -2926,10 +2972,34 @@ AFSSetEndOfFileInfo( IN PIRP Irp,
         }
         else
         {
+
             //
             // extending the file, move EOF
             //
 
+            //
+            // If this is a truncation we need to grab the paging
+            // IO resource.
+            //
+            AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
+                          AFS_TRACE_LEVEL_VERBOSE,
+                          "AFSSetAllocationInfo Acquiring Fcb PagingIo lock %08lX EXCL %08lX\n",
+                          &pFcb->NPFcb->PagingResource,
+                          PsGetCurrentThread());
+
+            AFSAcquireExcl( &pFcb->NPFcb->PagingResource,
+                            TRUE);
+
+            bReleasePaging = TRUE;
+
+            //
+            // Must drop the Fcb Resource.  When changing the file size
+            // a deadlock can occur with Trend Micro's filter if the file
+            // size is set to zero.
+            //
+
+            AFSReleaseResource( &pFcb->NPFcb->Resource);
+
             pFcb->Header.FileSize = pBuffer->EndOfFile;
 
             pFcb->ObjectInformation->EndOfFile = pBuffer->EndOfFile;
@@ -2995,6 +3065,9 @@ AFSSetEndOfFileInfo( IN PIRP Irp,
     {
 
         AFSReleaseResource( &pFcb->NPFcb->PagingResource);
+
+        AFSAcquireExcl( &pFcb->NPFcb->Resource,
+                        TRUE);
     }
 
     return ntStatus;
-- 
2.39.5