From a774fa8a6acf44b19e566c2da1bb416ef5d2983c Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Wed, 5 Dec 2012 13:07:08 -0500
Subject: [PATCH] Windows: AFSSetRenameInfo Drop TreeLocks MmForceSectionClosed

If the Target directory TreeLock is held across the
MmForceSectionClosed() call in AFSSetRenameInfo() Trend Micro's
TmPreFlt!TmpQueryFullName call can deadlock in its worker thread
when AFSCommonCreate() attempts to AFSLocateNameEntry() which
requires shared access to the TreeLock for the search.

Reorganize the Target Entry Exists case to call MmForceSectionClosed()
after the directory entry has been deleted.  That should throw
a monkey wrench into Trend Micro's attempt to scan it.

Change-Id: Ib8d4777fde257c0f2c93e2577caa6542c1b08c79
Reviewed-on: http://gerrit.openafs.org/8607
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp | 84 ++++++++++++++-------
 1 file changed, 55 insertions(+), 29 deletions(-)

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp b/src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp
index 2a96300fc..0d9d8965e 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSFileInfo.cpp
@@ -3151,6 +3151,59 @@ AFSSetRenameInfo( IN PIRP Irp)
             {
 
                 pTargetFcb = pTargetDirEntry->ObjectInformation->Fcb;
+            }
+
+            ASSERT( pTargetDirEntry->DirOpenReferenceCount > 0);
+
+            lCount = InterlockedDecrement( &pTargetDirEntry->DirOpenReferenceCount); // The count we added above
+
+            AFSDbgLogMsg( AFS_SUBSYSTEM_DIRENTRY_REF_COUNTING,
+                          AFS_TRACE_LEVEL_VERBOSE,
+                          "AFSSetRenameInfo Decrement count on %wZ DE %p Ccb %p Cnt %d\n",
+                          &pTargetDirEntry->NameInformation.FileName,
+                          pTargetDirEntry,
+                          pSrcCcb,
+                          lCount);
+
+            ASSERT( lCount >= 0);
+
+            if( lCount == 0)
+            {
+
+                AFSDbgLogMsg( AFS_SUBSYSTEM_FILE_PROCESSING,
+                              AFS_TRACE_LEVEL_VERBOSE,
+                              "AFSSetRenameInfo Deleting dir entry %p name %wZ\n",
+                              pTargetDirEntry,
+                              &pTargetDirEntry->NameInformation.FileName);
+
+                AFSDeleteDirEntry( pTargetParentObject,
+                                   pTargetDirEntry);
+            }
+
+            pTargetDirEntry = NULL;
+
+            if ( pTargetFcb != NULL)
+            {
+
+                //
+                // Do not hold TreeLocks across the MmForceSectionClosed() call as
+                // it can deadlock with Trend Micro's TmPreFlt!TmpQueryFullName
+                //
+
+                if( bReleaseTargetDirLock)
+                {
+                    AFSReleaseResource( pTargetParentObject->Specific.Directory.DirectoryNodeHdr.TreeLock);
+
+                    bReleaseTargetDirLock = FALSE;
+                }
+
+                if( bReleaseSourceDirLock)
+                {
+
+                    AFSReleaseResource( pSourceDirLock);
+
+                    bReleaseSourceDirLock = FALSE;
+                }
 
                 //
                 // MmForceSectionClosed() can eventually call back into AFSCleanup
@@ -3207,35 +3260,6 @@ AFSSetRenameInfo( IN PIRP Irp)
 
                 AFSReleaseResource( &pTargetFcb->NPFcb->Resource);
             }
-
-            ASSERT( pTargetDirEntry->DirOpenReferenceCount > 0);
-
-            lCount = InterlockedDecrement( &pTargetDirEntry->DirOpenReferenceCount); // The count we added above
-
-            AFSDbgLogMsg( AFS_SUBSYSTEM_DIRENTRY_REF_COUNTING,
-                          AFS_TRACE_LEVEL_VERBOSE,
-                          "AFSSetRenameInfo Decrement count on %wZ DE %p Ccb %p Cnt %d\n",
-                          &pTargetDirEntry->NameInformation.FileName,
-                          pTargetDirEntry,
-                          pSrcCcb,
-                          lCount);
-
-            ASSERT( lCount >= 0);
-
-            if( lCount == 0)
-            {
-
-                AFSDbgLogMsg( AFS_SUBSYSTEM_FILE_PROCESSING,
-                              AFS_TRACE_LEVEL_VERBOSE,
-                              "AFSSetRenameInfo Deleting dir entry %p name %wZ\n",
-                              pTargetDirEntry,
-                              &pTargetDirEntry->NameInformation.FileName);
-
-                AFSDeleteDirEntry( pTargetParentObject,
-                                   pTargetDirEntry);
-            }
-
-            pTargetDirEntry = NULL;
         }
 
 try_exit:
@@ -3269,11 +3293,13 @@ try_exit:
 
         if( bReleaseTargetDirLock)
         {
+
             AFSReleaseResource( pTargetParentObject->Specific.Directory.DirectoryNodeHdr.TreeLock);
         }
 
         if( bReleaseSourceDirLock)
         {
+
             AFSReleaseResource( pSourceDirLock);
         }
     }
-- 
2.39.5