yukawa
commented
1 month ago While I still cannot reproduce the issue locally, based on the information I got my current hypothesis is that broadFileSystemAccess capability given to SearchHost.exe is playing an interesting role.
When Mozc TIP DLL calls CreateFileW API to open config1.db, the process itself does not have sufficient permission to open it. Then broadFileSystemAccess capability takes place and Windows.Storage.OneCore.dll attempts brokered file access after initializing the thread with RoInitialize() when not yet initialized. If this happens in a certain situation, TSF runtime gets confused and may start re-initializing Mozc TIP.
- TSF calls back into Mozc TIP
- Mozc TIP calls
CreateFileW() - The system invokes
RoInitialize()before returning fromCreateFileW() - TSF calls back into Mozc TIP before returning from
RoInitialize() - Now Mozc TIP is handling a reentrant callback.
The on-going issue looks to be a deadlock due to non-reentrant lock.
- TSF calls back into Mozc TIP
- Mozc TIP acquires a non-reentrant lock.
- Mozc TIP calls
CreateFileW() - The system invokes
RoInitialize()before returning fromCreateFileW() - TSF calls back into Mozc TIP before returning from
RoInitialize() - Now Mozc TIP is handling a reentrant callback.
- Mozc TIP tries to acquire the same non-reentrant lock, which causes a dead lock.
To confirm that SearchHost.exe has broadFileSystemAccess capability, you can find the following SID in its process.
S-1-15-3-1024-3247244612-4072385457-573406302-3159362907-4108726569-214783218-394353107-2658650418
There are some reports that SearchHost.exe freezes with Mozc built with
BRANDING=GoogleJapaneseInput.Through bisect investigations, I figured out 68e99df9805875b1a5b9906652aa967678ac59bf is the change of this issue. It modified FileUtil::CreateDirectory.
We should update FileUtil::CreateDirectory again to address the problem.
As a tricky point, this issue is reported only on
BRANDING=GoogleJapaneseInputandchannel_dev=0.References: