diff options
| author | Jian J Wang <jian.j.wang@intel.com> | 2018-03-15 14:19:00 +0800 |
|---|---|---|
| committer | Star Zeng <star.zeng@intel.com> | 2018-03-16 15:14:32 +0800 |
| commit | db82ec1d2f3288907c7942614a58bed431f391ce (patch) | |
| tree | 93b6b995e375dc663a9d2c4b6a04d65641a1dfac | |
| parent | 6a46ff8910af17226a3d39a186da03d18f813a7e (diff) | |
| download | edk2-db82ec1d2f3288907c7942614a58bed431f391ce.tar.gz edk2-db82ec1d2f3288907c7942614a58bed431f391ce.tar.bz2 edk2-db82ec1d2f3288907c7942614a58bed431f391ce.zip | |
MdeModulePkg/PiSmmCore: fix #PF caused by freeing read-only memory
SMM core will add a HEADER before each allocated pool memory and clean
up this header once it's freed. If a block of allocated pool is marked
as read-only after allocation (EfiRuntimeServicesCode type of pool in
SMM will always be marked as read-only), #PF exception will be triggered
during memory pool freeing.
Normally EfiRuntimeServicesCode type of pool should not be freed in the
real world. But some test suites will actually do memory free for all
types of memory for the purpose of functionality and conformance test.
So this issue should be fixed anyway.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
(cherry picked from commit a2f32ef6ff173ef276a661520196fb04bbaec3f9)
| -rw-r--r-- | MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c index f9657f9baa..d5556eb79c 100644 --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c @@ -941,6 +941,7 @@ AdjustMemoryF ( EFI_PHYSICAL_ADDRESS MemoryToTest;
UINTN PagesToFree;
UINT64 GuardBitmap;
+ UINT64 Attributes;
if (Memory == NULL || NumberOfPages == NULL || *NumberOfPages == 0) {
return;
@@ -950,6 +951,27 @@ AdjustMemoryF ( PagesToFree = *NumberOfPages;
//
+ // In case the memory to free is marked as read-only (e.g. EfiRuntimeServicesCode).
+ //
+ if (mSmmMemoryAttribute != NULL) {
+ Attributes = 0;
+ mSmmMemoryAttribute->GetMemoryAttributes (
+ mSmmMemoryAttribute,
+ Start,
+ EFI_PAGES_TO_SIZE (PagesToFree),
+ &Attributes
+ );
+ if ((Attributes & EFI_MEMORY_RO) != 0) {
+ mSmmMemoryAttribute->ClearMemoryAttributes (
+ mSmmMemoryAttribute,
+ Start,
+ EFI_PAGES_TO_SIZE (PagesToFree),
+ EFI_MEMORY_RO
+ );
+ }
+ }
+
+ //
// Head Guard must be one page before, if any.
//
// MSB-> 1 0 <-LSB
|