diff options
| author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2020-03-25 15:54:09 +0100 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-03-26 10:34:14 +0000 |
| commit | d390920ed41ebdf78402288416a284cf8bcde620 (patch) | |
| tree | 196ab24b1b085722e1dbcd71759c14ee0d316b1c /ArmPkg/Library/ArmMmuLib/AArch64 | |
| parent | f52b30e73ddee9a3a609a6e5aa87e79cf4f50879 (diff) | |
| download | edk2-d390920ed41ebdf78402288416a284cf8bcde620.tar.gz edk2-d390920ed41ebdf78402288416a284cf8bcde620.tar.bz2 edk2-d390920ed41ebdf78402288416a284cf8bcde620.zip | |
ArmPkg/ArmMmuLib AARCH64: limit recursion when freeing page tables
FreePageTablesRecursive () traverses the page table tree depth first
to free all pages that it finds, without taking into account the
level at which it is operating.
Since TT_TYPE_TABLE_ENTRY aliases TT_TYPE_BLOCK_ENTRY_LEVEL3, we cannot
distinguish table entries from block entries unless we take the level
into account, and so we may be dereferencing garbage if we happen to
try and free a hierarchy of page tables that has level 3 pages in it.
Let's fix this by passing the level into FreePageTablesRecursive (),
and limit the recursion to levels < 3.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ashish Singhal <ashishsingha@nvidia.com>
Tested-by: Ashish Singhal <ashishsingha@nvidia.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'ArmPkg/Library/ArmMmuLib/AArch64')
| -rw-r--r-- | ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c index a43d468b73..d78918cf7b 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -142,15 +142,21 @@ ReplaceTableEntry ( STATIC
VOID
FreePageTablesRecursive (
- IN UINT64 *TranslationTable
+ IN UINT64 *TranslationTable,
+ IN UINTN Level
)
{
UINTN Index;
- for (Index = 0; Index < TT_ENTRY_COUNT; Index++) {
- if ((TranslationTable[Index] & TT_TYPE_MASK) == TT_TYPE_TABLE_ENTRY) {
- FreePageTablesRecursive ((VOID *)(UINTN)(TranslationTable[Index] &
- TT_ADDRESS_MASK_BLOCK_ENTRY));
+ ASSERT (Level <= 3);
+
+ if (Level < 3) {
+ for (Index = 0; Index < TT_ENTRY_COUNT; Index++) {
+ if ((TranslationTable[Index] & TT_TYPE_MASK) == TT_TYPE_TABLE_ENTRY) {
+ FreePageTablesRecursive ((VOID *)(UINTN)(TranslationTable[Index] &
+ TT_ADDRESS_MASK_BLOCK_ENTRY),
+ Level + 1);
+ }
}
}
FreePages (TranslationTable, 1);
@@ -254,7 +260,7 @@ UpdateRegionMappingRecursive ( // possible for existing table entries, since we cannot revert the
// modifications we made to the subhierarchy it represents.)
//
- FreePageTablesRecursive (TranslationTable);
+ FreePageTablesRecursive (TranslationTable, Level + 1);
}
return Status;
}
|