From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>, Eric Dong <eric.dong@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>, Ruiyu Ni <ruiyu.ni@intel.com>
Subject: [PATCH] MdeModulePkg/PiSmmCore: fix #PF caused by freeing read-only memory
Date: Thu, 15 Mar 2018 14:22:02 +0800 [thread overview]
Message-ID: <20180315062202.7456-1-jian.j.wang@intel.com> (raw)
SMM core will add a HEADER before each allocated pool memory and clean
up this header once it's freed. If a block of allocated pool is marked
as read-only after allocation (EfiRuntimeServicesCode type of pool in
SMM will always be marked as read-only), #PF exception will be triggered
during memory pool freeing.
Normally EfiRuntimeServicesCode type of pool should not be freed in the
real world. But some test suites will actually do memory free for all
types of memory for the purpose of functionality and conformance test.
So this issue should be fixed anyway.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
index f9657f9baa..d5556eb79c 100644
--- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
+++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
@@ -941,6 +941,7 @@ AdjustMemoryF (
EFI_PHYSICAL_ADDRESS MemoryToTest;
UINTN PagesToFree;
UINT64 GuardBitmap;
+ UINT64 Attributes;
if (Memory == NULL || NumberOfPages == NULL || *NumberOfPages == 0) {
return;
@@ -949,6 +950,27 @@ AdjustMemoryF (
Start = *Memory;
PagesToFree = *NumberOfPages;
+ //
+ // In case the memory to free is marked as read-only (e.g. EfiRuntimeServicesCode).
+ //
+ if (mSmmMemoryAttribute != NULL) {
+ Attributes = 0;
+ mSmmMemoryAttribute->GetMemoryAttributes (
+ mSmmMemoryAttribute,
+ Start,
+ EFI_PAGES_TO_SIZE (PagesToFree),
+ &Attributes
+ );
+ if ((Attributes & EFI_MEMORY_RO) != 0) {
+ mSmmMemoryAttribute->ClearMemoryAttributes (
+ mSmmMemoryAttribute,
+ Start,
+ EFI_PAGES_TO_SIZE (PagesToFree),
+ EFI_MEMORY_RO
+ );
+ }
+ }
+
//
// Head Guard must be one page before, if any.
//
--
2.16.2.windows.1
next reply other threads:[~2018-03-15 6:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-15 6:22 Jian J Wang [this message]
2018-03-15 6:55 ` [PATCH] MdeModulePkg/PiSmmCore: fix #PF caused by freeing read-only memory Ni, Ruiyu
2018-03-15 7:07 ` Wang, Jian J
2018-03-16 6:44 ` Ni, Ruiyu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180315062202.7456-1-jian.j.wang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox