From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 24E0C2202E480 for ; Wed, 14 Mar 2018 23:15:43 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Mar 2018 23:22:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="39058646" Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.71]) by orsmga001.jf.intel.com with ESMTP; 14 Mar 2018 23:22:05 -0700 From: Jian J Wang To: edk2-devel@lists.01.org Cc: Star Zeng , Eric Dong , Jiewen Yao , Ruiyu Ni Date: Thu, 15 Mar 2018 14:22:02 +0800 Message-Id: <20180315062202.7456-1-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 Subject: [PATCH] MdeModulePkg/PiSmmCore: fix #PF caused by freeing read-only memory X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2018 06:15:44 -0000 SMM core will add a HEADER before each allocated pool memory and clean up this header once it's freed. If a block of allocated pool is marked as read-only after allocation (EfiRuntimeServicesCode type of pool in SMM will always be marked as read-only), #PF exception will be triggered during memory pool freeing. Normally EfiRuntimeServicesCode type of pool should not be freed in the real world. But some test suites will actually do memory free for all types of memory for the purpose of functionality and conformance test. So this issue should be fixed anyway. Cc: Star Zeng Cc: Eric Dong Cc: Jiewen Yao Cc: Ruiyu Ni Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang --- MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c index f9657f9baa..d5556eb79c 100644 --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c @@ -941,6 +941,7 @@ AdjustMemoryF ( EFI_PHYSICAL_ADDRESS MemoryToTest; UINTN PagesToFree; UINT64 GuardBitmap; + UINT64 Attributes; if (Memory == NULL || NumberOfPages == NULL || *NumberOfPages == 0) { return; @@ -949,6 +950,27 @@ AdjustMemoryF ( Start = *Memory; PagesToFree = *NumberOfPages; + // + // In case the memory to free is marked as read-only (e.g. EfiRuntimeServicesCode). + // + if (mSmmMemoryAttribute != NULL) { + Attributes = 0; + mSmmMemoryAttribute->GetMemoryAttributes ( + mSmmMemoryAttribute, + Start, + EFI_PAGES_TO_SIZE (PagesToFree), + &Attributes + ); + if ((Attributes & EFI_MEMORY_RO) != 0) { + mSmmMemoryAttribute->ClearMemoryAttributes ( + mSmmMemoryAttribute, + Start, + EFI_PAGES_TO_SIZE (PagesToFree), + EFI_MEMORY_RO + ); + } + } + // // Head Guard must be one page before, if any. // -- 2.16.2.windows.1