MdeModulePkg/Core: fix a logic hole in page free

[mirror_edk2.git] / MdeModulePkg / Core / Dxe / Mem / HeapGuard.c

diff --git a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
index 0f035043e15a2ead446f9b8d0de89f08a7df2dff..92753c7269acc0315277436912e65b95db748801 100644 (file)
--- a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
+++ b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
@@ -1127,11 +1127,26 @@ CoreConvertPagesWithGuard (
   IN EFI_MEMORY_TYPE  NewType\r
   )\r
 {\r
+  UINT64  OldStart;\r
+  UINTN   OldPages;\r
+\r
   if (NewType == EfiConventionalMemory) {\r
+    OldStart = Start;\r
+    OldPages = NumberOfPages;\r
+\r
     AdjustMemoryF (&Start, &NumberOfPages);\r
     if (NumberOfPages == 0) {\r
       return EFI_SUCCESS;\r
     }\r
+\r
+    //\r
+    // It's safe to unset Guard page inside memory lock because there should\r
+    // be no memory allocation occurred in updating memory page attribute at\r
+    // this point. And unsetting Guard page before free will prevent Guard\r
+    // page just freed back to pool from being allocated right away before\r
+    // marking it usable (from non-present to present).\r
+    //\r
+    UnsetGuardForMemory (OldStart, OldPages);\r
   } else {\r
     AdjustMemoryA (&Start, &NumberOfPages);\r
   }\r