From a30edc324e5a3c265d01d345bf33786faa6ae727 Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Thu, 15 Oct 2020 13:40:42 +0200
Subject: [PATCH] [NTOS:MM] Acquire MmSystemLoadLock in
 MiFindInitializationCode. CORE-16449

We might otherwise free the INIT section for an image that's in the
process of being loaded by Mm.
---
 ntoskrnl/mm/ARM3/sysldr.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ntoskrnl/mm/ARM3/sysldr.c b/ntoskrnl/mm/ARM3/sysldr.c
index c66f06c4fe8..92a31896205 100644
--- a/ntoskrnl/mm/ARM3/sysldr.c
+++ b/ntoskrnl/mm/ARM3/sysldr.c
@@ -1466,8 +1466,13 @@ MiFindInitializationCode(OUT PVOID *StartVa,
     /* Assume failure */
     *StartVa = NULL;
 
-    /* Enter a critical region while we loop the list */
+    /* Acquire the necessary lock while we loop the list */
     KeEnterCriticalRegion();
+    KeWaitForSingleObject(&MmSystemLoadLock,
+                          WrVirtualMemory,
+                          KernelMode,
+                          FALSE,
+                          NULL);
 
     /* Loop all loaded modules */
     NextEntry = PsLoadedModuleList.Flink;
@@ -1615,7 +1620,8 @@ MiFindInitializationCode(OUT PVOID *StartVa,
         NextEntry = NextEntry->Flink;
     }
 
-    /* Leave the critical region and return */
+    /* Release the lock and return */
+    KeReleaseMutant(&MmSystemLoadLock, 1, FALSE, FALSE);
     KeLeaveCriticalRegion();
 }