From ba9bf73d4803eeac62adb2d13e92e0eb870bcf17 Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Thu, 15 Oct 2020 13:42:13 +0200 Subject: [PATCH] [NTOS:MM] Acquire PsLoadedModuleResource when walking PsLoadedModuleList. CORE-16449 --- ntoskrnl/mm/ARM3/sysldr.c | 6 ++++-- ntoskrnl/mm/mminit.c | 4 +++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ntoskrnl/mm/ARM3/sysldr.c b/ntoskrnl/mm/ARM3/sysldr.c index 92a31896205..9d51898ec64 100644 --- a/ntoskrnl/mm/ARM3/sysldr.c +++ b/ntoskrnl/mm/ARM3/sysldr.c @@ -1466,13 +1466,14 @@ MiFindInitializationCode(OUT PVOID *StartVa, /* Assume failure */ *StartVa = NULL; - /* Acquire the necessary lock while we loop the list */ + /* Acquire the necessary locks while we loop the list */ KeEnterCriticalRegion(); KeWaitForSingleObject(&MmSystemLoadLock, WrVirtualMemory, KernelMode, FALSE, NULL); + ExAcquireResourceExclusiveLite(&PsLoadedModuleResource, TRUE); /* Loop all loaded modules */ NextEntry = PsLoadedModuleList.Flink; @@ -1620,7 +1621,8 @@ MiFindInitializationCode(OUT PVOID *StartVa, NextEntry = NextEntry->Flink; } - /* Release the lock and return */ + /* Release the locks and return */ + ExReleaseResourceLite(&PsLoadedModuleResource); KeReleaseMutant(&MmSystemLoadLock, 1, FALSE, FALSE); KeLeaveCriticalRegion(); } diff --git a/ntoskrnl/mm/mminit.c b/ntoskrnl/mm/mminit.c index 7c0bbd4efd4..4005b34e0f9 100644 --- a/ntoskrnl/mm/mminit.c +++ b/ntoskrnl/mm/mminit.c @@ -273,7 +273,8 @@ MmInitSystem(IN ULONG Phase, /* Initialize the balance set manager */ MmInitBsmThread(); - /* Loop the boot loaded images */ + /* Loop the boot loaded images (under lock) */ + ExAcquireResourceExclusiveLite(&PsLoadedModuleResource, TRUE); for (ListEntry = PsLoadedModuleList.Flink; ListEntry != &PsLoadedModuleList; ListEntry = ListEntry->Flink) @@ -284,6 +285,7 @@ MmInitSystem(IN ULONG Phase, /* Set up the image protection */ MiWriteProtectSystemImage(DataTableEntry->DllBase); } + ExReleaseResourceLite(&PsLoadedModuleResource); return TRUE; }