https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a30edc324e5a3c265d01d… commit a30edc324e5a3c265d01d345bf33786faa6ae727 Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Thu Oct 15 13:40:42 2020 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Thu Oct 15 14:49:11 2020 +0200 [NTOS:MM] Acquire MmSystemLoadLock in MiFindInitializationCode. CORE-16449 We might otherwise free the INIT section for an image that's in the process of being loaded by Mm. --- ntoskrnl/mm/ARM3/sysldr.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/mm/ARM3/sysldr.c b/ntoskrnl/mm/ARM3/sysldr.c index c66f06c4fe8..92a31896205 100644 --- a/ntoskrnl/mm/ARM3/sysldr.c +++ b/ntoskrnl/mm/ARM3/sysldr.c @@ -1466,8 +1466,13 @@ MiFindInitializationCode(OUT PVOID *StartVa, /* Assume failure */ *StartVa = NULL; - /* Enter a critical region while we loop the list */ + /* Acquire the necessary lock while we loop the list */ KeEnterCriticalRegion(); + KeWaitForSingleObject(&MmSystemLoadLock, + WrVirtualMemory, + KernelMode, + FALSE, + NULL); /* Loop all loaded modules */ NextEntry = PsLoadedModuleList.Flink; @@ -1615,7 +1620,8 @@ MiFindInitializationCode(OUT PVOID *StartVa, NextEntry = NextEntry->Flink; } - /* Leave the critical region and return */ + /* Release the lock and return */ + KeReleaseMutant(&MmSystemLoadLock, 1, FALSE, FALSE); KeLeaveCriticalRegion(); }