Today, StandaloneMmCore calls PeCoffLoaderRelocateImage() when loading
images, which calls PeCoffLoaderRelocateImageExtraAction(). On AARCH64,
this sets the image memory protections accordingly, RO + E on code
sections, RW + NX on data sections.
However, if an image fails to start (i.e. its entry point returns a
failure) StandaloneMmCore does not call the corresponding
PeCoffLoaderUnloadImage, which calls PeCoffLoaderUnloadImageExtraAction,
which on AARCH64 undoes the memory protections on the image, setting the
whole memory region back to RW + NX. The core then frees this memory
and the next allocation attempts to use it, which results in a data
abort if a read only memory region is attempted to be written to.
Theoretically, other instances of the PeCoffExtraActionLib could take
other actions and so regardless of architecture, the contract with the
PeCoffLoader should be maintained.
This patch calls PeCoffLoaderUnloadImage when an image's entry point
returns a failure, before freeing the image memory. This meets the
contract and follows the DXE core behavior.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
21cbba1bb3