1. Patchew
  2. Xen
  3. View series

[PATCH v2] arm/xen: zero init memory region before returning to the heap

Dmytro Prokopchuk1 posted 1 patch 1 month, 2 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/c2a15402f87de85c2733362ef3ebc3ffe55b231f.1761926280.git.dmytro._5Fprokopchuk1@epam.com
xen/arch/arm/mmu/setup.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
[PATCH v2] arm/xen: zero init memory region before returning to the heap
Posted by Dmytro Prokopchuk1 1 month, 2 weeks ago 
The current implementation of 'free_init_memory()' fills the freed '__init'
and '__initdata' memory regions with a faulting instruction before unmapping
and returning them to the heap. However, after unmapping, any access to this
region will result in a page fault, making the instruction fill redundant.

Replace the instruction fill with a call to 'memset()', zeroing the entire
region before it is unmapped and returned to the allocator.

Additionally, this change resolves a violation of MISRA C:2012 Rule 11.3
(cast between pointer to object type and pointer to a different object type),
caused by performing a cast from a 'char *' to a 'uint32_t *' pointer to
write instructions directly into memory, which is not compliant with MISRA
guidelines.

No functional changes.

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
---
Changes in v2:
- replaced the instruction fill with a call to 'memset()'
- changed commit message appropriately

Link to v1:
https://patchew.org/Xen/680a7418c445381d68fc95f0e3cd03f574fdda86.1761672602.git.dmytro._5Fprokopchuk1@epam.com/

Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2132383252
---
 xen/arch/arm/mmu/setup.c | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c
index eb8ed19ca1..9b874f8ab2 100644
--- a/xen/arch/arm/mmu/setup.c
+++ b/xen/arch/arm/mmu/setup.c
@@ -479,9 +479,6 @@ void free_init_memory(void)
 {
     paddr_t pa = virt_to_maddr(__init_begin);
     unsigned long len = __init_end - __init_begin;
-    uint32_t insn;
-    unsigned int i, nr = len / sizeof(insn);
-    uint32_t *p;
     int rc;
 
     rc = modify_xen_mappings((unsigned long)__init_begin,
@@ -495,15 +492,8 @@ void free_init_memory(void)
      */
     invalidate_icache_local();
 
-#ifdef CONFIG_ARM_32
-    /* udf instruction i.e (see A8.8.247 in ARM DDI 0406C.c) */
-    insn = 0xe7f000f0;
-#else
-    insn = AARCH64_BREAK_FAULT;
-#endif
-    p = (uint32_t *)__init_begin;
-    for ( i = 0; i < nr; i++ )
-        *(p + i) = insn;
+    /* Zeroing the memory before returning it */
+    memset(__init_begin, 0, len);
 
     rc = destroy_xen_mappings((unsigned long)__init_begin,
                               (unsigned long)__init_end);
-- 
2.43.0
Re: [PATCH v2] arm/xen: zero init memory region before returning to the heap
Posted by Luca Fancellu 1 month ago 
Hi Dmytro,

> On 31 Oct 2025, at 16:02, Dmytro Prokopchuk1 <dmytro_prokopchuk1@epam.com> wrote:
> 
> The current implementation of 'free_init_memory()' fills the freed '__init'
> and '__initdata' memory regions with a faulting instruction before unmapping
> and returning them to the heap. However, after unmapping, any access to this
> region will result in a page fault, making the instruction fill redundant.
> 
> Replace the instruction fill with a call to 'memset()', zeroing the entire
> region before it is unmapped and returned to the allocator.
> 
> Additionally, this change resolves a violation of MISRA C:2012 Rule 11.3
> (cast between pointer to object type and pointer to a different object type),
> caused by performing a cast from a 'char *' to a 'uint32_t *' pointer to
> write instructions directly into memory, which is not compliant with MISRA
> guidelines.
> 
> No functional changes.
> 
> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
> Acked-by: Julien Grall <jgrall@amazon.com>
> ---

Looks good to me, I’ve also tested on Arm64 and Arm32 qemu.

Reviewed-by: Luca Fancellu <luca.fancellu@arm.com>
Tested-by: Luca Fancellu <luca.fancellu@arm.com>

Cheers,
Luca
Re: [PATCH v2] arm/xen: zero init memory region before returning to the heap
Posted by Julien Grall 1 month, 1 week ago 
Hi Dmytro,

On 31/10/2025 16:02, Dmytro Prokopchuk1 wrote:
> The current implementation of 'free_init_memory()' fills the freed '__init'
> and '__initdata' memory regions with a faulting instruction before unmapping
> and returning them to the heap. However, after unmapping, any access to this
> region will result in a page fault, making the instruction fill redundant.
> 
> Replace the instruction fill with a call to 'memset()', zeroing the entire
> region before it is unmapped and returned to the allocator.
> 
> Additionally, this change resolves a violation of MISRA C:2012 Rule 11.3
> (cast between pointer to object type and pointer to a different object type),
> caused by performing a cast from a 'char *' to a 'uint32_t *' pointer to
> write instructions directly into memory, which is not compliant with MISRA
> guidelines.
> 
> No functional changes.
> 
> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>

Acked-by: Julien Grall <jgrall@amazon.com>

Cheers,

-- 
Julien Grall

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.