[PATCH v2] arm/xen: zero init memory region before returning to the heap

Fri, 31 Oct 2025 09:03:14 -0700 

The current implementation of 'free_init_memory()' fills the freed '__init'
and '__initdata' memory regions with a faulting instruction before unmapping
and returning them to the heap. However, after unmapping, any access to this
region will result in a page fault, making the instruction fill redundant.

Replace the instruction fill with a call to 'memset()', zeroing the entire
region before it is unmapped and returned to the allocator.

Additionally, this change resolves a violation of MISRA C:2012 Rule 11.3
(cast between pointer to object type and pointer to a different object type),
caused by performing a cast from a 'char *' to a 'uint32_t *' pointer to
write instructions directly into memory, which is not compliant with MISRA
guidelines.

No functional changes.

Signed-off-by: Dmytro Prokopchuk <[email protected]>
---
Changes in v2:
- replaced the instruction fill with a call to 'memset()'
- changed commit message appropriately

Link to v1:
https://patchew.org/Xen/680a7418c445381d68fc95f0e3cd03f574fdda86.1761672602.git.dmytro._5fprokopch...@epam.com/

Test CI pipeline:
https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/2132383252
---
 xen/arch/arm/mmu/setup.c | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c
index eb8ed19ca1..9b874f8ab2 100644
--- a/xen/arch/arm/mmu/setup.c
+++ b/xen/arch/arm/mmu/setup.c
@@ -479,9 +479,6 @@ void free_init_memory(void)
 {
     paddr_t pa = virt_to_maddr(__init_begin);
     unsigned long len = __init_end - __init_begin;
-    uint32_t insn;
-    unsigned int i, nr = len / sizeof(insn);
-    uint32_t *p;
     int rc;
 
     rc = modify_xen_mappings((unsigned long)__init_begin,
@@ -495,15 +492,8 @@ void free_init_memory(void)
      */
     invalidate_icache_local();
 
-#ifdef CONFIG_ARM_32
-    /* udf instruction i.e (see A8.8.247 in ARM DDI 0406C.c) */
-    insn = 0xe7f000f0;
-#else
-    insn = AARCH64_BREAK_FAULT;
-#endif
-    p = (uint32_t *)__init_begin;
-    for ( i = 0; i < nr; i++ )
-        *(p + i) = insn;
+    /* Zeroing the memory before returning it */
+    memset(__init_begin, 0, len);
 
     rc = destroy_xen_mappings((unsigned long)__init_begin,
                               (unsigned long)__init_end);
-- 
2.43.0

Reply via email to