x86: Clear .brk area at early boot

jgross1 · suryasaimadhu · commit 38fa5479b413 · 2022-07-01T11:11:34.000+02:00
The .brk section has the same properties as .bss: it is an alloc-only section and should be cleared before being used. Not doing so is especially a problem for Xen PV guests, as the hypervisor will validate page tables (check for writable page tables and hypervisor private bits) before accepting them to be used. Make sure .brk is initially zero by letting clear_bss() clear the brk area, too. Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lore.kernel.org/r/20220630071441.28576-3-jgross@suse.com
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
@@ -430,6 +430,8 @@ void __init clear_bss(void)
 {
 	memset(__bss_start, 0,
 	       (unsigned long) __bss_stop - (unsigned long) __bss_start);
+	memset(__brk_base, 0,
+	       (unsigned long) __brk_limit - (unsigned long) __brk_base);
 }
 
 static unsigned long get_cmd_line_ptr(void)

Original file line number	Diff line number	Diff line change
`@@ -430,6 +430,8 @@ void __init clear_bss(void)`
`430`	`430`	`{`
`431`	`431`	`memset(__bss_start, 0,`
`432`	`432`	`(unsigned long) __bss_stop - (unsigned long) __bss_start);`
	`433`	`+ memset(__brk_base, 0,`
	`434`	`+ (unsigned long) __brk_limit - (unsigned long) __brk_base);`
`433`	`435`	`}`
`434`	`436`
`435`	`437`	`static unsigned long get_cmd_line_ptr(void)`