Fill freed loader heap chunk with non-zero value (#12731)

* Add FEATURE_LOADER_HEAP_GUARD feature

* Invoke memset only for reclaimed regions

* Enable FEATURE_LOADER_HEAP_GUARD by default

* Insert trap inside UMEntryThunk::Terminate

* Make all exectuable heaps not to zero-initialize itself

Use fZeroInit (instead of fMakeRelazed)

* Add comment

* Revert unnecessary changes

* Add and use 'Poison' method to insert a trap

* Do NOT invoke FlushInstructionCache

* Update comment

* Add comment on ARM Poisoning instruction

* Use X86_INSTR_INT3 instead of 0xCC

2 files changed, 14 insertions, 0 deletions

diff --git a/src/vm/amd64/cgenamd64.cpp b/src/vm/amd64/cgenamd64.cpp
index 497abcd502..20dca22e36 100644
--- a/src/vm/amd64/cgenamd64.cpp
+++ b/src/vm/amd64/cgenamd64.cpp
@@ -670,6 +670,19 @@ void UMEntryThunkCode::Encode(BYTE* pTargetCode, void* pvSecretParam)
     _ASSERTE(DbgIsExecutable(&m_movR10[0], &m_jmpRAX[3]-&m_movR10[0]));
 }
 
+void UMEntryThunkCode::Poison()
+{
+    CONTRACTL
+    {
+        NOTHROW;
+        GC_NOTRIGGER;
+        MODE_ANY;
+    }
+    CONTRACTL_END;
+
+    m_movR10[0] = X86_INSTR_INT3;
+}
+
 UMEntryThunk* UMEntryThunk::Decode(LPVOID pCallback)
 {
     LIMITED_METHOD_CONTRACT;
diff --git a/src/vm/amd64/cgencpu.h b/src/vm/amd64/cgencpu.h
index 64a6501dc0..b74e3ca7d3 100644
--- a/src/vm/amd64/cgencpu.h
+++ b/src/vm/amd64/cgencpu.h
@@ -472,6 +472,7 @@ struct DECLSPEC_ALIGN(8) UMEntryThunkCode
     BYTE            m_padding2[5];
 
     void Encode(BYTE* pTargetCode, void* pvSecretParam);
+    void Poison();
 
     LPCBYTE GetEntryPoint() const
     {