On Fri, Mar 31, 2017 at 11:29:20AM -0700, John Baldwin wrote: > On Friday, March 31, 2017 09:04:51 AM Peter Grehan wrote: > > > So... can anyone provide a clue what's "explicit" (or different in any > > > way) between explicit_bzero() and normal bzero()? > > > > > > https://www.freebsd.org/cgi/man.cgi?query=explicit_bzero&sektion=3&manpath=FreeBSD+12-current > > It should be called 'bzero_now_I_mean_it()' > > (but then we would need some other function called anybody_want_a_peanut())
It's sole purpose is to prevent the compiler from observing a pattern
like:
char a_secret_key[len];
...
bzero(a_secret_key, len);
return;
or
char *a_secret_key = malloc(len);
...
bzero(a_secret_key, len);
free(a_secret_key);
And optimizing away bzero() because it knows what bzero() does and that
nothing will ever access it as far as the C language is concerned..
The moment you enable LTO all bets are off because it can pattern match
the code for explicit_bzero(), realize that it is that same as bzero()
and combine them. Declaring a_secret_key volatile likely makes things
work, but the C language is deficient in not providing a way to express
something like explicit_bzero() sanely and reliable.
-- Brooks
signature.asc
Description: PGP signature
