On Fri, Mar 31, 2017 at 11:29:20AM -0700, John Baldwin wrote: > On Friday, March 31, 2017 09:04:51 AM Peter Grehan wrote: > > > So... can anyone provide a clue what's "explicit" (or different in any > > > way) between explicit_bzero() and normal bzero()? > > > > > > https://www.freebsd.org/cgi/man.cgi?query=explicit_bzero&sektion=3&manpath=FreeBSD+12-current > > It should be called 'bzero_now_I_mean_it()' > > (but then we would need some other function called anybody_want_a_peanut())
It's sole purpose is to prevent the compiler from observing a pattern like: char a_secret_key[len]; ... bzero(a_secret_key, len); return; or char *a_secret_key = malloc(len); ... bzero(a_secret_key, len); free(a_secret_key); And optimizing away bzero() because it knows what bzero() does and that nothing will ever access it as far as the C language is concerned.. The moment you enable LTO all bets are off because it can pattern match the code for explicit_bzero(), realize that it is that same as bzero() and combine them. Declaring a_secret_key volatile likely makes things work, but the C language is deficient in not providing a way to express something like explicit_bzero() sanely and reliable. -- Brooks
signature.asc
Description: PGP signature