Hi, I noted that in libsa, explicit_bzero just calls bzero.
Giving that now we support softraid fulldisk encryption, a compiler optimisation could make the current version of explicit_bzero in libsa going nop, leaving encryption keys (or other sensible material) in memory. The following patch copy libkern code for explicit_bzero into libsa. Comments ? OK ? -- Sebastien Marie Index: explicit_bzero.c =================================================================== RCS file: /cvs/src/sys/lib/libsa/explicit_bzero.c,v retrieving revision 1.1 diff -u -p -r1.1 explicit_bzero.c --- explicit_bzero.c 9 Oct 2012 12:03:51 -0000 1.1 +++ explicit_bzero.c 18 Sep 2015 10:01:06 -0000 @@ -6,11 +6,19 @@ #include <lib/libsa/stand.h> +__attribute__((weak)) void __explicit_bzero_hook(void *, size_t); + +__attribute__((weak)) void +__explicit_bzero_hook(void *buf, size_t len) +{ +} + /* * explicit_bzero - don't let the compiler optimize away bzero */ void explicit_bzero(void *p, size_t n) { - bzero(p, n); + memset(p, 0, n); + __explicit_bzero_hook(p, n); }