When annocheck is run against tpm-tools and trousers the hardened check fails
due to __memset not being optimized. Would using a memory barrier like the
following instead of __no_optimize be acceptable?
diff -ur tpm-tools-1.3.9/include/tpm_utils.h
tpm-tools-1.3.9-new/include/tpm_utils.h
--- tpm-tools-1.3.9/include/tpm_utils.h 2014-07-23 13:37:12.000000000 -0700
+++ tpm-tools-1.3.9-new/include/tpm_utils.h 2019-06-05 11:13:55.474783996
-0700
@@ -71,7 +71,7 @@
#define __no_optimize
#endif
-void * __no_optimize __memset(void *s, int c, size_t n);
+void * __memset(void *s, int c, size_t n);
typedef int (*CmdOptParser)( const int aOpt, const char *aOptArg );
typedef void (*CmdHelpFunction)( const char *aCmd );
diff -ur tpm-tools-1.3.9/lib/tpm_utils.c tpm-tools-1.3.9-new/lib/tpm_utils.c
--- tpm-tools-1.3.9/lib/tpm_utils.c 2014-07-23 13:37:12.000000000 -0700
+++ tpm-tools-1.3.9-new/lib/tpm_utils.c 2019-06-05 11:13:41.570968364 -0700
@@ -134,10 +134,12 @@
return 0;
}
-void * __no_optimize
+void *
__memset(void *s, int c, size_t n)
{
- return memset(s, c, n);
+ memset(s, c, n);
+ asm volatile("" ::: "memory");
+ return s;
}
/*
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
