This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v3] explicit_bzero yet again
- From: Rich Felker <dalias at libc dot org>
- To: Zack Weinberg <zackw at panix dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, Joseph Myers <joseph at codesourcery dot com>
- Date: Thu, 19 Nov 2015 10:55:33 -0500
- Subject: Re: [PATCH v3] explicit_bzero yet again
- Authentication-results: sourceware.org; auth=none
- References: <564DE0BE dot 5070607 at panix dot com>
On Thu, Nov 19, 2015 at 09:46:22AM -0500, Zack Weinberg wrote:
> [PATCH 1/3] New library function, explicit_bzero
>
> The new function explicit_bzero is functionally identical to bzero,
> but the compiler will not delete a call to it, even if the memory
> region it's applied to is dead after the call. You should use this
> function, for instance, to erase cryptographic keys or similar when
> you are done with them. Taken from OpenBSD.
Perhaps glibc explicitly does not support LTO, but with LTO this is
trivially removable by the compiler. IMO from the beginning there
should be asm constraints to make it impossible to remove the code
even if it's inlined. Then it will be safe/future-proof (to the extent
that is possible; of course all the other issues with the completeness
of clearing still apply).
Rich