This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v3] explicit_bzero yet again

From: Rich Felker <dalias at libc dot org>
To: Zack Weinberg <zackw at panix dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>, Joseph Myers <joseph at codesourcery dot com>
Date: Thu, 19 Nov 2015 10:55:33 -0500
Subject: Re: [PATCH v3] explicit_bzero yet again
Authentication-results: sourceware.org; auth=none
References: <564DE0BE dot 5070607 at panix dot com>

On Thu, Nov 19, 2015 at 09:46:22AM -0500, Zack Weinberg wrote:
> [PATCH 1/3] New library function, explicit_bzero
> 
> The new function explicit_bzero is functionally identical to bzero,
> but the compiler will not delete a call to it, even if the memory
> region it's applied to is dead after the call.  You should use this
> function, for instance, to erase cryptographic keys or similar when
> you are done with them.  Taken from OpenBSD.

Perhaps glibc explicitly does not support LTO, but with LTO this is
trivially removable by the compiler. IMO from the beginning there
should be asm constraints to make it impossible to remove the code
even if it's inlined. Then it will be safe/future-proof (to the extent
that is possible; of course all the other issues with the completeness
of clearing still apply).

Rich

References:
- [PATCH v3] explicit_bzero yet again
  - From: Zack Weinberg

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]