svn commit: r316311 - in head: lib/libstand sys/boot/geli sys/boot/i386/gptboot sys/boot/i386/loader sys/boot/i386/zfsboot
Brooks Davis
brooks at freebsd.org
Fri Mar 31 19:12:06 UTC 2017
On Fri, Mar 31, 2017 at 11:29:20AM -0700, John Baldwin wrote:
> On Friday, March 31, 2017 09:04:51 AM Peter Grehan wrote:
> > > So... can anyone provide a clue what's "explicit" (or different in any
> > > way) between explicit_bzero() and normal bzero()?
> >
> >
> > https://www.freebsd.org/cgi/man.cgi?query=explicit_bzero&sektion=3&manpath=FreeBSD+12-current
>
> It should be called 'bzero_now_I_mean_it()'
>
> (but then we would need some other function called anybody_want_a_peanut())
It's sole purpose is to prevent the compiler from observing a pattern
like:
char a_secret_key[len];
...
bzero(a_secret_key, len);
return;
or
char *a_secret_key = malloc(len);
...
bzero(a_secret_key, len);
free(a_secret_key);
And optimizing away bzero() because it knows what bzero() does and that
nothing will ever access it as far as the C language is concerned..
The moment you enable LTO all bets are off because it can pattern match
the code for explicit_bzero(), realize that it is that same as bzero()
and combine them. Declaring a_secret_key volatile likely makes things
work, but the C language is deficient in not providing a way to express
something like explicit_bzero() sanely and reliable.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20170331/1f6cfa7b/attachment.sig>
More information about the svn-src-head
mailing list