On Tue, 7 Oct 2014, Sandy Harris wrote:
There is discussion in Linux mailing lists threads about code along
these lines:
some_function()
{
char temp[N] ;
...
do something that puts sensitive data in temp[]
....
memset( temp, 0, N ) ;
}
The claim is that gcc may optimise away the memset() call since that
memory will not be referenced again.
True, the difference cannot be observed in a standard program, so it makes
sense that you have to say something special to convince the compiler not
to optimize it.
There are various solutions to this. Linux now has memzero_explicit(),
I expected the kernel to be compiled with -fno-builtin-memset (or some
other option that implies this one), which would disable this
optimization.
" A real fix would make memset() do the right thing reliably; if the
" programmer puts in memset( x, 0, nbytes) then the memory should
" be cleared, no ifs or buts.
If the programmer writes 1+1, the compiler should emit an add instruction,
no ifs or buts?
--
Marc Glisse
