Brian Gerst wrote: > Would barrier() (which is a simple memory clobber) after the memset work? I don't know. It's implemented as an asm with a "memory" clobber, but I wouldn't bet on that forcing previous writes to a dying object to actally be performed (it would have to have a data-dependency on the dying object, but I don't think there is one). void secure_bzero(void *p, size_t n) { memset(p, 0, n); asm("" : : "m"(*(char*)p)); } seems to work, but as the object in general will be larger than a single byte, I'd like to see some confirmation from the gcc folks first that this will in fact work. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html