Andi Kleen writes: > roel kluin <roel.kluin@xxxxxxxxx> writes: > > >> And it's wrong because the reason the memset() is there seems to be > >> to clear out key information that might exist kernel stack so that > >> it's more difficult for rogue code to get at things. > > > > If the memset is optimized away then the clear out does not occur. Do you > > know a different way to fix this? I observed this with: > > You could always cast to volatile before memsetting? I tried that and it doesn't work. Furthermore passing a volatile void * to a function expecting a void * provokes a compiler warning. I currently think that defining and using void secure_bzero(void *p, size_t n) { memset(p, 0, n); /* We need for this memset() to be performed even if *p * is about to disappear (a local auto variable going out * of scope or some dynamic memory being kfreed()). * Thus we need to fake a "use" of *p here. * barrier() achieves that effect, and much more. * TODO: find a better alternative to barrier() here. */ barrier(); } would be a first good step. We can then ask the gcc folks for a weaker alternative to barrier() that's guaranteed to keep the object at [p, p+n[ live. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html