Searched hist:"7 c8b181a013779b0f30d40580e4b00be63d1e91e" (Results 1 – 3 of 3) sorted by relevance
| /optee_os/lib/libutils/ext/ |
| H A D | memzero_explicit.c | 7c8b181a013779b0f30d40580e4b00be63d1e91e Mon Feb 25 14:13:39 UTC 2019 Jerome Forissier <jerome.forissier@linaro.org> libutils: add memzero_explicit()
Adds a new function: memzero_explicit(s, count) which is equivalent to
memset(s, 0, count) except that it cannot be optimized away by the
compiler.
memset() being a built-in function, the compiler is free to perform
optimizations such as simply discarding a call when it considers that the
call cannot have any observable effect from the program's point of view.
A typical example is clearing local data before returning from a
function. memset() is likely to have no effect in this case while
memzero_explicit() will work as expected.
Calling memset() directly from memzero_explicit() would work as long as
link time optimization (LTO) is not applied. With LTO however, the
compiler could inline the call to memzero_explicit() and find out that
dead store optimization applies. In order to avoid that, we use a method
mentioned in [1] which consists in using a volatile function pointer.
This method is considered "effective in practice" with all the commonly
used compilers.
Link: [1] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-yang.pdf
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
| H A D | sub.mk | 7c8b181a013779b0f30d40580e4b00be63d1e91e Mon Feb 25 14:13:39 UTC 2019 Jerome Forissier <jerome.forissier@linaro.org> libutils: add memzero_explicit()
Adds a new function: memzero_explicit(s, count) which is equivalent to
memset(s, 0, count) except that it cannot be optimized away by the
compiler.
memset() being a built-in function, the compiler is free to perform
optimizations such as simply discarding a call when it considers that the
call cannot have any observable effect from the program's point of view.
A typical example is clearing local data before returning from a
function. memset() is likely to have no effect in this case while
memzero_explicit() will work as expected.
Calling memset() directly from memzero_explicit() would work as long as
link time optimization (LTO) is not applied. With LTO however, the
compiler could inline the call to memzero_explicit() and find out that
dead store optimization applies. In order to avoid that, we use a method
mentioned in [1] which consists in using a volatile function pointer.
This method is considered "effective in practice" with all the commonly
used compilers.
Link: [1] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-yang.pdf
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
| /optee_os/lib/libutils/ext/include/ |
| H A D | string_ext.h | 7c8b181a013779b0f30d40580e4b00be63d1e91e Mon Feb 25 14:13:39 UTC 2019 Jerome Forissier <jerome.forissier@linaro.org> libutils: add memzero_explicit()
Adds a new function: memzero_explicit(s, count) which is equivalent to
memset(s, 0, count) except that it cannot be optimized away by the
compiler.
memset() being a built-in function, the compiler is free to perform
optimizations such as simply discarding a call when it considers that the
call cannot have any observable effect from the program's point of view.
A typical example is clearing local data before returning from a
function. memset() is likely to have no effect in this case while
memzero_explicit() will work as expected.
Calling memset() directly from memzero_explicit() would work as long as
link time optimization (LTO) is not applied. With LTO however, the
compiler could inline the call to memzero_explicit() and find out that
dead store optimization applies. In order to avoid that, we use a method
mentioned in [1] which consists in using a volatile function pointer.
This method is considered "effective in practice" with all the commonly
used compilers.
Link: [1] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-yang.pdf
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|