* missing/explicit_bzero.c: add ruby_explicit_bzero_hook_unused

for preventing optimization. Inspired from OpenBSD. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52839 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2015-12-01 21:52:02 +00:00 · 2015-12-01 21:52:02 +00:00 · 48de9684b9
commit 48de9684b9
parent 8ea5564183
3 changed files with 60 additions and 27 deletions
--- a/missing/explicit_bzero.c
+++ b/missing/explicit_bzero.c
@ -5,11 +5,14 @@
 #include <windows.h>
 #endif

-/*
- *BSD have explicit_bzero().
- Windows, OS-X have memset_s().
- Linux has none. *Sigh*
-*/
+/* Similar to bzero(), but have a guarantee not to be eliminated from compiler
+   optimization. */
+
+/* OS support note:
+ * BSD have explicit_bzero().
+ * Windows, OS-X have memset_s().
+ * Linux has none. *Sigh*
+ */

 /*
 * Following URL explain why memset_s is added to the standard.
@ -21,35 +24,56 @@
 #endif

 #ifndef HAVE_EXPLICIT_BZERO
-/* Similar to bzero(), but have a guarantee not to be eliminated from compiler
-   optimization. */
+ #ifdef HAVE_MEMSET_S
+void
+explicit_bzero(void *b, size_t len)
+{
+    memset_s(b, len, 0, len);
+}
+ #elif defined SecureZeroMemory
+void
+explicit_bzero(void *b, size_t len)
+{
+    SecureZeroMemory(b, len);
+}
+
+ #elif defined HAVE_FUNC_WEAK
+
+/* A weak function never be optimization away. Even if nobody use it. */
+WEAK(void ruby_explicit_bzero_hook_unused(void *buf, size_t len));
+void
+ruby_explicit_bzero_hook_unused(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *b, size_t len)
+{
+    memset(b, len);
+    ruby_explicit_bzero_hook_unused(b, len);
+}
+
+ #else /* Your OS have no capability. Sigh. */

-#ifndef HAVE_MEMSET_S
 FUNC_UNOPTIMIZED(void explicit_bzero(void *b, size_t len));
-#endif
 #undef explicit_bzero

 void
 explicit_bzero(void *b, size_t len)
 {
-#ifdef HAVE_MEMSET_S
-    memset_s(b, len, 0, len);
-#elif defined SecureZeroMemory
-    SecureZeroMemory(b, len);
-#else
-    {
-	/*
-	 * TODO: volatile is not enough if compiler have a LTO (link time
-	 * optimization)
-	 */
-	volatile char* p = (volatile char*)b;
+    /*
+     * volatile is not enough if compiler have a LTO (link time
+     * optimization). At least, the standard provide no guarantee.
+     * However, gcc and major other compiler never optimization a volatile
+     * variable away. So, using volatile is practically ok.
+     */
+    volatile char* p = (volatile char*)b;

-	while(len) {
-	    *p = 0;
-	    p++;
-	    len--;
-	}
+    while(len) {
+	*p = 0;
+	p++;
+	len--;
    }
-#endif
 }
-#endif
+ #endif
+#endif /* HAVE_EXPLICIT_BZERO */