Improve memory_cleanse documentation
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
6a4ff45e8a
commit
8ea2f467cd
|
@ -19,13 +19,16 @@ void memory_cleanse(void *ptr, size_t len)
|
|||
#else
|
||||
std::memset(ptr, 0, len);
|
||||
|
||||
/* Memory barrier that scares the compiler away from optimizing out the memset.
|
||||
/* In order to prevent the compiler from optimizing out the memset, this uses an
|
||||
* unremovable (see https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html#Volatile )
|
||||
* asm block that the compiler must assume could access arbitary memory, including
|
||||
* the zero bytes written by std::memset.
|
||||
*
|
||||
* Quoting Adam Langley <agl@google.com> in commit ad1907fe73334d6c696c8539646c21b11178f20f
|
||||
* in BoringSSL (ISC License):
|
||||
* As best as we can tell, this is sufficient to break any optimisations that
|
||||
* might try to eliminate "superfluous" memsets.
|
||||
* This method is used in memzero_explicit() the Linux kernel, too. Its advantage is that it
|
||||
* This method is used by memzero_explicit() in the Linux kernel, too. Its advantage is that it
|
||||
* is pretty efficient because the compiler can still implement the memset() efficiently,
|
||||
* just not remove it entirely. See "Dead Store Elimination (Still) Considered Harmful" by
|
||||
* Yang et al. (USENIX Security 2017) for more background.
|
||||
|
|
Loading…
Reference in New Issue