Re: explicit_bzero and -std=c99

Sun, 27 Nov 2022 10:06:24 -0800 

On 2022-11-27 03:27, Simon Josefsson via Gnulib discussion list wrote:


1) Does gnulib support building with gcc -std=c99?  I think we should,
but it could have documented missing functionality or breakage.
It should, yes. That's a reasonable portability test, so long as Gnulib continues to support C99. 


2) It seems explicit_bzero.c in gnulib fall backs to using 'asm' for
GCC, which isn't working in non-GNU modes of gcc.  Further wondering:


I hope I fixed this particular problem by installing the attached.

Perhaps Gnulib's other uses of asm should also be changed?


    1) The reason for having explicit_bzero is read_file, which needs it
    for reading sensitive files, a feature we don't use.  Uncoupling this
    unnecessary dependency would have been nice.


In the long run it should be OK; see below.


    2) Is there no other way to implement explicit_bzero without 'asm'?
    There is a another fallback code using volatile pointers, but I'm not
    sure it really has the same semantics.


That fallback should work, though it's a bit slower.


    3) Is there a way to detect if the compiler supports 'asm'?  The
    current test 'defined __GNUC__ && !defined __clang__' is what is
    really failing here.


We could add a configure-time test. Not sure it's worth the hassle.


3) Is the idiom of using separate functions bzero() vs explicit_bzero()
    to avoid security-problematic compiler optimization still a good one?
Yes, though we should switch to memset_explicit as that's the name C23 has standardized on. I.e., create a memset_explicit module, have other modules use that instead of explicit_bzero. No rush, but that's the way to proceed. 
From 04191d1b325186fcd788a4a0a89274f8b9a9943b Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Sun, 27 Nov 2022 09:59:32 -0800
Subject: [PATCH] explicit_bzero: work with gcc -std=c99

* lib/explicit_bzero.c (explicit_bzero) [__GNUC__ && !__clang__]:
Use __asm__ instead of asm.
---
 ChangeLog            | 6 ++++++
 lib/explicit_bzero.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 36825874d2..eedab2ae83 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2022-11-27  Paul Eggert  <egg...@cs.ucla.edu>
+
+	explicit_bzero: work with gcc -std=c99
+	* lib/explicit_bzero.c (explicit_bzero) [__GNUC__ && !__clang__]:
+	Use __asm__ instead of asm.
+
 2022-11-26  Paul Eggert  <egg...@cs.ucla.edu>
 
 	Prefer "kill -INT" to killing with a number
diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c
index ad0bfd170c..584f982924 100644
--- a/lib/explicit_bzero.c
+++ b/lib/explicit_bzero.c
@@ -57,7 +57,7 @@ explicit_bzero (void *s, size_t len)
 #elif defined __GNUC__ && !defined __clang__
   memset (s, '\0', len);
   /* Compiler barrier.  */
-  asm volatile ("" ::: "memory");
+  __asm__ volatile ("" ::: "memory");
 #elif defined __clang__
   memset (s, '\0', len);
   /* Compiler barrier.  */
-- 
2.37.2

Reply via email to