* since they don't do anything illegal even when the variable is uninitialized
*/
predicate cleanupFunctionDenyList(string fun) {
- fun = "erase_char" or fun = "erase_obj"
+ fun = "erase_char"
}
/**
/* Now we know first 16 bytes match, memcmp() with self. */
return memcmp(data, p + 16, length) == 0;
}
-
-#if !HAVE_EXPLICIT_BZERO
-/*
- * The pointer to memset() is volatile so that compiler must de-reference the pointer and can't assume that
- * it points to any function in particular (such as memset(), which it then might further "optimize"). This
- * approach is inspired by openssl's crypto/mem_clr.c.
- */
-typedef void *(*memset_t)(void *,int,size_t);
-
-static volatile memset_t memset_func = memset;
-
-void* explicit_bzero_safe(void *p, size_t l) {
- if (l > 0)
- memset_func(p, '\0', l);
-
- return p;
-}
-#endif
#include "alloc-util.h"
#include "macro.h"
+#include "memory-util-fundamental.h"
size_t page_size(void) _pure_;
#define PAGE_ALIGN(l) ALIGN_TO((l), page_size())
return (uint8_t*) p + needlelen;
}
-#if HAVE_EXPLICIT_BZERO
-static inline void* explicit_bzero_safe(void *p, size_t l) {
- if (l > 0)
- explicit_bzero(p, l);
-
- return p;
-}
-#else
-void *explicit_bzero_safe(void *p, size_t l);
-#endif
-
static inline void* erase_and_free(void *p) {
size_t l;
return (uint8_t *) dest + n;
}
-static inline void explicit_bzero_safe(void *bytes, size_t len) {
- if (!bytes || len == 0)
- return;
- memset(bytes, 0, len);
- __asm__ __volatile__("": :"r"(bytes) :"memory");
-}
#else
/* For unit testing. */
int efi_memcmp(const void *p1, const void *p2, size_t n);
#include <efi.h>
#include <efilib.h>
+#include "memory-util-fundamental.h"
#include "missing_efi.h"
#include "random-seed.h"
#include "secure-boot.h"
}
EFI_STATUS process_random_seed(EFI_FILE *root_dir) {
- _cleanup_erase_ uint8_t random_bytes[DESIRED_SEED_SIZE], hash_key[HASH_VALUE_SIZE];
+ uint8_t random_bytes[DESIRED_SEED_SIZE], hash_key[HASH_VALUE_SIZE];
_cleanup_free_ struct linux_efi_random_seed *new_seed_table = NULL;
struct linux_efi_random_seed *previous_seed_table = NULL;
_cleanup_free_ void *seed = NULL, *system_token = NULL;
_cleanup_(file_closep) EFI_FILE *handle = NULL;
_cleanup_free_ EFI_FILE_INFO *info = NULL;
- _cleanup_erase_ struct sha256_ctx hash;
+ struct sha256_ctx hash;
uint64_t uefi_monotonic_counter = 0;
size_t size, rsize, wsize;
bool seeded_by_efi = false;
EFI_STATUS err;
EFI_TIME now;
+ CLEANUP_ERASE(random_bytes);
+ CLEANUP_ERASE(hash_key);
+ CLEANUP_ERASE(hash);
+
assert(root_dir);
assert_cc(DESIRED_SEED_SIZE == HASH_VALUE_SIZE);
#define UINTN_MAX (~(UINTN)0)
#define INTN_MAX ((INTN)(UINTN_MAX>>1))
-#ifndef __has_attribute
-#define __has_attribute(x) 0
-#endif
-#if __has_attribute(__error__)
-__attribute__((noreturn)) extern void __assert_cl_failure__(void) __attribute__((__error__("compile-time assertion failed")));
-#else
-__attribute__((noreturn)) extern void __assert_cl_failure__(void);
-#endif
-/* assert_cl generates a later-stage compile-time assertion when constant folding occurs. */
-#define assert_cl(condition) ({ if (!(condition)) __assert_cl_failure__(); })
-
/* gnu-efi format specifiers for integers are fixed to either 64bit with 'l' and 32bit without a size prefix.
* We rely on %u/%d/%x to format regular ints, so ensure the size is what we expect. At the same time, we also
* need specifiers for (U)INTN which are native (pointer) sized. */
#define _cleanup_free_ _cleanup_(freep)
-static __always_inline void erase_obj(void *p) {
-#ifdef __OPTIMIZE__
- size_t l;
- assert_cl(p);
- l = __builtin_object_size(p, 0);
- assert_cl(l != (size_t) -1);
- explicit_bzero_safe(p, l);
-#else
-#warning "Object will not be erased with -O0; do not release to production."
-#endif
-}
-
-#define _cleanup_erase_ _cleanup_(erase_obj)
-
_malloc_ _alloc_(1) _returns_nonnull_ _warn_unused_result_
static inline void *xmalloc(size_t size) {
void *p;
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <stddef.h>
+
+#ifdef SD_BOOT
+# include "efi-string.h"
+#else
+# include <string.h>
+#endif
+
+#include "macro-fundamental.h"
+
+#if defined(HAVE_EXPLICIT_BZERO)
+static inline void *explicit_bzero_safe(void *p, size_t l) {
+ if (p && l > 0)
+ explicit_bzero(p, l);
+
+ return p;
+}
+#else
+static inline void *explicit_bzero_safe(void *p, size_t l) {
+ if (p && l > 0) {
+ memset(p, 0, l);
+ __asm__ __volatile__("" : : "r"(p) : "memory");
+ }
+ return p;
+}
+#endif
+
+struct VarEraser {
+ void *p;
+ size_t size;
+};
+
+static inline void erase_var(struct VarEraser *e) {
+ explicit_bzero_safe(e->p, e->size);
+}
+
+/* Mark var to be erased when leaving scope. */
+#define CLEANUP_ERASE(var) \
+ _cleanup_(erase_var) _unused_ struct VarEraser CONCATENATE(_eraser_, UNIQ) = { .p = &var, .size = sizeof(var) }
'bootspec-fundamental.h',
'efivars-fundamental.h',
'macro-fundamental.h',
+ 'memory-util-fundamental.h',
'sha256.h',
'string-util-fundamental.h',
'tpm-pcr.h',
projects / thirdparty / systemd.git / commitdiff
