boot: only use __builtin_object_size with -O>0

__builtin_object_size() returns -1 with -O0, so disable this and warn
about it instead.

diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h
index eed28c0342ca1961e33b2ad69952c1aa92818000..4c5b6cab13b2c6f3c7db5bb7be770bd38ffa78f9 100644 (file)
--- a/src/boot/efi/util.h
+++ b/src/boot/efi/util.h
@@ -10,7 +10,6 @@
 #define UINTN_MAX (~(UINTN)0)
 #define INTN_MAX ((INTN)(UINTN_MAX>>1))
 
-#ifdef __OPTIMIZE__
 #ifndef __has_attribute
 #define __has_attribute(x) 0
 #endif
@@ -21,9 +20,6 @@ __attribute__((noreturn)) extern void __assert_cl_failure__(void);
 #endif
 /* assert_cl generates a later-stage compile-time assertion when constant folding occurs. */
 #define assert_cl(condition) ({ if (!(condition)) __assert_cl_failure__(); })
-#else
-#define assert_cl(condition) assert(condition)
-#endif
 
 /* gnu-efi format specifiers for integers are fixed to either 64bit with 'l' and 32bit without a size prefix.
  * We rely on %u/%d/%x to format regular ints, so ensure the size is what we expect. At the same time, we also
@@ -59,11 +55,15 @@ static inline void freep(void *p) {
 #define _cleanup_free_ _cleanup_(freep)
 
 static __always_inline void erase_obj(void *p) {
+#ifdef __OPTIMIZE__
         size_t l;
         assert_cl(p);
         l = __builtin_object_size(p, 0);
         assert_cl(l != (size_t) -1);
         explicit_bzero_safe(p, l);
+#else
+#warning "Object will not be erased with -O0; do not release to production."
+#endif
 }
 
 #define _cleanup_erase_ _cleanup_(erase_obj)