
Zeroing Buffers is Insufficient (2014) - jmtulloss
http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
======
boulos
As Colin says towards the end, it seems like a combination of "all registers
are callee saved" would help (combined __noinline__) but I agree you'd still
have to find a way to make sure you could reliably zero out the xmm registers
following the AESni runs. I would hope that an extreme dose of volatile with
mm_load_ps and maybe some OR'ing into the result will defeat gcc and clangs
ability to optimize away the clearing, but that's precisely what Colin is
complaining about: you can't really express your demand in C and be certain it
sticks.

~~~
skrebbel
About the AESNI runs, a comment on the post suggested to run some AESNI
instructions on random numbers to clear (but not zero) the registers. With my
very limited knowledge of all this, I can't shoot any holes in it. Is it
insufficient? (for just the XMM register problem)

~~~
boulos
You'd still have to find a way to get the compiler not to eliminate the whole
thing. So if you attempt to trash the registers with stuff but don't "mix it
in" to the return value, the compiler is free to elude the whole thing.

Perhaps if you write it out to a dummy output parameter though, combined with
noinline that would sufficiently defeat this.

------
beached_whale
memset_s, at least in C++, is guaranteed to run for this reason

