This is the mail archive of the
mailing list for the GCC project.
Re: Compiler support for erasure of sensitive data
- From: Segher Boessenkool <segher at kernel dot crashing dot org>
- To: Richard Biener <richard dot guenther at gmail dot com>
- Cc: Marcos Diaz <marcos dot diaz at tallertechnologies dot com>, zackw at panix dot com, andres dot tiraboschi at tallertechnologies dot com, GCC Development <gcc at gcc dot gnu dot org>, daniel dot gutson at tallertechnologies dot com
- Date: Fri, 4 Mar 2016 06:23:41 -0600
- Subject: Re: Compiler support for erasure of sensitive data
- Authentication-results: sourceware.org; auth=none
- References: <55F0653C dot 9010903 at panix dot com> <1456780462-7500-1-git-send-email-marcos dot diaz at tallertechnologies dot com> <CAFiYyc3OTei5Hxt5kL85CsmZ8iVZDcXK1_+KE2LwMDWxg=_bdQ at mail dot gmail dot com>
On Tue, Mar 01, 2016 at 10:27:00AM +0100, Richard Biener wrote:
> > We were thinking on making a function attribute that ensures that non necessary registers, or stack frames used by the function will be correctly cleared before returning.
> > We think in implementing for x86_64 as a first work.
> > For this we are trying to modify the epilogue generation. Here we should have the information of which registers this function used, and the size of the stack frame to clean. The downside of this is that will be architecture dependent.
> > Do you think this is a good idea? Do you suggest something else?
> I think you can't avoid doing architecture specific changes here.
> Note that on x86_64 you probably want to force
> to avoid the use of push/pop and have the stack frame freeing fully in
> the epilogue.
You'll also need to disable shrink-wrapping for that function.