When looking at drivers/char/random.c, I noticed in the compile output the
code for memset() had been optimized out. This is normal action of GCC for
variables which are about to go out of scope. This causes a small security
risk as sensitive data is not cleared after use.
Found by looking at the output of objdump -S random.o, functions
extract_buf, extract_entropy, extract_entropy_user
Kernel 3.16 (gentoo), GCC 4.8.3, on a Intel i7 (X86_64) processor.
same issue all over crypto/ as well
Probably we need a memset_me_harder() that ensures gcc knows to behave (casting to volatile perhaps ?)
Created attachment 148081 [details]
force memset calls