From nobody Thu Nov 14 22:10:49 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XqDqt26bSz5dDCK;
	Thu, 14 Nov 2024 22:10:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XqDqs4l70z4JyZ;
	Thu, 14 Nov 2024 22:10:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1731622249;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/WhR+tkHeXoFsZ5m04LR4+IW/hTERXMQCgSo2JnraMY=;
	b=TW0DmwZHEl1g5KcZQFuomTIsfMFJqF07wteGXJ3SCJzcep/0c9xLAoWhxry/wuS6OiBDEP
	PHBbP668mEt0yLZInte2wtkhKv+RCKUXoOWbrbDqTsKyyMhC1U/Uc1EAQbz+7yABiUvYhw
	oWvZU5+7WOS8ZxLV0pEiC6YQ+Ehf7hpkWqZ2L/NRe2pY0JjUPKGw0kZV2jRPLg3NLVSwsH
	gjF95TwBBmlkPQMKkgBonaKqLL0/vbudoraCNiZLKktSP1NKdJipvWWD+qfr6UjdYr1Jwf
	/cYRYW9rq8HoQNIGbNRJ8+AAh8PIi3mm4UF7HSrGFbwFjt/rhC6rpx2aUTuaNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1731622249;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/WhR+tkHeXoFsZ5m04LR4+IW/hTERXMQCgSo2JnraMY=;
	b=Fc5qJ5fuzZyoxI6d5BLroIhu+88EV69IwuIB/x+YQDWEDZQBDyOcdasmk5QQZa5fjUIvyR
	zLRw5AkDFEzaYb9nig6DMQXPjnvchL45UXoFFpJU+cdmyJVj90bsddOB+bC2hYlpnms1gZ
	sPa7sSxxIPFMHUJWuTTJKHQEn2INqfdZW/zRDY8DQrhf4SKiCGmffwsKxQhIfiZ5F7R1ze
	q+DKjNIGRSPihn5QiRp07fUf/vN3gAI2Eq/2nSyAtfg3SaoF9fEQVRkxb5ifbWf48eGEYg
	GSMZmZhadsiqQAUoj3avNEnxuT2Sdkae7fzQ5saFxfVRhPMbTTbiVUc2YGqnBQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731622249; a=rsa-sha256; cv=none;
	b=vVxp/cW+QJa62O6Gx4VJLcG7ARjvjlq4nUe7DpPJq6RP8iKtOiWwdh2VGhqQd7hq5fD7pN
	3NH1rjDLe9T1RzuFUCnDOvHreUg5u/MevdZvP6lKESdTxAgVwrh0+7J9oor3wiqIEjYm4+
	xfI75c5xglKNijO2vnfVKT4FeTBhBGnOYkxsppDmuQDYtUJqZ8fh4PrusoA/q5Z/zEr1hT
	ogEBzj8n2uXtsR4G+q10kxrz6qyN2omo1ihIGIN0ra6AJjQDB0B2c8bU9KJvynZ3GCNtOd
	mBJIAxyCDFS3ePJabaBzm5LzkuQoWLvcPptn8AwaufX6tK+WwW4BP5SaqeJy8g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XqDqs4Lr9zwjf;
	Thu, 14 Nov 2024 22:10:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AEMAnvr019315;
	Thu, 14 Nov 2024 22:10:49 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AEMAnNu019312;
	Thu, 14 Nov 2024 22:10:49 GMT
	(envelope-from git)
Date: Thu, 14 Nov 2024 22:10:49 GMT
Message-Id: <202411142210.4AEMAnNu019312@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Robert Clausecker <fuz@FreeBSD.org>
Subject: git: 007871c35628 - main - lib/libc/string: add memset_explicit()
  for compliance with C23
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: fuz
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 007871c35628054bbfdb323e1991da872dd0d17d
Auto-Submitted: auto-generated

The branch main has been updated by fuz:

URL: https://cgit.FreeBSD.org/src/commit/?id=007871c35628054bbfdb323e1991da872dd0d17d

commit 007871c35628054bbfdb323e1991da872dd0d17d
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2024-10-25 15:16:27 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-11-14 22:10:00 +0000

    lib/libc/string: add memset_explicit() for compliance with C23
    
    Patterned after explicit_bzero, visible from C23 onwards.
    
    Reviewed by:    emaste, kevans
    Differential Revision:  https://reviews.freebsd.org/D47286
---
 include/string.h                  |  3 +++
 lib/libc/string/Makefile.inc      |  4 +++-
 lib/libc/string/Symbol.map        |  4 ++++
 lib/libc/string/memset.3          | 18 ++++++++++++++++--
 lib/libc/string/memset_explicit.c | 26 ++++++++++++++++++++++++++
 5 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/include/string.h b/include/string.h
index d9adcf4e0e41..73b675370c58 100644
--- a/include/string.h
+++ b/include/string.h
@@ -71,6 +71,9 @@ void	*(memmove)(void *, const void *, size_t);
 void	*(mempcpy)(void * __restrict, const void * __restrict, size_t);
 #endif
 void	*(memset)(void *, int, size_t);
+#if __BSD_VISIBLE || __ISO_C_VISIBLE >= 2023
+void	*memset_explicit(void *, int, size_t);
+#endif
 #if __POSIX_VISIBLE >= 200809
 char	*(stpcpy)(char * __restrict, const char * __restrict);
 char	*(stpncpy)(char * __restrict, const char * __restrict, size_t);
diff --git a/lib/libc/string/Makefile.inc b/lib/libc/string/Makefile.inc
index c5ded194c78a..5d4a9a6e3eed 100644
--- a/lib/libc/string/Makefile.inc
+++ b/lib/libc/string/Makefile.inc
@@ -11,6 +11,7 @@ MISRCS+=bcmp.c bcopy.c bzero.c explicit_bzero.c \
 	ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
 	memccpy.c memchr.c memrchr.c memcmp.c \
 	memcpy.c memmem.c memmove.c mempcpy.c memset.c memset_s.c \
+	memset_explicit.c \
 	stpcpy.c stpncpy.c strcasecmp.c \
 	strcat.c strcasestr.c strchr.c strchrnul.c strcmp.c strcoll.c strcpy.c\
 	strcspn.c strdup.c strerror.c strlcat.c strlcpy.c strlen.c strmode.c \
@@ -62,7 +63,8 @@ MLINKS+=ffs.3 ffsl.3 \
 MLINKS+=index.3 rindex.3
 MLINKS+=memchr.3 memrchr.3
 MLINKS+=memcpy.3 mempcpy.3
-MLINKS+=memset.3 memset_s.3
+MLINKS+=memset.3 memset_s.3 \
+	memset.3 memset_explicit.3
 MLINKS+=strcasecmp.3 strncasecmp.3 \
 	strcasecmp.3 strcasecmp_l.3 \
 	strcasecmp.3 strncasecmp_l.3
diff --git a/lib/libc/string/Symbol.map b/lib/libc/string/Symbol.map
index fd854d1f9479..6b2c41124adf 100644
--- a/lib/libc/string/Symbol.map
+++ b/lib/libc/string/Symbol.map
@@ -116,6 +116,10 @@ FBSD_1.7 {
 	wmempcpy;
 };
 
+FBSD_1.8 {
+	memset_explicit;
+};
+
 FBSDprivate_1.0 {
 	__strtok_r;
 };
diff --git a/lib/libc/string/memset.3 b/lib/libc/string/memset.3
index 3ae485f68a92..f2dba3ec5a48 100644
--- a/lib/libc/string/memset.3
+++ b/lib/libc/string/memset.3
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 19, 2018
+.Dd October 24, 2024
 .Dt MEMSET 3
 .Os
 .Sh NAME
@@ -41,6 +41,8 @@
 .In string.h
 .Ft void *
 .Fn memset "void *dest" "int c" "size_t len"
+.Ft void *
+.Fn memset_explicit "void *dest" "int c" "size_t len"
 .Fd #define __STDC_WANT_LIB_EXT1__ 1
 .Ft errno_t
 .Fn memset_s "void *dest" "rsize_t destsz" "int c" "rsize_t len"
@@ -68,6 +70,13 @@ The behaviour is also undefined if
 is an invalid pointer.
 .Pp
 The
+.Fn memset_explicit
+function behaves the same as
+.Fn memset, but will not be removed by a compiler's dead store
+optimization pass, making it useful for clearing sensitive memory
+such as a password.
+.Pp
+The
 .Fn memset_s
 function behaves the same as
 .Fn memset
@@ -108,7 +117,9 @@ before
 .Sh RETURN VALUES
 The
 .Fn memset
-function returns its first argument.
+and
+.Fn memset_explicit
+functions return their first argument.
 The
 .Fn memset_s
 function returns zero on success, non-zero on error.
@@ -128,3 +139,6 @@ conforms to
 conforms to
 .St -isoC-2011
 K.3.7.4.1.
+.Fn memset_explicit
+conforms to
+.St -isoC-2024 .
diff --git a/lib/libc/string/memset_explicit.c b/lib/libc/string/memset_explicit.c
new file mode 100644
index 000000000000..ee6be0363981
--- /dev/null
+++ b/lib/libc/string/memset_explicit.c
@@ -0,0 +1,26 @@
+/*-
+ * SPDF-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2024 Robert Clausecker <fuz@FreeBSD.org>
+ */
+
+#include <string.h>
+
+__attribute__((weak)) void __memset_explicit_hook(void *, int, size_t);
+
+__attribute__((weak)) void
+__memset_explicit_hook(void *buf, int ch, size_t len)
+{
+	(void)buf;
+	(void)ch;
+	(void)len;
+}
+
+void *
+memset_explicit(void *buf, int ch, size_t len)
+{
+	memset(buf, ch, len);
+	__memset_explicit_hook(buf, ch, len);
+
+	return (buf);
+}