[PATCH v6 01/11] eal: introduce new secure memory fill

[Stephen Hemminger]

When memset() is used before a release function such as free,
the compiler if allowed to optimize the memset away under
the as-if rules. This is normally ok, but in certain cases such
as passwords or security keys it is problematic.

Introduce a DPDK wrapper which is equivalent to the
C23 memset_explicit function.
Name ot the new function chosen to be similar to
Linux kernel internal memzero_explicit().

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
 lib/eal/include/rte_string_fns.h | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lib/eal/include/rte_string_fns.h b/lib/eal/include/rte_string_fns.h
index 702bd81251..93aae66614 100644
--- a/lib/eal/include/rte_string_fns.h
+++ b/lib/eal/include/rte_string_fns.h
@@ -15,6 +15,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <rte_atomic.h>
 #include <rte_common.h>
 #include <rte_compat.h>
 
@@ -149,6 +150,29 @@ rte_str_skip_leading_spaces(const char *src)
 	return p;
 }
 
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice.
+ *
+ * Fill memory with with zero's (e.g. sensitive keys)
+ * Normally using memset() is fine. But in cases where clearing
+ * out local data before going out of scope or freeing,
+ * use rte_memzero_explicit() to preven the compiler from optimizing
+ * away the zeroing.
+ *
+ * @param dst
+ *   target buffer
+ * @param sz
+ *   number of bytes to fill
+ */
+__rte_experimental
+static inline void
+rte_memzero_explicit(void *dst, size_t sz)
+{
+	memset(dst, 0, sz);
+	rte_compiler_barrier();
+}
+
 #ifdef __cplusplus
 }
 #endif
-- 
2.47.2