From 77b9617cd7a00bb7ea542a73259bba22967c7038 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 12 Dec 2022 05:20:36 -0500
Subject: [PATCH] util: implement secure erase with explicit_bzero
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is available on at least FreeBSD and GLibc >= 2.25.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 meson.build               | 1 +
 src/util/virsecureerase.c | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/meson.build b/meson.build
index 1a13148c51..0f8ef079b1 100644
--- a/meson.build
+++ b/meson.build
@@ -537,6 +537,7 @@ libvirt_export_dynamic = cc.first_supported_link_argument([
 
 functions = [
   'elf_aux_info',
+  'explicit_bzero',
   'fallocate',
   'getauxval',
   'getegid',
diff --git a/src/util/virsecureerase.c b/src/util/virsecureerase.c
index ead12803da..00542da99d 100644
--- a/src/util/virsecureerase.c
+++ b/src/util/virsecureerase.c
@@ -19,6 +19,8 @@
 
 #include <config.h>
 
+#include <string.h>
+
 #include "virsecureerase.h"
 
 /**
@@ -40,7 +42,11 @@ virSecureErase(void *ptr,
     if (!ptr || size == 0)
         return;
 
+#ifdef WITH_EXPLICIT_BZERO
+    explicit_bzero(ptr, size);
+#else
     memset(ptr, 0, size);
+#endif
 }
 
 /**