Explore strategies for enhancing C language safety in Linux kernel development during this 45-minute conference talk from linux.conf.au. Delve into techniques for mitigating undefined behaviors, removing Variable Length Arrays, enforcing stack variable initialization, implementing implicit bounds checking, handling arithmetic overflows, and protecting function calls with Control Flow Integrity. Learn how the Linux kernel is adapting C standards and reorganizing code to reduce security vulnerabilities and strengthen infrastructure. Gain insights into the Kernel Self Protection Project and understand the challenges faced in kernel security development.
Overview
Syllabus
Intro
Making C Less Dangerous in the Linux kernel
Kernel Self Protection Project
C as a fancy assembler: almost machine code
C as a fancy assembler: undefined behavior
Variable Length Arrays and alloca () are bad
Variable Length Arrays are slow
Variable Length Arrays: stop it
Switch case fall-through: new "statement"
Always-initialized local variables: just do it
Always-initialized local variables: switch gotcha
Arithmetic overflow detection: gcc?
Arithmetic overflow detection: Clang :
Bounds checking: explicit checking is slow
Instead of sprintf(): scnprintf()
Instead of memcpy: uhhh ... be ... careful?
Bounds checking: memory tagging :
Control Flow Integrity: indirect calls
CFI, forward edges: just call pointers
CFI, forward edges: enforce prototype :
CFI, backward edges: two stacks
CFI, backward edges: shadow call stack
CFI, backward edges: hardware support
Where is the Linux kernel now?
Challenges in Kernel Security Development
Taught by
linux.conf.au
