Explore the efforts to enhance C language safety in Linux kernel development through this informative conference talk by Kees Cook from Google. Delve into various strategies for mitigating security vulnerabilities and undefined behaviors inherent in C programming. Learn about removing Variable Length Arrays, enforcing stack variable initialization, implementing implicit bounds checking, handling arithmetic overflows, and protecting function calls with Control Flow Integrity. Gain insights into the Linux kernel's approach to modifying C standards and redefining undefined behaviors to create a more secure codebase. Discover the challenges faced in kernel security development and the ongoing work to make C less hazardous for critical infrastructure.
Overview
Syllabus
Intro
Kernel Self Protection Project
C as a fancy assembler almost machine code
C as a fancy assembler: undefined behavior
Variable Length Arrays are bad
Variable Length Arrays are slow
Switch case fall-through did I mean it?
Switch case fall-through: new statement
Switch case fall-through new statement
Always-initialized local variables: just do it
Always-initialized local variables switch gotcha
Arithmetic overflow detection Clang :
Bounds checking: explicit checking is slow
Bounds checking memory tagging :
Control Flow Integrity: indirect calls
CFI, forward edges: enforce prototype :
CFI, backward edges: two stacks
CFI, backward edges: shadow call stack . Clang's Shadow Cal Stack
CFI, backward edges: hardware support
Where is the Linux kernel now?
Challenges in Kernel Security Development
Taught by
Linux Foundation
