Overview
Explore strategies for mitigating use-after-free vulnerabilities in the Linux kernel through this 46-minute conference talk by Jann Horn from Google. Delve into topics such as unconditional reference counting, performance versus security trade-offs, pointer checking techniques, and Read-Copy-Update (RCU) mechanisms. Gain insights into limitations, benchmarks, and upstream considerations for implementing these mitigations. Learn about slab debugging, sparse annotations, CPU impact analysis, and the use of cleanup attributes. Engage with bonus slides and a Q&A session to deepen your understanding of kernel security enhancements and their practical implications.
Syllabus
Intro
Unconditional RevCounting
Motivation
Performance vs Security
pointer check
RCU
Bonus slides
Limitations
Benchmarks
Questions
upstream
conal summit
slab debugging
sparse annotations
CPU impact
Cleanup attributes
Thoughts on cleanup attributes
Annotations
Taught by
Linux Foundation