Linux Plumbers Conference 2023

Name: Linux Plumbers Conference 2023
Start: 2023-11-13T09:00:00-05:00
End: 2023-11-15T23:30:00-05:00
Location: No location set

13–15 Nov 2023

America/New_York timezone

2023

contact@linuxplumbersconf.org

Security Features status update

13 Nov 2023, 09:30

50m

"Magnolia" (Omni Richmond Hotel)

"Magnolia"

Omni Richmond Hotel

187

Toolchains Track Toolchains

Kees Cook (Google) Qing Zhao Bill Wendling (Google)

There has been tons of work across both GCC and Clang to provide the Linux kernel with a variety of security features. Let's review and discuss where we are with parity between toolchains, approaches to solving open problems, and exploring new features.

Parity reached since last year:

-fstrict-flex-arrays=3
-fsanitize=bounds
__builtin_dynamic_object_size()
arm64 Shadow Call Stack (backward edge CFI)

In progress:

__counted_by(member) attribute for bounded Flexible Array Members

Needs work/discussion:

-fbounds-safety language extension proposal
handling nested structures ending in a Flexible Array Member (Clang)
language extension to support Flexible Array Member in Unions
arbitrary stack protector guard location (Clang: risc-v, powerpc)
Link Time Optimization (Kernel support for GCC)
forward edge CFI (GCC: KCFI)
backward edge CFI (Kernel support for CET)
arithmetic overflow protection (GCC & Clang)
-Warray-bounds false positives (GCC)

Kees Cook (Google) Qing Zhao Bill Wendling (Google)

features.pdf

Linux Plumbers Conference 2023

2023

Security Features status update

"Magnolia"

Omni Richmond Hotel

Speakers

Description

Primary authors

Presentation materials

Diamond Sponsors

Platinum Sponsor

Gold Sponsors

Silver Sponsors

Catchbox Sponsor

Livestream Sponsors

T-Shirt Sponsor

Conference Services Provided by