There has been tons of work across both GCC and Clang to provide the Linux kernel with a variety of security features. Let's review and discuss where we are with parity between toolchains, approaches to solving open problems, and exploring new features.
Parity reached since last year:
We are working on extending the GNU assembler to Synthesize CFI (SCFI) for hand-written assembly. Using a new command line option "--scfi[=all,none]" to the GNU assembler, the users can invoke GAS' SCFI machinery to synthesize CFI for hand-written assembly. Some restrictions on the hand-written assembly do need to apply. The work is in progress and the first target is x86_64, with an option...
Analyzing an ELF binary such as a shared library or a Linux kernel image to deduce properties about its exported API and ABI has been done in multiple ways in the past. Most approaches have in common the general mechanism of first extracting information from the binary, then storing it in an intermediate format and lastly comparing it against the result of another extraction. Applications for...
In this talk, we'll cover areas of research for how we might be able to improve compile times and overall build times for the Linux kernel in a toolchain agnostic manner.
We'll look at:
- Ingo's "Fast Kernel Headers" series
- automating header refactoring
- include-what-you-use and the linux kernel
- precompiled headers
- recent improvements to modpost
- link-time de-duplication of BTF
During the GNU Tools Cauldron conference we had an activity called "The challenges of compiling for verified targets", with this abstract:
The Linux kernel BPF is not a sandbox technology: BPF programs do not
rely on a sandboxed environment for security, and in fact they are
executed in the most privileged kernel mode. Instead, BPF programs are
known to be safe before they are...
Memory accesses can suffer from problems like poor spacial and temporal locality, as well as false sharing of cache lines. Existing presentations of profile data, such data from the perspective of code, can make it difficult to reason as to what the problems are and to work out what the fixes should be. A typical fix may be to reorder variables within a data structure.
In this work Namhyung...
How far can we take the kernel development experience in a reference IDE setup ? This talk will present a setup I've built http://github.com/FlorentRevest/linux-kernel-vscode
It integrates features such as:
- A series manager https://github.com/FlorentRevest/vscode-git-send-email
- A mailing list explorer https://github.com/FlorentRevest/vscode-patchwork
- Notebooks for syzkaller bugs...
Memory allocation profiling discussion at LSF/MM/BPF conference this year (https://lwn.net/Articles/932402/) revealed a need for compiler support to instrument call sites of specific functions (in this case memory allocations) in a way that stores additional data for each call site. The details of this idea are described in Steven Rostedt's presentation:...