Linux Plumbers Conference 2024

Name: Linux Plumbers Conference 2024
Start: 2024-09-18T05:00:00+02:00
End: 2024-09-20T23:30:00+02:00
Location: No location set

18–20 Sept 2024

Europe/Vienna timezone

2024

contact@linuxplumbersconf.org

Security Features status update

18 Sept 2024, 12:00

40m

"Room 1.85 - 1.86" (Austria Center)

"Room 1.85 - 1.86"

Austria Center

165

Toolchains Track Toolchains Track

Kees Cook (Google) Qing Zhao Bill Wendling (Google)

Another year of work is behind us, with lots of progress across GCC, Clang, and Rust to provide the Linux kernel with a variety of security features. Let's review and discuss where we are with parity between toolchains, approaches to solving open problems, and exploring new features.

Parity reached since last year:

counted_by attribute for bounded Flexible Array Members (GCC, Clang)
language extension to support Flexible Array Member in Unions (GCC, Clang)

In progress:

-fbounds-safety language extension (Clang)
arithmetic overflow protection via -fsanitize=(un)signed-integer-overflow, -fsanitize=implicit-(un)signed-integer-truncation, and idiom exclusions (Clang)
improving -Warray-bounds warnings (GCC)

Stalled, needs driving:

forward edge Control Flow Integrity (GCC: KCFI)
arbitrary stack protector guard location (Clang: RISC-V, PowerPC)
Link Time Optimization (Kernel support for GCC)
backward edge Control Flow Integrity (x86 CET Shadow Stack in kernel mode)

Kees Cook (Google)

Qing Zhao Bill Wendling (Google) Justin Stitt (Google)

Security Features status update.pdf

Video

Linux Plumbers Conference 2024

2024

Security Features status update

"Room 1.85 - 1.86"

Austria Center

Speakers

Description

Primary author

Co-authors

Presentation materials