20-24 September 2021
US/Pacific timezone

Compiler Features for Kernel Security

24 Sep 2021, 10:05
30m
Microconference1/Virtual-Room (LPC Virtual)

Microconference1/Virtual-Room

LPC Virtual

150
Toolchains and Kernel MC Toolchains and Kernel MC

Speakers

Kees Cook (Google) Qing Zhao

Description

GCC and Clang both have a variety of security features available, but they are not always at parity with each other. This discussion will review the security features important to the Linux kernel with regard to what's working, what's missing, and what needs adjustment.

Specifically, these areas will be discussed along with anything else that seems relevant:

  • stack protector guard location (i.e. enabling per-task canaries)

    -mstack-protector-guard=sysreg
    -mstack-protector-guard-reg=sp_el0
    -mstack-protector-guard-offset=0
    
  • call-used register zeroing (now in GCC 11)

    -fzero-call-used-regs
    
  • stack variable auto-initialization (already in Clang, soon to be in GCC 12)

    -ftrivial-auto-var-init={zero,pattern}
    
  • array bounds checking

    -Warray-bounds
    -Wzero-length-bounds
    -Wzero-length-array
    -fsanitize=bounds
    -fsanitize=bounds-strict
    
  • integer overflow protection

    -fsanitize=signed-integer-overflow
    -fsanitize=unsigned-integer-overflow
    
  • Link Time Optimization

    -flto
    -flto=thin
    
  • backward edge Control Flow Integrity

    -mbranch-protection=pac-ret[+leaf]
    -fsanitize=shadow-call-stack
    CET
    
  • forward edge Control Flow Integrity

    -fcf-protection=branch
    -mbranch-protection=bti
    -fsanitize=cfi
    
  • Spectre v1 mitigation

    -mspeculative-load-hardening
    
  • structure layout randomization

    __attribute__((randomize_layout))
    
  • constant expression for "is an lvalue?"

  • constant expression for lvalue type extraction
I agree to abide by the anti-harassment policy I agree

Primary authors

Kees Cook (Google) Qing Zhao

Presentation Materials

There are no materials yet.