KCFI Comes to GCC: Code-Reuse Defenses for the Linux Kernel
CEME 1212 | Thu 06 Aug 3 p.m.–3:45 p.m.
Presented by
-
Kees Cook
@https://hachyderm.io/@kees
https://outflux.net/
Kees Cook has been working with Free Software since 1994, has been a Debian Developer since 2007, and has been a member of the Linux Kernel Technical Advisory Board since 2019. He is currently employed as a Linux kernel security engineer by Google, focusing on upstream kernel security defenses.
From 2006 through 2011 he worked for Canonical as the Ubuntu Security Team's Tech Lead. Before that, he worked as the lead sysadmin at OSDL, before it was the Linux Foundation. He has written various utilities including GOPchop and Sendpage, and contributes randomly to other projects including fun chunks of code in OpenSSH, Inkscape, Wine, MPlayer, and Wireshark.
Kees Cook
@https://hachyderm.io/@kees
https://outflux.net/
Kees Cook has been working with Free Software since 1994, has been a Debian Developer since 2007, and has been a member of the Linux Kernel Technical Advisory Board since 2019. He is currently employed as a Linux kernel security engineer by Google, focusing on upstream kernel security defenses.
From 2006 through 2011 he worked for Canonical as the Ubuntu Security Team's Tech Lead. Before that, he worked as the lead sysadmin at OSDL, before it was the Linux Foundation. He has written various utilities including GOPchop and Sendpage, and contributes randomly to other projects including fun chunks of code in OpenSSH, Inkscape, Wine, MPlayer, and Wireshark.
Abstract
Kernel Control Flow Integrity (KCFI) hardens the Linux kernel against function pointer hijacking by validating each indirect call against its expected function-type signature. This protection has, until recently, only existed in Clang. This talk is the story of bringing it to GCC: giving myself a crash course in GCC's internals, experimenting with implementation choices across front, middle, and backend code, adding coverage and regression tests as I hit bugs, and working through reviewer feedback across a dozen revisions. Attendees will leave with a picture of what it takes to work on a security feature in GCC, how KCFI actually works, and where the implementation stands today.
Kernel Control Flow Integrity (KCFI) hardens the Linux kernel against function pointer hijacking by validating each indirect call against its expected function-type signature. This protection has, until recently, only existed in Clang. This talk is the story of bringing it to GCC: giving myself a crash course in GCC's internals, experimenting with implementation choices across front, middle, and backend code, adding coverage and regression tests as I hit bugs, and working through reviewer feedback across a dozen revisions. Attendees will leave with a picture of what it takes to work on a security feature in GCC, how KCFI actually works, and where the implementation stands today.