Earlier this year, I traveled to Australia 🇦🇺 to present for the second consecutive year at the Everything Open conference in Adelaide. I was so happy to be back in Australia – it was a great experience to travel to the other side of the world once again to speak about upstream Linux kernel hardening and share the work we do in the Kernel Self-Protection Project. ⚔️🛡️🐧
Huge thanks to the organizers for inviting me to present! 🙂🙌🏽
Enhancing spatial safety in the Linux kernel: Fixing thousands of -Wfamnae warnings
The introduction of the new -Wflex-array-member-not-at-end compiler option, released in GCC-14, has revealed approximately 60,000 warnings in the Linux kernel. Among them, some legitimate bugs have been uncovered.
In this presentation, we will explore in detail the different strategies we are employing to resolve all these warnings. These methods have already helped us resolve about 30% of them. Our ultimate goal in the Kernel Self-Protection Project is to globally enable this option in mainline, further enhancing the security of the upstream Linux kernel in the spatial safety domain.
Additionally, we will briefly review the recent history of hardening efforts that have led to the unveiling of these tens of thousands of warnings. This process illustrates the extensive and gradual nature of hardening the kernel, highlighting the challenges and persistence required to enhance its security. Looking ahead, after enabling this compiler option in mainline, I will briefly discuss the next challenge the Kernel Self-Protection Project will likely focus on.
See the slides below.
eo2025The video of the presentation will be available at the link below once it’s finally published.
