(Part of the group hanging out after the event. 😎)
On August 21, I had the opportunity to speak about the work we do in the Linux Kernel Self-Protection Project in front of graduate students and professors from Keio University in Tokyo. It was my very first time visiting Japan, and I was truly honored to be invited to present at the Workshop on Software, Architecture, and Theory for Secure Systems. 🇯🇵🎤👨🏽💻🐧
Enhancing spatial safety: Better array-bounds checking in C (and Linux)
The C language has historically suffered from a lack of proper bounds-checking on all kinds of arrays. The Linux Kernel Self-Protection Project has been addressing this issue for several years. In this presentation, we will learn about the most recent hardening efforts to resolve the problem of bounds-checking, particularly for fixed-size and flexible arrays.
We will explore the different mechanisms being used to harden key APIs like memcpy() against buffer overflows, which includes the use of some interesting built-in compiler functions. We will also talk about a couple of recent compiler options like -fstrict-flex-arrays and -Wflex-array-member-not-at-end, as well as the new counted_by attribute released in Clang 18 and GCC 15, which helps us gain run-time bounds-checking coverage on flexible arrays.
Overall, we will discuss how various challenges have been overcome, and highlight the innovations developed to solve the problem of array bounds-checking in both C and the Linux kernel once and for all.
I’ll go back to Japan for Open Source Summit Japan and the Linux Plumbers Conference this December. In the meantime, the slides are below if you’d like to check them out. Thanks! 🙂
Linux Kernel Self-Protection Project 🐧🛡⚔️
keiouni2025