{"id":681,"date":"2023-12-09T18:35:29","date_gmt":"2023-12-10T00:35:29","guid":{"rendered":"https:\/\/embeddedor.com\/blog\/?page_id=681"},"modified":"2026-04-20T19:58:33","modified_gmt":"2026-04-21T01:58:33","slug":"presentations","status":"publish","type":"page","link":"https:\/\/embeddedor.com\/blog\/presentations\/","title":{"rendered":"Presentations"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"400\" src=\"https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2024\/10\/d0fb2413-b55c-4fe3-8e46-906cee72fe78-700x400.webp\" alt=\"\" class=\"wp-image-1636\" srcset=\"https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2024\/10\/d0fb2413-b55c-4fe3-8e46-906cee72fe78-700x400.webp 700w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2024\/10\/d0fb2413-b55c-4fe3-8e46-906cee72fe78-300x171.webp 300w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2024\/10\/d0fb2413-b55c-4fe3-8e46-906cee72fe78-768x439.webp 768w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2024\/10\/d0fb2413-b55c-4fe3-8e46-906cee72fe78-1536x878.webp 1536w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2024\/10\/d0fb2413-b55c-4fe3-8e46-906cee72fe78-800x457.webp 800w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2024\/10\/d0fb2413-b55c-4fe3-8e46-906cee72fe78.webp 1792w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>I have compiled here my Linux kernel presentations from over the years. I hope people find them useful. &#x1f642;&#x1f427; <\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#2026\" title=\"2026\">2026<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Upstream_Kernel_Hardening_Progress_on_enabling_-Wflex-array-member-not-at-end_EO-Canberra\" title=\"Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (EO-Canberra)\">Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (EO-Canberra)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_Okayama_University_%E2%80%93Guest_talk\" title=\"Enhancing spatial safety: Better array-bounds checking in C (and Linux) (Okayama University &#8211;Guest talk)\">Enhancing spatial safety: Better array-bounds checking in C (and Linux) (Okayama University &#8211;Guest talk)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#2025\" title=\"2025\">2025<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Upstream_Kernel_Hardening_Progress_on_enabling_-Wflex-array-member-not-at-end_OSSJP2025\" title=\"Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSJP2025)\">Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSJP2025)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_OSSJP2025\" title=\"Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSJP2025)\">Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSJP2025)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_OSSKR2025_%E2%80%93_Nov_5_Talk\" title=\"Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSKR2025 &#8211; Nov 5 Talk)\">Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSKR2025 &#8211; Nov 5 Talk)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Upstream_Kernel_Hardening_Progress_on_enabling_-Wflex-array-member-not-at-end_OSSKR2025\" title=\"Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSKR2025)\">Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSKR2025)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_OSSKR2025_%E2%80%93_Nov_4_Talk\" title=\"Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSKR2025 &#8211; Nov 4 Talk)\">Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSKR2025 &#8211; Nov 4 Talk)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Upstream_Kernel_Hardening_Progress_on_enabling_-Wflex-array-member-not-at-end_OSSEU2025\" title=\"Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSEU2025)\">Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSEU2025)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_SATSS\" title=\"Enhancing spatial safety: Better array-bounds checking in C (and Linux) (SATSS)\">Enhancing spatial safety: Better array-bounds checking in C (and Linux) (SATSS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_University_of_Adelaide_%E2%80%93Guest_talk\" title=\"Enhancing spatial safety: Better array-bounds checking in C (and Linux) (University of Adelaide &#8211;Guest talk)\">Enhancing spatial safety: Better array-bounds checking in C (and Linux) (University of Adelaide &#8211;Guest talk)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_in_the_Linux_kernel_Fixing_thousands_of_-Wfamnae_warnings_EO2025\" title=\"Enhancing spatial safety in the Linux kernel: Fixing thousands of -Wfamnae warnings (EO2025)\">Enhancing spatial safety in the Linux kernel: Fixing thousands of -Wfamnae warnings (EO2025)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#2024\" title=\"2024\">2024<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Fixing_thousands_of_-Wflex-array-member-not-at-end_warnings_Kernel_Recipes\" title=\"Enhancing spatial safety: Fixing thousands of -Wflex-array-member-not-at-end warnings (Kernel Recipes)\">Enhancing spatial safety: Fixing thousands of -Wflex-array-member-not-at-end warnings (Kernel Recipes)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Fixing_thousands_of_-Wflex-array-member-not-at-end_warnings_LPCEU\" title=\"Enhancing spatial safety: Fixing thousands of -Wflex-array-member-not-at-end warnings (LPCEU)\">Enhancing spatial safety: Fixing thousands of -Wflex-array-member-not-at-end warnings (LPCEU)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Challenges_and_Innovations_Towards_Spatial_Safety_in_the_Linux_Kernel_LinuxCon_Europe\" title=\"Challenges and Innovations Towards Spatial Safety in the Linux Kernel (LinuxCon Europe)\">Challenges and Innovations Towards Spatial Safety in the Linux Kernel (LinuxCon Europe)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_SSTIC\" title=\"Enhancing spatial safety: Better array-bounds checking in C (and Linux) (SSTIC)\">Enhancing spatial safety: Better array-bounds checking in C (and Linux) (SSTIC)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Challenges_and_innovations_towards_safer_flexible_arrays_in_the_Linux_kernel_LLC\" title=\"Challenges and innovations towards safer flexible arrays in the Linux kernel (LLC)\">Challenges and innovations towards safer flexible arrays in the Linux kernel (LLC)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Gaining_bounds-checking_on_trailing_arrays_in_the_Linux_Kernel_EO\" title=\"Gaining bounds-checking on trailing arrays in the Linux Kernel (EO)\">Gaining bounds-checking on trailing arrays in the Linux Kernel (EO)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#2023\" title=\"2023\">2023<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Gaining_bounds-checking_on_trailing_arrays_in_the_Linux_Kernel_KR\" title=\"Gaining bounds-checking on trailing arrays in the Linux Kernel (KR)\">Gaining bounds-checking on trailing arrays in the Linux Kernel (KR)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Progress_On_Bounds_Checking_in_C_and_the_Linux_Kernel_LSSNA\" title=\"Progress On Bounds Checking in C and the Linux Kernel (LSSNA)\">Progress On Bounds Checking in C and the Linux Kernel (LSSNA)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#2022\" title=\"2022\">2022<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Flexible-Array_Transformations_and_Array-bounds_checking_LSSEU\" title=\"Flexible-Array Transformations and Array-bounds checking (LSSEU)\">Flexible-Array Transformations and Array-bounds checking (LSSEU)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#The_Kernel_Self-Protection_Project_and_how_you_can_help_KR\" title=\"The Kernel Self-Protection Project and how you can help (KR)\">The Kernel Self-Protection Project and how you can help (KR)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#2019\" title=\"2019\">2019<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Hunting_and_fixing_bugs_all_over_the_Linux_kernel_KR\" title=\"Hunting and fixing bugs all over the Linux kernel (KR)\">Hunting and fixing bugs all over the Linux kernel (KR)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#2018\" title=\"2018\">2018<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#A_year_of_fixing_Coverity_issues_all_over_the_Linux_kernel_KR\" title=\"A year of fixing Coverity issues all over the Linux kernel (KR)\">A year of fixing Coverity issues all over the Linux kernel (KR)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#2017\" title=\"2017\">2017<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/embeddedor.com\/blog\/presentations\/#Fixing_coverity_bugs_all_around_the_Linux_kernel_KR\" title=\"Fixing coverity bugs all around the Linux kernel (KR)\">Fixing coverity bugs all around the Linux kernel (KR)<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2026\"><\/span>2026<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Upstream_Kernel_Hardening_Progress_on_enabling_-Wflex-array-member-not-at-end_EO-Canberra\"><\/span>Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (EO-Canberra)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/2026.everythingopen.au\/schedule\/presentation\/12\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"835\" src=\"https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2025\/12\/Screenshot_20251220_142801_Chrome-700x835.jpg\" alt=\"\" class=\"wp-image-2534\" srcset=\"https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2025\/12\/Screenshot_20251220_142801_Chrome-700x835.jpg 700w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2025\/12\/Screenshot_20251220_142801_Chrome-251x300.jpg 251w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2025\/12\/Screenshot_20251220_142801_Chrome-768x916.jpg 768w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2025\/12\/Screenshot_20251220_142801_Chrome-1288x1536.jpg 1288w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2025\/12\/Screenshot_20251220_142801_Chrome-1717x2048.jpg 1717w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2025\/12\/Screenshot_20251220_142801_Chrome-800x954.jpg 800w, https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2025\/12\/Screenshot_20251220_142801_Chrome.jpg 1855w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/a><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>The -Wflex-array-member-not-at-end compiler option was introduced in GCC 14. It warns about flexible-array members in the middle of composite structures. At the time, it revealed around 60,000 warnings in the upstream Linux kernel. While the vast majority of these are duplicates, about 650 are unique and require individual auditing and resolution. These issues fall into various categories and differ in complexity, which adds to the challenge of globally enabling this flag upstream.<\/p>\n\n\n\n<p>In this presentation, we&#8217;ll share the progress we&#8217;ve made on this work as part of the Linux Kernel Self-Protection Project (KSPP) over the last year. We&#8217;ll go over the challenges we&#8217;ve encountered, show concrete code examples, and demonstrate how to fix these kinds of problems. We&#8217;ll also discuss why enabling this option is important for the kernel, and how we plan to complete this work in the near future.<\/p>\n\n\n\n<p>Whether you&#8217;re a seasoned kernel developer or someone looking to start contributing upstream, this presentation will introduce useful helpers and strategies you can use to fix existing code or implement new functionality, and in doing so, help us harden the Linux kernel for the benefit of everyone. [<a href=\"https:\/\/embeddedor.com\/slides\/2026\/eo\/wfamnae-eo2026.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>]<\/p>\n\n\n<a href=\"https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2026\/01\/wfamnae-eo2026.pdf\" class=\"pdfemb-viewer\" style=\"\" data-width=\"max\" data-height=\"max\" data-toolbar=\"bottom\" data-toolbar-fixed=\"off\">wfamnae-eo2026<\/a>\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_Okayama_University_%E2%80%93Guest_talk\"><\/span>Enhancing spatial safety: Better array-bounds checking in C (and Linux) (Okayama University &#8211;Guest talk)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The C language has historically suffered from a lack of proper bounds-checking on all types of arrays. The Linux Kernel Self-Protection Project has been addressing this issue for several years. In this presentation, we&#8217;ll learn about the most recent hardening efforts to resolve the problem of bounds-checking, particularly for fixed-size and flexible arrays.<\/p>\n\n\n\n<p>We&#8217;ll explore the different mechanisms being used to harden key APIs like memcpy() against buffer overflows, which include the use of some interesting built-in compiler functions. We&#8217;ll also talk about a couple of recent compiler options like -fstrict-flex-arrays and -Wflex-array-member-not-at-end, as well as the new counted_by attribute introduced in Clang 18 and GCC 15, which helps us gain run-time bounds-checking coverage on flexible arrays.<\/p>\n\n\n\n<p>Overall, we&#8217;ll discuss how various challenges have been overcome, and highlight the innovations developed to solve the problem of array bounds-checking in both C and the Linux kernel once and for all. [<a href=\"https:\/\/embeddedor.com\/slides\/2026\/okayamauni\/ab-okayamauni2026.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n<a href=\"https:\/\/embeddedor.com\/blog\/wp-content\/uploads\/2026\/01\/ab-okayamauni2026.pdf\" class=\"pdfemb-viewer\" style=\"\" data-width=\"max\" data-height=\"max\" data-toolbar=\"bottom\" data-toolbar-fixed=\"off\">ab-okayamauni2026<\/a>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2025\"><\/span>2025<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Upstream_Kernel_Hardening_Progress_on_enabling_-Wflex-array-member-not-at-end_OSSJP2025\"><\/span>Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSJP2025)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The -Wflex-array-member-not-at-end compiler option was introduced in GCC 14. It warns about flexible-array members in the middle of composite structures. At the time, it revealed around 60,000 warnings in the upstream Linux kernel. While the vast majority of these are duplicates, about 650 are unique and require individual auditing and resolution. These issues fall into various categories and differ in complexity, which adds to the challenge of globally enabling this flag upstream.<\/p>\n\n\n\n<p>In this presentation, we&#8217;ll share the progress we&#8217;ve made on this work as part of the Linux Kernel Self-Protection Project (KSPP) over the last year. We&#8217;ll go over the challenges we&#8217;ve encountered, show concrete code examples, and demonstrate how to fix these kinds of problems. We&#8217;ll also discuss why enabling this option is important for the kernel, and how we plan to complete this work in the near future.<\/p>\n\n\n\n<p>Whether you&#8217;re a seasoned kernel developer or someone looking to start contributing upstream, this presentation will introduce useful helpers and strategies you can use to fix existing code or implement new functionality, and in doing so, help us harden the Linux kernel for the benefit of everyone. [<a href=\"https:\/\/embeddedor.com\/slides\/2025\/ossjp\/wfamnae-ossjp2025.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Upstream Kernel Hardening: Progress on Enabling -Wflex-array-member-not-at-end - Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/IRNGpX1cUl4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_OSSJP2025\"><\/span>Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSJP2025)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The C language has historically suffered from a lack of proper bounds-checking on all types of arrays. The Linux Kernel Self-Protection Project has been addressing this issue for several years. In this presentation, we&#8217;ll learn about the most recent hardening efforts to resolve the problem of bounds-checking, particularly for fixed-size and flexible arrays.<\/p>\n\n\n\n<p>We&#8217;ll explore the different mechanisms being used to harden key APIs like memcpy() against buffer overflows, which include the use of some interesting built-in compiler functions. We&#8217;ll also talk about a couple of recent compiler options like -fstrict-flex-arrays and -Wflex-array-member-not-at-end, as well as the new counted_by attribute introduced in Clang 18 and GCC 15, which helps us gain run-time bounds-checking coverage on flexible arrays.<\/p>\n\n\n\n<p>Overall, we&#8217;ll discuss how various challenges have been overcome, and highlight the innovations developed to solve the problem of array bounds-checking in both C and the Linux kernel once and for all. [<a href=\"https:\/\/embeddedor.com\/slides\/2025\/ossjp\/ab-ossjp2025.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Enhancing Spatial Safety: Better Array-bounds Checking in C (and Linux) - Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/L0XiZ7XhxhQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_OSSKR2025_%E2%80%93_Nov_5_Talk\"><\/span>Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSKR2025 &#8211; Nov 5 Talk)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The C language has historically suffered from a lack of proper bounds-checking on all types of arrays. The Linux Kernel Self-Protection Project has been addressing this issue for several years. In this presentation, we&#8217;ll learn about the most recent hardening efforts to resolve the problem of bounds-checking, particularly for fixed-size and flexible arrays.<\/p>\n\n\n\n<p>We&#8217;ll explore the different mechanisms being used to harden key APIs like memcpy() against buffer overflows, which include the use of some interesting built-in compiler functions. We&#8217;ll also talk about a couple of recent compiler options like -fstrict-flex-arrays and -Wflex-array-member-not-at-end, as well as the new counted_by attribute introduced in Clang 18 and GCC 15, which helps us gain run-time bounds-checking coverage on flexible arrays.<\/p>\n\n\n\n<p>Overall, we&#8217;ll discuss how various challenges have been overcome, and highlight the innovations developed to solve the problem of array bounds-checking in both C and the Linux kernel once and for all. [<a href=\"https:\/\/embeddedor.com\/slides\/2025\/osskr\/ab-osskr2025-nov5.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Enhancing Spatial Safety: Better Array-bounds Checking in C (and Linux) - Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/MFc90AIxLFE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Upstream_Kernel_Hardening_Progress_on_enabling_-Wflex-array-member-not-at-end_OSSKR2025\"><\/span>Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSKR2025)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The -Wflex-array-member-not-at-end compiler option was introduced in GCC 14. It warns about flexible-array members in the middle of composite structures. At the time, it revealed around 60,000 warnings in the upstream Linux kernel. While the vast majority of these are duplicates, about 650 are unique and require individual auditing and resolution. These issues fall into various categories and differ in complexity, which adds to the challenge of globally enabling this flag upstream.<\/p>\n\n\n\n<p>In this presentation, we&#8217;ll share the progress we&#8217;ve made on this work as part of the Linux Kernel Self-Protection Project (KSPP) over the last year. We&#8217;ll go over the challenges we&#8217;ve encountered, show concrete code examples, and demonstrate how to fix these kinds of problems. We&#8217;ll also discuss why enabling this option is important for the kernel, and how we plan to complete this work in the near future.<\/p>\n\n\n\n<p>Whether you&#8217;re a seasoned kernel developer or someone looking to start contributing upstream, this presentation will introduce useful helpers and strategies you can use to fix existing code or implement new functionality, and in doing so, help us harden the Linux kernel for the benefit of everyone. [<a href=\"https:\/\/embeddedor.com\/slides\/2025\/osskr\/wfamnae-osskr2025.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Upstream Kernel Hardening: Progress on Enabling -Wflex-array-member-not-at-end - Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/OFOr91cSyzQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_OSSKR2025_%E2%80%93_Nov_4_Talk\"><\/span>Enhancing spatial safety: Better array-bounds checking in C (and Linux) (OSSKR2025 &#8211; Nov 4 Talk)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The C language has historically suffered from a lack of proper bounds-checking on all types of arrays. The Linux Kernel Self-Protection Project has been addressing this issue for several years. In this presentation, we&#8217;ll learn about the most recent hardening efforts to resolve the problem of bounds-checking, particularly for fixed-size and flexible arrays.<\/p>\n\n\n\n<p>We&#8217;ll explore the different mechanisms being used to harden key APIs like memcpy() against buffer overflows, which include the use of some interesting built-in compiler functions. We&#8217;ll also talk about a couple of recent compiler options like -fstrict-flex-arrays and -Wflex-array-member-not-at-end, as well as the new counted_by attribute introduced in Clang 18 and GCC 15, which helps us gain run-time bounds-checking coverage on flexible arrays.<\/p>\n\n\n\n<p>Overall, we&#8217;ll discuss how various challenges have been overcome, and highlight the innovations developed to solve the problem of array bounds-checking in both C and the Linux kernel once and for all. [<a href=\"https:\/\/embeddedor.com\/slides\/2025\/osskr\/ab-osskr2025-nov4.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<p>(They just informed me they didn&#8217;t record this session&#8230; ~_~)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Upstream_Kernel_Hardening_Progress_on_enabling_-Wflex-array-member-not-at-end_OSSEU2025\"><\/span>Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (OSSEU2025)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The -Wflex-array-member-not-at-end compiler option was introduced in GCC 14. At the time, it revealed around 60,000 warnings in the upstream Linux kernel. While many of these were duplicates, about 650 are unique and require individual auditing and attention. These issues span different categories and vary in complexity, which adds to the challenge of globally enabling this compiler option in the upstream Linux kernel.<\/p>\n\n\n\n<p>In this presentation, we&#8217;ll share the progress we&#8217;ve made on this work as part of the Kernel Self-Protection Project (KSPP) over the past few months. We&#8217;ll go over the challenges we&#8217;ve encountered, show concrete code examples, and demonstrate how to fix these kinds of problems. We&#8217;ll also discuss why enabling this option is important for the kernel, and how we plan to complete this work in the near future.<\/p>\n\n\n\n<p>Whether you&#8217;re a seasoned kernel developer or someone looking to start contributing upstream, this presentation will introduce useful helpers and strategies you can use to fix existing code or implement new functionality, and in doing so, help us harden the upstream Linux kernel for the benefit of everyone. [<a href=\"http:\/\/embeddedor.com\/slides\/2025\/osseu\/osseu2025.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<p><iframe loading=\"lazy\" title=\"Upstream Kernel Hardening: Progress on Enabling -Wflex-array-member-not-at-end - Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/nz0GId_zsIk?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_SATSS\"><\/span>Enhancing spatial safety: Better array-bounds checking in C (and Linux) (SATSS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The C language has historically suffered from a lack of proper bounds-checking on all kinds of arrays. The Linux Kernel Self-Protection Project has been addressing this issue for several years. In this presentation, we will learn about the most recent hardening efforts to resolve the problem of bounds-checking, particularly for fixed-size and flexible arrays.<\/p>\n\n\n\n<p>We will explore the different mechanisms being used to harden key APIs like memcpy() against buffer overflows, which include the use of some interesting built-in compiler functions. We will also talk about a couple of recent compiler options like -fstrict-flex-arrays and -Wflex-array-member-not-at-end, as well as the new counted_by attribute released in Clang 18 and GCC 15, which helps us gain run-time bounds-checking coverage on flexible arrays.<\/p>\n\n\n\n<p>Overall, we will discuss how various challenges have been overcome, and highlight the innovations developed to solve the problem of array bounds-checking in both C and the Linux kernel once and for all. [<a href=\"http:\/\/embeddedor.com\/slides\/2025\/keiouni\/keiouni2025.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<p><a href=\"https:\/\/sc-sys.github.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">Workshop on Software, Architecture and Theory for Secure Systems (SATSS), Tokyo, Japan.<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_University_of_Adelaide_%E2%80%93Guest_talk\"><\/span>Enhancing spatial safety: Better array-bounds checking in C (and Linux) (University of Adelaide &#8211;Guest talk)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The C language has historically suffered from a lack of proper bounds-checking on all kinds of arrays. The Kernel Self-Protection Project has been addressing this issue for several years. In this presentation, we will learn about the most recent hardening efforts to resolve the problem of bounds-checking, particularly for fixed-size and flexible arrays.<\/p>\n\n\n\n<p>We will explore the different mechanisms being used to harden key APIs like <code>memcpy()<\/code> against buffer overflows, which include the use of some interesting built-in compiler functions. We will also talk about a couple of recent compiler options like <code>-fstrict-flex-arrays<\/code> and <code>-Wflex-array-member-not-at-end<\/code>, as well as the new <code>counted_by<\/code> attribute released in Clang-18 a year ago, which helps us gain run-time bounds-checking coverage on flexible arrays.<\/p>\n\n\n\n<p>Overall, we will discuss how various challenges have been overcome, and highlight the innovations developed to solve the problem of array bounds-checking in both C and the Linux kernel once and for all. [<a href=\"https:\/\/embeddedor.com\/slides\/2025\/uniadl\/uniadl2025.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Enhancing spatial safety: Better array-bounds checking in C (and Linux) - Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/pvmiCyf8NnQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_in_the_Linux_kernel_Fixing_thousands_of_-Wfamnae_warnings_EO2025\"><\/span>Enhancing spatial safety in the Linux kernel: Fixing thousands of -Wfamnae warnings (EO2025)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The introduction of the new -Wflex-array-member-not-at-end compiler option, released in GCC-14, has revealed approximately 60,000 warnings in the Linux kernel. Among them, some legitimate bugs have been uncovered.<\/p>\n\n\n\n<p>In this presentation, we will explore in detail the different strategies we are employing to resolve all these warnings. These methods have already helped us resolve about 30% of them. Our ultimate goal in the Kernel Self-Protection Project is to globally enable this option in mainline, further enhancing the security of the upstream Linux kernel in the spatial safety domain.<\/p>\n\n\n\n<p>Additionally, we will briefly review the recent history of hardening efforts that have led to the unveiling of these tens of thousands of warnings. This process illustrates the extensive and gradual nature of hardening the kernel, highlighting the challenges and persistence required to enhance its security. Looking ahead, after enabling this compiler option in mainline, I will briefly discuss the next challenge the Kernel Self-Protection Project will likely focus on. [<a href=\"https:\/\/embeddedor.com\/slides\/2025\/eo\/eo2025.pdf\">slides<\/a>](pdf)<\/p>\n\n\n\n<p><a href=\"https:\/\/m.youtube.com\/watch?v=XAftOve6cFs\">https:\/\/m.youtube.com\/watch?v=XAftOve6cFs<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2024\"><\/span>2024<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Fixing_thousands_of_-Wflex-array-member-not-at-end_warnings_Kernel_Recipes\"><\/span>Enhancing spatial safety: Fixing thousands of -Wflex-array-member-not-at-end warnings (Kernel Recipes)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The introduction of the new -Wflex-array-member-not-at-end compiler option, released in GCC-14, has revealed approximately 60,000 warnings in the Linux kernel. Among them, some legitimate bugs have been uncovered.<\/p>\n\n\n\n<p>In this presentation, we will explore in detail the different strategies we are employing to resolve all these warnings. These methods have already helped us resolve about 30% of them. Our ultimate goal in the Kernel Self-Protection Project is to globally enable this option in mainline, further enhancing the security of the kernel in the spatial safety domain. [<a href=\"https:\/\/embeddedor.com\/slides\/2024\/kr\/kr2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<p><iframe loading=\"lazy\" title=\"Kernel Recipes 2024 - Enhancing spatial safety\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/N-pcG0C0Ex4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Fixing_thousands_of_-Wflex-array-member-not-at-end_warnings_LPCEU\"><\/span>Enhancing spatial safety: Fixing thousands of -Wflex-array-member-not-at-end warnings (LPCEU)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The introduction of the new -Wflex-array-member-not-at-end compiler option, released in GCC-14, has revealed approximately 60,000 warnings in the Linux kernel. Among them, some legitimate bugs have been uncovered.<\/p>\n\n\n\n<p>In this presentation, we will explore in detail the different strategies we are employing to resolve all these warnings. These methods have already helped us resolve about 30% of them. Our ultimate goal in the Kernel Self-Protection Project is to globally enable this option in mainline, further enhancing the security of the kernel in the spatial safety domain.<\/p>\n\n\n\n<p>As this is a work in progress, the main goal of this presentation is to gather feedback from the wider community of kernel developers to further improve our strategies and effectively address the remaining issues. [<a href=\"https:\/\/embeddedor.com\/slides\/2024\/lpceu\/lpceu2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Enhancing spatial safety: Fixing thousands of-Wflex-array-member-not-at-end warnings -SILVA, Gustavo\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/k4wX5OgbhAQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Challenges_and_Innovations_Towards_Spatial_Safety_in_the_Linux_Kernel_LinuxCon_Europe\"><\/span>Challenges and Innovations Towards Spatial Safety in the Linux Kernel (LinuxCon Europe)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The first flexible-array transformation we implemented in the kernel, as part of the Kernel Self-Protection Project, took place back in March 2019. At the time, our work on preventing integer overflows during memory allocations led us to discover an 8-year-old bug. Addressing this bug not only resolved a longstanding issue but also initiated the work of flexible-array transformations across the whole kernel tree.<\/p>\n\n\n\n<p>This marked the beginning of a challenging yet rewarding journey to add bounds-checking on trailing arrays in the Linux kernel. Five years have passed since then, and we\u2019ve come a long way. We have now new Clang and GCC hardening compiler options and attributes, that significantly improve the security of the Linux kernel, particularly in the spatial-safety area. We have new hardening helpers that make traditional methods less prone to error.<\/p>\n\n\n\n<p>In general, we have new and safer ways of doing things, which usually require a learning curve, even for seasoned kernel developers. In this talk, we will walk through the most recent challenges and history of our quest to improve spatial safety in the Linux kernel, and with that, get rid of out-of-bounds bugs once and for all. [<a href=\"https:\/\/embeddedor.com\/slides\/2024\/lceu\/lceu2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">slides<\/a>](pdf)<\/p>\n\n\n\n<p><iframe loading=\"lazy\" title=\"Challenges and Innovations Towards Spatial Safety in the Linux Kernel - Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/M1BRDUv9yXA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhancing_spatial_safety_Better_array-bounds_checking_in_C_and_Linux_SSTIC\"><\/span>Enhancing spatial safety: Better array-bounds checking in C (and Linux) (SSTIC)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The C language has historically suffered from a lack of proper bounds-checking on all kinds of arrays. The Kernel Self-Protection Project has been addressing this issue for several years. In this presentation, we will learn about the most recent hardening efforts to resolve the problem of bounds-checking, particularly for fixed-size and flexible arrays.<\/p>\n\n\n\n<p>We will explore the different mechanisms being used to harden key APIs like <code>memcpy()<\/code> against buffer overflows, which include the use of some interesting built-in compiler functions. We will also talk about a couple of recent compiler options like <code>-fstrict-flex-arrays<\/code> and <code>-Wflex-array-member-not-at-end<\/code>, as well as the new <code>__counted_by__ attribute<\/code> released in Clang-18 a few weeks ago, which helps us gain run-time bounds-checking coverage on flexible arrays.<\/p>\n\n\n\n<p>Overall, we will discuss how various challenges have been overcome and highlight the innovations developed to solve the problem of array bounds-checking in both C and the Linux kernel once and for all. [<a href=\"https:\/\/embeddedor.com\/slides\/2024\/sstic\/sstic2024.pdf\">slides<\/a>](pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-embed-handler wp-block-embed-embed-handler\"><div class=\"wp-block-embed__wrapper\">\n<div style=\"width: 640px;\" class=\"wp-video\"><video class=\"wp-video-shortcode\" id=\"video-681-1\" width=\"640\" height=\"360\" preload=\"metadata\" controls=\"controls\"><source type=\"video\/mp4\" src=\"https:\/\/static.sstic.org\/videos2024\/1080p\/invite_2024_2.mp4?_=1\" \/><a href=\"https:\/\/static.sstic.org\/videos2024\/1080p\/invite_2024_2.mp4\">https:\/\/static.sstic.org\/videos2024\/1080p\/invite_2024_2.mp4<\/a><\/video><\/div>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Challenges_and_innovations_towards_safer_flexible_arrays_in_the_Linux_kernel_LLC\"><\/span>Challenges and innovations towards safer flexible arrays in the Linux kernel (LLC)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>[<a href=\"https:\/\/embeddedor.com\/slides\/2024\/llc\/llc2024.pdf\">slides<\/a>](pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"LLC 2024 - Challenges and innovations towards safer flexible arrays in the Linux kernel,  by Gustavo\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/YNSq1C9SShI?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Gaining_bounds-checking_on_trailing_arrays_in_the_Linux_Kernel_EO\"><\/span>Gaining bounds-checking on trailing arrays in the Linux Kernel (EO)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Trailing arrays at the end of a structure are a common code construct in the Linux kernel. While they are often dynamically-sized, trailing arrays can also be fixed in size, defined at compile-time and remaining constant throughout their lifetime. It&#8217;s a little-known fact that compilers like GCC (and Clang) have historically treated all trailing arrays as if they were flexible in size. This approach becomes problematic if we want to rely on the compiler to detect out-of-bounds issues on these arrays, both at compile-time and run-time.<\/p>\n\n\n\n<p>To effectively address this, the compiler must first accurately differentiate between dynamically-sized and fixed-size trailing arrays. The introduction of the -fstrict-flex-arrays option in GCC 13 (and Clang 16) marks a significant step towards this goal. Concurrently, in Kernel Self-Protection Project, we have been converting trailing zero-length and one-element arrays &#8211;commonly known as fake flexible arrays&#8211; into modern C99 flexible-array members for years.<\/p>\n\n\n\n<p>We will see how the combination of these efforts, along with the implementation of some crucial compiler attributes, is paving the way towards eliminating out-of-bounds vulnerabilities on trailing arrays in the upstream Linux kernel. Furthermore, we will explore how this work is closely related to and contributes to the latest efforts in hardening key APIs like memcpy(), and in globally enabling options like -Warray-bounds. [<a href=\"https:\/\/embeddedor.com\/slides\/2024\/eo\/eo2024.pdf\" data-type=\"link\" data-id=\"https:\/\/embeddedor.com\/slides\/2024\/eo\/eo2024.pdf\">slides<\/a>](pdf)<\/p>\n\n\n\n<p><a href=\"https:\/\/youtu.be\/XAftOve6cFs\">https:\/\/youtu.be\/XAftOve6cFs<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2023\"><\/span>2023<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Gaining_bounds-checking_on_trailing_arrays_in_the_Linux_Kernel_KR\"><\/span>Gaining bounds-checking on trailing arrays in the Linux Kernel (KR)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Having a dynamically-sized trailing array at the end of a structure is a popular code construct in the Linux kernel. However, trailing arrays can also be of a fixed size, which means that their size is well-defined at compile-time and remains fixed throughout their entire lifetime. Little is known about the fact that compilers like GCC have historically treated all trailing arrays, no matter what their size, as flexible-sized arrays. This is a problem if we want the compiler to help us detect out-of-bounds issues on such arrays both at compile-time and at run-time. Therefore, the compiler should first be able to clearly distinguish between those that are used as dynamically-sized arrays and those that are not (fixed-size arrays).<\/p>\n\n\n\n<p>In order to achieve this, GCC-13 is introducing the new -fstrict-flex-arrays option. And we, in the Kernel Self-Protection Project, have been transforming trailing zero-length and one-element arrays (what we call fake flexible-arrays) into modern C99 flexible-array members. We will see how the combination of both efforts, together with the addition of some important compiler attributes, will eventually help us be free of out-of-bounds vulnerabilities on trailing arrays in the upstream Linux kernel. We will also explore how this work is closely related, and contributes, to the most recent efforts to hardening key APIs like memcpy() and globally enabling options like -Warray-bounds. <a href=\"https:\/\/embeddedor.com\/slides\/2023\/kr\/kr2023.pdf\">[slides]<\/a>(pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Kernel Recipes 2023 - Gaining bounds-checking on trailing arrays\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/bfKrLH7pLBQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Progress_On_Bounds_Checking_in_C_and_the_Linux_Kernel_LSSNA\"><\/span>Progress On Bounds Checking in C and the Linux Kernel (LSSNA)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Linux, like all C code, regularly suffers from heap buffer overflow flaws. Especially frustrating is that the compiler usually has enough context to have been able to stop the overflow but has been hampered by needing to support legacy coding styles, ambiguous language definitions, and fragile APIs. This has forced the compiler to frequently ignore the intent of programmers in an effort to support sloppy code patterns that may not exist in a project at all.<\/p>\n\n\n\n<p>The history of the C language specification&#8217;s &#8220;flex array member&#8221; (FAM) is long and twisty, and technical debt exists due to ambiguous implementations. With the introduction of -fstrict-flex-arrays, C can now unambiguously declare array sizes. In the kernel we can build on this, by transforming trailing zero-length and one-element arrays into modern C99 FAMs, adding the use of __builtin_dynamic_object_size(), applying it to defenses like FORTIFY_SOURCE, and expanding where the compiler can use this knowledge internally for improving existing sanitizers. Finally, adding a new struct member attribute, we can expand object size tracking to cover all array types, freeing Linux from this persistent class of buffer overflows flaws. <a href=\"https:\/\/outflux.net\/slides\/2023\/lss-na\/bounds-checking.pdf\">[slides]<\/a>(pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Progress On Bounds Checking in C and the Linux Kernel - Kees Cook, Google &amp; Gustavo A.R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/V2kzptQG5_A?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2022\"><\/span>2022<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Flexible-Array_Transformations_and_Array-bounds_checking_LSSEU\"><\/span>Flexible-Array Transformations and Array-bounds checking (LSSEU)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Having a dynamically-sized trailing array at the end of a structure is a useful code construct in the Linux kernel. However, the lack of proper bounds-checking on such objects is concerning and worth making an effort to remediate it. This presentation is about the different strategies we, in the Kernel Self-Protection Project, have been following along the last couple of years to transform trailing zero-length and one-element arrays into modern C99 flexible-array members, and the problems we have run into in the process.<\/p>\n\n\n\n<p>We will touch on how this work is closely related and helpful to the most recent efforts to hardening key APIs like memcpy() and globally enabling options like -Warray-bounds. We will explain how we&#8217;ve been addressing the particularly challenging one-element array into flexible-array member transformations in UAPI. Also, we&#8217;ll see how the fact that compilers like GCC have historically treated all trailing arrays, no matter what their size, as flexible-sized arrays, is problematic and causes trouble when it comes to perform proper array-bounds checking on such objects, and how the introduction of a new option like -fstrict-flex-arrays could help. <a href=\"https:\/\/embeddedor.com\/slides\/2022\/lsseu\/lsseu2022.pdf\">[slides]<\/a>(pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Flexible Array Transformations and Array-bounds Checking - Gustavo A. R. Silva, The Linux Foundation\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/nrojq96szcA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Kernel_Self-Protection_Project_and_how_you_can_help_KR\"><\/span>The Kernel Self-Protection Project and how you can help (KR)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>This presentation will cover some of the most recent KSPP accomplishments, as well as some currently active efforts. Also, a brief explanation of how you can help us complete some particularly challenging work will be presented. <a href=\"https:\/\/embeddedor.com\/slides\/2022\/kr\/kr2022.pdf\">[slides]<\/a>(pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Kernel Recipes 2022 - The Kernel Self-Protection Project and how you can help\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/-IvSAkhJ26I?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2019\"><\/span>2019<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Hunting_and_fixing_bugs_all_over_the_Linux_kernel_KR\"><\/span>Hunting and fixing bugs all over the Linux kernel (KR)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>At a rate of almost 9 changes per hour (24\/7), the Linux kernel is definitely a scary beast. Bugs are introduced on a daily basis and, through the use of multiple code analyzers, <em>some<\/em> of them are detected and fixed before they hit mainline. Over the course of the last few years, Gustavo has been fixing such bugs and many different issues in every corner of the Linux kernel. Recently, he was in charge of leading the efforts to globally enable -Wimplicit-fallthrough; which appears by default in Linux v5.3. This presentation is a report on all the stuff Gustavo has found and fixed in the kernel with the support of the Core Infrastructure Initiative. <a href=\"https:\/\/embeddedor.com\/slides\/2019\/kr\/kr2019.pdf\">[slides]<\/a>(pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/9UQs1ca5Uwk?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2018\"><\/span>2018<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"A_year_of_fixing_Coverity_issues_all_over_the_Linux_kernel_KR\"><\/span>A year of fixing Coverity issues all over the Linux kernel (KR)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Coverity is a static analyzer that scans the kernel code and reports issues that can hide coding mistakes and vulnerabilities. Currently, it reports around 5,000 outstanding defects in the Linux kernel. I\u2019m dedicated to fixing those defects and, this talk is a status report of the work I have been doing over the course of a year. Lessons learned, as well as the most common types of issues reported, will also be presented. <a href=\"https:\/\/embeddedor.com\/slides\/2018\/kr\/kr2018.pdf\">[slides]<\/a>(pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Kernel Recipes 2018 - A year of fixing Coverity issues... -  Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/qj1Yjc_dK6s?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2017\"><\/span>2017<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Fixing_coverity_bugs_all_around_the_Linux_kernel_KR\"><\/span>Fixing coverity bugs all around the Linux kernel (KR)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Coverity scans the kernel code and reports issues that can hide coding mistakes and vulnerabilities. It reports around 6,000 outstanding defects in the Linux kernel, some of which were identified 11 years ago. I\u2019m dedicated to fix those defects and this is a presentation about my work. I\u2019m looking forward to getting your feedback as I\u2019m looking for ways to improve my workflow and also helping others to get started with kernel hacking. <a href=\"https:\/\/embeddedor.com\/slides\/2017\/kr\/kr2017.pdf\">[slides]<\/a>(pdf)<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Kernel Recipes 2017 - Fixing coverity bugs all around the Linux kernel -  Gustavo A. R. Silva\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/y0__yxM0New?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>I have compiled here my Linux kernel presentations from over the years. I hope people find them useful. &#x1f642;&#x1f427; 2026 Upstream Kernel Hardening: Progress on enabling -Wflex-array-member-not-at-end (EO-Canberra) The -Wflex-array-member-not-at-end compiler option was introduced in GCC 14. It warns about flexible-array members in the middle of composite structures. At the time, it revealed around 60,000&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":-1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-681","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/embeddedor.com\/blog\/wp-json\/wp\/v2\/pages\/681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/embeddedor.com\/blog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/embeddedor.com\/blog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/embeddedor.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/embeddedor.com\/blog\/wp-json\/wp\/v2\/comments?post=681"}],"version-history":[{"count":94,"href":"https:\/\/embeddedor.com\/blog\/wp-json\/wp\/v2\/pages\/681\/revisions"}],"predecessor-version":[{"id":3186,"href":"https:\/\/embeddedor.com\/blog\/wp-json\/wp\/v2\/pages\/681\/revisions\/3186"}],"wp:attachment":[{"href":"https:\/\/embeddedor.com\/blog\/wp-json\/wp\/v2\/media?parent=681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}