* contribute to KSPP
@ 2019-11-14 1:29 Peng Fan
2019-11-18 17:16 ` Kees Cook
0 siblings, 1 reply; 3+ messages in thread
From: Peng Fan @ 2019-11-14 1:29 UTC (permalink / raw)
To: kernel-hardening; +Cc: keescook
Hi,
I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC BSP,
embedded virtualization, bootloader development.
I came across KSPP, find this is an attractive project. And would
like to do some contribution.
Not sure https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Work
is still up to date.
If you have any items not owned, please share me the info. Currently I am
going through the kernel items, such as the following form ARM/ARM64:
split thread_info off to kernel stack
move kernel stack to vmap area
KASLR for ARM
Protect ARM vector
Thanks,
Peng.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: contribute to KSPP
2019-11-14 1:29 contribute to KSPP Peng Fan
@ 2019-11-18 17:16 ` Kees Cook
2019-11-25 12:29 ` Peng Fan
0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2019-11-18 17:16 UTC (permalink / raw)
To: Peng Fan; +Cc: kernel-hardening
On Thu, Nov 14, 2019 at 01:29:33AM +0000, Peng Fan wrote:
> Hi,
Hi! Welcome to the list!
> I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC BSP,
> embedded virtualization, bootloader development.
>
> I came across KSPP, find this is an attractive project. And would
> like to do some contribution.
>
> Not sure https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Work
> is still up to date.
I've been slowly transitioning the TODO list to a github issue tracker
here:
https://github.com/KSPP/linux/issues/
> If you have any items not owned, please share me the info. Currently I am
> going through the kernel items, such as the following form ARM/ARM64:
> split thread_info off to kernel stack
https://github.com/KSPP/linux/issues/1
> move kernel stack to vmap area
https://github.com/KSPP/linux/issues/2
> KASLR for ARM
https://github.com/KSPP/linux/issues/3
> Protect ARM vector
https://github.com/KSPP/linux/issues/13
All four of those apply only to arm32. arm64 either has them already
(first three), or it doesn't apply (protect vector, IIUC, is
arm32-specific).
I'm not aware of anyone working on those currently, so they would be
very welcome! :)
Thanks for reaching out!
--
Kees Cook
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: contribute to KSPP
2019-11-18 17:16 ` Kees Cook
@ 2019-11-25 12:29 ` Peng Fan
0 siblings, 0 replies; 3+ messages in thread
From: Peng Fan @ 2019-11-25 12:29 UTC (permalink / raw)
To: Kees Cook; +Cc: kernel-hardening
> Subject: Re: contribute to KSPP
>
> On Thu, Nov 14, 2019 at 01:29:33AM +0000, Peng Fan wrote:
> > Hi,
>
> Hi! Welcome to the list!
>
> > I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC
> > BSP, embedded virtualization, bootloader development.
> >
> > I came across KSPP, find this is an attractive project. And would like
> > to do some contribution.
> >
> > Not sure
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkern
> >
> sec.org%2Fwiki%2Findex.php%2FKernel_Self_Protection_Project%2FWork&a
> mp
> > ;data=02%7C01%7Cpeng.fan%40nxp.com%7C7782ad728666475bb26008d7
> 6c4b09e1%
> >
> 7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6370969418477903
> 73&sd
> >
> ata=EBUM%2FyWtBoyGDjfxd0IMT9qsggxCE5gee3iqq%2FogrCU%3D&re
> served=0
> > is still up to date.
>
> I've been slowly transitioning the TODO list to a github issue tracker
> here:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F&data=02%7C01%7Cpeng.fan%40n
> xp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa9
> 2cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=eNxRzzT
> cp%2BH75%2Fd8cF%2BgJTQR0YnTFNDXU5lxg%2BWTJLQ%3D&reserved
> =0
>
> > If you have any items not owned, please share me the info. Currently I
> > am going through the kernel items, such as the following form ARM/ARM64:
> > split thread_info off to kernel stack
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F1&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=Ll3smB
> 1mFIjl49uTqE5bhVcW%2FGfZQtduysCf%2B9wja%2F4%3D&reserved=0
>
> > move kernel stack to vmap area
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F2&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=MA58H
> S7UotQfAW7BjDuD%2FcnQCnJnLNlIDvU0yPuVsOs%3D&reserved=0
>
> > KASLR for ARM
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F3&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=76EYxk
> RogOwPKnyNZzzqwdU%2Bd21vxdI6rPRN%2B5zqzkY%3D&reserved=0
>
> > Protect ARM vector
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F13&data=02%7C01%7Cpeng.fan%4
> 0nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6f
> a92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=17lmt
> wcM4DGWpNCLybY4%2Bv3uXc1pFSHkuJ%2BeV9vPDxM%3D&reserved
> =0
>
>
> All four of those apply only to arm32. arm64 either has them already (first
> three), or it doesn't apply (protect vector, IIUC, is arm32-specific).
>
> I'm not aware of anyone working on those currently, so they would be very
> welcome! :)
>
> Thanks for reaching out!
Thanks for the detailed information. I'll give a look.
Thanks,
Peng.
>
> --
> Kees Cook
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-25 14:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-14 1:29 contribute to KSPP Peng Fan
2019-11-18 17:16 ` Kees Cook
2019-11-25 12:29 ` Peng Fan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.