contribute to KSPP

contribute to KSPP

[Peng Fan]

Hi,

I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC BSP, 
embedded virtualization, bootloader development.

I came across KSPP, find this is an attractive project. And would
like to do some contribution.

Not sure https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Work
is still up to date.

If you have any items not owned, please share me the info. Currently I am
going through the kernel items, such as the following form ARM/ARM64:
split thread_info off to kernel stack
move kernel stack to vmap area
KASLR for ARM
Protect ARM vector

Thanks,
Peng.

Re: contribute to KSPP

[Kees Cook]

On Thu, Nov 14, 2019 at 01:29:33AM +0000, Peng Fan wrote:
> Hi,

Hi! Welcome to the list!

> I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC BSP,
> embedded virtualization, bootloader development.
> 
> I came across KSPP, find this is an attractive project. And would
> like to do some contribution.
> 
> Not sure https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Work
> is still up to date.

I've been slowly transitioning the TODO list to a github issue tracker
here:
https://github.com/KSPP/linux/issues/

> If you have any items not owned, please share me the info. Currently I am
> going through the kernel items, such as the following form ARM/ARM64:
> split thread_info off to kernel stack

https://github.com/KSPP/linux/issues/1

> move kernel stack to vmap area

https://github.com/KSPP/linux/issues/2

> KASLR for ARM

https://github.com/KSPP/linux/issues/3

> Protect ARM vector

https://github.com/KSPP/linux/issues/13


All four of those apply only to arm32. arm64 either has them already
(first three), or it doesn't apply (protect vector, IIUC, is
arm32-specific).

I'm not aware of anyone working on those currently, so they would be
very welcome! :)

Thanks for reaching out!

-- 
Kees Cook

RE: contribute to KSPP

[Peng Fan]

> Subject: Re: contribute to KSPP
> 
> On Thu, Nov 14, 2019 at 01:29:33AM +0000, Peng Fan wrote:
> > Hi,
> 
> Hi! Welcome to the list!
> 
> > I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC
> > BSP, embedded virtualization, bootloader development.
> >
> > I came across KSPP, find this is an attractive project. And would like
> > to do some contribution.
> >
> > Not sure
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkern
> >
> sec.org%2Fwiki%2Findex.php%2FKernel_Self_Protection_Project%2FWork&a
> mp
> > ;data=02%7C01%7Cpeng.fan%40nxp.com%7C7782ad728666475bb26008d7
> 6c4b09e1%
> >
> 7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6370969418477903
> 73&sd
> >
> ata=EBUM%2FyWtBoyGDjfxd0IMT9qsggxCE5gee3iqq%2FogrCU%3D&re
> served=0
> > is still up to date.
> 
> I've been slowly transitioning the TODO list to a github issue tracker
> here:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F&data=02%7C01%7Cpeng.fan%40n
> xp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa9
> 2cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=eNxRzzT
> cp%2BH75%2Fd8cF%2BgJTQR0YnTFNDXU5lxg%2BWTJLQ%3D&reserved
> =0
> 
> > If you have any items not owned, please share me the info. Currently I
> > am going through the kernel items, such as the following form ARM/ARM64:
> > split thread_info off to kernel stack
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F1&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=Ll3smB
> 1mFIjl49uTqE5bhVcW%2FGfZQtduysCf%2B9wja%2F4%3D&reserved=0
> 
> > move kernel stack to vmap area
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F2&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=MA58H
> S7UotQfAW7BjDuD%2FcnQCnJnLNlIDvU0yPuVsOs%3D&reserved=0
> 
> > KASLR for ARM
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F3&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=76EYxk
> RogOwPKnyNZzzqwdU%2Bd21vxdI6rPRN%2B5zqzkY%3D&reserved=0
> 
> > Protect ARM vector
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F13&data=02%7C01%7Cpeng.fan%4
> 0nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6f
> a92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=17lmt
> wcM4DGWpNCLybY4%2Bv3uXc1pFSHkuJ%2BeV9vPDxM%3D&reserved
> =0
> 
> 
> All four of those apply only to arm32. arm64 either has them already (first
> three), or it doesn't apply (protect vector, IIUC, is arm32-specific).
> 
> I'm not aware of anyone working on those currently, so they would be very
> welcome! :)
> 
> Thanks for reaching out!

Thanks for the detailed information. I'll give a look.

Thanks,
Peng.

> 
> --
> Kees Cook