Hi all,

My name is Jiayy (@chengjia4574). I am currently a security researcher in 
android and linux kernel. My researches  consist on hunting vulnerabilities
in kernel code (most of them within drivers) and doing exploits using those vulns. 
I had found more than 40 vulnerabilities which were confirmed by Android Security Team
in the past year. I also figured out some way to attack mitigation solutions of kernel 
(such as Bypass PXN). 

Those works help me get familiar with the kernel(device tree, memory management,
network , some features especially those associated with security such as 
pxn, selinux, seccomp) and ARM instruction. However, it is not enough to get 
involved in real security development in kernel. Therefore, I am looking for task 
I can accomplish to be involved into real kernel development!  Recently I found 
this project (kernel self protection) and I thought it is so interesting.

I don't know whether I can involve and  where I can begin, I am looking forward to
your response.
 

Thanks,

Jiayy

2016-10-11 5:05 GMT+08:00 Kees Cook <keescook@chromium.org>:
On Mon, Oct 10, 2016 at 9:01 AM, Colin Vidal <colin@cvidal.org> wrote:
>> This branch to be precise:
>> https://github.com/ereshetova/linux-stable/tree/hardened_atomic_on_next
>>
>> This is where the latest code for linux-next is hosted now and where
>> we work with David and Hans.
>> >
>> > >
>> > > Please contact me if you have any questions; I'd be glad to help!
>> >
>> > I actually have question. :-) As far as I understand, PAX_REFCOUNT
>> > [1] is mainly a x86-only
>>
>> >
>> > No, PAX_REFCOUNT also supports a bunch of other architectures. As
>> > far as I can tell from a quick look: ARM, MIPS, PowerPC and SPARC.
>>
>> Yes, just in our patch series we only made implementation for x86.
>> But if you look into Grsecurity/PaX patches, it has support for
>> others implemented.
>
> OK, got it! Thanks for this clarification.
>
> So, I will try to start to port PAX_REFCOUNT arm-specific features to
> hardened_atomic_on_next, and keep you in touch. Is there a deadline?
> (4.10 / 5.0 merge window?)

You may want to compare notes with Takahiro (CCed) who may have
started to look at arm64 (and maybe arm too).

As for a deadline, as Elena says, we have no specific target. ("As
soon as possible.") The only thing around timing that I like to see is
persistent progress: if a patch series goes up for review, getting
people to take a look at it, ask questions, make comments, and then
hopefully within a week or so, the next version comes up. Momentum is
easier to maintain than to build. ;)

> Just to be sure, the patch [1] and documentation [2] of PaX are still
> up-to-date, or there is another references I missed?
>
> Thanks
>
> Colin
>
> [1] https://pax.grsecurity.net/pax-linux-3.6-201210022100.patch

This is a quite old version of PaX. (Note the date.) If you want to
examine PaX separately from Grsecurity (noting differences can be
enlightening), check here:

https://www.grsecurity.net/~paxguy1/?C=M;O=D

> [2] https://forums.grsecurity.net/viewtopic.php?f=7&t=4173

Yes, outside of reading the code itself, I believe this to be the most
comprehensive piece of documentation about PAX_REFCOUNT.

-Kees

--
Kees Cook
Nexus Security