* [Self-introduction] - Paulo Almeida @ 2022-10-09 6:32 Paulo Miguel Almeida 2022-10-10 23:22 ` Kees Cook 0 siblings, 1 reply; 3+ messages in thread From: Paulo Miguel Almeida @ 2022-10-09 6:32 UTC (permalink / raw) To: kernel-hardening; +Cc: linux-hardening Hi everyone, My name is Paulo Almeida and as per the instructions listed on the KSPP page, this is my self-introduction email :) I will keep it short. - My background is in HPC and AI - I've been writing software for around 20 years now - I've written my x86-64 hobbyist OS for fun and in my spare time I've writing a MOS 6502 emulator for the same reason. - Contributing to KSPP is going to be a side project of mine that I plan to do outside of business hours... so expect a dedication of a few hours per week. Q: What topics are you interested in? A: kernel driver development, x86 & ARM hardware architecture, Math, Data structures, Rust and virtualisation. Q: What do you want to learn about? A: I see the KSPP project/initiative as a way to get exposed to pieces of code that I wouldn't normally come across which is always appreciated :) I am also aware of the calibre of developers I will be dealing with and I'm sure that I will be learning really a lot from them :) Q: What experience do you have with security, the kernel, programming, or anything else you think is important. A: I've contributed to the kernel a few times time in the past for both adding features and janitorial tasks. I took the Linux Kernel Internals (LF420) and the Linux Kernel Debugging and Security (LF44) courses by the Linux Foundation. As for other experiences, due to the fact that I wrote my hobbyist OS, I do have a decent experience with the x86/x86-64 architecture. I also spent quite sometime writing static analysis parsers.... so should those experiences help anyone or any possible future plan for the KSPP, please count on me. Thanks! Paulo Almeida ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Self-introduction] - Paulo Almeida 2022-10-09 6:32 [Self-introduction] - Paulo Almeida Paulo Miguel Almeida @ 2022-10-10 23:22 ` Kees Cook 2022-10-11 19:52 ` Paulo Miguel Almeida 0 siblings, 1 reply; 3+ messages in thread From: Kees Cook @ 2022-10-10 23:22 UTC (permalink / raw) To: Paulo Miguel Almeida; +Cc: kernel-hardening, linux-hardening, cgel.zte On Sun, Oct 09, 2022 at 07:32:38PM +1300, Paulo Miguel Almeida wrote: > My name is Paulo Almeida and as per the instructions listed on the KSPP > page, this is my self-introduction email :) Hello! Welcome to the circus. :) > I will keep it short. > > - My background is in HPC and AI > - I've been writing software for around 20 years now > - I've written my x86-64 hobbyist OS for fun and in my spare time I've > writing a MOS 6502 emulator for the same reason. Heh, nice. That made me wonder if there was a QEmu port, but it seems it hasn't been touched in a decade? https://github.com/AVEx-6502/qemu-6502 Is there a particular 6502 system you're working to emulate? > - Contributing to KSPP is going to be a side project of mine that I plan > to do outside of business hours... so expect a dedication of a few > hours per week. Excellent! We're always glad to have folks helping. > Q: What topics are you interested in? > A: kernel driver development, x86 & ARM hardware architecture, Math, Data > structures, Rust and virtualisation. > > Q: What do you want to learn about? > A: I see the KSPP project/initiative as a way to get exposed to pieces > of code that I wouldn't normally come across which is always > appreciated :) Yeah, you'll end up uncovering some really weird stuff, as you seem to have already found[1]. ;) > I am also aware of the calibre of developers I will be dealing with and > I'm sure that I will be learning really a lot from them :) One of the double-edged swords with KSPP is while you get to work with all the kernel's subsystem maintainers, you also have to work with all the kernel's subsystem maintainers. ;) You'll learn a lot, but you can also end up discovering very different requirements as you send patches. > Q: What experience do you have with security, the kernel, programming, > or anything else you think is important. > A: > I've contributed to the kernel a few times time in the past for both > adding features and janitorial tasks. Excellent! Yeah, it looks like you've been helping clean up some staging drivers[2]. I see you touched rtl8192u -- there's a lot of duplicate code spread around in the rtl* drivers. It would be interesting to see those consolidated some day. If you're interested, it may be worth asking about it on the wireless list. > I took the Linux Kernel Internals (LF420) and the Linux Kernel Debugging > and Security (LF44) courses by the Linux Foundation. Cool -- did anything stand out for you in those courses? > As for other experiences, due to the fact that I wrote my hobbyist OS, I > do have a decent experience with the x86/x86-64 architecture. I also > spent quite sometime writing static analysis parsers.... so should those > experiences help anyone or any possible future plan for the KSPP, please > count on me. Great! One area that needs some review and testing that is x86-specific is the userspace CET support[3]. That spans a wide range of from chipset all the way up through compiler, kernel, and glibc. Getting more people to try that series out and post results ("it works for me" or "I couldn't trigger the protection", etc) would be very welcome. You've already found the "remove the 1-element arrays" work, and there are plenty more like that on the issue tracker. Trying to really put an end to strlcpy[4] is ongoing[5] too, as there has been a fairly concerted effort to remove them lately: Count of "git grep strlcpy | wc -l" over recent releases: v5.17: 1535 v5.18: 1525 v5.19: 1507 v6.0: 1379 master: 544 next-20221010: 401 Thanks for introducing yourself! -Kees [1] https://lore.kernel.org/linux-hardening/Y0IsXXYnS4DnWkMW@mail.google.com/ [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=author&q=Paulo+Miguel+Almeida [3] https://lore.kernel.org/lkml/Y0IsXXYnS4DnWkMW@mail.google.com/ [4] https://github.com/KSPP/linux/issues/89 [5] https://lore.kernel.org/lkml/?q=s%3A%22use+strscpy%22 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=strlcpy -- Kees Cook ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Self-introduction] - Paulo Almeida 2022-10-10 23:22 ` Kees Cook @ 2022-10-11 19:52 ` Paulo Miguel Almeida 0 siblings, 0 replies; 3+ messages in thread From: Paulo Miguel Almeida @ 2022-10-11 19:52 UTC (permalink / raw) To: Kees Cook; +Cc: kernel-hardening, linux-hardening, cgel.zte On Mon, Oct 10, 2022 at 04:22:48PM -0700, Kees Cook wrote: > On Sun, Oct 09, 2022 at 07:32:38PM +1300, Paulo Miguel Almeida wrote: > > My name is Paulo Almeida and as per the instructions listed on the KSPP > > page, this is my self-introduction email :) > > Hello! Welcome to the circus. :) > Thanks =) > > writing a MOS 6502 emulator for the same reason. > > Heh, nice. That made me wonder if there was a QEmu port, but it seems > it hasn't been touched in a decade? > https://github.com/AVEx-6502/qemu-6502 > > Is there a particular 6502 system you're working to emulate? > Yes, there is. I am trying to emulate Ricoh 2A03 (RP2A03). That's the slightly modified 6502 CPU used in the NES system. It's a really well-documented platform so I chose that one to dip my toes in writing virtualisation-related software. > > I took the Linux Kernel Internals (LF420) and the Linux Kernel Debugging > > and Security (LF44) courses by the Linux Foundation. > > Cool -- did anything stand out for you in those courses? > I'm easily amused by debugging/instrumentation techniques and the kernel has so many of them for various specific niches. What really stood out at the time was learning how versatile ftrace can be to the point that this "debugging/tracing" utility is one of the main gears of kernel live patching. Initially it felt wrong but after wrapping my head around it, that was a very creative solution. > > As for other experiences, due to the fact that I wrote my hobbyist OS, I > > do have a decent experience with the x86/x86-64 architecture. I also > > spent quite sometime writing static analysis parsers.... so should those > > experiences help anyone or any possible future plan for the KSPP, please > > count on me. > > Great! One area that needs some review and testing that is x86-specific > is the userspace CET support[3]. That spans a wide range of from chipset > all the way up through compiler, kernel, and glibc. Getting more people > to try that series out and post results ("it works for me" or "I > couldn't trigger the protection", etc) would be very welcome. > That sounds like it's my cup of tea :) I just finished reading the Intel CET paper, it's an interesting approach with lots of things to be tested. Thanks for the recommendation, I will get involved with that. > You've already found the "remove the 1-element arrays" work, and there > are plenty more like that on the issue tracker. Trying to really put an > end to strlcpy[4] is ongoing[5] too, as there has been a fairly > concerted effort to remove them lately: > > Count of "git grep strlcpy | wc -l" over recent releases: > > v5.17: 1535 > v5.18: 1525 > v5.19: 1507 > v6.0: 1379 > master: 544 > next-20221010: 401 > Fingers crossed! I saw many patches for the strlcpy replacement so you seem to be well covered for that... I will continue with the one-element array changes and try to get involved with the support for Intel CET =) Thanks for all the suggestions Kees! Paulo A. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-11 20:04 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-10-09 6:32 [Self-introduction] - Paulo Almeida Paulo Miguel Almeida 2022-10-10 23:22 ` Kees Cook 2022-10-11 19:52 ` Paulo Miguel Almeida
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).