RE: contribute to KSPP

From: Peng Fan <peng.fan@nxp.com>
To: Kees Cook <keescook@chromium.org>
Cc: "kernel-hardening@lists.openwall.com"
	<kernel-hardening@lists.openwall.com>
Subject: RE: contribute to KSPP
Date: Mon, 25 Nov 2019 12:29:19 +0000	[thread overview]
Message-ID: <AM0PR04MB4481B25944FC346764E96219884A0@AM0PR04MB4481.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <201911180912.B860362F@keescook>

> Subject: Re: contribute to KSPP
> 
> On Thu, Nov 14, 2019 at 01:29:33AM +0000, Peng Fan wrote:
> > Hi,
> 
> Hi! Welcome to the list!
> 
> > I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC
> > BSP, embedded virtualization, bootloader development.
> >
> > I came across KSPP, find this is an attractive project. And would like
> > to do some contribution.
> >
> > Not sure
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkern
> >
> sec.org%2Fwiki%2Findex.php%2FKernel_Self_Protection_Project%2FWork&a
> mp
> > ;data=02%7C01%7Cpeng.fan%40nxp.com%7C7782ad728666475bb26008d7
> 6c4b09e1%
> >
> 7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6370969418477903
> 73&amp;sd
> >
> ata=EBUM%2FyWtBoyGDjfxd0IMT9qsggxCE5gee3iqq%2FogrCU%3D&amp;re
> served=0
> > is still up to date.
> 
> I've been slowly transitioning the TODO list to a github issue tracker
> here:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F&amp;data=02%7C01%7Cpeng.fan%40n
> xp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa9
> 2cd99c5c301635%7C0%7C0%7C637096941847790373&amp;sdata=eNxRzzT
> cp%2BH75%2Fd8cF%2BgJTQR0YnTFNDXU5lxg%2BWTJLQ%3D&amp;reserved
> =0
> 
> > If you have any items not owned, please share me the info. Currently I
> > am going through the kernel items, such as the following form ARM/ARM64:
> > split thread_info off to kernel stack
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F1&amp;data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&amp;sdata=Ll3smB
> 1mFIjl49uTqE5bhVcW%2FGfZQtduysCf%2B9wja%2F4%3D&amp;reserved=0
> 
> > move kernel stack to vmap area
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F2&amp;data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&amp;sdata=MA58H
> S7UotQfAW7BjDuD%2FcnQCnJnLNlIDvU0yPuVsOs%3D&amp;reserved=0
> 
> > KASLR for ARM
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F3&amp;data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&amp;sdata=76EYxk
> RogOwPKnyNZzzqwdU%2Bd21vxdI6rPRN%2B5zqzkY%3D&amp;reserved=0
> 
> > Protect ARM vector
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F13&amp;data=02%7C01%7Cpeng.fan%4
> 0nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6f
> a92cd99c5c301635%7C0%7C0%7C637096941847790373&amp;sdata=17lmt
> wcM4DGWpNCLybY4%2Bv3uXc1pFSHkuJ%2BeV9vPDxM%3D&amp;reserved
> =0
> 
> 
> All four of those apply only to arm32. arm64 either has them already (first
> three), or it doesn't apply (protect vector, IIUC, is arm32-specific).
> 
> I'm not aware of anyone working on those currently, so they would be very
> welcome! :)
> 
> Thanks for reaching out!

Thanks for the detailed information. I'll give a look.

Thanks,
Peng.

> 
> --
> Kees Cook