Kernel-hardening archive on lore.kernel.org
 help / color / Atom feed
* contribute to KSPP
@ 2019-11-14  1:29 Peng Fan
  2019-11-18 17:16 ` Kees Cook
  0 siblings, 1 reply; 3+ messages in thread
From: Peng Fan @ 2019-11-14  1:29 UTC (permalink / raw)
  To: kernel-hardening; +Cc: keescook

Hi,

I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC BSP, 
embedded virtualization, bootloader development.

I came across KSPP, find this is an attractive project. And would
like to do some contribution.

Not sure https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Work
is still up to date.

If you have any items not owned, please share me the info. Currently I am
going through the kernel items, such as the following form ARM/ARM64:
split thread_info off to kernel stack
move kernel stack to vmap area
KASLR for ARM
Protect ARM vector

Thanks,
Peng.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: contribute to KSPP
  2019-11-14  1:29 contribute to KSPP Peng Fan
@ 2019-11-18 17:16 ` Kees Cook
  2019-11-25 12:29   ` Peng Fan
  0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2019-11-18 17:16 UTC (permalink / raw)
  To: Peng Fan; +Cc: kernel-hardening

On Thu, Nov 14, 2019 at 01:29:33AM +0000, Peng Fan wrote:
> Hi,

Hi! Welcome to the list!

> I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC BSP,
> embedded virtualization, bootloader development.
> 
> I came across KSPP, find this is an attractive project. And would
> like to do some contribution.
> 
> Not sure https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Work
> is still up to date.

I've been slowly transitioning the TODO list to a github issue tracker
here:
https://github.com/KSPP/linux/issues/

> If you have any items not owned, please share me the info. Currently I am
> going through the kernel items, such as the following form ARM/ARM64:
> split thread_info off to kernel stack

https://github.com/KSPP/linux/issues/1

> move kernel stack to vmap area

https://github.com/KSPP/linux/issues/2

> KASLR for ARM

https://github.com/KSPP/linux/issues/3

> Protect ARM vector

https://github.com/KSPP/linux/issues/13


All four of those apply only to arm32. arm64 either has them already
(first three), or it doesn't apply (protect vector, IIUC, is
arm32-specific).

I'm not aware of anyone working on those currently, so they would be
very welcome! :)

Thanks for reaching out!

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: contribute to KSPP
  2019-11-18 17:16 ` Kees Cook
@ 2019-11-25 12:29   ` Peng Fan
  0 siblings, 0 replies; 3+ messages in thread
From: Peng Fan @ 2019-11-25 12:29 UTC (permalink / raw)
  To: Kees Cook; +Cc: kernel-hardening

> Subject: Re: contribute to KSPP
> 
> On Thu, Nov 14, 2019 at 01:29:33AM +0000, Peng Fan wrote:
> > Hi,
> 
> Hi! Welcome to the list!
> 
> > I work for NXP Linux Kernel team, my work are mostly ARM64/ARM SoC
> > BSP, embedded virtualization, bootloader development.
> >
> > I came across KSPP, find this is an attractive project. And would like
> > to do some contribution.
> >
> > Not sure
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkern
> >
> sec.org%2Fwiki%2Findex.php%2FKernel_Self_Protection_Project%2FWork&a
> mp
> > ;data=02%7C01%7Cpeng.fan%40nxp.com%7C7782ad728666475bb26008d7
> 6c4b09e1%
> >
> 7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6370969418477903
> 73&sd
> >
> ata=EBUM%2FyWtBoyGDjfxd0IMT9qsggxCE5gee3iqq%2FogrCU%3D&re
> served=0
> > is still up to date.
> 
> I've been slowly transitioning the TODO list to a github issue tracker
> here:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F&data=02%7C01%7Cpeng.fan%40n
> xp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa9
> 2cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=eNxRzzT
> cp%2BH75%2Fd8cF%2BgJTQR0YnTFNDXU5lxg%2BWTJLQ%3D&reserved
> =0
> 
> > If you have any items not owned, please share me the info. Currently I
> > am going through the kernel items, such as the following form ARM/ARM64:
> > split thread_info off to kernel stack
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F1&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=Ll3smB
> 1mFIjl49uTqE5bhVcW%2FGfZQtduysCf%2B9wja%2F4%3D&reserved=0
> 
> > move kernel stack to vmap area
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F2&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=MA58H
> S7UotQfAW7BjDuD%2FcnQCnJnLNlIDvU0yPuVsOs%3D&reserved=0
> 
> > KASLR for ARM
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F3&data=02%7C01%7Cpeng.fan%40
> nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6fa
> 92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=76EYxk
> RogOwPKnyNZzzqwdU%2Bd21vxdI6rPRN%2B5zqzkY%3D&reserved=0
> 
> > Protect ARM vector
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2FKSPP%2Flinux%2Fissues%2F13&data=02%7C01%7Cpeng.fan%4
> 0nxp.com%7C7782ad728666475bb26008d76c4b09e1%7C686ea1d3bc2b4c6f
> a92cd99c5c301635%7C0%7C0%7C637096941847790373&sdata=17lmt
> wcM4DGWpNCLybY4%2Bv3uXc1pFSHkuJ%2BeV9vPDxM%3D&reserved
> =0
> 
> 
> All four of those apply only to arm32. arm64 either has them already (first
> three), or it doesn't apply (protect vector, IIUC, is arm32-specific).
> 
> I'm not aware of anyone working on those currently, so they would be very
> welcome! :)
> 
> Thanks for reaching out!

Thanks for the detailed information. I'll give a look.

Thanks,
Peng.

> 
> --
> Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-14  1:29 contribute to KSPP Peng Fan
2019-11-18 17:16 ` Kees Cook
2019-11-25 12:29   ` Peng Fan

Kernel-hardening archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
		kernel-hardening@lists.openwall.com
	public-inbox-index kernel-hardening

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git