Dealing with Uninitialized Memory in the Kernel - Alexander Potapenko, Google Forum 1 Speakers: Alexander Potapenko During the last two years, KMSAN (a detector of uses of uninitialized memory based on compiler instrumentation) has found more than a hundred bugs in the upstream kernel using fuzzing. Telling by the kernel code coverage, many more bugs still remain uncovered though (e.g. we have only scratched the surface of USB device drivers). Some of such bugs pose actual security risk, letting attackers to leak kernel data or subvert the control flow, finally executing code with elevated privileges. Given that new bugs are still being introduced every month, kernel vendors (especially those maintaining older kernels) may want to kill the whole class of uninitialized memory bugs by initializing every heap and stack allocation in the running kernel. We'll discuss the Linux 5.3 features that perform stack and heap initialization, their applicability for production use, and potential improvements.
