Linux Kernel Hardening
My primary technical direction is Linux kernel hardening around memory safety, security-sensitive kernel objects, and low-level correctness.
I am especially interested in hardening kernel paths where small correctness issues can become reliability, denial-of-service, or security problems.
Focus areas
Security-sensitive kernel objects
- Linux credentials and
struct cred - Linux keyrings and
struct key - Object lifetime and reference counting
- Allocation behavior for high-value kernel objects
- Permission and ownership-sensitive kernel paths
Allocator hardening
- Slab allocator behavior
- Slab cache merging
- Cache isolation using
SLAB_NO_MERGE - Type confusion risk reduction
- Security-sensitive object reuse patterns
Robust kernel error handling
- Replacing unsafe or unnecessary
BUG()usage - Converting fatal paths into recoverable error returns where appropriate
- Reducing denial-of-service risk from reachable kernel paths
- Making error handling explicit and maintainable
Memory-safety instrumentation
- KASAN
- KFENCE
- UBSAN
__counted_by- Flexible array hardening
- Bounds-aware kernel code
Parser robustness
- Defensive parsing of firmware/kernel interfaces
- Payload length validation
- Parser desynchronization bugs
- Kernel driver robustness
Why this area matters
Security-sensitive kernel objects such as credentials and keys are high-value targets. Hardening their allocation, lifetime, bounds checking, and error handling reduces attack surface and improves kernel robustness.
Allocator behavior is security-relevant because slab cache merging and object reuse can affect exploitability. Parser robustness is also critical because malformed firmware or device messages can desynchronize kernel parsing logic.
Current upstream direction
My current upstream work is centered around:
security/keys- credentials
- slab cache isolation
SLAB_NO_MERGEBUG()removal from security-sensitive paths- parser hardening
- flexible array hardening
See Upstream Linux Kernel Work for public patches and mailing-list discussions.