Linux 5.15 Readies More Code For Compile & Run-Time Detection Of Buffer Overflows

Last week a number of patches were merged in the quest to provide the kernel with comprehensive compile-time and run-time detection of buffer overflows. Another patch series was sent out today while still for this cycle they are expected to enable the compiler warnings around array-bounds and zero-length-bounds.

Kees Cook sent in the second batch of overflow updates for Linux 5.15. This latest batch has tree-wide changes to replace open-coded flex arrays in unions, replacing zero-element memcpy() destinations with flexible arrays, and a variety of other improvements to improve the Linux kernel's buffer overflow detection and trying to make it an issue of the past.

Prior to Linux 5.15-rc2, Kees still hopes to be able to submit the work to enable -Warray-bounds and -Wzero-length-bounds warnings for kernel builds.

More details on the latest overflow updates via this pull request.

When talking of buffer overflows and memory safety, of course, many like to bring up Rust... We are about through the Linux 5.15 merge window with no signs of the Rust for Linux code being ready to go for this merge window, so it looks like that initial work on introducing Rust code to the Linux kernel will be waiting for another cycle.