Conference note: Making C Less Dangerous in the Linux kernel - Kees Cook

In this conference discuss below topic about unsafely C usage, and how Linux kernel has remove or add  facility to detect such condition.

1. Variable Length array

• Using compiler option to Detect VLA: gcc -W vla
• Using guard page tor prevent stack overflow. VLA is needed lots of instruction compared to the fixed-size array.

2. Switch case break or non-break

• Mark all non-breaks with a “fall through” to whether programmer intent to fall through or it's a bug.
• Compiler support this feature: -Wimplicit-fallthrough

3. Arithmetic overflow detection

• Using compiler option to detection overflow in compile time
• Support different warning label: ignore or take as warring

4. Compare different API for string copy

• The safer string copy function: strscpy().

5. Safe stack - Shadow stack

• Separate the local variable stack and return address stack
• Support by hardware:
• ARM pointer authentication (Sign the return address for distinguish between a local variable and return address 

Reference :

1. Making C Less Dangerous in the Linux kernel - Kees Cook