Fun graph, but it feel incomplete to benchmark #Golang on a pure computation simple function w/o concurrency/parallelism/GC/net:
(performance/binary size from Go 1.0 to 1.22)

So there are still thousands of #Spectre v2 gadgets in the #Linux kernel.
I like the use of syzkaller just as an universal kernel coverage obtaining engine (reasonable).

git.kernel.org/pub/scm/linux/…

Excited to share our blog post with Ivan Lozano on enabling Kernel Address Sanitizer (KASan) for bare-metal targets to further harden firmware in Android and beyond security.googleblog.com/2024/03/addres…

PoC/Demo source code for enabling KASan on ARM/x86/RISC-V : github.com/androidoffsec/…

Second edition of the Carbon Copy is out!

github.com/carbon-languag…

More details over on Hachyderm: hachyderm.io/@chandlerc/112…

I just finished a vacation project: A working prototype + proposal for a new #golang profile type to break down stack memory usage by function.

Link is in the 🧵, PTAL and upvote/RT if you like it 🚀.

This might be the first stack memory profiler ... ever? 🤯

Please hit me up if you want a 15% discount voucher for the Exploiting the Linux Kernel training session at RomHack in September. I have a few, valid only until the end of this week.

proposal: Signal types for controlling struct layout #golang by @[email protected]

github.com/golang/go/issu…

Our users have found additional Android 14 QPR2 Bluetooth memory corruption bugs which so far appear to be specific to pairing recent Galaxy Watch devices with GrapheneOS. We're working on finding and fixing this as we did with the BLE audio bugs.

twitter.com/GrapheneOS/sta…

Did you know a race condition triggers UB, and it's not just a theoretical danger, even for 'benign' data races. It can cause the compiler to miscompile your program.

More powerful #golang execution traces by mknyszek

go.dev/blog/execution…

maskray.me/blog/2024-03-0… A compact relocation format for ELF

Today I spoke on the importance of Secure by Design on behalf of Google alongside Cybersecurity and Infrastructure Security Agency FDD Venable LLP & more. We also launched a paper on Google's approach to Secure by Design & published on how it can be applied to address memory safety vulns: blog.google/technology/saf…

Ever wondered whether fuzzer-generated PoCs that work for Linux upstream can actually be reproduced (with or w/o root) in real-world Linux distributions, e.g., Ubuntu? Check out our paper. Bonus: open sourced solution to automatically answer the question given a PoC.

SyzRetrospector: A Large-Scale Retrospective Study of Syzbot
arxiv.org/pdf/2401.11642…
by Zhiyun Qian Ardalan Amiri Sani
Lots of great detailed data and insights on kernel fuzzing bugs found by syzbot

Please help spread the word that #Linux #perf_tools is looking for #gsoc2024 contributors: lore.kernel.org/linux-perf-use…