Upstreaming compartmentalization support

From: McKee, Derrick - 0553 - MITLL
Date: Wed Sep 18 2024 - 10:10:58 EST

My name is Derrick McKee, and I am a researcher at MIT Lincoln Laboratory.
My team and I have developed a technique that allows for adding
compartmentalization to the kernel [1], which effectively creates a
micro-kernel like separation from the monolithic design the kernel has now.
We are looking into the possibility of upstreaming our changes. Before we
spend the considerable resources needed to get the code up to the high
standards needed, we would like to see if our approach is acceptable by the

We enforce the compartment boundaries through using an LLVM compiler pass
that is currently not in the LLVM source tree. This pass analyzes data
access, and instruments the LLVM IR to mediate access to ensure that the
compartmentalized has the appropriate rights. We plan on discussing the
integration of our pass with the LLVM developers, but we do not have plans
on porting our technique to GCC. Is there an official policy regarding
compiler-specific functionality? Are compiler-specific functionality

Additionally, as part of the compartmentalization enforcement, the compiler
pass adds new functions not declared in any source file. I know C++ has not
been used in the kernel partially because it also adds code automatically.
Is such automatic code generation acceptable as well?

We look forward to hearing your responses.


Derrick McKee, Ph.D.
Group 53 - Secure Resilient Systems and Technology

Attachment: smime.p7s
Description: S/MIME cryptographic signature