Gustavo Silva and Nathan Chancellor will be able to work exclusively on kernel security and associated initiatives.
Google uses a modified Linux kernel in its Android mobile operating system.
“At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, staff software engineer, Google.
A statement from the Foundation said Chancellor would work on triaging and fixing bugs found with the Clang/LLVM compilter. He has been working on the kernel for 4-1/2 years.
Two years back, he started contributing to mainline Linux under the ClangBuiltLinux project, a collaborative effort to get the kernel building with Clang and LLVM compiler tools.
“I hope that more and more people will start to use the LLVM compiler infrastructure project and contribute fixes to it and the kernel – it will go a long way towards improving Linux security for everyone,” Chancellor said.
The Foundation said Silva's work revolved around getting rid of several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, the preferred and least error-prone mechanism to declare such variable-length types.
He is also involved in fixing bugs before they come into the mainline kernel, building defences that will block whole classes of flaws.
Silva submitted his first patch in 2010 and is an active member of the Kernel Self Protection Project. He has generally been among the top five kernel developers since 2017, with more than 2000 commits in mainline and his work has beein in 27 different stable trees, all the way down to Linux v3.16. The current version of the stable kernel is 5.11.1.
“We are working towards building a high-quality kernel that is reliable, robust and more resistant to attack every time,” said Silva.
“Through these efforts, we hope people, maintainers in particular, will recognise the importance of adopting changes that will make their code less prone to common errors.”
David Wheeler, director of Open Source Supply Chain Security at the Foundation, said: “Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure.
“We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organisations who have made the Linux kernel a collaborative global success.”