Kernel Hardening

Date Index

[PATCH v10 0/9] Count rlimits in each user namespace, Alexey Gladkov
- [PATCH v10 1/9] Increase size of ucounts to atomic_long_t, Alexey Gladkov
- [PATCH v10 2/9] Add a reference to ucounts for each cred, Alexey Gladkov
- [PATCH v10 3/9] Use atomic_t for ucounts reference counting, Alexey Gladkov
- [PATCH v10 4/9] Reimplement RLIMIT_NPROC on top of ucounts, Alexey Gladkov
- [PATCH v10 5/9] Reimplement RLIMIT_MSGQUEUE on top of ucounts, Alexey Gladkov
- [PATCH v10 6/9] Reimplement RLIMIT_SIGPENDING on top of ucounts, Alexey Gladkov
  - 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, kernel test robot
    - Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Linus Torvalds
      - Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Alexey Gladkov
      - Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Eric W. Biederman
        
        Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Alexey Gladkov
        
        Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Oliver Sang
        
        Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Alexey Gladkov
        
        Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Oliver Sang
        
        Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Alexey Gladkov
        
        Re: 08ed4efad6: stress-ng.sigsegv.ops_per_sec -41.9% regression, Oliver Sang
- [PATCH v10 7/9] Reimplement RLIMIT_MEMLOCK on top of ucounts, Alexey Gladkov
  - Re: [PATCH v10 7/9] Reimplement RLIMIT_MEMLOCK on top of ucounts, kernel test robot
- [PATCH v10 8/9] kselftests: Add test to check for rlimit changes in different user namespaces, Alexey Gladkov
- [PATCH v10 9/9] ucounts: Set ucount_max to the largest positive value the type can hold, Alexey Gladkov
[PATCH v33 00/12] Landlock LSM, Mickaël Salaün
- [PATCH v33 01/12] landlock: Add object management, Mickaël Salaün
- [PATCH v33 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
- [PATCH v33 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [PATCH v33 04/12] landlock: Add ptrace restrictions, Mickaël Salaün
- [PATCH v33 05/12] LSM: Infrastructure management of the superblock, Mickaël Salaün
- [PATCH v33 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
- [PATCH v33 07/12] landlock: Support filesystem access-control, Mickaël Salaün
  - Re: [PATCH v33 07/12] landlock: Support filesystem access-control, James Morris
- [PATCH v33 08/12] landlock: Add syscall implementations, Mickaël Salaün
- [PATCH v33 09/12] arch: Wire up Landlock syscalls, Mickaël Salaün
- [PATCH v33 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
- [PATCH v33 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [PATCH v33 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
- Re: [PATCH v33 00/12] Landlock LSM, James Morris
  - Re: [PATCH v33 00/12] Landlock LSM, Casey Schaufler
[PATCH v10 0/6] Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v10 4/6] x86/entry: Enable random_kstack_offset support, Kees Cook
- [PATCH v10 1/6] jump_label: Provide CONFIG-driven build state defaults, Kees Cook
- [PATCH v10 2/6] init_on_alloc: Optimize static branches, Kees Cook
- [PATCH v10 5/6] arm64: entry: Enable random_kstack_offset support, Kees Cook
  - Re: [PATCH v10 5/6] arm64: entry: Enable random_kstack_offset support, Will Deacon
- [PATCH v10 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
  - Re: [PATCH v10 3/6] stack: Optionally randomize kernel stack offset each syscall, Will Deacon
- [PATCH v10 6/6] lkdtm: Add REPORT_STACK for checking stack offsets, Kees Cook
[PATCH v32 00/12] Landlock LSM, Mickaël Salaün
- [PATCH v32 01/12] landlock: Add object management, Mickaël Salaün
- [PATCH v32 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
- [PATCH v32 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [PATCH v32 04/12] landlock: Add ptrace restrictions, Mickaël Salaün
- [PATCH v32 05/12] LSM: Infrastructure management of the superblock, Mickaël Salaün
- [PATCH v32 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
- [PATCH v32 07/12] landlock: Support filesystem access-control, Mickaël Salaün
- [PATCH v32 08/12] landlock: Add syscall implementations, Mickaël Salaün
- [PATCH v32 09/12] arch: Wire up Landlock syscalls, Mickaël Salaün
- [PATCH v32 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
- [PATCH v32 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [PATCH v32 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
[PATCH v9 0/6] Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v9 2/6] init_on_alloc: Optimize static branches, Kees Cook
- [PATCH v9 4/6] x86/entry: Enable random_kstack_offset support, Kees Cook
- [PATCH v9 1/6] jump_label: Provide CONFIG-driven build state defaults, Kees Cook
- [PATCH v9 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v9 6/6] lkdtm: Add REPORT_STACK for checking stack offsets, Kees Cook
- [PATCH v9 5/6] arm64: entry: Enable random_kstack_offset support, Kees Cook
- Re: [PATCH v9 0/6] Optionally randomize kernel stack offset each syscall, Will Deacon
  - Re: [PATCH v9 0/6] Optionally randomize kernel stack offset each syscall, Thomas Gleixner
[PATCH v8 0/6] Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v8 1/6] jump_label: Provide CONFIG-driven build state defaults, Kees Cook
- [PATCH v8 2/6] init_on_alloc: Optimize static branches, Kees Cook
- [PATCH v8 4/6] x86/entry: Enable random_kstack_offset support, Kees Cook
  - Re: [PATCH v8 4/6] x86/entry: Enable random_kstack_offset support, Thomas Gleixner
- [PATCH v8 6/6] lkdtm: Add REPORT_STACK for checking stack offsets, Kees Cook
- [PATCH v8 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
  - Re: [PATCH v8 3/6] stack: Optionally randomize kernel stack offset each syscall, Thomas Gleixner
    - Re: [PATCH v8 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
      - Re: [PATCH v8 3/6] stack: Optionally randomize kernel stack offset each syscall, Thomas Gleixner
        
        Re: [PATCH v8 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
  - Re: [PATCH v8 3/6] stack: Optionally randomize kernel stack offset each syscall, Will Deacon
    - RE: [PATCH v8 3/6] stack: Optionally randomize kernel stack offset each syscall, David Laight
      - Re: [PATCH v8 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v8 5/6] arm64: entry: Enable random_kstack_offset support, Kees Cook
- [PATCH] Where we are for this patch?, Roy Yang
  - Re: [PATCH] Where we are for this patch?, Al Viro
    - Re: [PATCH] Where we are for this patch?, Theodore Ts'o
  - Re: [PATCH v8 0/6] Optionally randomize kernel stack offset each syscall, Kees Cook
- <Possible follow-ups>
- [PATCH v8 0/6] Optionally randomize kernel stack offset each syscall, Roy Yang
  - Re: [PATCH v8 0/6] Optionally randomize kernel stack offset each syscall, Theodore Ts'o
two potential randstruct improvements, Jann Horn
- Re: two potential randstruct improvements, Vegard Nossum
- Re: two potential randstruct improvements, Kees Cook
Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Askar Safin
- Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
[PATCH v31 00/12] Landlock LSM, Mickaël Salaün
- [PATCH v31 01/12] landlock: Add object management, Mickaël Salaün
  - Re: [PATCH v31 01/12] landlock: Add object management, Mickaël Salaün
- [PATCH v31 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
- [PATCH v31 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [PATCH v31 04/12] landlock: Add ptrace restrictions, Mickaël Salaün
- [PATCH v31 05/12] LSM: Infrastructure management of the superblock, Mickaël Salaün
- [PATCH v31 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
- [PATCH v31 07/12] landlock: Support filesystem access-control, Mickaël Salaün
  - Re: [PATCH v31 07/12] landlock: Support filesystem access-control, Mickaël Salaün
    - Re: [PATCH v31 07/12] landlock: Support filesystem access-control, Kees Cook
    - Re: [PATCH v31 07/12] landlock: Support filesystem access-control, Al Viro
      - Re: [PATCH v31 07/12] landlock: Support filesystem access-control, Mickaël Salaün
- [PATCH v31 08/12] landlock: Add syscall implementations, Mickaël Salaün
- [PATCH v31 09/12] arch: Wire up Landlock syscalls, Mickaël Salaün
- [PATCH v31 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
  - Re: [PATCH v31 10/12] selftests/landlock: Add user space tests, Kees Cook
- [PATCH v31 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [PATCH v31 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
  - Re: [PATCH v31 12/12] landlock: Add user and kernel documentation, Kees Cook
[PATCH v9 0/8] Count rlimits in each user namespace, Alexey Gladkov
- [PATCH v9 1/8] Increase size of ucounts to atomic_long_t, Alexey Gladkov
- [PATCH v9 2/8] Add a reference to ucounts for each cred, Alexey Gladkov
- [PATCH v9 3/8] Use atomic_t for ucounts reference counting, Alexey Gladkov
  - Re: [PATCH v9 3/8] Use atomic_t for ucounts reference counting, Eric W. Biederman
- [PATCH v9 4/8] Reimplement RLIMIT_NPROC on top of ucounts, Alexey Gladkov
  - Re: [PATCH v9 4/8] Reimplement RLIMIT_NPROC on top of ucounts, Eric W. Biederman
    - Re: [PATCH v9 4/8] Reimplement RLIMIT_NPROC on top of ucounts, Alexey Gladkov
      - Re: [PATCH v9 4/8] Reimplement RLIMIT_NPROC on top of ucounts, Eric W. Biederman
- [PATCH v9 6/8] Reimplement RLIMIT_SIGPENDING on top of ucounts, Alexey Gladkov
  - Re: [PATCH v9 6/8] Reimplement RLIMIT_SIGPENDING on top of ucounts, Eric W. Biederman
- [PATCH v9 5/8] Reimplement RLIMIT_MSGQUEUE on top of ucounts, Alexey Gladkov
- [PATCH v9 8/8] kselftests: Add test to check for rlimit changes in different user namespaces, Alexey Gladkov
- [PATCH v9 7/8] Reimplement RLIMIT_MEMLOCK on top of ucounts, Alexey Gladkov
- Re: [PATCH v9 0/8] Count rlimits in each user namespace, Eric W. Biederman
[PATCH v7 0/6] Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v7 2/6] init_on_alloc: Optimize static branches, Kees Cook
- [PATCH v7 1/6] jump_label: Provide CONFIG-driven build state defaults, Kees Cook
- [PATCH v7 4/6] x86/entry: Enable random_kstack_offset support, Kees Cook
  - Re: [PATCH v7 4/6] x86/entry: Enable random_kstack_offset support, Ingo Molnar
    - Re: [PATCH v7 4/6] x86/entry: Enable random_kstack_offset support, Kees Cook
  - Re: [PATCH v7 4/6] x86/entry: Enable random_kstack_offset support, Thomas Gleixner
    - Re: [PATCH v7 4/6] x86/entry: Enable random_kstack_offset support, Kees Cook
- [PATCH v7 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
  - Re: [PATCH v7 3/6] stack: Optionally randomize kernel stack offset each syscall, Thomas Gleixner
    - Re: [PATCH v7 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v7 5/6] arm64: entry: Enable random_kstack_offset support, Kees Cook
  - Re: [PATCH v7 5/6] arm64: entry: Enable random_kstack_offset support, Will Deacon
- [PATCH v7 6/6] lkdtm: Add REPORT_STACK for checking stack offsets, Kees Cook
[PATCH v30 00/12] Landlock LSM, Mickaël Salaün
- [PATCH v30 01/12] landlock: Add object management, Mickaël Salaün
  - Re: [PATCH v30 01/12] landlock: Add object management, Kees Cook
    - Re: [PATCH v30 01/12] landlock: Add object management, Mickaël Salaün
- [PATCH v30 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
  - Re: [PATCH v30 02/12] landlock: Add ruleset and domain management, Kees Cook
    - Re: [PATCH v30 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
      - Re: [PATCH v30 02/12] landlock: Add ruleset and domain management, Kees Cook
      - Re: [PATCH v30 02/12] landlock: Add ruleset and domain management, James Morris
        
        Re: [PATCH v30 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
  - Re: [PATCH v30 02/12] landlock: Add ruleset and domain management, Jann Horn
- [PATCH v30 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
  - Re: [PATCH v30 03/12] landlock: Set up the security framework and manage credentials, Kees Cook
    - Re: [PATCH v30 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [PATCH v30 04/12] landlock: Add ptrace restrictions, Mickaël Salaün
  - Re: [PATCH v30 04/12] landlock: Add ptrace restrictions, Kees Cook
- [PATCH v30 05/12] LSM: Infrastructure management of the superblock, Mickaël Salaün
  - Re: [PATCH v30 05/12] LSM: Infrastructure management of the superblock, Kees Cook
- [PATCH v30 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
  - Re: [PATCH v30 06/12] fs,security: Add sb_delete hook, Kees Cook
- [PATCH v30 07/12] landlock: Support filesystem access-control, Mickaël Salaün
  - Re: [PATCH v30 07/12] landlock: Support filesystem access-control, James Morris
  - Re: [PATCH v30 07/12] landlock: Support filesystem access-control, Kees Cook
    - Re: [PATCH v30 07/12] landlock: Support filesystem access-control, Mickaël Salaün
      - Re: [PATCH v30 07/12] landlock: Support filesystem access-control, Mickaël Salaün
  - Re: [PATCH v30 07/12] landlock: Support filesystem access-control, Jann Horn
    - Re: [PATCH v30 07/12] landlock: Support filesystem access-control, Mickaël Salaün
      - Re: [PATCH v30 07/12] landlock: Support filesystem access-control, Jann Horn
        
        Re: [PATCH v30 07/12] landlock: Support filesystem access-control, Mickaël Salaün
        
        Re: [PATCH v30 07/12] landlock: Support filesystem access-control, Jann Horn
- [PATCH v30 08/12] landlock: Add syscall implementations, Mickaël Salaün
  - Re: [PATCH v30 08/12] landlock: Add syscall implementations, Kees Cook
    - Re: [PATCH v30 08/12] landlock: Add syscall implementations, Mickaël Salaün
      - Re: [PATCH v30 08/12] landlock: Add syscall implementations, Mickaël Salaün
- [PATCH v30 09/12] arch: Wire up Landlock syscalls, Mickaël Salaün
- [PATCH v30 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
  - Re: [PATCH v30 10/12] selftests/landlock: Add user space tests, Kees Cook
    - Re: [PATCH v30 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
      - Re: [PATCH v30 10/12] selftests/landlock: Add user space tests, Kees Cook
        
        Re: [PATCH v30 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
- [PATCH v30 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
  - Re: [PATCH v30 11/12] samples/landlock: Add a sandbox manager example, Kees Cook
- [PATCH v30 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
  - Re: [PATCH v30 12/12] landlock: Add user and kernel documentation, Kees Cook
    - Re: [PATCH v30 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
      - Re: [PATCH v30 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
      - Re: [PATCH v30 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
- Re: [PATCH v30 00/12] Landlock LSM, James Morris
  - Re: [PATCH v30 00/12] Landlock LSM, Mickaël Salaün
[PATCH v5 0/1] Unprivileged chroot, Mickaël Salaün
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
  - Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
    - Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Casey Schaufler
      - Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
        
        Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Casey Schaufler
        
        Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Casey Schaufler
        
        Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
        
        Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Casey Schaufler
        
        Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Kees Cook
        
        Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2), Al Viro
[PATCH v4 0/1] Unprivileged chroot, Mickaël Salaün
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
  - Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2), Kees Cook
  - Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2), Jann Horn
    - Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2), Kees Cook
      - Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
    - Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
      - Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2), Jann Horn
        
        Re: [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
[PATCH v6 0/6] Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v6 1/6] jump_label: Provide CONFIG-driven build state defaults, Kees Cook
- [PATCH v6 2/6] init_on_alloc: Optimize static branches, Kees Cook
  - Re: [PATCH v6 2/6] init_on_alloc: Optimize static branches, Kees Cook
  - Re: [PATCH v6 2/6] init_on_alloc: Optimize static branches, Vlastimil Babka
- [PATCH v6 4/6] x86/entry: Enable random_kstack_offset support, Kees Cook
- [PATCH v6 3/6] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v6 5/6] arm64: entry: Enable random_kstack_offset support, Kees Cook
- [PATCH v6 6/6] lkdtm: Add REPORT_STACK for checking stack offsets, Kees Cook
[PATCH v3 0/1] Unprivileged chroot, Mickaël Salaün
- [PATCH v3 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
  - Re: [PATCH v3 1/1] fs: Allow no_new_privs tasks to call chroot(2), Kees Cook
    - Re: [PATCH v3 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
[PATCH v2 0/1] Unprivileged chroot, Mickaël Salaün
- [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
  - Re: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2), Eric W. Biederman
    - Re: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2), Jann Horn
      - Re: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
    - RE: [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2), David Laight
[PATCH v1 0/1] Unprivileged chroot, Mickaël Salaün
- [PATCH v1 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
  - Re: [PATCH v1 1/1] fs: Allow no_new_privs tasks to call chroot(2), Eric W. Biederman
    - Re: [PATCH v1 1/1] fs: Allow no_new_privs tasks to call chroot(2), Mickaël Salaün
- Re: [PATCH v1 0/1] Unprivileged chroot, Casey Schaufler
  - Re: [PATCH v1 0/1] Unprivileged chroot, Mickaël Salaün
    - Re: [PATCH v1 0/1] Unprivileged chroot, Casey Schaufler
      - Re: [PATCH v1 0/1] Unprivileged chroot, Mickaël Salaün
[PATCH v8 0/8] Count rlimits in each user namespace, Alexey Gladkov
- [PATCH v8 1/8] Increase size of ucounts to atomic_long_t, Alexey Gladkov
- [PATCH v8 2/8] Add a reference to ucounts for each cred, Alexey Gladkov
- [PATCH v8 3/8] Use atomic_t for ucounts reference counting, Alexey Gladkov
  - Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting, Linus Torvalds
  - Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting, Kees Cook
    - Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting, Linus Torvalds
      - Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting, Kees Cook
        
        Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting, Linus Torvalds
        
        Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting, Kees Cook
- [PATCH v8 4/8] Reimplement RLIMIT_NPROC on top of ucounts, Alexey Gladkov
- [PATCH v8 5/8] Reimplement RLIMIT_MSGQUEUE on top of ucounts, Alexey Gladkov
- [PATCH v8 6/8] Reimplement RLIMIT_SIGPENDING on top of ucounts, Alexey Gladkov
- [PATCH v8 7/8] Reimplement RLIMIT_MEMLOCK on top of ucounts, Alexey Gladkov
- [PATCH v8 8/8] kselftests: Add test to check for rlimit changes in different user namespaces, Alexey Gladkov
[PATCH v5 0/7] Optionally randomize kernel stack offset each syscall, Kees Cook
- [PATCH v5 1/7] mm: Restore init_on_* static branch defaults, Kees Cook
  - Re: [PATCH v5 1/7] mm: Restore init_on_* static branch defaults, Andrew Morton
    - Re: [PATCH v5 1/7] mm: Restore init_on_* static branch defaults, Kees Cook
- [PATCH v5 3/7] init_on_alloc: Unpessimize default-on builds, Kees Cook
  - Re: [PATCH v5 3/7] init_on_alloc: Unpessimize default-on builds, Andrey Konovalov
    - Re: [PATCH v5 3/7] init_on_alloc: Unpessimize default-on builds, Kees Cook
- [PATCH v5 2/7] jump_label: Provide CONFIG-driven build state defaults, Kees Cook
- [PATCH v5 5/7] x86/entry: Enable random_kstack_offset support, Kees Cook
- [PATCH v5 6/7] arm64: entry: Enable random_kstack_offset support, Kees Cook
- [PATCH v5 7/7] lkdtm: Add REPORT_STACK for checking stack offsets, Kees Cook
- [PATCH v5 4/7] stack: Optionally randomize kernel stack offset each syscall, Kees Cook
[PATCH v6 0/8] Fork brute force attack mitigation, John Wood
- [PATCH v6 1/8] security: Add LSM hook at the point where a task gets a fatal signal, John Wood
  - Re: [PATCH v6 1/8] security: Add LSM hook at the point where a task gets a fatal signal, Kees Cook
- [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data, John Wood
  - Re: [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data, Kees Cook
    - Re: [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data, John Wood
      - Re: [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data, Kees Cook
- [PATCH v6 3/8] securtiy/brute: Detect a brute force attack, John Wood
  - Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack, Kees Cook
    - Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack, John Wood
      - Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack, Kees Cook
    - Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack, John Wood
      - Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack, Kees Cook
        
        Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack, John Wood
- [PATCH v6 4/8] security/brute: Fine tuning the attack detection, John Wood
  - Re: [PATCH v6 4/8] security/brute: Fine tuning the attack detection, Kees Cook
    - Re: [PATCH v6 4/8] security/brute: Fine tuning the attack detection, John Wood
      - Re: [PATCH v6 4/8] security/brute: Fine tuning the attack detection, Kees Cook
- [PATCH v6 5/8] security/brute: Mitigate a brute force attack, John Wood
  - Re: [PATCH v6 5/8] security/brute: Mitigate a brute force attack, Kees Cook
    - Re: [PATCH v6 5/8] security/brute: Mitigate a brute force attack, John Wood
      - Re: [PATCH v6 5/8] security/brute: Mitigate a brute force attack, Kees Cook
- [PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM, John Wood
  - Re: [PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM, Kees Cook
    - Re: [PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM, John Wood
- [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM, John Wood
  - Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM, Kees Cook
    - Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM, John Wood
  - Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM, Jonathan Corbet
    - Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM, John Wood
- [PATCH v6 8/8] MAINTAINERS: Add a new entry for the Brute LSM, John Wood
[PATCH v5 0/8] Fork brute force attack mitigation, John Wood
- [PATCH v5 1/8] security: Add LSM hook at the point where a task gets a fatal signal, John Wood
- [PATCH v5 2/8] security/brute: Define a LSM and manage statistical data, John Wood
  - [security/brute] cfe92ab6a3: WARNING:inconsistent_lock_state, kernel test robot
    - Re: [security/brute] cfe92ab6a3: WARNING:inconsistent_lock_state, John Wood
- [PATCH v5 3/8] securtiy/brute: Detect a brute force attack, John Wood
- [PATCH v5 4/8] security/brute: Fine tuning the attack detection, John Wood
- [PATCH v5 5/8] security/brute: Mitigate a brute force attack, John Wood
  - Re: [PATCH v5 5/8] security/brute: Mitigate a brute force attack, peter enderborg
    - Re: [PATCH v5 5/8] security/brute: Mitigate a brute force attack, John Wood
- [PATCH v5 6/8] selftests/brute: Add tests for the Brute LSM, John Wood
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, John Wood
  - Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, Andi Kleen
    - Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, John Wood
      - Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, Andi Kleen
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, John Wood
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, Andi Kleen
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, John Wood
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, Andi Kleen
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, John Wood
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, John Wood
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, Andi Kleen
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, John Wood
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, Andi Kleen
        
        Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM, John Wood
- [PATCH v5 8/8] MAINTAINERS: Add a new entry for the Brute LSM, John Wood
- Re: [PATCH v5 0/8] Fork brute force attack mitigation, John Wood
[PATCH v4 0/8] Fork brute force attack mitigation, John Wood
- Re: [PATCH v4 0/8] Fork brute force attack mitigation, John Wood
[PATCH v29 00/12] Landlock LSM, Mickaël Salaün
- [PATCH v29 01/12] landlock: Add object management, Mickaël Salaün
- [PATCH v29 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
- [PATCH v29 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [PATCH v29 04/12] landlock: Add ptrace restrictions, Mickaël Salaün
- [PATCH v29 05/12] LSM: Infrastructure management of the superblock, Mickaël Salaün
- [PATCH v29 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
- [PATCH v29 07/12] landlock: Support filesystem access-control, Mickaël Salaün
- [PATCH v29 08/12] landlock: Add syscall implementations, Mickaël Salaün
- [PATCH v29 09/12] arch: Wire up Landlock syscalls, Mickaël Salaün
- [PATCH v29 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
- [PATCH v29 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [PATCH v29 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
[PATCH v1 1/1] Kernel Config to make randomize_va_space read-only., Lan Zheng (lanzheng)
- Re: [PATCH v1 1/1] Kernel Config to make randomize_va_space read-only., Greg KH
- <Possible follow-ups>
- [PATCH v1 1/1] Kernel Config to make randomize_va_space read-only., Lan Zheng (lanzheng)
  - Re: [PATCH v1 1/1] Kernel Config to make randomize_va_space read-only., Greg KH
[PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy, Romain Perier
- [PATCH 01/20] cgroup: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 01/20] cgroup: Manual replacement of the deprecated strlcpy() with return values, Michal Koutný
    - Re: [PATCH 01/20] cgroup: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 02/20] crypto: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 02/20] crypto: Manual replacement of the deprecated strlcpy() with return values, Herbert Xu
    - Re: [PATCH 02/20] crypto: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 03/20] devlink: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 03/20] devlink: Manual replacement of the deprecated strlcpy() with return values, Jakub Kicinski
- [PATCH 04/20] dma-buf: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 05/20] kobject: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 06/20] ima: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 06/20] ima: Manual replacement of the deprecated strlcpy() with return values, Mimi Zohar
- [PATCH 07/20] SUNRPC: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 07/20] SUNRPC: Manual replacement of the deprecated strlcpy() with return values, Chuck Lever
    - Re: [PATCH 07/20] SUNRPC: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 08/20] kernfs: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 09/20] m68k/atari: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 10/20] module: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 11/20] hwmon: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 11/20] hwmon: Manual replacement of the deprecated strlcpy() with return values, Guenter Roeck
    - Re: [PATCH 11/20] hwmon: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
    - Re: [PATCH 11/20] hwmon: Manual replacement of the deprecated strlcpy() with return values, Joe Perches
- [PATCH 12/20] s390/hmcdrv: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 13/20] scsi: zfcp: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 13/20] scsi: zfcp: Manual replacement of the deprecated strlcpy() with return values, Benjamin Block
- [PATCH 14/20] target: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 14/20] target: Manual replacement of the deprecated strlcpy() with return values, Bodo Stroesser
  - Re: [PATCH 14/20] target: Manual replacement of the deprecated strlcpy() with return values, kernel test robot
- [PATCH 15/20] ALSA: usb-audio: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 15/20] ALSA: usb-audio: Manual replacement of the deprecated strlcpy() with return values, Takashi Iwai
- [PATCH 16/20] tracing/probe: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 16/20] tracing/probe: Manual replacement of the deprecated strlcpy() with return values, Steven Rostedt
    - Re: [PATCH 16/20] tracing/probe: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 17/20] vt: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 17/20] vt: Manual replacement of the deprecated strlcpy() with return values, Jiri Slaby
    - Re: [PATCH 17/20] vt: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 18/20] usb: gadget: f_midi: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PATCH 19/20] usbip: usbip_host: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 19/20] usbip: usbip_host: Manual replacement of the deprecated strlcpy() with return values, Shuah Khan
  - Re: [PATCH 19/20] usbip: usbip_host: Manual replacement of the deprecated strlcpy() with return values, Sergei Shtylyov
  - Re: [PATCH 19/20] usbip: usbip_host: Manual replacement of the deprecated strlcpy() with return values, Andy Shevchenko
- [PATCH 20/20] s390/watchdog: Manual replacement of the deprecated strlcpy() with return values, Romain Perier
  - Re: [PATCH 20/20] s390/watchdog: Manual replacement of the deprecated strlcpy() with return values, Guenter Roeck
- Re: [PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy, Shuah Khan
  - Re: [PATCH 00/20] Manual replacement of all strlcpy in favor of strscpy, Romain Perier
[PATCH v7 0/7] Count rlimits in each user namespace, Alexey Gladkov
- [PATCH v7 1/7] Increase size of ucounts to atomic_long_t, Alexey Gladkov
- [PATCH v7 2/7] Add a reference to ucounts for each cred, Alexey Gladkov
  - e1e57d56fe: stress-ng.access.ops_per_sec -41.6% regression, kernel test robot
- [PATCH v7 3/7] Reimplement RLIMIT_NPROC on top of ucounts, Alexey Gladkov
- [PATCH v7 4/7] Reimplement RLIMIT_MSGQUEUE on top of ucounts, Alexey Gladkov
- [PATCH v7 5/7] Reimplement RLIMIT_SIGPENDING on top of ucounts, Alexey Gladkov
  - d28296d248: stress-ng.sigsegv.ops_per_sec -82.7% regression, kernel test robot
    - Re: d28296d248: stress-ng.sigsegv.ops_per_sec -82.7% regression, Eric W. Biederman
      - Re: d28296d248: stress-ng.sigsegv.ops_per_sec -82.7% regression, Alexey Gladkov
        
        Re: d28296d248: stress-ng.sigsegv.ops_per_sec -82.7% regression, Eric W. Biederman
        
        Re: d28296d248: stress-ng.sigsegv.ops_per_sec -82.7% regression, Alexey Gladkov
        
        Re: d28296d248: stress-ng.sigsegv.ops_per_sec -82.7% regression, Eric W. Biederman
        
        Re: d28296d248: stress-ng.sigsegv.ops_per_sec -82.7% regression, Linus Torvalds
- [PATCH v7 6/7] Reimplement RLIMIT_MEMLOCK on top of ucounts, Alexey Gladkov
  - 5b5c35b757: BUG:KASAN:use-after-free_in_dec_rlimit_ucounts, kernel test robot
- [PATCH v7 7/7] kselftests: Add test to check for rlimit changes in different user namespaces, Alexey Gladkov
[PATCH v6 0/7] Count rlimits in each user namespace, Alexey Gladkov
- [PATCH v6 1/7] Increase size of ucounts to atomic_long_t, Alexey Gladkov
- [PATCH v6 2/7] Add a reference to ucounts for each cred, Alexey Gladkov
- [PATCH v6 3/7] Reimplement RLIMIT_NPROC on top of ucounts, Alexey Gladkov
  - Re: [PATCH v6 3/7] Reimplement RLIMIT_NPROC on top of ucounts, Jens Axboe
    - Re: [PATCH v6 3/7] Reimplement RLIMIT_NPROC on top of ucounts, Alexey Gladkov
      - Re: [PATCH v6 3/7] Reimplement RLIMIT_NPROC on top of ucounts, Jens Axboe
- [PATCH v6 4/7] Reimplement RLIMIT_MSGQUEUE on top of ucounts, Alexey Gladkov
- [PATCH v6 5/7] Reimplement RLIMIT_SIGPENDING on top of ucounts, Alexey Gladkov
- [PATCH v6 7/7] kselftests: Add test to check for rlimit changes in different user namespaces, Alexey Gladkov
- [PATCH v6 6/7] Reimplement RLIMIT_MEMLOCK on top of ucounts, Alexey Gladkov
  - Re: [PATCH v6 6/7] Reimplement RLIMIT_MEMLOCK on top of ucounts, kernel test robot
  - Re: [PATCH v6 6/7] Reimplement RLIMIT_MEMLOCK on top of ucounts, kernel test robot
  - [PATCH v7 6/7] Reimplement RLIMIT_MEMLOCK on top of ucounts, Alexey Gladkov
  - f009495a8d: BUG:KASAN:use-after-free_in_user_shm_unlock, kernel test robot
- Re: [PATCH v6 0/7] Count rlimits in each user namespace, Linus Torvalds
  - Re: [PATCH v6 0/7] Count rlimits in each user namespace, Alexey Gladkov
  - Re: [PATCH v6 0/7] Count rlimits in each user namespace, Eric W. Biederman
Fine-grained Forward CFI on top of Intel CET / IBT, Joao Moreira
- Re: Fine-grained Forward CFI on top of Intel CET / IBT, Kees Cook
  - Re: Fine-grained Forward CFI on top of Intel CET / IBT, Joao Moreira
    - Re: Fine-grained Forward CFI on top of Intel CET / IBT, Joao Moreira
[ANNOUNCE][CFP] Linux Security Summit 2021, James Morris
- Re: [ANNOUNCE][CFP] Linux Security Summit 2021, James Morris
  - Re: [ANNOUNCE][CFP] Linux Security Summit 2021, James Morris
    - Re: [ANNOUNCE][CFP] Linux Security Summit 2021, James Morris
Joining the general Linux kernel hardening mailing list, Guy L
[PATCH v28 00/12] Landlock LSM, Mickaël Salaün
- [PATCH v28 01/12] landlock: Add object management, Mickaël Salaün
  - Re: [PATCH v28 01/12] landlock: Add object management, Serge E. Hallyn
    - Re: [PATCH v28 01/12] landlock: Add object management, Mickaël Salaün
- [PATCH v28 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
  - Re: [PATCH v28 02/12] landlock: Add ruleset and domain management, Serge E. Hallyn
- [PATCH v28 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
  - Re: [PATCH v28 03/12] landlock: Set up the security framework and manage credentials, Serge E. Hallyn
- [PATCH v28 04/12] landlock: Add ptrace restrictions, Mickaël Salaün
  - Re: [PATCH v28 04/12] landlock: Add ptrace restrictions, Serge E. Hallyn
- [PATCH v28 05/12] LSM: Infrastructure management of the superblock, Mickaël Salaün
  - Re: [PATCH v28 05/12] LSM: Infrastructure management of the superblock, Serge E. Hallyn
    - Re: [PATCH v28 05/12] LSM: Infrastructure management of the superblock, Casey Schaufler
    - Re: [PATCH v28 05/12] LSM: Infrastructure management of the superblock, Casey Schaufler
- [PATCH v28 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
  - Re: [PATCH v28 06/12] fs,security: Add sb_delete hook, Serge E. Hallyn
    - Re: [PATCH v28 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
      - Re: [PATCH v28 06/12] fs,security: Add sb_delete hook, Serge E. Hallyn
- [PATCH v28 07/12] landlock: Support filesystem access-control, Mickaël Salaün
  - Re: [PATCH v28 07/12] landlock: Support filesystem access-control, Serge E. Hallyn
    - Re: [PATCH v28 07/12] landlock: Support filesystem access-control, Mickaël Salaün
      - Re: [PATCH v28 07/12] landlock: Support filesystem access-control, Serge E. Hallyn
- [PATCH v28 08/12] landlock: Add syscall implementations, Mickaël Salaün
  - Re: [PATCH v28 08/12] landlock: Add syscall implementations, Serge E. Hallyn
- [PATCH v28 09/12] arch: Wire up Landlock syscalls, Mickaël Salaün
- [PATCH v28 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
- [PATCH v28 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [PATCH v28 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
forkat(int pidfd), execveat(int pidfd), other awful things?, Jason A. Donenfeld
- Re: forkat(int pidfd), execveat(int pidfd), other awful things?, Jason A. Donenfeld
- Re: forkat(int pidfd), execveat(int pidfd), other awful things?, Andy Lutomirski
  - RE: forkat(int pidfd), execveat(int pidfd), other awful things?, David Laight
    - Leveraging pidfs for process creation without fork, John Cotton Ericson
      - Re: Leveraging pidfs for process creation without fork, Christian Brauner
        
        Re: Leveraging pidfs for process creation without fork, John Ericson
        
        Re: Leveraging pidfs for process creation without fork, Al Viro
        
        Re: Leveraging pidfs for process creation without fork, John Ericson
        
        Re: Leveraging pidfs for process creation without fork, Al Viro
        
        Re: Leveraging pidfs for process creation without fork, Christian Brauner
        
        Re: Leveraging pidfs for process creation without fork, John Cotton Ericson
- Re: forkat(int pidfd), execveat(int pidfd), other awful things?, Casey Schaufler
- Re: forkat(int pidfd), execveat(int pidfd), other awful things?, Christian Brauner
[PATCH v5 0/7] Count rlimits in each user namespace, Alexey Gladkov
- [PATCH v5 1/7] Increase size of ucounts to atomic_long_t, Alexey Gladkov
- [PATCH v5 2/7] Add a reference to ucounts for each cred, Alexey Gladkov
- [PATCH v5 3/7] Reimplement RLIMIT_NPROC on top of ucounts, Alexey Gladkov
  - c632dadc10: BUG:KASAN:null-ptr-deref_in_is_ucounts_overlimit, kernel test robot
- [PATCH v5 4/7] Reimplement RLIMIT_MSGQUEUE on top of ucounts, Alexey Gladkov
- [PATCH v5 5/7] Reimplement RLIMIT_SIGPENDING on top of ucounts, Alexey Gladkov
- [PATCH v5 6/7] Reimplement RLIMIT_MEMLOCK on top of ucounts, Alexey Gladkov
  - 0ac0c30c8f: WARNING:at_kernel/ucount.c:#dec_rlimit_ucounts, kernel test robot
- [PATCH v5 7/7] kselftests: Add test to check for rlimit changes in different user namespaces, Alexey Gladkov
[PATCH v4 0/7] Count rlimits in each user namespace, Alexey Gladkov
- [PATCH v4 1/7] Add a reference to ucounts for each cred, Alexey Gladkov
- [PATCH v4 2/7] Move RLIMIT_NPROC counter to ucounts, Alexey Gladkov
- [PATCH v4 4/7] Move RLIMIT_SIGPENDING counter to ucounts, Alexey Gladkov
- [PATCH v4 3/7] Move RLIMIT_MSGQUEUE counter to ucounts, Alexey Gladkov
- [PATCH v4 5/7] Move RLIMIT_MEMLOCK counter to ucounts, Alexey Gladkov
- [PATCH v4 6/7] Move RLIMIT_NPROC check to the place where we increment the counter, Alexey Gladkov
- [PATCH v4 7/7] kselftests: Add test to check for rlimit changes in different user namespaces, Alexey Gladkov
[PATCH v27 00/12] Landlock LSM, Mickaël Salaün
- [PATCH v27 01/12] landlock: Add object management, Mickaël Salaün
- [PATCH v27 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
- [PATCH v27 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [PATCH v27 04/12] landlock: Add ptrace restrictions, Mickaël Salaün
- [PATCH v27 05/12] LSM: Infrastructure management of the superblock, Mickaël Salaün
- [PATCH v27 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
- [PATCH v27 07/12] landlock: Support filesystem access-control, Mickaël Salaün
  - Re: [PATCH v27 07/12] landlock: Support filesystem access-control, Mickaël Salaün
- [PATCH v27 08/12] landlock: Add syscall implementations, Mickaël Salaün
  - Re: [PATCH v27 08/12] landlock: Add syscall implementations, Mickaël Salaün
- [PATCH v27 09/12] arch: Wire up Landlock syscalls, Mickaël Salaün
- [PATCH v27 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [PATCH v27 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
- [PATCH v27 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
  - Re: [PATCH v27 12/12] landlock: Add user and kernel documentation, Michael Kerrisk (man-pages)
    - Re: [PATCH v27 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
[PATCH kspp-next] kbuild: prevent CC_FLAGS_LTO self-bloating on recursive rebuilds, Alexander Lobakin
- Re: [PATCH kspp-next] kbuild: prevent CC_FLAGS_LTO self-bloating on recursive rebuilds, Kees Cook
[RFC PATCH v3 0/8] Count rlimits in each user namespace, Alexey Gladkov
- [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Alexey Gladkov
  - c25050162e: WARNING:at_lib/refcount.c:#refcount_warn_saturate, kernel test robot
  - Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Linus Torvalds
    - Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Alexey Gladkov
      - Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Linus Torvalds
        
        Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Alexey Gladkov
        
        Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Kaiwan N Billimoria
        
        Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Eric W. Biederman
        
        Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Eric W. Biederman
        
        Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Alexey Gladkov
        
        Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Eric W. Biederman
        
        Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting, Alexey Gladkov
- [RFC PATCH v3 2/8] Add a reference to ucounts for each cred, Alexey Gladkov
  - [PATCH v4 2/8] Add a reference to ucounts for each cred, Alexey Gladkov
  - 14c3c8a27f: kernel_BUG_at_kernel/cred.c, kernel test robot
- [RFC PATCH v3 4/8] Move RLIMIT_MSGQUEUE counter to ucounts, Alexey Gladkov
- [RFC PATCH v3 3/8] Move RLIMIT_NPROC counter to ucounts, Alexey Gladkov
- [RFC PATCH v3 5/8] Move RLIMIT_SIGPENDING counter to ucounts, Alexey Gladkov
- [RFC PATCH v3 6/8] Move RLIMIT_MEMLOCK counter to ucounts, Alexey Gladkov
- [RFC PATCH v3 8/8] kselftests: Add test to check for rlimit changes in different user namespaces, Alexey Gladkov
- [RFC PATCH v3 7/8] Move RLIMIT_NPROC check to the place where we increment the counter, Alexey Gladkov
linux-hardening list archive, Solar Designer
[RFC PATCH v2 0/8] Count rlimits in each user namespace, Alexey Gladkov
- [RFC PATCH v2 2/8] Add a reference to ucounts for each user, Alexey Gladkov
  - 59ebc79722: kernel_BUG_at_kernel/cred.c, kernel test robot
  - Re: [RFC PATCH v2 2/8] Add a reference to ucounts for each user, Eric W. Biederman
- [RFC PATCH v2 4/8] Move RLIMIT_NPROC counter to ucounts, Alexey Gladkov
- [RFC PATCH v2 1/8] Use atomic type for ucounts reference counting, Alexey Gladkov
  - Re: [RFC PATCH v2 1/8] Use atomic type for ucounts reference counting, Eric W. Biederman
    - Re: [RFC PATCH v2 1/8] Use atomic type for ucounts reference counting, Kees Cook
- [RFC PATCH v2 3/8] Increase size of ucounts to atomic_long_t, Alexey Gladkov
- [RFC PATCH v2 6/8] Move RLIMIT_SIGPENDING counter to ucounts, Alexey Gladkov
- [RFC PATCH v2 7/8] Move RLIMIT_MEMLOCK counter to ucounts, Alexey Gladkov
- [RFC PATCH v2 5/8] Move RLIMIT_MSGQUEUE counter to ucounts, Alexey Gladkov
- [RFC PATCH v2 8/8] Move RLIMIT_NPROC check to the place where we increment the counter, Alexey Gladkov
- Re: [RFC PATCH v2 0/8] Count rlimits in each user namespace, Linus Torvalds
  - Re: [RFC PATCH v2 0/8] Count rlimits in each user namespace, Eric W. Biederman
Re: [PATCH v2] bug: further enhance use of CHECK_DATA_CORRUPTION, Josh Poimboeuf
[PATCH 04/13] x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups, Wetp Zhang
- Re: [PATCH 04/13] x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups, wetp
Kernel complexity, stefan . bavendiek
- Re: Kernel complexity, Jann Horn
  - Re: Kernel complexity, stefan . bavendiek
    - Re: Kernel complexity, Greg KH
- Re: Kernel complexity, Sandy Harris
[PATCH v9 00/16] Add support for Clang LTO, Sami Tolvanen
- [PATCH v9 01/16] tracing: move function tracer options to Kconfig, Sami Tolvanen
  - Re: [PATCH v9 01/16] tracing: move function tracer options to Kconfig (causing parisc build failures), Guenter Roeck
    - Re: [PATCH v9 01/16] tracing: move function tracer options to Kconfig (causing parisc build failures), Kees Cook
      - Re: [PATCH v9 01/16] tracing: move function tracer options to Kconfig (causing parisc build failures), Sami Tolvanen
        
        Re: [PATCH v9 01/16] tracing: move function tracer options to Kconfig (causing parisc build failures), Guenter Roeck
      - Re: [PATCH v9 01/16] tracing: move function tracer options to Kconfig (causing parisc build failures), Guenter Roeck
        
        Re: [PATCH v9 01/16] tracing: move function tracer options to Kconfig (causing parisc build failures), Kees Cook
- [PATCH v9 02/16] kbuild: add support for Clang LTO, Sami Tolvanen
- [PATCH v9 03/16] kbuild: lto: fix module versioning, Sami Tolvanen
- [PATCH v9 04/16] kbuild: lto: limit inlining, Sami Tolvanen
- [PATCH v9 05/16] kbuild: lto: merge module sections, Sami Tolvanen
  - Re: [PATCH v9 05/16] kbuild: lto: merge module sections, Stephen Boyd
- [PATCH v9 06/16] kbuild: lto: add a default list of used symbols, Sami Tolvanen
  - Re: [PATCH v9 06/16] kbuild: lto: add a default list of used symbols, Kees Cook
    - Re: [PATCH v9 06/16] kbuild: lto: add a default list of used symbols, Sami Tolvanen
      - Re: [PATCH v9 06/16] kbuild: lto: add a default list of used symbols, Nick Desaulniers
- [PATCH v9 07/16] init: lto: ensure initcall ordering, Sami Tolvanen
- [PATCH v9 08/16] init: lto: fix PREL32 relocations, Sami Tolvanen
- [PATCH v9 09/16] PCI: Fix PREL32 relocations for LTO, Sami Tolvanen
- [PATCH v9 10/16] modpost: lto: strip .lto from module names, Sami Tolvanen
- [PATCH v9 11/16] scripts/mod: disable LTO for empty.c, Sami Tolvanen
- [PATCH v9 12/16] efi/libstub: disable LTO, Sami Tolvanen
- [PATCH v9 13/16] drivers/misc/lkdtm: disable LTO for rodata.o, Sami Tolvanen
- [PATCH v9 14/16] arm64: vdso: disable LTO, Sami Tolvanen
- [PATCH v9 15/16] arm64: disable recordmcount with DYNAMIC_FTRACE_WITH_REGS, Sami Tolvanen
- [PATCH v9 16/16] arm64: allow LTO to be selected, Sami Tolvanen
- Re: [PATCH v9 00/16] Add support for Clang LTO, Kees Cook
- Re: [PATCH v9 00/16] Add support for Clang LTO, Kees Cook
- Re: [PATCH v9 00/16] Add support for Clang LTO, Sedat Dilek
  - Re: [PATCH v9 00/16] Add support for Clang LTO, Josh Poimboeuf
    - Re: [PATCH v9 00/16] Add support for Clang LTO, Sedat Dilek
      - Re: [PATCH v9 00/16] Add support for Clang LTO, Josh Poimboeuf
        
        Re: [PATCH v9 00/16] Add support for Clang LTO, Sedat Dilek
        
        Re: [PATCH v9 00/16] Add support for Clang LTO, Josh Poimboeuf
        
        Re: [PATCH v9 00/16] Add support for Clang LTO, Sedat Dilek
        
        Re: [PATCH v9 00/16] Add support for Clang LTO, Josh Poimboeuf
        
        Re: [PATCH v9 00/16] Add support for Clang LTO, Josh Poimboeuf
        
        Re: [PATCH v9 00/16] Add support for Clang LTO, Sedat Dilek
        
        Re: [PATCH v9 00/16] Add support for Clang LTO, Sedat Dilek
[PATCH v26 00/12] Landlock LSM, Mickaël Salaün
- [PATCH v26 01/12] landlock: Add object management, Mickaël Salaün
- [PATCH v26 02/12] landlock: Add ruleset and domain management, Mickaël Salaün
  - Re: [PATCH v26 02/12] landlock: Add ruleset and domain management, Jann Horn
- [PATCH v26 03/12] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [PATCH v26 04/12] landlock: Add ptrace restrictions, Mickaël Salaün
- [PATCH v26 05/12] LSM: Infrastructure management of the superblock, Mickaël Salaün
- [PATCH v26 06/12] fs,security: Add sb_delete hook, Mickaël Salaün
- [PATCH v26 07/12] landlock: Support filesystem access-control, Mickaël Salaün
  - Re: [PATCH v26 07/12] landlock: Support filesystem access-control, Jann Horn
    - Re: [PATCH v26 07/12] landlock: Support filesystem access-control, Mickaël Salaün
      - Re: [PATCH v26 07/12] landlock: Support filesystem access-control, Jann Horn
        
        Re: [PATCH v26 07/12] landlock: Support filesystem access-control, Mickaël Salaün
        
        Re: [PATCH v26 07/12] landlock: Support filesystem access-control, Jann Horn
        
        Re: [PATCH v26 07/12] landlock: Support filesystem access-control, Mickaël Salaün
- [PATCH v26 08/12] landlock: Add syscall implementations, Mickaël Salaün
  - Re: [PATCH v26 08/12] landlock: Add syscall implementations, Mickaël Salaün
- [PATCH v26 09/12] arch: Wire up Landlock syscalls, Mickaël Salaün
- [PATCH v26 10/12] selftests/landlock: Add user space tests, Mickaël Salaün
- [PATCH v26 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
  - Re: [PATCH v26 11/12] samples/landlock: Add a sandbox manager example, Jann Horn
    - Re: [PATCH v26 11/12] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [PATCH v26 12/12] landlock: Add user and kernel documentation, Mickaël Salaün
- Re: [PATCH v26 00/12] Landlock LSM, Jann Horn
  - Re: [PATCH v26 00/12] Landlock LSM, Mickaël Salaün
[PRE-REVIEW PATCH 0/2] Remove all strlcpy in favor of strscpy, Romain Perier
- [PRE-REVIEW PATCH 1/2] Manual replacement of the deprecated strlcpy() with return values, Romain Perier
- [PRE-REVIEW PATCH 2/2] Automated replacement of all other deprecated strlcpy(), Romain Perier
- Re: [PRE-REVIEW PATCH 0/2] Remove all strlcpy in favor of strscpy, Romain Perier
[PATCH v12 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
- [PATCH v12 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
- [PATCH v12 2/3] arch: Wire up trusted_for(2), Mickaël Salaün
- [PATCH v12 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Mickaël Salaün
- Re: [PATCH v12 0/3] Add trusted_for(2) (was O_MAYEXEC), bauen1
  - Re: [PATCH v12 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
    - Re: [PATCH v12 0/3] Add trusted_for(2) (was O_MAYEXEC), Kees Cook
      - Re: [PATCH v12 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
        
        Re: [PATCH v12 0/3] Add trusted_for(2) (was O_MAYEXEC), Mimi Zohar
        
        Re: [PATCH v12 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
[PATCH v8 00/16] Add support for Clang LTO, Sami Tolvanen
- [PATCH v8 01/16] tracing: move function tracer options to Kconfig, Sami Tolvanen
  - Re: [PATCH v8 01/16] tracing: move function tracer options to Kconfig, Steven Rostedt
- [PATCH v8 02/16] kbuild: add support for Clang LTO, Sami Tolvanen
  - Re: [PATCH v8 02/16] kbuild: add support for Clang LTO, Masahiro Yamada
  - Re: [PATCH v8 02/16] kbuild: add support for Clang LTO, Nick Desaulniers
- [PATCH v8 03/16] kbuild: lto: fix module versioning, Sami Tolvanen
- [PATCH v8 04/16] kbuild: lto: limit inlining, Sami Tolvanen
- [PATCH v8 05/16] kbuild: lto: merge module sections, Sami Tolvanen
- [PATCH v8 06/16] kbuild: lto: remove duplicate dependencies from .mod files, Sami Tolvanen
- [PATCH v8 07/16] init: lto: ensure initcall ordering, Sami Tolvanen
- [PATCH v8 08/16] init: lto: fix PREL32 relocations, Sami Tolvanen
- [PATCH v8 09/16] PCI: Fix PREL32 relocations for LTO, Sami Tolvanen
- [PATCH v8 10/16] modpost: lto: strip .lto from module names, Sami Tolvanen
- [PATCH v8 11/16] scripts/mod: disable LTO for empty.c, Sami Tolvanen
- [PATCH v8 12/16] efi/libstub: disable LTO, Sami Tolvanen
- [PATCH v8 13/16] drivers/misc/lkdtm: disable LTO for rodata.o, Sami Tolvanen
- [PATCH v8 14/16] arm64: vdso: disable LTO, Sami Tolvanen
- [PATCH v8 15/16] arm64: disable recordmcount with DYNAMIC_FTRACE_WITH_REGS, Sami Tolvanen
- [PATCH v8 16/16] arm64: allow LTO to be selected, Sami Tolvanen
- Re: [PATCH v8 00/16] Add support for Clang LTO, Nick Desaulniers
- Re: [PATCH v8 00/16] Add support for Clang LTO, Will Deacon
  - Re: [PATCH v8 00/16] Add support for Clang LTO, Sami Tolvanen
    - Re: [PATCH v8 00/16] Add support for Clang LTO, Nathan Chancellor
    - Re: [PATCH v8 00/16] Add support for Clang LTO, Will Deacon
      - Re: [PATCH v8 00/16] Add support for Clang LTO, Nick Desaulniers
        
        Re: [PATCH v8 00/16] Add support for Clang LTO, Will Deacon
        
        Re: [PATCH v8 00/16] Add support for Clang LTO, Sami Tolvanen
        
        Re: [PATCH v8 00/16] Add support for Clang LTO, Nathan Chancellor

[Index of Archives] [Linux Samsung SoC] [Linux Actions SoC] [Linux Rockchip SoC] [Linux for Synopsys ARC Processors] [Linux USB Devel] [Video for Linux] [Linux SCSI] [Yosemite Forum]