Kernel Hardening
[Prev Page][Next Page]
- kCFI sources,
joao@overdrivepizza.com
- [PATCH] gcc-plugins/stackleak: Avoid assignment for unused macro argument,
Kees Cook
- [PATCH v8 1/7] powerpc/mm: Implement set_memory() routines,
Russell Currey
- [PATCH v2 bpf] kbuild: fix dependencies for DEBUG_INFO_BTF,
Slava Bacherikov
- [PATCH v7 0/7] set_memory() routines and STRICT_MODULE_RWX,
Russell Currey
- CONFIG_DEBUG_INFO_BTF and CONFIG_GCC_PLUGIN_RANDSTRUCT,
Jann Horn
- [PATCH v5 0/6] implement KASLR for powerpc/fsl_booke/64,
Jason Yan
- [PATCH v5 1/6] powerpc/fsl_booke/kaslr: refactor kaslr_legal_offset() and kaslr_early_init(), Jason Yan
- [PATCH v5 3/6] powerpc/fsl_booke/64: implement KASLR for fsl_booke64, Jason Yan
- [PATCH v5 2/6] powerpc/fsl_booke/64: introduce reloc_kernel_entry() helper, Jason Yan
- [PATCH v5 4/6] powerpc/fsl_booke/64: do not clear the BSS for the second pass, Jason Yan
- [PATCH v5 5/6] powerpc/fsl_booke/64: clear the original kernel if randomized, Jason Yan
- [PATCH v5 6/6] powerpc/fsl_booke/kaslr: rename kaslr-booke32.rst to kaslr-booke.rst and add 64bit part, Jason Yan
- Re: [PATCH v5 0/6] implement KASLR for powerpc/fsl_booke/64, Jason Yan
- Re: [PATCH v5 0/6] implement KASLR for powerpc/fsl_booke/64, Scott Wood
- Re: [PATCH v5 0/6] implement KASLR for powerpc/fsl_booke/64, Jason Yan
- Re: [PATCH v5 0/6] implement KASLR for powerpc/fsl_booke/64, Daniel Axtens
- [RFC PATCH] arm64: remove CONFIG_DEBUG_ALIGN_RODATA feature,
Ard Biesheuvel
- [PATCH] gcc-plugins: drop support for GCC <= 4.7,
Masahiro Yamada
- [PATCH v10 0/9] proc: modernize proc to support multiple private instances,
Alexey Gladkov
- [PATCH v10 1/9] proc: rename struct proc_fs_info to proc_fs_opts, Alexey Gladkov
- [PATCH v10 2/9] proc: allow to mount many instances of proc in one pid namespace, Alexey Gladkov
- [PATCH v10 3/9] proc: move hide_pid, pid_gid from pid_namespace to proc_fs_info, Alexey Gladkov
- [PATCH v10 4/9] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option, Alexey Gladkov
- [PATCH v10 6/9] docs: proc: add documentation for "hidepid=4" and "subset=pid" options and new mount behavior, Alexey Gladkov
- [PATCH v10 5/9] proc: add option to mount only a pids subset, Alexey Gladkov
- [PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount, Alexey Gladkov
- [PATCH v10 8/9] proc: use human-readable values for hidehid, Alexey Gladkov
- [PATCH v10 9/9] proc: use named enums for better readability, Alexey Gladkov
- Re: [PATCH v10 0/9] proc: modernize proc to support multiple private instances, Eric W. Biederman
- [PATCH v5 0/6] binfmt_elf: Update READ_IMPLIES_EXEC logic for modern CPUs,
Kees Cook
- [PATCH v15 00/10] Landlock LSM,
Mickaël Salaün
- [PATCH v15 01/10] landlock: Add object management, Mickaël Salaün
- [PATCH v15 02/10] landlock: Add ruleset and domain management, Mickaël Salaün
- [PATCH v15 03/10] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [PATCH v15 04/10] landlock: Add ptrace restrictions, Mickaël Salaün
- [PATCH v15 05/10] fs,landlock: Support filesystem access-control, Mickaël Salaün
- [PATCH v15 06/10] landlock: Add syscall implementation, Mickaël Salaün
- [PATCH v15 07/10] arch: Wire up landlock() syscall, Mickaël Salaün
- [PATCH v15 08/10] selftests/landlock: Add initial tests, Mickaël Salaün
- [PATCH v15 09/10] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [PATCH v15 10/10] landlock: Add user and kernel documentation, Mickaël Salaün
- [PATCH 1/2] kconfig: remove unused variable in qconf.cc,
Masahiro Yamada
- Curiosity around 'exec_id' and some problems associated with it,
Adam Zabrocki
- [PATCH RESEND v9 0/8] proc: modernize proc to support multiple private instances,
Alexey Gladkov
- [PATCH v2 0/5] Optionally randomize kernel stack offset each syscall,
Kees Cook
- [RFC PATCH 00/21] Improve list integrity checking,
Will Deacon
- [RFC PATCH 01/21] list: Remove hlist_unhashed_lockless(), Will Deacon
- [RFC PATCH 02/21] list: Remove hlist_nulls_unhashed_lockless(), Will Deacon
- [RFC PATCH 03/21] list: Annotate lockless list primitives with data_race(), Will Deacon
- [RFC PATCH 04/21] timers: Use hlist_unhashed() instead of open-coding in timer_pending(), Will Deacon
- [RFC PATCH 05/21] list: Comment missing WRITE_ONCE() in __list_del(), Will Deacon
- [RFC PATCH 06/21] list: Remove superfluous WRITE_ONCE() from hlist_nulls implementation, Will Deacon
- [RFC PATCH 11/21] list: Add integrity checking to hlist implementation, Will Deacon
- [RFC PATCH 07/21] Revert "list: Use WRITE_ONCE() when adding to lists and hlists", Will Deacon
- [RFC PATCH 12/21] list: Poison ->next pointer for non-RCU deletion of 'hlist_nulls_node', Will Deacon
- [RFC PATCH 08/21] Revert "list: Use WRITE_ONCE() when initializing list_head structures", Will Deacon
- [RFC PATCH 09/21] list: Remove unnecessary WRITE_ONCE() from hlist_bl_add_before(), Will Deacon
- [RFC PATCH 14/21] plist: Use CHECK_DATA_CORRUPTION instead of explicit {BUG,WARN}_ON(), Will Deacon
- [RFC PATCH 10/21] kernel-hacking: Make DEBUG_{LIST,PLIST,SG,NOTIFIERS} non-debug options, Will Deacon
- [RFC PATCH 16/21] list_bl: Extend integrity checking in deletion routines, Will Deacon
- [RFC PATCH 17/21] linux/bit_spinlock.h: Include linux/processor.h, Will Deacon
- [RFC PATCH 13/21] list: Add integrity checking to hlist_nulls implementation, Will Deacon
- [RFC PATCH 15/21] list_bl: Use CHECK_DATA_CORRUPTION instead of custom BUG_ON() wrapper, Will Deacon
- [RFC PATCH 18/21] list_bl: Move integrity checking out of line, Will Deacon
- [RFC PATCH 19/21] list_bl: Extend integrity checking to cover the same cases as 'hlist', Will Deacon
- [RFC PATCH 20/21] list: Format CHECK_DATA_CORRUPTION error messages consistently, Will Deacon
- [RFC PATCH 21/21] lkdtm: Extend list corruption checks, Will Deacon
- Looking for help testing patch attestation,
Konstantin Ryabitsev
- [PATCH v9 8/8] proc: use human-readable values for hidehid, Alexey Gladkov
- [PATCH v9 7/8] proc: move hidepid values to uapi as they are user interface to mount, Alexey Gladkov
- [PATCH v9 6/8] docs: proc: add documentation for "hidepid=4" and "subset=pidfs" options and new mount behavior, Alexey Gladkov
- [PATCH v9 5/8] proc: add option to mount only a pids subset, Alexey Gladkov
- [PATCH v9 4/8] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option, Alexey Gladkov
- [PATCH v9 3/8] proc: move hide_pid, pid_gid from pid_namespace to proc_fs_info, Alexey Gladkov
- [PATCH v9 1/8] proc: rename struct proc_fs_info to proc_fs_opts, Alexey Gladkov
- [PATCH v9 2/8] proc: allow to mount many instances of proc in one pid namespace, Alexey Gladkov
- [PATCH v9 0/8] proc: modernize proc to support multiple private instances, Alexey Gladkov
- [PATCH v6 0/7] set_memory() routines and STRICT_MODULE_RWX,
Russell Currey
- Re: [PATCH v3] ARM: smp: add support for per-task stack canaries,
Guenter Roeck
- [PATCH] arm64: add check_wx_pages debugfs for CHECK_WX,
Phong Tran
- [PATCH v4 0/6] implement KASLR for powerpc/fsl_booke/64,
Jason Yan
- [PATCH v2] lib/refcount: Document interaction with PID_MAX_LIMIT,
Jann Horn
- [PATCH] lib/refcount: Document interaction with PID_MAX_LIMIT,
Jann Horn
- [PATCH] x86/mm/init: Stop printing pgt_buf addresses,
Arvind Sankar
- [PATCH v11 00/11] x86: PIE support to extend KASLR randomization,
Thomas Garnier
- [PATCH v11 01/11] x86/crypto: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 02/11] x86: Add macro to get symbol address for PIE support, Thomas Garnier
- [PATCH v11 03/11] x86: relocate_kernel - Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 04/11] x86/entry/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 05/11] x86: pm-trace - Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 06/11] x86/CPU: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 07/11] x86/acpi: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 08/11] x86/boot/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 09/11] x86/power/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 10/11] x86/paravirt: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v11 11/11] x86/alternatives: Adapt assembly for PIE support, Thomas Garnier
- Re: [PATCH v11 00/11] x86: PIE support to extend KASLR randomization, Kees Cook
- [PATCH v5 0/6] ubsan: Split out bounds checker,
Kees Cook
- [PATCH v4 0/6] ubsan: Split out bounds checker,
Kees Cook
- [PATCH] x86/mm/init_32: Don't print out kernel memory layout if KASLR,
Arvind Sankar
- [PATCH v5 0/8] set_memory() routines and STRICT_MODULE_RWX,
Russell Currey
- [PATCH v4 0/8] set_memory() routines and STRICT_MODULE_RWX,
Russell Currey
- Re: [RESEND PATCH v4 05/10] lib/refcount: Improve performance of generic REFCOUNT_FULL code,
Jann Horn
- [PATCH v4 0/6] binfmt_elf: Update READ_IMPLIES_EXEC logic for modern CPUs,
Kees Cook
- [RFC PATCH v14 00/10] Landlock LSM,
Mickaël Salaün
- [RFC PATCH v14 03/10] landlock: Set up the security framework and manage credentials, Mickaël Salaün
- [RFC PATCH v14 04/10] landlock: Add ptrace restrictions, Mickaël Salaün
- [RFC PATCH v14 05/10] fs,landlock: Support filesystem access-control, Mickaël Salaün
- [RFC PATCH v14 08/10] selftests/landlock: Add initial tests, Mickaël Salaün
- [RFC PATCH v14 10/10] landlock: Add user and kernel documentation, Mickaël Salaün
- [RFC PATCH v14 06/10] landlock: Add syscall implementation, Mickaël Salaün
- [RFC PATCH v14 02/10] landlock: Add ruleset and domain management, Mickaël Salaün
- [RFC PATCH v14 07/10] arch: Wire up landlock() syscall, Mickaël Salaün
- [RFC PATCH v14 09/10] samples/landlock: Add a sandbox manager example, Mickaël Salaün
- [RFC PATCH v14 01/10] landlock: Add object and rule management, Mickaël Salaün
- Re: [RFC PATCH v14 00/10] Landlock LSM, J Freyensee
- Re: [RFC PATCH v14 01/10] landlock: Add object and rule management, Hillf Danton
- Re: [RFC PATCH v14 00/10] Landlock LSM, Jann Horn
- Maybe inappropriate use BUG_ON() in CONFIG_SLAB_FREELIST_HARDENED,
zerons
- [PATCH] gcc-plugins: fix gcc-plugins directory path in documentation,
Masahiro Yamada
- [PATCH v3 0/7] binfmt_elf: Update READ_IMPLIES_EXEC logic for modern CPUs,
Kees Cook
- [PATCH v3 1/7] x86/elf: Add table to document READ_IMPLIES_EXEC, Kees Cook
- [PATCH v3 4/7] arm32/64, elf: Add tables to document READ_IMPLIES_EXEC, Kees Cook
- [PATCH v3 3/7] x86/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces, Kees Cook
- [PATCH v3 2/7] x86/elf: Split READ_IMPLIES_EXEC from executable GNU_STACK, Kees Cook
- [PATCH v3 6/7] arm64, elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces, Kees Cook
- [PATCH v3 5/7] arm32/64, elf: Split READ_IMPLIES_EXEC from executable GNU_STACK, Kees Cook
- [PATCH v3 7/7] selftests/exec: Add READ_IMPLIES_EXEC tests, Kees Cook
- Re: [PATCH v3 0/7] binfmt_elf: Update READ_IMPLIES_EXEC logic for modern CPUs, Jason Gunthorpe
- [PATCH v8 00/11] proc: modernize proc to support multiple private instances,
Alexey Gladkov
- [PATCH v8 01/11] proc: Rename struct proc_fs_info to proc_fs_opts, Alexey Gladkov
- [PATCH v8 02/11] proc: add proc_fs_info struct to store proc information, Alexey Gladkov
- [PATCH v8 03/11] proc: move /proc/{self|thread-self} dentries to proc_fs_info, Alexey Gladkov
- [PATCH v8 04/11] proc: move hide_pid, pid_gid from pid_namespace to proc_fs_info, Alexey Gladkov
- [PATCH v8 05/11] proc: add helpers to set and get proc hidepid and gid mount options, Alexey Gladkov
- [PATCH v8 06/11] proc: support mounting procfs instances inside same pid namespace, Alexey Gladkov
- [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Alexey Gladkov
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Linus Torvalds
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Alexey Gladkov
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Alexey Gladkov
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Linus Torvalds
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Linus Torvalds
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Al Viro
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Linus Torvalds
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Al Viro
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Al Viro
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Linus Torvalds
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Linus Torvalds
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Al Viro
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Linus Torvalds
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Al Viro
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Linus Torvalds
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- [PATCH 0/7] proc: Dentry flushing without proc_mnt, Eric W. Biederman
- [PATCH 1/7] proc: Rename in proc_inode rename sysctl_inodes sibling_inodes, Eric W. Biederman
- [PATCH 2/7] proc: Generalize proc_sys_prune_dcache into proc_prune_siblings_dcache, Eric W. Biederman
- [PATCH 3/7] proc: Mov rcu_read_(lock|unlock) in proc_prune_siblings_dcache, Eric W. Biederman
- Re: [PATCH 3/7] proc: Mov rcu_read_(lock|unlock) in proc_prune_siblings_dcache, Linus Torvalds
- [PATCH 4/7] proc: Use d_invalidate in proc_prune_siblings_dcache, Eric W. Biederman
- Re: [PATCH 4/7] proc: Use d_invalidate in proc_prune_siblings_dcache, Linus Torvalds
- Re: [PATCH 4/7] proc: Use d_invalidate in proc_prune_siblings_dcache, Al Viro
- Re: [PATCH 4/7] proc: Use d_invalidate in proc_prune_siblings_dcache, Linus Torvalds
- Re: [PATCH 4/7] proc: Use d_invalidate in proc_prune_siblings_dcache, Al Viro
- Re: [PATCH 4/7] proc: Use d_invalidate in proc_prune_siblings_dcache, Eric W. Biederman
- [PATCH 5/7] proc: Clear the pieces of proc_inode that proc_evict_inode cares about, Eric W. Biederman
- [PATCH 6/7] proc: Use a list of inodes to flush from proc, Eric W. Biederman
- [PATCH 7/7] proc: Ensure we see the exit of each process tid exactly once, Eric W. Biederman
- Re: [PATCH 7/7] proc: Ensure we see the exit of each process tid exactly once, Oleg Nesterov
- Re: [PATCH 7/7] proc: Ensure we see the exit of each process tid exactly once, Eric W. Biederman
- Re: [PATCH 0/7] proc: Dentry flushing without proc_mnt, Linus Torvalds
- Re: [PATCH 0/7] proc: Dentry flushing without proc_mnt, Al Viro
- Re: [PATCH 0/7] proc: Dentry flushing without proc_mnt, Eric W. Biederman
- [PATCH v2 0/6] proc: Dentry flushing without proc_mnt, Eric W. Biederman
- [PATCH v2 1/6] proc: Rename in proc_inode rename sysctl_inodes sibling_inodes, Eric W. Biederman
- [PATCH v2 2/6] proc: Generalize proc_sys_prune_dcache into proc_prune_siblings_dcache, Eric W. Biederman
- [PATCH v2 3/6] proc: In proc_prune_siblings_dcache cache an aquired super block, Eric W. Biederman
- [PATCH v2 4/6] proc: Use d_invalidate in proc_prune_siblings_dcache, Eric W. Biederman
- [PATCH v2 5/6] proc: Clear the pieces of proc_inode that proc_evict_inode cares about, Eric W. Biederman
- [PATCH v2 6/6] proc: Use a list of inodes to flush from proc, Eric W. Biederman
- [PATCH 0/3] proc: Actually honor the mount options, Eric W. Biederman
- [PATCH 1/3] uml: Don't consult current to find the proc_mnt in mconsole_proc, Eric W. Biederman
- [PATCH 2/3] uml: Create a private mount of proc for mconsole, Eric W. Biederman
- Re: [PATCH 2/3] uml: Create a private mount of proc for mconsole, Christian Brauner
- Re: [PATCH 2/3] uml: Create a private mount of proc for mconsole, Eric W. Biederman
- Re: [PATCH 2/3] uml: Create a private mount of proc for mconsole, Christian Brauner
- [PATCH 3/3] proc: Remove the now unnecessary internal mount of proc, Eric W. Biederman
- Re: [PATCH 3/3] proc: Remove the now unnecessary internal mount of proc, Christian Brauner
- Re: [PATCH 3/3] proc: Remove the now unnecessary internal mount of proc, Eric W. Biederman
- [PATCH 4/3] pid: Improve the comment about waiting in zap_pid_ns_processes, Eric W. Biederman
- Re: [PATCH 4/3] pid: Improve the comment about waiting in zap_pid_ns_processes, Christian Brauner
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Eric W. Biederman
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Al Viro
- Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances, Al Viro
- [PATCH v8 08/11] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option, Alexey Gladkov
- [PATCH v8 09/11] proc: add option to mount only a pids subset, Alexey Gladkov
- [PATCH v8 10/11] docs: proc: add documentation for "hidepid=4" and "subset=pidfs" options and new mount behavior, Alexey Gladkov
- [PATCH v8 11/11] proc: Move hidepid values to uapi as they are user interface to mount, Alexey Gladkov
- [PATCH v3 0/6] implement KASLR for powerpc/fsl_booke/64,
Jason Yan
- [RFC PATCH 00/11] Finer grained kernel address space randomization,
Kristen Carlson Accardi
[Index of Archives]
[Linux Samsung SoC]
[Linux Actions SoC]
[Linux Rockchip SoC]
[Linux for Synopsys ARC Processors]
[Linux USB Devel]
[Video for Linux]
[Linux SCSI]
[Yosemite Forum]
