Kernel Hardening
[Prev Page][Next Page]
- Re: [PATCH 6/9] workqueue: Convert for_each_wq to use built-in list check (v2), (continued)
- [PATCH v2 0/9] Harden list_for_each_entry_rcu() and family,
Joel Fernandes (Google)
- [PATCH 5.2 22/61] Documentation/admin: Remove the vsyscall=native documentation, Greg Kroah-Hartman
- [PATCH 5.1 105/138] Documentation/admin: Remove the vsyscall=native documentation, Greg Kroah-Hartman
- [PATCH 4.19 66/91] Documentation/admin: Remove the vsyscall=native documentation, Greg Kroah-Hartman
- [PATCH v1 0/6] Harden list_for_each_entry_rcu() and family,
Joel Fernandes (Google)
- Patch "Documentation/admin: Remove the vsyscall=native documentation" has been added to the 5.2-stable tree, gregkh
- Patch "Documentation/admin: Remove the vsyscall=native documentation" has been added to the 5.1-stable tree, gregkh
- Patch "Documentation/admin: Remove the vsyscall=native documentation" has been added to the 4.19-stable tree, gregkh
- kernel oops loading i915 after "x86/asm: Pin sensitive CR4 bits" (873d50d58),
Xi Ruoyao
- [PATCH v4] Added warnings in checkpatch.pl script to :,
NitinGote
- [PATCH v3] Added warnings in checkpatch.pl script to :, NitinGote
- [PATCH v2] Added warnings in checkpatch.pl script to :,
NitinGote
- [PATCH v8 00/11] x86: PIE support to extend KASLR randomization,
Thomas Garnier
- [PATCH v8 01/11] x86/crypto: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 02/11] x86: Add macro to get symbol address for PIE support, Thomas Garnier
- [PATCH v8 03/11] x86: relocate_kernel - Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 04/11] x86/entry/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 05/11] x86: pm-trace - Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 07/11] x86/acpi: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 08/11] x86/boot/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 09/11] x86/power/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 10/11] x86/paravirt: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v8 11/11] x86/alternatives: Adapt assembly for PIE support, Thomas Garnier
- Re: [PATCH v8 00/11] x86: PIE support to extend KASLR randomization, Kees Cook
- [PATCH v5 00/12] S.A.R.A. a new stacked LSM,
Salvatore Mesoraca
- [PATCH v5 01/12] S.A.R.A.: add documentation, Salvatore Mesoraca
- [PATCH v5 02/12] S.A.R.A.: create framework, Salvatore Mesoraca
- [PATCH v5 03/12] S.A.R.A.: cred blob management, Salvatore Mesoraca
- [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching, Salvatore Mesoraca
- [PATCH v5 05/12] LSM: creation of "check_vmflags" LSM hook, Salvatore Mesoraca
- [PATCH v5 06/12] S.A.R.A.: WX protection, Salvatore Mesoraca
- [PATCH v5 07/12] LSM: creation of "pagefault_handler" LSM hook, Salvatore Mesoraca
- [PATCH v5 08/12] S.A.R.A.: trampoline emulation, Salvatore Mesoraca
- [PATCH v5 09/12] S.A.R.A.: WX protection procattr interface, Salvatore Mesoraca
- [PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation, Salvatore Mesoraca
- [PATCH v5 10/12] S.A.R.A.: XATTRs support, Salvatore Mesoraca
- [PATCH v5 12/12] MAINTAINERS: take maintainership for S.A.R.A., Salvatore Mesoraca
- Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM, Jordan Glover
- Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM, James Morris
- [PATCH v2] checkpatch: Added warnings in favor of strscpy().,
Nitin Gote
- refactor tasklets to avoid unsigned long argument,
Romain Perier
- [PATCH v3] Convert struct pid count to refcount_t, Joel Fernandes (Google)
- [PATCH v2] Convert struct pid count to refcount_t,
Joel Fernandes (Google)
- [PATCH] checkpatch: Added warnings in favor of strscpy().,
Nitin Gote
- [PATCH v10 0/3] add init_on_alloc/init_on_free boot options,
Alexander Potapenko
- [PATCH v9 0/3] add init_on_alloc/init_on_free boot options,
Alexander Potapenko
- Re: Regarding have kfree() (and related) set the pointer to NULL too,
Gote, Nitin R
- [PATCH v2 7/8] x86/vsyscall: Add __ro_after_init to global variables,
Andy Lutomirski
- [PATCH v2 8/8] selftests/x86: Add a test for process_vm_readv() on the vsyscall page,
Andy Lutomirski
- [PATCH v2 6/8] x86/vsyscall: Change the default vsyscall mode to xonly,
Andy Lutomirski
- [PATCH v2 5/8] selftests/x86/vsyscall: Verify that vsyscall=none blocks execution,
Andy Lutomirski
- [PATCH v2 4/8] x86/vsyscall: Document odd SIGSEGV error code for vsyscalls,
Andy Lutomirski
- [PATCH v2 2/8] x86/vsyscall: Add a new vsyscall=xonly mode,
Andy Lutomirski
- [PATCH v2 1/8] x86/vsyscall: Remove the vsyscall=native documentation,
Andy Lutomirski
- [PATCH v8 0/3] add init_on_alloc/init_on_free boot options,
Alexander Potapenko
- [PATCH bpf-next v9 00/10] Landlock LSM: Toward unprivileged sandboxing,
Mickaël Salaün
- [PATCH bpf-next v9 07/10] landlock: Add ptrace restrictions, Mickaël Salaün
- [PATCH bpf-next v9 05/10] bpf,landlock: Add a new map type: inode, Mickaël Salaün
- [PATCH bpf-next v9 04/10] seccomp,landlock: Enforce Landlock programs per process hierarchy, Mickaël Salaün
- [PATCH bpf-next v9 10/10] landlock: Add user and kernel documentation for Landlock, Mickaël Salaün
- [PATCH bpf-next v9 09/10] bpf,landlock: Add tests for Landlock, Mickaël Salaün
- [PATCH bpf-next v9 02/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier, Mickaël Salaün
- [PATCH bpf-next v9 06/10] landlock: Handle filesystem access control, Mickaël Salaün
- [PATCH bpf-next v9 08/10] bpf: Add a Landlock sandbox example, Mickaël Salaün
- [PATCH bpf-next v9 03/10] bpf,landlock: Define an eBPF program type for Landlock hooks, Mickaël Salaün
- [PATCH bpf-next v9 01/10] fs,security: Add a new file access type: MAY_CHROOT, Mickaël Salaün
- Detecting the availability of VSYSCALL,
Florian Weimer
- Archive kernel-hardening@xxxxxxxxxxxxxxxxxx on lore.kernel.org too,
Yann Droneaud
- [PATCH RFC v2] Convert struct pid count to refcount_t,
Joel Fernandes (Google)
- [PATCH v1 12/22] docs: driver-api: add .rst files from the main dir,
Mauro Carvalho Chehab
- [PATCH v1 01/22] docs: Documentation/*.txt: rename all ReST files to *.rst, Mauro Carvalho Chehab
- Audit and fix all misuse of NLA_STRING: STATUS,
Romain Perier
[PATCH v3 0/3] x86/asm: Pin sensitive CR4 and CR0 bits,
Kees Cook
[PATCH v7 0/3] add init_on_alloc/init_on_free boot options,
Alexander Potapenko
[PATCH] security: do not enable CONFIG_GCC_PLUGINS by default,
Denis 'GNUtoo' Carikli
[PATCH v2] powerpc/mm: Implement STRICT_MODULE_RWX,
Russell Currey
[PATCH 0/3] ELF interpretor info: align and add random padding,
Yann Droneaud
[RFC 00/10] Process-local memory allocations for hiding KVM secrets,
Marius Hillenbrand
- [RFC 01/10] x86/mm/kaslr: refactor to use enum indices for regions, Marius Hillenbrand
- [RFC 02/10] x86/speculation, mm: add process local virtual memory region, Marius Hillenbrand
- [RFC 03/10] x86/mm, mm,kernel: add teardown for process-local memory to mm cleanup, Marius Hillenbrand
- [RFC 04/10] mm: allocate virtual space for process-local memory, Marius Hillenbrand
- [RFC 05/10] mm: allocate/release physical pages for process-local memory, Marius Hillenbrand
- [RFC 06/10] kvm/x86: add support for storing vCPU state in process-local memory, Marius Hillenbrand
- [RFC 07/10] kvm, vmx: move CR2 context switch out of assembly path, Marius Hillenbrand
- [RFC 08/10] kvm, vmx: move register clearing out of assembly path, Marius Hillenbrand
- [RFC 09/10] kvm, vmx: move gprs to process local memory, Marius Hillenbrand
- [RFC 10/10] kvm, x86: move guest FPU state into process local memory, Marius Hillenbrand
- Re: [RFC 00/10] Process-local memory allocations for hiding KVM secrets, Sean Christopherson
- Re: [RFC 00/10] Process-local memory allocations for hiding KVM secrets, Dave Hansen
[PATCH V2] include: linux: Regularise the use of FIELD_SIZEOF macro,
Shyam Saini
[PATCH 5/5] x86/vsyscall: Change the default vsyscall mode to xonly,
Andy Lutomirski
[PATCH 4/5] selftests/x86/vsyscall: Verify that vsyscall=none blocks execution, Andy Lutomirski
[PATCH 3/5] x86/vsyscall: Document odd #PF's error code for vsyscalls,
Andy Lutomirski
[PATCH 2/5] x86/vsyscall: Add a new vsyscall=xonly mode,
Andy Lutomirski
[PATCH 1/5] x86/vsyscall: Remove the vsyscall=native documentation, Andy Lutomirski
Regarding add detection for double-reads,
Khajapasha, Mohammed
[PATCH 5.1 85/85] x86/kprobes: Set instruction page as executable, Greg Kroah-Hartman
[PATCH 4.19 69/73] x86/kprobes: Set instruction page as executable, Greg Kroah-Hartman
[PATCH 4.19 68/73] x86/ftrace: Set trampoline pages as executable, Greg Kroah-Hartman
[PATCH v6 3/3] lib: introduce test_meminit module,
Alexander Potapenko
[PATCH v6 2/3] mm: init: report memory auto-initialization features at boot time,
Alexander Potapenko
[PATCH v6 1/3] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options,
Alexander Potapenko
[PATCH] lib/test_stackinit: Handle Clang auto-initialization pattern,
Kees Cook
Get involved,
Romain Perier
[RFC 0/6] Harden list_for_each_entry_rcu() and family,
Joel Fernandes (Google)
[PATCH AUTOSEL 5.0 034/173] gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6, Sasha Levin
[PATCH AUTOSEL 5.1 037/186] gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6, Sasha Levin
unrecognizable insn generated in plugin?,
Tycho Andersen
[PATCH tip/core/rcu 3/4] module: Make srcu_struct ptr array as read-only, Paul E. McKenney
[PATCH 4.19 079/276] x86/modules: Avoid breaking W^X while loading modules,
Greg Kroah-Hartman
[PATCH 5.0 086/346] x86/modules: Avoid breaking W^X while loading modules, Greg Kroah-Hartman
[PATCH 5.0 079/346] x86/ftrace: Set trampoline pages as executable, Greg Kroah-Hartman
[PATCH 5.1 095/405] x86/modules: Avoid breaking W^X while loading modules, Greg Kroah-Hartman
[PATCH 5.1 088/405] x86/ftrace: Set trampoline pages as executable, Greg Kroah-Hartman
Re: [PATCH 1/7] General notification queue with user mmap()'able ring buffer,
Jann Horn
[PATCH v5 3/3] lib: introduce test_meminit module,
Alexander Potapenko
[PATCH v5 2/3] mm: init: report memory auto-initialization features at boot time,
Alexander Potapenko
[PATCH v5 1/3] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options,
Alexander Potapenko
[RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down,
Christopher M. Riedl
[PATCH v4 0/3] RFC: add init_on_alloc/init_on_free boot options,
Alexander Potapenko
[PATCH v3 0/3] RFC: add init_on_alloc/init_on_free boot options,
Alexander Potapenko
[PATCH AUTOSEL 4.19 039/244] x86/modules: Avoid breaking W^X while loading modules, Sasha Levin
[PATCH AUTOSEL 5.1 055/375] x86/modules: Avoid breaking W^X while loading modules, Sasha Levin
[PATCH AUTOSEL 5.1 048/375] x86/ftrace: Set trampoline pages as executable, Sasha Levin
[PATCH AUTOSEL 5.0 048/317] x86/modules: Avoid breaking W^X while loading modules, Sasha Levin
[PATCH AUTOSEL 5.0 041/317] x86/ftrace: Set trampoline pages as executable, Sasha Levin
[PATCH v7 00/12] x86: PIE support to extend KASLR randomization,
Thomas Garnier
- [PATCH v7 01/12] x86/crypto: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 02/12] x86: Use symbol name in jump table for PIE support, Thomas Garnier
- [PATCH v7 03/12] x86: Add macro to get symbol address for PIE support, Thomas Garnier
- [PATCH v7 04/12] x86: relocate_kernel - Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 05/12] x86/entry/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 06/12] x86: pm-trace - Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 07/12] x86/CPU: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 08/12] x86/acpi: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 09/12] x86/boot/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 10/12] x86/power/64: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 11/12] x86/paravirt: Adapt assembly for PIE support, Thomas Garnier
- [PATCH v7 12/12] x86/alternatives: Adapt assembly for PIE support, Thomas Garnier
- Re: [PATCH v7 00/12] x86: PIE support to extend KASLR randomization, Kees Cook
Re: Sparse context checking Vs Clang Thread Safety analysis,
Jann Horn
[PATCH v2 0/4] RFC: add init_on_alloc/init_on_free boot options,
Alexander Potapenko
[PATCH] gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6,
Chris Packham
[PATCH 0/4] RFC: add init_on_alloc/init_on_free boot options,
Alexander Potapenko
[PATCH v3 0/7] crypto: x86: Fix indirect function call casts,
Kees Cook
[RFC PATCH v2 0/4] x86/crypto: Fix crypto function casts,
Joao Moreira
race-free process signaling,
Solar Designer
[RFC] refactor tasklets to avoid unsigned long argument,
Allen
[ANNOUNCE][CFP] Linux Security Summit Europe 2019, Reshetova, Elena
Re: [RFC] Handle mapcount overflows, Jann Horn
[PATCH v6 00/24] x86: text_poke() fixes and executable lockdowns,
nadav . amit
- [PATCH v6 01/24] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()", nadav . amit
- [PATCH v6 02/24] x86/jump_label: Use text_poke_early() during early init, nadav . amit
- [PATCH v6 03/24] x86/mm: Introduce temporary mm structs, nadav . amit
- [PATCH v6 04/24] x86/mm: Save debug registers when loading a temporary mm, nadav . amit
- [PATCH v6 05/24] uprobes: Initialize uprobes earlier, nadav . amit
- [PATCH v6 06/24] fork: Provide a function for copying init_mm, nadav . amit
- [PATCH v6 07/24] x86/alternative: Initialize temporary mm for patching, nadav . amit
- [PATCH v6 08/24] x86/alternative: Use temporary mm for text poking, nadav . amit
- [PATCH v6 09/24] x86/kgdb: Avoid redundant comparison of patched code, nadav . amit
- [PATCH v6 10/24] x86/ftrace: Set trampoline pages as executable, nadav . amit
- [PATCH v6 11/24] x86/kprobes: Set instruction page as executable, nadav . amit
- [PATCH v6 12/24] x86/module: Avoid breaking W^X while loading modules, nadav . amit
- [PATCH v6 13/24] x86/jump-label: Remove support for custom poker, nadav . amit
- [PATCH v6 14/24] x86/alternative: Remove the return value of text_poke_*(), nadav . amit
- [PATCH v6 15/24] x86/mm/cpa: Add set_direct_map_ functions, nadav . amit
- [PATCH v6 16/24] mm: Make hibernate handle unmapped pages, nadav . amit
- [PATCH v6 17/24] vmalloc: Add flag for free of special permsissions, nadav . amit
- [PATCH v6 18/24] modules: Use vmalloc special flag, nadav . amit
- [PATCH v6 19/24] bpf: Use vmalloc special flag, nadav . amit
- [PATCH v6 20/24] x86/ftrace: Use vmalloc special flag, nadav . amit
- [PATCH v6 21/24] x86/kprobes: Use vmalloc special flag, nadav . amit
- [PATCH v6 22/24] x86/alternative: Comment about module removal races, nadav . amit
- [PATCH v6 23/24] mm/tlb: Provide default nmi_uaccess_okay(), nadav . amit
- [PATCH v6 24/24] bpf: Fail bpf_probe_write_user() while mm is switched, nadav . amit
- Re: [PATCH v6 00/24] x86: text_poke() fixes and executable lockdowns, Ingo Molnar
[Index of Archives]
[Linux Samsung SoC]
[Linux Actions SoC]
[Linux Rockchip SoC]
[Linux for Synopsys ARC Processors]
[Linux USB Devel]
[Video for Linux]
[Linux SCSI]
[Yosemite Forum]
