From: Martin Schwidefsky <schwidefsky@de.ibm.com>
To: Kees Cook <keescook@chromium.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
"Thomas Garnier" <thgarnie@google.com>,
"Greg KH" <greg@kroah.com>, "Ingo Molnar" <mingo@kernel.org>,
"Daniel Micay" <danielmicay@gmail.com>,
"Heiko Carstens" <heiko.carstens@de.ibm.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Thomas Gleixner" <tglx@linutronix.de>,
"David Howells" <dhowells@redhat.com>,
"René Nyffenegger" <mail@renenyffenegger.ch>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
"Eric W . Biederman" <ebiederm@xmission.com>,
"Oleg Nesterov" <oleg@redhat.com>,
"Pavel Tikhomirov" <ptikhomirov@virtuozzo.com>,
"Ingo Molnar" <mingo@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Rik van Riel" <riel@redhat.com>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Brian Gerst" <brgerst@gmail.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Russell King" <linux@armlinux.org.uk>,
"Will Deacon" <will.deacon@arm.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Mark Rutland" <mark.rutland@arm.com>,
"James Morse" <james.morse@arm.com>,
linux-s390 <linux-s390@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"Linux API" <linux-api@vger.kernel.org>,
"the arch/x86 maintainers" <x86@kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"Kernel Hardening" <kernel-hardening@lists.openwall.com>,
"Peter Zijlstra" <a.p.zijlstra@chello.nl>,
"Al Viro" <viro@zeniv.linux.org.uk>
Subject: Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode
Date: Fri, 12 May 2017 07:54:58 +0200 [thread overview]
Message-ID: <20170512075458.09a3a1ce@mschwideX1> (raw)
In-Reply-To: <CAGXu5j+EatK=DYONRkgovwLgytAnbG8jnAZaMSLckZFNVj3gig@mail.gmail.com>
On Thu, 11 May 2017 22:34:31 -0700
Kees Cook <keescook@chromium.org> wrote:
> On Thu, May 11, 2017 at 10:28 PM, Martin Schwidefsky
> <schwidefsky@de.ibm.com> wrote:
> > On Thu, 11 May 2017 16:44:07 -0700
> > Linus Torvalds <torvalds@linux-foundation.org> wrote:
> >
> >> On Thu, May 11, 2017 at 4:17 PM, Thomas Garnier <thgarnie@google.com> wrote:
> >> >
> >> > Ingo: Do you want the change as-is? Would you like it to be optional?
> >> > What do you think?
> >>
> >> I'm not ingo, but I don't like that patch. It's in the wrong place -
> >> that system call return code is too timing-critical to add address
> >> limit checks.
> >>
> >> Now what I think you *could* do is:
> >>
> >> - make "set_fs()" actually set a work flag in the current thread flags
> >>
> >> - do the test in the slow-path (syscall_return_slowpath).
> >>
> >> Yes, yes, that ends up being architecture-specific, but it's fairly simple.
> >>
> >> And it only slows down the system calls that actually use "set_fs()".
> >> Sure, it will slow those down a fair amount, but they are hopefully a
> >> small subset of all cases.
> >>
> >> How does that sound to people? Thats' where we currently do that
> >>
> >> if (IS_ENABLED(CONFIG_PROVE_LOCKING) &&
> >> WARN(irqs_disabled(), "syscall %ld left IRQs disabled",
> >> regs->orig_ax))
> >> local_irq_enable();
> >>
> >> check too, which is a fairly similar issue.
> >
> > This is exactly what Heiko did for the s390 backend as a result of this
> > discussion. See the _CIF_ASCE_SECONDARY bit in arch/s390/kernel/entry.S,
> > for the hot patch the check for the bit is included in the general
> > _CIF_WORK test. Only the slow patch gets a bit slower.
> >
> > git commit b5a882fcf146c87cb6b67c6df353e1c042b8773d
> > "s390: restore address space when returning to user space".
>
> If I'm understanding this, it won't catch corruption of addr_limit
> during fast-path syscalls, though (i.e. addr_limit changed without a
> call to set_fs()). :( This addr_limit corruption is mostly only a risk
> archs without THREAD_INFO_IN_TASK, but it would still be nice to catch
> unbalanced set_fs() code, so I like the idea. I like getting rid of
> addr_limit entirely even more, but that'll take some time. :)
Well for s390 there is no addr_limit as we use two separate address space
for kernel vs. user. The equivalent to the addr_limit corruption on a
fast-path syscall would be changing CR7 outside of set_fs. This boils
down to the question what we are protection against? Bad code with
unbalanced set_fs or evil code that changes addr_limit/CR7 outside of
set_fs
--
blue skies,
Martin.
"Reality continues to ruin my life." - Calvin.
WARNING: multiple messages have this Message-ID (diff)
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
To: Kees Cook <keescook@chromium.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
"Thomas Garnier" <thgarnie@google.com>,
"Greg KH" <greg@kroah.com>, "Ingo Molnar" <mingo@kernel.org>,
"Daniel Micay" <danielmicay@gmail.com>,
"Heiko Carstens" <heiko.carstens@de.ibm.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Thomas Gleixner" <tglx@linutronix.de>,
"David Howells" <dhowells@redhat.com>,
"René Nyffenegger" <mail@renenyffenegger.ch>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
"Eric W . Biederman" <ebiederm@xmission.com>,
"Oleg Nesterov" <oleg@redhat.com>,
"Pavel Tikhomirov" <ptikhomirov@virtuozzo.com>,
"Ingo Molnar" <mingo@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
"Andy Lutomirski" <luto@kernel.org>
Subject: Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode
Date: Fri, 12 May 2017 07:54:58 +0200 [thread overview]
Message-ID: <20170512075458.09a3a1ce@mschwideX1> (raw)
In-Reply-To: <CAGXu5j+EatK=DYONRkgovwLgytAnbG8jnAZaMSLckZFNVj3gig@mail.gmail.com>
On Thu, 11 May 2017 22:34:31 -0700
Kees Cook <keescook@chromium.org> wrote:
> On Thu, May 11, 2017 at 10:28 PM, Martin Schwidefsky
> <schwidefsky@de.ibm.com> wrote:
> > On Thu, 11 May 2017 16:44:07 -0700
> > Linus Torvalds <torvalds@linux-foundation.org> wrote:
> >
> >> On Thu, May 11, 2017 at 4:17 PM, Thomas Garnier <thgarnie@google.com> wrote:
> >> >
> >> > Ingo: Do you want the change as-is? Would you like it to be optional?
> >> > What do you think?
> >>
> >> I'm not ingo, but I don't like that patch. It's in the wrong place -
> >> that system call return code is too timing-critical to add address
> >> limit checks.
> >>
> >> Now what I think you *could* do is:
> >>
> >> - make "set_fs()" actually set a work flag in the current thread flags
> >>
> >> - do the test in the slow-path (syscall_return_slowpath).
> >>
> >> Yes, yes, that ends up being architecture-specific, but it's fairly simple.
> >>
> >> And it only slows down the system calls that actually use "set_fs()".
> >> Sure, it will slow those down a fair amount, but they are hopefully a
> >> small subset of all cases.
> >>
> >> How does that sound to people? Thats' where we currently do that
> >>
> >> if (IS_ENABLED(CONFIG_PROVE_LOCKING) &&
> >> WARN(irqs_disabled(), "syscall %ld left IRQs disabled",
> >> regs->orig_ax))
> >> local_irq_enable();
> >>
> >> check too, which is a fairly similar issue.
> >
> > This is exactly what Heiko did for the s390 backend as a result of this
> > discussion. See the _CIF_ASCE_SECONDARY bit in arch/s390/kernel/entry.S,
> > for the hot patch the check for the bit is included in the general
> > _CIF_WORK test. Only the slow patch gets a bit slower.
> >
> > git commit b5a882fcf146c87cb6b67c6df353e1c042b8773d
> > "s390: restore address space when returning to user space".
>
> If I'm understanding this, it won't catch corruption of addr_limit
> during fast-path syscalls, though (i.e. addr_limit changed without a
> call to set_fs()). :( This addr_limit corruption is mostly only a risk
> archs without THREAD_INFO_IN_TASK, but it would still be nice to catch
> unbalanced set_fs() code, so I like the idea. I like getting rid of
> addr_limit entirely even more, but that'll take some time. :)
Well for s390 there is no addr_limit as we use two separate address space
for kernel vs. user. The equivalent to the addr_limit corruption on a
fast-path syscall would be changing CR7 outside of set_fs. This boils
down to the question what we are protection against? Bad code with
unbalanced set_fs or evil code that changes addr_limit/CR7 outside of
set_fs
--
blue skies,
Martin.
"Reality continues to ruin my life." - Calvin.
WARNING: multiple messages have this Message-ID (diff)
From: schwidefsky@de.ibm.com (Martin Schwidefsky)
To: linux-arm-kernel@lists.infradead.org
Subject: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode
Date: Fri, 12 May 2017 07:54:58 +0200 [thread overview]
Message-ID: <20170512075458.09a3a1ce@mschwideX1> (raw)
In-Reply-To: <CAGXu5j+EatK=DYONRkgovwLgytAnbG8jnAZaMSLckZFNVj3gig@mail.gmail.com>
On Thu, 11 May 2017 22:34:31 -0700
Kees Cook <keescook@chromium.org> wrote:
> On Thu, May 11, 2017 at 10:28 PM, Martin Schwidefsky
> <schwidefsky@de.ibm.com> wrote:
> > On Thu, 11 May 2017 16:44:07 -0700
> > Linus Torvalds <torvalds@linux-foundation.org> wrote:
> >
> >> On Thu, May 11, 2017 at 4:17 PM, Thomas Garnier <thgarnie@google.com> wrote:
> >> >
> >> > Ingo: Do you want the change as-is? Would you like it to be optional?
> >> > What do you think?
> >>
> >> I'm not ingo, but I don't like that patch. It's in the wrong place -
> >> that system call return code is too timing-critical to add address
> >> limit checks.
> >>
> >> Now what I think you *could* do is:
> >>
> >> - make "set_fs()" actually set a work flag in the current thread flags
> >>
> >> - do the test in the slow-path (syscall_return_slowpath).
> >>
> >> Yes, yes, that ends up being architecture-specific, but it's fairly simple.
> >>
> >> And it only slows down the system calls that actually use "set_fs()".
> >> Sure, it will slow those down a fair amount, but they are hopefully a
> >> small subset of all cases.
> >>
> >> How does that sound to people? Thats' where we currently do that
> >>
> >> if (IS_ENABLED(CONFIG_PROVE_LOCKING) &&
> >> WARN(irqs_disabled(), "syscall %ld left IRQs disabled",
> >> regs->orig_ax))
> >> local_irq_enable();
> >>
> >> check too, which is a fairly similar issue.
> >
> > This is exactly what Heiko did for the s390 backend as a result of this
> > discussion. See the _CIF_ASCE_SECONDARY bit in arch/s390/kernel/entry.S,
> > for the hot patch the check for the bit is included in the general
> > _CIF_WORK test. Only the slow patch gets a bit slower.
> >
> > git commit b5a882fcf146c87cb6b67c6df353e1c042b8773d
> > "s390: restore address space when returning to user space".
>
> If I'm understanding this, it won't catch corruption of addr_limit
> during fast-path syscalls, though (i.e. addr_limit changed without a
> call to set_fs()). :( This addr_limit corruption is mostly only a risk
> archs without THREAD_INFO_IN_TASK, but it would still be nice to catch
> unbalanced set_fs() code, so I like the idea. I like getting rid of
> addr_limit entirely even more, but that'll take some time. :)
Well for s390 there is no addr_limit as we use two separate address space
for kernel vs. user. The equivalent to the addr_limit corruption on a
fast-path syscall would be changing CR7 outside of set_fs. This boils
down to the question what we are protection against? Bad code with
unbalanced set_fs or evil code that changes addr_limit/CR7 outside of
set_fs
--
blue skies,
Martin.
"Reality continues to ruin my life." - Calvin.
next prev parent reply other threads:[~2017-05-12 5:54 UTC|newest]
Thread overview: 282+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-28 15:32 [kernel-hardening] [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` [kernel-hardening] [PATCH v9 2/4] x86/syscalls: Optimize address limit check Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` [kernel-hardening] [PATCH v9 3/4] arm/syscalls: " Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` [kernel-hardening] [PATCH v9 4/4] arm64/syscalls: " Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-04-28 15:32 ` Thomas Garnier
2017-05-05 22:18 ` [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode Thomas Garnier
2017-05-05 22:18 ` Thomas Garnier
2017-05-05 22:18 ` Thomas Garnier
2017-05-05 22:18 ` Thomas Garnier
2017-05-08 7:33 ` [kernel-hardening] " Ingo Molnar
2017-05-08 7:33 ` Ingo Molnar
2017-05-08 7:33 ` Ingo Molnar
2017-05-08 7:33 ` Ingo Molnar
2017-05-08 7:52 ` [kernel-hardening] " Ingo Molnar
2017-05-08 7:52 ` Ingo Molnar
2017-05-08 7:52 ` Ingo Molnar
2017-05-08 7:52 ` [kernel-hardening] " Ingo Molnar
2017-05-08 7:52 ` Ingo Molnar
2017-05-08 15:22 ` [kernel-hardening] " Daniel Micay
2017-05-08 15:22 ` Daniel Micay
2017-05-08 15:22 ` Daniel Micay
2017-05-08 15:26 ` Kees Cook
2017-05-08 15:26 ` Kees Cook
2017-05-08 15:26 ` Kees Cook
2017-05-08 19:51 ` Thomas Garnier
2017-05-08 19:51 ` Thomas Garnier
2017-05-08 19:51 ` Thomas Garnier
2017-05-09 6:56 ` Ingo Molnar
2017-05-09 6:56 ` Ingo Molnar
2017-05-09 6:56 ` Ingo Molnar
2017-05-09 11:10 ` Greg KH
2017-05-09 11:10 ` Greg KH
2017-05-09 11:10 ` Greg KH
2017-05-09 14:29 ` Thomas Garnier
2017-05-09 14:29 ` Thomas Garnier
2017-05-09 14:29 ` Thomas Garnier
2017-05-11 23:17 ` Thomas Garnier
2017-05-11 23:17 ` Thomas Garnier
2017-05-11 23:17 ` Thomas Garnier
2017-05-11 23:44 ` Linus Torvalds
2017-05-11 23:44 ` Linus Torvalds
2017-05-11 23:44 ` Linus Torvalds
2017-05-12 5:28 ` Martin Schwidefsky
2017-05-12 5:28 ` Martin Schwidefsky
2017-05-12 5:28 ` Martin Schwidefsky
2017-05-12 5:34 ` Kees Cook
2017-05-12 5:34 ` Kees Cook
2017-05-12 5:34 ` Kees Cook
2017-05-12 5:54 ` Martin Schwidefsky [this message]
2017-05-12 5:54 ` Martin Schwidefsky
2017-05-12 5:54 ` Martin Schwidefsky
2017-05-12 19:01 ` Kees Cook
2017-05-12 19:01 ` Kees Cook
2017-05-12 19:01 ` Kees Cook
2017-05-12 19:08 ` Russell King - ARM Linux
2017-05-12 19:08 ` Russell King - ARM Linux
2017-05-12 19:08 ` Russell King - ARM Linux
2017-05-12 19:08 ` Linus Torvalds
2017-05-12 19:08 ` Linus Torvalds
2017-05-12 19:08 ` Linus Torvalds
2017-05-12 19:30 ` Kees Cook
2017-05-12 19:30 ` Kees Cook
2017-05-12 19:30 ` Kees Cook
2017-05-12 20:21 ` Russell King - ARM Linux
2017-05-12 20:21 ` Russell King - ARM Linux
2017-05-12 20:21 ` Russell King - ARM Linux
2017-05-12 20:30 ` Peter Zijlstra
2017-05-12 20:30 ` Peter Zijlstra
2017-05-12 20:30 ` Peter Zijlstra
2017-05-12 20:45 ` Russell King - ARM Linux
2017-05-12 20:45 ` Russell King - ARM Linux
2017-05-12 20:45 ` Russell King - ARM Linux
2017-05-12 21:00 ` Kees Cook
2017-05-12 21:00 ` Kees Cook
2017-05-12 21:00 ` Kees Cook
2017-05-12 21:04 ` Kees Cook
2017-05-12 21:04 ` Kees Cook
2017-05-12 21:04 ` Kees Cook
2017-05-13 7:21 ` Christoph Hellwig
2017-05-13 7:21 ` Christoph Hellwig
2017-05-13 7:21 ` Christoph Hellwig
2017-05-12 21:06 ` Al Viro
2017-05-12 21:06 ` Al Viro
2017-05-12 21:06 ` Al Viro
2017-05-12 21:16 ` [kernel-hardening] " Daniel Micay
2017-05-12 21:16 ` Daniel Micay
2017-05-12 21:16 ` Daniel Micay
2017-05-12 21:17 ` Kees Cook
2017-05-12 21:17 ` Kees Cook
2017-05-12 21:17 ` Kees Cook
2017-05-12 21:23 ` Daniel Micay
2017-05-12 21:23 ` Daniel Micay
2017-05-12 21:23 ` Daniel Micay
2017-05-12 21:41 ` Al Viro
2017-05-12 21:41 ` Al Viro
2017-05-12 21:41 ` Al Viro
2017-05-12 21:47 ` Rik van Riel
2017-05-12 21:47 ` Rik van Riel
2017-05-12 21:47 ` Rik van Riel
2017-05-12 22:57 ` Al Viro
2017-05-12 22:57 ` Al Viro
2017-05-12 22:57 ` Al Viro
2017-05-12 21:50 ` Kees Cook
2017-05-12 21:50 ` Kees Cook
2017-05-12 21:50 ` Kees Cook
2017-05-12 6:57 ` Ingo Molnar
2017-05-12 6:57 ` Ingo Molnar
2017-05-12 6:57 ` Ingo Molnar
2017-05-12 6:13 ` Andy Lutomirski
2017-05-12 6:13 ` Andy Lutomirski
2017-05-12 6:13 ` Andy Lutomirski
2017-05-12 6:58 ` Ingo Molnar
2017-05-12 6:58 ` Ingo Molnar
2017-05-12 6:58 ` Ingo Molnar
2017-05-12 17:05 ` Thomas Garnier
2017-05-12 17:05 ` Thomas Garnier
2017-05-12 17:05 ` Thomas Garnier
2017-05-09 16:30 ` [kernel-hardening] " Kees Cook
2017-05-09 16:30 ` Kees Cook
2017-05-09 16:30 ` Kees Cook
2017-05-08 12:46 ` Greg KH
2017-05-08 12:46 ` Greg KH
2017-05-08 12:46 ` Greg KH
2017-05-09 6:45 ` Ingo Molnar
2017-05-09 6:45 ` Ingo Molnar
2017-05-09 6:45 ` Ingo Molnar
2017-05-09 8:56 ` Christoph Hellwig
2017-05-09 8:56 ` Christoph Hellwig
2017-05-09 8:56 ` Christoph Hellwig
2017-05-09 13:00 ` Andy Lutomirski
2017-05-09 13:00 ` Andy Lutomirski
2017-05-09 13:00 ` Andy Lutomirski
2017-05-09 13:02 ` [kernel-hardening] " Christoph Hellwig
2017-05-09 13:02 ` Christoph Hellwig
2017-05-09 13:02 ` Christoph Hellwig
2017-05-09 16:03 ` Christoph Hellwig
2017-05-09 16:03 ` Christoph Hellwig
2017-05-09 16:03 ` Christoph Hellwig
2017-05-09 16:50 ` Kees Cook
2017-05-09 16:50 ` Kees Cook
2017-05-09 16:50 ` Kees Cook
2017-05-09 22:52 ` Andy Lutomirski
2017-05-09 22:52 ` Andy Lutomirski
2017-05-09 22:52 ` Andy Lutomirski
2017-05-09 23:31 ` Kees Cook
2017-05-09 23:31 ` Kees Cook
2017-05-09 23:31 ` Kees Cook
2017-05-10 1:59 ` Andy Lutomirski
2017-05-10 1:59 ` Andy Lutomirski
2017-05-10 1:59 ` Andy Lutomirski
2017-05-10 7:15 ` Christoph Hellwig
2017-05-10 7:15 ` Christoph Hellwig
2017-05-10 7:15 ` Christoph Hellwig
2017-05-11 11:22 ` Borislav Petkov
2017-05-11 11:22 ` Borislav Petkov
2017-05-11 11:22 ` Borislav Petkov
2017-05-10 6:46 ` Christoph Hellwig
2017-05-10 6:46 ` Christoph Hellwig
2017-05-10 6:46 ` Christoph Hellwig
2017-05-10 2:11 ` Al Viro
2017-05-10 2:11 ` Al Viro
2017-05-10 2:11 ` Al Viro
2017-05-10 2:45 ` Al Viro
2017-05-10 2:45 ` Al Viro
2017-05-10 2:45 ` Al Viro
2017-05-10 3:12 ` Al Viro
2017-05-10 3:12 ` Al Viro
2017-05-10 3:12 ` Al Viro
2017-05-10 3:21 ` Al Viro
2017-05-10 3:21 ` Al Viro
2017-05-10 3:21 ` Al Viro
2017-05-10 3:39 ` Al Viro
2017-05-10 3:39 ` Al Viro
2017-05-10 3:39 ` Al Viro
2017-05-10 6:54 ` Christoph Hellwig
2017-05-10 6:54 ` Christoph Hellwig
2017-05-10 6:54 ` Christoph Hellwig
2017-05-10 6:53 ` Christoph Hellwig
2017-05-10 6:53 ` Christoph Hellwig
2017-05-10 6:53 ` Christoph Hellwig
2017-05-10 7:27 ` Al Viro
2017-05-10 7:27 ` Al Viro
2017-05-10 7:27 ` Al Viro
2017-05-10 7:35 ` Christoph Hellwig
2017-05-10 7:35 ` Christoph Hellwig
2017-05-10 7:35 ` Christoph Hellwig
2017-05-10 6:49 ` Christoph Hellwig
2017-05-10 6:49 ` Christoph Hellwig
2017-05-10 6:49 ` Christoph Hellwig
2017-05-10 7:28 ` Arnd Bergmann
2017-05-10 7:28 ` Arnd Bergmann
2017-05-10 7:28 ` Arnd Bergmann
2017-05-10 7:35 ` Christoph Hellwig
2017-05-10 7:35 ` Christoph Hellwig
2017-05-10 7:35 ` Christoph Hellwig
2017-05-09 16:05 ` Brian Gerst
2017-05-09 16:05 ` Brian Gerst
2017-05-09 16:05 ` Brian Gerst
2017-05-10 7:37 ` [kernel-hardening] " Arnd Bergmann
2017-05-10 7:37 ` Arnd Bergmann
2017-05-10 7:37 ` Arnd Bergmann
2017-05-10 8:08 ` Al Viro
2017-05-10 8:08 ` Al Viro
2017-05-10 8:08 ` Al Viro
2017-05-10 8:14 ` Christoph Hellwig
2017-05-10 8:14 ` Christoph Hellwig
2017-05-10 8:14 ` Christoph Hellwig
2017-05-11 0:18 ` Andy Lutomirski
2017-05-11 0:18 ` Andy Lutomirski
2017-05-11 0:18 ` Andy Lutomirski
2017-05-12 7:00 ` Ingo Molnar
2017-05-12 7:00 ` Ingo Molnar
2017-05-12 7:00 ` Ingo Molnar
2017-05-12 7:15 ` Al Viro
2017-05-12 7:15 ` Al Viro
2017-05-12 7:15 ` Al Viro
2017-05-12 7:35 ` Christoph Hellwig
2017-05-12 7:35 ` Christoph Hellwig
2017-05-12 7:35 ` Christoph Hellwig
2017-05-12 8:07 ` Christoph Hellwig
2017-05-12 8:07 ` Christoph Hellwig
2017-05-12 8:07 ` Christoph Hellwig
2017-05-12 8:23 ` Greg KH
2017-05-12 8:23 ` Greg KH
2017-05-12 8:23 ` Greg KH
2017-05-12 7:43 ` [kernel-hardening] " Arnd Bergmann
2017-05-12 7:43 ` Arnd Bergmann
2017-05-12 7:43 ` Arnd Bergmann
2017-05-12 8:11 ` Christoph Hellwig
2017-05-12 8:11 ` Christoph Hellwig
2017-05-12 8:11 ` Christoph Hellwig
2017-05-12 8:16 ` Al Viro
2017-05-12 8:16 ` Al Viro
2017-05-12 8:16 ` Al Viro
2017-05-12 8:11 ` Al Viro
2017-05-12 8:11 ` Al Viro
2017-05-12 8:11 ` Al Viro
2017-05-12 8:20 ` Arnd Bergmann
2017-05-12 8:20 ` Arnd Bergmann
2017-05-12 8:20 ` Arnd Bergmann
2017-05-12 23:20 ` Andy Lutomirski
2017-05-12 23:20 ` Andy Lutomirski
2017-05-12 23:20 ` Andy Lutomirski
2017-05-08 13:09 ` Kees Cook
2017-05-08 13:09 ` Kees Cook
2017-05-08 13:09 ` Kees Cook
2017-05-08 13:09 ` Kees Cook
2017-05-08 14:02 ` [kernel-hardening] " Ingo Molnar
2017-05-08 14:02 ` Ingo Molnar
2017-05-08 14:02 ` Ingo Molnar
2017-05-08 14:02 ` Ingo Molnar
2017-05-08 14:06 ` [kernel-hardening] " Jann Horn
2017-05-08 14:06 ` Jann Horn
2017-05-08 14:06 ` Jann Horn
2017-05-08 14:06 ` Jann Horn
2017-05-08 20:48 ` [kernel-hardening] " Al Viro
2017-05-08 20:48 ` Al Viro
2017-05-08 20:48 ` Al Viro
2017-05-08 20:48 ` Al Viro
2017-05-12 23:15 ` [kernel-hardening] " Andy Lutomirski
2017-05-12 23:15 ` Andy Lutomirski
2017-05-12 23:15 ` Andy Lutomirski
2017-05-12 23:15 ` Andy Lutomirski
2017-05-08 15:24 ` [kernel-hardening] " Kees Cook
2017-05-08 15:24 ` Kees Cook
2017-05-08 15:24 ` Kees Cook
2017-05-08 15:24 ` Kees Cook
2017-05-09 6:34 ` [kernel-hardening] " Ingo Molnar
2017-05-09 6:34 ` Ingo Molnar
2017-05-09 6:34 ` Ingo Molnar
2017-05-09 6:34 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170512075458.09a3a1ce@mschwideX1 \
--to=schwidefsky@de.ibm.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=danielmicay@gmail.com \
--cc=dave.hansen@intel.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=greg@kroah.com \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=luto@kernel.org \
--cc=mail@renenyffenegger.ch \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=pbonzini@redhat.com \
--cc=ptikhomirov@virtuozzo.com \
--cc=riel@redhat.com \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.