From: Laura Abbott <laura@labbott.name>
To: Kees Cook <keescook@chromium.org>
Cc: Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: [kernel-hardening] Re: [RFC][PATCH 5/7] mm: Mark several cases as SLAB_NO_SANITIZE
Date: Tue, 5 Jan 2016 18:11:17 -0800 [thread overview]
Message-ID: <568C77C5.2090003@labbott.name> (raw)
In-Reply-To: <CAGXu5jLF8WTQDEh+-M7_8pZUCEG0FVw1e1PS7Ew4EBy+hXdD_w@mail.gmail.com>
On 1/5/16 4:21 PM, Kees Cook wrote:
> On Mon, Dec 21, 2015 at 7:40 PM, Laura Abbott <laura@labbott.name> wrote:
>>
>> Sanitization is useful for security but comes at the cost of performance
>> in clearing on free. Mark select caches as SLAB_NO_SANITIZE so
>> sanitization will not happen under the default configuration. The
>
> Can you describe why these were selected?
>
These were the cases that existed in grsecurity. From looking, these seem
to be performance critical caches that have a relatively lower risk. I'll
adjust the commit text.
>> kernel may be booted with the proper command line option to allow these
>> caches to be sanitized.
>
> Might be good to specifically mention the command line used to
> sanitize even these caches.
Sure.
>
> -Kees
Thanks,
Laura
>
>>
>> All credit for the original work should be given to Brad Spengler and
>> the PaX Team.
>>
>> Signed-off-by: Laura Abbott <laura@labbott.name>
>> ---
>> This is the initial set of excludes that the grsecurity patches had.
>> More may need to be added/removed as the series is tested.
>> ---
>> fs/buffer.c | 2 +-
>> fs/dcache.c | 2 +-
>> kernel/fork.c | 2 +-
>> mm/rmap.c | 4 ++--
>> mm/slab.h | 2 +-
>> net/core/skbuff.c | 16 ++++++++--------
>> 6 files changed, 14 insertions(+), 14 deletions(-)
>>
>> diff --git a/fs/buffer.c b/fs/buffer.c
>> index 4f4cd95..f19e4ab 100644
>> --- a/fs/buffer.c
>> +++ b/fs/buffer.c
>> @@ -3417,7 +3417,7 @@ void __init buffer_init(void)
>> bh_cachep = kmem_cache_create("buffer_head",
>> sizeof(struct buffer_head), 0,
>> (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
>> - SLAB_MEM_SPREAD),
>> + SLAB_MEM_SPREAD|SLAB_NO_SANITIZE),
>> NULL);
>>
>> /*
>> diff --git a/fs/dcache.c b/fs/dcache.c
>> index 5c33aeb..470f6be 100644
>> --- a/fs/dcache.c
>> +++ b/fs/dcache.c
>> @@ -3451,7 +3451,7 @@ void __init vfs_caches_init_early(void)
>> void __init vfs_caches_init(void)
>> {
>> names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
>> + SLAB_NO_SANITIZE|SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
>>
>> dcache_init();
>> inode_init();
>> diff --git a/kernel/fork.c b/kernel/fork.c
>> index fce002e..35db9c3 100644
>> --- a/kernel/fork.c
>> +++ b/kernel/fork.c
>> @@ -1868,7 +1868,7 @@ void __init proc_caches_init(void)
>> mm_cachep = kmem_cache_create("mm_struct",
>> sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
>> SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
>> - vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC);
>> + vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_NO_SANITIZE);
>> mmap_init();
>> nsproxy_cache_init();
>> }
>> diff --git a/mm/rmap.c b/mm/rmap.c
>> index b577fbb..74296d9 100644
>> --- a/mm/rmap.c
>> +++ b/mm/rmap.c
>> @@ -428,8 +428,8 @@ static void anon_vma_ctor(void *data)
>> void __init anon_vma_init(void)
>> {
>> anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
>> - 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC, anon_vma_ctor);
>> - anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC);
>> + 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC|SLAB_NO_SANITIZE, anon_vma_ctor);
>> + anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC|SLAB_NO_SANITIZE);
>> }
>>
>> /*
>> diff --git a/mm/slab.h b/mm/slab.h
>> index b54b636..6de99da 100644
>> --- a/mm/slab.h
>> +++ b/mm/slab.h
>> @@ -137,7 +137,7 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size,
>>
>> /* Legal flag mask for kmem_cache_create(), for various configurations */
>> #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
>> - SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS )
>> + SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_NO_SANITIZE)
>>
>> #if defined(CONFIG_DEBUG_SLAB)
>> #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
>> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
>> index b2df375..1d499ea 100644
>> --- a/net/core/skbuff.c
>> +++ b/net/core/skbuff.c
>> @@ -3316,15 +3316,15 @@ done:
>> void __init skb_init(void)
>> {
>> skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
>> - sizeof(struct sk_buff),
>> - 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
>> - NULL);
>> + sizeof(struct sk_buff),
>> + 0,
>> + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE,
>> + NULL);
>> skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
>> - sizeof(struct sk_buff_fclones),
>> - 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
>> - NULL);
>> + sizeof(struct sk_buff_fclones),
>> + 0,
>> + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE,
>> + NULL);
>> }
>>
>> /**
>> --
>> 2.5.0
>>
>
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Laura Abbott <laura@labbott.name>
To: Kees Cook <keescook@chromium.org>
Cc: Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [RFC][PATCH 5/7] mm: Mark several cases as SLAB_NO_SANITIZE
Date: Tue, 5 Jan 2016 18:11:17 -0800 [thread overview]
Message-ID: <568C77C5.2090003@labbott.name> (raw)
In-Reply-To: <CAGXu5jLF8WTQDEh+-M7_8pZUCEG0FVw1e1PS7Ew4EBy+hXdD_w@mail.gmail.com>
On 1/5/16 4:21 PM, Kees Cook wrote:
> On Mon, Dec 21, 2015 at 7:40 PM, Laura Abbott <laura@labbott.name> wrote:
>>
>> Sanitization is useful for security but comes at the cost of performance
>> in clearing on free. Mark select caches as SLAB_NO_SANITIZE so
>> sanitization will not happen under the default configuration. The
>
> Can you describe why these were selected?
>
These were the cases that existed in grsecurity. From looking, these seem
to be performance critical caches that have a relatively lower risk. I'll
adjust the commit text.
>> kernel may be booted with the proper command line option to allow these
>> caches to be sanitized.
>
> Might be good to specifically mention the command line used to
> sanitize even these caches.
Sure.
>
> -Kees
Thanks,
Laura
>
>>
>> All credit for the original work should be given to Brad Spengler and
>> the PaX Team.
>>
>> Signed-off-by: Laura Abbott <laura@labbott.name>
>> ---
>> This is the initial set of excludes that the grsecurity patches had.
>> More may need to be added/removed as the series is tested.
>> ---
>> fs/buffer.c | 2 +-
>> fs/dcache.c | 2 +-
>> kernel/fork.c | 2 +-
>> mm/rmap.c | 4 ++--
>> mm/slab.h | 2 +-
>> net/core/skbuff.c | 16 ++++++++--------
>> 6 files changed, 14 insertions(+), 14 deletions(-)
>>
>> diff --git a/fs/buffer.c b/fs/buffer.c
>> index 4f4cd95..f19e4ab 100644
>> --- a/fs/buffer.c
>> +++ b/fs/buffer.c
>> @@ -3417,7 +3417,7 @@ void __init buffer_init(void)
>> bh_cachep = kmem_cache_create("buffer_head",
>> sizeof(struct buffer_head), 0,
>> (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
>> - SLAB_MEM_SPREAD),
>> + SLAB_MEM_SPREAD|SLAB_NO_SANITIZE),
>> NULL);
>>
>> /*
>> diff --git a/fs/dcache.c b/fs/dcache.c
>> index 5c33aeb..470f6be 100644
>> --- a/fs/dcache.c
>> +++ b/fs/dcache.c
>> @@ -3451,7 +3451,7 @@ void __init vfs_caches_init_early(void)
>> void __init vfs_caches_init(void)
>> {
>> names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
>> + SLAB_NO_SANITIZE|SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
>>
>> dcache_init();
>> inode_init();
>> diff --git a/kernel/fork.c b/kernel/fork.c
>> index fce002e..35db9c3 100644
>> --- a/kernel/fork.c
>> +++ b/kernel/fork.c
>> @@ -1868,7 +1868,7 @@ void __init proc_caches_init(void)
>> mm_cachep = kmem_cache_create("mm_struct",
>> sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
>> SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
>> - vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC);
>> + vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_NO_SANITIZE);
>> mmap_init();
>> nsproxy_cache_init();
>> }
>> diff --git a/mm/rmap.c b/mm/rmap.c
>> index b577fbb..74296d9 100644
>> --- a/mm/rmap.c
>> +++ b/mm/rmap.c
>> @@ -428,8 +428,8 @@ static void anon_vma_ctor(void *data)
>> void __init anon_vma_init(void)
>> {
>> anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
>> - 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC, anon_vma_ctor);
>> - anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC);
>> + 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC|SLAB_NO_SANITIZE, anon_vma_ctor);
>> + anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC|SLAB_NO_SANITIZE);
>> }
>>
>> /*
>> diff --git a/mm/slab.h b/mm/slab.h
>> index b54b636..6de99da 100644
>> --- a/mm/slab.h
>> +++ b/mm/slab.h
>> @@ -137,7 +137,7 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size,
>>
>> /* Legal flag mask for kmem_cache_create(), for various configurations */
>> #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
>> - SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS )
>> + SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_NO_SANITIZE)
>>
>> #if defined(CONFIG_DEBUG_SLAB)
>> #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
>> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
>> index b2df375..1d499ea 100644
>> --- a/net/core/skbuff.c
>> +++ b/net/core/skbuff.c
>> @@ -3316,15 +3316,15 @@ done:
>> void __init skb_init(void)
>> {
>> skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
>> - sizeof(struct sk_buff),
>> - 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
>> - NULL);
>> + sizeof(struct sk_buff),
>> + 0,
>> + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE,
>> + NULL);
>> skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
>> - sizeof(struct sk_buff_fclones),
>> - 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
>> - NULL);
>> + sizeof(struct sk_buff_fclones),
>> + 0,
>> + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE,
>> + NULL);
>> }
>>
>> /**
>> --
>> 2.5.0
>>
>
>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Laura Abbott <laura@labbott.name>
To: Kees Cook <keescook@chromium.org>
Cc: Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [RFC][PATCH 5/7] mm: Mark several cases as SLAB_NO_SANITIZE
Date: Tue, 5 Jan 2016 18:11:17 -0800 [thread overview]
Message-ID: <568C77C5.2090003@labbott.name> (raw)
In-Reply-To: <CAGXu5jLF8WTQDEh+-M7_8pZUCEG0FVw1e1PS7Ew4EBy+hXdD_w@mail.gmail.com>
On 1/5/16 4:21 PM, Kees Cook wrote:
> On Mon, Dec 21, 2015 at 7:40 PM, Laura Abbott <laura@labbott.name> wrote:
>>
>> Sanitization is useful for security but comes at the cost of performance
>> in clearing on free. Mark select caches as SLAB_NO_SANITIZE so
>> sanitization will not happen under the default configuration. The
>
> Can you describe why these were selected?
>
These were the cases that existed in grsecurity. From looking, these seem
to be performance critical caches that have a relatively lower risk. I'll
adjust the commit text.
>> kernel may be booted with the proper command line option to allow these
>> caches to be sanitized.
>
> Might be good to specifically mention the command line used to
> sanitize even these caches.
Sure.
>
> -Kees
Thanks,
Laura
>
>>
>> All credit for the original work should be given to Brad Spengler and
>> the PaX Team.
>>
>> Signed-off-by: Laura Abbott <laura@labbott.name>
>> ---
>> This is the initial set of excludes that the grsecurity patches had.
>> More may need to be added/removed as the series is tested.
>> ---
>> fs/buffer.c | 2 +-
>> fs/dcache.c | 2 +-
>> kernel/fork.c | 2 +-
>> mm/rmap.c | 4 ++--
>> mm/slab.h | 2 +-
>> net/core/skbuff.c | 16 ++++++++--------
>> 6 files changed, 14 insertions(+), 14 deletions(-)
>>
>> diff --git a/fs/buffer.c b/fs/buffer.c
>> index 4f4cd95..f19e4ab 100644
>> --- a/fs/buffer.c
>> +++ b/fs/buffer.c
>> @@ -3417,7 +3417,7 @@ void __init buffer_init(void)
>> bh_cachep = kmem_cache_create("buffer_head",
>> sizeof(struct buffer_head), 0,
>> (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
>> - SLAB_MEM_SPREAD),
>> + SLAB_MEM_SPREAD|SLAB_NO_SANITIZE),
>> NULL);
>>
>> /*
>> diff --git a/fs/dcache.c b/fs/dcache.c
>> index 5c33aeb..470f6be 100644
>> --- a/fs/dcache.c
>> +++ b/fs/dcache.c
>> @@ -3451,7 +3451,7 @@ void __init vfs_caches_init_early(void)
>> void __init vfs_caches_init(void)
>> {
>> names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
>> + SLAB_NO_SANITIZE|SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
>>
>> dcache_init();
>> inode_init();
>> diff --git a/kernel/fork.c b/kernel/fork.c
>> index fce002e..35db9c3 100644
>> --- a/kernel/fork.c
>> +++ b/kernel/fork.c
>> @@ -1868,7 +1868,7 @@ void __init proc_caches_init(void)
>> mm_cachep = kmem_cache_create("mm_struct",
>> sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
>> SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
>> - vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC);
>> + vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_NO_SANITIZE);
>> mmap_init();
>> nsproxy_cache_init();
>> }
>> diff --git a/mm/rmap.c b/mm/rmap.c
>> index b577fbb..74296d9 100644
>> --- a/mm/rmap.c
>> +++ b/mm/rmap.c
>> @@ -428,8 +428,8 @@ static void anon_vma_ctor(void *data)
>> void __init anon_vma_init(void)
>> {
>> anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
>> - 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC, anon_vma_ctor);
>> - anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC);
>> + 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC|SLAB_NO_SANITIZE, anon_vma_ctor);
>> + anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC|SLAB_NO_SANITIZE);
>> }
>>
>> /*
>> diff --git a/mm/slab.h b/mm/slab.h
>> index b54b636..6de99da 100644
>> --- a/mm/slab.h
>> +++ b/mm/slab.h
>> @@ -137,7 +137,7 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size,
>>
>> /* Legal flag mask for kmem_cache_create(), for various configurations */
>> #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
>> - SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS )
>> + SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_NO_SANITIZE)
>>
>> #if defined(CONFIG_DEBUG_SLAB)
>> #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
>> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
>> index b2df375..1d499ea 100644
>> --- a/net/core/skbuff.c
>> +++ b/net/core/skbuff.c
>> @@ -3316,15 +3316,15 @@ done:
>> void __init skb_init(void)
>> {
>> skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
>> - sizeof(struct sk_buff),
>> - 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
>> - NULL);
>> + sizeof(struct sk_buff),
>> + 0,
>> + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE,
>> + NULL);
>> skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
>> - sizeof(struct sk_buff_fclones),
>> - 0,
>> - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
>> - NULL);
>> + sizeof(struct sk_buff_fclones),
>> + 0,
>> + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE,
>> + NULL);
>> }
>>
>> /**
>> --
>> 2.5.0
>>
>
>
>
next prev parent reply other threads:[~2016-01-06 2:11 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-22 3:40 [kernel-hardening] [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 1/7] mm/slab_common.c: Add common support for slab saniziation Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 20:48 ` [kernel-hardening] " Vlastimil Babka
2015-12-22 20:48 ` Vlastimil Babka
2015-12-22 20:48 ` Vlastimil Babka
2016-01-06 0:17 ` [kernel-hardening] " Kees Cook
2016-01-06 0:17 ` Kees Cook
2016-01-06 0:17 ` Kees Cook
2016-01-06 2:06 ` [kernel-hardening] " Laura Abbott
2016-01-06 2:06 ` Laura Abbott
2016-01-06 2:06 ` Laura Abbott
2016-01-06 0:19 ` [kernel-hardening] " Kees Cook
2016-01-06 0:19 ` Kees Cook
2016-01-06 0:19 ` Kees Cook
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 2/7] slub: Add support for sanitization Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 3/7] slab: " Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 4/7] slob: " Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 5/7] mm: Mark several cases as SLAB_NO_SANITIZE Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2016-01-06 0:21 ` [kernel-hardening] " Kees Cook
2016-01-06 0:21 ` Kees Cook
2016-01-06 0:21 ` Kees Cook
2016-01-06 2:11 ` Laura Abbott [this message]
2016-01-06 2:11 ` Laura Abbott
2016-01-06 2:11 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 9:33 ` [kernel-hardening] " Mathias Krause
2015-12-22 9:33 ` Mathias Krause
2015-12-22 17:51 ` Laura Abbott
2015-12-22 17:51 ` Laura Abbott
2015-12-22 18:37 ` Mathias Krause
2015-12-22 18:37 ` Mathias Krause
2015-12-22 19:18 ` Laura Abbott
2015-12-22 19:18 ` Laura Abbott
2015-12-22 20:01 ` Christoph Lameter
2015-12-22 20:01 ` Christoph Lameter
2015-12-22 20:06 ` Mathias Krause
2015-12-22 20:06 ` Mathias Krause
2015-12-22 14:57 ` Dave Hansen
2015-12-22 14:57 ` Dave Hansen
2015-12-22 16:25 ` Christoph Lameter
2015-12-22 16:25 ` Christoph Lameter
2015-12-22 17:22 ` Dave Hansen
2015-12-22 17:24 ` Christoph Lameter
2015-12-22 17:28 ` Dave Hansen
2015-12-22 17:28 ` Dave Hansen
2015-12-22 18:08 ` Christoph Lameter
2015-12-22 18:08 ` Christoph Lameter
2015-12-22 18:19 ` Dave Hansen
2015-12-22 18:19 ` Dave Hansen
2015-12-22 19:13 ` Laura Abbott
2015-12-22 19:13 ` Laura Abbott
2015-12-22 19:32 ` Dave Hansen
2015-12-22 19:32 ` Dave Hansen
2016-01-06 0:29 ` Kees Cook
2016-01-06 0:29 ` Kees Cook
2016-01-06 2:46 ` Laura Abbott
2016-01-06 2:46 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 7/7] lkdtm: Add READ_AFTER_FREE test Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2016-01-06 0:15 ` [kernel-hardening] " Kees Cook
2016-01-06 0:15 ` Kees Cook
2016-01-06 0:15 ` Kees Cook
2016-01-06 2:49 ` [kernel-hardening] " Laura Abbott
2016-01-06 2:49 ` Laura Abbott
2016-01-06 2:49 ` Laura Abbott
2015-12-22 16:08 ` [kernel-hardening] Re: [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX Christoph Lameter
2015-12-22 16:08 ` Christoph Lameter
2015-12-22 16:08 ` Christoph Lameter
2015-12-22 16:15 ` [kernel-hardening] " Dave Hansen
2015-12-22 16:15 ` Dave Hansen
2015-12-22 16:38 ` Daniel Micay
2015-12-22 20:04 ` Laura Abbott
2015-12-22 20:04 ` Laura Abbott
2015-12-22 20:04 ` Laura Abbott
2016-01-06 0:09 ` [kernel-hardening] " Kees Cook
2016-01-06 0:09 ` Kees Cook
2016-01-06 0:09 ` Kees Cook
2016-01-06 3:17 ` [kernel-hardening] " Laura Abbott
2016-01-06 3:17 ` Laura Abbott
2016-01-06 3:17 ` Laura Abbott
2016-01-07 16:26 ` [kernel-hardening] " Christoph Lameter
2016-01-07 16:26 ` Christoph Lameter
2016-01-07 16:26 ` Christoph Lameter
2016-01-08 1:23 ` [kernel-hardening] " Laura Abbott
2016-01-08 1:23 ` Laura Abbott
2016-01-08 1:23 ` Laura Abbott
2016-01-08 14:07 ` [kernel-hardening] " Christoph Lameter
2016-01-08 14:07 ` Christoph Lameter
2016-01-08 14:07 ` Christoph Lameter
2016-01-14 3:49 ` [kernel-hardening] " Laura Abbott
2016-01-14 3:49 ` Laura Abbott
2016-01-14 3:49 ` Laura Abbott
2016-01-21 3:35 ` [kernel-hardening] " Laura Abbott
2016-01-21 3:35 ` Laura Abbott
2016-01-21 3:35 ` Laura Abbott
2016-01-21 15:39 ` [kernel-hardening] " Christoph Lameter
2016-01-21 15:39 ` Christoph Lameter
2016-01-21 15:39 ` Christoph Lameter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=568C77C5.2090003@labbott.name \
--to=laura@labbott.name \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.