From: Thomas Garnier <thgarnie@google.com> To: "Herbert Xu" <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net>, "Thomas Gleixner" <tglx@linutronix.de>, "Ingo Molnar" <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, "Peter Zijlstra" <peterz@infradead.org>, "Josh Poimboeuf" <jpoimboe@redhat.com>, "Arnd Bergmann" <arnd@arndb.de>, "Thomas Garnier" <thgarnie@google.com>, "Matthias Kaehlcke" <mka@chromium.org>, "Boris Ostrovsky" <boris.ostrovsky@oracle.com>, "Juergen Gross" <jgross@suse.com>, "Paolo Bonzini" <pbonzini@redhat.com>, "Radim Krčmář" <rkrcmar@redhat.com>, "Joerg Roedel" <joro@8bytes.org>, "Tom Lendacky" <thomas.lendacky@amd.com>, "Andy Lutomirski" <luto@kernel.org>, "Borislav Petkov" <bp@suse.de>, "Brian Gerst" <brgerst@gmail.com>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, "Len Brown" <len.brown@intel.com> Cc: x86@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org, linux-arch@vger.kernel.org, linux-sparse@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: x86: PIE support and option to extend KASLR randomization Date: Thu, 10 Aug 2017 10:25:52 -0700 [thread overview] Message-ID: <20170810172615.51965-1-thgarnie@google.com> (raw) Changes: - v2: - Add support for global stack cookie while compiler default to fs without mcmodel=kernel - Change patch 7 to correctly jump out of the identity mapping on kexec load preserve. These patches make the changes necessary to build the kernel as Position Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below the top 2G of the virtual address space. It allows to optionally extend the KASLR randomization range from 1G to 3G. Thanks a lot to Ard Biesheuvel & Kees Cook on their feedback on compiler changes, PIE support and KASLR in general. The patches: - 1-3, 5-15: Change in assembly code to be PIE compliant. - 4: Add a new _ASM_GET_PTR macro to fetch a symbol address generically. - 16: Adapt percpu design to work correctly when PIE is enabled. - 17: Provide an option to default visibility to hidden except for key symbols. It removes errors between compilation units. - 18: Adapt relocation tool to handle PIE binary correctly. - 19: Add support for global cookie - 20: Add the CONFIG_X86_PIE option (off by default) - 21: Adapt relocation tool to generate a 64-bit relocation table. - 22: Add options to build modules as mcmodel=large and dynamically create a PLT for relative references out of range (adapted from arm64). - 23: Add the CONFIG_RANDOMIZE_BASE_LARGE option to increase relocation range from 1G to 3G (off by default). Performance/Size impact: Hackbench (50% and 1600% loads): - PIE disabled: no significant change (-0.50% / +0.50%) - PIE enabled: 7% to 8% on half load, 10% on heavy load. These results are aligned with the different research on user-mode PIE impact on cpu intensive benchmarks (around 10% on x86_64). slab_test (average of 10 runs): - PIE disabled: no significant change (-1% / +1%) - PIE enabled: 3% to 4% Kernbench (average of 10 Half and Optimal runs): Elapsed Time: - PIE disabled: no significant change (-0.22% / +0.06%) - PIE enabled: around 0.50% System Time: - PIE disabled: no significant change (-0.99% / -1.28%) - PIE enabled: 5% to 6% Size of vmlinux (Ubuntu configuration): File size: - PIE disabled: 472928672 bytes (-0.000169% from baseline) - PIE enabled: 216878461 bytes (-54.14% from baseline) .text sections: - PIE disabled: 9373572 bytes (+0.04% from baseline) - PIE enabled: 9499138 bytes (+1.38% from baseline) The big decrease in vmlinux file size is due to the lower number of relocations appended to the file. diffstat: arch/x86/Kconfig | 42 +++++ arch/x86/Makefile | 28 +++ arch/x86/boot/boot.h | 2 arch/x86/boot/compressed/Makefile | 5 arch/x86/boot/compressed/misc.c | 10 + arch/x86/crypto/aes-x86_64-asm_64.S | 45 +++--- arch/x86/crypto/aesni-intel_asm.S | 14 + arch/x86/crypto/aesni-intel_avx-x86_64.S | 6 arch/x86/crypto/camellia-aesni-avx-asm_64.S | 42 ++--- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 44 +++--- arch/x86/crypto/camellia-x86_64-asm_64.S | 8 - arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 50 +++--- arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 44 +++--- arch/x86/crypto/des3_ede-asm_64.S | 96 ++++++++----- arch/x86/crypto/ghash-clmulni-intel_asm.S | 4 arch/x86/crypto/glue_helper-asm-avx.S | 4 arch/x86/crypto/glue_helper-asm-avx2.S | 6 arch/x86/entry/entry_32.S | 3 arch/x86/entry/entry_64.S | 29 ++- arch/x86/include/asm/asm.h | 13 + arch/x86/include/asm/bug.h | 2 arch/x86/include/asm/jump_label.h | 8 - arch/x86/include/asm/kvm_host.h | 6 arch/x86/include/asm/module.h | 17 ++ arch/x86/include/asm/page_64_types.h | 9 + arch/x86/include/asm/paravirt_types.h | 12 + arch/x86/include/asm/percpu.h | 25 ++- arch/x86/include/asm/pm-trace.h | 2 arch/x86/include/asm/processor.h | 11 - arch/x86/include/asm/setup.h | 2 arch/x86/include/asm/stackprotector.h | 19 +- arch/x86/kernel/Makefile | 2 arch/x86/kernel/acpi/wakeup_64.S | 31 ++-- arch/x86/kernel/asm-offsets.c | 3 arch/x86/kernel/asm-offsets_32.c | 3 arch/x86/kernel/asm-offsets_64.c | 3 arch/x86/kernel/cpu/common.c | 7 arch/x86/kernel/head64.c | 30 +++- arch/x86/kernel/head_32.S | 3 arch/x86/kernel/head_64.S | 46 +++++- arch/x86/kernel/kvm.c | 6 arch/x86/kernel/module-plts.c | 198 +++++++++++++++++++++++++++ arch/x86/kernel/module.c | 18 +- arch/x86/kernel/module.lds | 4 arch/x86/kernel/process.c | 5 arch/x86/kernel/relocate_kernel_64.S | 8 - arch/x86/kernel/setup_percpu.c | 2 arch/x86/kernel/vmlinux.lds.S | 13 + arch/x86/kvm/svm.c | 4 arch/x86/lib/cmpxchg16b_emu.S | 8 - arch/x86/power/hibernate_asm_64.S | 4 arch/x86/tools/relocs.c | 134 +++++++++++++++--- arch/x86/tools/relocs.h | 4 arch/x86/tools/relocs_common.c | 15 +- arch/x86/xen/xen-asm.S | 12 - arch/x86/xen/xen-asm.h | 3 arch/x86/xen/xen-head.S | 9 - include/asm-generic/sections.h | 6 include/linux/compiler.h | 8 + init/Kconfig | 9 + kernel/kallsyms.c | 16 +- 61 files changed, 923 insertions(+), 299 deletions(-)
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Garnier <thgarnie@google.com> To: "Herbert Xu" <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net>, "Thomas Gleixner" <tglx@linutronix.de>, "Ingo Molnar" <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, "Peter Zijlstra" <peterz@infradead.org>, "Josh Poimboeuf" <jpoimboe@redhat.com>, "Arnd Bergmann" <arnd@arndb.de>, "Thomas Garnier" <thgarnie@google.com>, "Matthias Kaehlcke" <mka@chromium.org>, "Boris Ostrovsky" <boris.ostrovsky@oracle.com>, "Juergen Gross" <jgross@suse.com>, "Paolo Bonzini" <pbonzini@redhat.com>, "Radim Krčmář" <rkrcmar@redhat.com>, "Joerg Roedel" <joro@8bytes.org>, "Tom Lendacky" <thomas.lendacky@amd.com>, "Andy Lutomirski" <luto@kernel.org>, "Borislav Petkov" <bp@suse.de>, "Brian Gerst" <brgerst@gmail.com>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, "Len Brown" <len.brown@intel.com>, "Pavel Machek" <pavel@ucw.cz>, "Tejun Heo" <tj@kernel.org>, "Christoph Lameter" <cl@linux.com>, "Paul Gortmaker" <paul.gortmaker@windriver.com>, "Chris Metcalf" <cmetcalf@mellanox.com>, "Andrew Morton" <akpm@linux-foundation.org>, "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>, "Nicolas Pitre" <nicolas.pitre@linaro.org>, "Christopher Li" <sparse@chrisli.org>, "Rafael J . Wysocki" <rafael.j.wysocki@intel.com>, "Lukas Wunner" <lukas@wunner.de>, "Mika Westerberg" <mika.westerberg@linux.intel.com>, "Dou Liyang" <douly.fnst@cn.fujitsu.com>, "Daniel Borkmann" <daniel@iogearbox.net>, "Alexei Starovoitov" <ast@kernel.org>, "Masahiro Yamada" <yamada.masahiro@socionext.com>, "Markus Trippelsdorf" <markus@trippelsdorf.de>, "Steven Rostedt" <rostedt@goodmis.org>, "Kees Cook" <keescook@chromium.org>, "Rik van Riel" <riel@redhat.com>, "David Howells" <dhowells@redhat.com>, "Waiman Long" <longman@redhat.com>, "Kyle Huey" <me@kylehuey.com>, "Peter Foley" <pefoley2@pefoley.com>, "Tim Chen" <tim.c.chen@linux.intel.com>, "Catalin Marinas" <catalin.marinas@arm.com>, "Ard Biesheuvel" <ard.biesheuvel@linaro.org>, "Michal Hocko" <mhocko@suse.com>, "Matthew Wilcox" <mawilcox@microsoft.com>, "H . J . Lu" <hjl.tools@gmail.com>, "Paul Bolle" <pebolle@tiscali.nl>, "Rob Landley" <rob@landley.net>, "Baoquan He" <bhe@redhat.com>, "Daniel Micay" <danielmicay@gmail.com> Cc: x86@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org, linux-arch@vger.kernel.org, linux-sparse@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [kernel-hardening] x86: PIE support and option to extend KASLR randomization Date: Thu, 10 Aug 2017 10:25:52 -0700 [thread overview] Message-ID: <20170810172615.51965-1-thgarnie@google.com> (raw) Changes: - v2: - Add support for global stack cookie while compiler default to fs without mcmodel=kernel - Change patch 7 to correctly jump out of the identity mapping on kexec load preserve. These patches make the changes necessary to build the kernel as Position Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below the top 2G of the virtual address space. It allows to optionally extend the KASLR randomization range from 1G to 3G. Thanks a lot to Ard Biesheuvel & Kees Cook on their feedback on compiler changes, PIE support and KASLR in general. The patches: - 1-3, 5-15: Change in assembly code to be PIE compliant. - 4: Add a new _ASM_GET_PTR macro to fetch a symbol address generically. - 16: Adapt percpu design to work correctly when PIE is enabled. - 17: Provide an option to default visibility to hidden except for key symbols. It removes errors between compilation units. - 18: Adapt relocation tool to handle PIE binary correctly. - 19: Add support for global cookie - 20: Add the CONFIG_X86_PIE option (off by default) - 21: Adapt relocation tool to generate a 64-bit relocation table. - 22: Add options to build modules as mcmodel=large and dynamically create a PLT for relative references out of range (adapted from arm64). - 23: Add the CONFIG_RANDOMIZE_BASE_LARGE option to increase relocation range from 1G to 3G (off by default). Performance/Size impact: Hackbench (50% and 1600% loads): - PIE disabled: no significant change (-0.50% / +0.50%) - PIE enabled: 7% to 8% on half load, 10% on heavy load. These results are aligned with the different research on user-mode PIE impact on cpu intensive benchmarks (around 10% on x86_64). slab_test (average of 10 runs): - PIE disabled: no significant change (-1% / +1%) - PIE enabled: 3% to 4% Kernbench (average of 10 Half and Optimal runs): Elapsed Time: - PIE disabled: no significant change (-0.22% / +0.06%) - PIE enabled: around 0.50% System Time: - PIE disabled: no significant change (-0.99% / -1.28%) - PIE enabled: 5% to 6% Size of vmlinux (Ubuntu configuration): File size: - PIE disabled: 472928672 bytes (-0.000169% from baseline) - PIE enabled: 216878461 bytes (-54.14% from baseline) .text sections: - PIE disabled: 9373572 bytes (+0.04% from baseline) - PIE enabled: 9499138 bytes (+1.38% from baseline) The big decrease in vmlinux file size is due to the lower number of relocations appended to the file. diffstat: arch/x86/Kconfig | 42 +++++ arch/x86/Makefile | 28 +++ arch/x86/boot/boot.h | 2 arch/x86/boot/compressed/Makefile | 5 arch/x86/boot/compressed/misc.c | 10 + arch/x86/crypto/aes-x86_64-asm_64.S | 45 +++--- arch/x86/crypto/aesni-intel_asm.S | 14 + arch/x86/crypto/aesni-intel_avx-x86_64.S | 6 arch/x86/crypto/camellia-aesni-avx-asm_64.S | 42 ++--- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 44 +++--- arch/x86/crypto/camellia-x86_64-asm_64.S | 8 - arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 50 +++--- arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 44 +++--- arch/x86/crypto/des3_ede-asm_64.S | 96 ++++++++----- arch/x86/crypto/ghash-clmulni-intel_asm.S | 4 arch/x86/crypto/glue_helper-asm-avx.S | 4 arch/x86/crypto/glue_helper-asm-avx2.S | 6 arch/x86/entry/entry_32.S | 3 arch/x86/entry/entry_64.S | 29 ++- arch/x86/include/asm/asm.h | 13 + arch/x86/include/asm/bug.h | 2 arch/x86/include/asm/jump_label.h | 8 - arch/x86/include/asm/kvm_host.h | 6 arch/x86/include/asm/module.h | 17 ++ arch/x86/include/asm/page_64_types.h | 9 + arch/x86/include/asm/paravirt_types.h | 12 + arch/x86/include/asm/percpu.h | 25 ++- arch/x86/include/asm/pm-trace.h | 2 arch/x86/include/asm/processor.h | 11 - arch/x86/include/asm/setup.h | 2 arch/x86/include/asm/stackprotector.h | 19 +- arch/x86/kernel/Makefile | 2 arch/x86/kernel/acpi/wakeup_64.S | 31 ++-- arch/x86/kernel/asm-offsets.c | 3 arch/x86/kernel/asm-offsets_32.c | 3 arch/x86/kernel/asm-offsets_64.c | 3 arch/x86/kernel/cpu/common.c | 7 arch/x86/kernel/head64.c | 30 +++- arch/x86/kernel/head_32.S | 3 arch/x86/kernel/head_64.S | 46 +++++- arch/x86/kernel/kvm.c | 6 arch/x86/kernel/module-plts.c | 198 +++++++++++++++++++++++++++ arch/x86/kernel/module.c | 18 +- arch/x86/kernel/module.lds | 4 arch/x86/kernel/process.c | 5 arch/x86/kernel/relocate_kernel_64.S | 8 - arch/x86/kernel/setup_percpu.c | 2 arch/x86/kernel/vmlinux.lds.S | 13 + arch/x86/kvm/svm.c | 4 arch/x86/lib/cmpxchg16b_emu.S | 8 - arch/x86/power/hibernate_asm_64.S | 4 arch/x86/tools/relocs.c | 134 +++++++++++++++--- arch/x86/tools/relocs.h | 4 arch/x86/tools/relocs_common.c | 15 +- arch/x86/xen/xen-asm.S | 12 - arch/x86/xen/xen-asm.h | 3 arch/x86/xen/xen-head.S | 9 - include/asm-generic/sections.h | 6 include/linux/compiler.h | 8 + init/Kconfig | 9 + kernel/kallsyms.c | 16 +- 61 files changed, 923 insertions(+), 299 deletions(-)
next reply other threads:[~2017-08-10 17:25 UTC|newest] Thread overview: 221+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-08-10 17:25 Thomas Garnier [this message] 2017-08-10 17:25 ` [kernel-hardening] x86: PIE support and option to extend KASLR randomization Thomas Garnier 2017-08-10 17:25 ` [RFC v2 01/23] x86/crypto: Adapt assembly for PIE support Thomas Garnier 2017-08-10 17:25 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:25 ` [RFC v2 02/23] x86: Use symbol name on bug table " Thomas Garnier 2017-08-10 17:25 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:25 ` [RFC v2 03/23] x86: Use symbol name in jump " Thomas Garnier 2017-08-10 17:25 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:25 ` [RFC v2 04/23] x86: Add macro to get symbol address " Thomas Garnier 2017-08-10 17:25 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:25 ` [RFC v2 05/23] xen: Adapt assembly " Thomas Garnier 2017-08-10 17:25 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:25 ` [RFC v2 06/23] kvm: " Thomas Garnier 2017-08-10 17:25 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:25 ` [RFC v2 07/23] x86: relocate_kernel - " Thomas Garnier 2017-08-10 17:25 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 08/23] x86/entry/64: " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 09/23] x86: pm-trace - " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 10/23] x86/CPU: " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 11/23] x86/acpi: " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 12/23] x86/boot/64: " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 13/23] x86/power/64: " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-11 12:36 ` Pavel Machek 2017-08-11 12:36 ` Pavel Machek 2017-08-11 12:36 ` [kernel-hardening] " Pavel Machek 2017-08-11 15:09 ` Thomas Garnier 2017-08-11 15:09 ` [kernel-hardening] " Thomas Garnier 2017-08-11 15:09 ` Thomas Garnier 2017-08-10 17:26 ` [RFC v2 14/23] x86/paravirt: " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 15/23] x86/boot/64: Use _text in a global " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 16/23] x86/percpu: Adapt percpu " Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 17/23] compiler: Option to default to hidden symbols Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 18/23] x86/relocs: Handle DYN relocations for PIE support Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 19/23] x86: Support global stack cookie Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 20/23] x86/pie: Add option to build the kernel as PIE for x86_64 Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 21/23] x86/relocs: Add option to generate 64-bit relocations Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 22/23] x86/module: Add support for mcmodel large and PLTs Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-10 17:26 ` [RFC v2 23/23] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB Thomas Garnier 2017-08-10 17:26 ` [kernel-hardening] " Thomas Garnier 2017-08-11 12:41 ` x86: PIE support and option to extend KASLR randomization Ingo Molnar 2017-08-11 12:41 ` [kernel-hardening] " Ingo Molnar 2017-08-11 15:09 ` Thomas Garnier 2017-08-11 15:09 ` Thomas Garnier 2017-08-11 15:09 ` [kernel-hardening] " Thomas Garnier 2017-08-15 7:56 ` Ingo Molnar 2017-08-15 7:56 ` Ingo Molnar 2017-08-15 7:56 ` [kernel-hardening] " Ingo Molnar 2017-08-15 12:15 ` Jordan Glover 2017-08-15 13:42 ` Rik van Riel 2017-08-15 14:20 ` Thomas Garnier 2017-08-15 14:20 ` Thomas Garnier 2017-08-15 14:20 ` [kernel-hardening] " Thomas Garnier 2017-08-15 14:47 ` Daniel Micay 2017-08-15 14:47 ` Daniel Micay 2017-08-15 14:47 ` [kernel-hardening] " Daniel Micay 2017-08-15 14:58 ` Thomas Garnier 2017-08-15 14:58 ` Thomas Garnier 2017-08-15 14:58 ` [kernel-hardening] " Thomas Garnier 2017-08-16 15:12 ` Ingo Molnar 2017-08-16 15:12 ` Ingo Molnar 2017-08-16 15:12 ` [kernel-hardening] " Ingo Molnar 2017-08-16 16:09 ` Christopher Lameter 2017-08-16 16:09 ` Christopher Lameter 2017-08-16 16:09 ` [kernel-hardening] " Christopher Lameter 2017-08-16 16:26 ` Daniel Micay 2017-08-16 16:26 ` [kernel-hardening] " Daniel Micay 2017-08-16 16:32 ` Ard Biesheuvel 2017-08-16 16:32 ` Ard Biesheuvel 2017-08-16 16:32 ` [kernel-hardening] " Ard Biesheuvel 2017-08-16 16:26 ` Daniel Micay 2017-08-16 16:57 ` Thomas Garnier 2017-08-16 16:57 ` Thomas Garnier 2017-08-16 16:57 ` [kernel-hardening] " Thomas Garnier 2017-08-17 8:09 ` Ingo Molnar 2017-08-17 8:09 ` Ingo Molnar 2017-08-17 8:09 ` [kernel-hardening] " Ingo Molnar 2017-08-17 14:10 ` Thomas Garnier 2017-08-17 14:10 ` Thomas Garnier 2017-08-17 14:10 ` [kernel-hardening] " Thomas Garnier 2017-08-24 21:13 ` Thomas Garnier 2017-08-24 21:13 ` Thomas Garnier 2017-08-24 21:13 ` [kernel-hardening] " Thomas Garnier 2017-08-24 21:42 ` Linus Torvalds 2017-08-24 21:42 ` Linus Torvalds 2017-08-24 21:42 ` [kernel-hardening] " Linus Torvalds 2017-08-25 15:35 ` Thomas Garnier 2017-08-25 15:35 ` [kernel-hardening] " Thomas Garnier 2017-08-25 15:35 ` Thomas Garnier 2017-08-25 1:07 ` Steven Rostedt 2017-08-25 1:07 ` [kernel-hardening] " Steven Rostedt 2017-08-25 8:04 ` Ingo Molnar 2017-08-25 8:04 ` Ingo Molnar 2017-08-25 8:04 ` [kernel-hardening] " Ingo Molnar 2017-08-25 15:05 ` Thomas Garnier 2017-08-25 15:05 ` Thomas Garnier 2017-08-25 15:05 ` [kernel-hardening] " Thomas Garnier 2017-08-29 19:34 ` Thomas Garnier 2017-08-29 19:34 ` [kernel-hardening] " Thomas Garnier 2017-09-21 15:59 ` Ingo Molnar 2017-09-21 15:59 ` [kernel-hardening] " Ingo Molnar 2017-09-21 16:10 ` Ard Biesheuvel 2017-09-21 16:10 ` Ard Biesheuvel 2017-09-21 16:10 ` [kernel-hardening] " Ard Biesheuvel 2017-09-21 21:21 ` Thomas Garnier 2017-09-21 21:21 ` Thomas Garnier 2017-09-21 21:21 ` [kernel-hardening] " Thomas Garnier 2017-09-22 4:24 ` Markus Trippelsdorf 2017-09-22 4:24 ` [kernel-hardening] " Markus Trippelsdorf 2017-09-22 14:38 ` Thomas Garnier 2017-09-22 14:38 ` [kernel-hardening] " Thomas Garnier 2017-09-22 14:38 ` Thomas Garnier 2017-09-22 23:55 ` Thomas Garnier 2017-09-22 23:55 ` Thomas Garnier 2017-09-22 23:55 ` [kernel-hardening] " Thomas Garnier 2017-09-21 21:16 ` Thomas Garnier 2017-09-21 21:16 ` [kernel-hardening] " Thomas Garnier 2017-09-22 0:06 ` Thomas Garnier 2017-09-22 0:06 ` Thomas Garnier 2017-09-22 0:06 ` [kernel-hardening] " Thomas Garnier 2017-09-22 16:32 ` Ingo Molnar 2017-09-22 16:32 ` [kernel-hardening] " Ingo Molnar 2017-09-22 18:08 ` Thomas Garnier 2017-09-22 18:08 ` Thomas Garnier 2017-09-22 18:08 ` [kernel-hardening] " Thomas Garnier 2017-09-23 9:43 ` Ingo Molnar 2017-09-23 9:43 ` [kernel-hardening] " Ingo Molnar 2017-10-02 20:28 ` Thomas Garnier 2017-10-02 20:28 ` Thomas Garnier 2017-10-02 20:28 ` [kernel-hardening] " Thomas Garnier 2017-09-23 9:43 ` Ingo Molnar 2017-09-22 18:38 ` H. Peter Anvin 2017-09-22 18:38 ` [kernel-hardening] " H. Peter Anvin 2017-09-22 18:57 ` Kees Cook 2017-09-22 18:57 ` [kernel-hardening] " Kees Cook 2017-09-22 19:06 ` H. Peter Anvin 2017-09-22 19:06 ` [kernel-hardening] " H. Peter Anvin 2017-09-22 22:19 ` hjl.tools 2017-09-22 22:30 ` hjl.tools 2017-09-22 19:06 ` H. Peter Anvin 2017-09-22 18:57 ` Kees Cook 2017-09-22 18:59 ` Thomas Garnier 2017-09-22 18:59 ` Thomas Garnier 2017-09-22 18:59 ` [kernel-hardening] " Thomas Garnier 2017-09-23 9:49 ` Ingo Molnar 2017-09-23 9:49 ` Ingo Molnar 2017-09-23 9:49 ` [kernel-hardening] " Ingo Molnar 2017-09-22 18:38 ` H. Peter Anvin 2017-09-22 16:32 ` Ingo Molnar 2017-09-21 21:16 ` Thomas Garnier 2017-09-21 15:59 ` Ingo Molnar 2017-08-29 19:34 ` Thomas Garnier 2017-08-17 14:12 ` Boris Lukashev 2017-08-17 14:12 ` [kernel-hardening] " Boris Lukashev 2017-08-25 15:38 ` Christopher Lameter 2017-08-25 15:38 ` [kernel-hardening] " Christopher Lameter 2017-08-27 22:39 ` Boris Lukashev 2017-08-27 22:39 ` Boris Lukashev 2017-08-27 22:39 ` [kernel-hardening] " Boris Lukashev 2017-08-25 15:38 ` Christopher Lameter 2017-08-28 9:59 ` Pavel Machek 2017-08-28 9:59 ` Pavel Machek 2017-08-28 9:59 ` [kernel-hardening] " Pavel Machek 2017-08-17 14:12 ` Boris Lukashev 2017-08-21 13:32 ` Peter Zijlstra 2017-08-21 13:32 ` [kernel-hardening] " Peter Zijlstra 2017-08-21 14:28 ` Peter Zijlstra 2017-08-21 14:28 ` Peter Zijlstra 2017-08-21 14:28 ` [kernel-hardening] " Peter Zijlstra 2017-09-22 18:27 ` H. Peter Anvin 2017-09-22 18:27 ` [kernel-hardening] " H. Peter Anvin 2017-09-23 10:00 ` Ingo Molnar 2017-09-23 10:00 ` [kernel-hardening] " Ingo Molnar 2017-09-24 22:37 ` Pavel Machek 2017-09-24 22:37 ` [kernel-hardening] " Pavel Machek 2017-09-25 7:33 ` Ingo Molnar 2017-09-25 7:33 ` Ingo Molnar 2017-09-25 7:33 ` [kernel-hardening] " Ingo Molnar 2017-10-06 10:39 ` Pavel Machek 2017-10-06 10:39 ` Pavel Machek 2017-10-06 10:39 ` [kernel-hardening] " Pavel Machek 2017-10-20 8:13 ` Ingo Molnar 2017-10-20 8:13 ` [kernel-hardening] " Ingo Molnar 2017-10-20 8:13 ` Ingo Molnar 2017-09-24 22:37 ` Pavel Machek 2017-09-23 10:00 ` Ingo Molnar 2017-09-22 18:27 ` H. Peter Anvin 2017-08-21 13:32 ` Peter Zijlstra 2017-08-21 14:31 ` Peter Zijlstra 2017-08-21 14:31 ` [kernel-hardening] " Peter Zijlstra 2017-08-21 15:57 ` Thomas Garnier 2017-08-21 15:57 ` Thomas Garnier 2017-08-21 15:57 ` [kernel-hardening] " Thomas Garnier 2017-08-28 1:26 ` H. Peter Anvin 2017-08-28 1:26 ` [kernel-hardening] " H. Peter Anvin 2017-08-28 1:26 ` H. Peter Anvin 2017-08-21 14:31 ` Peter Zijlstra 2017-08-11 12:41 ` Ingo Molnar -- strict thread matches above, loose matches on Subject: below -- 2017-10-04 21:19 Thomas Garnier 2017-10-04 21:19 Thomas Garnier via Virtualization 2017-10-04 21:19 Thomas Garnier 2017-10-04 21:19 ` Thomas Garnier 2017-08-10 17:25 Thomas Garnier 2017-07-18 22:33 Thomas Garnier 2017-07-19 14:08 ` Christopher Lameter 2017-07-19 14:08 ` Christopher Lameter 2017-07-18 22:33 Thomas Garnier
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170810172615.51965-1-thgarnie@google.com \ --to=thgarnie@google.com \ --cc=arnd@arndb.de \ --cc=boris.ostrovsky@oracle.com \ --cc=bp@suse.de \ --cc=brgerst@gmail.com \ --cc=davem@davemloft.net \ --cc=herbert@gondor.apana.org.au \ --cc=hpa@zytor.com \ --cc=jgross@suse.com \ --cc=joro@8bytes.org \ --cc=jpoimboe@redhat.com \ --cc=kernel-hardening@lists.openwall.com \ --cc=kirill.shutemov@linux.intel.com \ --cc=kvm@vger.kernel.org \ --cc=len.brown@intel.com \ --cc=linux-arch@vger.kernel.org \ --cc=linux-crypto@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-pm@vger.kernel.org \ --cc=linux-sparse@vger.kernel.org \ --cc=luto@kernel.org \ --cc=mingo@redhat.com \ --cc=mka@chromium.org \ --cc=pbonzini@redhat.com \ --cc=peterz@infradead.org \ --cc=rjw@rjwysocki.net \ --cc=rkrcmar@redhat.com \ --cc=tglx@linutronix.de \ --cc=thomas.lendacky@amd.com \ --cc=x86@kernel.org \ --cc=xen-devel@lists.xenproject.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.