From: Nathan Chancellor <nathan@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH] MAINTAINERS: Add a general "kernel hardening" section
Date: Tue, 5 Jul 2022 08:26:49 -0700 [thread overview]
Message-ID: <YsRYORcovwCGvztR@dev-arch.thelio-3990X> (raw)
In-Reply-To: <20220702004638.2486003-1-keescook@chromium.org>
On Fri, Jul 01, 2022 at 05:46:38PM -0700, Kees Cook wrote:
> While many large subsystems related to kernel hardening have their own
> distinct MAINTAINERS entries, there are some smaller collections that
> don't, but are maintained/reviewed by linux-hardening@vger.kernel.org.
> Add a section to capture these, add (or replace defunct) trees that are
> now all carried in the hardening tree.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Nathan Chancellor <nathan@kernel.org>
> ---
> MAINTAINERS | 21 +++++++++++++++++----
> 1 file changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 3cf9842d9233..2702b29e922f 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -4873,7 +4873,7 @@ R: Nick Desaulniers <ndesaulniers@google.com>
> L: llvm@lists.linux.dev
> S: Supported
> B: https://github.com/ClangBuiltLinux/linux/issues
> -T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/clang/features
> +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
> F: include/linux/cfi.h
> F: kernel/cfi.c
>
> @@ -7783,6 +7783,7 @@ FORTIFY_SOURCE
> M: Kees Cook <keescook@chromium.org>
> L: linux-hardening@vger.kernel.org
> S: Supported
> +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
> F: include/linux/fortify-string.h
> F: lib/test_fortify/*
> F: scripts/test_fortify.sh
> @@ -8225,6 +8226,7 @@ GCC PLUGINS
> M: Kees Cook <keescook@chromium.org>
> L: linux-hardening@vger.kernel.org
> S: Maintained
> +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
> F: Documentation/kbuild/gcc-plugins.rst
> F: scripts/Makefile.gcc-plugins
> F: scripts/gcc-plugins/
> @@ -10742,6 +10744,17 @@ F: scripts/mk*
> F: scripts/mod/
> F: scripts/package/
>
> +KERNEL HARDENING (not covered by other areas)
> +M: Kees Cook <keescook@chromium.org>
> +L: linux-hardening@vger.kernel.org
> +S: Supported
> +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
> +F: include/linux/overflow.h
> +F: include/linux/randomize_kstack.h
> +F: mm/usercopy.c
> +K: \b(add|choose)_random_kstack_offset\b
> +K: \b__check_(object_size|heap_object)\b
> +
> KERNEL JANITORS
> L: kernel-janitors@vger.kernel.org
> S: Odd Fixes
> @@ -11542,7 +11555,7 @@ F: drivers/media/usb/dvb-usb-v2/lmedm04*
> LOADPIN SECURITY MODULE
> M: Kees Cook <keescook@chromium.org>
> S: Supported
> -T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/loadpin
> +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
> F: Documentation/admin-guide/LSM/LoadPin.rst
> F: security/loadpin/
>
> @@ -17857,7 +17870,7 @@ M: Kees Cook <keescook@chromium.org>
> R: Andy Lutomirski <luto@amacapital.net>
> R: Will Drewry <wad@chromium.org>
> S: Supported
> -T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp
> +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/seccomp
> F: Documentation/userspace-api/seccomp_filter.rst
> F: include/linux/seccomp.h
> F: include/uapi/linux/seccomp.h
> @@ -21993,7 +22006,7 @@ F: include/linux/yam.h
> YAMA SECURITY MODULE
> M: Kees Cook <keescook@chromium.org>
> S: Supported
> -T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git yama/tip
> +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
> F: Documentation/admin-guide/LSM/Yama.rst
> F: security/yama/
>
> --
> 2.32.0
>
next prev parent reply other threads:[~2022-07-05 15:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-02 0:46 [PATCH] MAINTAINERS: Add a general "kernel hardening" section Kees Cook
2022-07-05 15:26 ` Nathan Chancellor [this message]
2022-07-05 17:54 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YsRYORcovwCGvztR@dev-arch.thelio-3990X \
--to=nathan@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=ndesaulniers@google.com \
--cc=trix@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.