From: Igor Stoppa <igor.stoppa@huawei.com>
To: Christopher Lameter <cl@linux.com>
Cc: Matthew Wilcox <willy@infradead.org>,
Boris Lukashev <blukashev@sempervictus.com>,
Jann Horn <jannh@google.com>, <jglisse@redhat.com>,
Kees Cook <keescook@chromium.org>,
Michal Hocko <mhocko@kernel.org>,
Laura Abbott <labbott@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
<linux-security-module@vger.kernel.org>, <linux-mm@kvack.org>,
kernel list <linux-kernel@vger.kernel.org>,
"Kernel Hardening" <kernel-hardening@lists.openwall.com>
Subject: Re: [kernel-hardening] [PATCH 4/6] Protectable Memory
Date: Fri, 9 Feb 2018 13:17:49 +0200 [thread overview]
Message-ID: <4e113814-7d24-b48c-993f-46d5aee1755d@huawei.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1802050935300.10705@nuc-kabylake>
On 05/02/18 17:40, Christopher Lameter wrote:
> On Sat, 3 Feb 2018, Igor Stoppa wrote:
>
>>> We could even do this in a more thorough way. Can we use a ring 1 / 2
>>> distinction to create a hardened OS core that policies the rest of
>>> the ever expanding kernel with all its modules and this and that feature?
>>
>> What would be the differentiating criteria? Furthermore, what are the
>> chances
>> of invalidating the entire concept, because there is already an
>> hypervisor using
>> the higher level features?
>> That is what you are proposing, if I understand correctly.
>
> Were there not 4 rings as well as methods by the processor vendors to
> virtualize them as well?
I think you are talking x86, mostly.
On ARM there are ELx and they are often (typically?) already used.
For x86 I cannot comment.
>>> I think that will long term be a better approach and allow more than the
>>> current hardening approaches can get you. It seems that we are willing to
>>> tolerate significant performance regressions now. So lets use the
>>> protection mechanisms that the hardware offers.
>>
>> I would rather *not* propose significant performance regression :-P
>
> But we already have implemented significant kernel hardening which causes
> performance regressions. Using hardware capabilities allows the processor
> vendor to further optimize these mechanisms whereas the software
> preventative measures are eating up more and more performance as the pile
> them on. Plus these are methods that can be worked around. Restrictions
> implemented in a higher ring can be enforced and are much better than
> just "hardening" (which is making life difficult for the hackers and
> throwing away performannce for the average user).
What you are proposing requires major restructuring of the memory
management - at the very least - provided that it doesn't cause the
conflicts I mentioned above.
Even after you do that, the system will still be working with memory
pages, there will be still a need to segregate data within certain
pages, or pay the penalty of handling exceptions, when data with
different permissions coexist within the same page.
The way the pmalloc API is designed is meant to facilitate the
segregation and to actually improve performance, by grouping types of
data with same scope and permission.
WRT the implementation, there is a minimal exposure to the memory
provider, both for allocation and release.
Same goes for the protection mechanism.
It's a single call to the function which makes pages read only.
It would be trivial to swap it out with a call to whatever framework you
want to come up with, for implementing ring/EL based protection.
>From this perspective, you can easily provide patches that implement
what you are proposing, against pmalloc, if you really think that it's
the way to go.
I'll be happy to use them, if they provide improved performance and same
or better protection.
The way I designed pmalloc was really to be able to switch to some
alternate memory provider and/or protection mechanism, should a better
one arise.
But it can be done in a separate step, I think, since you are not
proposing to just change pmalloc, you are proposing to re-design how the
overall kernel memory hardening works (including executable pages, const
data, __ro_after_init, etc.)
--
igor
WARNING: multiple messages have this Message-ID (diff)
From: igor.stoppa@huawei.com (Igor Stoppa)
To: linux-security-module@vger.kernel.org
Subject: [kernel-hardening] [PATCH 4/6] Protectable Memory
Date: Fri, 9 Feb 2018 13:17:49 +0200 [thread overview]
Message-ID: <4e113814-7d24-b48c-993f-46d5aee1755d@huawei.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1802050935300.10705@nuc-kabylake>
On 05/02/18 17:40, Christopher Lameter wrote:
> On Sat, 3 Feb 2018, Igor Stoppa wrote:
>
>>> We could even do this in a more thorough way. Can we use a ring 1 / 2
>>> distinction to create a hardened OS core that policies the rest of
>>> the ever expanding kernel with all its modules and this and that feature?
>>
>> What would be the differentiating criteria? Furthermore, what are the
>> chances
>> of invalidating the entire concept, because there is already an
>> hypervisor using
>> the higher level features?
>> That is what you are proposing, if I understand correctly.
>
> Were there not 4 rings as well as methods by the processor vendors to
> virtualize them as well?
I think you are talking x86, mostly.
On ARM there are ELx and they are often (typically?) already used.
For x86 I cannot comment.
>>> I think that will long term be a better approach and allow more than the
>>> current hardening approaches can get you. It seems that we are willing to
>>> tolerate significant performance regressions now. So lets use the
>>> protection mechanisms that the hardware offers.
>>
>> I would rather *not* propose significant performance regression :-P
>
> But we already have implemented significant kernel hardening which causes
> performance regressions. Using hardware capabilities allows the processor
> vendor to further optimize these mechanisms whereas the software
> preventative measures are eating up more and more performance as the pile
> them on. Plus these are methods that can be worked around. Restrictions
> implemented in a higher ring can be enforced and are much better than
> just "hardening" (which is making life difficult for the hackers and
> throwing away performannce for the average user).
What you are proposing requires major restructuring of the memory
management - at the very least - provided that it doesn't cause the
conflicts I mentioned above.
Even after you do that, the system will still be working with memory
pages, there will be still a need to segregate data within certain
pages, or pay the penalty of handling exceptions, when data with
different permissions coexist within the same page.
The way the pmalloc API is designed is meant to facilitate the
segregation and to actually improve performance, by grouping types of
data with same scope and permission.
WRT the implementation, there is a minimal exposure to the memory
provider, both for allocation and release.
Same goes for the protection mechanism.
It's a single call to the function which makes pages read only.
It would be trivial to swap it out with a call to whatever framework you
want to come up with, for implementing ring/EL based protection.
>From this perspective, you can easily provide patches that implement
what you are proposing, against pmalloc, if you really think that it's
the way to go.
I'll be happy to use them, if they provide improved performance and same
or better protection.
The way I designed pmalloc was really to be able to switch to some
alternate memory provider and/or protection mechanism, should a better
one arise.
But it can be done in a separate step, I think, since you are not
proposing to just change pmalloc, you are proposing to re-design how the
overall kernel memory hardening works (including executable pages, const
data, __ro_after_init, etc.)
--
igor
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Igor Stoppa <igor.stoppa@huawei.com>
To: Christopher Lameter <cl@linux.com>
Cc: Matthew Wilcox <willy@infradead.org>,
Boris Lukashev <blukashev@sempervictus.com>,
Jann Horn <jannh@google.com>,
jglisse@redhat.com, Kees Cook <keescook@chromium.org>,
Michal Hocko <mhocko@kernel.org>,
Laura Abbott <labbott@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
linux-security-module@vger.kernel.org, linux-mm@kvack.org,
kernel list <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: [kernel-hardening] [PATCH 4/6] Protectable Memory
Date: Fri, 9 Feb 2018 13:17:49 +0200 [thread overview]
Message-ID: <4e113814-7d24-b48c-993f-46d5aee1755d@huawei.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1802050935300.10705@nuc-kabylake>
On 05/02/18 17:40, Christopher Lameter wrote:
> On Sat, 3 Feb 2018, Igor Stoppa wrote:
>
>>> We could even do this in a more thorough way. Can we use a ring 1 / 2
>>> distinction to create a hardened OS core that policies the rest of
>>> the ever expanding kernel with all its modules and this and that feature?
>>
>> What would be the differentiating criteria? Furthermore, what are the
>> chances
>> of invalidating the entire concept, because there is already an
>> hypervisor using
>> the higher level features?
>> That is what you are proposing, if I understand correctly.
>
> Were there not 4 rings as well as methods by the processor vendors to
> virtualize them as well?
I think you are talking x86, mostly.
On ARM there are ELx and they are often (typically?) already used.
For x86 I cannot comment.
>>> I think that will long term be a better approach and allow more than the
>>> current hardening approaches can get you. It seems that we are willing to
>>> tolerate significant performance regressions now. So lets use the
>>> protection mechanisms that the hardware offers.
>>
>> I would rather *not* propose significant performance regression :-P
>
> But we already have implemented significant kernel hardening which causes
> performance regressions. Using hardware capabilities allows the processor
> vendor to further optimize these mechanisms whereas the software
> preventative measures are eating up more and more performance as the pile
> them on. Plus these are methods that can be worked around. Restrictions
> implemented in a higher ring can be enforced and are much better than
> just "hardening" (which is making life difficult for the hackers and
> throwing away performannce for the average user).
What you are proposing requires major restructuring of the memory
management - at the very least - provided that it doesn't cause the
conflicts I mentioned above.
Even after you do that, the system will still be working with memory
pages, there will be still a need to segregate data within certain
pages, or pay the penalty of handling exceptions, when data with
different permissions coexist within the same page.
The way the pmalloc API is designed is meant to facilitate the
segregation and to actually improve performance, by grouping types of
data with same scope and permission.
WRT the implementation, there is a minimal exposure to the memory
provider, both for allocation and release.
Same goes for the protection mechanism.
It's a single call to the function which makes pages read only.
It would be trivial to swap it out with a call to whatever framework you
want to come up with, for implementing ring/EL based protection.
>From this perspective, you can easily provide patches that implement
what you are proposing, against pmalloc, if you really think that it's
the way to go.
I'll be happy to use them, if they provide improved performance and same
or better protection.
The way I designed pmalloc was really to be able to switch to some
alternate memory provider and/or protection mechanism, should a better
one arise.
But it can be done in a separate step, I think, since you are not
proposing to just change pmalloc, you are proposing to re-design how the
overall kernel memory hardening works (including executable pages, const
data, __ro_after_init, etc.)
--
igor
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Igor Stoppa <igor.stoppa@huawei.com>
To: Christopher Lameter <cl@linux.com>
Cc: Matthew Wilcox <willy@infradead.org>,
Boris Lukashev <blukashev@sempervictus.com>,
Jann Horn <jannh@google.com>,
jglisse@redhat.com, Kees Cook <keescook@chromium.org>,
Michal Hocko <mhocko@kernel.org>,
Laura Abbott <labbott@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
linux-security-module@vger.kernel.org, linux-mm@kvack.org,
kernel list <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: [kernel-hardening] [PATCH 4/6] Protectable Memory
Date: Fri, 9 Feb 2018 13:17:49 +0200 [thread overview]
Message-ID: <4e113814-7d24-b48c-993f-46d5aee1755d@huawei.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1802050935300.10705@nuc-kabylake>
On 05/02/18 17:40, Christopher Lameter wrote:
> On Sat, 3 Feb 2018, Igor Stoppa wrote:
>
>>> We could even do this in a more thorough way. Can we use a ring 1 / 2
>>> distinction to create a hardened OS core that policies the rest of
>>> the ever expanding kernel with all its modules and this and that feature?
>>
>> What would be the differentiating criteria? Furthermore, what are the
>> chances
>> of invalidating the entire concept, because there is already an
>> hypervisor using
>> the higher level features?
>> That is what you are proposing, if I understand correctly.
>
> Were there not 4 rings as well as methods by the processor vendors to
> virtualize them as well?
I think you are talking x86, mostly.
On ARM there are ELx and they are often (typically?) already used.
For x86 I cannot comment.
>>> I think that will long term be a better approach and allow more than the
>>> current hardening approaches can get you. It seems that we are willing to
>>> tolerate significant performance regressions now. So lets use the
>>> protection mechanisms that the hardware offers.
>>
>> I would rather *not* propose significant performance regression :-P
>
> But we already have implemented significant kernel hardening which causes
> performance regressions. Using hardware capabilities allows the processor
> vendor to further optimize these mechanisms whereas the software
> preventative measures are eating up more and more performance as the pile
> them on. Plus these are methods that can be worked around. Restrictions
> implemented in a higher ring can be enforced and are much better than
> just "hardening" (which is making life difficult for the hackers and
> throwing away performannce for the average user).
What you are proposing requires major restructuring of the memory
management - at the very least - provided that it doesn't cause the
conflicts I mentioned above.
Even after you do that, the system will still be working with memory
pages, there will be still a need to segregate data within certain
pages, or pay the penalty of handling exceptions, when data with
different permissions coexist within the same page.
The way the pmalloc API is designed is meant to facilitate the
segregation and to actually improve performance, by grouping types of
data with same scope and permission.
WRT the implementation, there is a minimal exposure to the memory
provider, both for allocation and release.
Same goes for the protection mechanism.
It's a single call to the function which makes pages read only.
It would be trivial to swap it out with a call to whatever framework you
want to come up with, for implementing ring/EL based protection.
>From this perspective, you can easily provide patches that implement
what you are proposing, against pmalloc, if you really think that it's
the way to go.
I'll be happy to use them, if they provide improved performance and same
or better protection.
The way I designed pmalloc was really to be able to switch to some
alternate memory provider and/or protection mechanism, should a better
one arise.
But it can be done in a separate step, I think, since you are not
proposing to just change pmalloc, you are proposing to re-design how the
overall kernel memory hardening works (including executable pages, const
data, __ro_after_init, etc.)
--
igor
next prev parent reply other threads:[~2018-02-09 11:17 UTC|newest]
Thread overview: 171+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-24 17:56 [kernel-hardening] [RFC PATCH v11 0/6] mm: security: ro protection for dynamic data Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` [kernel-hardening] [PATCH 1/6] genalloc: track beginning of allocations Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` [kernel-hardening] [PATCH 2/6] genalloc: selftest Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` [kernel-hardening] [PATCH 3/6] struct page: add field for vm_struct Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` [kernel-hardening] [PATCH 4/6] Protectable Memory Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 19:10 ` [kernel-hardening] " Jann Horn
2018-01-24 19:10 ` Jann Horn
2018-01-24 19:10 ` Jann Horn
2018-01-25 11:59 ` Igor Stoppa
2018-01-25 11:59 ` Igor Stoppa
2018-01-25 11:59 ` Igor Stoppa
2018-01-25 11:59 ` Igor Stoppa
2018-01-25 15:14 ` Boris Lukashev
2018-01-25 15:14 ` Boris Lukashev
2018-01-25 15:14 ` Boris Lukashev
2018-01-25 15:38 ` Jerome Glisse
2018-01-25 15:38 ` Jerome Glisse
2018-01-25 15:38 ` Jerome Glisse
2018-01-26 12:28 ` Igor Stoppa
2018-01-26 12:28 ` Igor Stoppa
2018-01-26 12:28 ` Igor Stoppa
2018-01-26 16:36 ` Boris Lukashev
2018-01-26 16:36 ` Boris Lukashev
2018-01-26 16:36 ` Boris Lukashev
2018-01-30 13:46 ` Igor Stoppa
2018-01-30 13:46 ` Igor Stoppa
2018-01-30 13:46 ` Igor Stoppa
2018-01-26 5:35 ` Matthew Wilcox
2018-01-26 5:35 ` Matthew Wilcox
2018-01-26 5:35 ` Matthew Wilcox
2018-01-26 11:46 ` Igor Stoppa
2018-01-26 11:46 ` Igor Stoppa
2018-01-26 11:46 ` Igor Stoppa
2018-01-26 11:46 ` Igor Stoppa
2018-02-02 18:39 ` Christopher Lameter
2018-02-02 18:39 ` Christopher Lameter
2018-02-02 18:39 ` Christopher Lameter
2018-02-03 15:38 ` Igor Stoppa
2018-02-03 15:38 ` Igor Stoppa
2018-02-03 15:38 ` Igor Stoppa
2018-02-03 15:38 ` Igor Stoppa
2018-02-03 19:57 ` Igor Stoppa
2018-02-03 19:57 ` Igor Stoppa
2018-02-03 19:57 ` Igor Stoppa
2018-02-03 19:57 ` Igor Stoppa
2018-02-03 20:12 ` Boris Lukashev
2018-02-03 20:12 ` Boris Lukashev
2018-02-03 20:12 ` Boris Lukashev
2018-02-03 20:32 ` Igor Stoppa
2018-02-03 20:32 ` Igor Stoppa
2018-02-03 20:32 ` Igor Stoppa
2018-02-03 22:29 ` Boris Lukashev
2018-02-03 22:29 ` Boris Lukashev
2018-02-03 22:29 ` Boris Lukashev
2018-02-04 15:05 ` Igor Stoppa
2018-02-04 15:05 ` Igor Stoppa
2018-02-04 15:05 ` Igor Stoppa
2018-02-12 23:27 ` Kees Cook
2018-02-12 23:27 ` Kees Cook
2018-02-12 23:27 ` Kees Cook
2018-02-13 0:40 ` Laura Abbott
2018-02-13 0:40 ` Laura Abbott
2018-02-13 0:40 ` Laura Abbott
2018-02-13 1:25 ` Kees Cook
2018-02-13 1:25 ` Kees Cook
2018-02-13 1:25 ` Kees Cook
2018-02-13 3:39 ` Jann Horn
2018-02-13 3:39 ` Jann Horn
2018-02-13 3:39 ` Jann Horn
2018-02-13 16:09 ` Laura Abbott
2018-02-13 16:09 ` Laura Abbott
2018-02-13 16:09 ` Laura Abbott
2018-02-13 21:43 ` Kees Cook
2018-02-13 21:43 ` Kees Cook
2018-02-13 21:43 ` Kees Cook
2018-02-14 19:06 ` arm64 physmap (was Re: [kernel-hardening] [PATCH 4/6] Protectable Memory) Laura Abbott
2018-02-14 19:06 ` Laura Abbott
2018-02-14 19:06 ` Laura Abbott
2018-02-14 19:06 ` Laura Abbott
2018-02-14 19:28 ` Ard Biesheuvel
2018-02-14 19:28 ` Ard Biesheuvel
2018-02-14 19:28 ` Ard Biesheuvel
2018-02-14 19:28 ` Ard Biesheuvel
2018-02-14 20:13 ` Laura Abbott
2018-02-14 20:13 ` Laura Abbott
2018-02-14 20:13 ` Laura Abbott
2018-02-14 20:13 ` Laura Abbott
2018-02-14 19:29 ` Kees Cook
2018-02-14 19:29 ` Kees Cook
2018-02-14 19:29 ` Kees Cook
2018-02-14 19:29 ` Kees Cook
2018-02-14 19:35 ` Kees Cook
2018-02-14 19:35 ` Kees Cook
2018-02-14 19:35 ` Kees Cook
2018-02-14 19:35 ` Kees Cook
2018-02-20 16:28 ` Igor Stoppa
2018-02-20 16:28 ` Igor Stoppa
2018-02-20 16:28 ` Igor Stoppa
2018-02-20 16:28 ` Igor Stoppa
2018-02-21 22:22 ` Kees Cook
2018-02-21 22:22 ` Kees Cook
2018-02-21 22:22 ` Kees Cook
2018-02-21 22:22 ` Kees Cook
2018-02-14 19:48 ` Kees Cook
2018-02-14 19:48 ` Kees Cook
2018-02-14 19:48 ` Kees Cook
2018-02-14 19:48 ` Kees Cook
2018-02-14 22:13 ` Tycho Andersen
2018-02-14 22:13 ` Tycho Andersen
2018-02-14 22:13 ` Tycho Andersen
2018-02-14 22:13 ` Tycho Andersen
2018-02-14 22:27 ` Kees Cook
2018-02-14 22:27 ` Kees Cook
2018-02-14 22:27 ` Kees Cook
2018-02-14 22:27 ` Kees Cook
2018-02-13 15:20 ` [kernel-hardening] [PATCH 4/6] Protectable Memory Igor Stoppa
2018-02-13 15:20 ` Igor Stoppa
2018-02-13 15:20 ` Igor Stoppa
2018-02-13 15:20 ` Igor Stoppa
2018-02-13 15:20 ` [kernel-hardening] " Igor Stoppa
[not found] ` <5a83024c.64369d0a.a1e94.cdd6SMTPIN_ADDED_BROKEN@mx.google.com>
2018-02-13 18:10 ` Laura Abbott
2018-02-13 18:10 ` Laura Abbott
2018-02-13 18:10 ` Laura Abbott
2018-02-20 17:16 ` Igor Stoppa
2018-02-20 17:16 ` Igor Stoppa
2018-02-20 17:16 ` Igor Stoppa
2018-02-21 22:37 ` Kees Cook
2018-02-21 22:37 ` Kees Cook
2018-02-21 22:37 ` Kees Cook
2018-02-05 15:40 ` Christopher Lameter
2018-02-05 15:40 ` Christopher Lameter
2018-02-05 15:40 ` Christopher Lameter
2018-02-09 11:17 ` Igor Stoppa [this message]
2018-02-09 11:17 ` Igor Stoppa
2018-02-09 11:17 ` Igor Stoppa
2018-02-09 11:17 ` Igor Stoppa
2018-01-26 19:41 ` [kernel-hardening] " Igor Stoppa
2018-01-26 19:41 ` Igor Stoppa
2018-01-26 19:41 ` Igor Stoppa
2018-01-26 19:41 ` Igor Stoppa
2018-01-24 17:56 ` [kernel-hardening] [PATCH 5/6] Documentation for Pmalloc Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 19:14 ` [kernel-hardening] " Ralph Campbell
2018-01-24 19:14 ` Ralph Campbell
2018-01-24 19:14 ` Ralph Campbell
2018-01-24 19:14 ` Ralph Campbell
2018-01-25 7:53 ` [kernel-hardening] " Igor Stoppa
2018-01-25 7:53 ` Igor Stoppa
2018-01-25 7:53 ` Igor Stoppa
2018-01-25 7:53 ` Igor Stoppa
2018-01-24 17:56 ` [kernel-hardening] [PATCH 6/6] Pmalloc: self-test Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
2018-01-24 17:56 ` Igor Stoppa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4e113814-7d24-b48c-993f-46d5aee1755d@huawei.com \
--to=igor.stoppa@huawei.com \
--cc=blukashev@sempervictus.com \
--cc=cl@linux.com \
--cc=hch@infradead.org \
--cc=jannh@google.com \
--cc=jglisse@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mhocko@kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.