On Thu, 18 Jul 2024 at 05:22, Kees Cook wrote:
>
> Move the exec KUnit tests into a separate directory to avoid polluting
> the local directory namespace. Additionally update MAINTAINERS for the
> new files and mark myself as Maintainer.
>
> Signed-off-by: Kees Cook
> ---
> I'll toss this into -n
roy%40kernel.org
> > > patch subject: [PATCH 1/3] fortify: use if_changed_dep to record header
> > > dependency in *.cmd files
> > > config: i386-randconfig-004-20240716
> > > (https://download.01.org/0day-ci/archive/20240717/202407170104.dce5mksa-...@intel.com/c
On Wed, 17 Jul 2024 at 15:24, Kees Cook wrote:
>
> > In particular, this patch would make it easy to make that
> > SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE config option be a "choice"
> > where you pick "never, ptrace, always" by just changing the rules in
> > proc_is_ptracing().
>
> So the original
On Wed, Jul 17, 2024 at 11:16:56AM -0700, Linus Torvalds wrote:
> On Wed, 17 Jul 2024 at 10:23, Kees Cook wrote:
> >
> > For this to be available for general distros, I still want to have a
> > bootparam to control this, otherwise this mitigation will never see much
> > testing as most kernel depl
in-cmd-files/20240715-224820
> > base: linus/master
> > patch link:
> > https://lore.kernel.org/r/20240715144529.101634-2-masahiroy%40kernel.org
> > patch subject: [PATCH 1/3] fortify: use if_changed_dep to record header
> > dependency in *.cmd files
> > config: i
On Wed, Jul 17, 2024 at 01:53:35PM -0700, Eric Biggers wrote:
> On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> > +config SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE
> > + bool "Remove FOLL_FORCE usage from /proc/pid/mem writes"
> > + default n
> > + help
> > + This restricts FO
Move the exec KUnit tests into a separate directory to avoid polluting
the local directory namespace. Additionally update MAINTAINERS for the
new files and mark myself as Maintainer.
Signed-off-by: Kees Cook
---
I'll toss this into -next and send it to Linus before -rc1 closes.
---
Cc: Alexander
On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> +config SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE
> + bool "Remove FOLL_FORCE usage from /proc/pid/mem writes"
> + default n
> + help
> + This restricts FOLL_FORCE flag usage in procfs mem write calls
> + because it
On Wed, 17 Jul 2024 at 10:23, Kees Cook wrote:
>
> For this to be available for general distros, I still want to have a
> bootparam to control this, otherwise this mitigation will never see much
> testing as most kernel deployments don't build their own kernels. A
> simple __ro_after_init variable
On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> This simple Kconfig option removes the FOLL_FORCE flag from
> procfs write calls because it can be abused.
For this to be available for general distros, I still want to have a
bootparam to control this, otherwise this mitigation will
On Wed, Jul 17, 2024 at 1:05 AM Dhananjay Ugwekar
wrote:
...
> Sounds great!, I'll be happy to refactor the RAPL code to use the
> event.cpumask
> feature to add the per-core energy counter. Also, please let me know if you
> need
> any help from me on the perf tool side as well.
I hope to send
This simple Kconfig option removes the FOLL_FORCE flag from
procfs write calls because it can be abused.
Enabling it breaks some debuggers like GDB so it defaults off.
Previously we tried a more sophisticated approach allowing
distributions to fine-tune proc/pid/mem behaviour via both
kconfig and
On 7/17/2024 4:17 AM, Ian Rogers wrote:
> On Tue, Jul 16, 2024 at 1:42 AM Dhananjay Ugwekar
> wrote:
>>
>> Hello Ian,
>>
>> On 7/15/2024 8:52 PM, Ian Rogers wrote:
>>> On Mon, Jul 15, 2024 at 2:36 AM Dhananjay Ugwekar
>>> wrote:
Hello Ian,
On 7/12/2024 3:53 AM, Ian Rogers wrot
13 matches
Mail list logo
