|
Message-ID: <20161020131350.GA18331@thigreal> Date: Thu, 20 Oct 2016 16:13:50 +0300 From: Hans Liljestrand <ishkamiel@...il.com> To: kernel-hardening@...ts.openwall.com Cc: keescook@...omium.org, Elena Reshetova <elena.reshetova@...el.com> Subject: Re: [RFC v2 PATCH 00/13] HARDENED_ATOMIC On Thu, Oct 20, 2016 at 01:25:18PM +0300, Elena Reshetova wrote: > Changes since RFC v1: > > - documentation added: Documentation/security/hardened-atomic.txt > - percpu-refcount diversion from PaX/Grsecurity explained better > - arch. independent base has full functional coverage for atomic, > atomic-long and atomic64 types. > - arch. independent base is better structured and organized > - lkdtm: tests are now defined using macros > - x86 implementation added for missing functions > - fixed trap handling on x86 and overall reporting > - many small polishing and fixes > > Open items: > > - performance measurements: we are still waiting for numbers > - arch. independent implementation doesn't have coverage for > local_wrap_t type in cases when include/asm-generic/local.h > is not used (meaning architecture does provide its implementation > but does not yet provide *_wrap functions). We haven't yet > find a nice way of doing it in arch. independent definitions, > since some kernel code includes asm/local.h directly and we > are not sure where to place new definitions (new file under > inlcude/linux/local_wrap.h (to be inline with include/linux/ > atomic.h) + definition of local_wrap_t to include/linux/types.h?) > Ideas and suggestions on this are very warlmy welcomed! > > Compilation and testing results: > > - CONFIG_HARDENED_ATOMIC=y, arch=x86_64 or x86_32, full x86 coverage implementation: compiles, lkdtm atomic tests PASS > - CONFIG_HARDENED_ATOMIC=n, arch=x86_64 or x86_32, full x86 coverage implementation: compiles, feature not enabled, so tests not run > - CONFIG_HARDENED_ATOMIC=n, arch=x86_64 or x86_32, with x86 hardening implementation removed > (simulate not implemented for arch. case): compile does not yet pass due to issues with local_wrap_t decribed above As noted our current implementation fails on local_t without arch support (at least in kernel/trace/ring_buffer.c where local_wrap_t is used). It seems that local_t is almost never used, which is also what the related documentation recommends (at Documentation/local_ops.txt). I would be inclined to drop local_t support and switch the generic implementation to use atomic_long_wrap_t instead of atomic_long_t. So my question is then, do we actually want to provide a protected version of local_t, or can we just drop this support? > > This series brings the PaX/Grsecurity PAX_REFCOUNT > feature support to the upstream kernel. All credit for the > feature goes to the feature authors. > > The name of the upstream feature is HARDENED_ATOMIC > and it is configured using CONFIG_HARDENED_ATOMIC and > HAVE_ARCH_HARDENED_ATOMIC. > > This series only adds x86 support; other architectures are expected > to add similar support gradually. I have some worries on the generic arch independent implementation of atomic64_t/atomic64_wrap_t (include/asm-generic/atomic64.h). We provide _wrap versions for atomic64, but protection is dependant on arch implementation and config. That is, one could possibly implement HARDENED_ATOMIC support while leaving atomic64_t unprotected depending on specific configs, for instance by then defaulting to CONFIG_GENERIC_ATOMIC64 (in linuc/hardened/atomic.h:676). Or maybe I'm just under-/overthinking this? My concern is that this is a very easy place to include errors and inconsistencies. We've been trying to cleanly fix this, but haven't really found a satisfactory solution (e.g. one that actually works on different configs/arcs and isn't a horrible mess). I recall that the hardened_atomic ARM implementation already faced issues with atomic64, so this seems to be a real cause for problems. Any suggestions on how to do this more cleanly? In contrast to local_t issue, atomic64_t is in fact directly used in several places, including some that we patch to use atomic64_wrap_t. The atomic_(long)_t implementation is also possibly intertwined with atomic64_t, so I doubt just dropping bare atomic64_t protections is a viable solution. On that note, our lkdtm test are still lacking atomic64 tests, which would probably be good idea to add. Best Regards, -hans > > More information about the feature can be found in the following > commit messages. > > Special thank you goes to Kees Cook for pre-reviwing this feature > and all the valuable feedback he provided to us. > > David Windsor (7): > kernel: identify wrapping atomic usage > mm: identify wrapping atomic usage > fs: identify wrapping atomic usage > net: identify wrapping atomic usage > security: identify wrapping atomic usage > drivers: identify wrapping atomic usage (part 1/2) > drivers: identify wrapping atomic usage (part 2/2) > > Elena Reshetova (2): > Add architecture independent hardened atomic base > x86: implementation for HARDENED_ATOMIC > > Hans Liljestrand (4): > percpu-refcount: leave atomic counter unprotected > net: atm: identify wrapping atomic usage > x86: identify wrapping atomic usage > lkdtm: add tests for atomic over-/underflow > > Documentation/security/hardened-atomic.txt | 141 +++++++++ > arch/x86/Kconfig | 1 + > arch/x86/include/asm/atomic.h | 323 ++++++++++++++++++++- > arch/x86/include/asm/atomic64_32.h | 201 ++++++++++++- > arch/x86/include/asm/atomic64_64.h | 228 ++++++++++++++- > arch/x86/include/asm/bitops.h | 8 +- > arch/x86/include/asm/cmpxchg.h | 39 +++ > arch/x86/include/asm/hw_irq.h | 4 +- > arch/x86/include/asm/local.h | 89 +++++- > arch/x86/include/asm/preempt.h | 2 +- > arch/x86/include/asm/rmwcc.h | 82 +++++- > arch/x86/include/asm/rwsem.h | 50 ++++ > arch/x86/kernel/apic/apic.c | 2 +- > arch/x86/kernel/apic/io_apic.c | 4 +- > arch/x86/kernel/cpu/mcheck/mce.c | 12 +- > arch/x86/kernel/i8259.c | 2 +- > arch/x86/kernel/irq.c | 8 +- > arch/x86/kernel/kgdb.c | 6 +- > arch/x86/kernel/pvclock.c | 8 +- > arch/x86/kernel/tboot.c | 8 +- > arch/x86/kernel/traps.c | 4 + > arch/x86/lib/atomic64_386_32.S | 135 +++++++++ > arch/x86/lib/atomic64_cx8_32.S | 78 ++++- > arch/x86/mm/mmio-mod.c | 4 +- > drivers/acpi/apei/ghes.c | 4 +- > drivers/ata/libata-core.c | 5 +- > drivers/ata/libata-scsi.c | 2 +- > drivers/ata/libata.h | 2 +- > drivers/atm/adummy.c | 2 +- > drivers/atm/ambassador.c | 8 +- > drivers/atm/atmtcp.c | 14 +- > drivers/atm/eni.c | 10 +- > drivers/atm/firestream.c | 8 +- > drivers/atm/fore200e.c | 14 +- > drivers/atm/he.c | 18 +- > drivers/atm/horizon.c | 4 +- > drivers/atm/idt77252.c | 36 +-- > drivers/atm/iphase.c | 34 +-- > drivers/atm/lanai.c | 12 +- > drivers/atm/nicstar.c | 47 +-- > drivers/atm/solos-pci.c | 4 +- > drivers/atm/suni.c | 5 +- > drivers/atm/uPD98402.c | 16 +- > drivers/atm/zatm.c | 7 +- > drivers/base/power/wakeup.c | 8 +- > drivers/block/drbd/drbd_bitmap.c | 2 +- > drivers/block/drbd/drbd_int.h | 9 +- > drivers/block/drbd/drbd_main.c | 15 +- > drivers/block/drbd/drbd_nl.c | 16 +- > drivers/block/drbd/drbd_receiver.c | 34 +-- > drivers/block/drbd/drbd_worker.c | 8 +- > drivers/char/ipmi/ipmi_msghandler.c | 8 +- > drivers/char/ipmi/ipmi_si_intf.c | 8 +- > drivers/crypto/hifn_795x.c | 4 +- > drivers/edac/edac_device.c | 4 +- > drivers/edac/edac_pci.c | 4 +- > drivers/edac/edac_pci_sysfs.c | 20 +- > drivers/firewire/core-card.c | 4 +- > drivers/firmware/efi/cper.c | 8 +- > drivers/gpio/gpio-vr41xx.c | 2 +- > drivers/gpu/drm/i810/i810_drv.h | 4 +- > drivers/gpu/drm/mga/mga_drv.h | 4 +- > drivers/gpu/drm/mga/mga_irq.c | 9 +- > drivers/gpu/drm/qxl/qxl_cmd.c | 12 +- > drivers/gpu/drm/qxl/qxl_debugfs.c | 8 +- > drivers/gpu/drm/qxl/qxl_drv.h | 8 +- > drivers/gpu/drm/qxl/qxl_irq.c | 16 +- > drivers/gpu/drm/r128/r128_cce.c | 2 +- > drivers/gpu/drm/r128/r128_drv.h | 4 +- > drivers/gpu/drm/r128/r128_irq.c | 4 +- > drivers/gpu/drm/r128/r128_state.c | 4 +- > drivers/gpu/drm/via/via_drv.h | 4 +- > drivers/gpu/drm/via/via_irq.c | 18 +- > drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +- > drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 6 +- > drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +- > drivers/hid/hid-core.c | 4 +- > drivers/hv/channel.c | 4 +- > drivers/hv/hv_balloon.c | 19 +- > drivers/hv/hyperv_vmbus.h | 2 +- > drivers/hwmon/sht15.c | 12 +- > drivers/infiniband/core/cm.c | 52 ++-- > drivers/infiniband/core/fmr_pool.c | 23 +- > drivers/infiniband/hw/cxgb4/mem.c | 4 +- > drivers/infiniband/hw/mlx4/mad.c | 2 +- > drivers/infiniband/hw/mlx4/mcg.c | 2 +- > drivers/infiniband/hw/mlx4/mlx4_ib.h | 2 +- > drivers/infiniband/hw/nes/nes.c | 4 +- > drivers/infiniband/hw/nes/nes.h | 40 +-- > drivers/infiniband/hw/nes/nes_cm.c | 62 ++-- > drivers/infiniband/hw/nes/nes_mgt.c | 8 +- > drivers/infiniband/hw/nes/nes_nic.c | 40 +-- > drivers/infiniband/hw/nes/nes_verbs.c | 10 +- > drivers/input/gameport/gameport.c | 4 +- > drivers/input/input.c | 4 +- > drivers/input/misc/ims-pcu.c | 4 +- > drivers/input/serio/serio.c | 4 +- > drivers/input/serio/serio_raw.c | 4 +- > drivers/isdn/capi/capi.c | 11 +- > drivers/md/dm-core.h | 4 +- > drivers/md/dm-raid.c | 3 +- > drivers/md/dm-raid1.c | 18 +- > drivers/md/dm-stripe.c | 11 +- > drivers/md/dm.c | 12 +- > drivers/md/md.c | 32 ++- > drivers/md/md.h | 15 +- > drivers/md/raid1.c | 8 +- > drivers/md/raid10.c | 20 +- > drivers/md/raid5.c | 17 +- > drivers/media/pci/ivtv/ivtv-driver.c | 2 +- > drivers/media/pci/solo6x10/solo6x10-p2m.c | 3 +- > drivers/media/pci/solo6x10/solo6x10.h | 2 +- > drivers/media/pci/tw68/tw68-core.c | 2 +- > drivers/media/radio/radio-maxiradio.c | 2 +- > drivers/media/radio/radio-shark.c | 2 +- > drivers/media/radio/radio-shark2.c | 2 +- > drivers/media/radio/radio-si476x.c | 2 +- > drivers/media/v4l2-core/v4l2-device.c | 4 +- > drivers/misc/lis3lv02d/lis3lv02d.c | 8 +- > drivers/misc/lis3lv02d/lis3lv02d.h | 2 +- > drivers/misc/lkdtm.h | 17 ++ > drivers/misc/lkdtm_bugs.c | 122 ++++++-- > drivers/misc/lkdtm_core.c | 17 ++ > drivers/misc/sgi-gru/gruhandles.c | 4 +- > drivers/misc/sgi-gru/gruprocfs.c | 8 +- > drivers/misc/sgi-gru/grutables.h | 158 +++++----- > drivers/net/hyperv/hyperv_net.h | 2 +- > drivers/net/hyperv/rndis_filter.c | 4 +- > drivers/net/ipvlan/ipvlan_core.c | 2 +- > drivers/net/macvlan.c | 2 +- > drivers/net/usb/sierra_net.c | 4 +- > drivers/net/wireless/ralink/rt2x00/rt2x00.h | 2 +- > drivers/net/wireless/ralink/rt2x00/rt2x00queue.c | 4 +- > drivers/oprofile/buffer_sync.c | 8 +- > drivers/oprofile/event_buffer.c | 2 +- > drivers/oprofile/oprof.c | 2 +- > drivers/oprofile/oprofile_stats.c | 10 +- > drivers/oprofile/oprofile_stats.h | 10 +- > drivers/oprofile/oprofilefs.c | 8 +- > drivers/regulator/core.c | 4 +- > drivers/scsi/fcoe/fcoe_sysfs.c | 12 +- > drivers/scsi/libfc/fc_exch.c | 54 ++-- > drivers/scsi/lpfc/lpfc.h | 8 +- > drivers/scsi/lpfc/lpfc_debugfs.c | 18 +- > drivers/scsi/lpfc/lpfc_scsi.c | 10 +- > drivers/scsi/pmcraid.c | 24 +- > drivers/scsi/pmcraid.h | 8 +- > drivers/scsi/qla4xxx/ql4_def.h | 3 +- > drivers/scsi/qla4xxx/ql4_os.c | 7 +- > drivers/scsi/scsi_lib.c | 8 +- > drivers/scsi/scsi_sysfs.c | 2 +- > drivers/scsi/scsi_transport_fc.c | 6 +- > drivers/scsi/scsi_transport_iscsi.c | 7 +- > drivers/scsi/scsi_transport_srp.c | 6 +- > drivers/scsi/sd.c | 2 +- > drivers/target/sbp/sbp_target.c | 4 +- > drivers/tty/hvc/hvsi.c | 12 +- > drivers/tty/hvc/hvsi_lib.c | 4 +- > drivers/tty/serial/ioc4_serial.c | 6 +- > drivers/tty/serial/msm_serial.c | 4 +- > drivers/uio/uio.c | 13 +- > drivers/usb/atm/usbatm.c | 24 +- > drivers/usb/core/devices.c | 6 +- > drivers/usb/core/hcd.c | 4 +- > drivers/usb/core/sysfs.c | 2 +- > drivers/usb/core/usb.c | 2 +- > drivers/usb/host/ehci-hub.c | 4 +- > drivers/usb/misc/appledisplay.c | 4 +- > drivers/usb/usbip/vhci.h | 2 +- > drivers/usb/usbip/vhci_hcd.c | 6 +- > drivers/usb/usbip/vhci_rx.c | 2 +- > drivers/usb/wusbcore/wa-hc.h | 4 +- > drivers/usb/wusbcore/wa-xfer.c | 2 +- > drivers/video/fbdev/hyperv_fb.c | 4 +- > drivers/video/fbdev/udlfb.c | 32 +-- > fs/afs/inode.c | 4 +- > fs/btrfs/delayed-inode.c | 6 +- > fs/btrfs/delayed-inode.h | 4 +- > fs/cachefiles/daemon.c | 4 +- > fs/cachefiles/internal.h | 16 +- > fs/cachefiles/namei.c | 6 +- > fs/cachefiles/proc.c | 12 +- > fs/ceph/super.c | 4 +- > fs/cifs/cifs_debug.c | 14 +- > fs/cifs/cifsfs.c | 4 +- > fs/cifs/cifsglob.h | 55 ++-- > fs/cifs/misc.c | 4 +- > fs/cifs/smb1ops.c | 80 +++--- > fs/cifs/smb2ops.c | 84 +++--- > fs/coda/cache.c | 10 +- > fs/coredump.c | 6 +- > fs/ext4/ext4.h | 20 +- > fs/ext4/mballoc.c | 44 +-- > fs/fscache/cookie.c | 40 +-- > fs/fscache/internal.h | 202 ++++++------- > fs/fscache/object.c | 26 +- > fs/fscache/operation.c | 38 +-- > fs/fscache/page.c | 110 +++---- > fs/fscache/stats.c | 348 +++++++++++------------ > fs/inode.c | 5 +- > fs/kernfs/file.c | 12 +- > fs/lockd/clntproc.c | 4 +- > fs/namespace.c | 4 +- > fs/nfs/inode.c | 6 +- > fs/notify/notification.c | 4 +- > fs/ocfs2/localalloc.c | 2 +- > fs/ocfs2/ocfs2.h | 10 +- > fs/ocfs2/suballoc.c | 12 +- > fs/ocfs2/super.c | 20 +- > fs/proc/meminfo.c | 2 +- > fs/quota/netlink.c | 4 +- > fs/reiserfs/do_balan.c | 2 +- > fs/reiserfs/procfs.c | 2 +- > fs/reiserfs/reiserfs.h | 4 +- > include/asm-generic/atomic-long.h | 264 ++++++++++++++--- > include/asm-generic/atomic.h | 56 ++++ > include/asm-generic/atomic64.h | 13 + > include/asm-generic/bug.h | 7 + > include/asm-generic/local.h | 15 + > include/linux/atmdev.h | 2 +- > include/linux/atomic.h | 114 ++++++++ > include/linux/blktrace_api.h | 2 +- > include/linux/fscache-cache.h | 2 +- > include/linux/genhd.h | 2 +- > include/linux/irqdesc.h | 2 +- > include/linux/kgdb.h | 2 +- > include/linux/mm.h | 2 +- > include/linux/mmzone.h | 4 +- > include/linux/netdevice.h | 8 +- > include/linux/oprofile.h | 2 +- > include/linux/padata.h | 2 +- > include/linux/percpu-refcount.h | 18 +- > include/linux/perf_event.h | 10 +- > include/linux/sched.h | 2 +- > include/linux/slab_def.h | 8 +- > include/linux/sonet.h | 2 +- > include/linux/sunrpc/svc_rdma.h | 18 +- > include/linux/swapops.h | 10 +- > include/linux/types.h | 17 ++ > include/linux/uio_driver.h | 2 +- > include/linux/usb.h | 2 +- > include/linux/vmstat.h | 38 +-- > include/media/v4l2-device.h | 2 +- > include/net/bonding.h | 2 +- > include/net/caif/cfctrl.h | 4 +- > include/net/flow.h | 2 +- > include/net/gro_cells.h | 2 +- > include/net/inetpeer.h | 3 +- > include/net/ip_fib.h | 2 +- > include/net/ip_vs.h | 4 +- > include/net/iucv/af_iucv.h | 2 +- > include/net/net_namespace.h | 12 +- > include/net/netns/ipv4.h | 4 +- > include/net/netns/ipv6.h | 4 +- > include/net/netns/xfrm.h | 2 +- > include/net/sock.h | 8 +- > include/net/tcp.h | 2 +- > include/net/xfrm.h | 2 +- > include/scsi/scsi_device.h | 6 +- > include/video/udlfb.h | 12 +- > kernel/audit.c | 8 +- > kernel/auditsc.c | 4 +- > kernel/debug/debug_core.c | 16 +- > kernel/events/core.c | 27 +- > kernel/irq/manage.c | 2 +- > kernel/irq/spurious.c | 2 +- > kernel/locking/lockdep.c | 2 +- > kernel/padata.c | 4 +- > kernel/panic.c | 11 + > kernel/profile.c | 14 +- > kernel/rcu/rcutorture.c | 61 ++-- > kernel/rcu/tree.c | 36 +-- > kernel/rcu/tree.h | 10 +- > kernel/rcu/tree_exp.h | 2 +- > kernel/rcu/tree_plugin.h | 12 +- > kernel/rcu/tree_trace.c | 14 +- > kernel/sched/auto_group.c | 4 +- > kernel/time/timer_stats.c | 11 +- > kernel/trace/blktrace.c | 6 +- > kernel/trace/ftrace.c | 4 +- > kernel/trace/ring_buffer.c | 98 +++---- > kernel/trace/trace_clock.c | 4 +- > kernel/trace/trace_functions_graph.c | 4 +- > kernel/trace/trace_mmiotrace.c | 8 +- > lib/percpu-refcount.c | 12 +- > lib/show_mem.c | 3 +- > mm/backing-dev.c | 4 +- > mm/memory-failure.c | 2 +- > mm/slab.c | 16 +- > mm/sparse.c | 2 +- > mm/swapfile.c | 12 +- > mm/vmstat.c | 26 +- > net/atm/atm_misc.c | 8 +- > net/atm/proc.c | 8 +- > net/atm/resources.c | 4 +- > net/batman-adv/bat_iv_ogm.c | 8 +- > net/batman-adv/fragmentation.c | 3 +- > net/batman-adv/soft-interface.c | 6 +- > net/batman-adv/types.h | 6 +- > net/caif/cfctrl.c | 11 +- > net/ceph/messenger.c | 4 +- > net/core/datagram.c | 2 +- > net/core/dev.c | 18 +- > net/core/flow.c | 9 +- > net/core/net-sysfs.c | 2 +- > net/core/netpoll.c | 4 +- > net/core/rtnetlink.c | 2 +- > net/core/sock.c | 14 +- > net/core/sock_diag.c | 8 +- > net/ipv4/devinet.c | 4 +- > net/ipv4/fib_frontend.c | 6 +- > net/ipv4/fib_semantics.c | 2 +- > net/ipv4/inet_connection_sock.c | 4 +- > net/ipv4/inet_timewait_sock.c | 3 +- > net/ipv4/inetpeer.c | 2 +- > net/ipv4/ip_fragment.c | 2 +- > net/ipv4/ping.c | 2 +- > net/ipv4/raw.c | 5 +- > net/ipv4/route.c | 12 +- > net/ipv4/tcp_input.c | 2 +- > net/ipv4/udp.c | 10 +- > net/ipv6/addrconf.c | 7 +- > net/ipv6/af_inet6.c | 2 +- > net/ipv6/datagram.c | 2 +- > net/ipv6/ip6_fib.c | 4 +- > net/ipv6/raw.c | 6 +- > net/ipv6/udp.c | 6 +- > net/iucv/af_iucv.c | 5 +- > net/key/af_key.c | 4 +- > net/l2tp/l2tp_eth.c | 38 +-- > net/netfilter/ipvs/ip_vs_conn.c | 6 +- > net/netfilter/ipvs/ip_vs_core.c | 8 +- > net/netfilter/ipvs/ip_vs_ctl.c | 12 +- > net/netfilter/ipvs/ip_vs_sync.c | 6 +- > net/netfilter/ipvs/ip_vs_xmit.c | 4 +- > net/netfilter/nfnetlink_log.c | 4 +- > net/netfilter/xt_statistic.c | 9 +- > net/netlink/af_netlink.c | 4 +- > net/packet/af_packet.c | 4 +- > net/phonet/pep.c | 6 +- > net/phonet/socket.c | 2 +- > net/rds/cong.c | 6 +- > net/rds/ib.h | 2 +- > net/rds/ib_cm.c | 2 +- > net/rds/ib_recv.c | 4 +- > net/rxrpc/af_rxrpc.c | 2 +- > net/rxrpc/ar-internal.h | 4 +- > net/rxrpc/call_object.c | 2 +- > net/rxrpc/conn_event.c | 4 +- > net/rxrpc/conn_object.c | 2 +- > net/rxrpc/local_object.c | 2 +- > net/rxrpc/output.c | 4 +- > net/rxrpc/peer_object.c | 2 +- > net/rxrpc/proc.c | 2 +- > net/rxrpc/rxkad.c | 4 +- > net/sched/sch_generic.c | 4 +- > net/sctp/sctp_diag.c | 2 +- > net/sunrpc/auth_gss/svcauth_gss.c | 4 +- > net/sunrpc/sched.c | 4 +- > net/sunrpc/xprtrdma/svc_rdma.c | 36 +-- > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- > net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +- > net/sunrpc/xprtrdma/svc_rdma_transport.c | 2 +- > net/xfrm/xfrm_policy.c | 11 +- > net/xfrm/xfrm_state.c | 4 +- > security/Kconfig | 19 ++ > security/integrity/ima/ima.h | 4 +- > security/integrity/ima/ima_api.c | 2 +- > security/integrity/ima/ima_fs.c | 4 +- > security/integrity/ima/ima_queue.c | 2 +- > security/selinux/avc.c | 7 +- > security/selinux/include/xfrm.h | 2 +- > 373 files changed, 3964 insertions(+), 2035 deletions(-) > create mode 100644 Documentation/security/hardened-atomic.txt > > -- > 2.7.4 >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.