Show patches with: Submitter = Kees Cook       |   421 patches
« 1 2 3 44 5 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
exec: Check __FMODE_EXEC instead of in_execve for LSMs exec: Check __FMODE_EXEC instead of in_execve for LSMs - - 1 --- 2024-01-24 Kees Cook pcmoore Handled Elsewhere
LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by - - - --- 2023-08-17 Kees Cook Handled Elsewhere
integrity: Annotate struct ima_rule_opt_list with __counted_by integrity: Annotate struct ima_rule_opt_list with __counted_by 2 1 - --- 2023-08-17 Kees Cook Handled Elsewhere
landlock: Annotate struct landlock_rule with __counted_by landlock: Annotate struct landlock_rule with __counted_by - 2 - --- 2023-08-17 Kees Cook Handled Elsewhere
apparmor: aa_buffer: Convert 1-element array to flexible array apparmor: aa_buffer: Convert 1-element array to flexible array 1 - - --- 2023-05-11 Kees Cook Handled Elsewhere
[GIT,PULL] kernel hardening fixes for v6.2-rc1 [GIT,PULL] kernel hardening fixes for v6.2-rc1 - - - --- 2022-12-23 Kees Cook Handled Elsewhere
[GIT,PULL] kernel hardening fixes for v6.1-rc1 [GIT,PULL] kernel hardening fixes for v6.1-rc1 - - - --- 2022-12-23 Kees Cook Handled Elsewhere
[4/4] LoadPin: Allow filesystem switch when not enforcing LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[3/4] LoadPin: Move pin reporting cleanly out of locking LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[2/4] LoadPin: Refactor sysctl initialization LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[1/4] LoadPin: Refactor read-only check into a helper LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
LoadPin: Ignore the "contents" argument of the LSM hooks LoadPin: Ignore the "contents" argument of the LSM hooks 1 - - --- 2022-12-09 Kees Cook pcmoore Handled Elsewhere
[v2] LSM: Better reporting of actual LSMs at boot [v2] LSM: Better reporting of actual LSMs at boot 2 - - --- 2022-11-02 Kees Cook pcmoore Accepted
LSM: Better reporting of actual LSMs at boot LSM: Better reporting of actual LSMs at boot - - - --- 2022-10-18 Kees Cook pcmoore Changes Requested
[9/9] integrity: Move integrity_inode_get() out of global header integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[8/9] integrity: Move trivial hooks into LSM integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[7/9] ima: Move ima_file_check() into LSM integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[6/9] fs: Introduce file_to_perms() helper integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[5/9] LSM: Introduce inode_post_setattr hook integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[4/9] ima: Move ima_file_free() into LSM integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[3/9] ima: Move xattr hooks into LSM integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[2/9] security: Move trivial IMA hooks into LSM integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[1/9] integrity: Prepare for having "ima" and "evm" available in "integrity" LSM integrity: Move hooks into LSM - - - --- 2022-10-13 Kees Cook pcmoore Superseded
[2/2] exec: Remove LSM_UNSAFE_SHARE [1/2] fs/exec: Explicitly unshare fs_struct on exec - - - --- 2022-10-06 Kees Cook Handled Elsewhere
[1/2] fs/exec: Explicitly unshare fs_struct on exec [1/2] fs/exec: Explicitly unshare fs_struct on exec - - - --- 2022-10-06 Kees Cook Handled Elsewhere
[0/2] fs/exec: Explicitly unshare fs_struct on exec - - - --- 2022-10-06 Kees Cook Handled Elsewhere
[GIT,PULL] hardening fixes for v6.0-rc2 [GIT,PULL] hardening fixes for v6.0-rc2 - - - --- 2022-08-19 Kees Cook Handled Elsewhere
[v2] big_keys: Use struct for internal payload [v2] big_keys: Use struct for internal payload - - - --- 2022-05-10 Kees Cook New
big_keys: Use struct for internal payload big_keys: Use struct for internal payload - - - --- 2022-05-08 Kees Cook New
[32/32] esas2r: Use __mem_to_flex() with struct atto_ioctl Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[31/32] xenbus: Use mem_to_flex_dup() with struct read_buffer Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[30/32] usb: gadget: f_fs: Use mem_to_flex_dup() with struct ffs_buffer Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[29/32] xtensa: Use mem_to_flex_dup() with struct property Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[28/32] selinux: Use mem_to_flex_dup() with xfrm and sidtab Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[27/32] KEYS: Use mem_to_flex_dup() with struct user_key_payload Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[26/32] ima: Use mem_to_flex_dup() with struct modsig Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[25/32] Drivers: hv: utils: Use mem_to_flex_dup() with struct cn_msg Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[24/32] IB/hfi1: Use mem_to_flex_dup() for struct tid_rb_node Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[23/32] Bluetooth: Use mem_to_flex_dup() with struct hci_op_configure_data_path Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[22/32] atags_proc: Use mem_to_flex_dup() with struct buffer Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[21/32] soc: qcom: apr: Use mem_to_flex_dup() with struct apr_rx_buf Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[20/32] ASoC: sigmadsp: Use mem_to_flex_dup() with struct sigmadsp_data Introduce flexible array struct memcpy() helpers 1 - - --- 2022-05-04 Kees Cook New
[19/32] afs: Use mem_to_flex_dup() with struct afs_acl Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[18/32] firewire: Use __mem_to_flex_dup() with struct iso_interrupt_event Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[17/32] net/flow_offload: Use mem_to_flex_dup() with struct flow_action_cookie Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[16/32] 802/mrp: Use mem_to_flex_dup() with struct mrp_attr Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[15/32] 802/garp: Use mem_to_flex_dup() with struct garp_attr Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[14/32] af_unix: Use mem_to_flex_dup() with struct unix_address Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[13/32] mac80211: Use mem_to_flex_dup() with several structs Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[12/32] cfg80211: Use mem_to_flex_dup() with struct cfg80211_bss_ies Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[11/32] nl80211: Use mem_to_flex_dup() with struct cfg80211_cqm_config Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[10/32] wcn36xx: Use mem_to_flex_dup() with struct wcn36xx_hal_ind_msg Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[09/32] p54: Use mem_to_flex_dup() with struct p54_cal_database Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[08/32] iwlwifi: mvm: Use mem_to_flex_dup() with struct ieee80211_key_conf Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[07/32] iwlwifi: calib: Use mem_to_flex_dup() with struct iwl_calib_result Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[06/32] iwlwifi: calib: Prepare to use mem_to_flex_dup() Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[05/32] brcmfmac: Use mem_to_flex_dup() with struct brcmf_fweh_queue_item Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[04/32] fortify: Add run-time WARN for cross-field memcpy() Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[03/32] flex_array: Add Kunit tests Introduce flexible array struct memcpy() helpers - 1 - --- 2022-05-04 Kees Cook New
[02/32] Introduce flexible array struct memcpy() helpers Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[01/32] netlink: Avoid memcpy() across flexible array boundary Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook New
[4/4,v5] fortify: Add Clang support fortify: Add Clang support - - - --- 2022-02-02 Kees Cook New
[3/4] Compiler Attributes: Add __diagnose_as fortify: Add Clang support - - - --- 2022-02-02 Kees Cook New
[2/4] Compiler Attributes: Add __overloadable fortify: Add Clang support - - - --- 2022-02-02 Kees Cook New
[1/4] Compiler Attributes: Add Clang's __pass_object_size fortify: Add Clang support - - - --- 2022-02-02 Kees Cook New
[GIT,PULL] hardening updates for v5.16-rc1 [GIT,PULL] hardening updates for v5.16-rc1 - - - --- 2021-11-01 Kees Cook New
[2/2] gcc-plugins: Remove cyc_complexity gcc-plugins: Explicitly document purpose and deprecation schedule - 2 - --- 2021-10-20 Kees Cook New
[1/2] gcc-plugins: Explicitly document purpose and deprecation schedule gcc-plugins: Explicitly document purpose and deprecation schedule - 2 - --- 2021-10-20 Kees Cook New
LSM: Avoid warnings about potentially unused hook variables LSM: Avoid warnings about potentially unused hook variables 2 - - --- 2021-10-13 Kees Cook New
[v2] hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO [v2] hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO 1 2 - --- 2021-09-14 Kees Cook New
landlock: Drop "const" argument qualifier to avoid GCC 4.9 warnings landlock: Drop "const" argument qualifier to avoid GCC 4.9 warnings - - - --- 2021-09-10 Kees Cook New
[GIT,PULL] hardening updates for v5.15-rc1 [GIT,PULL] hardening updates for v5.15-rc1 - - - --- 2021-08-30 Kees Cook New
hardening: Clarify Kconfig text for auto-var-init hardening: Clarify Kconfig text for auto-var-init 1 - - --- 2021-07-20 Kees Cook New
[v2] hardening: Introduce CONFIG_ZERO_CALL_USED_REGS [v2] hardening: Introduce CONFIG_ZERO_CALL_USED_REGS - - - --- 2021-07-14 Kees Cook New
proc: Check /proc/$pid/attr/ writes against file opener proc: Check /proc/$pid/attr/ writes against file opener - - - --- 2021-05-25 Kees Cook New
Makefile: Introduce CONFIG_ZERO_CALL_USED_REGS Makefile: Introduce CONFIG_ZERO_CALL_USED_REGS - - - --- 2021-05-05 Kees Cook New
LoadPin: Allow filesystem switch when not enforcing LoadPin: Allow filesystem switch when not enforcing - - - --- 2021-04-08 Kees Cook New
[v5,16/16] test_firmware: Test partial read support Introduce partial kernel_read_file() support - - - --- 2020-10-02 Kees Cook New
[v5,15/16] firmware: Add request_partial_firmware_into_buf() Introduce partial kernel_read_file() support - - - --- 2020-10-02 Kees Cook New
[v5,14/16] firmware: Store opt_flags in fw_priv Introduce partial kernel_read_file() support - - - --- 2020-10-02 Kees Cook New
[v5,13/16] fs/kernel_file_read: Add "offset" arg for partial reads Introduce partial kernel_read_file() support - - - --- 2020-10-02 Kees Cook New
[v5,12/16] IMA: Add support for file reads without contents Introduce partial kernel_read_file() support - 1 - --- 2020-10-02 Kees Cook New
[v5,11/16] LSM: Add "contents" flag to kernel_read_file hook Introduce partial kernel_read_file() support - 2 - --- 2020-10-02 Kees Cook New
[v5,10/16] module: Call security_kernel_post_load_data() Introduce partial kernel_read_file() support 1 2 - --- 2020-10-02 Kees Cook New
[v5,09/16] firmware_loader: Use security_post_load_data() Introduce partial kernel_read_file() support - 1 - --- 2020-10-02 Kees Cook New
[v5,08/16] LSM: Introduce kernel_post_load_data() hook Introduce partial kernel_read_file() support - 1 - --- 2020-10-02 Kees Cook New
[v5,07/16] fs/kernel_read_file: Add file_size output argument Introduce partial kernel_read_file() support 1 3 - --- 2020-10-02 Kees Cook New
[v5,06/16] fs/kernel_read_file: Switch buffer size arg to size_t Introduce partial kernel_read_file() support 1 3 - --- 2020-10-02 Kees Cook New
[v5,05/16] fs/kernel_read_file: Remove redundant size argument Introduce partial kernel_read_file() support 1 3 - --- 2020-10-02 Kees Cook New
[v5,04/16] fs/kernel_read_file: Split into separate source file Introduce partial kernel_read_file() support 1 3 - --- 2020-10-02 Kees Cook New
[v5,03/16] fs/kernel_read_file: Split into separate include file Introduce partial kernel_read_file() support 2 3 - --- 2020-10-02 Kees Cook New
[v5,02/16] fs/kernel_read_file: Remove FIRMWARE_EFI_EMBEDDED enum Introduce partial kernel_read_file() support 1 1 - --- 2020-10-02 Kees Cook New
[v5,01/16] fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum Introduce partial kernel_read_file() support 1 3 - --- 2020-10-02 Kees Cook New
[RFC,6/6] security/fbfam: Mitigate a fork brute force attack Fork brute force attack mitigation (fbfam) - - - --- 2020-09-10 Kees Cook New
[RFC,5/6] security/fbfam: Detect a fork brute force attack Fork brute force attack mitigation (fbfam) - - - --- 2020-09-10 Kees Cook New
[RFC,4/6] security/fbfam: Add a new sysctl to control the crashing rate threshold Fork brute force attack mitigation (fbfam) - - - --- 2020-09-10 Kees Cook New
[RFC,3/6] security/fbfam: Use the api to manage statistics Fork brute force attack mitigation (fbfam) - - - --- 2020-09-10 Kees Cook New
[RFC,2/6] security/fbfam: Add the api to manage statistics Fork brute force attack mitigation (fbfam) - - - --- 2020-09-10 Kees Cook New
[RFC,1/6] security/fbfam: Add a Kconfig to enable the fbfam feature Fork brute force attack mitigation (fbfam) - - - --- 2020-09-10 Kees Cook New
[v4,17/17] test_firmware: Test partial read support Introduce partial kernel_read_file() support - - - --- 2020-07-29 Kees Cook New
« 1 2 3 44 5 »