Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1413716imw; Tue, 5 Jul 2022 09:02:47 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sQmyuU3ng+o0qalUqHsyRlAVVHvv9Fl/sFanbw698QypMXcjwkSO4ToplmeoZYb8nJ+o+w X-Received: by 2002:aa7:cb05:0:b0:439:aa77:6193 with SMTP id s5-20020aa7cb05000000b00439aa776193mr27761239edt.368.1657036966933; Tue, 05 Jul 2022 09:02:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657036966; cv=none; d=google.com; s=arc-20160816; b=zHrFKLN8WcwnRx3IGKRO8RzpJEXuXv7vap0vsvMNNgjREQZ8XyR7Wwj+OYHjUvIalQ vFmumyQrAGDOCXElXVxLfeaD6uyyqj8ocFz/oB52RDUxZryXHlkOSgDLaTYL/AfZmsL8 oiNPC+e7jnKv3tJBl3ix8RmaNhl8UVWsZPvsRTwmRd3sHYshhespwBkBDwVFYVWjXVnI cWEVoJxuy/IsGqYgyE+HQ04Of3eA76/gT7JBSZBA4t73Gq/ENeKz+K7F4kmvHufwdewv 22QdRAkXnzPFh52bG8mTEd6oF6SR9KgYs8PWPSF7Dehm+XUWwLCnQYn6QalREFD3FO3E xomw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=512StgyDwiCQ2s0I6TMuM5F7d+KaI64DKpDdd5XCcd4=; b=dF5REKcGSdVJAFjkeBU8n2T/Q+0YCCxK65LYRqolWvbUlyEfdexpM76JZ2lVaFiCdK 0ChUYjdjohaE4vvzxevV450plibNvzzgzak8Fa53D+0VfFTLziXa8JL+YpQ2GZuRfuj8 qQr1UH1q9hW+ybiIdy6aLuimsILPrQATx4aEBitoVDZGwum9lK9iqcdr+a18zwJ+YZH4 dVrZhl/c8bCcwCP596XYRCNfCAGp5mlvg8/unlZPmXwpH2GpfJicS3YjO+RwTRhIMZr4 VYgwgFI74SNihQUd+/zLkXRIJIYk+nQ5sOTYXUNT9jM/+MBstVH7HyfYILC0Akvvn1W/ FHDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="FrJ29z6/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d22-20020a056402079600b00439fe9cb3b7si6236510edy.483.2022.07.05.09.02.20; Tue, 05 Jul 2022 09:02:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="FrJ29z6/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230176AbiGEP04 (ORCPT + 99 others); Tue, 5 Jul 2022 11:26:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229507AbiGEP0z (ORCPT ); Tue, 5 Jul 2022 11:26:55 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F229518E28; Tue, 5 Jul 2022 08:26:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A39E7B81809; Tue, 5 Jul 2022 15:26:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 13211C341C7; Tue, 5 Jul 2022 15:26:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1657034811; bh=7eBjk9mDSgvIzpkiH7EvCzwk2kRbUpj6AGdrebCGPsE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=FrJ29z6/8tSoAac0Iw9JLiLKpX+XxqLisd902MEyW70oQCIog8kSErx+FBzVsrEr7 ikicV0YDar37GDPyAMOs6NAITPwJyLBFSSCTipAedm9RVyYpSKtE2DpKQxrDlPHV7j 6euhgqrfmp/Y4w3KfAjYI017mpLtqwnY1Ak1aJxu1InZlhqXVBEMVpqKFzwdDydZ1z Mns5hBoVdcLaq52ETra9WPNEcsQVleo61PH3Ul8BpnURGU2JxEj78AE+po0EWxIT5Y 9fnY++PexO1rorGyJ/7H6z3krPk24c8/xhDGeuZZzeAmmaGhkbnrRUUVTGV5BCIheE Kr6f7PWbK98Ow== Date: Tue, 5 Jul 2022 08:26:49 -0700 From: Nathan Chancellor To: Kees Cook Cc: Nick Desaulniers , Tom Rix , linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: Re: [PATCH] MAINTAINERS: Add a general "kernel hardening" section Message-ID: References: <20220702004638.2486003-1-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220702004638.2486003-1-keescook@chromium.org> X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 01, 2022 at 05:46:38PM -0700, Kees Cook wrote: > While many large subsystems related to kernel hardening have their own > distinct MAINTAINERS entries, there are some smaller collections that > don't, but are maintained/reviewed by linux-hardening@vger.kernel.org. > Add a section to capture these, add (or replace defunct) trees that are > now all carried in the hardening tree. > > Signed-off-by: Kees Cook Acked-by: Nathan Chancellor > --- > MAINTAINERS | 21 +++++++++++++++++---- > 1 file changed, 17 insertions(+), 4 deletions(-) > > diff --git a/MAINTAINERS b/MAINTAINERS > index 3cf9842d9233..2702b29e922f 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -4873,7 +4873,7 @@ R: Nick Desaulniers > L: llvm@lists.linux.dev > S: Supported > B: https://github.com/ClangBuiltLinux/linux/issues > -T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/clang/features > +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening > F: include/linux/cfi.h > F: kernel/cfi.c > > @@ -7783,6 +7783,7 @@ FORTIFY_SOURCE > M: Kees Cook > L: linux-hardening@vger.kernel.org > S: Supported > +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening > F: include/linux/fortify-string.h > F: lib/test_fortify/* > F: scripts/test_fortify.sh > @@ -8225,6 +8226,7 @@ GCC PLUGINS > M: Kees Cook > L: linux-hardening@vger.kernel.org > S: Maintained > +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening > F: Documentation/kbuild/gcc-plugins.rst > F: scripts/Makefile.gcc-plugins > F: scripts/gcc-plugins/ > @@ -10742,6 +10744,17 @@ F: scripts/mk* > F: scripts/mod/ > F: scripts/package/ > > +KERNEL HARDENING (not covered by other areas) > +M: Kees Cook > +L: linux-hardening@vger.kernel.org > +S: Supported > +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening > +F: include/linux/overflow.h > +F: include/linux/randomize_kstack.h > +F: mm/usercopy.c > +K: \b(add|choose)_random_kstack_offset\b > +K: \b__check_(object_size|heap_object)\b > + > KERNEL JANITORS > L: kernel-janitors@vger.kernel.org > S: Odd Fixes > @@ -11542,7 +11555,7 @@ F: drivers/media/usb/dvb-usb-v2/lmedm04* > LOADPIN SECURITY MODULE > M: Kees Cook > S: Supported > -T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/loadpin > +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening > F: Documentation/admin-guide/LSM/LoadPin.rst > F: security/loadpin/ > > @@ -17857,7 +17870,7 @@ M: Kees Cook > R: Andy Lutomirski > R: Will Drewry > S: Supported > -T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp > +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/seccomp > F: Documentation/userspace-api/seccomp_filter.rst > F: include/linux/seccomp.h > F: include/uapi/linux/seccomp.h > @@ -21993,7 +22006,7 @@ F: include/linux/yam.h > YAMA SECURITY MODULE > M: Kees Cook > S: Supported > -T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git yama/tip > +T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening > F: Documentation/admin-guide/LSM/Yama.rst > F: security/yama/ > > -- > 2.32.0 >