security subsystem · Supported

Maintainers

• M Paul Moore <paul@paul-moore.com>
• M James Morris <jmorris@namei.org>
• M "Serge E. Hallyn" <serge@hallyn.com>

Paths

• F include/linux/lsm/
• F include/linux/lsm_audit.h
• F include/linux/lsm_hook_defs.h
• F include/linux/lsm_hooks.h
• F include/linux/security.h
• F include/uapi/linux/lsm.h
• F security/
• F tools/testing/selftests/lsm/
• F rust/kernel/security.rs
• X security/selinux/

Last 30 days

Active reviewers (last 30 days)

• Vlastimil Babka (SUSE) <vbabka@kernel.org>
  1 attestation (1 Acked-by) · last on 2026-06-10

Recent patches

Most-recent 30 patches in this subsystem on linux-hardening (capped at 30), ordered by date desc.

• COOLING12d [PATCH 2/2] keys: keyctl_pkey: replace BUG with return -EOPNOTSUPP
  2026-06-13 · Mohammed EL Kadiri <hidden>
• COOLING12d IN LINUX-NEXT [PATCH 1/2] keys: request_key: replace BUG with return -EINVAL
  2026-06-13 · Mohammed EL Kadiri <hidden>
• COLD17d IN LINUX-NEXT: 9 (9M) [PATCH v2] keys: prevent slab cache merging for key_jar
  2026-06-10 · Mohammed EL Kadiri <hidden>
• COLD20d IN LINUX-NEXT [PATCH next] keys: Replace strcpy(derived_buf, "AUTH_KEY") with strscpy(..., HASH_SIZE)
  2026-06-06 · <hidden>
• COLD16d [PATCH v2] hardening: Default randstruct off with rust for better allmodconfig support
  2026-06-05 · Mark Brown <broonie@kernel.org>
• COLD17d [PATCH] hardening: Default randstruct off with rust for better allmodconfig support
  2026-06-05 · Mark Brown <broonie@kernel.org>
• COLD18d [PATCH] keys: prevent slab cache merging for key_jar
  2026-06-04 · Mohammed EL Kadiri <hidden>
• COOLING5d [PATCH RFC v8 24/24] mm: Add basic tests for kpkeys_hardened_pgtables
  2026-05-26 · Kevin Brodsky <hidden>
• COOLING5d [PATCH RFC v8 11/24] mm: kpkeys: Introduce kpkeys_hardened_pgtables feature
  2026-05-26 · Kevin Brodsky <hidden>
• COLD17d [PATCH 08/11] params: Convert generic kernel_param_ops .get helpers to seq_buf
  2026-05-21 · Kees Cook <kees@kernel.org>
• COLD17d [PATCH 09/11] treewide: Convert custom kernel_param_ops .get callbacks to seq_buf via cocci
  2026-05-21 · Kees Cook <kees@kernel.org>
• COLD17d [PATCH 04/11] treewide: Convert struct kernel_param_ops initializers to DEFINE_KERNEL_PARAM_OPS
  2026-05-21 · Kees Cook <kees@kernel.org>
• COLD18d REVIEWED: 2 (2M) [PATCH v2 04/16] security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCT
  2026-05-17 · Nathan Chancellor <nathan@kernel.org>
• COLD18d REVIEWED: 2 (2M) [PATCH v2 03/16] security/Kconfig.hardening: Remove tautological condition from FORTIFY_SOURCE
  2026-05-17 · Nathan Chancellor <nathan@kernel.org>
• COLD18d REVIEWED: 2 (2M) [PATCH v2 02/16] security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CALL_USED_REGS
  2026-05-17 · Nathan Chancellor <nathan@kernel.org>
• COLD52d [PATCH RFC v7 24/24] mm: Add basic tests for kpkeys_hardened_pgtables
  2026-05-05 · Kevin Brodsky <hidden>
• COLD52d [PATCH RFC v7 11/24] mm: kpkeys: Introduce kpkeys_hardened_pgtables feature
  2026-05-05 · Kevin Brodsky <hidden>
• COLD49d IN LINUX-NEXT [PATCH RESEND] keys: use kmalloc_flex in user_preparse
  2026-05-04 · Thorsten Blum <thorsten.blum@linux.dev>
• COLD45d [PATCH 04/14] security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCT
  2026-04-29 · Nathan Chancellor <nathan@kernel.org>
• COLD45d [PATCH 03/14] security/Kconfig.hardening: Remove tautological condition from FORTIFY_SOURCE
  2026-04-29 · Nathan Chancellor <nathan@kernel.org>
• COLD45d [PATCH 02/14] security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CALL_USED_REGS
  2026-04-29 · Nathan Chancellor <nathan@kernel.org>
• STALE78d [PATCH 2/5] hardening: Introduce Overflow Behavior Types support
  2026-03-31 · Kees Cook <kees@kernel.org>
• STALE116d [PATCH] keys: Use kmalloc_flex() to improve user_preparse()
  2026-03-02 · Thorsten Blum <thorsten.blum@linux.dev>
• COLD53d [PATCH v6 30/30] mm: Add basic tests for kpkeys_hardened_pgtables
  2026-02-27 · Kevin Brodsky <hidden>
• COLD53d [PATCH v6 13/30] mm: kpkeys: Introduce kpkeys_hardened_pgtables feature
  2026-02-27 · Kevin Brodsky <hidden>
• STALE225d [PATCH v2] KEYS: encrypted: Replace deprecated strcpy and improve get_derived_key
  2025-11-13 · Thorsten Blum <thorsten.blum@linux.dev>
• STALE221d [PATCH] KEYS: encrypted: Replace deprecated strcpy and improve get_derived_key
  2025-11-13 · Thorsten Blum <thorsten.blum@linux.dev>
• DORMANTno replies [PATCH] apparmor: Replace deprecated strcpy in d_namespace_path
  2025-10-16 · Thorsten Blum <thorsten.blum@linux.dev>
• DORMANTno replies [PATCH] apparmor: Replace deprecated strcpy with memcpy in gen_symlink_name
  2025-10-16 · Thorsten Blum <thorsten.blum@linux.dev>
• STALE255d REVIEWED: 19 (19M) [PATCH v3] keys: Replace deprecated strncpy in ecryptfs_fill_auth_tok
  2025-10-13 · Thorsten Blum <thorsten.blum@linux.dev>

Needs attention (review trailers in, no pickup)

Patches with review trailers that haven't landed in mainline and haven't been Acked by a maintainer. Oldest first.

• COLD18d REVIEWED: 2 (2M) [PATCH v2 02/16] security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CALL_USED_REGS
  2026-05-17 · Nathan Chancellor <nathan@kernel.org> · 1 Reviewed-by
• COLD18d REVIEWED: 2 (2M) [PATCH v2 03/16] security/Kconfig.hardening: Remove tautological condition from FORTIFY_SOURCE
  2026-05-17 · Nathan Chancellor <nathan@kernel.org> · 1 Reviewed-by
• COLD18d REVIEWED: 2 (2M) [PATCH v2 04/16] security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCT
  2026-05-17 · Nathan Chancellor <nathan@kernel.org> · 1 Reviewed-by

Quiet for 30+ days

Patches with no review trailers and no replies. Either the author is heads-down elsewhere or these slipped through. Oldest first.

• COLD53d [PATCH v6 13/30] mm: kpkeys: Introduce kpkeys_hardened_pgtables feature
  2026-02-27 · Kevin Brodsky <hidden>
• COLD53d [PATCH v6 30/30] mm: Add basic tests for kpkeys_hardened_pgtables
  2026-02-27 · Kevin Brodsky <hidden>
• COLD52d [PATCH RFC v7 11/24] mm: kpkeys: Introduce kpkeys_hardened_pgtables feature
  2026-05-05 · Kevin Brodsky <hidden>
• COLD52d [PATCH RFC v7 24/24] mm: Add basic tests for kpkeys_hardened_pgtables
  2026-05-05 · Kevin Brodsky <hidden>
• COOLING5d [PATCH RFC v8 11/24] mm: kpkeys: Introduce kpkeys_hardened_pgtables feature
  2026-05-26 · Kevin Brodsky <hidden>
• COOLING5d [PATCH RFC v8 24/24] mm: Add basic tests for kpkeys_hardened_pgtables
  2026-05-26 · Kevin Brodsky <hidden>