The following changes have been made between LKRG 0.5 and 0.6:

*) [CI] Protect SMEP bit in CR4 and WP bit in CR0 on x86 architecture
*) [CI] Reimplement *_JUMP_LABEL support: simpler and needs a lot less memory
*) [CI] Propagate errors when kzalloc() fails
*) [ED] Introduce pCFI mitigation (poor man's Control Flow Integrity) against
unintended invocation of a few kernel functions especially useful in exploits
*) [ED] Lock down the usermodehelper interface with a whitelist of programs
*) [ED] Fix false positive on seccomp(SECCOMP_SET_MODE_FILTER,
SECCOMP_FILTER_FLAG_TSYNC, ...) failing, where we must revert all threads'
settings but did not (we do now)
*) [ED] Freeze all user mode processes during Exploit Detection initialization
to avoid false positives
*) [ED] Minor change in how SIGKILL is delivered to the corrupted task
*) Fix build error on Linux 4.17+ without CONFIG_ARCH_HAS_SYSCALL_WRAPPER
*) Add LKRG early boot systemd unit file.  (Similar optional functionality for
other init systems may be added later.  Contributions are welcome.)
*) Add install/uninstall make targets, which deploy/remove the systemd service


The following changes have been made between LKRG 0.4 and 0.5:

*) [CI] Add *_JUMP_LABEL support for kernel modules (a major change)
*) [CI] Add support for "cold" function versions generated by new GCC -
necessary to correctly handle *_JUMP_LABEL
*) [CI] Change output message format when *_JUMP_LABEL was detected for kernel
module's .text section
*) [CI] Add new sysctl interface - optional panic() on CI verification failure
*) [ED] Hook generic_permission() instead of may_open()
*) [ED] Hook and correctly handle override_creds() / revert_creds()
*) Add Mikhail Klementev's patches for Makefile, .gitignore and missing include


The following changes have been made between LKRG 0.3 and 0.4:

*) [ED] Fix a potential kretprobe glitch that could happen in a very rare
corner case on heavily loaded SMP machines (resulting in a false positive)
*) [ED] Change some of the printed messages for log_level=4
*) [ED] Add support for 4.17+ kernels. This is a pretty big change addressing:
      a) New logic of how syscall stubs are created; CONFIG_X32_X86 and
CONFIG_COMPAT now have separate stubs
      b) SELinux variables are now accumulated in one structure


The following changes have been made between LKRG 0.2 and 0.3:

*) [ED] Fix false positive caused via potential race condition when child
   process might be faster than mother returning from the fork()
*) [ED] Change the logic and loglevel for message printed when racy situation
   at fork() appears
*) [CI] Change assigned probabilities when integrity routine will be fired


The following changes have been made between LKRG 0.1 and 0.2:

*) Add support for being loaded at early boot stage (e.g. from initramfs)
*) [CI] Add a new sysctl to control whether LKRG performs code integrity checks
   on random events (or only at regular intervals)
*) Reduce performance impact, e.g. in our specific test case:
   -> Average cost of running a fully enabled LKRG => 2.5%
   -> Average cost of running LKRG without the code integrity checks on
      random events (disabled with the new sysctl) => 0.7%
*) [CI] Fix a potential deadlock bug caused by get_online_cpus() function,
   which might sleep if CONFIG_PREEMPT_VOLUNTARY=y
*) [CI] Fix dynamic NOPs injected by *_JUMP_LABEL for MWESTMERE
*) [CI] Remove false positives caused by *_JUMP_LABEL in corner case scenarios
*) [ED] Remove false positives when kernel executes usermode helper binaries


The following changes have been made between LKRG 0.0 and 0.1:

*) Support RHEL 7.4 kernels
*) Make new compiler happy (gcc 7.3+)
*) Improve Makefile
*) Improve Exploit Detection performance and hardened 'off' flag
*) Add support for kernel 4.15
*) Use GPLv2 LICENSE
*) Add INSTALL, CHANGELOG and PATREONS file
*) Move SELinux integrity check to the workqueue
*) Fix how *_JUMP_LABEL is handled when 0xCC byte is injected


Legend:
[CI] - Code Integrity
[ED] - Exploit Detection
