Support for randomizing kernel stack offset on syscall entry
configname: CONFIG_RANDOMIZE_KSTACK_OFFSET
Linux Kernel Configuration
└─>General architecture-dependent options
└─>Support for randomizing kernel stack offset on syscall entry
In linux kernel since version 5.2 (release Date: 2019-07-07)
The kernel stack offset can be randomized (after pt_regs) by
roughly 5 bits of entropy, frustrating memory corruption
attacks that depend on stack address determinism or
cross-syscall address exposures.
The feature is controlled via the "randomize_kstack_offset=on/off"
kernel boot param, and if turned off has zero overhead due to its use
of static branches (see JUMP_LABEL).
If unsure, say Y.
roughly 5 bits of entropy, frustrating memory corruption
attacks that depend on stack address determinism or
cross-syscall address exposures.
The feature is controlled via the "randomize_kstack_offset=on/off"
kernel boot param, and if turned off has zero overhead due to its use
of static branches (see JUMP_LABEL).
If unsure, say Y.
depends
CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSETCONFIG_CLANG_VERSIONCONFIG_140000 or CONFIG_INIT_STACK_NONE or NOT CONFIG_CC_IS_CLANG