Re: [PATCH v2 1/2] stack: Introduce CONFIG_RANDOMIZE_KSTACK_OFFSET

From: Kees Cook
Date: Mon Feb 14 2022 - 16:16:30 EST

Next message: Shuah Khan: "Re: [PATCH V2] selftests: Use -isystem instead of -I to include headers"
Previous message: Arnd Bergmann: "Re: [PATCH 10/14] uaccess: remove most CONFIG_SET_FS users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 31 Jan 2022 10:05:20 +0100, Marco Elver wrote:
> The randomize_kstack_offset feature is unconditionally compiled in when
> the architecture supports it.
>
> To add constraints on compiler versions, we require a dedicated Kconfig
> variable. Therefore, introduce RANDOMIZE_KSTACK_OFFSET.
>
> Furthermore, this option is now also configurable by EXPERT kernels:
> while the feature is supposed to have zero performance overhead when
> disabled, due to its use of static branches, there are few cases where
> giving a distribution the option to disable the feature entirely makes
> sense. For example, in very resource constrained environments, which
> would never enable the feature to begin with, in which case the
> additional kernel code size increase would be redundant.
>
> [...]

Applied to for-next/hardening, thanks!

[1/2] stack: Introduce CONFIG_RANDOMIZE_KSTACK_OFFSET
https://git.kernel.org/kees/c/8cb37a5974a4
[2/2] stack: Constrain and fix stack offset randomization with Clang builds
https://git.kernel.org/kees/c/efa90c11f62e

--
Kees Cook

Next message: Shuah Khan: "Re: [PATCH V2] selftests: Use -isystem instead of -I to include headers"
Previous message: Arnd Bergmann: "Re: [PATCH 10/14] uaccess: remove most CONFIG_SET_FS users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]