• Linus Torvalds's avatar
    Merge tag 'x86-entry-2021-04-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · eea2647e
    Linus Torvalds authored
    Pull entry code update from Thomas Gleixner:
     "Provide support for randomized stack offsets per syscall to make
      stack-based attacks harder which rely on the deterministic stack
      layout.
    
      The feature is based on the original idea of PaX's RANDSTACK feature,
      but uses a significantly different implementation.
    
      The offset does not affect the pt_regs location on the task stack as
      this was agreed on to be of dubious value. The offset is applied
      before the actual syscall is invoked.
    
      The offset is stored per cpu and the randomization happens at the end
      of the syscall which is less predictable than on syscall entry.
    
      The mechanism to apply the offset is via alloca(), i.e. abusing the
      dispised VLAs. This comes with the drawback that
      stack-clash-protection has to be disabled for the affected compilation
      units and there is also a negative interaction with stack-protector.
    
      Those downsides are traded with the advantage that this approach does
      not require any intrusive changes to the low level assembly entry
      code, does not affect the unwinder and the correct stack alignment is
      handled automatically by the compiler.
    
      The feature is guarded with a static branch which avoids the overhead
      when disabled.
    
      Currently this is supported for X86 and ARM64"
    
    * tag 'x86-entry-2021-04-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
      arm64: entry: Enable random_kstack_offset support
      lkdtm: Add REPORT_STACK for checking stack offsets
      x86/entry: Enable random_kstack_offset support
      stack: Optionally randomize kernel stack offset each syscall
      init_on_alloc: Optimize static branches
      jump_label: Provide CONFIG-driven build state defaults
    eea2647e
Kconfig 64.1 KB