UBUNTU: [Config] Enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT

Kernel stack offset randomization is a useful security feature
that should be enabled. Benchmarking showed that the impact is
within the noise of various microbenchmarks so I believe this
has some added benefit with minimal performance impact. The
security folk believe this is worth enabling, so lets switch
it on.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
(cherry picked from commit 2ea2b647bcdd1baa0b2489e8420875121a39af39)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index b23243a1f613b511b8635de9960646cd0ea89435..5e4a2c4828e2528a3b4c72b384cf5cee48e38abf 100644 (file)
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -8453,7 +8453,7 @@ CONFIG_RAID6_PQ_BENCHMARK=y
 CONFIG_RAID_ATTRS=m
 # CONFIG_RANDOM32_SELFTEST is not set
 CONFIG_RANDOMIZE_BASE=y
-# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set
+CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
 CONFIG_RANDOMIZE_MEMORY=y
 CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
 CONFIG_RANDOMIZE_MODULE_REGION_FULL=y