Kernel stack offset randomization is a useful security feature
that should be enabled. Benchmarking showed that the impact is
within the noise of various microbenchmarks so I believe this
has some added benefit with minimal performance impact. The
security folk believe this is worth enabling, so lets switch
it on.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
(cherry picked from commit
2ea2b647bcdd1baa0b2489e8420875121a39af39)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
CONFIG_RAID_ATTRS=m
# CONFIG_RANDOM32_SELFTEST is not set
CONFIG_RANDOMIZE_BASE=y
-# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set
+CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
CONFIG_RANDOMIZE_MEMORY=y
CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
CONFIG_RANDOMIZE_MODULE_REGION_FULL=y