ACK: [PATCH][IMPISH] UBUNTU: [Config] Enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Fri Jun 25 09:54:17 UTC 2021
On 25/06/2021 11:49, Colin Ian King wrote:
> On 25/06/2021 09:42, Colin King wrote:
>> From: Colin Ian King <colin.king at canonical.com>
>>
>> Kernel stack offset randomization is a useful security feature
>> that should be enabled. Benchmarking showed that the impact is
>> within the noise of various microbenchmarks so I believe this
>> has some added benefit with minimal performance impact. The
>> security folk believe this is worth enabling, so lets switch
>> it on.
>>
>> Signed-off-by: Colin Ian King <colin.king at canonical.com>
>> ---
>> debian.master/config/config.common.ubuntu | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
>> index ab828d5..0b46c98 100644
>> --- a/debian.master/config/config.common.ubuntu
>> +++ b/debian.master/config/config.common.ubuntu
>> @@ -8415,7 +8415,7 @@ CONFIG_RAID6_PQ_BENCHMARK=y
>> CONFIG_RAID_ATTRS=m
>> # CONFIG_RANDOM32_SELFTEST is not set
>> CONFIG_RANDOMIZE_BASE=y
>> -# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set
>> +CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
>> CONFIG_RANDOMIZE_MEMORY=y
>> CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
>> CONFIG_RANDOMIZE_MODULE_REGION_FULL=y
>>
>
> s/IMPISH/UNSTABLE/
Then LGTM:
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list