Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
Linux 5.13 Lands Support For Randomizing Stack Offsets Per Syscall
Randomizing the kernel stack offset per-system-call is intended to make it more challenging for rogue actors to carry out stack-based attacks on the Linux kernel. This has been in the works for over two years and was inspired by PaX's "RANDKSTACK" feature but the actual implementation has taken a different approach. Simply put though this randomizing of the kernel stack at each system call is to fend off exploits relying on kernel stack determinism.
At boot time the functionality can be toggled via the randomize_kstack_offset= parameter with on/off depending upon the desired behavior. x86/x86_64 and ARM64 are the initial architectures supported.
Enabling this randomize_kstack_offset feature is expected to incur around a 1% performance hit for at least some workloads. I'll be running some on/off benchmarks shortly.
More details on this randomizing kernel stack feature per system call can be found via this honored pull request in Linux 5.13.