Clang RandStruct Lands As Part Of Kernel Hardening For Linux 5.19

Written by Michael Larabel in Linux Kernel on 31 May 2022 at 04:55 AM EDT. 3 Comments
Merged into the mainline Linux 5.19 kernel last week was the latest batch of kernel hardening work, which includes introducing the Clang RandStruct support and other changes to beef up the kernel's defenses.

The RandStruct feature is a new feature coming in LLVM/Clang 15.0 and is to randomize the structure layout. The Linux kernel has already had RandStruct support on the GCC side for randomizing the layout of sensitive kernel structures while now for Linux 5.19 is this new Clang 15 support.

Making use of the Linux kernel's RandStruct hardening can induce some performance impact but there is also a build-time tunable for trying to limit the randomization of the structure layout to cache line sized groups of members to lessen that performance cost albeit with reduced randomization.

The hardening updates also include user-copy hardening now checks for other allocation types, ARM64 StackLeak behavioral improvements, ARM64 Control-Flow Integrity (CFI) code generation improvements, and LoadPin LSM changes.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week