Linux 5.13 Poised To Allow Randomizing Kernel Stack Offset At Each System Call
The ability to randomize the kernel stack offset at each system call looks like it will land for the upcoming Linux 5.13 cycle. This optional feature makes it much more difficult to carry out stack-based attacks on the Linux kernel.
Back in 2019 was a proposal by Intel engineer Elena Reshetova to allow randomizing the kernel stack offset upon each system call. This code was inspired originally by PaX's RANDKSTACK feature to enhance the kernel security against exploits relying upon kernel stack determinism. Google engineer Kees Cook ended up taking over this effort and after ten rounds of code review it looks like the code is on deck for Linux 5.13.
This work allows for optionally randomizing the kernel stack offset at each system call. The functionality can be controlled at boot with the randomize_kstack_offset= option with accepted values of on/off. ARM64 and x86/x86_64 are the initial CPU architectures supporting this feature.
Running with this option enabled should make it more difficult to carry out stack-based attacks thanks to the offset being randomized on each system call. The feature though is off by default as it causes roughly a 1% overhead at least on x86_64.
These patches were queued on Thursday into the tip.git's x86/entry branch and thus appear like they will be on the table for the Linux 5.13 merge window when it opens later this month. More benchmarks as to the real-world performance costs will come once the code has formally landed in the mainline kernel.
Back in 2019 was a proposal by Intel engineer Elena Reshetova to allow randomizing the kernel stack offset upon each system call. This code was inspired originally by PaX's RANDKSTACK feature to enhance the kernel security against exploits relying upon kernel stack determinism. Google engineer Kees Cook ended up taking over this effort and after ten rounds of code review it looks like the code is on deck for Linux 5.13.
This work allows for optionally randomizing the kernel stack offset at each system call. The functionality can be controlled at boot with the randomize_kstack_offset= option with accepted values of on/off. ARM64 and x86/x86_64 are the initial CPU architectures supporting this feature.
Running with this option enabled should make it more difficult to carry out stack-based attacks thanks to the offset being randomized on each system call. The feature though is off by default as it causes roughly a 1% overhead at least on x86_64.
These patches were queued on Thursday into the tip.git's x86/entry branch and thus appear like they will be on the table for the Linux 5.13 merge window when it opens later this month. More benchmarks as to the real-world performance costs will come once the code has formally landed in the mainline kernel.
5 Comments