stack: Introduce CONFIG_RANDOMIZE_KSTACK_OFFSET

[platform/kernel/linux-rpi.git] / arch / Kconfig

diff --git a/arch/Kconfig b/arch/Kconfig
index 678a807..2cde48d 100644 (file)
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -1159,16 +1159,29 @@ config HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
          to the compiler, so it will attempt to add canary checks regardless
          of the static branch state.
 
-config RANDOMIZE_KSTACK_OFFSET_DEFAULT
-       bool "Randomize kernel stack offset on syscall entry"
+config RANDOMIZE_KSTACK_OFFSET
+       bool "Support for randomizing kernel stack offset on syscall entry" if EXPERT
+       default y
        depends on HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
        help
          The kernel stack offset can be randomized (after pt_regs) by
          roughly 5 bits of entropy, frustrating memory corruption
          attacks that depend on stack address determinism or
-         cross-syscall address exposures. This feature is controlled
-         by kernel boot param "randomize_kstack_offset=on/off", and this
-         config chooses the default boot state.
+         cross-syscall address exposures.
+
+         The feature is controlled via the "randomize_kstack_offset=on/off"
+         kernel boot param, and if turned off has zero overhead due to its use
+         of static branches (see JUMP_LABEL).
+
+         If unsure, say Y.
+
+config RANDOMIZE_KSTACK_OFFSET_DEFAULT
+       bool "Default state of kernel stack offset randomization"
+       depends on RANDOMIZE_KSTACK_OFFSET
+       help
+         Kernel stack offset randomization is controlled by kernel boot param
+         "randomize_kstack_offset=on/off", and this config chooses the default
+         boot state.
 
 config ARCH_OPTIONAL_KERNEL_RWX
        def_bool n