Kees Cook, former chief system administrator of kernel.org and leader of the Ubuntu Security Team, now working at Google on securing Android and ChromeOS, published a set of patches to randomize offsets in the kernel stack when processing system calls. Patches improve kernel security by changing stack placement, making attacks on the stack much more difficult and less successful. The initial implementation supports ARM64 and x86/x86_64 processors.
The original idea for the patch belongs to the PaX RANDKSTACK project. In 2019, Elena Reshetova, an engineer from Intel, tried to create an implementation of this idea suitable for inclusion in the main Linux kernel. Later, the initiative was taken up by Kees Cook, who presented an implementation suitable for the main version of the kernel. The patches are planned to be included as part of the 5.13 release. The mode will be disabled by default. To enable it, the kernel command line parameter βrandomize_kstack_offset=on/offβ and the CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT setting are proposed. The overhead of enabling the mode is estimated at approximately 1% performance loss.
The essence of the proposed protection is to choose a random stack offset for each system call, which makes it difficult to determine the stack layout in memory, even after receiving address data, since the next system call will change the base address of the stack. Unlike the PaX RANDKSTACK implementation, in the patches proposed for inclusion in the kernel, randomization is performed not at the initial stage (cpu_current_top_of_stack), but after setting the pt_regs structure, which makes it impossible to use ptrace-based methods to determine the randomized offset during a long-running system call.
Source: opennet.ru