Source: linux Version: 5.15-1~exp1 Severity: wishlist Hi, the option ZERO_CALL_USED_REGS will improve kernel security by reducing the amount of available ROP gadgets by 20% on average in the Linux kernel. Currently the option is not enabled in Debians experimental kernel config. Please enable it if you consider build size to be reasonable on all architectures.
The option requires building with GCC11 or a compiler that support -fzero-call-user-regs. Here is a comparison between the amount of unique ROP gadgets found compared between a kernel build without CALL_USED_REGS in two different ROP gadget scanning tools. rp++ is a popular ROP scanning tool due to its ability to find many different gadgets. $ wc -l vmlinux-5.15-zero-regs-rp++-rop 249527 vmlinux-5.15-zero-regs-rp++-rop $ wc -l vmlinux-5.15-skip-rp++-rop 326214 vmlinux-5.15-skip-rp++-rop The tool ROPgadget is popular due to its ability to automatically build ROP chains for a statically linked target. vmlinux-5.15-zero-regs: Unique gadgets found: 136014 No automatic chain building possible. vmlinux-5.15-skip: Unique gadgets found: 214104 Automatich chain building of gadgets possible. Thank you! Best regards Christoffer Kugg Jerkeby
