>> The in-stack randomization is really a very small change both code wise and >> logic wise. >> It does not affect real workloads and does not require enablement of other >> features (such as GCC plugins). >> So, I think we should really reconsider its inclusion.
>I'd agree: the code is tiny and while the benefit can't point to a >specific issue, it does point to the general weakness of the stack >offset being predictable which has been a core observation for many >stack-based attacks. >If we're going to save state between syscalls (like the 4096 random >bytes pool), how about instead we just use a single per-CPU long mixed >with rdtsc saved at syscall exit. That should be a reasonable balance >between all the considerations and make it trivial for the feature to >be a boot flag without the extra page of storage, etc. Sounds like a viable compromise for me. Ingo, Andy? Best Regards, Elena.
