X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2Fconfig_files%2Fkspp-recommendations%2Fkspp-recommendations-x86-32.config;h=a382f411912194929c2d93cd524cba4b753d6534;hb=6d0bc7d9064a4aab282068cb658517f0edaa0d31;hp=edca82b7414ee94eaa7b3b4d73896d6c70343482;hpb=29de5cc2de013ade52bb7589669672c7b0e2358d;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-32.config b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-32.config
index edca82b..a382f41 100644
--- a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-32.config
+++ b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-32.config
@@ -1,5 +1,5 @@
 # CONFIGs
-# Linux/i386 5.4.0 Kernel Configuration
+# Linux/i386 5.14.0 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y
@@ -171,6 +171,9 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 # Randomize position of kernel.
 CONFIG_RANDOMIZE_BASE=y
 
+# Randomize kernel stack offset on syscall entry (since v5.13).
+CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
+
 # Enable Kernel Page Table Isolation to remove an entire class of cache timing side-channels.
 CONFIG_PAGE_TABLE_ISOLATION=y