Bug#998653: linux: Please enable ZERO_CALL_USED_REGS to reduce ROP probability
Hi, the option ZERO_CALL_USED_REGS will improve kernel security by
reducing the amount of available ROP gadgets by 20% on average in
the Linux kernel. Currently the option is not enabled in Debians
experimental kernel config. Please enable it if you consider build
size to be reasonable on all architectures.
The option requires building with GCC11 or a compiler that support
Here is a comparison between the amount of unique ROP gadgets found
compared between a kernel build without CALL_USED_REGS in two
different ROP gadget scanning tools.
rp++ is a popular ROP scanning tool due to its ability to find many
$ wc -l vmlinux-5.15-zero-regs-rp++-rop
$ wc -l vmlinux-5.15-skip-rp++-rop
The tool ROPgadget is popular due to its ability to automatically
build ROP chains for a statically linked target.
Unique gadgets found: 136014
No automatic chain building possible.
Unique gadgets found: 214104
Automatich chain building of gadgets possible.
Best regards Christoffer Kugg Jerkeby