FGKASLR Revved For Improving Linux Kernel Security

Written by Michael Larabel in Linux Security on 23 July 2020 at 01:34 PM EDT. 10 Comments
Intel open-source developer Kristen Carlson Accardi continues work on Function Granular Kernel Address Space Layout Randomization (FGKASLR) as a big improvement over traditional KASLR address space layout randomization.

FGKASLR was originally published earlier this year, 15 years after the debut of KASLR for randomizing the base address of the running kernel. With FGKASLR, individual kernel functions are reordered so that even if the kernel's randomized based address is revealed, an attacker still wouldn't know the location in memory of particular kernel functions as the relative addresses will be different.

FGKASLR reorders the functions at boot time and is a further improvement to Linux security for attacks that require known positions within the kernel memory. Our FGKASLR benchmarks have shown around a 4% performance hit for this added security on top of KASLR.

Kristen last week sent out v4 of FGKASLR. This new version has various code improvements, documents the fgkaslr boot option that can be used for disabling the functionality at boot time, and re-engineers the patch to hide the new address space layout when reading /proc/kallsyms.

Hopefully FGKASLR will make it into the mainline kernel in the near future.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week