Finer Grained KASLR Patches Revived For The Linux Kernel To Enhance Security
For more than a year there has been work on FGKASLR for finer grained kernel address space layout randomization. While KASLR is widely-used these days, with enough guessing or unintentional kernel leakage, the base address of the kernel can be figured out. Finer grained KASLR allows for randomization at the per-functional level to dramatically boost defenses. The latest take on FG-KASLR has now been published.
FG-KASLR continues to be designed around rearranging the kernel code at boot/load-time on a per-function level with minimal impact to the boot time.
Alexander Lobakin took the FG-KASLR work started by Intel's Kristen Accardi and has performed a "massive rework and a respin" of those patches. The new code now allows controlling the number of functions per section depending upon your kernel image size / protection level preference along with a variety of other improvements over the earlier versions of the patches. Plus there are various fixes and re-basing against the latest upstream Linux state.
Those interested in this FG-KASLR work can see this "v6" patch series for more details on this one of many efforts around beefing up Linux kernel security.