FGKASLR Appears Closer To Mainline For Improving Linux Security

Written by Michael Larabel in Linux Security on 3 December 2021 at 06:30 AM EST. 1 Comment
Kernel Address Space Layout Randomization has been common on Linux for a decade and a half now while more recently has been Function-Granular (or sometimes referred to as Finer-Grained) KASLR for further upping the security benefits by making it much harder to predict kernel address positions for attacks.

Posted in early 2020 by Intel's Kristen Carlson Accardi was the initial FGKASLR code for improving security. While KASLR helps make memory addresses less predictable, once an attacker determines the base address it's not as effective. Function-Granular/Finer-Grained KASLR applies function-reordering on top of KASLR. The functions are reordered at boot time and thus much harder for attacks relying on known kernel memory locations.

Following the initial developer discussions around FGKASLR, things went quiet until the patches were revised a few months back. Following that FGKASLR v6 patch series from September, the v7 patches were not publicly released but now succeeded by FGKASLR v8 that has made it out on the kernel mailing list. With these new Function Granular Kernel Address Space Layout Randomization patches they were re-based to Linux 5.16 Git, dropped a few patches that were mainlined in Linux 5.16, and other low-level code improvements. This FGKASLR work has been tested when building by both the GCC and LLVM Clang compilers for the kernel.

There were also some fresh performance figures provided showing the impact of FGKASLR. Those interested can see the v8 patch series with more details on this useful feature that will hopefully be mainlined soon.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week