FGKASLR Appears Closer To Mainline For Improving Linux Security
Kernel Address Space Layout Randomization has been common on Linux for a decade and a half now while more recently has been Function-Granular (or sometimes referred to as Finer-Grained) KASLR for further upping the security benefits by making it much harder to predict kernel address positions for attacks.
Posted in early 2020 by Intel's Kristen Carlson Accardi was the initial FGKASLR code for improving security. While KASLR helps make memory addresses less predictable, once an attacker determines the base address it's not as effective. Function-Granular/Finer-Grained KASLR applies function-reordering on top of KASLR. The functions are reordered at boot time and thus much harder for attacks relying on known kernel memory locations.
Following the initial developer discussions around FGKASLR, things went quiet until the patches were revised a few months back. Following that FGKASLR v6 patch series from September, the v7 patches were not publicly released but now succeeded by FGKASLR v8 that has made it out on the kernel mailing list. With these new Function Granular Kernel Address Space Layout Randomization patches they were re-based to Linux 5.16 Git, dropped a few patches that were mainlined in Linux 5.16, and other low-level code improvements. This FGKASLR work has been tested when building by both the GCC and LLVM Clang compilers for the kernel.
There were also some fresh performance figures provided showing the impact of FGKASLR. Those interested can see the v8 patch series with more details on this useful feature that will hopefully be mainlined soon.
Posted in early 2020 by Intel's Kristen Carlson Accardi was the initial FGKASLR code for improving security. While KASLR helps make memory addresses less predictable, once an attacker determines the base address it's not as effective. Function-Granular/Finer-Grained KASLR applies function-reordering on top of KASLR. The functions are reordered at boot time and thus much harder for attacks relying on known kernel memory locations.
Following the initial developer discussions around FGKASLR, things went quiet until the patches were revised a few months back. Following that FGKASLR v6 patch series from September, the v7 patches were not publicly released but now succeeded by FGKASLR v8 that has made it out on the kernel mailing list. With these new Function Granular Kernel Address Space Layout Randomization patches they were re-based to Linux 5.16 Git, dropped a few patches that were mainlined in Linux 5.16, and other low-level code improvements. This FGKASLR work has been tested when building by both the GCC and LLVM Clang compilers for the kernel.
There were also some fresh performance figures provided showing the impact of FGKASLR. Those interested can see the v8 patch series with more details on this useful feature that will hopefully be mainlined soon.
1 Comment