Linux 4.8 Implements ASLR For Kernel Memory Sections
In addition to hardened usercopy support being prepped for the Linux 4.8 kernel, the new CONFIG_RANDOMIZE_MEMORY option was sent in this morning via a separate pull request as another security feature for the 4.8 cycle.
CONFIG_RANDOMIZE_MEMORY randomizes the virtual addresses of memory sections, including physical memory mappings, vmalloc, and vemmap. Similar to other memory randomization routines, by randomizing the virtual address space of kernel memory sections, the goal is to mitigate predictable memory locations.
The CONFIG_RANDOMIZE_MEMORY patches were sent in via the x86/boot pull request this morning by Ingo Molnar. In addition, this pull request also enhances KASLR (CONFIG_RANDOMIZE_BASE) with physical memory randomization. That work extends kernel image physical address randomization to addresses larger than 4GB, among other improvements.
More details on these x86 boot changes via the kernel mailing list.
CONFIG_RANDOMIZE_MEMORY randomizes the virtual addresses of memory sections, including physical memory mappings, vmalloc, and vemmap. Similar to other memory randomization routines, by randomizing the virtual address space of kernel memory sections, the goal is to mitigate predictable memory locations.
The CONFIG_RANDOMIZE_MEMORY patches were sent in via the x86/boot pull request this morning by Ingo Molnar. In addition, this pull request also enhances KASLR (CONFIG_RANDOMIZE_BASE) with physical memory randomization. That work extends kernel image physical address randomization to addresses larger than 4GB, among other improvements.
More details on these x86 boot changes via the kernel mailing list.
4 Comments