Linux 5.16 Has Early Preparations For Supporting FGKASLR

Written by Michael Larabel in Linux Kernel on 9 November 2021 at 05:36 AM EST. 7 Comments
LINUX KERNEL
Being worked on for more than a year by Intel and other kernel developers has been FGKASLR to enhance kernel security. While the Linux kernel has long supported Address Space Layout Randomization (ASLR) to make memory addresses less predictable, FGKASLR ups the security much more by placing that randomization at the function level. It's looking like FGKASLR could be mainlined soon.

FGKASLR isn't being picked up for Linux 5.16 but there is preparation work landing in this kernel so hopefully the feature isn't too far out. Finer Grained Kernel Address Space Layout Randomization (or sometimes referred to as Function Granular KASLR) allows for function reordering on top of the base address randomization of ASLR.

FGKASLR ups the security against kernel attacks requiring known memory locations within the kernel but can cause minor (~1%) performance penalties. Since being first announced in 2020, FGKASLR has been undergoing several rounds of review.

What has landed in Linux 5.16 Git is the x86/core that includes "a bunch of changes" preparing for FGKASLR. Various low level kernel changes were made for being able to support FGKASLR when those patches do end up landing. Details on those specifics can be found via this pull from last week that has since been merged.
7 Comments
Related News
Linux 6.11 Is Looking Good In Early Benchmarks On AMD Ryzen Threadripper
Rust Is Ready With Robust Toolchain Handling For Linux 6.11
Linux 6.11 Lands Support For getrandom() In The vDSO
Linux 6.11 "MM" Patches Include Many Improvements, A 10x Speedup For One Optimization
XZ Patches For The Linux Kernel Updated, Drops "Jia Tan" As A Maintainer
AVX-512/AVX10 & VAES Optimized AES-GCM Implementation Lands In Linux 6.11
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
EXT4 Has A Very Nice Performance Optimization For Linux 6.11
systemd Talks Up Automatic Boot Assessment In Light Of The Crowdstrike-Microsoft Outage
XZ Patches For The Linux Kernel Updated, Drops "Jia Tan" As A Maintainer
New Linux Patches Enable The Snapdragon X1 Elite Powered Lenovo ThinkPad T14s Gen 6
KDE Developers Tackle The Five Most Common Plasma Crashes
USB & Thunderbolt Improvements Land In Linux 6.11
NVIDIA 560 Linux Driver Beta Released - Defaults To Open GPU Kernel Modules
Mesa 24.2-rc1 Released With Many OpenGL & Vulkan Driver Improvements