Linux 6.2 Addresses Another "Tasty Target For Attackers"

Written by Michael Larabel in Linux Kernel on 13 December 2022 at 01:30 PM EST. 1 Comment
The x86 memory management updates for the Linux 6.2 merge window have been submitted with two primary additions: addressing another "tasty target for attackers" and separately is also landing of Intel's Linear Address Masking (LAM) functionality.

The tasty target for attackers now being addressed is finally randomizing the per-CPU entry area. Peter Zijlstra of Intel worked on the per-CPU entry area randomization and explained in the prior patch posting:
[Seth Jenkins of Google] found that the CPU-entry-area; the piece of per-cpu data that is mapped into the userspace page-tables for kPTI [Kernel Page Table Isolation] is not subject to any randomization -- irrespective of kASLR [Kernel Address Space Layout Randomization] settings.

On x86_64 a whole P4D (512 GB) of virtual address space is reserved for this structure, which is plenty large enough to randomize things a little.

As such, use a straightforward randomization scheme that avoids duplicates to spread the existing CPUs over the available space.

This makes it harder to find the addresses of important structures in the cpu entry areas like the entry stacks.

The per-CPU entry area randomization is now ready to go with Linux 6.2. Dave Hansen of Intel commented in the x86/mm pull request, "This includes some new randomization of the per-cpu entry areas from Peter Z. Without it, these areas are a tasty target for attackers. The entry code and mappings are especially tricky code and this has caused some issues along the way, but they have settled down."

The never-ending battle with system security...

This pull request also includes Intel's work on enabling Linear Address Masking (LAM) for use with upcoming processors. Intel Linear Address Masking (LAM) allows software to make use of untranslated address bits of 64-bit linear addresses for metadata. Linear addresses use either 48-bits (4-level paging) or 57-bits (5-level paging) while LAM allows the remaining space of the 64-bit linear addresses to be used for metadata.

This prior article has more background information on LAN and possible application use-cases for those upper-bits in addresses. The x86/mm pull request also notes it can be useful too for user-space memory sanitizers to have less overhead.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week