Linux 6.2 Addresses Another "Tasty Target For Attackers"

Written by Michael Larabel in Linux Kernel on 13 December 2022 at 01:30 PM EST. 1 Comment
LINUX KERNEL
The x86 memory management updates for the Linux 6.2 merge window have been submitted with two primary additions: addressing another "tasty target for attackers" and separately is also landing of Intel's Linear Address Masking (LAM) functionality.

The tasty target for attackers now being addressed is finally randomizing the per-CPU entry area. Peter Zijlstra of Intel worked on the per-CPU entry area randomization and explained in the prior patch posting:
[Seth Jenkins of Google] found that the CPU-entry-area; the piece of per-cpu data that is mapped into the userspace page-tables for kPTI [Kernel Page Table Isolation] is not subject to any randomization -- irrespective of kASLR [Kernel Address Space Layout Randomization] settings.

On x86_64 a whole P4D (512 GB) of virtual address space is reserved for this structure, which is plenty large enough to randomize things a little.

As such, use a straightforward randomization scheme that avoids duplicates to spread the existing CPUs over the available space.

This makes it harder to find the addresses of important structures in the cpu entry areas like the entry stacks.

The per-CPU entry area randomization is now ready to go with Linux 6.2. Dave Hansen of Intel commented in the x86/mm pull request, "This includes some new randomization of the per-cpu entry areas from Peter Z. Without it, these areas are a tasty target for attackers. The entry code and mappings are especially tricky code and this has caused some issues along the way, but they have settled down."


The never-ending battle with system security...


This pull request also includes Intel's work on enabling Linear Address Masking (LAM) for use with upcoming processors. Intel Linear Address Masking (LAM) allows software to make use of untranslated address bits of 64-bit linear addresses for metadata. Linear addresses use either 48-bits (4-level paging) or 57-bits (5-level paging) while LAM allows the remaining space of the 64-bit linear addresses to be used for metadata.

This prior article has more background information on LAN and possible application use-cases for those upper-bits in addresses. The x86/mm pull request also notes it can be useful too for user-space memory sanitizers to have less overhead.
1 Comment
Related News
Linux 6.9 Features Many Great Improvements For Both Intel & AMD
SLUB Updates Submitted Ahead Of Linux 6.10 Merge Window
Linux 6.10 Goes Ahead In Removing Sysctl Sentinel Bloat
Linux 6.9-rc7 Released: The Kernel Is Looking Good
DRM Buddy & AMDGPU Wired Up For Clear Page Tracking In Linux 6.10
Linux 6.9-rc6 Released With This Kernel Looking "Pretty Normal"
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
NetBSD On The State & Future Of X.Org/X11
Framework Laptop EC Driver Being Prepared For Linux
Valve Working On Explicit Sync Support For "NVK" NVIDIA Vulkan Driver
Wine 9.8 Fixes Nearly 20 Year Old Bug For Installing Microsoft Office 97
GNOME Shell's Layout Being Improved For Smaller Displays
Valve Publishes Steam Survey Numbers For April 2024
Proton 9.0-1 Released With Many Improvements For Steam Play Linux Gaming
Nano 8.0 Text Editor Released With Modern Bindings Option