FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022

Written by Michael Larabel in Linux Security on 26 December 2021 at 05:36 AM EST. 3 Comments
It's been nearly two years in the making since Intel posted FGKASLR patches for improving Linux kernel security. While that work on Finer Grained / Function Granular KASLR stalled for a year, in recent months work on it was revived and in 2022 looks like this security is on a path for mainlining.

FGKASLR is a step-up over the Kernel Address Space Layout Randomization widely used right now by the Linux kernel for thwarting attacks relying upon known positions of the kernel within memory. Rather than just randomizing the base address that can be figured out with enough guessing or leakage, FGKASLR will randomize the layout down to a code function level.

As a result, FGKASLR is much more robust for protecting systems against attacks relying upon known positions in memory. FGKASLR testing shows only minor impact to boot time performance from the function reordering/randomization. Sent out this past week were the FGKASLR v9 patches. The updated patches turns Assembly function sections on by default but can be disabled now if desired, deduplication of more code, always printing kallsyms in a random order for unprivileged users even if FGKASLR is disabled, and other code improvements.

FGKASLR is great for Linux security but can have some known implications on performance and kernel size.

If all goes well we will see this open-source Intel-led security feature land in a Linux kernel in the near future. Already in Linux 5.16 are some early preparations for FGKASLR.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week