Linux Kernel Address Space Layout Randomization "KASLR" For RISC-V
KASLR allows for address space randomization of the running Linux kernel. This is a beneficial security enhancement especially when challenged by other attacks that can potentially leak kernel addresses and then defeating further exploits that rely upon known offsets/locations from within kernel memory. More broadly there has also been FGKASLR for finer-grained KASLR that can randomize address space randomization down to the function level but sadly that work seems to still be stalled for the past year.
Sent out on Wednesday were four kernel patches for wiring up KASLR support for the RISC-V architecture.
The following KASLR implementation allows to randomize the kernel mapping:
- virtually: we expect the bootloader to provide a seed in the device-tree
- physically: only implemented in the EFI stub, it relies on the firmware to provide a seed using EFI_RNG_PROTOCOL. arm64 has a similar implementation hence the patch 3 factorizes KASLR related functions for riscv to take advantage.
The new virtual kernel location is limited by the early page table that only has one PUD and with the PMD alignment constraint, the kernel can only take < 512 positions.
These RISC-V KASLR patches come from an engineer at Rivos, a stealth-mode start-up. The patches do depend upon other outstanding RISC-V kernel patches but hopefully we'll see this security improvement readied for mainline in the near future.