Linux 5.16 Has Early Preparations For Supporting FGKASLR
Written by Michael Larabel in Linux Kernel on 9 November 2021 at 05:36 AM EST. 7 Comments
LINUX KERNEL --
Being worked on for more than a year by Intel and other kernel developers has been FGKASLR to enhance kernel security. While the Linux kernel has long supported Address Space Layout Randomization (ASLR) to make memory addresses less predictable, FGKASLR ups the security much more by placing that randomization at the function level. It's looking like FGKASLR could be mainlined soon.

FGKASLR isn't being picked up for Linux 5.16 but there is preparation work landing in this kernel so hopefully the feature isn't too far out. Finer Grained Kernel Address Space Layout Randomization (or sometimes referred to as Function Granular KASLR) allows for function reordering on top of the base address randomization of ASLR.

FGKASLR ups the security against kernel attacks requiring known memory locations within the kernel but can cause minor (~1%) performance penalties. Since being first announced in 2020, FGKASLR has been undergoing several rounds of review.

What has landed in Linux 5.16 Git is the x86/core that includes "a bunch of changes" preparing for FGKASLR. Various low level kernel changes were made for being able to support FGKASLR when those patches do end up landing. Details on those specifics can be found via this pull from last week that has since been merged.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week