KASLR Patches - Linux Kernel

The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel.

For more than a year there has been work on FGKASLR for finer grained kernel address space layout randomization. While KASLR is widely-used these days, with enough guessing or unintentional kernel leakage, the base address of the kernel can be figured out. Finer grained KASLR allows for randomization at the per-functional level to dramatically boost defenses. The latest take on FG-KASLR has now been published. FG-KASLR continues to be designed around rearranging the kernel code at boot/load-time on a per-function level with minimal impact to the boot time. 

Alexander Lobakin took the FG-KASLR work started by Intel's Kristen Accardi and has performed a "massive rework and a respin" of those patches. The new code now allows controlling the number of functions per section depending upon your kernel image size / protection level preference along with a variety of other improvements over the earlier versions of the patches. Plus there are various fixes and re-basing against the latest upstream Linux state. 

Those interested in this FG-KASLR work can see this "v6" patch series for more details on this one of many efforts around beefing up Linux kernel security.


Linux is deployed on a wide variety of computing systems, such as embedded devices, mobile devices (including its use in the Android operating system), personal computers, servers, mainframes, and supercomputers.