Linux Kernel Address Space Layout Randomization "KASLR" For RISC-V

Written by Michael Larabel in RISC-V on 16 February 2023 at 07:27 AM EST. Add A Comment
RISC-V
While there has been much work on the Linux kernel's RISC-V CPU architecture support, a feature not tackled until now has been the Kernel Address Space Layout Randomization (KASLR) support for randomizing the kernel mapping to enhance system security.

KASLR allows for address space randomization of the running Linux kernel. This is a beneficial security enhancement especially when challenged by other attacks that can potentially leak kernel addresses and then defeating further exploits that rely upon known offsets/locations from within kernel memory. More broadly there has also been FGKASLR for finer-grained KASLR that can randomize address space randomization down to the function level but sadly that work seems to still be stalled for the past year.

RISC-V board


Sent out on Wednesday were four kernel patches for wiring up KASLR support for the RISC-V architecture.
The following KASLR implementation allows to randomize the kernel mapping:

- virtually: we expect the bootloader to provide a seed in the device-tree
- physically: only implemented in the EFI stub, it relies on the firmware to provide a seed using EFI_RNG_PROTOCOL. arm64 has a similar implementation hence the patch 3 factorizes KASLR related functions for riscv to take advantage.

The new virtual kernel location is limited by the early page table that only has one PUD and with the PMD alignment constraint, the kernel can only take < 512 positions.

These RISC-V KASLR patches come from an engineer at Rivos, a stealth-mode start-up. The patches do depend upon other outstanding RISC-V kernel patches but hopefully we'll see this security improvement readied for mainline in the near future.
Add A Comment
Related News
SiFive HiFive Premier P550 Announced As New RISC-V Developer Board
RISC-V Adding Kernel-Mode FPU For Linux 6.10 To Enable Recent AMD Display Support
Linux 6.9 Adds New RISC-V Vector-Accelerated Crypto Routines
RISC-V With Linux 6.8 Restores XIP Kernel Support
RISC-V With Linux 6.7 Gains Optimized TLB Flushing, Software Shadow Call Stacks
Linux Patches Speed-Up Kernel Crypto Functions With RISC-V Vector Extensions
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Written Redox OS Gets USB Keyboards & Mice Working
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
AMD Enabling "Fast CPPC" For Even Greater Linux Performance & Power Efficiency On Some CPUs
Punting GPU Drivers From The Initramfs Due To Ever Increasing Firmware Bloat
Valve Publishes Steam Survey Numbers For April 2024