KASLR support

6.10 LPAR mode z/VM guest KVM guest

With kernel address space layout randomization (KASLR), the kernel is loaded to a random location in memory.

Loading the kernel to a random location can protect against attacks that rely on knowledge of the kernel addresses.

The KASLR feature is enabled by default.

With KASLR enabled, the kernel is loaded to a random address, but kernel messages can reveal kernel internal addresses. Prevent access to the kernel messages for unprivileged users by setting the dmesg_restrict sysctl to 1. This setting restricts dmesg access to users with CAP_SYSLOG privilege. Alternatively, select the kernel config option CONFIG_SECURITY_DMESG_RESTRICT, which sets the default value of dmesg_restrict to 1.

Kernel addresses can also be compromised through /proc and other interfaces. To prevent this, set the kptr_restrict sysctl to 1.

For more information about the dmesg_restrict and kptr_restrict sysctls, see the Documentation/sysctl/kernel.txt in the kernel source tree .

KASLR and crash

To open a dump of a KASLR-enabled kernel, you require crash as of version 7.2.6. Use crash with the --kaslr auto option. KASLR requires that the dump contains vmcoreinfo, which is always included with kdump. For all other dump types, such as VMDUMP, stand-alone dumps, and qemu dumps, convert the dump to an ELF dump before using crash. To convert the dump, use the command zgetdump -f elf.