New & Upcoming Linux Kernel Features That Should Excite You
These are some of the security-relevant features making a debut on recent (and even still-in-testing) Linux Kernel versions. They are intended to increase the inherent security of baseline Linux systems (read: without any special security tuning), and will undoubtedly be used to implement new ways of doing existing tasks and processes.
Let’s delve into some of the most noteworthy ones, focusing on their implications for system security.
Control-Flow Enforcement Technology (CET) Shadow Stack
One of the upcoming features in the Linux kernel is the Control-Flow Enforcement Technology (CET) Shadow Stack. This is a secondary stack that validates the actual call stack, helping to catch any potential malicious changes.
The shadow stack uses hardware to provide its functionality and ensure security – the CPU is responsible for maintaining the Shadow Stack directly, and it is not available for modification from user code. Recently, Intel has submitted a series of patches to extend shadow stack support for its latest CPU families. The patches are generic enough to support hardware from other vendors, like AMD, on the x64 architecture.
The main benefit of Shadow Stack is its ability to detect attacks that rely on Return Oriented Programming (ROP), which are attacks that abuse the return from specific functions to caller functions. As such, this feature will enhance the security of systems against this type of threat that has been around for over a decade.
However, the Shadow Stack has encountered last-minute issues, which means its inclusion into the mainline kernel is likely delayed from version 6.4. Once resolved, software that manipulates the stack or function pointers will likely need to be adapted to run in newer kernel versions with Shadow Stack support.
IO_uring Hardening
IO_uring is a high-performance Linux interface used for asynchronous I/O operations. Despite its significant improvements in I/O-bound operations, Google has found (and shown) that IO_uring suffers from “severe vulnerabilities”. As a result, Google has banned its usage from production servers, Chrome OS, and other products until a proper way to sandbox it is found.
Once a solution is found, it will likely have a broad impact on the kernel, enhancing the security of I/O operations across the system. Given the wide adoption of IO_uring for its performance benefits, any security changes will be felt across multiple workloads and environments and may require code refactoring.
No estimate has been made public yet on when this security change will appear.
Virtual Trust Levels (VTL) Context
Linux systems deployed under Microsoft’s HyperV virtualization platform (present at some Cloud providers, for example) now have an option to support “Virtual Secure Mode”‘s “Virtual Trust Levels“. This allows for different trust levels for different virtual machines. With the newly introduced HYPER_VTL_MODE setting in the kernel, it is possible to specify the desired trust level for the system. This could be useful for requesting less trust for Internet-facing systems, for example, which would make the hypervisor tighten the capabilities exposed to such Linux guest systems.
This feature was merged and is available as of version 6.4 of the Kernel.
Additional Security Features in Linux Kernel 6.3
Several new security-relevant features have been introduced in the Linux Kernel 6.3. For instance, the kernel now supports AMD’s automatic Indirect Branch Restricted Speculation (IBRS) feature for Spectre mitigation. This provides a less performance-intensive alternative to the retpoline speculative execution, making older AMD processors more secure and faster.
The Linux 6.3 kernel also includes new power management drivers for ARM and RISC-V architectures, enhancing their security and performance. For filesystems, Linux 6.3 brings AES-SHA2-based encryption support for NFS, which will make file operations more secure.
Moreover, the kernel now comes with user-mode Linux support for Rust code, a memory-safe language. This is a step towards the goal of getting the first Rust modules upstreamed to the Linux kernel, which will enhance security due to the memory-safe properties of Rust.
Final Thoughts
These are just some of the upcoming and recently introduced changes, which underscore the Linux community’s commitment to improving system security while maintaining the kernel’s renowned flexibility and performance. These changes can have a profound impact on users and developers, improving the security landscape for Linux systems globally.