Considerations about the ad-hoc Run-time allocator
10
Solution for Run-time allocator vs ranges
11
More considerations on Run-time allocations
12
The Memory pool
13
Protecting the pool metadata
14
Solution for Link-time allocation of pools metadata
15
More metadata attacks: the page table
16
The actual protection mechanism
17
Final considerations
18
Conclusions
Description:
Explore a revised proposal for protecting kernel data memory in this 34-minute conference talk from the Linux Foundation. Delve into the follow-up to the "Protecting the Protection Mechanisms" presentation from Security Summit 2018, addressing previously uncovered points. Examine the rewritten patch-set's focus on expressing meta-data for memory region properties while reducing verification overhead. Learn about the innovative approach of segmenting vmalloc address space and encoding specific properties in memory page mapping address ranges. Discover how this method aims to pave the way for page table hardening. Investigate topics such as data classification, concurrency problems, meta-data considerations, link-time allocations, run-time allocator challenges, memory pool protection, and actual protection mechanisms. Gain insights into critical kernel data protection strategies and their potential impact on Linux kernel security.