diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2023-04-22 15:07:36 +0200 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2023-04-29 12:38:09 +0200 |
| commit | ff536eca585431a9c90b9e835df818a27decf730 (patch) | |
| tree | a709733c826d61a75eb8b396cb12fe012ca04017 /target/linux | |
| parent | 2bab7d273e02bb463c121233d5d7e74157844305 (diff) | |
| download | upstream-ff536eca585431a9c90b9e835df818a27decf730.tar.gz upstream-ff536eca585431a9c90b9e835df818a27decf730.tar.bz2 upstream-ff536eca585431a9c90b9e835df818a27decf730.zip | |
kernel: Activate CONFIG_SLAB_FREELIST_HARDENED
This activates some extra checks in SLAB or SLUB to make it harder to
execute kernel heap exploits. This adds a minor performance
degradation which I haven't measured-.
Many mainstream Linux distributions also activate this option.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'target/linux')
| -rw-r--r-- | target/linux/generic/config-5.10 | 2 | ||||
| -rw-r--r-- | target/linux/generic/config-5.15 | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 3358329848..5b2aad99c3 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -5463,7 +5463,7 @@ CONFIG_SIGNALFD=y # CONFIG_SKY2_DEBUG is not set # CONFIG_SLAB is not set CONFIG_SLABINFO=y -# CONFIG_SLAB_FREELIST_HARDENED is not set +CONFIG_SLAB_FREELIST_HARDENED=y # CONFIG_SLAB_FREELIST_RANDOM is not set CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLHC is not set diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15 index 004688c470..eae1adb5dd 100644 --- a/target/linux/generic/config-5.15 +++ b/target/linux/generic/config-5.15 @@ -5753,7 +5753,7 @@ CONFIG_SIGNALFD=y # CONFIG_SKY2_DEBUG is not set # CONFIG_SLAB is not set CONFIG_SLABINFO=y -# CONFIG_SLAB_FREELIST_HARDENED is not set +CONFIG_SLAB_FREELIST_HARDENED=y # CONFIG_SLAB_FREELIST_RANDOM is not set CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLHC is not set |