From 467aa08f8ae0123adf973bb9e637a7763a53d60d Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 22 Apr 2023 18:45:43 +0200 Subject: [PATCH] kernel: Activate CONFIG_SLAB_FREELIST_RANDOM This activates CONFIG_SLAB_FREELIST_RANDOM. This option make the free list less predictable. This makes it harder to exploit heap based security vulnerabilities. This adds a little bit more code to the kernel and a small additional compute overhead. This option is activated in Debian by default. Signed-off-by: Hauke Mehrtens --- target/linux/generic/config-5.10 | 2 +- target/linux/generic/config-5.15 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 9645072a55..49325971f6 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -5464,7 +5464,7 @@ CONFIG_SIGNALFD=y # CONFIG_SLAB is not set CONFIG_SLABINFO=y CONFIG_SLAB_FREELIST_HARDENED=y -# CONFIG_SLAB_FREELIST_RANDOM is not set +CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLHC is not set # CONFIG_SLICOSS is not set diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15 index 3d5a860673..c6af24ec66 100644 --- a/target/linux/generic/config-5.15 +++ b/target/linux/generic/config-5.15 @@ -5754,7 +5754,7 @@ CONFIG_SIGNALFD=y # CONFIG_SLAB is not set CONFIG_SLABINFO=y CONFIG_SLAB_FREELIST_HARDENED=y -# CONFIG_SLAB_FREELIST_RANDOM is not set +CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLHC is not set # CONFIG_SLICOSS is not set