From: Hauke Mehrtens Date: Sat, 22 Apr 2023 16:45:43 +0000 (+0200) Subject: kernel: Activate CONFIG_SLAB_FREELIST_RANDOM X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=467aa08f8ae0123adf973bb9e637a7763a53d60d;p=openwrt%2Fstaging%2Fmans0n.git kernel: Activate CONFIG_SLAB_FREELIST_RANDOM This activates CONFIG_SLAB_FREELIST_RANDOM. This option make the free list less predictable. This makes it harder to exploit heap based security vulnerabilities. This adds a little bit more code to the kernel and a small additional compute overhead. This option is activated in Debian by default. Signed-off-by: Hauke Mehrtens --- diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 9645072a55..49325971f6 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -5464,7 +5464,7 @@ CONFIG_SIGNALFD=y # CONFIG_SLAB is not set CONFIG_SLABINFO=y CONFIG_SLAB_FREELIST_HARDENED=y -# CONFIG_SLAB_FREELIST_RANDOM is not set +CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLHC is not set # CONFIG_SLICOSS is not set diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15 index 3d5a860673..c6af24ec66 100644 --- a/target/linux/generic/config-5.15 +++ b/target/linux/generic/config-5.15 @@ -5754,7 +5754,7 @@ CONFIG_SIGNALFD=y # CONFIG_SLAB is not set CONFIG_SLABINFO=y CONFIG_SLAB_FREELIST_HARDENED=y -# CONFIG_SLAB_FREELIST_RANDOM is not set +CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLHC is not set # CONFIG_SLICOSS is not set