From d1a0650fd944973ab614c1da06f8e555b31b73ae Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon, 23 Dec 2019 19:44:52 +0000
Subject: [PATCH] Use only one slub_debug parameter

---
 etc/default/grub.d/40_kernel_hardening.cfg | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index 47fd62f..530c810 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -8,18 +8,18 @@ kver="$(uname -r)"
 ## Sometimes a slab can be used in a vulnerable way which an attacker can exploit.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 
-## Enables sanity checks (F) and redzoning (Z).
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
-
-## Zero memory at allocation and free time.
 if dpkg --compare-versions "$kver" ge "5.3"; then
+  ## Enables sanity checks (F) and redzoning (Z).
+  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
+
   #echo "## $kver grater or equal 5.3: yes"
+  ## Zero memory at allocation and free time.
   GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_alloc=1 init_on_free=1"
 else
   #echo "## $kver grater or equal 5.3: no"
   ## SLUB poisoning and page poisoning is used if the kernel
   ## does not yet support init_on_{,alloc,free}.
-  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=P"
+  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZP"
 
   if command -v "qubesdb-read" >/dev/null 2>&1 ; then
      ## https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012