From b77d1a2b980ae20158aa628eec67b016282d0a40 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Sat, 3 Aug 2024 14:49:48 +1000
Subject: [PATCH 1/3] Revert "Remove the optional `slub_debug` parameter since
 it is no longer recommended"

This reverts commit 48e1ac416314d2c66f3a0d5044a3c51cb6fb4093.
---
 README.md                                  | 3 +++
 etc/default/grub.d/40_kernel_hardening.cfg | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index b6a6c60..f9bad76 100644
--- a/README.md
+++ b/README.md
@@ -118,6 +118,9 @@ configuration file.
 - Disable merging of slabs with similar size, which reduces the risk of
   triggering heap overflows and limits influencing slab cache layout.
 
+- Provides option to enable sanity checks and red zoning via slab debugging.
+  Not reccommened due to implicit disabling of kernel pointer hashing.
+
 - Enable memory zeroing at both allocation and free time, which mitigates some
   use-after-free vulnerabilities by erasing sensitive information in memory.
 
diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index 172c3c8..a9d223e 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -28,6 +28,15 @@ kver="$(dpkg-query --show --showformat='${Version}' "$kpkg")" 2>/dev/null || tru
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 
+## Enable sanity checks and red zoning of slabs.
+##
+## https://www.kernel.org/doc/html/latest/mm/slub.html
+## https://lore.kernel.org/all/20210601182202.3011020-5-swboyd@chromium.org/T/#u
+##
+## Disabled as enabling this implicitly disables kernel pointer hashing.
+##
+#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
+
 ## Zero memory at allocation time and free time.
 ## Fills newly allocated pages, freed pages, and heap objects with zeros.
 ## Mitigates use-after-free exploits by erasing sensitive information in memory.

From 22b6cee80c74aff3d0f9cd36822ae88f8fa8e601 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Sat, 3 Aug 2024 15:11:14 +1000
Subject: [PATCH 2/3] Add details about `slub_debug`

---
 README.md                                  | 4 ++--
 etc/default/grub.d/40_kernel_hardening.cfg | 9 +++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index f9bad76..f3acb5e 100644
--- a/README.md
+++ b/README.md
@@ -118,8 +118,8 @@ configuration file.
 - Disable merging of slabs with similar size, which reduces the risk of
   triggering heap overflows and limits influencing slab cache layout.
 
-- Provides option to enable sanity checks and red zoning via slab debugging.
-  Not reccommened due to implicit disabling of kernel pointer hashing.
+- Provide the option to enable sanity checks and red zoning via slab debugging.
+  Enabling this feature will implicitly disable kernel pointer hashing.
 
 - Enable memory zeroing at both allocation and free time, which mitigates some
   use-after-free vulnerabilities by erasing sensitive information in memory.
diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index a9d223e..0e6dd08 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -28,12 +28,17 @@ kver="$(dpkg-query --show --showformat='${Version}' "$kpkg")" 2>/dev/null || tru
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 
-## Enable sanity checks and red zoning of slabs.
+## Enable sanity checks and red zoning of slabs via debugging options to detect corruption.
+## As a by product of debugging, this will implicitly disabling kernel pointer hashing.
+## Enabling will therefore leak exact and all kernel memory addresses to root.
+## Has the potential to cause a noticeable performance decrease.
 ##
 ## https://www.kernel.org/doc/html/latest/mm/slub.html
 ## https://lore.kernel.org/all/20210601182202.3011020-5-swboyd@chromium.org/T/#u
+## https://gitlab.tails.boum.org/tails/tails/-/issues/19613
 ##
-## Disabled as enabling this implicitly disables kernel pointer hashing.
+## The default kernel setting will be utilized until provided sufficient evidence to modify.
+## https://github.com/Kicksecure/security-misc/issues/253
 ##
 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
 

From 6f14d68cdcad3784311e33029eba6906ea0784c2 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Sat, 3 Aug 2024 15:12:15 +1000
Subject: [PATCH 3/3] Update legacy name `slub_debug` -> `slab_debug`

---
 etc/default/grub.d/40_kernel_hardening.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index 0e6dd08..2986a54 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -40,7 +40,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 ## The default kernel setting will be utilized until provided sufficient evidence to modify.
 ## https://github.com/Kicksecure/security-misc/issues/253
 ##
-#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
+#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_debug=FZ"
 
 ## Zero memory at allocation time and free time.
 ## Fills newly allocated pages, freed pages, and heap objects with zeros.