From 8f78269949217ac11163cc8b6f17147621fef6eb Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Mon, 20 Oct 2025 05:36:54 +0000
Subject: [PATCH] Add docs on slab_debug

---
 README.md                                                 | 4 ++--
 .../grub.d/40_kernel_hardening.cfg#security-misc-shared   | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 3459fc6..42220a2 100644
--- a/README.md
+++ b/README.md
@@ -298,8 +298,8 @@ feasible due to compatibility issues with Firefox.
 
 3. Kernel boot parameter `hash_pointers=always`
 
-Forces all exposed pointers to be hashed and must be used in combination with already enabled
-kernel boot parameter `slab_debug=FZ`. Currently not possible as requires Linux kernel >= 6.17.
+Force all exposed pointers to be hashed and must be used in combination with the already enabled
+`slab_debug=FZ` kernel boot parameter. Currently is not possible as requires Linux kernel >= 6.17.
 
 * [security-misc issue #253](https://github.com/Kicksecure/security-misc/issues/253)
 * [security-misc pull request #325](https://github.com/Kicksecure/security-misc/pull/325)
diff --git a/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared b/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
index 21e2c06..fac7117 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
+++ b/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
@@ -38,13 +38,17 @@ kver="$(dpkg-query --show --showformat='${Version}' "$kpkg")" 2>/dev/null || tru
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 
-## Enable sanity checks and red zoning of slabs via debugging options to detect corruption.
+## Enable sanity checks and red zoning of slabs via debugging options to detect memory corruption.
+## Sanity checks force additional verification steps on every memory allocation and free operation.
+## Red zoning adds extra metadata to each object to detect writes beyond the object's boundaries.
 ## As a by product of debugging, this will implicitly disabling kernel pointer hashing unless manually re-enabled.
 ## Enabling this (for now) will therefore leak exact and all kernel memory addresses to root.
-## Has the potential to cause a noticeable performance decrease.
+## Introduces a noticeable performance overhead during all memory allocation and deallocation operations.
 ##
 ## https://www.kernel.org/doc/html/latest/mm/slub.html
+## https://www.kernel.org/doc/Documentation/vm/slub.txt
 ## https://lore.kernel.org/all/20210601182202.3011020-5-swboyd@chromium.org/T/#u
+## https://blogs.oracle.com/linux/post/linux-slub-allocator-internals-and-debugging-2
 ## https://gitlab.tails.boum.org/tails/tails/-/issues/19613
 ## https://github.com/Kicksecure/security-misc/issues/253
 ##