Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-28 15:20:21 -05:00
Code Issues Projects Releases Packages Wiki Activity

Add docs on slab_debug

Browse source
This commit is contained in:
raja-grewal 2025-10-20 05:36:54 +00:00 committed by GitHub
parent 9f7480e20a
commit 8f78269949
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -298,8 +298,8 @@ feasible due to compatibility issues with Firefox.
3. Kernel boot parameter `hash_pointers=always`
Forces all exposed pointers to be hashed and must be used in combination with already enabled
kernel boot parameter `slab_debug=FZ`. Currently not possible as requires Linux kernel >= 6.17.
Force all exposed pointers to be hashed and must be used in combination with the already enabled
`slab_debug=FZ` kernel boot parameter. Currently is not possible as requires Linux kernel >= 6.17.
* [security-misc issue #253](https://github.com/Kicksecure/security-misc/issues/253)
* [security-misc pull request #325](https://github.com/Kicksecure/security-misc/pull/325)

8
etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
View file

@ -38,13 +38,17 @@ kver="$(dpkg-query --show --showformat='${Version}' "$kpkg")" 2>/dev/null || tru
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
## Enable sanity checks and red zoning of slabs via debugging options to detect corruption.
## Enable sanity checks and red zoning of slabs via debugging options to detect memory corruption.
## Sanity checks force additional verification steps on every memory allocation and free operation.
## Red zoning adds extra metadata to each object to detect writes beyond the object's boundaries.
## As a by product of debugging, this will implicitly disabling kernel pointer hashing unless manually re-enabled.
## Enabling this (for now) will therefore leak exact and all kernel memory addresses to root.
## Has the potential to cause a noticeable performance decrease.
## Introduces a noticeable performance overhead during all memory allocation and deallocation operations.
##
## https://www.kernel.org/doc/html/latest/mm/slub.html
## https://www.kernel.org/doc/Documentation/vm/slub.txt
## https://lore.kernel.org/all/20210601182202.3011020-5-swboyd@chromium.org/T/#u
## https://blogs.oracle.com/linux/post/linux-slub-allocator-internals-and-debugging-2
## https://gitlab.tails.boum.org/tails/tails/-/issues/19613
## https://github.com/Kicksecure/security-misc/issues/253
##