Revert "Remove the optional slub_debug parameter since it is no longer recommended"

This reverts commit 48e1ac416314d2c66f3a0d5044a3c51cb6fb4093.
2025-02-03 07:59:54 -05:00 · 2024-08-03 14:49:48 +10:00 · 2024-08-03 14:49:48 +10:00 · b77d1a2b98
commit b77d1a2b98
parent de6f3ea74a
2 changed files with 12 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -118,6 +118,9 @@ configuration file.
 - Disable merging of slabs with similar size, which reduces the risk of
  triggering heap overflows and limits influencing slab cache layout.

+- Provides option to enable sanity checks and red zoning via slab debugging.
+  Not reccommened due to implicit disabling of kernel pointer hashing.
+
 - Enable memory zeroing at both allocation and free time, which mitigates some
  use-after-free vulnerabilities by erasing sensitive information in memory.

--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@ -28,6 +28,15 @@ kver="$(dpkg-query --show --showformat='${Version}' "$kpkg")" 2>/dev/null || tru
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"

+## Enable sanity checks and red zoning of slabs.
+##
+## https://www.kernel.org/doc/html/latest/mm/slub.html
+## https://lore.kernel.org/all/20210601182202.3011020-5-swboyd@chromium.org/T/#u
+##
+## Disabled as enabling this implicitly disables kernel pointer hashing.
+##
+#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
+
 ## Zero memory at allocation time and free time.
 ## Fills newly allocated pages, freed pages, and heap objects with zeros.
 ## Mitigates use-after-free exploits by erasing sensitive information in memory.