From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sat, 22 Apr 2023 16:45:43 +0000 (+0200)
Subject: kernel: Activate CONFIG_SLAB_FREELIST_RANDOM
X-Git-Tag: v23.05.0-rc1~361
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=467aa08f8ae0123adf973bb9e637a7763a53d60d;p=thirdparty%2Fopenwrt.git

kernel: Activate CONFIG_SLAB_FREELIST_RANDOM

This activates CONFIG_SLAB_FREELIST_RANDOM.
This option make the free list less predictable. This makes it harder to
exploit heap based security vulnerabilities.

This adds a little bit more code to the kernel and a small additional
compute overhead.

This option is activated in Debian by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---

diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10
index 9645072a558..49325971f61 100644
--- a/target/linux/generic/config-5.10
+++ b/target/linux/generic/config-5.10
@@ -5464,7 +5464,7 @@ CONFIG_SIGNALFD=y
 # CONFIG_SLAB is not set
 CONFIG_SLABINFO=y
 CONFIG_SLAB_FREELIST_HARDENED=y
-# CONFIG_SLAB_FREELIST_RANDOM is not set
+CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_MERGE_DEFAULT=y
 # CONFIG_SLHC is not set
 # CONFIG_SLICOSS is not set
diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15
index 3d5a8606734..c6af24ec661 100644
--- a/target/linux/generic/config-5.15
+++ b/target/linux/generic/config-5.15
@@ -5754,7 +5754,7 @@ CONFIG_SIGNALFD=y
 # CONFIG_SLAB is not set
 CONFIG_SLABINFO=y
 CONFIG_SLAB_FREELIST_HARDENED=y
-# CONFIG_SLAB_FREELIST_RANDOM is not set
+CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_MERGE_DEFAULT=y
 # CONFIG_SLHC is not set
 # CONFIG_SLICOSS is not set