Hello, > On 18 Sep 2021, at 17:27, Peter Müller wrote: > > Hello Michael, > hello *, > > at the time of writing, I agree. > > Cross-check hardening features of kernel 5.10.x is an item still open on my todo list, and > I will hopefully have some spare time for this next month. I will reevaluate SLUB debugging > then as well, since kernsec mentions this to be necessary for some page poisoning options > (whyever that is...). Err. No. Why? We want the distribution to be stable. And that means that we want to make consistent and long-standing changes. Changing something back and forth for no reason apart from not having enough time to look into things properly right now is not what I would consider “stable”. We can either drop this patch (i.e. NACK by you), or we can accept it and leave it. As far as I can see this debugging option didn’t add any other configuration options that would be otherwise unavailable; and it significantly decreases the size of the memory allocator which should result in performance gains on smaller hardware with smaller CPU caches: https://cateee.net/lkddb/web-lkddb/SLUB_DEBUG.html -Michael > > Acked-by: Peter Müller > > Thanks, and best regards, > Peter Müller > > >> This is not necessary on our systems and according to the documentation >> will reduce code size of the allocator which will result in better >> performance. >> Signed-off-by: Michael Tremer >> --- >> config/kernel/kernel.config.aarch64-ipfire | 3 +-- >> config/kernel/kernel.config.armv6l-ipfire | 3 +-- >> config/kernel/kernel.config.i586-ipfire | 3 +-- >> config/kernel/kernel.config.x86_64-ipfire | 3 +-- >> 4 files changed, 4 insertions(+), 8 deletions(-) >> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire >> index d0ec69ba9..b277a17b5 100644 >> --- a/config/kernel/kernel.config.aarch64-ipfire >> +++ b/config/kernel/kernel.config.aarch64-ipfire >> @@ -226,7 +226,7 @@ CONFIG_PERF_EVENTS=y >> # end of Kernel Performance Events And Counters >> CONFIG_VM_EVENT_COUNTERS=y >> -CONFIG_SLUB_DEBUG=y >> +# CONFIG_SLUB_DEBUG is not set >> # CONFIG_SLUB_MEMCG_SYSFS_ON is not set >> # CONFIG_COMPAT_BRK is not set >> # CONFIG_SLAB is not set >> @@ -7751,7 +7751,6 @@ CONFIG_GENERIC_PTDUMP=y >> CONFIG_PTDUMP_CORE=y >> # CONFIG_PTDUMP_DEBUGFS is not set >> # CONFIG_DEBUG_OBJECTS is not set >> -# CONFIG_SLUB_DEBUG_ON is not set >> # CONFIG_SLUB_STATS is not set >> CONFIG_HAVE_DEBUG_KMEMLEAK=y >> # CONFIG_DEBUG_KMEMLEAK is not set >> diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire >> index a23906796..9d63b36ac 100644 >> --- a/config/kernel/kernel.config.armv6l-ipfire >> +++ b/config/kernel/kernel.config.armv6l-ipfire >> @@ -227,7 +227,7 @@ CONFIG_PERF_EVENTS=y >> # end of Kernel Performance Events And Counters >> CONFIG_VM_EVENT_COUNTERS=y >> -CONFIG_SLUB_DEBUG=y >> +# CONFIG_SLUB_DEBUG is not set >> # CONFIG_SLUB_MEMCG_SYSFS_ON is not set >> # CONFIG_COMPAT_BRK is not set >> # CONFIG_SLAB is not set >> @@ -7826,7 +7826,6 @@ CONFIG_DEBUG_MISC=y >> # CONFIG_DEBUG_RODATA_TEST is not set >> # CONFIG_DEBUG_WX is not set >> # CONFIG_DEBUG_OBJECTS is not set >> -# CONFIG_SLUB_DEBUG_ON is not set >> # CONFIG_SLUB_STATS is not set >> CONFIG_HAVE_DEBUG_KMEMLEAK=y >> # CONFIG_DEBUG_KMEMLEAK is not set >> diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire >> index 9c49a90d8..56b40eac7 100644 >> --- a/config/kernel/kernel.config.i586-ipfire >> +++ b/config/kernel/kernel.config.i586-ipfire >> @@ -235,7 +235,7 @@ CONFIG_PERF_EVENTS=y >> # end of Kernel Performance Events And Counters >> CONFIG_VM_EVENT_COUNTERS=y >> -CONFIG_SLUB_DEBUG=y >> +# CONFIG_SLUB_DEBUG is not set >> # CONFIG_COMPAT_BRK is not set >> # CONFIG_SLAB is not set >> CONFIG_SLUB=y >> @@ -7383,7 +7383,6 @@ CONFIG_GENERIC_PTDUMP=y >> CONFIG_PTDUMP_CORE=y >> # CONFIG_PTDUMP_DEBUGFS is not set >> # CONFIG_DEBUG_OBJECTS is not set >> -# CONFIG_SLUB_DEBUG_ON is not set >> # CONFIG_SLUB_STATS is not set >> CONFIG_HAVE_DEBUG_KMEMLEAK=y >> # CONFIG_DEBUG_KMEMLEAK is not set >> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire >> index 0a1f67074..8247e9b48 100644 >> --- a/config/kernel/kernel.config.x86_64-ipfire >> +++ b/config/kernel/kernel.config.x86_64-ipfire >> @@ -245,7 +245,7 @@ CONFIG_PERF_EVENTS=y >> # end of Kernel Performance Events And Counters >> CONFIG_VM_EVENT_COUNTERS=y >> -CONFIG_SLUB_DEBUG=y >> +# CONFIG_SLUB_DEBUG is not set >> # CONFIG_COMPAT_BRK is not set >> # CONFIG_SLAB is not set >> CONFIG_SLUB=y >> @@ -7249,7 +7249,6 @@ CONFIG_GENERIC_PTDUMP=y >> CONFIG_PTDUMP_CORE=y >> # CONFIG_PTDUMP_DEBUGFS is not set >> # CONFIG_DEBUG_OBJECTS is not set >> -# CONFIG_SLUB_DEBUG_ON is not set >> # CONFIG_SLUB_STATS is not set >> CONFIG_HAVE_DEBUG_KMEMLEAK=y >> # CONFIG_DEBUG_KMEMLEAK is not set