Hello Michael, hello *,
at the time of writing, I agree.
Cross-check hardening features of kernel 5.10.x is an item still open on my todo list, and I will hopefully have some spare time for this next month. I will reevaluate SLUB debugging then as well, since kernsec mentions this to be necessary for some page poisoning options (whyever that is...).
Acked-by: Peter Müller peter.mueller@ipfire.org
Thanks, and best regards, Peter Müller
This is not necessary on our systems and according to the documentation will reduce code size of the allocator which will result in better performance.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
config/kernel/kernel.config.aarch64-ipfire | 3 +-- config/kernel/kernel.config.armv6l-ipfire | 3 +-- config/kernel/kernel.config.i586-ipfire | 3 +-- config/kernel/kernel.config.x86_64-ipfire | 3 +-- 4 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index d0ec69ba9..b277a17b5 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -226,7 +226,7 @@ CONFIG_PERF_EVENTS=y # end of Kernel Performance Events And Counters
CONFIG_VM_EVENT_COUNTERS=y -CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG is not set # CONFIG_SLUB_MEMCG_SYSFS_ON is not set # CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set @@ -7751,7 +7751,6 @@ CONFIG_GENERIC_PTDUMP=y CONFIG_PTDUMP_CORE=y # CONFIG_PTDUMP_DEBUGFS is not set # CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire index a23906796..9d63b36ac 100644 --- a/config/kernel/kernel.config.armv6l-ipfire +++ b/config/kernel/kernel.config.armv6l-ipfire @@ -227,7 +227,7 @@ CONFIG_PERF_EVENTS=y # end of Kernel Performance Events And Counters
CONFIG_VM_EVENT_COUNTERS=y -CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG is not set # CONFIG_SLUB_MEMCG_SYSFS_ON is not set # CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set @@ -7826,7 +7826,6 @@ CONFIG_DEBUG_MISC=y # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_WX is not set # CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 9c49a90d8..56b40eac7 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -235,7 +235,7 @@ CONFIG_PERF_EVENTS=y # end of Kernel Performance Events And Counters
CONFIG_VM_EVENT_COUNTERS=y -CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y @@ -7383,7 +7383,6 @@ CONFIG_GENERIC_PTDUMP=y CONFIG_PTDUMP_CORE=y # CONFIG_PTDUMP_DEBUGFS is not set # CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 0a1f67074..8247e9b48 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -245,7 +245,7 @@ CONFIG_PERF_EVENTS=y # end of Kernel Performance Events And Counters
CONFIG_VM_EVENT_COUNTERS=y -CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y @@ -7249,7 +7249,6 @@ CONFIG_GENERIC_PTDUMP=y CONFIG_PTDUMP_CORE=y # CONFIG_PTDUMP_DEBUGFS is not set # CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set