diff options
author | Joel Stanley <joel@jms.id.au> | 2021-06-10 08:35:45 +0300 |
---|---|---|
committer | Joel Stanley <joel@jms.id.au> | 2021-06-10 10:27:25 +0300 |
commit | 271bf3dce908697dc7cada21df04b73708cc16b7 (patch) | |
tree | a615e00bb0cdd9e852ecb163ca89f518ebbf3d6d | |
parent | cf7bc62babb57ea27e7a00cd6271ca53579281fe (diff) | |
download | openbmc-271bf3dce908697dc7cada21df04b73708cc16b7.tar.xz |
meta-aspeed: Enable hardened allocator feature
SLAB_FREELIST_HARDENED can protect from freelist overwrite attacks with
really small overhead.
It works best with the SLUB allocator, so make SLUB the default by
removing SLAB=y.
total used free shared buff/cache available
SLAB 425596 44065.3+/-220 311099+/-3800 14864+/-3900 70432+/-3700 352767+/-3900
SLUB 425592 44225.3+/-280 313275+/-600 12132+/-3.3 68092+/-530 355295+/-280
These figures are the average memory usage from three boots of each
option in qemu, running the Romulus userspace. The output is from
free(1), reported in kilobytes.
Change-Id: I3c3ce67bc202dffbc3084382227f3dbc77f4cf85
Signed-off-by: Joel Stanley <joel@jms.id.au>
3 files changed, 3 insertions, 3 deletions
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig index d128c7a82..6a2c6d98a 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig @@ -21,8 +21,8 @@ CONFIG_BPF_SYSCALL=y CONFIG_EMBEDDED=y CONFIG_PERF_EVENTS=y # CONFIG_COMPAT_BRK is not set -CONFIG_SLAB=y CONFIG_SLAB_FREELIST_RANDOM=y +CONFIG_SLAB_FREELIST_HARDENED=y # CONFIG_ARCH_MULTI_V7 is not set CONFIG_ARCH_ASPEED=y CONFIG_MACH_ASPEED_G4=y diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig index 459a40dd7..bd7711f09 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig @@ -23,8 +23,8 @@ CONFIG_BPF_SYSCALL=y CONFIG_EMBEDDED=y CONFIG_PERF_EVENTS=y # CONFIG_COMPAT_BRK is not set -CONFIG_SLAB=y CONFIG_SLAB_FREELIST_RANDOM=y +CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_ARCH_MULTI_V6=y # CONFIG_ARCH_MULTI_V7 is not set CONFIG_ARCH_ASPEED=y diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig index b80042396..9734f46c3 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig @@ -23,8 +23,8 @@ CONFIG_BPF_SYSCALL=y CONFIG_EMBEDDED=y CONFIG_PERF_EVENTS=y # CONFIG_COMPAT_BRK is not set -CONFIG_SLAB=y CONFIG_SLAB_FREELIST_RANDOM=y +CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_ARCH_ASPEED=y CONFIG_MACH_ASPEED_G6=y # CONFIG_CACHE_L2X0 is not set |