From 271bf3dce908697dc7cada21df04b73708cc16b7 Mon Sep 17 00:00:00 2001
From: Joel Stanley <joel@jms.id.au>
Date: Thu, 10 Jun 2021 15:05:45 +0930
Subject: meta-aspeed: Enable hardened allocator feature

SLAB_FREELIST_HARDENED can protect from freelist overwrite attacks with
really small overhead.

It works best with the SLUB allocator, so make SLUB the default by
removing SLAB=y.

      total   used           free           shared        buff/cache    available
SLAB  425596  44065.3+/-220  311099+/-3800  14864+/-3900  70432+/-3700  352767+/-3900

SLUB  425592  44225.3+/-280  313275+/-600   12132+/-3.3   68092+/-530   355295+/-280

These figures are the average memory usage from three boots of each
option in qemu, running the Romulus userspace. The output is from
free(1), reported in kilobytes.

Change-Id: I3c3ce67bc202dffbc3084382227f3dbc77f4cf85
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig | 2 +-
 meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig | 2 +-
 meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'meta-aspeed')

diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig
index d128c7a82..6a2c6d98a 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig
@@ -21,8 +21,8 @@ CONFIG_BPF_SYSCALL=y
 CONFIG_EMBEDDED=y
 CONFIG_PERF_EVENTS=y
 # CONFIG_COMPAT_BRK is not set
-CONFIG_SLAB=y
 CONFIG_SLAB_FREELIST_RANDOM=y
+CONFIG_SLAB_FREELIST_HARDENED=y
 # CONFIG_ARCH_MULTI_V7 is not set
 CONFIG_ARCH_ASPEED=y
 CONFIG_MACH_ASPEED_G4=y
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig
index 459a40dd7..bd7711f09 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig
@@ -23,8 +23,8 @@ CONFIG_BPF_SYSCALL=y
 CONFIG_EMBEDDED=y
 CONFIG_PERF_EVENTS=y
 # CONFIG_COMPAT_BRK is not set
-CONFIG_SLAB=y
 CONFIG_SLAB_FREELIST_RANDOM=y
+CONFIG_SLAB_FREELIST_HARDENED=y
 CONFIG_ARCH_MULTI_V6=y
 # CONFIG_ARCH_MULTI_V7 is not set
 CONFIG_ARCH_ASPEED=y
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
index b80042396..9734f46c3 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
@@ -23,8 +23,8 @@ CONFIG_BPF_SYSCALL=y
 CONFIG_EMBEDDED=y
 CONFIG_PERF_EVENTS=y
 # CONFIG_COMPAT_BRK is not set
-CONFIG_SLAB=y
 CONFIG_SLAB_FREELIST_RANDOM=y
+CONFIG_SLAB_FREELIST_HARDENED=y
 CONFIG_ARCH_ASPEED=y
 CONFIG_MACH_ASPEED_G6=y
 # CONFIG_CACHE_L2X0 is not set
-- 
cgit v1.2.3