projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
29de5cc
)
SLUB_DEBUG_ON is very slow, leave it for the kernel command line
author
Alexander Popov
<alex.popov@linux.com>
Sat, 19 Jun 2021 11:45:02 +0000
(14:45 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Sat, 19 Jun 2021 11:45:30 +0000
(14:45 +0300)
kconfig_hardened_check/__init__.py
patch
|
blob
|
history
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index b8bfa1568b8f625d7a94e90e765556e996a0cb02..28ab04e105d342f201f51a2986619e739460f8b4 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-11,10
+11,10
@@
#
#
# N.B Hardening command line parameters:
#
#
# N.B Hardening command line parameters:
-# slub_debug=FZP
# slab_nomerge
# page_alloc.shuffle=1
# iommu=force (does it help against DMA attacks?)
# slab_nomerge
# page_alloc.shuffle=1
# iommu=force (does it help against DMA attacks?)
+# slub_debug=FZ (slow)
# page_poison=1 (if enabled)
# init_on_alloc=1
# init_on_free=1
# page_poison=1 (if enabled)
# init_on_alloc=1
# init_on_free=1
@@
-403,7
+403,6
@@
def construct_checklist(l, arch):
l += [AND(OptCheck('self_protection', 'my', 'UBSAN_BOUNDS', 'y'),
OptCheck('self_protection', 'my', 'UBSAN_MISC', 'is not set'),
OptCheck('self_protection', 'my', 'UBSAN_TRAP', 'y'))]
l += [AND(OptCheck('self_protection', 'my', 'UBSAN_BOUNDS', 'y'),
OptCheck('self_protection', 'my', 'UBSAN_MISC', 'is not set'),
OptCheck('self_protection', 'my', 'UBSAN_TRAP', 'y'))]
- l += [OptCheck('self_protection', 'my', 'SLUB_DEBUG_ON', 'y')] # TODO: is it better to set that via kernel cmd?
l += [OptCheck('self_protection', 'my', 'RESET_ATTACK_MITIGATION', 'y')] # needs userspace support (systemd)
if arch == 'X86_64':
l += [AND(OptCheck('self_protection', 'my', 'AMD_IOMMU_V2', 'y'),
l += [OptCheck('self_protection', 'my', 'RESET_ATTACK_MITIGATION', 'y')] # needs userspace support (systemd)
if arch == 'X86_64':
l += [AND(OptCheck('self_protection', 'my', 'AMD_IOMMU_V2', 'y'),