From ff536eca585431a9c90b9e835df818a27decf730 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sat, 22 Apr 2023 15:07:36 +0200
Subject: [PATCH] kernel: Activate CONFIG_SLAB_FREELIST_HARDENED

This activates some extra checks in SLAB or SLUB to make it harder to
execute kernel heap exploits. This adds a minor performance
degradation which I haven't measured-.

Many mainstream Linux distributions also activate this option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 target/linux/generic/config-5.10 | 2 +-
 target/linux/generic/config-5.15 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10
index 3358329848..5b2aad99c3 100644
--- a/target/linux/generic/config-5.10
+++ b/target/linux/generic/config-5.10
@@ -5463,7 +5463,7 @@ CONFIG_SIGNALFD=y
 # CONFIG_SKY2_DEBUG is not set
 # CONFIG_SLAB is not set
 CONFIG_SLABINFO=y
-# CONFIG_SLAB_FREELIST_HARDENED is not set
+CONFIG_SLAB_FREELIST_HARDENED=y
 # CONFIG_SLAB_FREELIST_RANDOM is not set
 CONFIG_SLAB_MERGE_DEFAULT=y
 # CONFIG_SLHC is not set
diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15
index 004688c470..eae1adb5dd 100644
--- a/target/linux/generic/config-5.15
+++ b/target/linux/generic/config-5.15
@@ -5753,7 +5753,7 @@ CONFIG_SIGNALFD=y
 # CONFIG_SKY2_DEBUG is not set
 # CONFIG_SLAB is not set
 CONFIG_SLABINFO=y
-# CONFIG_SLAB_FREELIST_HARDENED is not set
+CONFIG_SLAB_FREELIST_HARDENED=y
 # CONFIG_SLAB_FREELIST_RANDOM is not set
 CONFIG_SLAB_MERGE_DEFAULT=y
 # CONFIG_SLHC is not set
-- 
2.30.2