Webb26 aug. 2015 · • July 2016 (v4.7) –Slab freelist randomization added • October 2016 (v4.8) –weakened form of PAX_USERCOPY and GCC plugin support added • Plugin support added by Emese Revfy as part of CII funding • December 2016 (v4.9) –VMAP_STACK merged • Weakened form of GRKERNSEC_KSTACKOVERFLOW, caused DoS or device malfunction … WebbImplements Freelist randomization for the SLUB allocator. It was previous implemented for the SLAB allocator. Both use the same configuration option (CONFIG_SLAB_FREELIST_RANDOM). The list is randomized during initialization of a new set of pages. The order on different freelist sizes is pre-computed at boot for performance.
grsecurity - How AUTOSLAB Changes the Memory Unsafety Game
Webb9 feb. 2024 · SLAB_FREELIST_RANDOM - Enables or disables the randomization of the kernel's heap, potentially making it easier to exploit kernel heap overflows. [Security recommendation: SLAB_FREELIST_RANDOM=y] SLAB_FREELIST_HARDENED - Protects the kernel slab's metadata, potentially making it harder to execute various slab / heap … Webb25 apr. 2016 · mm: SLAB freelist randomization Provides an optional config (CONFIG_FREELIST_RANDOM) to randomize the SLAB freelist. The list is randomized … pipe joiner
Linux-Kernel Archive: Re: [RFC v1] mm: SLAB freelist randomization
Webb25 apr. 2016 · SLAB freelist. The list is randomized during initialization of a new set of pages. The order on different freelist sizes is pre-computed at boot for performance. … Webb23 feb. 2024 · Enabling ARCH_HAS_ELF_RANDOMIZE, which will make repeat exploits much more difficult by randomizing certain memory locations. While these will add CPU overhead to some degree: Enabling DEBUG_VIRTUAL will enable some sanity checking in virt_to_page translation at the cost of CPU cycles. Webb> > Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the > > SLAB freelist. > > It may be useful to describe _how_ it randomizes it (i.e. a high-level > description of what needed changing). > > > This security feature reduces the predictability of > > the kernel slab allocator against heap overflows. > pipe jointing machine