Revert "Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT""
This reverts commitc68e8b05f0
. RANDSTRUCT currently fails to work with out-of-tree modules, as evinced byc68e8b05f0 (commitcomment-31850284)
and https://github.com/NixOS/nixpkgs/issues/53522. Specifically, loading out-of-tree modules results in modsym version mismatches, as in spl: version magic '4.20.0 SMP mod_unload modversions RANDSTRUCT_PLUGIN from the issue above. A working hypothesis is that the randstruct seed is not carried over when building out-of-tree modules but more investigation is needed here. Closes https://github.com/NixOS/nixpkgs/issues/53522
This commit is contained in:
parent
a4f51746f8
commit
865f7a14b4
@ -125,11 +125,6 @@ ${optionalString (versionAtLeast version "4.20") ''
|
||||
GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin
|
||||
''}
|
||||
|
||||
${optionalString (versionAtLeast version "4.13") ''
|
||||
GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin
|
||||
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
|
||||
''}
|
||||
|
||||
# Disable various dangerous settings
|
||||
ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory
|
||||
PROC_KCORE n # Exposes kernel text image layout
|
||||
|
Loading…
Reference in New Issue
Block a user