Revert "Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT""

This reverts commit c68e8b05f0. RANDSTRUCT currently fails to work with out-of-tree modules, as evinced by c68e8b05f0 (commitcomment-31850284) and https://github.com/NixOS/nixpkgs/issues/53522. Specifically, loading out-of-tree modules results in modsym version mismatches, as in spl: version magic '4.20.0 SMP mod_unload modversions RANDSTRUCT_PLUGIN from the issue above. A working hypothesis is that the randstruct seed is not carried over when building out-of-tree modules but more investigation is needed here. Closes https://github.com/NixOS/nixpkgs/issues/53522
2019-01-07 19:18:13 +01:00 · 2019-01-07 19:18:13 +01:00 · 865f7a14b4
parent a4f51746f8
commit 865f7a14b4
1 changed files with 0 additions and 5 deletions
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@ -125,11 +125,6 @@ ${optionalString (versionAtLeast version "4.20") ''
  GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin
 ''}

-${optionalString (versionAtLeast version "4.13") ''
-  GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin
-  GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
-''}
-
 # Disable various dangerous settings
 ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory
 PROC_KCORE n # Exposes kernel text image layout