kernel/hardened-config.nix: add STACKLEAK plugin on 4.20+

2019-01-04 02:08:49 +01:00 · 2019-01-04 02:08:49 +01:00 · 0f7ca26a48
commit 0f7ca26a48
parent 9dc0d94896
1 changed files with 3 additions and 0 deletions
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@ -113,6 +113,9 @@ ${optionalString (versionAtLeast version "4.11") ''
 ${optionalString (versionAtLeast version "4.14") ''
  GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address
 ''}
+${optionalString (versionAtLeast version "4.20") ''
+  GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin
+''}

 # Disable various dangerous settings
 ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory