From 44d541078fdcef668919c2f1c17b0467a8c78b1f Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Thu, 18 Jul 2019 14:00:06 +0200 Subject: [PATCH] linux-hardened: enable page alloc randomization New in 5.2 --- pkgs/os-specific/linux/kernel/hardened-config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 79ee27c52b5..156a4cf4423 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -83,6 +83,9 @@ optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { SLAB_FREELIST_HARDENED = whenAtLeast "4.14" yes; + # Randomize page allocator when page_alloc.shuffle=1 + SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; + # Allow enabling slub/slab free poisoning with slub_debug=P SLUB_DEBUG = yes;