From ca7cc96ee8153b61afdfc8ebdb14ff064e3649af Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Fri, 9 Dec 2016 12:08:21 +0100
Subject: [PATCH] grsecurity: enable PAX_INITIFY

Uses gcc plugin to detect more instances where memory used during init
can be freed.
---
 pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
index 64722635f41..895c0ec42ef 100644
--- a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
+++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
@@ -22,6 +22,10 @@ PAX_PT_PAX_FLAGS y
 PAX_XATTR_PAX_FLAGS y
 PAX_EI_PAX n
 
+PAX_INITIFY y
+# initify is a fairly recent feature, enable verbose mode to aid in debugging
+PAX_INITIFY_VERBOSE y
+
 # The bts instrumentation method is compatible with binary only modules.
 #
 # Note: if platform supports SMEP, we could do without this