Revert "Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT""

This reverts commit c68e8b0. RANDSTRUCT currently fails to work with out-of-tree modules, as evinced by NixOS@c68e8b0#commitcomment-31850284 and NixOS#53522. Specifically, loading out-of-tree modules results in modsym version mismatches, as in spl: version magic '4.20.0 SMP mod_unload modversions RANDSTRUCT_PLUGIN from the issue above. A working hypothesis is that the randstruct seed is not carried over when building out-of-tree modules but more investigation is needed here. Closes NixOS#53522
delroth · Jan 7, 2019 · 865f7a1 · 865f7a1
1 parent a4f5174
commit 865f7a1
Showing 1 changed file with 0 additions and 5 deletions.
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -125,11 +125,6 @@ ${optionalString (versionAtLeast version "4.20") ''
   GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin
 ''}
 
-${optionalString (versionAtLeast version "4.13") ''
-  GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin
-  GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
-''}
-
 # Disable various dangerous settings
 ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory
 PROC_KCORE n # Exposes kernel text image layout