From 865f7a14b49786a2ed55c5ecf3e994f6a3099e8c Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Mon, 7 Jan 2019 19:18:13 +0100
Subject: [PATCH] Revert "Revert "linux-hardened: Disable
 GCC_PLUGIN_RANDSTRUCT""

This reverts commit c68e8b05f005381ac1caf51bb28282b70242b77b.

RANDSTRUCT currently fails to work with out-of-tree modules, as
evinced by
https://github.com/NixOS/nixpkgs/commit/c68e8b05f005381ac1caf51bb28282b70242b77b#commitcomment-31850284
and https://github.com/NixOS/nixpkgs/issues/53522.

Specifically, loading out-of-tree modules results in modsym version
mismatches, as in
   spl: version magic '4.20.0 SMP mod_unload modversions RANDSTRUCT_PLUGIN
from the issue above.

A working hypothesis is that the randstruct seed is not carried over when
building out-of-tree modules but more investigation is needed here.

Closes https://github.com/NixOS/nixpkgs/issues/53522
---
 pkgs/os-specific/linux/kernel/hardened-config.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index ed540a9e7518..4fadd4476548 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -125,11 +125,6 @@ ${optionalString (versionAtLeast version "4.20") ''
   GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin
 ''}
 
-${optionalString (versionAtLeast version "4.13") ''
-  GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin
-  GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
-''}
-
 # Disable various dangerous settings
 ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory
 PROC_KCORE n # Exposes kernel text image layout