diff options
| author | Tim Steinbach <tim@nequissimus.com> | 2021-03-24 10:07:06 -0400 |
|---|---|---|
| committer | Tim Steinbach <NeQuissimus@users.noreply.github.com> | 2021-03-26 18:48:37 -0400 |
| commit | bd2bb9e381cd14f88753dba16e173e4080076421 (patch) | |
| tree | b967da29d987610be2ed1b0b647e96ccc867fe5e | |
| parent | a7d6642cf304148073e98ec86534f9e7ff4ae36e (diff) | |
| download | nixpkgs-bd2bb9e381cd14f88753dba16e173e4080076421.tar nixpkgs-bd2bb9e381cd14f88753dba16e173e4080076421.tar.gz nixpkgs-bd2bb9e381cd14f88753dba16e173e4080076421.tar.bz2 nixpkgs-bd2bb9e381cd14f88753dba16e173e4080076421.tar.lz nixpkgs-bd2bb9e381cd14f88753dba16e173e4080076421.tar.xz nixpkgs-bd2bb9e381cd14f88753dba16e173e4080076421.tar.zst nixpkgs-bd2bb9e381cd14f88753dba16e173e4080076421.zip | |
linux-hardened: Enable KFENCE
"Kernel Electric-Fence (KFENCE) is a low-overhead sampling-based memory safety error detector. KFENCE detects heap out-of-bounds access, use-after-free, and invalid-free errors."
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/config.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix index e4a7522fe59..20f9f5aaa14 100644 --- a/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -91,4 +91,6 @@ assert (versionAtLeast version "4.9"); CC_STACKPROTECTOR_REGULAR = whenOlder "4.18" no; CC_STACKPROTECTOR_STRONG = whenOlder "4.18" yes; + # Detect out-of-bound reads/writes and use-after-free + KFENCE = whenAtLeast "5.12" yes; } |