From 996b65cfbad921d51a716751329f940b1cc1a649 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 6 May 2017 18:57:11 +0200
Subject: [PATCH] linux_hardened: enable structleak plugin

A port of the PaX structleak plugin.  Note that this version of structleak
seems to cover less ground than the PaX original (only marked structs are
zeroed). [1]

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61f13eaa1ee17728c41370100d2d45c254ce76f
---
 pkgs/os-specific/linux/kernel/hardened-config.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index bff15b05fd94..2482641c9f02 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -15,6 +15,10 @@ assert (versionAtLeast version "4.9");
 ''
 GCC_PLUGINS y # Enable gcc plugin options
 
+${optionalString (versionAtLeast version "4.11") ''
+  GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
+''}
+
 DEBUG_WX y # A one-time check for W+X mappings at boot; doesn't do anything beyond printing a warning
 
 ${optionalString (versionAtLeast version "4.10") ''