about summary refs log tree commit diff
path: root/pkgs/os-specific/linux/kernel/hardened-config.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/kernel/hardened-config.nix')
-rw-r--r--pkgs/os-specific/linux/kernel/hardened-config.nix4
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index 78fb1e368be7..bff15b05fd94 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -17,6 +17,10 @@ GCC_PLUGINS y # Enable gcc plugin options
 
 DEBUG_WX y # A one-time check for W+X mappings at boot; doesn't do anything beyond printing a warning
 
+${optionalString (versionAtLeast version "4.10") ''
+  BUG_ON_DATA_CORRUPTION y # BUG if kernel struct validation detects corruption
+''}
+
 # Additional validation of commonly targetted structures
 DEBUG_CREDENTIALS y
 DEBUG_NOTIFIERS y
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-20 17:01:19 +0000