pyrox.dev / nixpkgs
lol
fork atom

various: fix Scudo allocator due to LLVM update (#444605)

Emily 597c7a90 855a52f0

options
unified split
Changed files
+3 -3
nixos
modules
config
malloc.nix
profiles
hardened.nix
pkgs
development
compilers
llvm
common
compiler-rt
default.nix
+1 -1
nixos/modules/config/malloc.nix 
···

       
52

       
52

       
 

       
            or (throw "scudo not supported on ${pkgs.stdenv.hostPlatform.system}");


     

       
53

       
53

       
 

       
      in


     

       
54

       
54

       
 

       
      {


     

       
55

       

       
-

       
        libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-${systemPlatform}.so";


     

       

       
55

       
+

       
        libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo_standalone-${systemPlatform}.so";


     

       
56

       
56

       
 

       
        description = ''


     

       
57

       
57

       
 

       
          A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,


     

       
58

       
58

       
 

       
          which aims at providing additional mitigations against heap based
+1 -1
nixos/modules/profiles/hardened.nix 
···

       
39

       
39

       
 

       
    nix.settings.allowed-users = mkDefault [ "@users" ];


     

       
40

       
40

       
 

       



     

       
41

       
41

       
 

       
    environment.memoryAllocator.provider = mkDefault "scudo";


     

       
42

       

       
-

       
    environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";


     

       

       
42

       
+

       
    environment.variables.SCUDO_OPTIONS = mkDefault "zero_contents=true";


     

       
43

       
43

       
 

       



     

       
44

       
44

       
 

       
    security.lockKernelModules = mkDefault true;


     

       
45

       
45
+1 -1
pkgs/development/compilers/llvm/common/compiler-rt/default.nix 
···

       
102

       
102

       
 

       
  env = {


     

       
103

       
103

       
 

       
    NIX_CFLAGS_COMPILE = toString (


     

       
104

       
104

       
 

       
      [


     

       
105

       

       
-

       
        "-DSCUDO_DEFAULT_OPTIONS=DeleteSizeMismatch=0:DeallocationTypeMismatch=0"


     

       

       
105

       
+

       
        "-DSCUDO_DEFAULT_OPTIONS=delete_size_mismatch=false:dealloc_type_mismatch=false"


     

       
106

       
106

       
 

       
      ]


     

       
107

       
107

       
 

       
      ++ lib.optionals (!haveLibc) [


     

       
108

       
108

       
 

       
        # The compiler got stricter about this, and there is a usellvm patch below