Add INIT_ON_ALLOC_DEFAULT_ON and INIT_ON_FREE_DEFAULT_ON introduced in v5.3

[kconfig-hardened-check.git] / kconfig-hardened-check.py

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 5a384d0cdfa7b80a853dbb716c9fad6f087eb9d7..4eb9fb19d1d70bc24068ca961fbd375883c47537 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -192,6 +192,7 @@ def construct_checklist(checklist, arch):
     if debug_mode or arch == 'ARM64':
         checklist.append(OptCheck('UNMAP_KERNEL_AT_EL0',         'y', 'defconfig', 'self_protection'))
         checklist.append(OptCheck('HARDEN_EL2_VECTORS',          'y', 'defconfig', 'self_protection'))
+        checklist.append(OptCheck('RODATA_FULL_DEFAULT_ENABLED', 'y', 'defconfig', 'self_protection'))
     if debug_mode or arch == 'X86_64' or arch == 'ARM64':
         checklist.append(OptCheck('VMAP_STACK',                  'y', 'defconfig', 'self_protection'))
     if debug_mode or arch == 'X86_64' or arch == 'ARM64' or arch == 'X86_32':
@@ -274,6 +275,8 @@ def construct_checklist(checklist, arch):
     checklist.append(OR(OptCheck('INIT_STACK_ALL',                  'y', 'my', 'self_protection'), \
                         OptCheck('GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y', 'kspp', 'self_protection')))
     checklist.append(OptCheck('SLUB_DEBUG_ON',                      'y', 'my', 'self_protection'))
+    checklist.append(OptCheck('INIT_ON_ALLOC_DEFAULT_ON',           'y', 'my', 'self_protection'))
+    checklist.append(OptCheck('INIT_ON_FREE_DEFAULT_ON',            'y', 'my', 'self_protection'))
     checklist.append(OptCheck('SECURITY_LOADPIN',                   'y', 'my', 'self_protection')) # needs userspace support
     checklist.append(OptCheck('RESET_ATTACK_MITIGATION',            'y', 'my', 'self_protection')) # needs userspace support (systemd)
     checklist.append(AND(OptCheck('PAGE_POISONING_NO_SANITY',       'is not set', 'my', 'self_protection'), \