Do not check CONFIG_HARDEN_EL2_VECTORS for v5.9+

[kconfig-hardened-check.git] / kconfig_hardened_check / __init__.py

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 937b3a0c6a72107e2f06d694369c68ff813dd696..0d1e10cfd9a2f22bad8cdf00dc5c704254c32ad4 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -293,7 +293,8 @@ def construct_checklist(l, arch):
     if arch == 'ARM64':
         l += [OptCheck('self_protection', 'defconfig', 'ARM64_PAN', 'y')]
         l += [OptCheck('self_protection', 'defconfig', 'UNMAP_KERNEL_AT_EL0', 'y')]
-        l += [OptCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y')]
+        l += [OR(OptCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y'),
+                 VerCheck((5,9)))] # HARDEN_EL2_VECTORS was removed in v5.9
         l += [OptCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y')]
         l += [OptCheck('self_protection', 'defconfig', 'ARM64_PTR_AUTH', 'y')]
     if arch in ('X86_64', 'ARM64'):
@@ -379,7 +380,7 @@ def construct_checklist(l, arch):
                   iommu_support_is_set)]
 
     # 'self_protection', 'my'
-    l += [OptCheck('self_protection', 'my', 'SLUB_DEBUG_ON', 'y')]
+    l += [OptCheck('self_protection', 'my', 'SLUB_DEBUG_ON', 'y')] # TODO: is it better to set that via kernel cmd?
     l += [OptCheck('self_protection', 'my', 'RESET_ATTACK_MITIGATION', 'y')] # needs userspace support (systemd)
     if arch == 'X86_64':
         l += [AND(OptCheck('self_protection', 'my', 'AMD_IOMMU_V2', 'y'),