projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d589899
)
Update the KFENCE_SAMPLE_INTERVAL check
author
Alexander Popov
<alex.popov@linux.com>
Wed, 3 Jul 2024 13:38:13 +0000
(16:38 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Wed, 3 Jul 2024 13:38:13 +0000
(16:38 +0300)
kernel_hardening_checker/checks.py
patch
|
blob
|
history
diff --git
a/kernel_hardening_checker/checks.py
b/kernel_hardening_checker/checks.py
index c2440cfc33850cd2cc41905e30475f23db7e3f10..b33e3d919513d127690454d8c43bdf59919d319b 100755
(executable)
--- a/
kernel_hardening_checker/checks.py
+++ b/
kernel_hardening_checker/checks.py
@@
-166,7
+166,7
@@
def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
vmap_stack_is_set)]
kfence_is_set = KconfigCheck('self_protection', 'kspp', 'KFENCE', 'y')
l += [kfence_is_set]
vmap_stack_is_set)]
kfence_is_set = KconfigCheck('self_protection', 'kspp', 'KFENCE', 'y')
l += [kfence_is_set]
- l += [AND(KconfigCheck('self_protection', 'kspp', 'KFENCE_SAMPLE_INTERVAL', '
is not off
'),
+ l += [AND(KconfigCheck('self_protection', 'kspp', 'KFENCE_SAMPLE_INTERVAL', '
100
'),
kfence_is_set)]
randstruct_is_set = OR(KconfigCheck('self_protection', 'kspp', 'RANDSTRUCT_FULL', 'y'),
KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_RANDSTRUCT', 'y'))
kfence_is_set)]
randstruct_is_set = OR(KconfigCheck('self_protection', 'kspp', 'RANDSTRUCT_FULL', 'y'),
KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_RANDSTRUCT', 'y'))
@@
-575,7
+575,7
@@
def add_cmdline_checks(l: List[ChecklistObjType], arch: str) -> None:
# 'self_protection', 'a13xp0p0v'
l += [OR(CmdlineCheck('self_protection', 'a13xp0p0v', 'kfence.sample_interval', 'is not off'),
# 'self_protection', 'a13xp0p0v'
l += [OR(CmdlineCheck('self_protection', 'a13xp0p0v', 'kfence.sample_interval', 'is not off'),
- AND(KconfigCheck('self_protection', '
a13xp0p0v', 'KFENCE_SAMPLE_INTERVAL', 'is not off
'),
+ AND(KconfigCheck('self_protection', '
kspp', 'KFENCE_SAMPLE_INTERVAL', '100
'),
CmdlineCheck('self_protection', 'a13xp0p0v', 'kfence.sample_interval', 'is not set')))]
# 'cut_attack_surface', 'defconfig'
CmdlineCheck('self_protection', 'a13xp0p0v', 'kfence.sample_interval', 'is not set')))]
# 'cut_attack_surface', 'defconfig'