projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
9f90a30
)
Fix the X86_SMAP check: it is enabled by default since v5.19
author
Alexander Popov
<alex.popov@linux.com>
Fri, 2 Sep 2022 11:38:18 +0000
(14:38 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Fri, 2 Sep 2022 11:38:42 +0000
(14:38 +0300)
Refers to the issue #71
kconfig_hardened_check/__init__.py
patch
|
blob
|
history
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index e62fad6890ca0484dfd93d24d33f782b953b1993..2f9257a9464a70cec685198e28c83b293518a7bc 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-348,7
+348,8
@@
def add_kconfig_checks(l, arch):
if arch in ('X86_64', 'X86_32'):
l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs
l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')]
if arch in ('X86_64', 'X86_32'):
l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs
l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')]
- l += [KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y')]
+ l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),
+ VersionCheck((5, 19)))] # X86_SMAP is enabled by default since v5.19
l += [KconfigCheck('self_protection', 'defconfig', 'SYN_COOKIES', 'y')] # another reason?
l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_UMIP', 'y'),
KconfigCheck('self_protection', 'defconfig', 'X86_INTEL_UMIP', 'y'))]
l += [KconfigCheck('self_protection', 'defconfig', 'SYN_COOKIES', 'y')] # another reason?
l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_UMIP', 'y'),
KconfigCheck('self_protection', 'defconfig', 'X86_INTEL_UMIP', 'y'))]