projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
ce87587
)
Add INIT_STACK_ALL as an alternative to GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
author
Alexander Popov
<alex.popov@linux.com>
Thu, 22 Aug 2019 10:43:46 +0000
(13:43 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Thu, 22 Aug 2019 10:43:46 +0000
(13:43 +0300)
kconfig-hardened-check.py
patch
|
blob
|
history
diff --git
a/kconfig-hardened-check.py
b/kconfig-hardened-check.py
index f431dd070286d7bf21e2acfa4c20e999757cf75a..d76a5fa1c3b1ad6eb7a58bc400eea07a9fb493dd 100755
(executable)
--- a/
kconfig-hardened-check.py
+++ b/
kconfig-hardened-check.py
@@
-212,8
+212,6
@@
def construct_checklist(checklist, arch):
checklist.append(OptCheck('GCC_PLUGINS', 'y', 'kspp', 'self_protection'))
randstruct_is_set = OptCheck('GCC_PLUGIN_RANDSTRUCT', 'y', 'kspp', 'self_protection')
checklist.append(randstruct_is_set)
checklist.append(OptCheck('GCC_PLUGINS', 'y', 'kspp', 'self_protection'))
randstruct_is_set = OptCheck('GCC_PLUGIN_RANDSTRUCT', 'y', 'kspp', 'self_protection')
checklist.append(randstruct_is_set)
- checklist.append(OptCheck('GCC_PLUGIN_STRUCTLEAK', 'y', 'kspp', 'self_protection'))
- checklist.append(OptCheck('GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y', 'kspp', 'self_protection'))
checklist.append(OptCheck('GCC_PLUGIN_LATENT_ENTROPY', 'y', 'kspp', 'self_protection'))
checklist.append(OptCheck('DEBUG_LIST', 'y', 'kspp', 'self_protection'))
checklist.append(OptCheck('DEBUG_SG', 'y', 'kspp', 'self_protection'))
checklist.append(OptCheck('GCC_PLUGIN_LATENT_ENTROPY', 'y', 'kspp', 'self_protection'))
checklist.append(OptCheck('DEBUG_LIST', 'y', 'kspp', 'self_protection'))
checklist.append(OptCheck('DEBUG_SG', 'y', 'kspp', 'self_protection'))
@@
-272,6
+270,8
@@
def construct_checklist(checklist, arch):
checklist.append(AND(OptCheck('INTEL_IOMMU_DEFAULT_ON', 'y', 'clipos', 'self_protection'), \
iommu_support_is_set))
checklist.append(AND(OptCheck('INTEL_IOMMU_DEFAULT_ON', 'y', 'clipos', 'self_protection'), \
iommu_support_is_set))
+ checklist.append(OR(OptCheck('INIT_STACK_ALL', 'y', 'my', 'self_protection'), \
+ OptCheck('GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y', 'kspp', 'self_protection')))
if debug_mode or arch == 'X86_64':
checklist.append(AND(OptCheck('AMD_IOMMU', 'y', 'my', 'self_protection'), \
iommu_support_is_set))
if debug_mode or arch == 'X86_64':
checklist.append(AND(OptCheck('AMD_IOMMU', 'y', 'my', 'self_protection'), \
iommu_support_is_set))