Add a tricky check for init_on_alloc and INIT_ON_ALLOC_DEFAULT_ON

author Alexander Popov <alex.popov@linux.com>

Sun, 19 Jun 2022 19:49:03 +0000 (22:49 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 19 Jun 2022 19:49:03 +0000 (22:49 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 19 Jun 2022 19:49:03 +0000 (22:49 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 19 Jun 2022 19:49:03 +0000 (22:49 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 2938c98682f556693af43db9db6124f1ebd11047..ac2d6f65847662ca9d4f96ad96cb67102190c8d2 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -16,7 +16,6 @@
  #    iommu.passthrough=0
  #    iommu.strict=1
  #    slub_debug=FZ (slow)
-#    init_on_alloc=1 (since v5.3)
  #    init_on_free=1 (since v5.3, otherwise slub_debug=P and page_poison=1)
  #    loadpin.enforce=1
  #    debugfs=no-mount (or off if possible)
@@ -650,6 +649,10 @@ def add_cmdline_checks(l, arch):
      # Calling the CmdlineCheck class constructor:
      #     CmdlineCheck(reason, decision, name, expected)
  
+    l += [OR(CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', '1'),
+             AND(KconfigCheck('self_protection', 'kspp', 'INIT_ON_ALLOC_DEFAULT_ON', 'y'),
+                 CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', 'is not set')))]
+
      if arch in ('X86_64', 'X86_32'):
          l += [CmdlineCheck('self_protection', 'kspp', 'pti', 'on')]
      # TODO: add other
author	Alexander Popov <alex.popov@linux.com>
	Sun, 19 Jun 2022 19:49:03 +0000 (22:49 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 19 Jun 2022 19:49:03 +0000 (22:49 +0300)