Update the AMD_IOMMU_V2 kconfig check

author Alexander Popov <alex.popov@linux.com>

Sun, 1 Sep 2024 11:02:26 +0000 (14:02 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 1 Sep 2024 11:02:26 +0000 (14:02 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 1 Sep 2024 11:02:26 +0000 (14:02 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 1 Sep 2024 11:02:26 +0000 (14:02 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index 49019e0b01b029d948e7525048bcb1dcbf6e4ab7..104bd3df46ee07811106c4d06c147c2ff5c638ee 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -258,8 +258,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
                   KconfigCheck('self_protection', 'kspp', 'SLS', 'y'))] # vs CVE-2021-26341 in Straight-Line-Speculation
          l += [AND(KconfigCheck('self_protection', 'kspp', 'INTEL_IOMMU_SVM', 'y'),
                    iommu_support_is_set)]
-        l += [AND(KconfigCheck('self_protection', 'kspp', 'AMD_IOMMU_V2', 'y'),
-                  iommu_support_is_set)]
+        l += [OR(KconfigCheck('self_protection', 'kspp', 'AMD_IOMMU_V2', 'y'),
+                 VersionCheck((6, 7, 0)))] # AMD_IOMMU_V2 was dropped in v6.7
      if arch == 'ARM64':
          l += [KconfigCheck('self_protection', 'kspp', 'ARM64_SW_TTBR0_PAN', 'y')]
          l += [KconfigCheck('self_protection', 'kspp', 'SHADOW_CALL_STACK', 'y')]
author	Alexander Popov <alex.popov@linux.com>
	Sun, 1 Sep 2024 11:02:26 +0000 (14:02 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 1 Sep 2024 11:02:26 +0000 (14:02 +0300)