Improve the CONFIG_GCC_PLUGIN_STRUCTLEAK check

author Alexander Popov <alex.popov@linux.com>

Sun, 11 Aug 2024 14:36:49 +0000 (17:36 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 11 Aug 2024 14:36:49 +0000 (17:36 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 11 Aug 2024 14:36:49 +0000 (17:36 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 11 Aug 2024 14:36:49 +0000 (17:36 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index 378a7d7a4e6f9188246e5f4e727364203e7cb24a..a6c6bb9d053b433b915c802a86cbfe8524dcc366 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -59,7 +59,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
               # REFCOUNT_FULL is enabled by default since v5.5,
               # and this is backported to v5.4.208
      l += [OR(KconfigCheck('self_protection', 'defconfig', 'INIT_STACK_ALL_ZERO', 'y'),
-             KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y'))]
+             AND(KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STRUCTLEAK', 'y'),
+                 KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y')))]
      if arch in ('X86_64', 'ARM64', 'X86_32'):
          l += [KconfigCheck('self_protection', 'defconfig', 'RANDOMIZE_BASE', 'y')]
      vmap_stack_is_set = KconfigCheck('self_protection', 'defconfig', 'VMAP_STACK', 'y')
author	Alexander Popov <alex.popov@linux.com>
	Sun, 11 Aug 2024 14:36:49 +0000 (17:36 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 11 Aug 2024 14:36:49 +0000 (17:36 +0300)