Add rodata check for ARM64

author Alexander Popov <alex.popov@linux.com>

Sun, 17 Jul 2022 11:03:33 +0000 (14:03 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 17 Jul 2022 11:03:33 +0000 (14:03 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 17 Jul 2022 11:03:33 +0000 (14:03 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 17 Jul 2022 11:03:33 +0000 (14:03 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 0d6a470e9b4487837d8e15d6c98b74bc6361de3e..ef8e0df2187aa8f65b3eace1adcefd76ec15d060 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -33,7 +33,6 @@
  #
  #    Should NOT be set:
  #           nokaslr
-#           rodata=off
  #           sysrq_always_enabled
  #           arm64.nobti
  #           arm64.nopauth
@@ -646,6 +645,11 @@ def add_cmdline_checks(l, arch):
      # Don't add CmdlineChecks in add_kconfig_checks() to avoid wrong results
      # when the tool doesn't check the cmdline.
  
+    if arch == 'ARM64':
+        l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
+                 AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
+                     CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set')))]
+
      l += [OR(CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', '1'),
               AND(KconfigCheck('self_protection', 'kspp', 'INIT_ON_ALLOC_DEFAULT_ON', 'y'),
                   CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', 'is not set')))]
author	Alexander Popov <alex.popov@linux.com>
	Sun, 17 Jul 2022 11:03:33 +0000 (14:03 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 17 Jul 2022 11:03:33 +0000 (14:03 +0300)