projects / kconfig-hardened-check.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 9f90a30)
Fix the X86_SMAP check: it is enabled by default since v5.19
authorAlexander Popov <alex.popov@linux.com>
Fri, 2 Sep 2022 11:38:18 +0000 (14:38 +0300)
committerAlexander Popov <alex.popov@linux.com>
Fri, 2 Sep 2022 11:38:42 +0000 (14:38 +0300)
Refers to the issue #71

kconfig_hardened_check/__init__.py patch | blob | history

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index e62fad6890ca0484dfd93d24d33f782b953b1993..2f9257a9464a70cec685198e28c83b293518a7bc 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -348,7 +348,8 @@ def add_kconfig_checks(l, arch):
     if arch in ('X86_64', 'X86_32'):
         l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs
         l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')]
-        l += [KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y')]
+        l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),
+                 VersionCheck((5, 19)))] # X86_SMAP is enabled by default since v5.19
         l += [KconfigCheck('self_protection', 'defconfig', 'SYN_COOKIES', 'y')] # another reason?
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_UMIP', 'y'),
                  KconfigCheck('self_protection', 'defconfig', 'X86_INTEL_UMIP', 'y'))]
kconfig-hardened-check