Fix the X86_SMAP check: it is enabled by default since v5.19

Refers to the issue #71

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index e62fad6890ca0484dfd93d24d33f782b953b1993..2f9257a9464a70cec685198e28c83b293518a7bc 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -348,7 +348,8 @@ def add_kconfig_checks(l, arch):
     if arch in ('X86_64', 'X86_32'):
         l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs
         l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')]
-        l += [KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y')]
+        l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),
+                 VersionCheck((5, 19)))] # X86_SMAP is enabled by default since v5.19
         l += [KconfigCheck('self_protection', 'defconfig', 'SYN_COOKIES', 'y')] # another reason?
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_UMIP', 'y'),
                  KconfigCheck('self_protection', 'defconfig', 'X86_INTEL_UMIP', 'y'))]