Remove `if arch` for the X86_VSYSCALL_EMULATION check

It requires 'is not set' anyway.

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 96da7bf8ddd007d80a17f55df47e7571c354bb68..48f53ef6b747f653305d45794d2253d26d9a32cb 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -339,15 +339,14 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
              devmem_not_set)] # refers to LOCKDOWN
     l += [AND(KconfigCheck('cut_attack_surface', 'kspp', 'LDISC_AUTOLOAD', 'is not set'),
               KconfigCheck('cut_attack_surface', 'kspp', 'LDISC_AUTOLOAD', 'is present'))]
+    l += [OR(KconfigCheck('cut_attack_surface', 'kspp', 'X86_VSYSCALL_EMULATION', 'is not set'),
+             KconfigCheck('cut_attack_surface', 'kspp', 'LEGACY_VSYSCALL_NONE', 'y'))]
+             # disabling X86_VSYSCALL_EMULATION turns vsyscall off completely,
+             # and LEGACY_VSYSCALL_NONE can be changed at boot time via the cmdline parameter
     if arch in ('X86_64', 'X86_32'):
         l += [KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set')]
               # CONFIG_COMPAT_VDSO disabled ASLR of vDSO only on X86_64 and X86_32;
               # on ARM64 this option has different meaning
-    if arch == 'X86_64':
-        l += [OR(KconfigCheck('cut_attack_surface', 'kspp', 'X86_VSYSCALL_EMULATION', 'is not set'),
-                 KconfigCheck('cut_attack_surface', 'kspp', 'LEGACY_VSYSCALL_NONE', 'y'))]
-                 # disabling X86_VSYSCALL_EMULATION turns vsyscall off completely,
-                 # and LEGACY_VSYSCALL_NONE can be changed at boot time via the cmdline parameter
     if arch == 'ARM':
         l += [OR(KconfigCheck('cut_attack_surface', 'kspp', 'STRICT_DEVMEM', 'y'),
                  devmem_not_set)] # refers to LOCKDOWN