From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 27 May 2023 05:50:35 +0000 (+0300)
Subject: Add the comments about HARDENED_USERCOPY features
X-Git-Tag: v0.6.6~155
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;ds=inline;h=5d9e4f837c23bdd2714462903e774cf0e0dd8322;p=kconfig-hardened-check.git

Add the comments about HARDENED_USERCOPY features
---

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index feba364..cda3df8 100644
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -166,9 +166,9 @@ def add_kconfig_checks(l, arch):
     hardened_usercopy_is_set = KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y')
     l += [hardened_usercopy_is_set]
     l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'),
-              hardened_usercopy_is_set)]
+              hardened_usercopy_is_set)] # usercopy whitelist violations should be prohibited
     l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_PAGESPAN', 'is not set'),
-              hardened_usercopy_is_set)]
+              hardened_usercopy_is_set)] # this debugging for HARDENED_USERCOPY is not needed for security
     l += [AND(KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_LATENT_ENTROPY', 'y'),
               gcc_plugins_support_is_set)]
     l += [OR(KconfigCheck('self_protection', 'kspp', 'MODULE_SIG', 'y'),