From: Alexander Popov <alex.popov@linux.com>
Date: Wed, 3 Jul 2024 13:38:13 +0000 (+0300)
Subject: Update the KFENCE_SAMPLE_INTERVAL check
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=0341dcaab00a45a699f580ea2a712dab0e6475f7;hp=d58989986070e871e1244e29019ae0cfb20a3f5b;p=kconfig-hardened-check.git

Update the KFENCE_SAMPLE_INTERVAL check
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index c2440cf..b33e3d9 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -166,7 +166,7 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
              vmap_stack_is_set)]
     kfence_is_set = KconfigCheck('self_protection', 'kspp', 'KFENCE', 'y')
     l += [kfence_is_set]
-    l += [AND(KconfigCheck('self_protection', 'kspp', 'KFENCE_SAMPLE_INTERVAL', 'is not off'),
+    l += [AND(KconfigCheck('self_protection', 'kspp', 'KFENCE_SAMPLE_INTERVAL', '100'),
               kfence_is_set)]
     randstruct_is_set = OR(KconfigCheck('self_protection', 'kspp', 'RANDSTRUCT_FULL', 'y'),
                            KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_RANDSTRUCT', 'y'))
@@ -575,7 +575,7 @@ def add_cmdline_checks(l: List[ChecklistObjType], arch: str) -> None:
 
     # 'self_protection', 'a13xp0p0v'
     l += [OR(CmdlineCheck('self_protection', 'a13xp0p0v', 'kfence.sample_interval', 'is not off'),
-             AND(KconfigCheck('self_protection', 'a13xp0p0v', 'KFENCE_SAMPLE_INTERVAL', 'is not off'),
+             AND(KconfigCheck('self_protection', 'kspp', 'KFENCE_SAMPLE_INTERVAL', '100'),
                  CmdlineCheck('self_protection', 'a13xp0p0v', 'kfence.sample_interval', 'is not set')))]
 
     # 'cut_attack_surface', 'defconfig'