From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 1 Sep 2024 11:02:26 +0000 (+0300)
Subject: Update the AMD_IOMMU_V2 kconfig check
X-Git-Tag: v0.6.10~14
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=20129f0b418bd5cb3360043edc500b9177050a44;p=kconfig-hardened-check.git

Update the AMD_IOMMU_V2 kconfig check

AMD_IOMMU_V2 was dropped in v6.7 in the commit
5a0b11a180a9b82b4437a4be1cf73530053f139b
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 49019e0..104bd3d 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -258,8 +258,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
                  KconfigCheck('self_protection', 'kspp', 'SLS', 'y'))] # vs CVE-2021-26341 in Straight-Line-Speculation
         l += [AND(KconfigCheck('self_protection', 'kspp', 'INTEL_IOMMU_SVM', 'y'),
                   iommu_support_is_set)]
-        l += [AND(KconfigCheck('self_protection', 'kspp', 'AMD_IOMMU_V2', 'y'),
-                  iommu_support_is_set)]
+        l += [OR(KconfigCheck('self_protection', 'kspp', 'AMD_IOMMU_V2', 'y'),
+                 VersionCheck((6, 7, 0)))] # AMD_IOMMU_V2 was dropped in v6.7
     if arch == 'ARM64':
         l += [KconfigCheck('self_protection', 'kspp', 'ARM64_SW_TTBR0_PAN', 'y')]
         l += [KconfigCheck('self_protection', 'kspp', 'SHADOW_CALL_STACK', 'y')]