From: Alexander Popov Date: Tue, 17 Oct 2023 05:38:51 +0000 (+0300) Subject: Improve the slab_common.usercopy_fallback check X-Git-Tag: v0.6.6~64 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=547f6070a95e8253125c7f7efc3efbbb0731a4e1;p=kconfig-hardened-check.git Improve the slab_common.usercopy_fallback check Don't require slab_common.usercopy_fallback=0, since HARDENED_USERCOPY_FALLBACK was removed in Linux v5.16 --- diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index 2d9f8c9..7476fde 100644 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -478,10 +478,10 @@ def add_cmdline_checks(l, arch): l += [OR(CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', '1'), AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y'), CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', 'is not set')))] - l += [OR(CmdlineCheck('self_protection', 'kspp', 'slab_common.usercopy_fallback', '0'), - AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'), - CmdlineCheck('self_protection', 'kspp', 'slab_common.usercopy_fallback', 'is not set')))] - # ... the end + l += [AND(CmdlineCheck('self_protection', 'kspp', 'slab_common.usercopy_fallback', 'is not set'), + KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'))] + # don't require slab_common.usercopy_fallback=0, + # since HARDENED_USERCOPY_FALLBACK was removed in Linux v5.16 if arch in ('X86_64', 'ARM64', 'X86_32'): l += [OR(CmdlineCheck('self_protection', 'kspp', 'iommu.strict', '1'), AND(KconfigCheck('self_protection', 'kspp', 'IOMMU_DEFAULT_DMA_STRICT', 'y'),