From: Alexander Popov Date: Fri, 29 Dec 2023 08:22:06 +0000 (+0300) Subject: Fix the 'decision' for the 'vdso32' check X-Git-Tag: v0.6.6~24 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=8a32124f1a38eaf2781cef0ee12a860b313b13d0;p=kconfig-hardened-check.git Fix the 'decision' for the 'vdso32' check --- diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index b89744b..42bfa45 100644 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -545,13 +545,13 @@ def add_cmdline_checks(l, arch): AND(KconfigCheck('cut_attack_surface', 'kspp', 'LEGACY_VSYSCALL_NONE', 'y'), CmdlineCheck('cut_attack_surface', 'kspp', 'vsyscall', 'is not set')))] l += [OR(CmdlineCheck('cut_attack_surface', 'my', 'vdso32', '1'), - CmdlineCheck('cut_attack_surface', 'my', 'vdso32', '0'), + CmdlineCheck('cut_attack_surface', 'kspp', 'vdso32', '0'), AND(KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set'), CmdlineCheck('cut_attack_surface', 'my', 'vdso32', 'is not set')))] # the vdso32 parameter must not be 2 if arch == 'X86_32': l += [OR(CmdlineCheck('cut_attack_surface', 'my', 'vdso32', '1'), CmdlineCheck('cut_attack_surface', 'my', 'vdso', '1'), - CmdlineCheck('cut_attack_surface', 'my', 'vdso32', '0'), + CmdlineCheck('cut_attack_surface', 'kspp', 'vdso32', '0'), CmdlineCheck('cut_attack_surface', 'my', 'vdso', '0'), AND(KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set'), CmdlineCheck('cut_attack_surface', 'my', 'vdso32', 'is not set'),