From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 17 Jul 2022 11:03:33 +0000 (+0300)
Subject: Add rodata check for ARM64
X-Git-Tag: v0.6.1~125
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=9cdd06a1b862e02869a3d032e07026d6e5ced080;p=kconfig-hardened-check.git

Add rodata check for ARM64
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 0d6a470..ef8e0df 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -33,7 +33,6 @@
 #
 #    Should NOT be set:
 #           nokaslr
-#           rodata=off
 #           sysrq_always_enabled
 #           arm64.nobti
 #           arm64.nopauth
@@ -646,6 +645,11 @@ def add_cmdline_checks(l, arch):
     # Don't add CmdlineChecks in add_kconfig_checks() to avoid wrong results
     # when the tool doesn't check the cmdline.
 
+    if arch == 'ARM64':
+        l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
+                 AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
+                     CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set')))]
+
     l += [OR(CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', '1'),
              AND(KconfigCheck('self_protection', 'kspp', 'INIT_ON_ALLOC_DEFAULT_ON', 'y'),
                  CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', 'is not set')))]