From: Alexander Popov Date: Tue, 17 Oct 2023 20:23:31 +0000 (+0300) Subject: Fix the reason for the nosmt check X-Git-Tag: v0.6.6~51 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=b68d118a4c2a4e40c458f1498bc3948f6881a959;p=kconfig-hardened-check.git Fix the reason for the nosmt check Use 'cut_attack_surface'. --- diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index 0a10ae7..d1c83db 100644 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -458,7 +458,6 @@ def add_cmdline_checks(l, arch): # 'self_protection', 'kspp' l += [CmdlineCheck('self_protection', 'kspp', 'mitigations', 'auto,nosmt')] - l += [CmdlineCheck('self_protection', 'kspp', 'nosmt', 'is present')] # slow (high performance penalty) l += [CmdlineCheck('self_protection', 'kspp', 'slab_merge', 'is not set')] # consequence of 'slab_nomerge' by kspp l += [CmdlineCheck('self_protection', 'kspp', 'slub_merge', 'is not set')] # consequence of 'slab_nomerge' by kspp l += [CmdlineCheck('self_protection', 'kspp', 'page_alloc.shuffle', '1')] @@ -507,6 +506,7 @@ def add_cmdline_checks(l, arch): CmdlineCheck('cut_attack_surface', 'defconfig', 'tsx', 'is not set')))] # 'cut_attack_surface', 'kspp' + l += [CmdlineCheck('cut_attack_surface', 'kspp', 'nosmt', 'is present')] # slow (high performance penalty) if arch == 'X86_64': l += [OR(CmdlineCheck('cut_attack_surface', 'kspp', 'vsyscall', 'none'), KconfigCheck('cut_attack_surface', 'kspp', 'X86_VSYSCALL_EMULATION', 'is not set'),