From: Alexander Popov Date: Fri, 2 Sep 2022 11:38:18 +0000 (+0300) Subject: Fix the X86_SMAP check: it is enabled by default since v5.19 X-Git-Tag: v0.6.1~97 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=b9d4e55550339a8f5c3c43f4c412f3b5422d0df7;p=kconfig-hardened-check.git Fix the X86_SMAP check: it is enabled by default since v5.19 Refers to the issue #71 --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index e62fad6..2f9257a 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -348,7 +348,8 @@ def add_kconfig_checks(l, arch): if arch in ('X86_64', 'X86_32'): l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')] - l += [KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y')] + l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'), + VersionCheck((5, 19)))] # X86_SMAP is enabled by default since v5.19 l += [KconfigCheck('self_protection', 'defconfig', 'SYN_COOKIES', 'y')] # another reason? l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_UMIP', 'y'), KconfigCheck('self_protection', 'defconfig', 'X86_INTEL_UMIP', 'y'))]