From: Alexander Popov Date: Sun, 23 Oct 2022 16:14:46 +0000 (+0300) Subject: Fix the SCHED_CORE check: it's now available for ARM64 and ARM X-Git-Tag: v0.6.1~60 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=cfb4075cf996cba050abbf56f7c6284c63145042;p=kconfig-hardened-check.git Fix the SCHED_CORE check: it's now available for ARM64 and ARM --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index bc63334..3e50349 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -426,6 +426,7 @@ def add_kconfig_checks(l, arch): l += [KconfigCheck('self_protection', 'kspp', 'ZERO_CALL_USED_REGS', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'HW_RANDOM_TPM', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'STATIC_USERMODEHELPER', 'y')] # needs userspace support + l += [KconfigCheck('self_protection', 'kspp', 'SCHED_CORE', 'y')] randstruct_is_set = OR(KconfigCheck('self_protection', 'kspp', 'RANDSTRUCT_FULL', 'y'), KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_RANDSTRUCT', 'y')) l += [randstruct_is_set] @@ -490,7 +491,6 @@ def add_kconfig_checks(l, arch): l += [AND(KconfigCheck('self_protection', 'kspp', 'CFI_PERMISSIVE', 'is not set'), cfi_clang_is_set)] if arch in ('X86_64', 'X86_32'): - l += [KconfigCheck('self_protection', 'kspp', 'SCHED_CORE', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'DEFAULT_MMAP_MIN_ADDR', '65536')] l += [AND(KconfigCheck('self_protection', 'kspp', 'INTEL_IOMMU_DEFAULT_ON', 'y'), iommu_support_is_set)]