From: Alexander Popov Date: Sat, 30 Dec 2023 18:30:14 +0000 (+0300) Subject: Improve the hackish refinement of the CONFIG_ARCH_MMAP_RND_BITS check X-Git-Tag: v0.6.6~20 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=e2c996e9059a09a90c5a372819d586780e56d2af;p=kconfig-hardened-check.git Improve the hackish refinement of the CONFIG_ARCH_MMAP_RND_BITS check Don't check CONFIG_ARCH_MMAP_RND_BITS if CONFIG_ARCH_MMAP_RND_BITS_MAX was not found. --- diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py index 212cf62..7cd3957 100644 --- a/kernel_hardening_checker/__init__.py +++ b/kernel_hardening_checker/__init__.py @@ -329,6 +329,10 @@ def main(): mmap_rnd_bits_max = parsed_kconfig_options.get('CONFIG_ARCH_MMAP_RND_BITS_MAX', None) if mmap_rnd_bits_max: override_expected_value(config_checklist, 'CONFIG_ARCH_MMAP_RND_BITS', mmap_rnd_bits_max) + else: + # remove the CONFIG_ARCH_MMAP_RND_BITS check to avoid false results + print('[-] Can\'t check CONFIG_ARCH_MMAP_RND_BITS without CONFIG_ARCH_MMAP_RND_BITS_MAX') + config_checklist[:] = [o for o in config_checklist if o.name != 'CONFIG_ARCH_MMAP_RND_BITS'] # now everything is ready, perform the checks perform_checks(config_checklist)