From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 14 Jan 2023 10:47:21 +0000 (+0300)
Subject: Add the COMPAT and X86_X32_ABI checks
X-Git-Tag: v0.6.1~19
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=f3ba594b3acbc154eeade43d87a76b90352ab1d1;p=kconfig-hardened-check.git

Add the COMPAT and X86_X32_ABI checks

KSPP has added them to the recommendations.

Refers to #74.
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 9434c68..48040dc 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -575,8 +575,10 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('cut_attack_surface', 'kspp', 'PROC_KCORE', 'is not set')] # refers to LOCKDOWN
     l += [KconfigCheck('cut_attack_surface', 'kspp', 'LEGACY_PTYS', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'kspp', 'HIBERNATION', 'is not set')] # refers to LOCKDOWN
+    l += [KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'kspp', 'IA32_EMULATION', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'kspp', 'X86_X32', 'is not set')]
+    l += [KconfigCheck('cut_attack_surface', 'kspp', 'X86_X32_ABI', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'kspp', 'MODIFY_LDT_SYSCALL', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'kspp', 'OABI_COMPAT', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'kspp', 'X86_MSR', 'is not set')] # refers to LOCKDOWN