From 3bdbc3ae2151be51359684bbef358a1e0133861a Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Thu, 21 Jul 2022 13:09:50 +0300
Subject: [PATCH] Improve the STACKPROTECTOR check

The Linux kernel 4.16-4.17 has a weird STACKPROTECTOR configuration:
CC_STACKPROTECTOR_NONE -- stackprotector is disabled;
CC_STACKPROTECTOR_REGULAR -- similar to current STACKPROTECTOR;
CC_STACKPROTECTOR_STRONG -- similar to current STACKPROTECTOR_STRONG;
CC_STACKPROTECTOR_AUTO -- the best stack-protector that compiler provides.
These options are mutually exclusive.

Let's improve the STACKPROTECTOR check:
- Add CC_STACKPROTECTOR_REGULAR as a valid alternative name of this option;
- Add CC_STACKPROTECTOR_STRONG to avoid false negative result;
- Add CC_STACKPROTECTOR_AUTO hoping that it enables at least STACKPROTECTOR.

The STACKPROTECTOR_STRONG check still requires explicit configuration, not
CC_STACKPROTECTOR_AUTO.

Thanks to @izh1979 for the idea
---
 kconfig_hardened_check/__init__.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 3daddcb..b6e2cc3 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -321,7 +321,10 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('self_protection', 'defconfig', 'SLUB_DEBUG', 'y')]
     l += [KconfigCheck('self_protection', 'defconfig', 'GCC_PLUGINS', 'y')]
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'STACKPROTECTOR', 'y'),
-             KconfigCheck('self_protection', 'defconfig', 'CC_STACKPROTECTOR', 'y'))]
+             KconfigCheck('self_protection', 'defconfig', 'CC_STACKPROTECTOR', 'y'),
+             KconfigCheck('self_protection', 'defconfig', 'CC_STACKPROTECTOR_REGULAR', 'y'),
+             KconfigCheck('self_protection', 'defconfig', 'CC_STACKPROTECTOR_AUTO', 'y'),
+             KconfigCheck('self_protection', 'defconfig', 'CC_STACKPROTECTOR_STRONG', 'y'))]
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'STACKPROTECTOR_STRONG', 'y'),
              KconfigCheck('self_protection', 'defconfig', 'CC_STACKPROTECTOR_STRONG', 'y'))]
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'STRICT_KERNEL_RWX', 'y'),
-- 
2.31.1