From b9d4e55550339a8f5c3c43f4c412f3b5422d0df7 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Fri, 2 Sep 2022 14:38:18 +0300
Subject: [PATCH] Fix the X86_SMAP check: it is enabled by default since v5.19

Refers to the issue #71
---
 kconfig_hardened_check/__init__.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index e62fad6..2f9257a 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -348,7 +348,8 @@ def add_kconfig_checks(l, arch):
     if arch in ('X86_64', 'X86_32'):
         l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs
         l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')]
-        l += [KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y')]
+        l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),
+                 VersionCheck((5, 19)))] # X86_SMAP is enabled by default since v5.19
         l += [KconfigCheck('self_protection', 'defconfig', 'SYN_COOKIES', 'y')] # another reason?
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_UMIP', 'y'),
                  KconfigCheck('self_protection', 'defconfig', 'X86_INTEL_UMIP', 'y'))]
-- 
2.31.1