From 20129f0b418bd5cb3360043edc500b9177050a44 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Sun, 1 Sep 2024 14:02:26 +0300 Subject: [PATCH] Update the AMD_IOMMU_V2 kconfig check AMD_IOMMU_V2 was dropped in v6.7 in the commit 5a0b11a180a9b82b4437a4be1cf73530053f139b --- kernel_hardening_checker/checks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index 49019e0..104bd3d 100755 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -258,8 +258,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None: KconfigCheck('self_protection', 'kspp', 'SLS', 'y'))] # vs CVE-2021-26341 in Straight-Line-Speculation l += [AND(KconfigCheck('self_protection', 'kspp', 'INTEL_IOMMU_SVM', 'y'), iommu_support_is_set)] - l += [AND(KconfigCheck('self_protection', 'kspp', 'AMD_IOMMU_V2', 'y'), - iommu_support_is_set)] + l += [OR(KconfigCheck('self_protection', 'kspp', 'AMD_IOMMU_V2', 'y'), + VersionCheck((6, 7, 0)))] # AMD_IOMMU_V2 was dropped in v6.7 if arch == 'ARM64': l += [KconfigCheck('self_protection', 'kspp', 'ARM64_SW_TTBR0_PAN', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'SHADOW_CALL_STACK', 'y')] -- 2.31.1