From 26b6e5b049d08f63b27c0e905eea57a34db1ab10 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 10 Mar 2024 03:00:24 +0300
Subject: [PATCH] Fix the false result of the REFCOUNT_FULL check for kernels >
 v5.4.208

Refers to #88, #89
---
 kernel_hardening_checker/checks.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 0290b0b..316408e 100644
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -52,7 +52,9 @@ def add_kconfig_checks(l, arch):
              KconfigCheck('self_protection', 'defconfig', 'DEBUG_SET_MODULE_RONX', 'y'),
              modules_not_set)] # DEBUG_SET_MODULE_RONX was before v4.11
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'REFCOUNT_FULL', 'y'),
-             VersionCheck((5, 5, 0)))] # REFCOUNT_FULL is enabled by default since v5.5
+             VersionCheck((5, 4, 208)))]
+             # REFCOUNT_FULL is enabled by default since v5.5,
+             # and this is backported to v5.4.208
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'INIT_STACK_ALL_ZERO', 'y'),
              KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y'))]
     if arch in ('X86_64', 'ARM64', 'X86_32'):
-- 
2.31.1