From e2c996e9059a09a90c5a372819d586780e56d2af Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 30 Dec 2023 21:30:14 +0300
Subject: [PATCH] Improve the hackish refinement of the
 CONFIG_ARCH_MMAP_RND_BITS check

Don't check CONFIG_ARCH_MMAP_RND_BITS if CONFIG_ARCH_MMAP_RND_BITS_MAX
was not found.
---
 kernel_hardening_checker/__init__.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py
index 212cf62..7cd3957 100644
--- a/kernel_hardening_checker/__init__.py
+++ b/kernel_hardening_checker/__init__.py
@@ -329,6 +329,10 @@ def main():
         mmap_rnd_bits_max = parsed_kconfig_options.get('CONFIG_ARCH_MMAP_RND_BITS_MAX', None)
         if mmap_rnd_bits_max:
             override_expected_value(config_checklist, 'CONFIG_ARCH_MMAP_RND_BITS', mmap_rnd_bits_max)
+        else:
+            # remove the CONFIG_ARCH_MMAP_RND_BITS check to avoid false results
+            print('[-] Can\'t check CONFIG_ARCH_MMAP_RND_BITS without CONFIG_ARCH_MMAP_RND_BITS_MAX')
+            config_checklist[:] = [o for o in config_checklist if o.name != 'CONFIG_ARCH_MMAP_RND_BITS']
 
         # now everything is ready, perform the checks
         perform_checks(config_checklist)
-- 
2.31.1