Add a check for the 'kfence.sample_interval' boot parameter

author Alexander Popov <alex.popov@linux.com>

Sat, 2 Dec 2023 10:49:42 +0000 (13:49 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 2 Dec 2023 10:49:42 +0000 (13:49 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 2 Dec 2023 10:49:42 +0000 (13:49 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 2 Dec 2023 10:49:42 +0000 (13:49 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index 98659299022b2ffbbbde151762db257ca2929f0b..d02eb4b8e0b94d5564051f893396e569b7c8743d 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -502,6 +502,11 @@ def add_cmdline_checks(l, arch):
      if arch in ('X86_64', 'X86_32'):
          l += [CmdlineCheck('self_protection', 'clipos', 'iommu', 'force')]
  
+    # 'self_protection', 'my'
+    l += [OR(CmdlineCheck('self_protection', 'my', 'kfence.sample_interval', 'is not off'),
+             AND(KconfigCheck('self_protection', 'my', 'KFENCE_SAMPLE_INTERVAL', 'is not off'),
+                 CmdlineCheck('self_protection', 'my', 'kfence.sample_interval', 'is not set')))]
+
      # 'cut_attack_surface', 'defconfig'
      if arch in ('X86_64', 'X86_32'):
          l += [OR(CmdlineCheck('cut_attack_surface', 'defconfig', 'tsx', 'off'),
author	Alexander Popov <alex.popov@linux.com>
	Sat, 2 Dec 2023 10:49:42 +0000 (13:49 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 2 Dec 2023 10:49:42 +0000 (13:49 +0300)