From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 10 Mar 2024 00:00:24 +0000 (+0300)
Subject: Fix the false result of the REFCOUNT_FULL check for kernels > v5.4.208
X-Git-Url: https://jxself.org/git/?p=kconfig-hardened-check.git;a=commitdiff_plain;h=26b6e5b049d08f63b27c0e905eea57a34db1ab10

Fix the false result of the REFCOUNT_FULL check for kernels > v5.4.208

Refers to #88, #89
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 0290b0b..316408e 100644
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -52,7 +52,9 @@ def add_kconfig_checks(l, arch):
              KconfigCheck('self_protection', 'defconfig', 'DEBUG_SET_MODULE_RONX', 'y'),
              modules_not_set)] # DEBUG_SET_MODULE_RONX was before v4.11
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'REFCOUNT_FULL', 'y'),
-             VersionCheck((5, 5, 0)))] # REFCOUNT_FULL is enabled by default since v5.5
+             VersionCheck((5, 4, 208)))]
+             # REFCOUNT_FULL is enabled by default since v5.5,
+             # and this is backported to v5.4.208
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'INIT_STACK_ALL_ZERO', 'y'),
              KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y'))]
     if arch in ('X86_64', 'ARM64', 'X86_32'):