From: Alexander Popov <alex.popov@linux.com>
Date: Thu, 28 Dec 2023 13:20:47 +0000 (+0300)
Subject: Fix the arch condition for the SCHED_CORE check (III)
X-Git-Tag: v0.6.6~26
X-Git-Url: https://jxself.org/git/?p=kconfig-hardened-check.git;a=commitdiff_plain;h=c1452a28c0e28c72c1b213c66209b6a0f1b97d68

Fix the arch condition for the SCHED_CORE check (III)

SCHED_CORE is finally available for ARM64 and ARM.

SCHED_SMT was needed for that.
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 2bd54b2..98b3d9c 100644
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -130,6 +130,7 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('self_protection', 'kspp', 'DEBUG_NOTIFIERS', 'y')]
     l += [KconfigCheck('self_protection', 'kspp', 'INIT_ON_ALLOC_DEFAULT_ON', 'y')]
     l += [KconfigCheck('self_protection', 'kspp', 'STATIC_USERMODEHELPER', 'y')] # needs userspace support
+    l += [KconfigCheck('self_protection', 'kspp', 'SCHED_CORE', 'y')]
     kfence_is_set = KconfigCheck('self_protection', 'kspp', 'KFENCE', 'y')
     l += [kfence_is_set]
     l += [AND(KconfigCheck('self_protection', 'my', 'KFENCE_SAMPLE_INTERVAL', 'is not off'),
@@ -199,7 +200,6 @@ def add_kconfig_checks(l, arch):
                   cfi_clang_is_set)]
     if arch in ('X86_64', 'X86_32'):
         l += [KconfigCheck('self_protection', 'kspp', 'HW_RANDOM_TPM', 'y')]
-        l += [KconfigCheck('self_protection', 'kspp', 'SCHED_CORE', 'y')]
         l += [KconfigCheck('self_protection', 'kspp', 'DEFAULT_MMAP_MIN_ADDR', '65536')]
         l += [KconfigCheck('self_protection', 'kspp', 'IOMMU_DEFAULT_DMA_STRICT', 'y')]
         l += [KconfigCheck('self_protection', 'kspp', 'IOMMU_DEFAULT_PASSTHROUGH', 'is not set')] # true if IOMMU_DEFAULT_DMA_STRICT is set