l += [KconfigCheck('self_protection', 'kspp', 'DEBUG_NOTIFIERS', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'INIT_ON_ALLOC_DEFAULT_ON', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'STATIC_USERMODEHELPER', 'y')] # needs userspace support
+ l += [KconfigCheck('self_protection', 'kspp', 'SCHED_CORE', 'y')]
kfence_is_set = KconfigCheck('self_protection', 'kspp', 'KFENCE', 'y')
l += [kfence_is_set]
l += [AND(KconfigCheck('self_protection', 'my', 'KFENCE_SAMPLE_INTERVAL', 'is not off'),
cfi_clang_is_set)]
if arch in ('X86_64', 'X86_32'):
l += [KconfigCheck('self_protection', 'kspp', 'HW_RANDOM_TPM', 'y')]
- l += [KconfigCheck('self_protection', 'kspp', 'SCHED_CORE', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'DEFAULT_MMAP_MIN_ADDR', '65536')]
l += [KconfigCheck('self_protection', 'kspp', 'IOMMU_DEFAULT_DMA_STRICT', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'IOMMU_DEFAULT_PASSTHROUGH', 'is not set')] # true if IOMMU_DEFAULT_DMA_STRICT is set
CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', 'is not set')))]
l += [AND(CmdlineCheck('self_protection', 'kspp', 'slab_common.usercopy_fallback', 'is not set'),
KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'))]
- # don't require slab_common.usercopy_fallback=0,
- # since HARDENED_USERCOPY_FALLBACK was removed in Linux v5.16
+ # Consequence of the HARDENED_USERCOPY_FALLBACK check by kspp.
+ # Don't require slab_common.usercopy_fallback=0,
+ # since HARDENED_USERCOPY_FALLBACK was removed in Linux v5.16.
if arch in ('X86_64', 'ARM64', 'X86_32'):
l += [OR(CmdlineCheck('self_protection', 'kspp', 'iommu.strict', '1'),
AND(KconfigCheck('self_protection', 'kspp', 'IOMMU_DEFAULT_DMA_STRICT', 'y'),