projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
83ae91c
)
Enabling page_alloc.shuffle is now recommended by KSPP
author
Alexander Popov
<alex.popov@linux.com>
Mon, 16 Oct 2023 20:40:15 +0000
(23:40 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Mon, 16 Oct 2023 20:40:15 +0000
(23:40 +0300)
kernel_hardening_checker/checks.py
patch
|
blob
|
history
diff --git
a/kernel_hardening_checker/checks.py
b/kernel_hardening_checker/checks.py
index f1530f58af99a6bf403ad96bd4dbffdb657be578..a05b07f6cd68fd29ea5b7fc3630d755a396ebee9 100644
(file)
--- a/
kernel_hardening_checker/checks.py
+++ b/
kernel_hardening_checker/checks.py
@@
-461,6
+461,7
@@
def add_cmdline_checks(l, arch):
l += [CmdlineCheck('self_protection', 'kspp', 'nosmt', 'is present')] # slow (high performance penalty)
l += [CmdlineCheck('self_protection', 'kspp', 'slab_merge', 'is not set')] # consequence of 'slab_nomerge' by kspp
l += [CmdlineCheck('self_protection', 'kspp', 'slub_merge', 'is not set')] # consequence of 'slab_nomerge' by kspp
l += [CmdlineCheck('self_protection', 'kspp', 'nosmt', 'is present')] # slow (high performance penalty)
l += [CmdlineCheck('self_protection', 'kspp', 'slab_merge', 'is not set')] # consequence of 'slab_nomerge' by kspp
l += [CmdlineCheck('self_protection', 'kspp', 'slub_merge', 'is not set')] # consequence of 'slab_nomerge' by kspp
+ l += [CmdlineCheck('self_protection', 'kspp', 'page_alloc.shuffle', '1')]
l += [OR(CmdlineCheck('self_protection', 'kspp', 'slab_nomerge', 'is present'),
AND(KconfigCheck('self_protection', 'clipos', 'SLAB_MERGE_DEFAULT', 'is not set'),
CmdlineCheck('self_protection', 'kspp', 'slab_merge', 'is not set'),
l += [OR(CmdlineCheck('self_protection', 'kspp', 'slab_nomerge', 'is present'),
AND(KconfigCheck('self_protection', 'clipos', 'SLAB_MERGE_DEFAULT', 'is not set'),
CmdlineCheck('self_protection', 'kspp', 'slab_merge', 'is not set'),
@@
-497,7
+498,6
@@
def add_cmdline_checks(l, arch):
CmdlineCheck('self_protection', 'defconfig', 'nopti', 'is not set'))]
# 'self_protection', 'clipos'
CmdlineCheck('self_protection', 'defconfig', 'nopti', 'is not set'))]
# 'self_protection', 'clipos'
- l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')]
if arch in ('X86_64', 'X86_32'):
l += [CmdlineCheck('self_protection', 'clipos', 'iommu', 'force')]
if arch in ('X86_64', 'X86_32'):
l += [CmdlineCheck('self_protection', 'clipos', 'iommu', 'force')]