Change the reason for the 'nosmep' and 'nosmap' checks

author Alexander Popov <alex.popov@linux.com>

Sun, 2 Oct 2022 11:04:10 +0000 (14:04 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 2 Oct 2022 11:04:10 +0000 (14:04 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 2 Oct 2022 11:04:10 +0000 (14:04 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 2 Oct 2022 11:04:10 +0000 (14:04 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 87fefd15f7b14e6b4d585d04c47f72ce487398cb..859a5082dcf1cc153386584e7dcaae1adb06e71e 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -698,6 +698,8 @@ def add_cmdline_checks(l, arch):
      # very complex and not give a 100% guarantee anyway.
  
      # 'self_protection', 'defconfig'
+    l += [CmdlineCheck('self_protection', 'defconfig', 'nosmep', 'is not set')]
+    l += [CmdlineCheck('self_protection', 'defconfig', 'nosmap', 'is not set')]
      l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v1', 'is not set')]
      if arch == 'ARM64':
          l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
@@ -745,9 +747,6 @@ def add_cmdline_checks(l, arch):
      # 'self_protection', 'clipos'
      l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')]
  
-    # 'self_protection', 'my'
-    l += [CmdlineCheck('self_protection', 'my', 'nosmep', 'is not set')]
-    l += [CmdlineCheck('self_protection', 'my', 'nosmap', 'is not set')]
  
      # 'cut_attack_surface', 'kspp'
      if arch == 'X86_64':
author	Alexander Popov <alex.popov@linux.com>
	Sun, 2 Oct 2022 11:04:10 +0000 (14:04 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 2 Oct 2022 11:04:10 +0000 (14:04 +0300)