Improve the slab_common.usercopy_fallback check

Don't require slab_common.usercopy_fallback=0, since HARDENED_USERCOPY_FALLBACK was removed in Linux v5.16

Improve the slab_common.usercopy_fallback check
Don't require slab_common.usercopy_fallback=0, since HARDENED_USERCOPY_FALLBACK was removed in Linux v5.16
547f6070 · Alexander Popov · 528b57c6 · 547f6070
Commit 547f6070 authored Oct 17, 2023 by Alexander Popov
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

checks.py kernel_hardening_checker/checks.py +4 -4

No files found.
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -478,10 +478,10 @@ def add_cmdline_checks(l, arch):
    l += [OR(CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', '1'),
             AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y'),
                 CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', 'is not set')))]
-    l += [OR(CmdlineCheck('self_protection', 'kspp', 'slab_common.usercopy_fallback', '0'),
+    l += [AND(CmdlineCheck('self_protection', 'kspp', 'slab_common.usercopy_fallback', 'is not set'),
-             AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'),
+              KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'))]
-                 CmdlineCheck('self_protection', 'kspp', 'slab_common.usercopy_fallback', 'is not set')))]
+              # don't require slab_common.usercopy_fallback=0,
-    # ... the end
+              # since HARDENED_USERCOPY_FALLBACK was removed in Linux v5.16
    if arch in ('X86_64', 'ARM64', 'X86_32'):
        l += [OR(CmdlineCheck('self_protection', 'kspp', 'iommu.strict', '1'),
                 AND(KconfigCheck('self_protection', 'kspp', 'IOMMU_DEFAULT_DMA_STRICT', 'y'),