Use 3 numbers in the VersionCheck constructor

Refers to #88, #89, #97

kernel_hardening_checker/checks.py

@@ -52,7 +52,7 @@ def add_kconfig_checks(l, arch):
              KconfigCheck('self_protection', 'defconfig', 'DEBUG_SET_MODULE_RONX', 'y'),
              modules_not_set)] # DEBUG_SET_MODULE_RONX was before v4.11
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'REFCOUNT_FULL', 'y'),
-             VersionCheck((5, 5)))] # REFCOUNT_FULL is enabled by default since v5.5
+             VersionCheck((5, 5, 0)))] # REFCOUNT_FULL is enabled by default since v5.5
     l += [OR(KconfigCheck('self_protection', 'defconfig', 'INIT_STACK_ALL_ZERO', 'y'),
              KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y'))]
     if arch in ('X86_64', 'ARM64', 'X86_32'):
@@ -73,12 +73,12 @@ def add_kconfig_checks(l, arch):
         l += [microcode_is_set] # is needed for mitigating CPU bugs
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'MICROCODE_INTEL', 'y'),
                  AND(microcode_is_set,
-                     VersionCheck((6, 6))))] # MICROCODE_INTEL was included in MICROCODE since v6.6
+                     VersionCheck((6, 6, 0))))] # MICROCODE_INTEL was included in MICROCODE since v6.6
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'MICROCODE_AMD', 'y'),
                  AND(microcode_is_set,
-                     VersionCheck((6, 6))))] # MICROCODE_AMD was included in MICROCODE since v6.6
+                     VersionCheck((6, 6, 0))))] # MICROCODE_AMD was included in MICROCODE since v6.6
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),
-                 VersionCheck((5, 19)))] # X86_SMAP is enabled by default since v5.19
+                 VersionCheck((5, 19, 0)))] # X86_SMAP is enabled by default since v5.19
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_UMIP', 'y'),
                  KconfigCheck('self_protection', 'defconfig', 'X86_INTEL_UMIP', 'y'))]
     if arch in ('ARM64', 'ARM'):
@@ -108,9 +108,9 @@ def add_kconfig_checks(l, arch):
         l += [KconfigCheck('self_protection', 'defconfig', 'RANDOMIZE_MODULE_REGION_FULL', 'y')]
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y'),
                  AND(KconfigCheck('self_protection', 'defconfig', 'RANDOMIZE_BASE', 'y'),
-                     VersionCheck((5, 9))))] # HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9
+                     VersionCheck((5, 9, 0))))] # HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y'),
-                 VersionCheck((5, 10)))] # HARDEN_BRANCH_PREDICTOR is enabled by default since v5.10
+                 VersionCheck((5, 10, 0)))] # HARDEN_BRANCH_PREDICTOR is enabled by default since v5.10
     if arch == 'ARM':
         l += [KconfigCheck('self_protection', 'defconfig', 'CPU_SW_DOMAIN_PAN', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y')]

kernel_hardening_checker/engine.py

@@ -129,7 +129,7 @@ def type(self):
 
 class VersionCheck:
     def __init__(self, ver_expected):
-        assert(ver_expected and isinstance(ver_expected, tuple) and len(ver_expected) == 2), \
+        assert(ver_expected and isinstance(ver_expected, tuple) and len(ver_expected) == 3), \
                f'invalid version "{ver_expected}" for VersionCheck'
         self.ver_expected = ver_expected
         self.ver = ()

kernel_hardening_checker/test_engine.py

@@ -370,21 +370,21 @@ def test_version(self):
         # 1. prepare the checklist
         config_checklist = []
         config_checklist += [OR(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'),
-                                VersionCheck((41, 101)))]
+                                VersionCheck((41, 101, 0)))]
         config_checklist += [AND(KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2'),
-                                VersionCheck((44, 1)))]
+                                VersionCheck((44, 1, 0)))]
         config_checklist += [AND(KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3'),
-                                VersionCheck((42, 44)))]
+                                VersionCheck((42, 44, 0)))]
         config_checklist += [OR(KconfigCheck('reason_4', 'decision_4', 'NAME_4', 'expected_4'),
-                                VersionCheck((42, 43)))]
+                                VersionCheck((42, 43, 0)))]
 
         # 2. prepare the parsed kconfig options
         parsed_kconfig_options = OrderedDict()
         parsed_kconfig_options['CONFIG_NAME_2'] = 'expected_2'
         parsed_kconfig_options['CONFIG_NAME_3'] = 'expected_3'
 
         # 3. prepare the kernel version
-        kernel_version = (42, 43)
+        kernel_version = (42, 43, 0)
 
         # 4. run the engine
         self.run_engine(config_checklist, parsed_kconfig_options, None, None, kernel_version)