+ # 'harden_userspace'
+ l += [CmdlineCheck('harden_userspace', 'defconfig', 'norandmaps', 'is not set')]
+
+
+no_kstrtobool_options = [
+ 'debugfs', # See debugfs_kernel() in fs/debugfs/inode.c
+ 'mitigations', # See mitigations_parse_cmdline() in kernel/cpu.c
+ 'pti', # See pti_check_boottime_disable() in arch/x86/mm/pti.c
+ 'spectre_v2', # See spectre_v2_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'spectre_v2_user', # See spectre_v2_parse_user_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'spec_store_bypass_disable', # See ssb_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'l1tf', # See l1tf_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'mds', # See mds_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'tsx_async_abort', # See tsx_async_abort_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'srbds', # See srbds_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'mmio_stale_data', # See mmio_stale_data_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'retbleed', # See retbleed_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
+ 'rodata', # See set_debug_rodata() in init/main.c
+ 'ssbd', # See parse_spectre_v4_param() in arch/arm64/kernel/proton-pack.c
+ 'slub_debug', # See setup_slub_debug() in mm/slub.c
+ 'iommu', # See iommu_setup() in arch/x86/kernel/pci-dma.c
+ 'vsyscall', # See vsyscall_setup() in arch/x86/entry/vsyscall/vsyscall_64.c
+ 'vdso32', # See vdso32_setup() in arch/x86/entry/vdso/vdso32-setup.c
+ 'vdso', # See vdso32_setup() in arch/x86/entry/vdso/vdso32-setup.c
+ 'tsx' # See tsx_init() in arch/x86/kernel/cpu/tsx.c
+]
+