Add the check for the 'kvm.nx_huge_pages' cmdline parameter

author Alexander Popov <alex.popov@linux.com>

Sat, 21 Jan 2023 22:52:33 +0000 (01:52 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 21 Jan 2023 22:52:33 +0000 (01:52 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 21 Jan 2023 22:52:33 +0000 (01:52 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 21 Jan 2023 22:52:33 +0000 (01:52 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index e5fd0ff3250b210e90823677718021bc3e67ffcb..4daf6717307d23d0ff9e175d664bd44daa7ffc03 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -739,6 +739,8 @@ def add_cmdline_checks(l, arch):
               CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not set'))]
      l += [OR(CmdlineCheck('self_protection', 'defconfig', 'kpti', 'is not off'),
               CmdlineCheck('self_protection', 'defconfig', 'kpti', 'is not set'))]
+    l += [OR(CmdlineCheck('self_protection', 'defconfig', 'kvm.nx_huge_pages', 'is not off'),
+             CmdlineCheck('self_protection', 'defconfig', 'kvm.nx_huge_pages', 'is not set'))]
      if arch == 'ARM64':
          l += [OR(CmdlineCheck('self_protection', 'defconfig', 'ssbd', 'kernel'),
                   CmdlineCheck('self_protection', 'my', 'ssbd', 'force-on'),
author	Alexander Popov <alex.popov@linux.com>
	Sat, 21 Jan 2023 22:52:33 +0000 (01:52 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 21 Jan 2023 22:52:33 +0000 (01:52 +0300)