Add the spectre_v2_user check

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 837a3629f0aa4a4debac98db48c91dbd2ff332da..0467a1498f90e96443ea319a3b5352320eb254cf 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -736,6 +736,8 @@ def add_cmdline_checks(l, arch):
              CmdlineCheck('self_protection', 'defconfig', 'mitigations', 'is not set'))]
     l += [OR(CmdlineCheck('self_protection', 'defconfig', 'spectre_v2', 'is not off'),
              CmdlineCheck('self_protection', 'defconfig', 'spectre_v2', 'is not set'))]
+    l += [OR(CmdlineCheck('self_protection', 'defconfig', 'spectre_v2_user', 'is not off'),
+             CmdlineCheck('self_protection', 'defconfig', 'spectre_v2_user', 'is not set'))]
     l += [OR(CmdlineCheck('self_protection', 'defconfig', 'spec_store_bypass_disable', 'is not off'),
              CmdlineCheck('self_protection', 'defconfig', 'spec_store_bypass_disable', 'is not set'))]
     if arch == 'ARM64':
@@ -952,6 +954,9 @@ def normalize_cmdline_options(option, value):
     if option == 'spectre_v2':
         # See spectre_v2_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
         return value
+    if option == 'spectre_v2_user':
+        # See spectre_v2_parse_user_cmdline() in arch/x86/kernel/cpu/bugs.c
+        return value
     if option == 'spec_store_bypass_disable':
         # See ssb_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
         return value