From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 4 Feb 2023 13:22:42 +0000 (+0300)
Subject: Add the NOUVEAU_LEGACY_CTX_SUPPORT check
X-Git-Tag: v0.6.6~248
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=09f4b05bdf49cf79bd8bc79fd094d784dc043f0a;p=kconfig-hardened-check.git

Add the NOUVEAU_LEGACY_CTX_SUPPORT check

See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7

Dave Airlie:
There was a nouveau DDX that relied on legacy context ioctls to work,
but we fixed it years ago, give distros that have a modern DDX the
option to break the uAPI and close the mess of holes that legacy
context support is.
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 973f0a7..90a7daf 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -635,6 +635,8 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('cut_attack_surface', 'maintainer', 'VT', 'is not set')] # recommended by Daniel Vetter in /issues/38
     l += [KconfigCheck('cut_attack_surface', 'maintainer', 'BLK_DEV_FD', 'is not set')] # recommended by Denis Efremov in /pull/54
     l += [KconfigCheck('cut_attack_surface', 'maintainer', 'BLK_DEV_FD_RAWCMD', 'is not set')] # recommended by Denis Efremov in /pull/62
+    l += [KconfigCheck('cut_attack_surface', 'maintainer', 'NOUVEAU_LEGACY_CTX_SUPPORT', 'is not set')]
+                                            # recommended by Dave Airlie in kernel commit b30a43ac7132cdda
 
     # 'cut_attack_surface', 'clipos'
     l += [KconfigCheck('cut_attack_surface', 'clipos', 'STAGING', 'is not set')]