From 23538f7a67091042619f5b041381f138754183f5 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 22 Jan 2023 01:52:33 +0300
Subject: [PATCH] Add the check for the 'kvm.nx_huge_pages' cmdline parameter

---
 kconfig_hardened_check/__init__.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index e5fd0ff..4daf671 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -739,6 +739,8 @@ def add_cmdline_checks(l, arch):
              CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not set'))]
     l += [OR(CmdlineCheck('self_protection', 'defconfig', 'kpti', 'is not off'),
              CmdlineCheck('self_protection', 'defconfig', 'kpti', 'is not set'))]
+    l += [OR(CmdlineCheck('self_protection', 'defconfig', 'kvm.nx_huge_pages', 'is not off'),
+             CmdlineCheck('self_protection', 'defconfig', 'kvm.nx_huge_pages', 'is not set'))]
     if arch == 'ARM64':
         l += [OR(CmdlineCheck('self_protection', 'defconfig', 'ssbd', 'kernel'),
                  CmdlineCheck('self_protection', 'my', 'ssbd', 'force-on'),
-- 
2.31.1