From 09f4b05bdf49cf79bd8bc79fd094d784dc043f0a Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Sat, 4 Feb 2023 16:22:42 +0300 Subject: [PATCH] Add the NOUVEAU_LEGACY_CTX_SUPPORT check See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7 Dave Airlie: There was a nouveau DDX that relied on legacy context ioctls to work, but we fixed it years ago, give distros that have a modern DDX the option to break the uAPI and close the mess of holes that legacy context support is. --- kconfig_hardened_check/__init__.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 973f0a7..90a7daf 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -635,6 +635,8 @@ def add_kconfig_checks(l, arch): l += [KconfigCheck('cut_attack_surface', 'maintainer', 'VT', 'is not set')] # recommended by Daniel Vetter in /issues/38 l += [KconfigCheck('cut_attack_surface', 'maintainer', 'BLK_DEV_FD', 'is not set')] # recommended by Denis Efremov in /pull/54 l += [KconfigCheck('cut_attack_surface', 'maintainer', 'BLK_DEV_FD_RAWCMD', 'is not set')] # recommended by Denis Efremov in /pull/62 + l += [KconfigCheck('cut_attack_surface', 'maintainer', 'NOUVEAU_LEGACY_CTX_SUPPORT', 'is not set')] + # recommended by Dave Airlie in kernel commit b30a43ac7132cdda # 'cut_attack_surface', 'clipos' l += [KconfigCheck('cut_attack_surface', 'clipos', 'STAGING', 'is not set')] -- 2.31.1