From 56928f27dfcefe8688a2ab563e48b4f2e3564d0d Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Thu, 17 Nov 2022 17:19:21 +0300
Subject: [PATCH] Add the spectre_v2_user check

---
 kconfig_hardened_check/__init__.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 837a362..0467a14 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -736,6 +736,8 @@ def add_cmdline_checks(l, arch):
              CmdlineCheck('self_protection', 'defconfig', 'mitigations', 'is not set'))]
     l += [OR(CmdlineCheck('self_protection', 'defconfig', 'spectre_v2', 'is not off'),
              CmdlineCheck('self_protection', 'defconfig', 'spectre_v2', 'is not set'))]
+    l += [OR(CmdlineCheck('self_protection', 'defconfig', 'spectre_v2_user', 'is not off'),
+             CmdlineCheck('self_protection', 'defconfig', 'spectre_v2_user', 'is not set'))]
     l += [OR(CmdlineCheck('self_protection', 'defconfig', 'spec_store_bypass_disable', 'is not off'),
              CmdlineCheck('self_protection', 'defconfig', 'spec_store_bypass_disable', 'is not set'))]
     if arch == 'ARM64':
@@ -952,6 +954,9 @@ def normalize_cmdline_options(option, value):
     if option == 'spectre_v2':
         # See spectre_v2_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
         return value
+    if option == 'spectre_v2_user':
+        # See spectre_v2_parse_user_cmdline() in arch/x86/kernel/cpu/bugs.c
+        return value
     if option == 'spec_store_bypass_disable':
         # See ssb_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
         return value
-- 
2.31.1