revert config changes#131
Conversation
There was a problem hiding this comment.
Pull request overview
Reverts and re-syncs the checked-in x86_64 HCL kernel configuration after prior Secure AVIC-related work, updating the generated .config contents.
Changes:
- Updates recorded toolchain version metadata and compiler capability flags in
hcl-x64.config. - Adjusts x86 mitigation/config symbol set (e.g., call thunks, mitigation options) consistent with a regenerated config.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| CONFIG_CC_VERSION_TEXT="gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0" | ||
| CONFIG_CC_IS_GCC=y | ||
| CONFIG_GCC_VERSION=90400 | ||
| CONFIG_GCC_VERSION=130300 | ||
| CONFIG_CLANG_VERSION=0 | ||
| CONFIG_AS_IS_GNU=y | ||
| CONFIG_AS_VERSION=23400 | ||
| CONFIG_AS_VERSION=24200 | ||
| CONFIG_LD_IS_BFD=y | ||
| CONFIG_LD_VERSION=23400 | ||
| CONFIG_LD_VERSION=24200 | ||
| CONFIG_LLD_VERSION=0 | ||
| CONFIG_RUSTC_VERSION=109500 | ||
| CONFIG_RUSTC_LLVM_VERSION=220102 | ||
| CONFIG_RUSTC_VERSION=109101 | ||
| CONFIG_RUSTC_LLVM_VERSION=210102 | ||
| CONFIG_CC_CAN_LINK=y | ||
| CONFIG_GCC_ASM_GOTO_OUTPUT_BROKEN=y | ||
| CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y | ||
| CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y | ||
| CONFIG_TOOLS_SUPPORT_RELR=y | ||
| CONFIG_CC_HAS_ASM_INLINE=y | ||
| CONFIG_CC_HAS_ASSUME=y | ||
| CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y |
There was a problem hiding this comment.
The PR description says these are a revert of unnecessary Secure AVIC-related config changes, but this hunk updates the recorded toolchain versions (GCC/binutils/Rust) and several auto-detected compiler feature symbols. That looks like the config was regenerated under a different build environment, which will introduce unrelated churn and makes it hard to verify the intended revert. Consider narrowing the change to only the AVIC-related symbols (or update the PR description to reflect a full olddefconfig regeneration with a new toolchain).
| CONFIG_CALL_PADDING=y | ||
| CONFIG_HAVE_CALL_THUNKS=y | ||
| CONFIG_CALL_THUNKS=y | ||
| CONFIG_PREFIX_SYMBOLS=y | ||
| CONFIG_CPU_MITIGATIONS=y | ||
| # CONFIG_MITIGATION_PAGE_TABLE_ISOLATION is not set | ||
| CONFIG_MITIGATION_RETPOLINE=y | ||
| # CONFIG_MITIGATION_RETHUNK is not set | ||
| # CONFIG_MITIGATION_UNRET_ENTRY is not set | ||
| # CONFIG_MITIGATION_CALL_DEPTH_TRACKING is not set | ||
| # CONFIG_CALL_THUNKS_DEBUG is not set | ||
| CONFIG_MITIGATION_IBPB_ENTRY=y | ||
| CONFIG_MITIGATION_IBRS_ENTRY=y | ||
| # CONFIG_MITIGATION_SRSO is not set | ||
| # CONFIG_MITIGATION_SLS is not set |
There was a problem hiding this comment.
This hunk newly enables call thunks/prefix symbol handling and adds additional mitigation-related config entries. Those are behavior/performance relevant changes and don’t look like a pure revert of Secure AVIC-related config. If the goal is to revert config changes, please confirm these are expected (e.g., coming from a deliberate kernel/toolchain re-sync) or revert them to the previous settings to avoid unintended mitigation/perf changes.
namancse
left a comment
namancse
left a comment
There was a problem hiding this comment.
This change is supposed to revert the config to what we have already tested. Secure AVIC change did not need any config changes (already merged in CVM config, as per Tianyu).
These config changes are unnecessary and were introduced as part of the Secure AVIC changes.