revert config changes#132
Conversation
There was a problem hiding this comment.
Pull request overview
This PR aims to revert kernel configuration churn that was introduced alongside the Secure AVIC work by adjusting the committed x64 HCL kernel config.
Changes:
- Updates
Microsoft/hcl-x64.configcontents (toolchain metadata + multiple Kconfig symbol additions/removals). - Removes/adjusts several x86 mitigation- and feature-related config symbols.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| CONFIG_CC_VERSION_TEXT="gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0" | ||
| CONFIG_CC_IS_GCC=y | ||
| CONFIG_GCC_VERSION=90400 | ||
| CONFIG_GCC_VERSION=130300 | ||
| CONFIG_CLANG_VERSION=0 | ||
| CONFIG_AS_IS_GNU=y | ||
| CONFIG_AS_VERSION=23400 | ||
| CONFIG_AS_VERSION=24200 | ||
| CONFIG_LD_IS_BFD=y | ||
| CONFIG_LD_VERSION=23400 | ||
| CONFIG_LD_VERSION=24200 | ||
| CONFIG_LLD_VERSION=0 | ||
| CONFIG_RUSTC_VERSION=109500 | ||
| CONFIG_RUSTC_LLVM_VERSION=220102 | ||
| CONFIG_RUSTC_VERSION=109101 | ||
| CONFIG_RUSTC_LLVM_VERSION=210102 | ||
| CONFIG_CC_CAN_LINK=y | ||
| CONFIG_GCC_ASM_GOTO_OUTPUT_BROKEN=y | ||
| CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y | ||
| CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y | ||
| CONFIG_TOOLS_SUPPORT_RELR=y |
There was a problem hiding this comment.
PR description says this change is reverting unnecessary Secure AVIC config churn, but this hunk also updates the recorded toolchain (gcc/binutils/rustc versions) and adds/removes several compiler capability symbols. If the intent is a pure revert, consider regenerating the config using the project’s standard build path (e.g., the same container/Ubuntu version CI uses) to avoid unrelated toolchain-driven diffs, or clarify in the PR description why the toolchain metadata update is expected.
| # CONFIG_KPROBES is not set | ||
| CONFIG_JUMP_LABEL=y | ||
| # CONFIG_STATIC_KEYS_SELFTEST is not set | ||
| # CONFIG_STATIC_CALL_SELFTEST is not set | ||
| CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y | ||
| CONFIG_ARCH_USE_BUILTIN_BSWAP=y | ||
| CONFIG_USER_RETURN_NOTIFIER=y | ||
| CONFIG_HAVE_IOREMAP_PROT=y |
There was a problem hiding this comment.
CONFIG_MSHV_VTL=y later in this config selects USER_RETURN_NOTIFIER on x86, and mshv_vtl_main.c unconditionally calls user_return_notifier_register()/unregister(). Dropping CONFIG_USER_RETURN_NOTIFIER from the config can therefore produce a non-buildable or inconsistent configuration. Please regenerate the config with olddefconfig (so selects are materialized) or explicitly keep USER_RETURN_NOTIFIER enabled when MSHV_VTL is enabled.
| CONFIG_X86_DISABLED_FEATURE_CYRIX_ARR=y | ||
| CONFIG_X86_DISABLED_FEATURE_CENTAUR_MCR=y | ||
| CONFIG_X86_DISABLED_FEATURE_PKU=y | ||
| CONFIG_X86_DISABLED_FEATURE_OSPKE=y | ||
| CONFIG_X86_DISABLED_FEATURE_PTI=y |
There was a problem hiding this comment.
This config has MITIGATION_RETHUNK/UNRET_ENTRY/CALL_DEPTH_TRACKING disabled above, but the corresponding auto-derived symbols (X86_DISABLED_FEATURE_RETHUNK/UNRET/CALL_DEPTH) are missing from the disabled-feature block. In this tree those symbols are def_bool y when the mitigations are disabled (arch/x86/Kconfig.cpufeatures), so the resulting .config appears inconsistent with Kconfig and will likely be rewritten by olddefconfig (or change CPU feature masking). Please regenerate with olddefconfig so derived symbols match the current Kconfig.
namancse
left a comment
namancse
left a comment
There was a problem hiding this comment.
This change is supposed to revert the config to what we have already tested. Secure AVIC change did not need any config changes (already merged in CVM config, as per Tianyu). I also don't see any secure AVIC changes in this revert.
These config changes are unnecessary and were introduced as part of the Secure AVIC changes.