From ae3c09f81b28532fbaf63cf7cff0049c42a1f5ab Mon Sep 17 00:00:00 2001 From: Rachel Menge Date: Tue, 30 Jun 2026 12:49:14 -0700 Subject: [PATCH 1/2] feat(kernel-config-checker): import and adapt checker for AZL 4.0 Import the AZL4 kernel config checker and align CI/workflow integration: - add checker tooling and policy schema/data - harden and update the workflow path/runtime (Python 3.14) - move checker assets under scripts/ci/kernel/kernel-config-checker - refresh README examples/structure and remove stale feature claims --- .github/workflows/check-kernel-configs.yml | 162 + .../ci/kernel/kernel-config-checker/README.md | 199 ++ .../kernel_config_checker/__init__.py | 2 + .../kernel_config_checker/add_config.py | 176 + .../kernel_config_checker/check_config.py | 243 ++ .../azl4-os-required-kernel-configs.json | 2971 +++++++++++++++++ .../kernel_config_checker/schema/__init__.py | 2 + .../schema/print_schema.py | 21 + .../kernel_config_checker/schema/schema.py | 87 + .../kernel-config-checker/requirements.txt | 1 + 10 files changed, 3864 insertions(+) create mode 100644 .github/workflows/check-kernel-configs.yml create mode 100644 scripts/ci/kernel/kernel-config-checker/README.md create mode 100644 scripts/ci/kernel/kernel-config-checker/kernel_config_checker/__init__.py create mode 100644 scripts/ci/kernel/kernel-config-checker/kernel_config_checker/add_config.py create mode 100644 scripts/ci/kernel/kernel-config-checker/kernel_config_checker/check_config.py create mode 100644 scripts/ci/kernel/kernel-config-checker/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json create mode 100644 scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/__init__.py create mode 100644 scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/print_schema.py create mode 100644 scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/schema.py create mode 100644 scripts/ci/kernel/kernel-config-checker/requirements.txt diff --git a/.github/workflows/check-kernel-configs.yml b/.github/workflows/check-kernel-configs.yml new file mode 100644 index 00000000000..d2611210d28 --- /dev/null +++ b/.github/workflows/check-kernel-configs.yml @@ -0,0 +1,162 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# This action checks that required kernel configs have not been removed or +# modified to an undesirable value. +name: Kernel Required Configs Check + +on: + push: + branches: [ 4.0 ] + paths: + - 'base/comps/kernel*/*config*' + pull_request: + branches: [ 4.0 ] + paths: + - 'base/comps/kernel*/*config*' + +# Cancel in-progress runs of this workflow if a new run is triggered. +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: {} + +jobs: + check: + name: Kernel configs check + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - name: Workflow trigger checkout + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + with: + persist-credentials: false + # Need history so git diff-tree can resolve the base/before commit. + fetch-depth: 0 + + - name: Get base commit for PRs + if: ${{ github.event_name == 'pull_request' }} + env: + BASE_REF: ${{ github.base_ref }} + HEAD_SHA: ${{ github.sha }} + run: | + set -euo pipefail + git fetch origin "$BASE_REF" + base_sha=$(git rev-parse "origin/$BASE_REF") + echo "base_sha=$base_sha" >> "$GITHUB_ENV" + echo "Merging $HEAD_SHA into $BASE_REF" + + - name: Get base commit for Pushes + if: ${{ github.event_name == 'push' }} + env: + BEFORE_SHA: ${{ github.event.before }} + HEAD_SHA: ${{ github.sha }} + DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} + run: | + set -euo pipefail + # `github.event.before` is 0000...0000 on the first push of a new + # branch, and may point at a commit no longer reachable after a + # force-push. In either case, fall back to merge-base against the + # repo default branch so we still get a sensible diff window. + zero_sha="0000000000000000000000000000000000000000" + base_sha="" + if [ -n "$BEFORE_SHA" ] && [ "$BEFORE_SHA" != "$zero_sha" ]; then + if git fetch --quiet origin "$BEFORE_SHA" 2>/dev/null \ + && git rev-parse --quiet --verify "$BEFORE_SHA^{commit}" >/dev/null; then + base_sha="$BEFORE_SHA" + else + echo "before-sha $BEFORE_SHA is not reachable (likely force-push); falling back to default branch" + fi + else + echo "no before-sha (first push of branch); falling back to default branch" + fi + if [ -z "$base_sha" ]; then + git fetch --quiet origin "$DEFAULT_BRANCH" + base_sha=$(git merge-base "origin/$DEFAULT_BRANCH" "$HEAD_SHA") + fi + echo "base_sha=$base_sha" >> "$GITHUB_ENV" + echo "Merging $HEAD_SHA into $base_sha" + + # For consistency, we use the same major/minor version of Python that Azure Linux ships. + - name: Setup Python 3.14 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + with: + python-version: '3.14' + + - name: Get Python dependencies + run: python3 -m pip install -r scripts/ci/kernel/kernel-config-checker/requirements.txt + + - name: Check if config files changed + env: + BASE_SHA: ${{ env.base_sha }} + HEAD_SHA: ${{ github.sha }} + run: | + set -euo pipefail + echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r "$BASE_SHA" "$HEAD_SHA")'" + changed_configs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r "$BASE_SHA" "$HEAD_SHA" | { grep "base/comps/kernel.*/.*config.*$" || test $? = 1; }) + echo "Files to validate: '${changed_configs}'" + { + echo "updated_configs<> "$GITHUB_ENV" + + - name: Run kernel config checking script + if: ${{ env.updated_configs != '' }} + env: + UPDATED_CONFIGS: ${{ env.updated_configs }} + run: | + set -euo pipefail + JSON_PATH="scripts/ci/kernel/kernel-config-checker/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json" + + # Extract kernel names that have overrides in the JSON (these are the kernels we track). + tracked_kernels=$(python3 -c " + import json + with open('${JSON_PATH}') as f: + data = json.load(f) + for o in data['overrides']: + print(o['name']) + ") + echo "Tracked kernels: ${tracked_kernels}" + + failed=0 + while IFS= read -r file; do + [ -z "$file" ] && continue + + # Extract kernel name from path (e.g., base/comps/kernel/6.18-x86_64-azl.config -> kernel). + kernel_name=$(echo "$file" | sed 's|base/comps/\([^/]*\)/.*|\1|') + + if ! echo "${tracked_kernels}" | grep -qx "${kernel_name}"; then + echo "============================================" + echo "Skipping: ${file} (kernel=${kernel_name} not tracked in JSON)" + echo "============================================" + continue + fi + + # Determine architecture from filename. + if [[ "$file" == *"aarch64"* ]]; then + arch="arm64" + else + arch="x86_64" + fi + + echo "============================================" + echo "Checking: ${file} (kernel=${kernel_name}, arch=${arch})" + echo "============================================" + + if ! (cd scripts/ci/kernel/kernel-config-checker && python3 -m kernel_config_checker.check_config \ + "../../../../${file}" \ + kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json \ + "${kernel_name}" "${arch}"); then + failed=1 + fi + done <<< "$UPDATED_CONFIGS" + + if [ "$failed" -eq 1 ]; then + echo "" + echo "✗ One or more kernel config checks failed" + exit 1 + fi diff --git a/scripts/ci/kernel/kernel-config-checker/README.md b/scripts/ci/kernel/kernel-config-checker/README.md new file mode 100644 index 00000000000..669e03e53ed --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/README.md @@ -0,0 +1,199 @@ +# Kernel Config Checker + +A robust kernel configuration validation system using Pydantic v2 schemas. Supports default configurations and per-kernel overrides with architecture-specific settings. + +## Features + +- **Schema-based validation** - Uses Pydantic v2 for robust config validation +- **Multi-architecture support** - Handles x86_64 and arm64 architectures +- **Flexible overrides** - Default configs with per-kernel overrides +- **Interactive config management** - Add new configs with guided prompts +- **Config querying** - Check config values across all kernels/architectures + +## Installation + +From the repo root, install the Python dependencies: + +```bash +pip install -r scripts/ci/kernel/kernel-config-checker/requirements.txt +``` + +All commands below should be run from `scripts/ci/kernel/kernel-config-checker/`: + +```bash +cd scripts/ci/kernel/kernel-config-checker +``` + +## Usage + +### Check Kernel Config + +Validate a `.config` file against intentional configurations: + +```bash +python -m kernel_config_checker.check_config /path/to/.config kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json kernel-name architecture +``` + +Example: + +```bash +python -m kernel_config_checker.check_config kernel.config kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json kernel x86_64 +``` + +### Add New Config + +Interactively add a new kernel configuration: + +```bash +python -m kernel_config_checker.check_config --add-config kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json +``` + +Features: + +- Add to default or override sections +- Support for single or multiple architectures +- Leave architectures blank to omit them from JSON +- Create new override sections or use existing ones + +### Query Config Values + +Check a config value across all architectures and kernels: + +```bash +python -m kernel_config_checker.check_config --check-all kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json CONFIG_NAME +``` + +Example: + +```bash +python -m kernel_config_checker.check_config --check-all kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json CONFIG_DRM +``` + +## Configuration Schema + +The system uses a structured JSON schema with default and override sections: + +```json +{ + "default": { + "name": "default", + "kernel_configs": [ + { + "name": "CONFIG_EXAMPLE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Explanation for this config" + } + ] + }, + "overrides": [ + { + "name": "kernel-hwe", + "kernel_configs": [ + { + "name": "CONFIG_DRM", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "amdgpu - https://github.com/microsoft/azurelinux/pull/10612" + } + ] + } + ] +} +``` + +### Architecture Support + +- Configs can specify values for `x86_64`, `arm64`, or both +- When adding configs, leaving an architecture blank omits it from the JSON +- At least one architecture must be specified + +### Value Types + +- `y` - Built into kernel +- `m` - Built as module +- `n` - Disabled ("is not set" or missing) +- Custom values supported for specific configs + +## Project Structure + +```text +scripts/ci/kernel/kernel-config-checker/ +├── kernel_config_checker/ +│ ├── schema/ +│ │ ├── __init__.py # Package init +│ │ ├── schema.py # Pydantic schema definitions +│ │ └── print_schema.py # Schema utility +│ ├── kernel_configs_json/ +│ │ └── azl4-os-required-kernel-configs.json # Main config file +│ ├── __init__.py # Package init +│ ├── add_config.py # Interactive config adder +│ └── check_config.py # Main checker and utilities +├── requirements.txt # Python dependencies +└── README.md # This file +``` + +## Examples + +### Adding a Config for Single Architecture + +```bash +$ python -m kernel_config_checker.check_config --add-config test.json +Adding new kernel configuration... +Enter config name (e.g., CONFIG_EXAMPLE): CONFIG_X86_ONLY +Enter values for each architecture (y/n/m or specific value, leave blank to skip): +x86_64 value: y +arm64 value: +Enter justification: Only needed on x86_64 +Add to [d]efault or [o]verride? [d]: d +✓ Added CONFIG_X86_ONLY to default section +``` + +Results in: + +```json +{ + "name": "CONFIG_X86_ONLY", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Only needed on x86_64" +} +``` + +### Querying Config Values + +```bash +$ python -m kernel_config_checker.check_config --check-all kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json CONFIG_DRM +Config: CONFIG_DRM + arm64: default=m, kernel-hwe=y + x86_64: default=m + ⚠️ Conflicts in: arm64 + Reason: amdgpu - https://github.com/microsoft/azurelinux/pull/10612 +``` + +## Contributing + +1. Ensure all configs have proper justifications +2. Test schema validation after changes +3. Use the add-config command for consistency +4. Validate configs against actual kernel .config files + +## License + +This project follows the same licensing as the Azure Linux project. diff --git a/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/__init__.py b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/__init__.py new file mode 100644 index 00000000000..59e481eb93d --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/__init__.py @@ -0,0 +1,2 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. diff --git a/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/add_config.py b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/add_config.py new file mode 100644 index 00000000000..e1d0cfe87e6 --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/add_config.py @@ -0,0 +1,176 @@ +#!/usr/bin/env python3 +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +"""Interactively add a new kernel configuration to the JSON file.""" + +from __future__ import annotations + +import argparse +import json +import sys +from pathlib import Path + +from kernel_config_checker.schema.schema import ( + IntentionalKernelConfigSchema, + save_schema, +) + + +def _select_override(data: dict) -> str: + """Prompt user to select or create an override section.""" + overrides = data.get("overrides", []) + if not overrides: + print("No override sections found. Creating 'kernel' override...") + return "kernel" + + print("\nAvailable override sections:") + for i, override in enumerate(overrides): + name = override.get("name", f"override-{i}") + count = len(override.get("kernel_configs", [])) + print(f" {i + 1}. {name} ({count} configs)") + + if len(overrides) == 1: + name = overrides[0].get("name", "kernel") + print(f"Using: {name}") + return name + + while True: + choice = input(f"\nSelect override (1-{len(overrides)}) or enter new name: ").strip() + if choice.isdigit(): + idx = int(choice) - 1 + if 0 <= idx < len(overrides): + return overrides[idx].get("name", f"override-{idx}") + else: + return choice + + +def _find_existing(configs: list, name: str) -> int | None: + """Return the index of an existing config with the given name, or None.""" + for i, cfg in enumerate(configs): + if cfg.get("name") == name: + return i + return None + + +def _insert_or_replace(configs: list, new_config: dict) -> bool: + """Insert config, prompting to replace if a duplicate exists. + + Returns True if the config was added/replaced, False if the user declined. + """ + idx = _find_existing(configs, new_config["name"]) + if idx is not None: + print(f"⚠ {new_config['name']} already exists in this section.") + choice = input("Replace existing entry? [y/N]: ").strip().lower() + if choice != "y": + print("Aborted.") + return False + configs[idx] = new_config + else: + configs.append(new_config) + return True + + +def _add_config_to_data(data: dict, new_config: dict, override_name: str | None) -> str | None: + """Add a config entry to the data dict. Returns section label or None if aborted.""" + if override_name is None: + if "default" not in data: + data["default"] = { + "name": "default", + "kernel_configs": [], + } + if not _insert_or_replace(data["default"]["kernel_configs"], new_config): + return None + return "default section" + + for override in data.get("overrides", []): + if override.get("name") == override_name: + if not _insert_or_replace(override["kernel_configs"], new_config): + return None + return f"'{override_name}' override section" + + if "overrides" not in data: + data["overrides"] = [] + data["overrides"].append({"name": override_name, "kernel_configs": [new_config]}) + print(f"Created new override section: {override_name}") + return f"'{override_name}' override section" + + +def add_config_interactive(schema_path: Path) -> bool: + """Interactively add a new kernel config to the JSON file. + + Returns True if a config was added/replaced, False if the operation was + aborted or failed validation. Callers should propagate False to the + process exit code so scripted use can detect failure. + """ + print("Adding new kernel configuration...") + + config_name = input("Enter config name (e.g., CONFIG_EXAMPLE): ").strip() + if not config_name.startswith("CONFIG_"): + config_name = "CONFIG_" + config_name + + if config_name == "CONFIG_" or not config_name[len("CONFIG_") :].replace("_", "").isalnum(): + print("❌ Error: Invalid config name. Must be a non-empty alphanumeric symbol like CONFIG_EXAMPLE") + return False + + print("\nEnter values for each architecture (y/n/m or specific value, leave blank to skip):") + x86_64_value = input("x86_64 value: ").strip() + arm64_value = input("arm64 value: ").strip() + + justification = input("\nEnter justification: ").strip() + if not justification: + print("❌ Error: Justification is required for auditability") + return False + + with open(schema_path, encoding="utf-8") as f: + data = json.load(f) + + target = input("\nAdd to [d]efault or [o]verride? [d]: ").strip().lower() + override_name = _select_override(data) if target.startswith("o") else None + + values = [] + if x86_64_value: + values.append({"architecture": "x86_64", "value": x86_64_value}) + if arm64_value: + values.append({"architecture": "arm64", "value": arm64_value}) + + if not values: + print("❌ Error: At least one architecture value must be provided") + return False + + new_config = { + "name": config_name, + "values": values, + "justification": justification, + } + + section_label = _add_config_to_data(data, new_config, override_name) + if section_label is None: + return False + + try: + validated = IntentionalKernelConfigSchema.model_validate(data) + except Exception as e: + print(f"❌ Validation error: {e}") + return False + + save_schema(validated, schema_path) + print(f"✓ Added {config_name} to {section_label}") + print(f"✓ Updated {schema_path}") + return True + + +def main() -> int | None: + parser = argparse.ArgumentParser(description="Interactively add a new kernel config") + parser.add_argument("json_file", help="Path to the intentional config JSON file") + args = parser.parse_args() + + try: + return 0 if add_config_interactive(Path(args.json_file)) else 1 + except Exception as e: + print(f"✗ Error adding config: {e}") + return 1 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/check_config.py b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/check_config.py new file mode 100644 index 00000000000..9709c432499 --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/check_config.py @@ -0,0 +1,243 @@ +#!/usr/bin/env python3 +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +"""Simple kernel config checker script. +Checks a Linux kernel .config file against intentional configuration settings. +""" + +from __future__ import annotations + +import argparse +import sys +from enum import Enum +from pathlib import Path + +from kernel_config_checker.add_config import add_config_interactive +from kernel_config_checker.schema.schema import ( + IntentionalKernelConfigSchema, + KernelConfig, + load_schema, +) + + +def _resolve_value(value) -> str: + """Resolve an enum or string config value to its string representation.""" + return value.value if isinstance(value, Enum) else value + + +def _get_arch_value(kernel_config: KernelConfig, architecture: str) -> str | None: + """Get the resolved value for a specific architecture, or None if not found.""" + for arch_pair in kernel_config.values: + if arch_pair.architecture.value == architecture: + return _resolve_value(arch_pair.value) + return None + + +def _collect_configs(kernel_configs: list[KernelConfig], architecture: str, source: str) -> dict[str, dict]: + """Collect config expectations for a given architecture.""" + configs = {} + for kc in kernel_configs: + value = _get_arch_value(kc, architecture) + if value is not None: + configs[kc.name] = { + "expected": value, + "justification": kc.justification, + "source": source, + } + return configs + + +def parse_kernel_config(config_path: Path) -> dict[str, str]: + """Parse a Linux kernel .config file.""" + config = {} + with open(config_path, encoding="utf-8") as f: + for line in f: + line = line.strip() + if line.startswith("#") and "is not set" in line: + config_name = line.split()[1] + config[config_name] = "n" + elif line and not line.startswith("#") and "=" in line: + key, value = line.split("=", 1) + config[key] = value + return config + + +def check_kernel_config( + actual_config: dict[str, str], + schema: IntentionalKernelConfigSchema, + kernel_name: str, + architecture: str, +) -> bool: + """Check if actual kernel config matches intentional config.""" + print(f"Checking kernel config for: {kernel_name} ({architecture})") + + all_configs = _collect_configs(schema.default.kernel_configs, architecture, "default") + + for override in schema.overrides: + if override.name == kernel_name: + print(f"✓ Found kernel-specific overrides for '{kernel_name}'") + all_configs.update( + _collect_configs( + override.kernel_configs, + architecture, + f"override ({kernel_name})", + ) + ) + break + + print(f"✓ Checking {len(all_configs)} configurations (default + overrides)") + + errors = [] + for config_name, config_info in all_configs.items(): + expected_value = config_info["expected"] + actual_value = actual_config.get(config_name, "n") + + if actual_value != expected_value: + error_msg = ( + f" ✗ {config_name}: expected '{expected_value}', got '{actual_value}' (from {config_info['source']})" + ) + errors.append(error_msg) + print(error_msg) + + if errors: + correct_count = len(all_configs) - len(errors) + print(f"\n✗ Found {len(errors)} configuration errors ({correct_count} correct)") + return False + + print(f"\n✓ All {len(all_configs)} configurations are correct") + return True + + +def check_config_across_all(schema: IntentionalKernelConfigSchema, config_name: str) -> bool: + """Check the value of a specific config across all architectures and kernels. + + Returns True if the config is present in the schema, False otherwise. + """ + print(f"Config: {config_name}") + + found_configs = [] + for section in [schema.default, *schema.overrides]: + for kernel_config in section.kernel_configs: + if kernel_config.name == config_name: + found_configs.append((section.name, kernel_config)) + break + + if not found_configs: + print("❌ Not found") + return False + + all_values: dict = {} + for section_name, kernel_config in found_configs: + for arch_pair in kernel_config.values: + all_values.setdefault(arch_pair.architecture, []).append((section_name, _resolve_value(arch_pair.value))) + + for arch in sorted(all_values, key=lambda a: a.value): + values = [f"{section}={value}" for section, value in all_values[arch]] + print(f" {arch.value}: {', '.join(values)}") + + conflicts = [arch.value for arch in all_values if len({v for _, v in all_values[arch]}) > 1] + if conflicts: + print(f" ⚠️ Conflicts in: {', '.join(conflicts)}") + + if found_configs: + print(f" Reason: {found_configs[0][1].justification}") + return True + + +def main() -> int | None: + parser = argparse.ArgumentParser(description="Check kernel .config file against intentional configuration") + parser.add_argument( + "--add-config", + metavar="JSON_FILE", + help="Interactively add a new config to the JSON file", + ) + parser.add_argument( + "--check-all", + nargs=2, + metavar=("JSON_FILE", "CONFIG_NAME"), + help="Check a config value across all architectures and kernels", + ) + parser.add_argument("kernel_config", nargs="?", help="Path to kernel .config file") + parser.add_argument( + "intentional_config", + nargs="?", + help="Path to intentional config JSON file", + ) + parser.add_argument("kernel_name", nargs="?", help="Name of the kernel to check") + parser.add_argument( + "architecture", + nargs="?", + help="Architecture (x86_64 or arm64; 'aarch64' is accepted as arm64)", + ) + + args = parser.parse_args() + + # Normalize and validate architecture early to avoid silent success on typos. + if args.architecture: + # Normalize common alias to the canonical name used in configs. + if args.architecture == "aarch64": + args.architecture = "arm64" + valid_architectures = {"x86_64", "arm64"} + if args.architecture not in valid_architectures: + parser.error( + f"Invalid architecture '{args.architecture}'. Expected one of: {', '.join(sorted(valid_architectures))}" + ) + + if args.add_config: + try: + ok = add_config_interactive(Path(args.add_config)) + return 0 if ok else 1 + except Exception as e: + print(f"\u2717 Error adding config: {e}") + return 1 + + if args.check_all: + try: + json_file, config_name = args.check_all + schema = load_schema(Path(json_file)) + print(f"✓ Loaded intentional config: {json_file}") + found = check_config_across_all(schema, config_name) + return 0 if found else 1 + except Exception as e: + print(f"✗ Error checking config: {e}") + return 1 + + if not all( + [ + args.kernel_config, + args.intentional_config, + args.kernel_name, + args.architecture, + ] + ): + parser.error( + "kernel_config, intentional_config, kernel_name," + " and architecture are required" + " when not using --add-config or --check-all" + ) + + try: + kernel_config_path = Path(args.kernel_config) + actual_config = parse_kernel_config(kernel_config_path) + print(f"✓ Parsed kernel config: {kernel_config_path} ({len(actual_config)} settings)") + + intentional_config_path = Path(args.intentional_config) + schema = load_schema(intentional_config_path) + print(f"✓ Loaded intentional config: {intentional_config_path}") + + is_valid = check_kernel_config(actual_config, schema, args.kernel_name, args.architecture) + + if is_valid: + print("✓ Kernel configuration check passed") + return 0 + print("✗ Kernel configuration check failed") + return 1 + + except Exception as e: + print(f"✗ Error: {e}") + return 1 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json new file mode 100644 index 00000000000..6c75a7cc39b --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json @@ -0,0 +1,2971 @@ +{ + "default": { + "name": "default", + "kernel_configs": [ + { + "name": "CONFIG_AMD_MEM_ENCRYPT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/50479755/" + }, + { + "name": "CONFIG_ANON_VMA_NAME", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Performance improvements via Kernel configuration parameters - PR: https://github.com/microsoft/azurelinux/pull/12178" + }, + { + "name": "CONFIG_AQTION", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable Aquantia AQtion ethernet driver kernel configs - PR: https://github.com/microsoft/azurelinux/pull/14638" + }, + { + "name": "CONFIG_ARCH_HAS_CPU_FINALIZE_INIT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for kernel upgrade 5.15.125.1 - PR: https://github.com/microsoft/azurelinux/pull/5964" + }, + { + "name": "CONFIG_ARM64_ERRATUM_2054223", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for kernel upgrade 5.15.123.1 - PR: https://github.com/microsoft/azurelinux/pull/5916" + }, + { + "name": "CONFIG_ARM64_ERRATUM_2067961", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for kernel upgrade 5.15.123.1 - PR: https://github.com/microsoft/azurelinux/pull/5916" + }, + { + "name": "CONFIG_ARM64_WORKAROUND_TSB_FLUSH_FAILURE", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for kernel upgrade 5.15.123.1 - PR: https://github.com/microsoft/azurelinux/pull/5916" + }, + { + "name": "CONFIG_ARM_FFA_TRANSPORT", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/54252120" + }, + { + "name": "CONFIG_ARM_SMMU", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for VFIO to work - PR: https://github.com/microsoft/azurelinux/pull/6829" + }, + { + "name": "CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "More secure when set - PR: https://github.com/microsoft/azurelinux/pull/6829" + }, + { + "name": "CONFIG_ARM_SMMU_LEGACY_DT_BINDINGS", + "values": [ + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "No device tree support needed - PR: https://github.com/microsoft/azurelinux/pull/6829" + }, + { + "name": "CONFIG_ARM_SMMU_QCOM", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Allow support of QCom SMMU - PR: https://github.com/microsoft/azurelinux/pull/6829" + }, + { + "name": "CONFIG_ARM_SMMU_QCOM_DEBUG", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Allow support of QCom SMMU - PR: https://github.com/microsoft/azurelinux/pull/6829" + }, + { + "name": "CONFIG_ARM_SMMU_V3", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for VFIO to work - PR: https://github.com/microsoft/azurelinux/pull/6829" + }, + { + "name": "CONFIG_ARM_SMMU_V3_SVA", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for CONFIG_ARM_SMMU_V3 - PR: https://github.com/microsoft/azurelinux/pull/6829" + }, + { + "name": "CONFIG_BINFMT_MISC", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for customer and HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3300" + }, + { + "name": "CONFIG_BLK_CGROUP_IOLATENCY", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable support for latency based cgroup IO protection - PR: https://github.com/microsoft/azurelinux/pull/7794" + }, + { + "name": "CONFIG_BLK_DEV_IO_TRACE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5417" + }, + { + "name": "CONFIG_BLK_DEV_NBD", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Add nbd module for customer - PR: https://github.com/microsoft/azurelinux/pull/5972" + }, + { + "name": "CONFIG_BLK_DEV_ZONED", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Zoned block device support - PR: https://github.com/microsoft/azurelinux/pull/3465" + }, + { + "name": "CONFIG_BLK_WBT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel: Enable support for block device writeback throttling - PR: https://github.com/microsoft/azurelinux/pull/14797" + }, + { + "name": "CONFIG_BLK_WBT_MQ", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel: Enable support for block device writeback throttling - PR: https://github.com/microsoft/azurelinux/pull/14797" + }, + { + "name": "CONFIG_BPF_LSM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Allow customers to use BPF LSM programs - PR: https://github.com/microsoft/azurelinux/pull/6846" + }, + { + "name": "CONFIG_BPF_UNPRIV_DEFAULT_OFF", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for CVE-2021-20194 - PR: https://github.com/microsoft/azurelinux/pull/2352" + }, + { + "name": "CONFIG_BRIDGE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_COMPAT_32BIT_TIME", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Avoid error that 2 bit get_time syscalls aren't available - PR: https://github.com/microsoft/azurelinux/pull/3812" + }, + { + "name": "CONFIG_CONSOLE_LOGLEVEL_DEFAULT", + "values": [ + { + "architecture": "x86_64", + "value": "7" + }, + { + "architecture": "arm64", + "value": "7" + } + ], + "justification": "Needed to see early logging in serial console - PR: https://github.com/microsoft/azurelinux/pull/6888" + }, + { + "name": "CONFIG_CRYPTO_ARC4", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable FIPS crypto configs and dependencies for arm64" + }, + { + "name": "CONFIG_CRYPTO_DEV_BCM_SPU", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable FIPS crypto configs and dependencies for arm64" + }, + { + "name": "CONFIG_CRYPTO_DH", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/55493874" + }, + { + "name": "CONFIG_CRYPTO_DH_RFC7919_GROUPS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel: enable CONFIG_CRYPTO_DH in aarch64 - PR: https://github.com/microsoft/azurelinux/pull/11409" + }, + { + "name": "CONFIG_CRYPTO_ECC", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable arm64 hyperv and SoCs support - PR: https://github.com/microsoft/azurelinux/pull/366" + }, + { + "name": "CONFIG_CRYPTO_ECDSA", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel: update to 5.15.2.1 - PR: https://github.com/microsoft/azurelinux/pull/1932" + }, + { + "name": "CONFIG_CRYPTO_RNG_DEFAULT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Present since initial kernel configuration" + }, + { + "name": "CONFIG_CUSE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable CUSE to support Nvidia rshim interface for Azure Linux hosts - PR: https://github.com/microsoft/azurelinux/pull/6853" + }, + { + "name": "CONFIG_DEBUG_PREEMPT", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/55530233" + }, + { + "name": "CONFIG_DEFAULT_SECURITY_SELINUX", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/47059310" + }, + { + "name": "CONFIG_DELL_RBU", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/2671" + }, + { + "name": "CONFIG_DELL_SMBIOS", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/2671" + }, + { + "name": "CONFIG_DELL_SMBIOS_SMM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/2671" + }, + { + "name": "CONFIG_DELL_SMBIOS_WMI", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/2671" + }, + { + "name": "CONFIG_DELL_SMO8800", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/2671" + }, + { + "name": "CONFIG_DELL_WMI", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_DELL_WMI_AIO", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/2671" + }, + { + "name": "CONFIG_DELL_WMI_DESCRIPTOR", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_DELL_WMI_LED", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_DELL_WMI_PRIVACY", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_DELL_WMI_SYSMAN", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_DEVICE_PRIVATE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Performance improvements via Kernel configuration parameters - PR: https://github.com/microsoft/azurelinux/pull/12178" + }, + { + "name": "CONFIG_DMABUF_MOVE_NOTIFY", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Enable DMA P2P - PR: https://github.com/microsoft/azurelinux/pull/14660" + }, + { + "name": "CONFIG_DMI_SYSFS", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52293123" + }, + { + "name": "CONFIG_DM_CACHE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable dm-cache module - PR: https://github.com/microsoft/azurelinux/pull/14661" + }, + { + "name": "CONFIG_DM_CACHE_SMQ", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable dm-cache module - PR: https://github.com/microsoft/azurelinux/pull/14661" + }, + { + "name": "CONFIG_DM_MULTIPATH_HST", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/5951" + }, + { + "name": "CONFIG_DM_MULTIPATH_IOA", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/5951" + }, + { + "name": "CONFIG_DM_MULTIPATH_QL", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/5951" + }, + { + "name": "CONFIG_DM_MULTIPATH_ST", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/5951" + }, + { + "name": "CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52293123" + }, + { + "name": "CONFIG_DRM", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "amdgpu - https://github.com/microsoft/azurelinux/pull/10612" + }, + { + "name": "CONFIG_DRM_AMDGPU", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5416" + }, + { + "name": "CONFIG_DRM_AMDGPU_CIK", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5416" + }, + { + "name": "CONFIG_DRM_AMDGPU_SI", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5416" + }, + { + "name": "CONFIG_DRM_KMS_HELPER", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Present since initial kernel configuration" + }, + { + "name": "CONFIG_DRM_VGEM", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed to enable media acceleration - PR: https://github.com/microsoft/azurelinux/pull/3227" + }, + { + "name": "CONFIG_DWMAC_LOONGSON", + "values": [ + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Not available - PR: https://github.com/microsoft/azurelinux/pull/7539" + }, + { + "name": "CONFIG_DXGKRNL", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/56525306" + }, + { + "name": "CONFIG_E1000", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable virtio console by default and build e1000 drivers as modules - PR: https://github.com/microsoft/azurelinux/pull/10604" + }, + { + "name": "CONFIG_E1000E", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable virtio console by default and build e1000 drivers as modules - PR: https://github.com/microsoft/azurelinux/pull/10604" + }, + { + "name": "CONFIG_EDAC_SKX", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5487" + }, + { + "name": "CONFIG_EROFS_FS", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52293123" + }, + { + "name": "CONFIG_EVM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/51595441" + }, + { + "name": "CONFIG_FPGA_DFL_AFU", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needs to be off for CVE-2023-26242 - PR: https://github.com/microsoft/azurelinux/pull/6574" + }, + { + "name": "CONFIG_FS_VERITY", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52471216" + }, + { + "name": "CONFIG_FTRACE_SYSCALLS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed to enable eBPF CO-RE syscalls tracers - PR: https://github.com/microsoft/azurelinux/pull/3210" + }, + { + "name": "CONFIG_FW_LOADER_COMPRESS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": " QLogic NIC firmware in linux-firmware is compressed - PR: https://github.com/microsoft/azurelinux/pull/2201" + }, + { + "name": "CONFIG_GPIO_MLXBF2", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_HIBERNATION", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/4369" + }, + { + "name": "CONFIG_HIST_TRIGGERS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for auoms metrics - PR: https://github.com/microsoft/azurelinux/pull/5292" + }, + { + "name": "CONFIG_HSA_AMD", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable DRM_AMDGPU module in kernel-drivers-gpu - PR: https://github.com/microsoft/azurelinux/pull/5416" + }, + { + "name": "CONFIG_HSA_AMD_P2P", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Enable DMA P2P - PR: https://github.com/microsoft/azurelinux/pull/14660" + }, + { + "name": "CONFIG_HSA_AMD_SVM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable DMA P2P - PR: https://github.com/microsoft/azurelinux/pull/14660" + }, + { + "name": "CONFIG_HW_RANDOM_TPM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: Initial Azure Linux PR" + }, + { + "name": "CONFIG_I2C_MLXBF", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_ICE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/54512964" + }, + { + "name": "CONFIG_ICE_SWITCHDEV", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable Intel Ethernet Connection E800 networking driver - PR: https://github.com/microsoft/azurelinux/pull/10960" + }, + { + "name": "CONFIG_IGC", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/50236901" + }, + { + "name": "CONFIG_IKCONFIG_PROC", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable /proc/config.gz on arm64 for parity with x86_64 - required by kubeadm and other tools that read kernel config at runtime" + }, + { + "name": "CONFIG_IMA_ARCH_POLICY", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52293123" + }, + { + "name": "CONFIG_INET_DIAG", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_INET_DIAG_DESTROY", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel: enable CONFIG_INET_DIAG_DESTROY - PR: https://github.com/microsoft/azurelinux/pull/15465" + }, + { + "name": "CONFIG_INET_SCTP_DIAG", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_INET_TCP_DIAG", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_INET_UDP_DIAG", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_INFINIBAND_BNXT_RE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_INIT_ON_FREE_DEFAULT_ON", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Creates increased boot times and errors on large memory systems - PR: https://github.com/microsoft/azurelinux/pull/4829" + }, + { + "name": "CONFIG_INTEGRITY_MACHINE_KEYRING", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52293123" + }, + { + "name": "CONFIG_INTEL_IFS", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/54251923?src=WorkItemMention&src-action=artifact_link" + }, + { + "name": "CONFIG_INTEL_IOMMU_SVM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/84" + }, + { + "name": "CONFIG_INTEL_TDX_GUEST", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://dev.azure.com/microsoft/OS/_workitems/edit/46616758" + }, + { + "name": "CONFIG_IOMMU_SVA", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for CONFIG_ARM_SMMU_V3_SVA - PR: https://github.com/microsoft/azurelinux/pull/6829" + }, + { + "name": "CONFIG_IO_STRICT_DEVMEM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for tboot - PR: https://github.com/microsoft/azurelinux/pull/2357" + }, + { + "name": "CONFIG_IO_URING", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: Initial Azure Linux PR" + }, + { + "name": "CONFIG_IPV6_FOU", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_IPV6_FOU_TUNNEL", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_IP_VS_DEBUG", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_IP_VS_MH", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Add additional mh scheduler for ipvs per suggestion by customer - PR: https://github.com/microsoft/azurelinux/pull/5657" + }, + { + "name": "CONFIG_ISO9660_FS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: Initial Azure Linux PR" + }, + { + "name": "CONFIG_KEXEC", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52296698" + }, + { + "name": "CONFIG_KEXEC_BZIMAGE_VERIFY_SIG", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/54615562" + }, + { + "name": "CONFIG_KEXEC_IMAGE_VERIFY_SIG", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable signature verification of kexec kernel - PR: https://github.com/microsoft/azurelinux/pull/10961" + }, + { + "name": "CONFIG_KEXEC_SIG", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/54615562" + }, + { + "name": "CONFIG_LEGACY_TIOCSTI", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52296698" + }, + { + "name": "CONFIG_LIVEPATCH", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for livepatching - PR: https://github.com/microsoft/azurelinux/pull/3107" + }, + { + "name": "CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Required for EFI Secure Boot lockdown across all kernels" + }, + { + "name": "CONFIG_LLC", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_LRU_GEN", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Performance improvements via Kernel configuration parameters - PR: https://github.com/microsoft/azurelinux/pull/12178" + }, + { + "name": "CONFIG_LRU_GEN_ENABLED", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Performance improvements via Kernel configuration parameters - PR: https://github.com/microsoft/azurelinux/pull/12178" + }, + { + "name": "CONFIG_LWTUNNEL", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "feat(kernel): Enable LWTUNNEL_BPF and SCHED_CORE - PR: https://github.com/microsoft/azurelinux/pull/15607" + }, + { + "name": "CONFIG_LWTUNNEL_BPF", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "feat(kernel): Enable LWTUNNEL_BPF and SCHED_CORE - PR: https://github.com/microsoft/azurelinux/pull/15607" + }, + { + "name": "CONFIG_MACVLAN", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_MCTP", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Do not enable mctp unless fix for CVE-2023-3439 is present - PR: https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269" + }, + { + "name": "CONFIG_MELLANOX_PLATFORM", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MLX5_CLS_ACT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/54037260" + }, + { + "name": "CONFIG_MLXBF_BOOTCTL", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MLXBF_GIGE", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MLXBF_PMC", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MLXBF_TMFIFO", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MLXREG_HOTPLUG", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MLXREG_IO", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MMC_DW", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MMC_DW_BLUEFIELD", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MMC_DW_PLTFM", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_MPTCP", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/51241174" + }, + { + "name": "CONFIG_NETFILTER_NETLINK_GLUE_CT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NETFILTER_XT_MARK", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_NETFILTER_XT_MATCH_IPCOMP", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NETFILTER_XT_TARGET_AUDIT", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NETFILTER_XT_TARGET_NOTRACK", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NETFILTER_XT_TARGET_TRACE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for the iptables TRACE target and HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NETLINK_DIAG", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_NET_CLS_FLOWER", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for customer and HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NET_FOU", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NET_FOU_IP_TUNNELS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NET_VENDOR_AQUANTIA", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable Aquantia AQtion ethernet driver kernel configs - PR: https://github.com/microsoft/azurelinux/pull/14638" + }, + { + "name": "CONFIG_NFSD_V4_SECURITY_LABEL", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_NFT_CONNLIMIT", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NFT_DUP_NETDEV", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_NFT_FIB", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NFT_FIB_IPV4", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NFT_FWD_NETDEV", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_NFT_REJECT_NETDEV", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_NF_CONNTRACK_PROCFS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Perf tuning changes - PR: https://github.com/microsoft/azurelinux/pull/8944" + }, + { + "name": "CONFIG_NF_CT_NETLINK_HELPER", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_NF_DUP_NETDEV", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_NF_LOG_ARP", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NF_TABLES_ARP", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NF_TABLES_NETDEV", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_NVME_RDMA", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5283" + }, + { + "name": "CONFIG_NVME_TARGET_TCP", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_NVME_TCP", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5283" + }, + { + "name": "CONFIG_PACKET_DIAG", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_PARAVIRT_SPINLOCKS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_PATA_LEGACY", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_PCI_HYPERV", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/55841415" + }, + { + "name": "CONFIG_PCI_HYPERV_INTERFACE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "aarch64 config for kernel update to v5.15.32 - PR: https://github.com/microsoft/azurelinux/pull/2735" + }, + { + "name": "CONFIG_PCI_P2PDMA", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "kernel: Align arm hv,xen,virtio modules with x86 to fix arm boot - PR: https://github.com/microsoft/azurelinux/pull/8579" + }, + { + "name": "CONFIG_PERF_EVENTS_INTEL_CSTATE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Performance improvements via Kernel configuration parameters - PR: https://github.com/microsoft/azurelinux/pull/12178" + }, + { + "name": "CONFIG_PERF_EVENTS_INTEL_RAPL", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Performance improvements via Kernel configuration parameters - PR: https://github.com/microsoft/azurelinux/pull/12178" + }, + { + "name": "CONFIG_PHY_RTK_RTD_USB2PHY", + "values": [ + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Not available - PR: https://github.com/microsoft/azurelinux/pull/7539" + }, + { + "name": "CONFIG_PHY_RTK_RTD_USB3PHY", + "values": [ + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Not available - PR: https://github.com/microsoft/azurelinux/pull/7539" + }, + { + "name": "CONFIG_PLDMFW", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable Intel Ethernet Connection E800 networking driver - PR: https://github.com/microsoft/azurelinux/pull/10960" + }, + { + "name": "CONFIG_PTP_1588_CLOCK_KVM", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Removes error boot message 'failed to initialize ptp kvm' - PR: https://github.com/microsoft/azurelinux/pull/3122" + }, + { + "name": "CONFIG_RAS_CEC", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5417" + }, + { + "name": "CONFIG_ROSE", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://dev.azure.com/microsoft/OS/_workitems/edit/47170615" + }, + { + "name": "CONFIG_SCHEDSTATS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: Initial Azure Linux PR" + }, + { + "name": "CONFIG_SCHED_CORE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "feat(kernel): Enable LWTUNNEL_BPF and SCHED_CORE - PR: https://github.com/microsoft/azurelinux/pull/15607" + }, + { + "name": "CONFIG_SCSI_LOGGING", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/3826" + }, + { + "name": "CONFIG_SCSI_MPI3MR", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/7794" + }, + { + "name": "CONFIG_SECONDARY_TRUSTED_KEYRING", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52297228" + }, + { + "name": "CONFIG_SECURITY_IPE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52471216" + }, + { + "name": "CONFIG_SECURITY_LANDLOCK", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Security - PR: https://github.com/microsoft/azurelinux/pull/3484" + }, + { + "name": "CONFIG_SECURITY_SELINUX_BOOTPARAM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/3480" + }, + { + "name": "CONFIG_SECURITY_SMACK", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Removed in favor of SELinux - PR: https://github.com/microsoft/azurelinux/pull/3080" + }, + { + "name": "CONFIG_SENSORS_DELL_SMM", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_SENSORS_MLXREG_FAN", + "values": [ + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needed for Mellanox DPUs - PR: https://github.com/microsoft/azurelinux/pull/5896" + }, + { + "name": "CONFIG_SEV_GUEST", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/50479755/" + }, + { + "name": "CONFIG_SIGNED_PE_FILE_VERIFICATION", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Present since initial kernel configuration" + }, + { + "name": "CONFIG_SMB_SERVER", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needs to be off for CVE-2023-38431, CVE-2023-38430, CVE-2023-38427, CVE-2023-32258, CVE-2023-32257, CVE-2023-32254, CVE-2023-32252, CVE-2023-32250, CVE-2023-32247, CVE-2022-47940 - PR: https://github.com/microsoft/azurelinux/pull/6574" + }, + { + "name": "CONFIG_STP", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_STX104", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needed for update to 5.15.131.1 - PR: https://github.com/microsoft/azurelinux/pull/6196" + }, + { + "name": "CONFIG_TARGET_CORE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/4473" + }, + { + "name": "CONFIG_TASKSTATS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: Initial Azure Linux PR" + }, + { + "name": "CONFIG_TASK_DELAY_ACCT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: Initial Azure Linux PR" + }, + { + "name": "CONFIG_TASK_IO_ACCOUNTING", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: Initial Azure Linux PR" + }, + { + "name": "CONFIG_TASK_XACCT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: Initial Azure Linux PR" + }, + { + "name": "CONFIG_TCG_TPM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/135" + }, + { + "name": "CONFIG_TCP_CONG_BBR", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/4122" + }, + { + "name": "CONFIG_TDX_GUEST_DRIVER", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://dev.azure.com/microsoft/OS/_workitems/edit/46616758" + }, + { + "name": "CONFIG_THERMAL_HWMON", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5417" + }, + { + "name": "CONFIG_TLS", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5406" + }, + { + "name": "CONFIG_TRANSPARENT_HUGEPAGE_MADVISE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Perf tuning changes - PR: https://github.com/microsoft/azurelinux/pull/8944" + }, + { + "name": "CONFIG_TUN", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_UNIX_DIAG", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Needed for HCI scenarios - PR: https://github.com/microsoft/azurelinux/pull/7468" + }, + { + "name": "CONFIG_USB_HIDDEV", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_USB_SERIAL_CH341", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_USB_TMC", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52967503" + }, + { + "name": "CONFIG_USER_EVENTS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "Enable user-based event tracing - PR: https://github.com/microsoft/azurelinux/pull/7044" + }, + { + "name": "CONFIG_VCC", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Needs to be off for CVE-2023-23039 - PR: https://github.com/microsoft/azurelinux/pull/6574" + }, + { + "name": "CONFIG_VFAT_FS", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Make vfat always available - PR: https://github.com/microsoft/azurelinux/pull/3733" + }, + { + "name": "CONFIG_VFIO_NOIOMMU", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "VMs may not have access to iommu - PR: https://github.com/microsoft/azurelinux/pull/2385" + }, + { + "name": "CONFIG_VIRTIO_CONSOLE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_VIRTIO_FS", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed to see logs in Azure serial console - PR: https://github.com/microsoft/azurelinux/pull/3264" + }, + { + "name": "CONFIG_WIREGUARD", + "values": [ + { + "architecture": "x86_64", + "value": "m" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/5135" + }, + { + "name": "CONFIG_X86_AMD_PLATFORM_DEVICE", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/54457858?src=WorkItemMention&src-action=artifact_link" + }, + { + "name": "CONFIG_X86_CET", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_X86_IOPL_IOPERM", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/47911952" + }, + { + "name": "CONFIG_X86_KERNEL_IBT", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_X86_PLATFORM_DRIVERS_DELL", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "Needed for customer - PR: https://github.com/microsoft/azurelinux/pull/2671" + }, + { + "name": "CONFIG_XEN_DEBUG_FS", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "XEN not officially supported - https://microsoft.visualstudio.com/OS/_workitems/edit/52468301" + }, + { + "name": "CONFIG_XFS_SUPPORT_V4", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "Deprecated - https://github.com/microsoft/CBL-Mariner-Linux-Kernel/blob/rolling-lts/mariner-3/6.6.22.1/fs/xfs/Kconfig#L25" + }, + { + "name": "CONFIG_ZONE_DMA", + "values": [ + { + "architecture": "x86_64", + "value": "n" + } + ], + "justification": "results in large memory usage numbers - https://github.com/microsoft/azurelinux/pull/12221" + }, + { + "name": "CONFIG_ZRAM", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "Enable ZRAM to align ARM and AMD offerings - PR: https://github.com/microsoft/azurelinux/pull/7794" + } + ] + }, + "overrides": [ + { + "name": "kernel", + "kernel_configs": [ + { + "name": "CONFIG_DRM_ACCEL_IVPU", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/54118255" + }, + { + "name": "CONFIG_FW_CFG_SYSFS", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "kernel: Enable CONFIG_SQUASHFS_ZSTD and CONFIG_FW_CFG_SYSFS - PR: https://github.com/microsoft/azurelinux/pull/15612" + }, + { + "name": "CONFIG_HSA_AMD_SVM", + "values": [ + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "kernel does not enable HSA_AMD_SVM on arm64 - PR: https://github.com/microsoft/azurelinux/pull/14660" + }, + { + "name": "CONFIG_NUMA_BALANCING", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/55353192" + }, + { + "name": "CONFIG_SQUASHFS_ZSTD", + "values": [ + { + "architecture": "x86_64", + "value": "y" + }, + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel: Enable CONFIG_SQUASHFS_ZSTD and CONFIG_FW_CFG_SYSFS - PR: https://github.com/microsoft/azurelinux/pull/15612" + }, + { + "name": "CONFIG_TCP_CONG_BBR3", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "kernel: Enable CONFIG_TCP_CONG_BBR3 - PR: https://github.com/microsoft/azurelinux/pull/16044" + }, + { + "name": "CONFIG_UCLAMP_TASK", + "values": [ + { + "architecture": "x86_64", + "value": "y" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/55353192" + }, + { + "name": "CONFIG_XFRM_INTERFACE", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "kernel: enable xfrm_interface - PR: https://github.com/microsoft/azurelinux/pull/15463" + }, + { + "name": "CONFIG_CRYPTO_LZ4", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/60759133" + }, + { + "name": "CONFIG_CRYPTO_ZSTD", + "values": [ + { + "architecture": "x86_64", + "value": "m" + }, + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "https://microsoft.visualstudio.com/OS/_workitems/edit/60759133" + } + ] + }, + { + "name": "kernel-hwe", + "kernel_configs": [ + { + "name": "CONFIG_DMABUF_MOVE_NOTIFY", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel-hwe 6.12 enables DMABUF_MOVE_NOTIFY on arm64 - PR: https://github.com/microsoft/azurelinux/pull/14660" + }, + { + "name": "CONFIG_DRM", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel-hwe 6.12 builds DRM as builtin on arm64" + }, + { + "name": "CONFIG_DRM_KMS_HELPER", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel-hwe 6.12 builds DRM_KMS_HELPER as builtin on arm64" + }, + { + "name": "CONFIG_GPIO_MLXBF2", + "values": [ + { + "architecture": "arm64", + "value": "m" + } + ], + "justification": "kernel-hwe 6.12 changes BlueField2 GPIO from builtin to module" + }, + { + "name": "CONFIG_ICE", + "values": [ + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "kernel-hwe 6.12 does not enable Intel ICE driver on arm64" + }, + { + "name": "CONFIG_ICE_SWITCHDEV", + "values": [ + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "kernel-hwe 6.12 does not enable ICE_SWITCHDEV on arm64 - PR: https://github.com/microsoft/azurelinux/pull/10960" + }, + { + "name": "CONFIG_CRYPTO_DH", + "values": [ + { + "architecture": "arm64", + "value": "y" + } + ], + "justification": "kernel-hwe 6.18 builds CRYPTO_DH as builtin on arm64 (selected by other built-in components)" + }, + { + "name": "CONFIG_DXGKRNL", + "values": [ + { + "architecture": "x86_64", + "value": "n" + }, + { + "architecture": "arm64", + "value": "n" + } + ], + "justification": "DXGKRNL not available in kernel-hwe" + } + ] + } + ] +} diff --git a/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/__init__.py b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/__init__.py new file mode 100644 index 00000000000..59e481eb93d --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/__init__.py @@ -0,0 +1,2 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. diff --git a/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/print_schema.py b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/print_schema.py new file mode 100644 index 00000000000..ebc93726869 --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/print_schema.py @@ -0,0 +1,21 @@ +# --------------------------------------------------------- +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# --------------------------------------------------------- +"""Schema printing utilities for kernel configuration validation.""" + +from __future__ import annotations + +import json + +from .schema import IntentionalKernelConfigSchema + + +def get_schema() -> str: + """Return the JSON schema for kernel configuration settings.""" + schema = IntentionalKernelConfigSchema.model_json_schema() + return json.dumps(schema, indent=2) + + +if __name__ == "__main__": + print(get_schema()) diff --git a/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/schema.py b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/schema.py new file mode 100644 index 00000000000..2b5f57d451e --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/schema.py @@ -0,0 +1,87 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +"""Schema definitions for kernel configuration validation.""" + +from __future__ import annotations + +import json +from enum import StrEnum +from typing import TYPE_CHECKING + +from pydantic import BaseModel, Field + +if TYPE_CHECKING: + from pathlib import Path + + +class KernelConfigValue(StrEnum): + """Enum for common kernel configuration values.""" + + ENABLED = "y" + DISABLED = "n" + MODULE = "m" + + +class Architecture(StrEnum): + """Enum for supported architectures.""" + + ARM64 = "arm64" + X86_64 = "x86_64" + + +class ArchConfigPair(BaseModel): + """Schema for architecture and kernel config value pair.""" + + model_config = {"extra": "forbid"} + + architecture: Architecture = Field(description="Target architecture") + value: KernelConfigValue | str = Field( + union_mode="left_to_right", + description="Kernel configuration value for this architecture (y/n/m or custom)", + ) + + +class KernelConfig(BaseModel): + """Schema for kernel configuration settings.""" + + model_config = {"extra": "forbid"} + + name: str = Field(description="Name of the kernel configuration") + values: list[ArchConfigPair] = Field(description="List of architecture-value pairs for this configuration") + justification: str = Field(description="Justification for this configuration setting") + + +class KernelObject(BaseModel): + """Schema for a kernel object containing configurations.""" + + model_config = {"extra": "forbid"} + + name: str = Field(description="Name of the kernel") + kernel_configs: list[KernelConfig] = Field( + default_factory=list, description="List of kernel configuration settings" + ) + + +class IntentionalKernelConfigSchema(BaseModel): + """Root schema for intentional kernel configuration settings.""" + + model_config = {"extra": "forbid"} + + default: KernelObject = Field(description="Default kernel configuration object") + overrides: list[KernelObject] = Field( + default_factory=list, + description="List of kernel override objects (kernel-1 to kernel-n)", + ) + + +def load_schema(filepath: Path) -> IntentionalKernelConfigSchema: + """Load the schema from a JSON file.""" + with filepath.open(encoding="utf-8") as file: + data = json.load(file) + return IntentionalKernelConfigSchema.model_validate(data) + + +def save_schema(schema: IntentionalKernelConfigSchema, filepath: Path) -> None: + """Save the schema to a JSON file.""" + with filepath.open("w", encoding="utf-8") as file: + json.dump(schema.model_dump(mode="json"), file, indent=2) diff --git a/scripts/ci/kernel/kernel-config-checker/requirements.txt b/scripts/ci/kernel/kernel-config-checker/requirements.txt new file mode 100644 index 00000000000..4b5fe4d67d6 --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/requirements.txt @@ -0,0 +1 @@ +pydantic==2.13.4 From c751a39fb448bbf3132bebaa81d2ef45c8c7ac81 Mon Sep 17 00:00:00 2001 From: Rachel Menge Date: Wed, 1 Jul 2026 12:26:23 -0700 Subject: [PATCH 2/2] ci(kernel-config-checker): run validations via pytest harness Replace bespoke shell/Python validation in check-kernel-configs.yml with a pytest-driven harness under scripts/ci/kernel/kernel-config-checker/tests. New checks can be added as normal pytest cases (static or dynamically parametrized) without adding per-package pipelines. --- .github/workflows/check-kernel-configs.yml | 71 +-------- .../ci/kernel/kernel-config-checker/README.md | 17 +++ .../kernel-config-checker/requirements.txt | 1 + .../kernel-config-checker/tests/conftest.py | 135 ++++++++++++++++++ .../tests/test_kernel_config_validation.py | 34 +++++ 5 files changed, 192 insertions(+), 66 deletions(-) create mode 100644 scripts/ci/kernel/kernel-config-checker/tests/conftest.py create mode 100644 scripts/ci/kernel/kernel-config-checker/tests/test_kernel_config_validation.py diff --git a/.github/workflows/check-kernel-configs.yml b/.github/workflows/check-kernel-configs.yml index d2611210d28..ce7fa0afd1e 100644 --- a/.github/workflows/check-kernel-configs.yml +++ b/.github/workflows/check-kernel-configs.yml @@ -89,74 +89,13 @@ jobs: - name: Get Python dependencies run: python3 -m pip install -r scripts/ci/kernel/kernel-config-checker/requirements.txt - - name: Check if config files changed + - name: Run kernel config pytest validations env: BASE_SHA: ${{ env.base_sha }} HEAD_SHA: ${{ github.sha }} run: | set -euo pipefail - echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r "$BASE_SHA" "$HEAD_SHA")'" - changed_configs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r "$BASE_SHA" "$HEAD_SHA" | { grep "base/comps/kernel.*/.*config.*$" || test $? = 1; }) - echo "Files to validate: '${changed_configs}'" - { - echo "updated_configs<> "$GITHUB_ENV" - - - name: Run kernel config checking script - if: ${{ env.updated_configs != '' }} - env: - UPDATED_CONFIGS: ${{ env.updated_configs }} - run: | - set -euo pipefail - JSON_PATH="scripts/ci/kernel/kernel-config-checker/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json" - - # Extract kernel names that have overrides in the JSON (these are the kernels we track). - tracked_kernels=$(python3 -c " - import json - with open('${JSON_PATH}') as f: - data = json.load(f) - for o in data['overrides']: - print(o['name']) - ") - echo "Tracked kernels: ${tracked_kernels}" - - failed=0 - while IFS= read -r file; do - [ -z "$file" ] && continue - - # Extract kernel name from path (e.g., base/comps/kernel/6.18-x86_64-azl.config -> kernel). - kernel_name=$(echo "$file" | sed 's|base/comps/\([^/]*\)/.*|\1|') - - if ! echo "${tracked_kernels}" | grep -qx "${kernel_name}"; then - echo "============================================" - echo "Skipping: ${file} (kernel=${kernel_name} not tracked in JSON)" - echo "============================================" - continue - fi - - # Determine architecture from filename. - if [[ "$file" == *"aarch64"* ]]; then - arch="arm64" - else - arch="x86_64" - fi - - echo "============================================" - echo "Checking: ${file} (kernel=${kernel_name}, arch=${arch})" - echo "============================================" - - if ! (cd scripts/ci/kernel/kernel-config-checker && python3 -m kernel_config_checker.check_config \ - "../../../../${file}" \ - kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json \ - "${kernel_name}" "${arch}"); then - failed=1 - fi - done <<< "$UPDATED_CONFIGS" - - if [ "$failed" -eq 1 ]; then - echo "" - echo "✗ One or more kernel config checks failed" - exit 1 - fi + cd scripts/ci/kernel/kernel-config-checker + python3 -m pytest -q tests/test_kernel_config_validation.py \ + --base-sha "$BASE_SHA" \ + --head-sha "$HEAD_SHA" diff --git a/scripts/ci/kernel/kernel-config-checker/README.md b/scripts/ci/kernel/kernel-config-checker/README.md index 669e03e53ed..27630f85e24 100644 --- a/scripts/ci/kernel/kernel-config-checker/README.md +++ b/scripts/ci/kernel/kernel-config-checker/README.md @@ -69,6 +69,20 @@ Example: python -m kernel_config_checker.check_config --check-all kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json CONFIG_DRM ``` +### Run the CI validation locally + +The `Kernel Required Configs Check` GitHub Actions workflow validates changed kernel configs by running the pytest harness in `tests/`. To reproduce a run locally, invoke pytest with the same base/head SHAs the workflow would use: + +```bash +python -m pytest tests/ \ + --base-sha "$(git merge-base HEAD origin/4.0)" \ + --head-sha HEAD +``` + +Omit the flags to default to `HEAD^..HEAD`. The harness walks the diff, filters to `base/comps/kernel*/*config*` paths whose kernel appears in the policy JSON's `overrides`, and runs the same `check_kernel_config` logic used by the CLI. Deletions of tracked kernel config files fail a dedicated test. + +To add a new check (e.g. a lint over the policy JSON, or a per-arch invariant), drop another `test_*.py` into `tests/` — no workflow changes required. + ## Configuration Schema The system uses a structured JSON schema with default and override sections: @@ -141,6 +155,9 @@ scripts/ci/kernel/kernel-config-checker/ │ ├── __init__.py # Package init │ ├── add_config.py # Interactive config adder │ └── check_config.py # Main checker and utilities +├── tests/ # Pytest harness invoked by CI +│ ├── conftest.py # Shared fixtures + git-diff parametrization +│ └── test_kernel_config_validation.py # Policy checks over changed configs ├── requirements.txt # Python dependencies └── README.md # This file ``` diff --git a/scripts/ci/kernel/kernel-config-checker/requirements.txt b/scripts/ci/kernel/kernel-config-checker/requirements.txt index 4b5fe4d67d6..47c9df1a5c4 100644 --- a/scripts/ci/kernel/kernel-config-checker/requirements.txt +++ b/scripts/ci/kernel/kernel-config-checker/requirements.txt @@ -1 +1,2 @@ pydantic==2.13.4 +pytest==8.4.1 diff --git a/scripts/ci/kernel/kernel-config-checker/tests/conftest.py b/scripts/ci/kernel/kernel-config-checker/tests/conftest.py new file mode 100644 index 00000000000..6531baa7d15 --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/tests/conftest.py @@ -0,0 +1,135 @@ +"""Shared pytest fixtures for kernel config validation checks.""" + +from __future__ import annotations + +import os +import re +import subprocess +from pathlib import Path + +import pytest +from kernel_config_checker.schema.schema import ( + IntentionalKernelConfigSchema, + load_schema, +) + +KERNEL_CONFIG_PATH_PATTERN = re.compile(r"^base/comps/kernel.*/.*config.*$") +KERNEL_CONFIG_JSON_PATH = Path("kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json") + + +def pytest_addoption(parser: pytest.Parser) -> None: + """Allow CI and local runs to pass the diff range explicitly.""" + parser.addoption("--base-sha", action="store", default=os.environ.get("BASE_SHA")) + parser.addoption("--head-sha", action="store", default=os.environ.get("HEAD_SHA")) + parser.addoption("--repo-root", action="store", default=os.environ.get("REPO_ROOT")) + + +def _git_repo_root() -> Path: + result = subprocess.run( + ["git", "rev-parse", "--show-toplevel"], + check=True, + capture_output=True, + text=True, + ) + return Path(result.stdout.strip()) + + +def _checker_root() -> Path: + return Path(__file__).resolve().parents[1] + + +def _git_diff_names(repo_root: Path, base_sha: str, head_sha: str, diff_filter: str) -> list[str]: + result = subprocess.run( + [ + "git", + "diff-tree", + f"--diff-filter={diff_filter}", + "--no-commit-id", + "--name-only", + "-r", + base_sha, + head_sha, + ], + check=True, + capture_output=True, + text=True, + cwd=repo_root, + ) + return [line for line in result.stdout.splitlines() if line] + + +def _kernel_config_path(path: str) -> bool: + return bool(KERNEL_CONFIG_PATH_PATTERN.match(path)) + + +def _kernel_name_from_path(path: str) -> str: + return Path(path).parts[2] + + +def _architecture_from_path(path: str) -> str: + return "arm64" if "aarch64" in path else "x86_64" + + +@pytest.fixture(scope="session") +def repo_root(pytestconfig: pytest.Config) -> Path: + """Return the repository root used for git diff lookups.""" + option = pytestconfig.getoption("repo_root") + return Path(option).resolve() if option else _git_repo_root() + + +@pytest.fixture(scope="session") +def base_sha(pytestconfig: pytest.Config) -> str: + """Return the diff base SHA for the current validation run.""" + return pytestconfig.getoption("base_sha") or "HEAD^" + + +@pytest.fixture(scope="session") +def head_sha(pytestconfig: pytest.Config) -> str: + """Return the diff head SHA for the current validation run.""" + return pytestconfig.getoption("head_sha") or "HEAD" + + +@pytest.fixture(scope="session") +def intentional_schema() -> IntentionalKernelConfigSchema: + """Load the intentional kernel config schema from the checked-in policy JSON.""" + return load_schema(_checker_root() / KERNEL_CONFIG_JSON_PATH) + + +@pytest.fixture(scope="session") +def deleted_kernel_config_files(repo_root: Path, base_sha: str, head_sha: str) -> list[str]: + """Return deleted kernel config files detected between the diff range.""" + return [path for path in _git_diff_names(repo_root, base_sha, head_sha, "D") if _kernel_config_path(path)] + + +def _tracked_changed_kernel_config_cases(pytestconfig: pytest.Config) -> list[tuple[str, str, str]]: + repo_root = ( + Path(pytestconfig.getoption("repo_root")).resolve() if pytestconfig.getoption("repo_root") else _git_repo_root() + ) + checker_root = _checker_root() + base_sha = pytestconfig.getoption("base_sha") or "HEAD^" + head_sha = pytestconfig.getoption("head_sha") or "HEAD" + schema = load_schema(checker_root / KERNEL_CONFIG_JSON_PATH) + tracked_kernels = {override.name for override in schema.overrides} + + cases: list[tuple[str, str, str]] = [] + for path in _git_diff_names(repo_root, base_sha, head_sha, "d"): + if not _kernel_config_path(path): + continue + + kernel_name = _kernel_name_from_path(path) + if kernel_name not in tracked_kernels: + continue + + cases.append((path, kernel_name, _architecture_from_path(path))) + + return cases + + +def pytest_generate_tests(metafunc: pytest.Metafunc) -> None: + """Parametrize kernel config validation over changed tracked config files.""" + if "kernel_config_case" not in metafunc.fixturenames: + return + + cases = _tracked_changed_kernel_config_cases(metafunc.config) + ids = [f"{kernel_name}:{architecture}:{Path(path).name}" for path, kernel_name, architecture in cases] + metafunc.parametrize("kernel_config_case", cases, ids=ids) diff --git a/scripts/ci/kernel/kernel-config-checker/tests/test_kernel_config_validation.py b/scripts/ci/kernel/kernel-config-checker/tests/test_kernel_config_validation.py new file mode 100644 index 00000000000..1e7a8a04772 --- /dev/null +++ b/scripts/ci/kernel/kernel-config-checker/tests/test_kernel_config_validation.py @@ -0,0 +1,34 @@ +"""Pytest-backed kernel config validation checks.""" + +from __future__ import annotations + +from typing import TYPE_CHECKING + +import pytest +from kernel_config_checker.check_config import check_kernel_config, parse_kernel_config + +if TYPE_CHECKING: + from pathlib import Path + + from kernel_config_checker.schema.schema import IntentionalKernelConfigSchema + + +def test_deleted_kernel_config_files_are_rejected(deleted_kernel_config_files: list[str]) -> None: + """Fail if any kernel config file was deleted in the diff range.""" + if deleted_kernel_config_files: + message = "Deletion of tracked kernel config files is not allowed:\n" + "\n".join(deleted_kernel_config_files) + pytest.fail(message) + + +def test_changed_kernel_configs_match_policy( + kernel_config_case: tuple[str, str, str], + intentional_schema: IntentionalKernelConfigSchema, + repo_root: Path, +) -> None: + """Validate each changed tracked kernel config against the intentional policy.""" + config_path, kernel_name, architecture = kernel_config_case + actual_config = parse_kernel_config(repo_root / config_path) + + if not check_kernel_config(actual_config, intentional_schema, kernel_name, architecture): + message = f"Kernel config validation failed for {config_path}" + pytest.fail(message)