[PATCH v2 0/8] kernel/configs: Android config fragment updates

[PATCH v2 0/8] kernel/configs: Android config fragment updates

[Amit Pundir]

Hi,

Following are the Android config fragment changes cherry-picked from
Android common kernel for your consideration. Config fragments are
folded or re-placed in sorted order wherever required.

Changes since v1:
    Dropped that one patch adding non-existent config.

Regards,
Amit Pundir


Chenbo Feng (1):
  config: android-base: add CGROUP_BPF

Greg Kroah-Hartman (2):
  config: android-base: add CONFIG_IKCONFIG option
  config: android-base: add CONFIG_MODULES option

Jeff Vander Stoep (1):
  config: android-recommended: enable fstack-protector-strong

Max Shi (1):
  config: android-base: disable CONFIG_USELIB and CONFIG_FHANDLE

Roberto Pereira (1):
  config: android-base: disable CONFIG_NFSD and CONFIG_NFS_FS

Sami Tolvanen (2):
  config: android-recommended: enable CONFIG_ARM64_SW_TTBR0_PAN
  config: android-recommended: enable CONFIG_CPU_SW_DOMAIN_PAN

 kernel/configs/android-base.config        | 11 ++++++++++-
 kernel/configs/android-recommended.config |  5 ++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

-- 
2.7.4

[PATCH v2 1/8] config: android-recommended: enable fstack-protector-strong

[Amit Pundir]

From: Jeff Vander Stoep <jeffv@google.com>

If compiler has stack protector support, set
CONFIG_CC_STACKPROTECTOR_STRONG.

Reviewed-at: https://android-review.googlesource.com/#/c/238388/

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
 kernel/configs/android-recommended.config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index 28ee064b6744..a86faa41bfd2 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -11,6 +11,7 @@ CONFIG_BLK_DEV_DM=y
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_RAM=y
 CONFIG_BLK_DEV_RAM_SIZE=8192
+CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_COMPACTION=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_DM_CRYPT=y
-- 
2.7.4

[PATCH v2 2/8] config: android-recommended: enable CONFIG_ARM64_SW_TTBR0_PAN

[Amit Pundir]

From: Sami Tolvanen <samitolvanen@google.com>

Enable PAN emulation using TTBR0_EL1 switching.

Reviewed-at: https://android-review.googlesource.com/#/c/325997/

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
[AmitP: cherry-picked this change from Android common kernel
        and updated the commit message]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
 kernel/configs/android-recommended.config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index a86faa41bfd2..a02c447769f7 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -6,6 +6,7 @@
 # CONFIG_NF_CONNTRACK_SIP is not set
 # CONFIG_PM_WAKELOCKS_GC is not set
 # CONFIG_VT is not set
+CONFIG_ARM64_SW_TTBR0_PAN=y
 CONFIG_BACKLIGHT_LCD_SUPPORT=y
 CONFIG_BLK_DEV_DM=y
 CONFIG_BLK_DEV_LOOP=y
-- 
2.7.4

[PATCH v2 3/8] config: android-base: disable CONFIG_USELIB and CONFIG_FHANDLE

[Amit Pundir]

From: Max Shi <meixuanshi@google.com>

Turn off the two kernel configs to disable related system ABI.

Reviewed-at: https://android-review.googlesource.com/#/c/264976/

Signed-off-by: Max Shi <meixuanshi@google.com>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
 kernel/configs/android-base.config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 26a06e09a5bd..efe5ff86767e 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -1,10 +1,12 @@
 #  KEEP ALPHABETICALLY SORTED
 # CONFIG_DEVKMEM is not set
 # CONFIG_DEVMEM is not set
+# CONFIG_FHANDLE is not set
 # CONFIG_INET_LRO is not set
 # CONFIG_MODULES is not set
 # CONFIG_OABI_COMPAT is not set
 # CONFIG_SYSVIPC is not set
+# CONFIG_USELIB is not set
 CONFIG_ANDROID=y
 CONFIG_ANDROID_BINDER_IPC=y
 CONFIG_ANDROID_LOW_MEMORY_KILLER=y
-- 
2.7.4

[PATCH v2 4/8] config: android-recommended: enable CONFIG_CPU_SW_DOMAIN_PAN

[Amit Pundir]

From: Sami Tolvanen <samitolvanen@google.com>

Enable CPU domain PAN to ensure that normal kernel accesses are
unable to access userspace addresses.

Reviewed-at: https://android-review.googlesource.com/#/c/334035/

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
[AmitP: cherry-picked this change from Android common kernel, updated
        the commit message and re-placed the CONFIG_STRICT_KERNEL_RWX
        config in sorted order]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
 kernel/configs/android-recommended.config | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index a02c447769f7..946fb92418f7 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -14,7 +14,7 @@ CONFIG_BLK_DEV_RAM=y
 CONFIG_BLK_DEV_RAM_SIZE=8192
 CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_COMPACTION=y
-CONFIG_STRICT_KERNEL_RWX=y
+CONFIG_CPU_SW_DOMAIN_PAN=y
 CONFIG_DM_CRYPT=y
 CONFIG_DM_UEVENT=y
 CONFIG_DM_VERITY=y
@@ -107,6 +107,7 @@ CONFIG_SCHEDSTATS=y
 CONFIG_SMARTJOYPLUS_FF=y
 CONFIG_SND=y
 CONFIG_SOUND=y
+CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_SUSPEND_TIME=y
 CONFIG_TABLET_USB_ACECAD=y
 CONFIG_TABLET_USB_AIPTEK=y
-- 
2.7.4

[PATCH v2 5/8] config: android-base: add CONFIG_IKCONFIG option

[Amit Pundir]

From: Greg Kroah-Hartman <gregkh@google.com>

This adds CONFIG_IKCONFIG and CONFIG_IKCONFIG_PROC options, which are a
requirement for the O release.

Reviewed-at: https://android-review.googlesource.com/#/c/364553/

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
 kernel/configs/android-base.config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index efe5ff86767e..e12cfec25758 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -25,6 +25,8 @@ CONFIG_EMBEDDED=y
 CONFIG_FB=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HIGH_RES_TIMERS=y
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
 CONFIG_INET6_AH=y
 CONFIG_INET6_ESP=y
 CONFIG_INET6_IPCOMP=y
-- 
2.7.4

[PATCH v2 6/8] config: android-base: add CONFIG_MODULES option

[Amit Pundir]

From: Greg Kroah-Hartman <gregkh@google.com>

This adds CONFIG_MODULES, CONFIG_MODULE_UNLOAD, and CONFIG_MODVERSIONS
which are required by the O release.

Reviewed-at: https://android-review.googlesource.com/#/c/364554/

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
 kernel/configs/android-base.config | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index e12cfec25758..62cb392fc34b 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -3,7 +3,6 @@
 # CONFIG_DEVMEM is not set
 # CONFIG_FHANDLE is not set
 # CONFIG_INET_LRO is not set
-# CONFIG_MODULES is not set
 # CONFIG_OABI_COMPAT is not set
 # CONFIG_SYSVIPC is not set
 # CONFIG_USELIB is not set
@@ -64,6 +63,9 @@ CONFIG_IP_NF_TARGET_MASQUERADE=y
 CONFIG_IP_NF_TARGET_NETMAP=y
 CONFIG_IP_NF_TARGET_REDIRECT=y
 CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_MODULES=y
+CONFIG_MODULE_UNLOAD=y
+CONFIG_MODVERSIONS=y
 CONFIG_NET=y
 CONFIG_NETDEVICES=y
 CONFIG_NETFILTER=y
-- 
2.7.4

[PATCH v2 7/8] config: android-base: add CGROUP_BPF

[Amit Pundir]

From: Chenbo Feng <fengc@google.com>

Add CONFIG_CGROUP_BPF as a default configuration in android base config
since it is used to replace XT_QTAGUID in future.

Reviewed-at: https://android-review.googlesource.com/#/c/400374/

Signed-off-by: Chenbo Feng <fengc@google.com>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
 kernel/configs/android-base.config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 62cb392fc34b..cdde5af6b332 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -14,6 +14,7 @@ CONFIG_ASHMEM=y
 CONFIG_AUDIT=y
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_CGROUPS=y
+CONFIG_CGROUP_BPF=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_DEBUG=y
 CONFIG_CGROUP_FREEZER=y
-- 
2.7.4

[PATCH v2 8/8] config: android-base: disable CONFIG_NFSD and CONFIG_NFS_FS

[Amit Pundir]

From: Roberto Pereira <rpere@google.com>

Disable Network file system support.

Reviewed-at: https://android-review.googlesource.com/#/c/409559/

Signed-off-by: Roberto Pereira <rpere@google.com>
[AmitP: cherry-picked this change from Android common kernel
        and updated commit message]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
---
 kernel/configs/android-base.config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index cdde5af6b332..d70829033bb7 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -3,6 +3,8 @@
 # CONFIG_DEVMEM is not set
 # CONFIG_FHANDLE is not set
 # CONFIG_INET_LRO is not set
+# CONFIG_NFSD is not set
+# CONFIG_NFS_FS is not set
 # CONFIG_OABI_COMPAT is not set
 # CONFIG_SYSVIPC is not set
 # CONFIG_USELIB is not set
-- 
2.7.4

Re: [PATCH v2 0/8] kernel/configs: Android config fragment updates

[Greg KH]

On Thu, Jun 08, 2017 at 06:09:08PM +0530, Amit Pundir wrote:
> Hi,
> 
> Following are the Android config fragment changes cherry-picked from
> Android common kernel for your consideration. Config fragments are
> folded or re-placed in sorted order wherever required.

I'll be glad to take these in my tree as I've been taking Android
changes in there since the beginning, and I have first-hand knowledge of
these patches :)

thanks,

greg k-h