Hi,
Following are the Android config fragment changes cherry-picked from
Android common kernel for your consideration. Config fragments are
folded or re-placed in sorted order wherever required.
Regards,
Amit Pundir
Chenbo Feng (1):
config: android-base: add CGROUP_BPF
Greg Kroah-Hartman (2):
config: android-base: add CONFIG_IKCONFIG option
config: android-base: add CONFIG_MODULES option
Jeff Vander Stoep (1):
config: android-recommended: enable fstack-protector-strong
Lorenzo Colitti (1):
config: android-base: enable CONFIG_INET_DIAG_DESTROY
Max Shi (1):
config: android-base: disable CONFIG_USELIB and CONFIG_FHANDLE
Roberto Pereira (1):
config: android-base: disable CONFIG_NFSD and CONFIG_NFS_FS
Sami Tolvanen (2):
config: android-recommended: enable ARM64_SW_TTBR0_PAN
config: android-recommended: enable CONFIG_CPU_SW_DOMAIN_PAN
kernel/configs/android-base.config | 12 +++++++++++-
kernel/configs/android-recommended.config | 5 ++++-
2 files changed, 15 insertions(+), 2 deletions(-)
--
2.7.4
From: Jeff Vander Stoep <[email protected]>
If compiler has stack protector support, set
CONFIG_CC_STACKPROTECTOR_STRONG.
Reviewed-at: https://android-review.googlesource.com/#/c/238388/
Signed-off-by: Jeff Vander Stoep <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-recommended.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index 28ee064b6744..a86faa41bfd2 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -11,6 +11,7 @@ CONFIG_BLK_DEV_DM=y
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=8192
+CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_COMPACTION=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_DM_CRYPT=y
--
2.7.4
From: Sami Tolvanen <[email protected]>
Enable PAN emulation using TTBR0_EL1 switching.
Reviewed-at: https://android-review.googlesource.com/#/c/325997/
Signed-off-by: Sami Tolvanen <[email protected]>
[AmitP: cherry-picked this change from Android common kernel
and updated the commit message]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-recommended.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index a86faa41bfd2..a02c447769f7 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -6,6 +6,7 @@
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_PM_WAKELOCKS_GC is not set
# CONFIG_VT is not set
+CONFIG_ARM64_SW_TTBR0_PAN=y
CONFIG_BACKLIGHT_LCD_SUPPORT=y
CONFIG_BLK_DEV_DM=y
CONFIG_BLK_DEV_LOOP=y
--
2.7.4
From: Sami Tolvanen <[email protected]>
Enable CPU domain PAN to ensure that normal kernel accesses are
unable to access userspace addresses.
Reviewed-at: https://android-review.googlesource.com/#/c/334035/
Signed-off-by: Sami Tolvanen <[email protected]>
[AmitP: cherry-picked this change from Android common kernel, updated
the commit message and re-placed the CONFIG_STRICT_KERNEL_RWX
config in sorted order]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-recommended.config | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index a02c447769f7..946fb92418f7 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -14,7 +14,7 @@ CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=8192
CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_COMPACTION=y
-CONFIG_STRICT_KERNEL_RWX=y
+CONFIG_CPU_SW_DOMAIN_PAN=y
CONFIG_DM_CRYPT=y
CONFIG_DM_UEVENT=y
CONFIG_DM_VERITY=y
@@ -107,6 +107,7 @@ CONFIG_SCHEDSTATS=y
CONFIG_SMARTJOYPLUS_FF=y
CONFIG_SND=y
CONFIG_SOUND=y
+CONFIG_STRICT_KERNEL_RWX=y
CONFIG_SUSPEND_TIME=y
CONFIG_TABLET_USB_ACECAD=y
CONFIG_TABLET_USB_AIPTEK=y
--
2.7.4
From: Lorenzo Colitti <[email protected]>
As of Android N, this is required to close sockets when a
network disconnects.
Reviewed-at: https://android-review.googlesource.com/#/c/322674/
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 62cb392fc34b..5ecedaaf7c2e 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -27,6 +27,7 @@ CONFIG_HIGH_RES_TIMERS=y
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_INET6_AH=y
+CONFIG_INET6_DIAG_DESTROY=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
CONFIG_INET=y
--
2.7.4
From: Greg Kroah-Hartman <[email protected]>
This adds CONFIG_IKCONFIG and CONFIG_IKCONFIG_PROC options, which are a
requirement for the O release.
Reviewed-at: https://android-review.googlesource.com/#/c/364553/
Signed-off-by: Greg Kroah-Hartman <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index efe5ff86767e..e12cfec25758 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -25,6 +25,8 @@ CONFIG_EMBEDDED=y
CONFIG_FB=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HIGH_RES_TIMERS=y
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
--
2.7.4
From: Greg Kroah-Hartman <[email protected]>
This adds CONFIG_MODULES, CONFIG_MODULE_UNLOAD, and CONFIG_MODVERSIONS
which are required by the O release.
Reviewed-at: https://android-review.googlesource.com/#/c/364554/
Signed-off-by: Greg Kroah-Hartman <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index e12cfec25758..62cb392fc34b 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -3,7 +3,6 @@
# CONFIG_DEVMEM is not set
# CONFIG_FHANDLE is not set
# CONFIG_INET_LRO is not set
-# CONFIG_MODULES is not set
# CONFIG_OABI_COMPAT is not set
# CONFIG_SYSVIPC is not set
# CONFIG_USELIB is not set
@@ -64,6 +63,9 @@ CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_MODULES=y
+CONFIG_MODULE_UNLOAD=y
+CONFIG_MODVERSIONS=y
CONFIG_NET=y
CONFIG_NETDEVICES=y
CONFIG_NETFILTER=y
--
2.7.4
From: Roberto Pereira <[email protected]>
Disable Network file system support.
Reviewed-at: https://android-review.googlesource.com/#/c/409559/
Signed-off-by: Roberto Pereira <[email protected]>
[AmitP: cherry-picked this change from Android common kernel
and updated commit message]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 01b186c5ef18..dadb830413a3 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -3,6 +3,8 @@
# CONFIG_DEVMEM is not set
# CONFIG_FHANDLE is not set
# CONFIG_INET_LRO is not set
+# CONFIG_NFSD is not set
+# CONFIG_NFS_FS is not set
# CONFIG_OABI_COMPAT is not set
# CONFIG_SYSVIPC is not set
# CONFIG_USELIB is not set
--
2.7.4
From: Chenbo Feng <[email protected]>
Add CONFIG_CGROUP_BPF as a default configuration in android base config
since it is used to replace XT_QTAGUID in future.
Reviewed-at: https://android-review.googlesource.com/#/c/400374/
Signed-off-by: Chenbo Feng <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 5ecedaaf7c2e..01b186c5ef18 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -14,6 +14,7 @@ CONFIG_ASHMEM=y
CONFIG_AUDIT=y
CONFIG_BLK_DEV_INITRD=y
CONFIG_CGROUPS=y
+CONFIG_CGROUP_BPF=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_DEBUG=y
CONFIG_CGROUP_FREEZER=y
--
2.7.4
From: Max Shi <[email protected]>
Turn off the two kernel configs to disable related system ABI.
Reviewed-at: https://android-review.googlesource.com/#/c/264976/
Signed-off-by: Max Shi <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 26a06e09a5bd..efe5ff86767e 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -1,10 +1,12 @@
# KEEP ALPHABETICALLY SORTED
# CONFIG_DEVKMEM is not set
# CONFIG_DEVMEM is not set
+# CONFIG_FHANDLE is not set
# CONFIG_INET_LRO is not set
# CONFIG_MODULES is not set
# CONFIG_OABI_COMPAT is not set
# CONFIG_SYSVIPC is not set
+# CONFIG_USELIB is not set
CONFIG_ANDROID=y
CONFIG_ANDROID_BINDER_IPC=y
CONFIG_ANDROID_LOW_MEMORY_KILLER=y
--
2.7.4
On Thu, Jun 8, 2017 at 6:55 PM, Amit Pundir <[email protected]> wrote:
> Reviewed-at: https://android-review.googlesource.com/#/c/322674/
Note: that change was a mistake.
> --- a/kernel/configs/android-base.config
> +++ b/kernel/configs/android-base.config
> @@ -27,6 +27,7 @@ CONFIG_HIGH_RES_TIMERS=y
> CONFIG_IKCONFIG=y
> CONFIG_IKCONFIG_PROC=y
> CONFIG_INET6_AH=y
> +CONFIG_INET6_DIAG_DESTROY=y
CONFIG_INET6_DIAG_DESTROY does not exist. The correct variable is
CONFIG_INET_DIAG_DESTROY.
On 8 June 2017 at 15:32, Lorenzo Colitti <[email protected]> wrote:
> On Thu, Jun 8, 2017 at 6:55 PM, Amit Pundir <[email protected]> wrote:
>> Reviewed-at: https://android-review.googlesource.com/#/c/322674/
>
> Note: that change was a mistake.
>
>> --- a/kernel/configs/android-base.config
>> +++ b/kernel/configs/android-base.config
>> @@ -27,6 +27,7 @@ CONFIG_HIGH_RES_TIMERS=y
>> CONFIG_IKCONFIG=y
>> CONFIG_IKCONFIG_PROC=y
>> CONFIG_INET6_AH=y
>> +CONFIG_INET6_DIAG_DESTROY=y
>
> CONFIG_INET6_DIAG_DESTROY does not exist. The correct variable is
> CONFIG_INET_DIAG_DESTROY.
Thanks for pointing it out. I grep-ed for "CONFIG_INET_DIAG_DESTROY"
as mentioned in the subject line before sending but didn't notice the
actual change. I'll re-spin the series.
Regards,
Amit Pundir