2017-06-08 09:55:20

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 0/9] kernel/configs: Android config fragment updates

Hi,

Following are the Android config fragment changes cherry-picked from
Android common kernel for your consideration. Config fragments are
folded or re-placed in sorted order wherever required.

Regards,
Amit Pundir

Chenbo Feng (1):
config: android-base: add CGROUP_BPF

Greg Kroah-Hartman (2):
config: android-base: add CONFIG_IKCONFIG option
config: android-base: add CONFIG_MODULES option

Jeff Vander Stoep (1):
config: android-recommended: enable fstack-protector-strong

Lorenzo Colitti (1):
config: android-base: enable CONFIG_INET_DIAG_DESTROY

Max Shi (1):
config: android-base: disable CONFIG_USELIB and CONFIG_FHANDLE

Roberto Pereira (1):
config: android-base: disable CONFIG_NFSD and CONFIG_NFS_FS

Sami Tolvanen (2):
config: android-recommended: enable ARM64_SW_TTBR0_PAN
config: android-recommended: enable CONFIG_CPU_SW_DOMAIN_PAN

kernel/configs/android-base.config | 12 +++++++++++-
kernel/configs/android-recommended.config | 5 ++++-
2 files changed, 15 insertions(+), 2 deletions(-)

--
2.7.4


2017-06-08 09:55:25

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 1/9] config: android-recommended: enable fstack-protector-strong

From: Jeff Vander Stoep <[email protected]>

If compiler has stack protector support, set
CONFIG_CC_STACKPROTECTOR_STRONG.

Reviewed-at: https://android-review.googlesource.com/#/c/238388/

Signed-off-by: Jeff Vander Stoep <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-recommended.config | 1 +
1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index 28ee064b6744..a86faa41bfd2 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -11,6 +11,7 @@ CONFIG_BLK_DEV_DM=y
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=8192
+CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_COMPACTION=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_DM_CRYPT=y
--
2.7.4

2017-06-08 09:55:28

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 2/9] config: android-recommended: enable CONFIG_ARM64_SW_TTBR0_PAN

From: Sami Tolvanen <[email protected]>

Enable PAN emulation using TTBR0_EL1 switching.

Reviewed-at: https://android-review.googlesource.com/#/c/325997/

Signed-off-by: Sami Tolvanen <[email protected]>
[AmitP: cherry-picked this change from Android common kernel
and updated the commit message]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-recommended.config | 1 +
1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index a86faa41bfd2..a02c447769f7 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -6,6 +6,7 @@
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_PM_WAKELOCKS_GC is not set
# CONFIG_VT is not set
+CONFIG_ARM64_SW_TTBR0_PAN=y
CONFIG_BACKLIGHT_LCD_SUPPORT=y
CONFIG_BLK_DEV_DM=y
CONFIG_BLK_DEV_LOOP=y
--
2.7.4

2017-06-08 09:55:37

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 4/9] config: android-recommended: enable CONFIG_CPU_SW_DOMAIN_PAN

From: Sami Tolvanen <[email protected]>

Enable CPU domain PAN to ensure that normal kernel accesses are
unable to access userspace addresses.

Reviewed-at: https://android-review.googlesource.com/#/c/334035/

Signed-off-by: Sami Tolvanen <[email protected]>
[AmitP: cherry-picked this change from Android common kernel, updated
the commit message and re-placed the CONFIG_STRICT_KERNEL_RWX
config in sorted order]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-recommended.config | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index a02c447769f7..946fb92418f7 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -14,7 +14,7 @@ CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=8192
CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_COMPACTION=y
-CONFIG_STRICT_KERNEL_RWX=y
+CONFIG_CPU_SW_DOMAIN_PAN=y
CONFIG_DM_CRYPT=y
CONFIG_DM_UEVENT=y
CONFIG_DM_VERITY=y
@@ -107,6 +107,7 @@ CONFIG_SCHEDSTATS=y
CONFIG_SMARTJOYPLUS_FF=y
CONFIG_SND=y
CONFIG_SOUND=y
+CONFIG_STRICT_KERNEL_RWX=y
CONFIG_SUSPEND_TIME=y
CONFIG_TABLET_USB_ACECAD=y
CONFIG_TABLET_USB_AIPTEK=y
--
2.7.4

2017-06-08 09:55:46

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 7/9] config: android-base: enable CONFIG_INET_DIAG_DESTROY

From: Lorenzo Colitti <[email protected]>

As of Android N, this is required to close sockets when a
network disconnects.

Reviewed-at: https://android-review.googlesource.com/#/c/322674/

[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 1 +
1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 62cb392fc34b..5ecedaaf7c2e 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -27,6 +27,7 @@ CONFIG_HIGH_RES_TIMERS=y
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_INET6_AH=y
+CONFIG_INET6_DIAG_DESTROY=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
CONFIG_INET=y
--
2.7.4

2017-06-08 09:55:39

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 5/9] config: android-base: add CONFIG_IKCONFIG option

From: Greg Kroah-Hartman <[email protected]>

This adds CONFIG_IKCONFIG and CONFIG_IKCONFIG_PROC options, which are a
requirement for the O release.

Reviewed-at: https://android-review.googlesource.com/#/c/364553/

Signed-off-by: Greg Kroah-Hartman <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 2 ++
1 file changed, 2 insertions(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index efe5ff86767e..e12cfec25758 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -25,6 +25,8 @@ CONFIG_EMBEDDED=y
CONFIG_FB=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HIGH_RES_TIMERS=y
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
--
2.7.4

2017-06-08 09:55:56

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 6/9] config: android-base: add CONFIG_MODULES option

From: Greg Kroah-Hartman <[email protected]>

This adds CONFIG_MODULES, CONFIG_MODULE_UNLOAD, and CONFIG_MODVERSIONS
which are required by the O release.

Reviewed-at: https://android-review.googlesource.com/#/c/364554/

Signed-off-by: Greg Kroah-Hartman <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index e12cfec25758..62cb392fc34b 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -3,7 +3,6 @@
# CONFIG_DEVMEM is not set
# CONFIG_FHANDLE is not set
# CONFIG_INET_LRO is not set
-# CONFIG_MODULES is not set
# CONFIG_OABI_COMPAT is not set
# CONFIG_SYSVIPC is not set
# CONFIG_USELIB is not set
@@ -64,6 +63,9 @@ CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_MODULES=y
+CONFIG_MODULE_UNLOAD=y
+CONFIG_MODVERSIONS=y
CONFIG_NET=y
CONFIG_NETDEVICES=y
CONFIG_NETFILTER=y
--
2.7.4

2017-06-08 09:55:54

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 9/9] config: android-base: disable CONFIG_NFSD and CONFIG_NFS_FS

From: Roberto Pereira <[email protected]>

Disable Network file system support.

Reviewed-at: https://android-review.googlesource.com/#/c/409559/

Signed-off-by: Roberto Pereira <[email protected]>
[AmitP: cherry-picked this change from Android common kernel
and updated commit message]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 2 ++
1 file changed, 2 insertions(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 01b186c5ef18..dadb830413a3 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -3,6 +3,8 @@
# CONFIG_DEVMEM is not set
# CONFIG_FHANDLE is not set
# CONFIG_INET_LRO is not set
+# CONFIG_NFSD is not set
+# CONFIG_NFS_FS is not set
# CONFIG_OABI_COMPAT is not set
# CONFIG_SYSVIPC is not set
# CONFIG_USELIB is not set
--
2.7.4

2017-06-08 09:55:51

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 8/9] config: android-base: add CGROUP_BPF

From: Chenbo Feng <[email protected]>

Add CONFIG_CGROUP_BPF as a default configuration in android base config
since it is used to replace XT_QTAGUID in future.

Reviewed-at: https://android-review.googlesource.com/#/c/400374/

Signed-off-by: Chenbo Feng <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 1 +
1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 5ecedaaf7c2e..01b186c5ef18 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -14,6 +14,7 @@ CONFIG_ASHMEM=y
CONFIG_AUDIT=y
CONFIG_BLK_DEV_INITRD=y
CONFIG_CGROUPS=y
+CONFIG_CGROUP_BPF=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_DEBUG=y
CONFIG_CGROUP_FREEZER=y
--
2.7.4

2017-06-08 09:56:51

by Amit Pundir

[permalink] [raw]
Subject: [PATCH 3/9] config: android-base: disable CONFIG_USELIB and CONFIG_FHANDLE

From: Max Shi <[email protected]>

Turn off the two kernel configs to disable related system ABI.

Reviewed-at: https://android-review.googlesource.com/#/c/264976/

Signed-off-by: Max Shi <[email protected]>
[AmitP: cherry-picked this change from Android common kernel]
Signed-off-by: Amit Pundir <[email protected]>
---
kernel/configs/android-base.config | 2 ++
1 file changed, 2 insertions(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 26a06e09a5bd..efe5ff86767e 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -1,10 +1,12 @@
# KEEP ALPHABETICALLY SORTED
# CONFIG_DEVKMEM is not set
# CONFIG_DEVMEM is not set
+# CONFIG_FHANDLE is not set
# CONFIG_INET_LRO is not set
# CONFIG_MODULES is not set
# CONFIG_OABI_COMPAT is not set
# CONFIG_SYSVIPC is not set
+# CONFIG_USELIB is not set
CONFIG_ANDROID=y
CONFIG_ANDROID_BINDER_IPC=y
CONFIG_ANDROID_LOW_MEMORY_KILLER=y
--
2.7.4

2017-06-08 10:02:34

by Lorenzo Colitti

[permalink] [raw]
Subject: Re: [PATCH 7/9] config: android-base: enable CONFIG_INET_DIAG_DESTROY

On Thu, Jun 8, 2017 at 6:55 PM, Amit Pundir <[email protected]> wrote:
> Reviewed-at: https://android-review.googlesource.com/#/c/322674/

Note: that change was a mistake.

> --- a/kernel/configs/android-base.config
> +++ b/kernel/configs/android-base.config
> @@ -27,6 +27,7 @@ CONFIG_HIGH_RES_TIMERS=y
> CONFIG_IKCONFIG=y
> CONFIG_IKCONFIG_PROC=y
> CONFIG_INET6_AH=y
> +CONFIG_INET6_DIAG_DESTROY=y

CONFIG_INET6_DIAG_DESTROY does not exist. The correct variable is
CONFIG_INET_DIAG_DESTROY.

2017-06-08 10:34:52

by Amit Pundir

[permalink] [raw]
Subject: Re: [PATCH 7/9] config: android-base: enable CONFIG_INET_DIAG_DESTROY

On 8 June 2017 at 15:32, Lorenzo Colitti <[email protected]> wrote:
> On Thu, Jun 8, 2017 at 6:55 PM, Amit Pundir <[email protected]> wrote:
>> Reviewed-at: https://android-review.googlesource.com/#/c/322674/
>
> Note: that change was a mistake.
>
>> --- a/kernel/configs/android-base.config
>> +++ b/kernel/configs/android-base.config
>> @@ -27,6 +27,7 @@ CONFIG_HIGH_RES_TIMERS=y
>> CONFIG_IKCONFIG=y
>> CONFIG_IKCONFIG_PROC=y
>> CONFIG_INET6_AH=y
>> +CONFIG_INET6_DIAG_DESTROY=y
>
> CONFIG_INET6_DIAG_DESTROY does not exist. The correct variable is
> CONFIG_INET_DIAG_DESTROY.

Thanks for pointing it out. I grep-ed for "CONFIG_INET_DIAG_DESTROY"
as mentioned in the subject line before sending but didn't notice the
actual change. I'll re-spin the series.

Regards,
Amit Pundir