arm64: rockchip_defconfig: merge s/android-5.10 android base config

https://android.googlesource.com/kernel/configs
commit 46f8bc810fbe ("Finalize min LTS version for S.")

android-base.config and android-base-conditional.xml:

-# CONFIG_RD_LZ4 is not set
+CONFIG_USERFAULTFD=y
+CONFIG_SHADOW_CALL_STACK=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_SONY_FF=y
+CONFIG_ANDROID_BINDERFS=y
+CONFIG_CRYPTO_CHACHA20POLY1305=y
+CONFIG_CRYPTO_XCBC=y
+CONFIG_KFENCE=y

from gki_defconfig:
+CONFIG_KFENCE_SAMPLE_INTERVAL=500
+CONFIG_KFENCE_NUM_OBJECTS=63

RD_LZ4:
Support future decompression of LZ4-compressed ramdisk images.

USERFAULTFD:
Patches for SELinux support and kernel page-fault restriction in
userfaultfd have been backported.
So from security perspective it should be safe to enable it in Android.

XFRM_MIGRATE:
To be able to update addresses of an IPsec SA, as required by
supporting MOBIKE

CHACHA20POLY1305 and XCBC:
To be able to use ChaCha20Poly1305 and AES-XCBC in IPsec

CONFIG_KFENCE_NUM_OBJECTS controls the constant memory overhead that
KFENCE introduces for its memory pool. By default it is 255 objects
(2Mb extra memory), but since concerns have been raised that low-memory
devices may not afford that, we are lowering the number of objects
to 63 (512Kb extra memory).

So far we haven't seen Android devices allocate more than 50 KFENCE
objects. Should the kernel exhaust the pool, KFENCE will stop allocating
new objects and fall back to SLAB/SLUB until one of the objects is
freed.

An immediate consequence of reducing the pool size is that a freed
KFENCE object will be reused 4x times faster, effectively reducing the
probability of detecting a use-after-free. Since KFENCE is a best-effort
error detection tool, not a use-after-free mitigation mechanism, we
believe this should not be problematic.

enable KFENCE by setting the sample interval to 500ms
It is still possible to disable KFENCE at boot time using
kfence.sample_interval=0.

Signed-off-by: Tao Huang <huangtao@rock-chips.com>
Change-Id: I061f3caf0d09adfd4e0c322853aeff5af8ba63a5

arch/arm64/configs/rockchip_defconfig

@@ -29,7 +29,6 @@ CONFIG_BLK_DEV_INITRD=y
 # CONFIG_RD_LZMA is not set
 # CONFIG_RD_XZ is not set
 # CONFIG_RD_LZO is not set
-# CONFIG_RD_LZ4 is not set
 CONFIG_INITRD_ASYNC=y
 # CONFIG_ROCKCHIP_ONE_INITRD is not set
 # CONFIG_SYSFS_SYSCALL is not set
@@ -37,6 +36,7 @@ CONFIG_INITRD_ASYNC=y
 CONFIG_KALLSYMS_ALL=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
+CONFIG_USERFAULTFD=y
 CONFIG_EMBEDDED=y
 # CONFIG_SLUB_DEBUG is not set
 # CONFIG_COMPAT_BRK is not set
@@ -101,6 +101,7 @@ CONFIG_CRYPTO_GHASH_ARM64_CE=y
 CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
 CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
 CONFIG_JUMP_LABEL=y
+CONFIG_SHADOW_CALL_STACK=y
 CONFIG_MODULES=y
 CONFIG_MODULE_UNLOAD=y
 CONFIG_MODVERSIONS=y
@@ -119,6 +120,7 @@ CONFIG_PACKET=y
 CONFIG_UNIX=y
 CONFIG_XFRM_USER=y
 CONFIG_XFRM_INTERFACE=y
+CONFIG_XFRM_MIGRATE=y
 CONFIG_XFRM_STATISTICS=y
 CONFIG_NET_KEY=y
 CONFIG_INET=y
@@ -717,6 +719,7 @@ CONFIG_HID_ROCCAT=y
 CONFIG_HID_SAITEK=y
 CONFIG_HID_SAMSUNG=y
 CONFIG_HID_SONY=y
+CONFIG_SONY_FF=y
 CONFIG_HID_SPEEDLINK=y
 CONFIG_HID_STEAM=y
 CONFIG_HID_STEELSERIES=y
@@ -866,6 +869,7 @@ CONFIG_PHY_ROCKCHIP_TYPEC=y
 CONFIG_PHY_ROCKCHIP_USB=y
 CONFIG_ANDROID=y
 CONFIG_ANDROID_BINDER_IPC=y
+CONFIG_ANDROID_BINDERFS=y
 CONFIG_ROCKCHIP_EFUSE=y
 CONFIG_ROCKCHIP_OTP=y
 CONFIG_TEE=y
@@ -916,6 +920,8 @@ CONFIG_HARDENED_USERCOPY=y
 CONFIG_STATIC_USERMODEHELPER=y
 CONFIG_STATIC_USERMODEHELPER_PATH=""
 CONFIG_SECURITY_SELINUX=y
+CONFIG_CRYPTO_CHACHA20POLY1305=y
+CONFIG_CRYPTO_XCBC=y
 CONFIG_CRYPTO_TWOFISH=y
 CONFIG_CRYPTO_LZ4=y
 CONFIG_CRYPTO_ANSI_CPRNG=y
@@ -926,6 +932,9 @@ CONFIG_DEBUG_INFO=y
 CONFIG_MAGIC_SYSRQ=y
 CONFIG_DEBUG_FS=y
 CONFIG_SCHED_STACK_END_CHECK=y
+CONFIG_KFENCE=y
+CONFIG_KFENCE_SAMPLE_INTERVAL=500
+CONFIG_KFENCE_NUM_OBJECTS=63
 CONFIG_PANIC_TIMEOUT=5
 CONFIG_SOFTLOCKUP_DETECTOR=y
 CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=10