From 89d6a276b66fa0ff5b54b1bb521b8e3a6a2b150e Mon Sep 17 00:00:00 2001 From: Tao Huang Date: Wed, 30 Jun 2021 20:22:38 +0800 Subject: [PATCH] arm64: rockchip_defconfig: merge s/android-5.10 android base config https://android.googlesource.com/kernel/configs commit 46f8bc810fbe ("Finalize min LTS version for S.") android-base.config and android-base-conditional.xml: -# CONFIG_RD_LZ4 is not set +CONFIG_USERFAULTFD=y +CONFIG_SHADOW_CALL_STACK=y +CONFIG_XFRM_MIGRATE=y +CONFIG_SONY_FF=y +CONFIG_ANDROID_BINDERFS=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_XCBC=y +CONFIG_KFENCE=y from gki_defconfig: +CONFIG_KFENCE_SAMPLE_INTERVAL=500 +CONFIG_KFENCE_NUM_OBJECTS=63 RD_LZ4: Support future decompression of LZ4-compressed ramdisk images. USERFAULTFD: Patches for SELinux support and kernel page-fault restriction in userfaultfd have been backported. So from security perspective it should be safe to enable it in Android. XFRM_MIGRATE: To be able to update addresses of an IPsec SA, as required by supporting MOBIKE CHACHA20POLY1305 and XCBC: To be able to use ChaCha20Poly1305 and AES-XCBC in IPsec CONFIG_KFENCE_NUM_OBJECTS controls the constant memory overhead that KFENCE introduces for its memory pool. By default it is 255 objects (2Mb extra memory), but since concerns have been raised that low-memory devices may not afford that, we are lowering the number of objects to 63 (512Kb extra memory). So far we haven't seen Android devices allocate more than 50 KFENCE objects. Should the kernel exhaust the pool, KFENCE will stop allocating new objects and fall back to SLAB/SLUB until one of the objects is freed. An immediate consequence of reducing the pool size is that a freed KFENCE object will be reused 4x times faster, effectively reducing the probability of detecting a use-after-free. Since KFENCE is a best-effort error detection tool, not a use-after-free mitigation mechanism, we believe this should not be problematic. enable KFENCE by setting the sample interval to 500ms It is still possible to disable KFENCE at boot time using kfence.sample_interval=0. Signed-off-by: Tao Huang Change-Id: I061f3caf0d09adfd4e0c322853aeff5af8ba63a5 --- arch/arm64/configs/rockchip_defconfig | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/arm64/configs/rockchip_defconfig b/arch/arm64/configs/rockchip_defconfig index 529d7d420074..888702402824 100644 --- a/arch/arm64/configs/rockchip_defconfig +++ b/arch/arm64/configs/rockchip_defconfig @@ -29,7 +29,6 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_RD_LZMA is not set # CONFIG_RD_XZ is not set # CONFIG_RD_LZO is not set -# CONFIG_RD_LZ4 is not set CONFIG_INITRD_ASYNC=y # CONFIG_ROCKCHIP_ONE_INITRD is not set # CONFIG_SYSFS_SYSCALL is not set @@ -37,6 +36,7 @@ CONFIG_INITRD_ASYNC=y CONFIG_KALLSYMS_ALL=y CONFIG_BPF_SYSCALL=y CONFIG_BPF_JIT_ALWAYS_ON=y +CONFIG_USERFAULTFD=y CONFIG_EMBEDDED=y # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set @@ -101,6 +101,7 @@ CONFIG_CRYPTO_GHASH_ARM64_CE=y CONFIG_CRYPTO_AES_ARM64_CE_CCM=y CONFIG_CRYPTO_AES_ARM64_CE_BLK=y CONFIG_JUMP_LABEL=y +CONFIG_SHADOW_CALL_STACK=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_MODVERSIONS=y @@ -119,6 +120,7 @@ CONFIG_PACKET=y CONFIG_UNIX=y CONFIG_XFRM_USER=y CONFIG_XFRM_INTERFACE=y +CONFIG_XFRM_MIGRATE=y CONFIG_XFRM_STATISTICS=y CONFIG_NET_KEY=y CONFIG_INET=y @@ -717,6 +719,7 @@ CONFIG_HID_ROCCAT=y CONFIG_HID_SAITEK=y CONFIG_HID_SAMSUNG=y CONFIG_HID_SONY=y +CONFIG_SONY_FF=y CONFIG_HID_SPEEDLINK=y CONFIG_HID_STEAM=y CONFIG_HID_STEELSERIES=y @@ -866,6 +869,7 @@ CONFIG_PHY_ROCKCHIP_TYPEC=y CONFIG_PHY_ROCKCHIP_USB=y CONFIG_ANDROID=y CONFIG_ANDROID_BINDER_IPC=y +CONFIG_ANDROID_BINDERFS=y CONFIG_ROCKCHIP_EFUSE=y CONFIG_ROCKCHIP_OTP=y CONFIG_TEE=y @@ -916,6 +920,8 @@ CONFIG_HARDENED_USERCOPY=y CONFIG_STATIC_USERMODEHELPER=y CONFIG_STATIC_USERMODEHELPER_PATH="" CONFIG_SECURITY_SELINUX=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_XCBC=y CONFIG_CRYPTO_TWOFISH=y CONFIG_CRYPTO_LZ4=y CONFIG_CRYPTO_ANSI_CPRNG=y @@ -926,6 +932,9 @@ CONFIG_DEBUG_INFO=y CONFIG_MAGIC_SYSRQ=y CONFIG_DEBUG_FS=y CONFIG_SCHED_STACK_END_CHECK=y +CONFIG_KFENCE=y +CONFIG_KFENCE_SAMPLE_INTERVAL=500 +CONFIG_KFENCE_NUM_OBJECTS=63 CONFIG_PANIC_TIMEOUT=5 CONFIG_SOFTLOCKUP_DETECTOR=y CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=10