Merge "Docs: Updating kernel config content, formatting Fixing patch order and missing author, adding intros Test: make online-sac-docs - tested on staging instance 17 Bug: 35522446" am: 5c79595ce1 am: 50f6228501

am: dbac7f22cd

Change-Id: I6bcfff76f39694039d94b7577556bc98e68e53b3

1 files changed, 139 insertions, 435 deletions

diff --git a/src/devices/tech/config/kernel.jd b/src/devices/tech/config/kernel.jd
index 81e9e51f..bc05a411 100644
--- a/src/devices/tech/config/kernel.jd
+++ b/src/devices/tech/config/kernel.jd
@@ -24,456 +24,160 @@ page.title=Kernel Configuration
   </div>
 </div>
 
-<p>The kernel configuration settings in this document are meant to be used as a
-base for an Android kernel configuration. All devices should have the options
-in android-base configuration enabled. The options in
-android-recommended configuration enable advanced Android
-features. See <a href="{@docRoot}security/overview/kernel-security.html">System
-and Kernel Security</a> for controls already undertaken to strengthen the
-kernel on your devices. See the <a
-href="{@docRoot}compatibility/cdd.html">Android Compatibility Definition
-Document (CDD)</a> for required settings.</p>
+<p>Use the following configuration settings as a base for an Android kernel
+configuration. Settings are organized into <code>android-base</code> and
+<code>android-recommended</code> .cfg files:
 
-<p>
-Generating kernel config: Assuming you already have a minimalist defconfig for your device, a possible
-way to enable these options would be:</p>
+<ul>
+<li><code>android-base</code>. These options enable core Android features and
+should be enabled by all devices.</li>
 
-<pre>ARCH=<arch> scripts/kconfig/merge_config.sh <path_to>/<device>_defconfig android/configs/android-base.cfg
-android/configs/android-recommended.cfg</pre>
-<p>
-This will generate a .config that can then be used to save a new defconfig or
-compile a new kernel with Android features enabled.
-</p>
-<h2 id="base">Base Configuration</h2>
-<pre>
-CONFIG_EXPERIMENTAL=y
-CONFIG_SYSVIPC=y
-CONFIG_CGROUPS=y
-CONFIG_CGROUP_DEBUG=y
-CONFIG_CGROUP_FREEZER=y
-CONFIG_CGROUP_CPUACCT=y
-CONFIG_RESOURCE_COUNTERS=y
-CONFIG_CGROUP_SCHED=y
-CONFIG_RT_GROUP_SCHED=y
-CONFIG_BLK_DEV_INITRD=y
-CONFIG_EMBEDDED=y
-CONFIG_NO_HZ=y
-CONFIG_HIGH_RES_TIMERS=y
-CONFIG_PREEMPT=y
-CONFIG_PM_AUTOSLEEP=y
-CONFIG_PM_WAKELOCKS=y
-CONFIG_BLK_DEV_DM=y
-CONFIG_DM_CRYPT=y
-CONFIG_NET=y
-CONFIG_PACKET=y
-CONFIG_UNIX=y
-CONFIG_XFRM_USER=y
-CONFIG_NET_KEY=y
-CONFIG_INET=y
-CONFIG_IP_ADVANCED_ROUTER=y
-CONFIG_IP_MULTIPLE_TABLES=y
-CONFIG_INET_ESP=y
-# CONFIG_INET_LRO is not set
-CONFIG_IPV6_PRIVACY=y
-CONFIG_IPV6_ROUTER_PREF=y
-CONFIG_IPV6_OPTIMISTIC_DAD=y
-CONFIG_INET6_AH=y
-CONFIG_INET6_ESP=y
-CONFIG_INET6_IPCOMP=y
-CONFIG_IPV6_MIP6=y
-CONFIG_IPV6_MULTIPLE_TABLES=y
-CONFIG_NETFILTER=y
-CONFIG_NF_CONNTRACK=y
-CONFIG_NF_CONNTRACK_EVENTS=y
-CONFIG_NF_CT_PROTO_DCCP=y
-CONFIG_NF_CT_PROTO_SCTP=y
-CONFIG_NF_CT_PROTO_UDPLITE=y
-CONFIG_NF_CONNTRACK_AMANDA=y
-CONFIG_NF_CONNTRACK_FTP=y
-CONFIG_NF_CONNTRACK_H323=y
-CONFIG_NF_CONNTRACK_IRC=y
-CONFIG_NF_CONNTRACK_NETBIOS_NS=y
-CONFIG_NF_CONNTRACK_PPTP=y
-CONFIG_NF_CONNTRACK_SANE=y
-CONFIG_NF_CONNTRACK_TFTP=y
-CONFIG_NF_CT_NETLINK=y
-CONFIG_NETFILTER_TPROXY=y
-CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
-CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
-CONFIG_NETFILTER_XT_TARGET_MARK=y
-CONFIG_NETFILTER_XT_TARGET_NFLOG=y
-CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
-CONFIG_NETFILTER_XT_TARGET_TPROXY=y
-CONFIG_NETFILTER_XT_TARGET_TRACE=y
-CONFIG_NETFILTER_XT_MATCH_COMMENT=y
-CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
-CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
-CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
-CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
-CONFIG_NETFILTER_XT_MATCH_HELPER=y
-CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
-CONFIG_NETFILTER_XT_MATCH_LENGTH=y
-CONFIG_NETFILTER_XT_MATCH_LIMIT=y
-CONFIG_NETFILTER_XT_MATCH_MAC=y
-CONFIG_NETFILTER_XT_MATCH_MARK=y
-CONFIG_NETFILTER_XT_MATCH_POLICY=y
-CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
-CONFIG_NETFILTER_XT_MATCH_QTAGUID=y
-CONFIG_NETFILTER_XT_MATCH_QUOTA=y
-CONFIG_NETFILTER_XT_MATCH_QUOTA2=y
-CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG=y
-CONFIG_NETFILTER_XT_MATCH_SOCKET=y
-CONFIG_NETFILTER_XT_MATCH_STATE=y
-CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
-CONFIG_NETFILTER_XT_MATCH_STRING=y
-CONFIG_NETFILTER_XT_MATCH_TIME=y
-CONFIG_NETFILTER_XT_MATCH_U32=y
-CONFIG_NF_CONNTRACK_IPV4=y
-CONFIG_IP_NF_IPTABLES=y
-CONFIG_IP_NF_MATCH_AH=y
-CONFIG_IP_NF_MATCH_ECN=y
-CONFIG_IP_NF_MATCH_TTL=y
-CONFIG_IP_NF_FILTER=y
-CONFIG_IP_NF_TARGET_REJECT=y
-CONFIG_IP_NF_TARGET_REJECT_SKERR=y
-CONFIG_NF_NAT=y
-CONFIG_IP_NF_TARGET_MASQUERADE=y
-CONFIG_IP_NF_TARGET_NETMAP=y
-CONFIG_IP_NF_TARGET_REDIRECT=y
-CONFIG_IP_NF_MANGLE=y
-CONFIG_IP_NF_RAW=y
-CONFIG_IP_NF_ARPTABLES=y
-CONFIG_IP_NF_ARPFILTER=y
-CONFIG_IP_NF_ARP_MANGLE=y
-CONFIG_NF_CONNTRACK_IPV6=y
-CONFIG_IP6_NF_IPTABLES=y
-CONFIG_IP6_NF_FILTER=y
-CONFIG_IP6_NF_TARGET_REJECT=y
-CONFIG_IP6_NF_TARGET_REJECT_SKERR=y
-CONFIG_IP6_NF_MANGLE=y
-CONFIG_IP6_NF_RAW=y
-CONFIG_NET_SCHED=y
-CONFIG_NET_SCH_HTB=y
-CONFIG_NET_CLS_U32=y
-CONFIG_NET_EMATCH=y
-CONFIG_NET_EMATCH_U32=y
-CONFIG_NET_CLS_ACT=y
-CONFIG_NETDEVICES=y
-CONFIG_TUN=y
-CONFIG_PPP=y
-CONFIG_PPP_BSDCOMP=y
-CONFIG_PPP_DEFLATE=y
-CONFIG_PPP_MPPE=y
-CONFIG_PPPOLAC=y
-CONFIG_PPPOPNS=y
-CONFIG_FB=y
-CONFIG_SYNC=y
-CONFIG_USB_GADGET=y
-CONFIG_USB_G_ANDROID=y
-CONFIG_USB_OTG_WAKELOCK=y
-CONFIG_SWITCH=y
-CONFIG_RTC_CLASS=y
-CONFIG_STAGING=y
-CONFIG_ANDROID=y
-CONFIG_ANDROID_BINDER_IPC=y
-CONFIG_ASHMEM=y
-CONFIG_ANDROID_LOGGER=y
-CONFIG_ANDROID_LOW_MEMORY_KILLER=y
-CONFIG_ANDROID_INTF_ALARM_DEV=y
-</pre>
+<li><code>android-recommended</code>. These options enable advanced Android
+features and are optional for devices.</li>
+</ul>
+
+<p>Both the android-base.cfg and android-recommended.cfg files are located in
+the android-common kernel repo at
+<a href="https://android.googlesource.com/kernel/common/">https://android.googlesource.com/kernel/common/</a>.
+<p>In version 4.8 of the upstream Linux kernel, a new location (kernel/configs)
+was designated for kernel configuration fragments. The android base and
+recommended config fragments are located in that directory for branches based on
+4.8 or later. For kernel branches based on releases prior to 4.8, the config
+fragments are located in the android/ directory.</p>
+
+<p>For details on controls already undertaken to strengthen the kernel on your
+devices, see <a href="{@docRoot}security/overview/kernel-security.html">System
+and Kernel Security</a>. For details on required settings, see the
+<a href="{@docRoot}compatibility/cdd.html">Android Compatibility Definition
+Document (CDD)</a>.</p>
 
-<h2 id="recommended">Recommended Configuration</h2>
+<h2 id="generating">Generating kernel config</h2>
+<p>For devices that have a minimalist defconfig, you can use the following to
+enable options:</p>
 
-<pre>
-CONFIG_PANIC_TIMEOUT=5
-CONFIG_KALLSYMS_ALL=y
-CONFIG_PERF_EVENTS=y
-CONFIG_COMPACTION=y
-# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
-CONFIG_PM_WAKELOCKS_LIMIT=0
-# CONFIG_PM_WAKELOCKS_GC is not set
-CONFIG_PM_RUNTIME=y
-CONFIG_PM_DEBUG=y
-CONFIG_SUSPEND_TIME=y
-CONFIG_BLK_DEV_LOOP=y
-CONFIG_BLK_DEV_RAM=y
-CONFIG_BLK_DEV_RAM_SIZE=8192
-CONFIG_UID_STAT=y
-CONFIG_MD=y
-CONFIG_DM_UEVENT=y
-CONFIG_INPUT_EVDEV=y
-CONFIG_INPUT_KEYRESET=y
-# CONFIG_INPUT_MOUSE is not set
-CONFIG_INPUT_JOYSTICK=y
-CONFIG_JOYSTICK_XPAD=y
-CONFIG_JOYSTICK_XPAD_FF=y
-CONFIG_JOYSTICK_XPAD_LEDS=y
-CONFIG_INPUT_TABLET=y
-CONFIG_TABLET_USB_ACECAD=y
-CONFIG_TABLET_USB_AIPTEK=y
-CONFIG_TABLET_USB_GTCO=y
-CONFIG_TABLET_USB_HANWANG=y
-CONFIG_TABLET_USB_KBTAB=y
-CONFIG_TABLET_USB_WACOM=y
-CONFIG_INPUT_MISC=y
-CONFIG_INPUT_KEYCHORD=y
-CONFIG_INPUT_UINPUT=y
-CONFIG_INPUT_GPIO=y
-# CONFIG_VT is not set
-# CONFIG_LEGACY_PTYS is not set
-CONFIG_POWER_SUPPLY=y
-CONFIG_BATTERY_ANDROID=y
-CONFIG_MEDIA_SUPPORT=y
-CONFIG_BACKLIGHT_LCD_SUPPORT=y
-CONFIG_SOUND=y
-CONFIG_SND=y
-CONFIG_UHID=y
-CONFIG_USB_HIDDEV=y
-CONFIG_HID_A4TECH=y
-CONFIG_HID_ACRUX=y
-CONFIG_HID_ACRUX_FF=y
-CONFIG_HID_APPLE=y
-CONFIG_HID_BELKIN=y
-CONFIG_HID_CHERRY=y
-CONFIG_HID_CHICONY=y
-CONFIG_HID_PRODIKEYS=y
-CONFIG_HID_CYPRESS=y
-CONFIG_HID_DRAGONRISE=y
-CONFIG_DRAGONRISE_FF=y
-CONFIG_HID_EMS_FF=y
-CONFIG_HID_ELECOM=y
-CONFIG_HID_EZKEY=y
-CONFIG_HID_HOLTEK=y
-CONFIG_HID_KEYTOUCH=y
-CONFIG_HID_KYE=y
-CONFIG_HID_UCLOGIC=y
-CONFIG_HID_WALTOP=y
-CONFIG_HID_GYRATION=y
-CONFIG_HID_TWINHAN=y
-CONFIG_HID_KENSINGTON=y
-CONFIG_HID_LCPOWER=y
-CONFIG_HID_LOGITECH=y
-CONFIG_LOGITECH_FF=y
-CONFIG_LOGIRUMBLEPAD2_FF=y
-CONFIG_LOGIG940_FF=y
-CONFIG_HID_MAGICMOUSE=y
-CONFIG_HID_MICROSOFT=y
-CONFIG_HID_MONTEREY=y
-CONFIG_HID_MULTITOUCH=y
-CONFIG_HID_NTRIG=y
-CONFIG_HID_ORTEK=y
-CONFIG_HID_PANTHERLORD=y
-CONFIG_PANTHERLORD_FF=y
-CONFIG_HID_PETALYNX=y
-CONFIG_HID_PICOLCD=y
-CONFIG_HID_PRIMAX=y
-CONFIG_HID_ROCCAT=y
-CONFIG_HID_SAITEK=y
-CONFIG_HID_SAMSUNG=y
-CONFIG_HID_SONY=y
-CONFIG_HID_SPEEDLINK=y
-CONFIG_HID_SUNPLUS=y
-CONFIG_HID_GREENASIA=y
-CONFIG_GREENASIA_FF=y
-CONFIG_HID_SMARTJOYPLUS=y
-CONFIG_SMARTJOYPLUS_FF=y
-CONFIG_HID_TIVO=y
-CONFIG_HID_TOPSEED=y
-CONFIG_HID_THRUSTMASTER=y
-CONFIG_HID_WACOM=y
-CONFIG_HID_WIIMOTE=y
-CONFIG_HID_ZEROPLUS=y
-CONFIG_HID_ZYDACRON=y
-CONFIG_USB_USBNET=y
-CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
-CONFIG_USB_EHCI_HCD=y
-CONFIG_ION=y
-CONFIG_ANDROID_RAM_CONSOLE=y
-CONFIG_ANDROID_TIMED_GPIO=y
-CONFIG_EXT4_FS=y
-CONFIG_EXT4_FS_SECURITY=y
-CONFIG_FUSE_FS=y
-CONFIG_MSDOS_FS=y
-CONFIG_VFAT_FS=y
-CONFIG_TMPFS=y
-CONFIG_TMPFS_POSIX_ACL=y
-CONFIG_SCHEDSTATS=y
-CONFIG_TIMER_STATS=y
-CONFIG_SCHED_TRACER=y
-CONFIG_CPUSETS=y
-CONFIG_PROC_PID_CPUSET=y
-</pre>
+<pre><code>ARCH=<em>arch</em> scripts/kconfig/merge_config.sh <em>path</em>/<em>device</em>_defconfig android/configs/android-base.cfg android/configs/android-recommended.cfg</code></pre>
 
-<h2 id="audio">For USB host mode audio</h2>
+<p>This generates a .config file you can use to save a new defconfig or
+compile a new kernel with Android features enabled.</p>
 
-<pre>
-CONFIG_SND_USB=y
+<h2 id="usb">Enabling USB host mode options</h2>
+
+<p>For USB host mode audio, enable the following options:</p>
+<pre><code>CONFIG_SND_USB=y
 CONFIG_SND_USB_AUDIO=y
 # CONFIG_USB_AUDIO is for a peripheral mode (gadget) driver
-</pre>
-
-<h2 id="midi">For USB host mode MIDI</h2>
+</code></pre>
 
-<pre>
-CONFIG_SND_USB_MIDI=y
-</pre>
+<p>For USB host mode MIDI, enable the following option:</p>
+<pre><code>CONFIG_SND_USB_MIDI=y</code></pre>
 
 <h2 id="Seccomp-BPF-TSYNC">Seccomp-BPF with TSYNC</h2>
-<p>
-Seccomp-BPF is a kernel security technology that
-enables the creation of sandboxes to restrict the system calls a process is
-allowed to make. The TSYNC feature enables the use of Seccomp-BPF from
-multithreaded programs.
-</p>
-<p>
-This ability is limited to architectures that have seccomp support upstream:
-ARM, ARM64, x86, and x86_64.
-</p>
+<p>Seccomp-BPF is a kernel security technology that enables the creation of
+sandboxes to restrict the system calls a process is allowed to make. The TSYNC
+feature enables the use of Seccomp-BPF from multithreaded programs. This ability
+is limited to architectures that have seccomp support upstream: ARM, ARM64, x86,
+and x86_64.</p>
+
 <h3 id="backport-ARM-32">Backporting for Kernel 3.10 for ARM-32, X86, X86_64</h3>
-<p>
-First, ensure that <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the
-Kconfig. This is already verified as of the Android 5.0 CTS.
-</p>
-<p>
-Next, cherry-pick the following changes from the AOSP kernel/common:android-3.10
-repository:
-</p>
-<p>
-<a
-href="https://android.googlesource.com/kernel/common/+log/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28">9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28</a>
+
+<p>Ensure that <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the Kconfig
+(verified as of the Android 5.0 CTS), then cherry-pick the following changes
+from the AOSP kernel/common:android-3.10 repository: <a href="https://android.
+googlesource.com/kernel/common/+log/9499cd23f9d05ba159
+fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28">9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28</a>
 </p>
+
 <ul>
-<li><a
-href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
- ARM: add seccomp syscall</a>
-<li><a
-href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
- seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell
-<li><a
-href="https://android.googlesource.com/kernel/common/+/9ac860041db860a59bfd6ac82b31d6b6f76ebb52">9ac8600
- seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
-Roeck
-<li><a
-href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
- seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
- seccomp: allow mode setting across threads</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
- seccomp: introduce writer locking</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
- seccomp: split filter prep from check and apply</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/9d0ff694bc22fb458acb763811a677696c60725b">9d0ff69
- sched: move no_new_privs into new atomic flags</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4
- seccomp: add "seccomp" syscall</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
- seccomp: split mode setting routines</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9cff
- seccomp: extract check/assign mode helpers</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
- seccomp: create internal mode-setting function</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/987a0f1102321853565c4bfecde6a5a58ac6db11">987a0f1
- introduce for_each_thread() to replace the buggy while_each_thread()</a> by
-Oleg Nesterov
-<li><a
-href="https://android.googlesource.com/kernel/common/+/a03a2426ea9f1d9dada33cf4a824f63e8f916c9d">a03a242
- arch: Introduce smp_load_acquire(), smp_store_release()</a> by Peter Zijlstra
+<li><a href="https://android.googlesource.com/kernel/common/+/a03a2426ea9f1d9dada33cf4a824f63e8f916c9d">a03
+a242 arch: Introduce smp_load_acquire(), smp_store_release()</a> by Peter
+Zijlstra</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/987a0f1102321853565c4bfecde6a5a58ac6db11">987a0f
+1 introduce for_each_thread() to replace the buggy while_each_thread()</a> by
+ Oleg Nesterov</li>
+ <li><a href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
+seccomp: create internal mode-setting function</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+
+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9cff
+seccomp: extract check/assign mode helpers</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
+seccomp: split mode setting routines</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4  seccomp: add
+"seccomp" syscall</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/9d0ff
+694bc22fb458acb763811a677696c60725b">9d0ff69
+sched: move no_new_privs into new atomic flags</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
+seccomp: split filter prep from check and apply</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
+seccomp: introduce writer locking</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
+seccomp: allow mode setting across threads</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
+seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/9ac860041db
+860a59bfd6ac82b31d6b6f76ebb52">9ac8600
+seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
+Roeck</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
+seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
+ARM: add seccomp syscall</a> by Kees Cook</li>
 </ul>
-<p>
-Apply these patches in the inverse order that they are
-listed (<code>a9ba428</code> should be last).
-</p>
-<p>
+
 <h3 id="backport-ARM-64">Backporting for Kernel 3.10 for ARM-64</h3>
-</p>
-<p>
-First, ensure that<code> CONFIG_SECCOMP_FILTER=y </code>is enabled in the
-Kconfig. This is already verified as of the Android 5.0 CTS.
-</p>
-<p>
-Next, cherry-pick the following changes from the AOSP kernel/common:android-3.10
-repository:
-</p>
+<p>Ensure <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the Kconfig
+(verified as of the Android 5.0 CTS), then cherry-pick the following changes
+from the AOSP kernel/common:android-3.10 repository:</p>
 <ul>
-<li><a
-href="https://android.googlesource.com/kernel/common/+/210957c2bb3b4d111963bb296e2c42beb8721929">210957c
- arm64: add seccomp support</a> by AKASHI Takahiro
-<li><a
-href="https://android.googlesource.com/kernel/common/+/77227239d20ac6381fb1aee7b7cc902f0d14cd85">7722723
- arm64: add SIGSYS siginfo for compat task</a> by AKASHI Takahiro
-<li><a
-href="https://android.googlesource.com/kernel/common/+/4f12b53f28a751406a27ef7501a22f9e32a9c30b">4f12b53
- add seccomp syscall for compat task</a> by AKASHI Takahiro
-<li><a
-href="https://android.googlesource.com/kernel/common/+/dab10731da65a0deba46402ca9fadf6974676cc8">dab1073
- asm-generic: add generic seccomp.h for secure computing mode 1</a> by AKASHI
-Takahiro
-<li><a
-href="https://android.googlesource.com/kernel/common/+/feb28436457d33fef9f264635291432df4b74122">feb2843
- arm64: ptrace: allow tracer to skip a system call</a> by AKASHI Takahiro
-<li><a
-href="https://android.googlesource.com/kernel/common/+/abbfed9ed1a78701ef3db74f5287958feb897035">abbfed9
- arm64: ptrace: add PTRACE_SET_SYSCALL</a> by AKASHI Takahiro
-<li><a
-href="https://android.googlesource.com/kernel/common/+/41900903483eb96602dd72e719a798c208118aad">4190090
- ARM: 8087/1: ptrace: reload syscall number after secure_computing() check</a>
-by Will Deacon
-<li><a
-href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
- ARM: add seccomp syscall</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
- seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell
-<li><a
-href="https://android.googlesource.com/kernel/common/+/9ac860041db860a59bfd6ac82b31d6b6f76ebb52">9ac8600
- seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
-Roeck
-<li><a
-href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
- seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
- seccomp: allow mode setting across threads</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
- seccomp: introduce writer locking</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
- seccomp: split filter prep from check and apply</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/9d0ff694bc22fb458acb763811a677696c60725b">9d0ff69
- sched: move no_new_privs into new atomic flags</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4
- seccomp: add "seccomp" syscall</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
- seccomp: split mode setting routines</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9cff
- seccomp: extract check/assign mode helpers</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
- seccomp: create internal mode-setting function</a> by Kees Cook
-<li><a
-href="https://android.googlesource.com/kernel/common/+/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76">9499cd2
- syscall_get_arch: remove useless function arguments</a> by Eric Paris
-<li><a
-href="https://android.googlesource.com/kernel/common/+/3e21c0bb663a23436e0eb3f61860d4fedc233bab">3e21c0b
- arm64: audit: Add audit hook in syscall_trace_enter/exit()</a> by JP Abgrall
-<li><a
-href="https://android.googlesource.com/kernel/common/+/bf11863d45eb3dac0d0cf1f818ded11ade6e28d3">bf11863
- arm64: Add audit support</a> by AKASHI Takahiro
-<li><a
-href="https://android.googlesource.com/kernel/common/+/cfc7e99e9e3900056028a7d90072e9ea0d886f8d">cfc7e99e9
- arm64: Add __NR_* definitions for compat syscalls</a> by JP Abgrall
+<li><a href="https://android.googlesource.com/kernel/common/+/cfc7e99e9e3900056028a7d90072e9ea0d886f8d">cfc7e99e9
+arm64: Add __NR_* definitions for compat syscalls</a> by JP Abgrall</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/bf11863d45eb3dac0d0cf1f818ded11ade6e28d3">bf11863
+arm64: Add audit support</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/3
+e21c0bb663a23436e0eb3f61860d4fedc233bab">3e21c0b
+arm64: audit: Add audit hook in syscall_trace_enter/exit()</a> by JP Abgrall</li>
+<li><a href="https://android.googlesource.com/kernel
+/common/+/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76">9499cd2
+syscall_get_arch: remove useless function arguments</a> by Eric Paris</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
+seccomp: create internal mode-setting function</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9
+cff  seccomp: extract check/assign mode helpers</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
+seccomp: split mode setting routines</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4
+seccomp: add "seccomp" syscall</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/9d0ff694bc22fb458acb763811a677696c60725b">9d0ff69
+sched: move no_new_privs into new atomic flags</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
+seccomp: split filter prep from check and apply</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
+seccomp: introduce writer locking</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
+seccomp: allow mode setting across threads</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
+seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/9ac860041db860a59bfd6ac82b31d6b6f76ebb52">9ac8600
+seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
+Roeck</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
+seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
+ARM: add seccomp syscall</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/41900903483eb96602dd72e719a798c208118aad">4190090
+ARM: 8087/1: ptrace: reload syscall number after secure_computing() check</a> by
+Will Deacon</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/abbfed9ed1a78701ef3db74f5287958feb897035">abbfed9
+arm64: ptrace: add PTRACE_SET_SYSCALL</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/feb28436457d33fef9f264635291432df4b74122">feb2843
+arm64: ptrace: allow tracer to skip a system call</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/dab10731da65a0deba46402ca9fadf6974676cc8">dab1073
+asm-generic: add generic seccomp.h for secure computing mode 1</a> by AKASHI
+Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/4f12b53f28a751406a27ef7501a22f9e32a9c30b">4f1
+2b53  add seccomp syscall for compat task</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/77227239d20ac6381fb1aee7b7cc902f0d14cd85">7722723
+arm64: add SIGSYS siginfo for compat task</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/210957c2bb3b4d111963bb296e2c42beb8721929">210957c
+arm64: add seccomp support</a> by AKASHI Takahiro</li>
 </ul>