aboutsummaryrefslogtreecommitdiff
path: root/en/devices/architecture/kernel
diff options
context:
space:
mode:
authorAndroid Partner Docs <noreply@android.com>2017-08-11 13:26:19 -0700
committerBilly Lamberta <blamb@google.com>2017-08-14 10:09:36 -0700
commit9f85abff05908a7f8ba36f0dabb3dbe5601b8c25 (patch)
tree0ba454f0b7b00bff2785c65eb0fdcf6e9d43af18 /en/devices/architecture/kernel
parentde85065c0ab515fa0d80e7456985ca4dd507732d (diff)
downloadsource.android.com-9f85abff05908a7f8ba36f0dabb3dbe5601b8c25.tar.gz
Docs: Changes to source.android.com
- 165016926 Add clarifying language and patches for older versions by claym <claym@google.com> - 165016381 Note AOSP master no longer requires separate JDK by claym <claym@google.com> - 164881714 Update May 2017 bulletin with AOSP link for CVE-2017-0493 by daroberts <daroberts@google.com> - 164871405 Devsite localized content from translation request 8581ba... by Android Partner Docs <noreply@android.com> - 164655382 Add sections and move/redirect files in preparation for 8... by claym <claym@google.com> - 164646767 Devsite localized content from translation request 101532... by Android Partner Docs <noreply@android.com> - 164645091 Update home page to announce August security bulletin by daroberts <daroberts@google.com> - 164645005 Update CTS/CTS-Verifier downloads for CTS-Aug-2017 Release by daroberts <daroberts@google.com> - 164644767 Update August Security bulletin with AOSP links by daroberts <daroberts@google.com> PiperOrigin-RevId: 165016926 Change-Id: I3d95a930619093dbeb0cdb4bbea52b6799c30bd3
Diffstat (limited to 'en/devices/architecture/kernel')
-rw-r--r--en/devices/architecture/kernel/config.html190
-rw-r--r--en/devices/architecture/kernel/network_tests.html114
2 files changed, 304 insertions, 0 deletions
diff --git a/en/devices/architecture/kernel/config.html b/en/devices/architecture/kernel/config.html
new file mode 100644
index 00000000..14d2ee17
--- /dev/null
+++ b/en/devices/architecture/kernel/config.html
@@ -0,0 +1,190 @@
+<html devsite>
+ <head>
+ <title>Kernel Configuration</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+
+<p>Use the following configuration settings as a base for an Android kernel
+configuration. Settings are organized into <code>android-base</code> and
+<code>android-recommended</code> .cfg files:
+
+<ul>
+<li><code>android-base</code>. These options enable core Android features and
+should be enabled by all devices.</li>
+
+<li><code>android-recommended</code>. These options enable advanced Android
+features and are optional for devices.</li>
+</ul>
+
+<p>Both the android-base.cfg and android-recommended.cfg files are located in
+the android-common kernel repo at
+<a href="https://android.googlesource.com/kernel/common/">https://android.googlesource.com/kernel/common/</a>.
+<p>In version 4.8 of the upstream Linux kernel, a new location (kernel/configs)
+was designated for kernel configuration fragments. The android base and
+recommended config fragments are located in that directory for branches based on
+4.8 or later. For kernel branches based on releases prior to 4.8, the config
+fragments are located in the android/ directory.</p>
+
+<p>For details on controls already undertaken to strengthen the kernel on your
+devices, see <a href="/security/overview/kernel-security.html">System
+and Kernel Security</a>. For details on required settings, see the
+<a href="/compatibility/cdd.html">Android Compatibility Definition
+Document (CDD)</a>.</p>
+
+<h2 id="generating">Generating kernel config</h2>
+<p>For devices that have a minimalist defconfig, you can use the following to
+enable options:</p>
+
+<pre class="devsite-click-to-copy">
+ARCH=<em>arch</em> scripts/kconfig/merge_config.sh <em>path</em>/<em>device</em>_defconfig android/configs/android-base.cfg android/configs/android-recommended.cfg
+</pre>
+
+<p>This generates a .config file you can use to save a new defconfig or
+compile a new kernel with Android features enabled.</p>
+
+<h2 id="usb">Enabling USB host mode options</h2>
+
+<p>For USB host mode audio, enable the following options:</p>
+<pre class="devsite-click-to-copy">
+CONFIG_SND_USB=y
+CONFIG_SND_USB_AUDIO=y
+# CONFIG_USB_AUDIO is for a peripheral mode (gadget) driver
+</pre>
+
+<p>For USB host mode MIDI, enable the following option:</p>
+<pre class="devsite-click-to-copy">
+CONFIG_SND_USB_MIDI=y
+</pre>
+
+<h2 id="Seccomp-BPF-TSYNC">Seccomp-BPF with TSYNC</h2>
+<p>Seccomp-BPF is a kernel security technology that enables the creation of
+sandboxes to restrict the system calls a process is allowed to make. The TSYNC
+feature enables the use of Seccomp-BPF from multithreaded programs. This ability
+is limited to architectures that have seccomp support upstream: ARM, ARM64, x86,
+and x86_64.</p>
+
+<h3 id="backport-ARM-32">Backporting for Kernel 3.10 for ARM-32, X86, X86_64</h3>
+
+<p>Ensure that <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the Kconfig
+(verified as of the Android 5.0 CTS), then cherry-pick the following changes
+from the AOSP kernel/common:android-3.10 repository: <a href="https://android.
+googlesource.com/kernel/common/+log/9499cd23f9d05ba159
+fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28">9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28</a>
+</p>
+
+<ul>
+<li><a href="https://android.googlesource.com/kernel/common/+/a03a2426ea9f1d9dada33cf4a824f63e8f916c9d">a03
+a242 arch: Introduce smp_load_acquire(), smp_store_release()</a> by Peter
+Zijlstra</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/987a0f1102321853565c4bfecde6a5a58ac6db11">987a0f
+1 introduce for_each_thread() to replace the buggy while_each_thread()</a> by
+ Oleg Nesterov</li>
+ <li><a href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
+seccomp: create internal mode-setting function</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+
+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9cff
+seccomp: extract check/assign mode helpers</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
+seccomp: split mode setting routines</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4 seccomp: add
+"seccomp" syscall</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/9d0ff
+694bc22fb458acb763811a677696c60725b">9d0ff69
+sched: move no_new_privs into new atomic flags</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
+seccomp: split filter prep from check and apply</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
+seccomp: introduce writer locking</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
+seccomp: allow mode setting across threads</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
+seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/9ac860041db
+860a59bfd6ac82b31d6b6f76ebb52">9ac8600
+seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
+Roeck</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
+seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
+ARM: add seccomp syscall</a> by Kees Cook</li>
+</ul>
+
+<h3 id="backport-ARM-64">Backporting for Kernel 3.10 for ARM-64</h3>
+<p>Ensure <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the Kconfig
+(verified as of the Android 5.0 CTS), then cherry-pick the following changes
+from the AOSP kernel/common:android-3.10 repository:</p>
+<ul>
+<li><a href="https://android.googlesource.com/kernel/common/+/cfc7e99e9e3900056028a7d90072e9ea0d886f8d">cfc7e99e9
+arm64: Add __NR_* definitions for compat syscalls</a> by JP Abgrall</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/bf11863d45eb3dac0d0cf1f818ded11ade6e28d3">bf11863
+arm64: Add audit support</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/3
+e21c0bb663a23436e0eb3f61860d4fedc233bab">3e21c0b
+arm64: audit: Add audit hook in syscall_trace_enter/exit()</a> by JP Abgrall</li>
+<li><a href="https://android.googlesource.com/kernel
+/common/+/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76">9499cd2
+syscall_get_arch: remove useless function arguments</a> by Eric Paris</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
+seccomp: create internal mode-setting function</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9
+cff seccomp: extract check/assign mode helpers</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
+seccomp: split mode setting routines</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4
+seccomp: add "seccomp" syscall</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/9d0ff694bc22fb458acb763811a677696c60725b">9d0ff69
+sched: move no_new_privs into new atomic flags</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
+seccomp: split filter prep from check and apply</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
+seccomp: introduce writer locking</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
+seccomp: allow mode setting across threads</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
+seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/9ac860041db860a59bfd6ac82b31d6b6f76ebb52">9ac8600
+seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
+Roeck</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
+seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
+ARM: add seccomp syscall</a> by Kees Cook</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/41900903483eb96602dd72e719a798c208118aad">4190090
+ARM: 8087/1: ptrace: reload syscall number after secure_computing() check</a> by
+Will Deacon</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/abbfed9ed1a78701ef3db74f5287958feb897035">abbfed9
+arm64: ptrace: add PTRACE_SET_SYSCALL</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/feb28436457d33fef9f264635291432df4b74122">feb2843
+arm64: ptrace: allow tracer to skip a system call</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/dab10731da65a0deba46402ca9fadf6974676cc8">dab1073
+asm-generic: add generic seccomp.h for secure computing mode 1</a> by AKASHI
+Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/4f12b53f28a751406a27ef7501a22f9e32a9c30b">4f1
+2b53 add seccomp syscall for compat task</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/77227239d20ac6381fb1aee7b7cc902f0d14cd85">7722723
+arm64: add SIGSYS siginfo for compat task</a> by AKASHI Takahiro</li>
+<li><a href="https://android.googlesource.com/kernel/common/+/210957c2bb3b4d111963bb296e2c42beb8721929">210957c
+arm64: add seccomp support</a> by AKASHI Takahiro</li>
+</ul>
+
+ </body>
+</html>
diff --git a/en/devices/architecture/kernel/network_tests.html b/en/devices/architecture/kernel/network_tests.html
new file mode 100644
index 00000000..bc437ad2
--- /dev/null
+++ b/en/devices/architecture/kernel/network_tests.html
@@ -0,0 +1,114 @@
+<html devsite>
+ <head>
+ <title>Kernel Networking Unit Tests</title>
+ <meta name="project_path" value="/_project.yaml" />
+ <meta name="book_path" value="/_book.yaml" />
+ </head>
+ <body>
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+
+<p>Since Android 5.0, proper operation of the Android networking stack on Linux
+kernels requires a number of commits that were upstreamed relatively recently
+or have not yet made it upstream. It is not easy to manually verify the
+required kernel functionality or track the missing commits, so the Android team
+is sharing the tests it uses to ensure the kernel behaves as expected.</p>
+
+<h2 id=purpose>Why run the tests?</h2> <p>These tests exist for three main
+reasons:</p> <ol> <li>The exact version of the Linux kernel used on a device is
+typically device-specific, and it is difficult to know whether any kernel will
+work properly without running the tests.</li> <li>Forward-porting and
+back-porting the kernel patches to different kernel versions or different
+device trees may introduce subtle issues that can be impossible to spot without
+running the tests. For example, during development the initial versions of
+certain devices had UID routing patches forward-ported from android-3.4 instead
+of cherry-picked from android-3.10, and did not behave correctly.</li> <li>New
+networking features may require new kernel functionality or kernel bug
+fixes.</li> </ol> <p>If the tests do not pass, the device's network stack will
+behave incorrectly, causing user-visible connectivity bugs such as falling off
+Wi-Fi networks. The device will likely also fail Android Compatibility Test
+Suite (CTS) tests.</p>
+
+<h2 id=using>Using the tests</h2> <p>The tests use <a
+href="http://user-mode-linux.sourceforge.net/">User-Mode Linux</a> to boot the
+kernel as a process on a Linux host machine. See <a
+href="https://source.android.com/source/initializing.html">Establishing a Build
+Environment</a> for suitable operating system versions. The unit test framework
+boots the kernel with an appropriate disk image and runs the tests from the
+host file system. The tests are written in Python 2.x and use TAP interfaces to
+exercise kernel behaviour and the socket API.</p>
+
+<h3 id=compiling>Compiling the kernel for ARCH=um</h3> <p>For the tests to run,
+the kernel must compile for <code>ARCH=um SUBARCH=x86_64</code>. This is a
+supported architecture upstream and in the common Android kernel trees (e.g.,
+<code>android-3.10</code>, <code>android-3.18</code>). But sometimes device
+kernels do not compile in this mode because device trees contain
+device-specific or hardware-specific code in common files (e.g.,
+<code>sys/exit.c</code>).</p> <p>In many cases, it's sufficient to ensure that
+hardware-specific code is behind an <code>#ifdef</code>. Typically this should
+be an <code>#ifdef</code> on a configuration option that controls the specific
+feature relevant to the code. If there is no such configuration option, put
+hardware-specific code inside <code>#ifndef CONFIG_UML</code> blocks.</p> <p>In
+general, fixing this should be the responsibility of the kernel tree provider
+(e.g., chipset or SoC vendor). We're working with OEMs and vendors to ensure
+that current and future kernels will compile for <code>ARCH=um
+SUBARCH=x86_64</code> without requiring any changes.</p>
+
+<h3 id=running>Running the tests</h3> <p>The tests are at <a
+href="https://android.googlesource.com/kernel/tests/+/master/net/test"><code>kernel/tests/net/test</code></a>.
+It is recommended that the tests <b>be run from AOSP master</b> because they
+are the most up-to-date; in some cases, kernel features that are necessary for
+proper operation in a given Android release do not yet have full test coverage
+in the given release. For information on how to run the tests, see the <a
+href="https://android.googlesource.com/kernel/tests/+/master/net/test/README">kernel
+network test README file</a>. Basically, from the top of your kernel tree, run:</p>
+
+<pre class="devsite-click-to-copy">
+<var>ANDROID_TREE</var>/kernel/tests/net/test/run_net_test.sh all_tests.sh
+</pre>
+
+<h3 id=passing>Passing the tests</h3> <p>The kernel network test Python
+source files contain comments that specify kernel commits that are known to be
+required to pass the tests. The tests should pass in the common kernel trees -
+at least the <code>android-3.10</code> and <code>android-3.18</code> branches
+in the <a
+href="https://android-review.googlesource.com/#/q/project:kernel/common"><code>kernel/common</code></a>
+project in AOSP. Therefore, passing the tests on a kernel tree that's derived
+from 3.10 or 3.18 should mostly be a matter of cherry-picking the patches from
+these trees.</p>
+
+<h2 id=contributing>Contributing</h2>
+
+<h3 id=reporting>Reporting issues</h3> <p>Please report any issues with
+the kernel network tests in the <a
+href="https://code.google.com/p/android/issues/entry?template=Developer%20bug%20report">Android
+issue tracker</a> with the <a
+href="https://code.google.com/p/android/issues/list?q=label%3AComponent-Networking">Component-Networking</a>
+label.</p>
+
+<h3 id=documenting>Documenting commits and adding tests</h3> <p>Please report
+issues as described above, and if possible upload a change to fix the issue,
+if:</p> <ul> <li>The tests do not pass on the common kernel trees</li> <li>You
+find a necessary commit that is not mentioned in the source comments,</li>
+<li>Getting the tests to pass on upstream kernels requires major changes</li>
+<li>You believe that the tests are overspecified, or the test fail on future
+kernels</li> <li>You'd like to add more tests or more coverage to existing
+tests.</li>
+</ul>
+
+ </body>
+</html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 11:45:17 +0000