[SRU][Focal:linux-intel-iotg-5.15][PATCH 1/1] UBUNTU: [Config] disable KFENCE

[Jian Hui Lee]

From: Wen-chien Jesse Sung <jesse.sung at canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1946001

Disable KFENCE as a workaround to prevent potential kernel panics that
seem to happen in nested KVM environments (e.g., systemd autopackage
test).

Disabling this feature also allows to remove the overhead of the
periodic sampling performed by KFENCE. The regression potential is that
we may receive memory corruption bug reports (that were previously
detected explicitly by KFENCE), but in such case we have always the
option to provide a test kernel with KASAN enabled, that provides a
better coverage for this kind of bugs.

Signed-off-by: Wen-chien Jesse Sung <jesse.sung at canonical.com>
(cherry picked from commit 14c6596e47be5f17749172710ff6a850958e139d linux-intel-5.13)
Signed-off-by: Jian Hui Lee <jianhui.lee at canonical.com>
---
 debian.intel-iotg-5.15/config/annotations          | 10 ++++++++++
 debian.intel-iotg-5.15/config/config.common.ubuntu |  6 +-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/debian.intel-iotg-5.15/config/annotations b/debian.intel-iotg-5.15/config/annotations
index 80f3550d2ea2..a67588af2103 100644
--- a/debian.intel-iotg-5.15/config/annotations
+++ b/debian.intel-iotg-5.15/config/annotations
@@ -58,3 +58,13 @@ CONFIG_DEBUG_INFO_DWARF4	policy<{'amd64': 'y',}>
 CONFIG_DEBUG_INFO_DWARF4	mark<ENFORCED> note<custom changes>
 CONFIG_DEBUG_INFO_DWARF5	policy<{'amd64': 'n',}>
 CONFIG_DEBUG_INFO_DWARF5	mark<ENFORCED> note<custom changes>
+
+# Menu: Kernel hacking >> Memory Debugging >> KFENCE: low-overhead sampling-based memory safety error detector
+CONFIG_KFENCE                                   policy<{'amd64': 'n', 'arm64': 'n'}>
+CONFIG_KFENCE_STATIC_KEYS                       policy<{'amd64': '-', 'arm64': '-'}>
+CONFIG_KFENCE_SAMPLE_INTERVAL                   policy<{'amd64': '-', 'arm64': '-'}>
+CONFIG_KFENCE_NUM_OBJECTS                       policy<{'amd64': '-', 'arm64': '-'}>
+CONFIG_KFENCE_STRESS_TEST_FAULTS                policy<{'amd64': '-', 'arm64': '-'}>
+#
+CONFIG_KFENCE                                   mark<ENFORCED> note<LP:1946001>
+
diff --git a/debian.intel-iotg-5.15/config/config.common.ubuntu b/debian.intel-iotg-5.15/config/config.common.ubuntu
index ec606d8925c0..0aca7554d305 100644
--- a/debian.intel-iotg-5.15/config/config.common.ubuntu
+++ b/debian.intel-iotg-5.15/config/config.common.ubuntu
@@ -4016,11 +4016,7 @@ CONFIG_KEYS=y
 CONFIG_KEYS_REQUEST_CACHE=y
 CONFIG_KEY_DH_OPERATIONS=y
 CONFIG_KEY_NOTIFICATIONS=y
-CONFIG_KFENCE=y
-CONFIG_KFENCE_NUM_OBJECTS=255
-CONFIG_KFENCE_SAMPLE_INTERVAL=0
-# CONFIG_KFENCE_STATIC_KEYS is not set
-CONFIG_KFENCE_STRESS_TEST_FAULTS=0
+# CONFIG_KFENCE is not set
 CONFIG_KGDB=y
 CONFIG_KGDB_HONOUR_BLOCKLIST=y
 CONFIG_KGDB_KDB=y
-- 
2.34.1