linux-qcom-6.18: Enable hardening.config globally and override CONFIG_KSTACK_ERASE

Apply `hardening.config` to all builds by default to ensure consistent
security hardening across builds.

Override `CONFIG_KSTACK_ERASE=n` because enabling it introduces absolute
workspace paths into out‑of‑tree (OOT) kernel modules.
These leaked paths cause Yocto’s Package QA rule to falg as build error,since
kernel modules must not contain host-specific build paths in shipping images.

Signed-off-by: Abhilasha Manna <amanna@qti.qualcomm.com>

Author: Abhilasha Manna

recipes-kernel/linux/linux-qcom-6.18/configs/bsp-additions.cfg

@@ -314,3 +314,5 @@ CONFIG_NFT_TPROXY=m
 CONFIG_NFT_TUNNEL=m
 CONFIG_PACKET_DIAG=y
 CONFIG_VETH=m
+# Disable stack erase plugin to avoid buildpath leakage in out-of-tree modules
+CONFIG_KSTACK_ERASE=n

recipes-kernel/linux/linux-qcom_6.18.bb

@@ -39,7 +39,7 @@ S = "${UNPACKDIR}/${BP}"
 KBUILD_DEFCONFIG ?= "defconfig"
 KBUILD_DEFCONFIG:qcom-armv7a = "qcom_defconfig"
 
-KBUILD_CONFIG_EXTRA = "${@bb.utils.contains('DISTRO_FEATURES', 'hardened', '${S}/kernel/configs/hardening.config', '', d)}"
+KBUILD_CONFIG_EXTRA = "${S}/kernel/configs/hardening.config"
 KBUILD_CONFIG_EXTRA:append:aarch64 = " ${S}/arch/arm64/configs/prune.config"
 KBUILD_CONFIG_EXTRA:append:aarch64 = " ${S}/arch/arm64/configs/qcom.config"
 KBUILD_CONFIG_EXTRA:append = " ${@oe.utils.vartrue('DEBUG_BUILD', '${S}/kernel/configs/debug.config', '', d)}"