-# Copyright (C) 2006-2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
+# SPDX-License-Identifier: GPL-2.0-only
#
+# Copyright (C) 2006-2014 OpenWrt.org
config KERNEL_BUILD_USER
string "Custom Kernel Build User Name"
bool "Enable support for printk"
default y
-config KERNEL_CRASHLOG
- bool "Crash logging"
- depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
- default y
-
config KERNEL_SWAP
bool "Support for paging of anonymous memory (swap)"
default y if !SMALL_FLASH
+config KERNEL_PROC_STRIPPED
+ bool "Strip non-essential /proc functionality to reduce code size"
+ default y if SMALL_FLASH
+
config KERNEL_DEBUG_FS
bool "Compile the kernel with debug filesystem enabled"
default y
write to these files. Many common debugging facilities, such as
ftrace, require the existence of debugfs.
-# remove KERNEL_MIPS_FPU_EMULATOR after kernel 4.14 and 4.14 are gone
-config KERNEL_MIPS_FPU_EMULATOR
- bool "Compile the kernel with MIPS FPU Emulator"
- default y if TARGET_pistachio
- depends on (mips || mipsel || mips64 || mips64el)
-
config KERNEL_MIPS_FP_SUPPORT
bool
- default y if KERNEL_MIPS_FPU_EMULATOR
+ default y if TARGET_pistachio
config KERNEL_ARM_PMU
bool
Enabling this option on architectures that support unaligned
accesses may produce a lot of false positives.
+config KERNEL_UBSAN_BOUNDS
+ bool "Perform array index bounds checking"
+ depends on KERNEL_UBSAN
+ help
+ This option enables detection of directly indexed out of bounds array
+ accesses, where the array size is known at compile time. Note that
+ this does not protect array overflows via bad calls to the
+ {str,mem}*cpy() family of functions (that is addressed by
+ FORTIFY_SOURCE).
+
config KERNEL_UBSAN_NULL
bool "Enable checking of null pointers"
depends on KERNEL_UBSAN
This option enables detection of memory accesses via a
null pointer.
+config KERNEL_UBSAN_TRAP
+ bool "On Sanitizer warnings, abort the running kernel code"
+ depends on KERNEL_UBSAN
+ help
+ Building kernels with Sanitizer features enabled tends to grow the
+ kernel size by around 5%, due to adding all the debugging text on
+ failure paths. To avoid this, Sanitizer instrumentation can just
+ issue a trap. This reduces the kernel size overhead but turns all
+ warnings (including potentially harmless conditions) into full
+ exceptions that abort the running kernel code (regardless of context,
+ locks held, etc), which may destabilize the system. For some system
+ builders this is an acceptable trade-off.
+
config KERNEL_KASAN
bool "Compile the kernel with KASan: runtime memory debugger"
select KERNEL_SLUB_DEBUG
compile time.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
+config KERNEL_KASAN_VMALLOC
+ bool "Back mappings in vmalloc space with real shadow memory"
+ depends on KERNEL_KASAN
+ help
+ By default, the shadow region for vmalloc space is the read-only
+ zero page. This means that KASAN cannot detect errors involving
+ vmalloc space.
+
+ Enabling this option will hook in to vmap/vmalloc and back those
+ mappings with real shadow memory allocated on demand. This allows
+ for KASAN to detect more sorts of errors (and to support vmapped
+ stacks), but at the cost of higher memory usage.
+
+ This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
+ depend on that in here, so it is possible that enabling this
+ will have no effect.
+
+if KERNEL_KASAN
+ config KERNEL_KASAN_GENERIC
+ def_bool y
+
+ config KERNEL_KASAN_SW_TAGS
+ def_bool n
+endif
choice
prompt "Instrumentation type"
depends on KERNEL_FUNCTION_TRACER
default n
+config KERNEL_IRQSOFF_TRACER
+ bool "Interrupts-off Latency Tracer"
+ depends on KERNEL_FTRACE
+ help
+ This option measures the time spent in irqs-off critical
+ sections, with microsecond accuracy.
+
+ The default measurement method is a maximum search, which is
+ disabled by default and can be runtime (re-)started
+ via:
+
+ echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
+
+ (Note that kernel size and overhead increase with this option
+ enabled. This option and the preempt-off timing option can be
+ used together or separately.)
+
+config KERNEL_PREEMPT_TRACER
+ bool "Preemption-off Latency Tracer"
+ depends on KERNEL_FTRACE
+ help
+ This option measures the time spent in preemption-off critical
+ sections, with microsecond accuracy.
+
+ The default measurement method is a maximum search, which is
+ disabled by default and can be runtime (re-)started
+ via:
+
+ echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
+
+ (Note that kernel size and overhead increase with this option
+ enabled. This option and the irqs-off timing option can be
+ used together or separately.)
+
+config KERNEL_HIST_TRIGGERS
+ bool "Histogram triggers"
+ depends on KERNEL_FTRACE
+ help
+ Hist triggers allow one or more arbitrary trace event fields to be
+ aggregated into hash tables and dumped to stdout by reading a
+ debugfs/tracefs file. They're useful for gathering quick and dirty
+ (though precise) summaries of event activity as an initial guide for
+ further investigation using more advanced tools.
+
+ Inter-event tracing of quantities such as latencies is also
+ supported using hist triggers under this option.
+
config KERNEL_DEBUG_KERNEL
bool
default n
instrumentation and testing.
If in doubt, say "N".
-config KERNEL_KPROBE_EVENT
- bool
- default y if KERNEL_KPROBES
-
config KERNEL_KPROBE_EVENTS
bool
default y if KERNEL_KPROBES
bool "Compile the kernel with asynchronous IO support"
default y if !SMALL_FLASH
+config KERNEL_IO_URING
+ bool "Compile the kernel with io_uring support"
+ default y if !SMALL_FLASH
+
config KERNEL_FHANDLE
bool "Compile the kernel with support for fhandle syscalls"
default y if !SMALL_FLASH
config KERNEL_TRANSPARENT_HUGEPAGE
bool
+choice
+ prompt "Transparent Hugepage Support sysfs defaults"
+ depends on KERNEL_TRANSPARENT_HUGEPAGE
+ default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
+
+ config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
+ bool "always"
+
+ config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
+ bool "madvise"
+endchoice
+
config KERNEL_HUGETLBFS
bool
select KERNEL_DEBUG_KERNEL
default n
-config KERNEL_LOCKUP_DETECTOR
- bool "Compile the kernel with detect Hard and Soft Lockups"
+config KERNEL_SOFTLOCKUP_DETECTOR
+ bool "Compile the kernel with detect Soft Lockups"
depends on KERNEL_DEBUG_KERNEL
help
Say Y here to enable the kernel to act as a watchdog to detect
- hard and soft lockups.
+ soft lockups.
Softlockups are bugs that cause the kernel to loop in kernel
mode for more than 20 seconds, without giving other tasks a
chance to run. The current stack trace is displayed upon
detection and the system will stay locked up.
- Hardlockups are bugs that cause the CPU to loop in kernel mode
- for more than 10 seconds, without letting other interrupts have a
- chance to run. The current stack trace is displayed upon detection
- and the system will stay locked up.
-
- The overhead should be minimal. A periodic hrtimer runs to
- generate interrupts and kick the watchdog task every 4 seconds.
- An NMI is generated every 10 seconds or so to check for hardlockups.
-
- The frequency of hrtimer and NMI events and the soft and hard lockup
- thresholds can be controlled through the sysctl watchdog_thresh.
-
config KERNEL_DETECT_HUNG_TASK
bool "Compile the kernel with detect Hung Tasks"
depends on KERNEL_DEBUG_KERNEL
- default KERNEL_LOCKUP_DETECTOR
+ default KERNEL_SOFTLOCKUP_DETECTOR
help
Say Y here to enable the kernel to detect "hung tasks",
which are bugs that cause the task to be stuck in
endif
config KERNEL_KEYS
- bool "Enable kernel access key retention support"
- default n
+ bool "Enable kernel access key retention support"
+ default !SMALL_FLASH
config KERNEL_PERSISTENT_KEYRINGS
- bool "Enable kernel persistent keyrings"
- depends on KERNEL_KEYS
- default n
+ bool "Enable kernel persistent keyrings"
+ depends on KERNEL_KEYS
+ default n
-config KERNEL_BIG_KEYS
- bool "Enable large payload keys on kernel keyrings"
- depends on KERNEL_KEYS
- default n
+config KERNEL_KEYS_REQUEST_CACHE
+ bool "Enable temporary caching of the last request_key() result"
+ depends on KERNEL_KEYS
+ default n
-config KERNEL_ENCRYPTED_KEYS
- tristate "Enable keys with encrypted payloads on kernel keyrings"
- depends on KERNEL_KEYS
- default n
+config KERNEL_BIG_KEYS
+ bool "Enable large payload keys on kernel keyrings"
+ depends on KERNEL_KEYS
+ default n
#
# CGROUP support symbols
config KERNEL_CGROUP_HUGETLB
bool "HugeTLB controller"
- default y if KERNEL_HUGETLB_PAGE
- depends on KERNEL_HUGETLB_PAGE
+ default n
+ select KERNEL_HUGETLB_PAGE
config KERNEL_CGROUP_PIDS
bool "PIDs cgroup subsystem"
config KERNEL_CPUSETS
bool "Cpuset support"
- default y if !SMALL_FLASH
+ default y
help
This option will let you create and manage CPUSETs which
allow dynamically partitioning a system into sets of CPUs and
config KERNEL_CGROUP_CPUACCT
bool "Simple CPU accounting cgroup subsystem"
- default y if !SMALL_FLASH
+ default y
help
Provides a simple Resource Controller for monitoring the
total CPU consumed by the tasks in a cgroup.
config KERNEL_RESOURCE_COUNTERS
bool "Resource counters"
- default y if !SMALL_FLASH
+ default y
help
This option enables controller independent resource accounting
infrastructure that works with cgroups.
config KERNEL_MEMCG
bool "Memory Resource Controller for Control Groups"
- default y if !SMALL_FLASH
+ default y
select KERNEL_FREEZER
depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
help
config KERNEL_MEMCG_SWAP
bool "Memory Resource Controller Swap Extension"
- default y if !SMALL_FLASH
+ default y
depends on KERNEL_MEMCG
help
Add swap management feature to memory resource controller. When you
config KERNEL_MEMCG_KMEM
bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
- default y if !SMALL_FLASH
+ default y
depends on KERNEL_MEMCG
help
The Kernel Memory extension for Memory Resource Controller can limit
menuconfig KERNEL_CGROUP_SCHED
bool "Group CPU scheduler"
- default y if !SMALL_FLASH
+ default y
help
This feature lets CPU scheduler recognize task groups and control CPU
bandwidth allocation to such task groups. It uses cgroups to group
config KERNEL_FAIR_GROUP_SCHED
bool "Group scheduling for SCHED_OTHER"
- default y if !SMALL_FLASH
+ default y
config KERNEL_CFS_BANDWIDTH
bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
- default n
+ default y
depends on KERNEL_FAIR_GROUP_SCHED
help
This option allows users to define CPU bandwidth rates (limits) for
config KERNEL_RT_GROUP_SCHED
bool "Group scheduling for SCHED_RR/FIFO"
- default y if !SMALL_FLASH
+ default y
help
This feature lets you explicitly allocate real CPU bandwidth
to task groups. If enabled, it will also make it impossible to
config KERNEL_BLK_DEV_THROTTLING
bool "Enable throttling policy"
- default y if TARGET_bcm27xx
+ default y
config KERNEL_BLK_DEV_THROTTLING_LOW
bool "Block throttling .low limit interface support (EXPERIMENTAL)"
config KERNEL_IPV6_PIMSM_V2
def_bool n
+ config KERNEL_IPV6_SEG6_LWTUNNEL
+ bool "Enable support for lightweight tunnels"
+ default y if !SMALL_FLASH
+ help
+ Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
+
+ config KERNEL_LWTUNNEL_BPF
+ def_bool n
+
endif
#
default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
default 3
+config KERNEL_SQUASHFS_XATTR
+ bool "Squashfs XATTR support"
+
#
-# compile optimiziation setting
+# compile optimization setting
#
choice
prompt "Compiler optimization level"
your compiler resulting in a smaller kernel.
endchoice
+
+config KERNEL_AUDIT
+ bool "Auditing support"
+
+config KERNEL_SECURITY
+ bool "Enable different security models"
+
+config KERNEL_SECURITY_NETWORK
+ bool "Socket and Networking Security Hooks"
+ select KERNEL_SECURITY
+
+config KERNEL_SECURITY_SELINUX
+ bool "NSA SELinux Support"
+ select KERNEL_SECURITY_NETWORK
+ select KERNEL_AUDIT
+
+config KERNEL_SECURITY_SELINUX_BOOTPARAM
+ bool "NSA SELinux boot parameter"
+ depends on KERNEL_SECURITY_SELINUX
+ default y
+
+config KERNEL_SECURITY_SELINUX_DISABLE
+ bool "NSA SELinux runtime disable"
+ depends on KERNEL_SECURITY_SELINUX
+
+config KERNEL_SECURITY_SELINUX_DEVELOP
+ bool "NSA SELinux Development Support"
+ depends on KERNEL_SECURITY_SELINUX
+ default y
+
+config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
+ int
+ depends on KERNEL_SECURITY_SELINUX
+ default 9
+
+config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
+ int
+ depends on KERNEL_SECURITY_SELINUX
+ default 256
+
+config KERNEL_LSM
+ string
+ default "lockdown,yama,loadpin,safesetid,integrity,selinux"
+ depends on KERNEL_SECURITY_SELINUX
+
+config KERNEL_EXT4_FS_SECURITY
+ bool "Ext4 Security Labels"
+
+config KERNEL_F2FS_FS_SECURITY
+ bool "F2FS Security Labels"
+
+config KERNEL_UBIFS_FS_SECURITY
+ bool "UBIFS Security Labels"
+
+config KERNEL_JFFS2_FS_SECURITY
+ bool "JFFS2 Security Labels"
projects / openwrt / staging / jow.git / blobdiff