X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-kernel.in;h=3468899adc786e770f5519f1056985398db12d71;hb=HEAD;hp=3f013aa2b21fcd7e06b559b76b5d78a610759ae2;hpb=23049f9c31f030829980b7e32e424435572ae9ac;p=openwrt%2Fstaging%2Fnbd.git diff --git a/config/Config-kernel.in b/config/Config-kernel.in index 3f013aa2b2..0acd320504 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -1,8 +1,6 @@ -# Copyright (C) 2006-2014 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. +# SPDX-License-Identifier: GPL-2.0-only # +# Copyright (C) 2006-2014 OpenWrt.org config KERNEL_BUILD_USER string "Custom Kernel Build User Name" @@ -26,15 +24,14 @@ config KERNEL_PRINTK bool "Enable support for printk" default y -config KERNEL_CRASHLOG - bool "Crash logging" - depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64) - default y - config KERNEL_SWAP bool "Support for paging of anonymous memory (swap)" default y if !SMALL_FLASH +config KERNEL_PROC_STRIPPED + bool "Strip non-essential /proc functionality to reduce code size" + default y if SMALL_FLASH + config KERNEL_DEBUG_FS bool "Compile the kernel with debug filesystem enabled" default y @@ -50,12 +47,25 @@ config KERNEL_MIPS_FP_SUPPORT config KERNEL_ARM_PMU bool - default n + default y if TARGET_armsr_armv8 depends on (arm || aarch64) +config KERNEL_ARM_PMUV3 + bool + default y if TARGET_armsr_armv8 + depends on (arm_v7 || aarch64) && LINUX_6_6 + +config KERNEL_RISCV_PMU + bool + select KERNEL_RISCV_PMU_SBI + depends on riscv64 + +config KERNEL_RISCV_PMU_SBI + bool + depends on riscv64 + config KERNEL_X86_VSYSCALL_EMULATION bool "Enable vsyscall emulation" - default n depends on x86_64 help This enables emulation of the legacy vsyscall page. Disabling @@ -73,17 +83,22 @@ config KERNEL_X86_VSYSCALL_EMULATION config KERNEL_PERF_EVENTS bool "Compile the kernel with performance events and counters" - default n select KERNEL_ARM_PMU if (arm || aarch64) + select KERNEL_ARM_PMUV3 if (arm_v7 || aarch64) && LINUX_6_6 + select KERNEL_RISCV_PMU if riscv64 config KERNEL_PROFILING bool "Compile the kernel with profiling enabled" - default n select KERNEL_PERF_EVENTS help Enable the extended profiling support mechanisms used by profilers such as OProfile. +config KERNEL_RPI_AXIPERF + bool "Compile the kernel with RaspberryPi AXI Performance monitors" + default y + depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx + config KERNEL_UBSAN bool "Compile the kernel with undefined behaviour sanity checker" help @@ -112,6 +127,16 @@ config KERNEL_UBSAN_ALIGNMENT Enabling this option on architectures that support unaligned accesses may produce a lot of false positives. +config KERNEL_UBSAN_BOUNDS + bool "Perform array index bounds checking" + depends on KERNEL_UBSAN + help + This option enables detection of directly indexed out of bounds array + accesses, where the array size is known at compile time. Note that + this does not protect array overflows via bad calls to the + {str,mem}*cpy() family of functions (that is addressed by + FORTIFY_SOURCE). + config KERNEL_UBSAN_NULL bool "Enable checking of null pointers" depends on KERNEL_UBSAN @@ -119,10 +144,23 @@ config KERNEL_UBSAN_NULL This option enables detection of memory accesses via a null pointer. +config KERNEL_UBSAN_TRAP + bool "On Sanitizer warnings, abort the running kernel code" + depends on KERNEL_UBSAN + help + Building kernels with Sanitizer features enabled tends to grow the + kernel size by around 5%, due to adding all the debugging text on + failure paths. To avoid this, Sanitizer instrumentation can just + issue a trap. This reduces the kernel size overhead but turns all + warnings (including potentially harmless conditions) into full + exceptions that abort the running kernel code (regardless of context, + locks held, etc), which may destabilize the system. For some system + builders this is an acceptable trade-off. + config KERNEL_KASAN bool "Compile the kernel with KASan: runtime memory debugger" select KERNEL_SLUB_DEBUG - depends on (x86_64 || aarch64) + depends on (x86_64 || aarch64 || arm || powerpc || riscv64) help Enables kernel address sanitizer - runtime memory debugger, designed to find out-of-bounds accesses and use-after-free bugs. @@ -145,10 +183,91 @@ config KERNEL_KASAN_EXTRA compile time. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more +config KERNEL_KASAN_VMALLOC + bool "Back mappings in vmalloc space with real shadow memory" + depends on KERNEL_KASAN + help + By default, the shadow region for vmalloc space is the read-only + zero page. This means that KASAN cannot detect errors involving + vmalloc space. + + Enabling this option will hook in to vmap/vmalloc and back those + mappings with real shadow memory allocated on demand. This allows + for KASAN to detect more sorts of errors (and to support vmapped + stacks), but at the cost of higher memory usage. + + This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't + depend on that in here, so it is possible that enabling this + will have no effect. + +if KERNEL_KASAN +choice + prompt "KASAN mode" + depends on KERNEL_KASAN + default KERNEL_KASAN_GENERIC + help + KASAN has three modes: + + 1. Generic KASAN (supported by many architectures, enabled with + CONFIG_KASAN_GENERIC, similar to userspace ASan), + 2. Software Tag-Based KASAN (arm64 only, based on software memory + tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace + HWASan), and + 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory + tagging, enabled with CONFIG_KASAN_HW_TAGS). + +config KERNEL_KASAN_GENERIC + bool "Generic KASAN" + select KERNEL_SLUB_DEBUG + help + Enables Generic KASAN. + + Consumes about 1/8th of available memory at kernel start and adds an + overhead of ~50% for dynamic allocations. + The performance slowdown is ~x3. + +config KERNEL_KASAN_SW_TAGS + bool "Software Tag-Based KASAN" + depends on aarch64 + select KERNEL_SLUB_DEBUG + help + Enables Software Tag-Based KASAN. + + Supported only on arm64 CPUs and relies on Top Byte Ignore. + + Consumes about 1/16th of available memory at kernel start and + add an overhead of ~20% for dynamic allocations. + + May potentially introduce problems related to pointer casting and + comparison, as it embeds a tag into the top byte of each pointer. + +config KERNEL_KASAN_HW_TAGS + bool "Hardware Tag-Based KASAN" + depends on aarch64 + select KERNEL_SLUB_DEBUG + select KERNEL_ARM64_MTE + help + Enables Hardware Tag-Based KASAN. + + Supported only on arm64 CPUs starting from ARMv8.5 and relies on + Memory Tagging Extension and Top Byte Ignore. + + Consumes about 1/32nd of available memory. + + May potentially introduce problems related to pointer casting and + comparison, as it embeds a tag into the top byte of each pointer. + +endchoice + + config KERNEL_ARM64_MTE + def_bool n + +endif choice prompt "Instrumentation type" depends on KERNEL_KASAN + depends on !KERNEL_KASAN_HW_TAGS default KERNEL_KASAN_OUTLINE config KERNEL_KASAN_OUTLINE @@ -206,7 +325,6 @@ config KERNEL_KCOV_INSTRUMENT_ALL config KERNEL_TASKSTATS bool "Compile the kernel with task resource/io statistics and accounting" - default n help Enable the collection and publishing of task/io statistics and accounting. Enable this option to enable i/o monitoring in system @@ -234,41 +352,80 @@ config KERNEL_KALLSYMS config KERNEL_FTRACE bool "Compile the kernel with tracing support" depends on !TARGET_uml - default n config KERNEL_FTRACE_SYSCALLS bool "Trace system calls" depends on KERNEL_FTRACE - default n config KERNEL_ENABLE_DEFAULT_TRACERS bool "Trace process context switches and events" depends on KERNEL_FTRACE - default n config KERNEL_FUNCTION_TRACER bool "Function tracer" depends on KERNEL_FTRACE - default n config KERNEL_FUNCTION_GRAPH_TRACER bool "Function graph tracer" depends on KERNEL_FUNCTION_TRACER - default n config KERNEL_DYNAMIC_FTRACE bool "Enable/disable function tracing dynamically" depends on KERNEL_FUNCTION_TRACER - default n config KERNEL_FUNCTION_PROFILER bool "Function profiler" depends on KERNEL_FUNCTION_TRACER - default n + +config KERNEL_IRQSOFF_TRACER + bool "Interrupts-off Latency Tracer" + depends on KERNEL_FTRACE + help + This option measures the time spent in irqs-off critical + sections, with microsecond accuracy. + + The default measurement method is a maximum search, which is + disabled by default and can be runtime (re-)started + via: + + echo 0 > /sys/kernel/debug/tracing/tracing_max_latency + + (Note that kernel size and overhead increase with this option + enabled. This option and the preempt-off timing option can be + used together or separately.) + +config KERNEL_PREEMPT_TRACER + bool "Preemption-off Latency Tracer" + depends on KERNEL_FTRACE + help + This option measures the time spent in preemption-off critical + sections, with microsecond accuracy. + + The default measurement method is a maximum search, which is + disabled by default and can be runtime (re-)started + via: + + echo 0 > /sys/kernel/debug/tracing/tracing_max_latency + + (Note that kernel size and overhead increase with this option + enabled. This option and the irqs-off timing option can be + used together or separately.) + +config KERNEL_HIST_TRIGGERS + bool "Histogram triggers" + depends on KERNEL_FTRACE + help + Hist triggers allow one or more arbitrary trace event fields to be + aggregated into hash tables and dumped to stdout by reading a + debugfs/tracefs file. They're useful for gathering quick and dirty + (though precise) summaries of event activity as an initial guide for + further investigation using more advanced tools. + + Inter-event tracing of quantities such as latencies is also + supported using hist triggers under this option. config KERNEL_DEBUG_KERNEL bool - default n config KERNEL_DEBUG_INFO bool "Compile the kernel with debug information" @@ -277,6 +434,58 @@ config KERNEL_DEBUG_INFO help This will compile your kernel and modules with debug information. +config KERNEL_DEBUG_INFO_BTF + + bool "Enable additional BTF type information" + depends on !HOST_OS_MACOS + depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED + select DWARVES + help + Generate BPF Type Format (BTF) information from DWARF debug info. + Turning this on expects presence of pahole tool, which will convert + DWARF type info into equivalent deduplicated BTF type info. + + Required to run BPF CO-RE applications. + +config KERNEL_MODULE_ALLOW_BTF_MISMATCH + bool "Allow loading modules with non-matching BTF type info" + depends on KERNEL_DEBUG_INFO_BTF + help + For modules whose split BTF does not match vmlinux, load without + BTF rather than refusing to load. The default behavior with + module BTF enabled is to reject modules with such mismatches; + this option will still load module BTF where possible but ignore + it when a mismatch is found. + +config KERNEL_DEBUG_INFO_REDUCED + bool "Reduce debugging information" + default y + depends on KERNEL_DEBUG_INFO + help + If you say Y here gcc is instructed to generate less debugging + information for structure types. This means that tools that + need full debugging information (like kgdb or systemtap) won't + be happy. But if you merely need debugging information to + resolve line numbers there is no loss. Advantage is that + build directory object sizes shrink dramatically over a full + DEBUG_INFO build and compile times are reduced too. + Only works with newer gcc versions. + +config KERNEL_FRAME_WARN + int + range 0 8192 + default 1280 if KERNEL_KASAN && !ARCH_64BIT + default 1024 if !ARCH_64BIT + default 2048 if ARCH_64BIT + help + Tell the compiler to warn at build time for stack frames larger than this. + Setting this too low will cause a lot of warnings. + Setting it to 0 disables the warning. + +# KERNEL_DEBUG_LL symbols must have the default value set as otherwise +# KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected +# which means that buildroot wont override the DEBUG_LL symbols in target +# kernel configurations and lead to devices that dont have working console config KERNEL_DEBUG_LL_UART_NONE bool default n @@ -290,10 +499,16 @@ config KERNEL_DEBUG_LL help ARM low level debugging. +config KERNEL_DEBUG_VIRTUAL + bool "Compile the kernel with VM translations debugging" + select KERNEL_DEBUG_KERNEL + help + Enable checks sanity checks to catch invalid uses of + virt_to_phys()/phys_to_virt() against the non-linear address space. + config KERNEL_DYNAMIC_DEBUG bool "Compile the kernel with dynamic printk" select KERNEL_DEBUG_FS - default n help Compiles debug level messages into the kernel, which would not otherwise be available at runtime. These messages can then be @@ -305,7 +520,6 @@ config KERNEL_DYNAMIC_DEBUG config KERNEL_EARLY_PRINTK bool "Compile the kernel with early printk" default y if TARGET_bcm53xx - default n depends on arm select KERNEL_DEBUG_KERNEL select KERNEL_DEBUG_LL if arm @@ -316,7 +530,6 @@ config KERNEL_EARLY_PRINTK config KERNEL_KPROBES bool "Compile the kernel with kprobes support" - default n select KERNEL_FTRACE select KERNEL_PERF_EVENTS help @@ -327,18 +540,33 @@ config KERNEL_KPROBES instrumentation and testing. If in doubt, say "N". -config KERNEL_KPROBE_EVENT +config KERNEL_KPROBE_EVENTS bool default y if KERNEL_KPROBES -config KERNEL_KPROBE_EVENTS +config KERNEL_BPF_EVENTS + bool "Compile the kernel with BPF event support" + select KERNEL_KPROBES + help + Allows to attach BPF programs to kprobe, uprobe and tracepoint events. + This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY + for sending data from BPF programs to user-space for post-processing + or logging. + +config KERNEL_BPF_KPROBE_OVERRIDE bool - default y if KERNEL_KPROBES + depends on KERNEL_KPROBES + default n config KERNEL_AIO bool "Compile the kernel with asynchronous IO support" default y if !SMALL_FLASH +config KERNEL_IO_URING + bool "Compile the kernel with io_uring support" + depends on !SMALL_FLASH + default y if (x86_64 || aarch64) + config KERNEL_FHANDLE bool "Compile the kernel with support for fhandle syscalls" default y if !SMALL_FLASH @@ -349,7 +577,6 @@ config KERNEL_FANOTIFY config KERNEL_BLK_DEV_BSG bool "Compile the kernel with SCSI generic v4 support for any block device" - default n config KERNEL_TRANSPARENT_HUGEPAGE bool @@ -373,7 +600,6 @@ config KERNEL_HUGETLB_PAGE bool "Compile the kernel with HugeTLB support" select KERNEL_TRANSPARENT_HUGEPAGE select KERNEL_HUGETLBFS - default n config KERNEL_MAGIC_SYSRQ bool "Compile the kernel with SysRq support" @@ -398,36 +624,35 @@ config KERNEL_ELF_CORE config KERNEL_PROVE_LOCKING bool "Enable kernel lock checking" select KERNEL_DEBUG_KERNEL - default n -config KERNEL_LOCKUP_DETECTOR - bool "Compile the kernel with detect Hard and Soft Lockups" +config KERNEL_SOFTLOCKUP_DETECTOR + bool "Compile the kernel with detect Soft Lockups" depends on KERNEL_DEBUG_KERNEL help Say Y here to enable the kernel to act as a watchdog to detect - hard and soft lockups. + soft lockups. Softlockups are bugs that cause the kernel to loop in kernel mode for more than 20 seconds, without giving other tasks a chance to run. The current stack trace is displayed upon detection and the system will stay locked up. +config KERNEL_HARDLOCKUP_DETECTOR + bool "Compile the kernel with detect Hard Lockups" + depends on KERNEL_DEBUG_KERNEL + help + Say Y here to enable the kernel to act as a watchdog to detect + hard lockups. + Hardlockups are bugs that cause the CPU to loop in kernel mode for more than 10 seconds, without letting other interrupts have a chance to run. The current stack trace is displayed upon detection and the system will stay locked up. - The overhead should be minimal. A periodic hrtimer runs to - generate interrupts and kick the watchdog task every 4 seconds. - An NMI is generated every 10 seconds or so to check for hardlockups. - - The frequency of hrtimer and NMI events and the soft and hard lockup - thresholds can be controlled through the sysctl watchdog_thresh. - config KERNEL_DETECT_HUNG_TASK bool "Compile the kernel with detect Hung Tasks" depends on KERNEL_DEBUG_KERNEL - default KERNEL_LOCKUP_DETECTOR + default KERNEL_SOFTLOCKUP_DETECTOR help Say Y here to enable the kernel to detect "hung tasks", which are bugs that cause the task to be stuck in @@ -473,10 +698,23 @@ config KERNEL_PRINTK_TIME default y config KERNEL_SLUB_DEBUG - bool + bool "Enable SLUB debugging support" + help + This enables various debugging features: + - Accepts "slub_debug" kernel parameter + - Provides caches debugging options (e.g. tracing, validating) + - Adds /sys/kernel/slab/ attrs for reading amounts of *objects* + - Enables /proc/slabinfo support + - Prints info when running out of memory + + Enabling this can result in a significant increase of code size. config KERNEL_SLUB_DEBUG_ON - bool + depends on KERNEL_SLUB_DEBUG + bool "Boot kernel with basic caches debugging enabled" + help + This enables by default sanity_checks, red_zone, poison and store_user + debugging options for all caches. config KERNEL_SLABINFO select KERNEL_SLUB_DEBUG @@ -512,11 +750,9 @@ config USE_RFKILL config USE_SPARSE bool "Enable sparse check during kernel build" - default n config KERNEL_DEVTMPFS bool "Compile the kernel with device tmpfs enabled" - default n help devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates devices nodes for all registered devices to simplify boot, but leaves more @@ -526,7 +762,6 @@ if KERNEL_DEVTMPFS config KERNEL_DEVTMPFS_MOUNT bool "Automatically mount devtmpfs after root filesystem is mounted" - default n endif @@ -537,17 +772,14 @@ config KERNEL_KEYS config KERNEL_PERSISTENT_KEYRINGS bool "Enable kernel persistent keyrings" depends on KERNEL_KEYS - default n config KERNEL_KEYS_REQUEST_CACHE bool "Enable temporary caching of the last request_key() result" depends on KERNEL_KEYS - default n config KERNEL_BIG_KEYS bool "Enable large payload keys on kernel keyrings" depends on KERNEL_KEYS - default n # # CGROUP support symbols @@ -561,7 +793,6 @@ if KERNEL_CGROUPS config KERNEL_CGROUP_DEBUG bool "Example debug cgroup subsystem" - default n help This option enables a simple cgroup subsystem that exports useful debugging information about the cgroups @@ -572,7 +803,6 @@ if KERNEL_CGROUPS config KERNEL_CGROUP_FREEZER bool "legacy Freezer cgroup subsystem" - default n select KERNEL_FREEZER help Provides a way to freeze and unfreeze all tasks in a @@ -582,7 +812,6 @@ if KERNEL_CGROUPS config KERNEL_CGROUP_DEVICE bool "legacy Device controller for cgroups" - default n help Provides a cgroup implementing whitelists for devices which a process in the cgroup can mknod or open. @@ -590,7 +819,6 @@ if KERNEL_CGROUPS config KERNEL_CGROUP_HUGETLB bool "HugeTLB controller" - default n select KERNEL_HUGETLB_PAGE config KERNEL_CGROUP_PIDS @@ -619,7 +847,6 @@ if KERNEL_CGROUPS config KERNEL_PROC_PID_CPUSET bool "Include legacy /proc//cpuset file" - default n depends on KERNEL_CPUSETS config KERNEL_CGROUP_CPUACCT @@ -644,7 +871,7 @@ if KERNEL_CGROUPS bool "Memory Resource Controller for Control Groups" default y select KERNEL_FREEZER - depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18 + depends on KERNEL_RESOURCE_COUNTERS help Provides a memory resource controller that manages both anonymous memory and page cache. (See Documentation/cgroups/memory.txt) @@ -685,7 +912,6 @@ if KERNEL_CGROUPS config KERNEL_MEMCG_SWAP_ENABLED bool "Memory Resource Controller Swap Extension enabled by default" - default n depends on KERNEL_MEMCG_SWAP help Memory Resource Controller Swap Extension comes with its price in @@ -714,7 +940,6 @@ if KERNEL_CGROUPS config KERNEL_CGROUP_PERF bool "Enable perf_event per-cpu per-container group (cgroup) monitoring" select KERNEL_PERF_EVENTS - default n help This option extends the per-cpu mode to restrict monitoring to threads which belong to the cgroup specified and run on the @@ -791,7 +1016,6 @@ if KERNEL_CGROUPS config KERNEL_DEBUG_BLK_CGROUP bool "Enable Block IO controller debugging" - default n depends on KERNEL_BLK_CGROUP help Enable some debugging help. Currently it exports additional stat @@ -799,15 +1023,12 @@ if KERNEL_CGROUPS config KERNEL_NET_CLS_CGROUP bool "legacy Control Group Classifier" - default n config KERNEL_CGROUP_NET_CLASSID bool "legacy Network classid cgroup" - default n config KERNEL_CGROUP_NET_PRIO bool "legacy Network priority cgroup" - default n endif @@ -907,6 +1128,19 @@ config KERNEL_IP_MROUTE Multicast routing requires a multicast routing daemon in addition to kernel support. +if KERNEL_IP_MROUTE + + config KERNEL_IP_MROUTE_MULTIPLE_TABLES + def_bool y + + config KERNEL_IP_PIMSM_V1 + def_bool y + + config KERNEL_IP_PIMSM_V2 + def_bool y + +endif + # # IPv6 configuration # @@ -929,11 +1163,50 @@ if KERNEL_IPV6 Multicast routing requires a multicast routing daemon in addition to kernel support. - config KERNEL_IPV6_PIMSM_V2 + if KERNEL_IPV6_MROUTE + + config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES + def_bool y + + config KERNEL_IPV6_PIMSM_V2 + def_bool y + + endif + + config KERNEL_IPV6_SEG6_LWTUNNEL + bool "Enable support for lightweight tunnels" + default y if !SMALL_FLASH + help + Using lwtunnel (needed for IPv6 segment routing) requires ip-full package. + + config KERNEL_LWTUNNEL_BPF def_bool n endif +# +# Miscellaneous network configuration +# + +config KERNEL_NET_L3_MASTER_DEV + bool "L3 Master device support" + help + This module provides glue between core networking code and device + drivers to support L3 master devices like VRF. + +config KERNEL_XDP_SOCKETS + bool "XDP sockets support" + help + XDP sockets allows a channel between XDP programs and + userspace applications. + +config KERNEL_PAGE_POOL + def_bool n + +config KERNEL_PAGE_POOL_STATS + bool "Page pool stats support" + depends on KERNEL_PAGE_POOL + # # NFS related symbols # @@ -971,7 +1244,6 @@ endif menu "Filesystem ACL and attr support options" config USE_FS_ACL_ATTR bool "Use filesystem ACL and attr support by default" - default n help Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default for kernel and packages, except tmpfs, flash filesystems, @@ -996,17 +1268,14 @@ menu "Filesystem ACL and attr support options" config KERNEL_F2FS_FS_POSIX_ACL bool "Enable POSIX ACL for F2FS Filesystems" select KERNEL_FS_POSIX_ACL - default n config KERNEL_JFFS2_FS_POSIX_ACL bool "Enable POSIX ACL for JFFS2 Filesystems" select KERNEL_FS_POSIX_ACL - default n config KERNEL_TMPFS_POSIX_ACL bool "Enable POSIX ACL for TMPFS Filesystems" select KERNEL_FS_POSIX_ACL - default n config KERNEL_CIFS_ACL bool "Enable CIFS ACLs" @@ -1029,15 +1298,12 @@ menu "Filesystem ACL and attr support options" config KERNEL_NFS_V3_ACL_SUPPORT bool "Enable ACLs for NFSv3" - default n config KERNEL_NFSD_V2_ACL_SUPPORT bool "Enable ACLs for NFSDv2" - default n config KERNEL_NFSD_V3_ACL_SUPPORT bool "Enable ACLs for NFSDv3" - default n config KERNEL_REISER_FS_POSIX_ACL bool "Enable POSIX ACLs for ReiserFS" @@ -1079,7 +1345,7 @@ config KERNEL_SQUASHFS_XATTR bool "Squashfs XATTR support" # -# compile optimiziation setting +# compile optimization setting # choice prompt "Compiler optimization level" @@ -1129,6 +1395,16 @@ config KERNEL_SECURITY_SELINUX_DEVELOP depends on KERNEL_SECURITY_SELINUX default y +config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS + int + depends on KERNEL_SECURITY_SELINUX + default 9 + +config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE + int + depends on KERNEL_SECURITY_SELINUX + default 256 + config KERNEL_LSM string default "lockdown,yama,loadpin,safesetid,integrity,selinux" @@ -1145,3 +1421,17 @@ config KERNEL_UBIFS_FS_SECURITY config KERNEL_JFFS2_FS_SECURITY bool "JFFS2 Security Labels" + +config KERNEL_WERROR + bool "Compile the kernel with warnings as errors" + help + A kernel build should not cause any compiler warnings, and this + enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags + to enforce that rule by default. Certain warnings from other tools + such as the linker may be upgraded to errors with this option as + well. + + However, if you have a new (or very old) compiler or linker with odd + and unusual warnings, or you have some architecture with problems, + you may need to disable this config option in order to + successfully build the kernel.