projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: make lwtunnel support optional
[openwrt/openwrt.git] / config / Config-kernel.in
1 # Copyright (C) 2006-2014 OpenWrt.org
2 #
3 # This is free software, licensed under the GNU General Public License v2.
4 # See /LICENSE for more information.
5 #
6
7 config KERNEL_BUILD_USER
8 string "Custom Kernel Build User Name"
9 default "builder" if BUILDBOT
10 default ""
11 help
12 Sets the Kernel build user string, which for example will be returned
13 by 'uname -a' on running systems.
14 If not set, uses system user at build time.
15
16 config KERNEL_BUILD_DOMAIN
17 string "Custom Kernel Build Domain Name"
18 default "buildhost" if BUILDBOT
19 default ""
20 help
21 Sets the Kernel build domain string, which for example will be
22 returned by 'uname -a' on running systems.
23 If not set, uses system hostname at build time.
24
25 config KERNEL_PRINTK
26 bool "Enable support for printk"
27 default y
28
29 config KERNEL_CRASHLOG
30 bool "Crash logging"
31 depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
32 default y
33
34 config KERNEL_SWAP
35 bool "Support for paging of anonymous memory (swap)"
36 default y if !SMALL_FLASH
37
38 config KERNEL_PROC_STRIPPED
39 bool "Strip non-essential /proc functionality to reduce code size"
40 default y if SMALL_FLASH
41
42 config KERNEL_DEBUG_FS
43 bool "Compile the kernel with debug filesystem enabled"
44 default y
45 help
46 debugfs is a virtual file system that kernel developers use to put
47 debugging files into. Enable this option to be able to read and
48 write to these files. Many common debugging facilities, such as
49 ftrace, require the existence of debugfs.
50
51 config KERNEL_MIPS_FP_SUPPORT
52 bool
53 default y if TARGET_pistachio
54
55 config KERNEL_ARM_PMU
56 bool
57 default n
58 depends on (arm || aarch64)
59
60 config KERNEL_X86_VSYSCALL_EMULATION
61 bool "Enable vsyscall emulation"
62 default n
63 depends on x86_64
64 help
65 This enables emulation of the legacy vsyscall page. Disabling
66 it is roughly equivalent to booting with vsyscall=none, except
67 that it will also disable the helpful warning if a program
68 tries to use a vsyscall. With this option set to N, offending
69 programs will just segfault, citing addresses of the form
70 0xffffffffff600?00.
71
72 This option is required by many programs built before 2013, and
73 care should be used even with newer programs if set to N.
74
75 Disabling this option saves about 7K of kernel size and
76 possibly 4K of additional runtime pagetable memory.
77
78 config KERNEL_PERF_EVENTS
79 bool "Compile the kernel with performance events and counters"
80 default n
81 select KERNEL_ARM_PMU if (arm || aarch64)
82
83 config KERNEL_PROFILING
84 bool "Compile the kernel with profiling enabled"
85 default n
86 select KERNEL_PERF_EVENTS
87 help
88 Enable the extended profiling support mechanisms used by profilers such
89 as OProfile.
90
91 config KERNEL_UBSAN
92 bool "Compile the kernel with undefined behaviour sanity checker"
93 help
94 This option enables undefined behaviour sanity checker
95 Compile-time instrumentation is used to detect various undefined
96 behaviours in runtime. Various types of checks may be enabled
97 via boot parameter ubsan_handle
98 (see: Documentation/dev-tools/ubsan.rst).
99
100 config KERNEL_UBSAN_SANITIZE_ALL
101 bool "Enable instrumentation for the entire kernel"
102 depends on KERNEL_UBSAN
103 default y
104 help
105 This option activates instrumentation for the entire kernel.
106 If you don't enable this option, you have to explicitly specify
107 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
108 Enabling this option will get kernel image size increased
109 significantly.
110
111 config KERNEL_UBSAN_ALIGNMENT
112 bool "Enable checking of pointers alignment"
113 depends on KERNEL_UBSAN
114 help
115 This option enables detection of unaligned memory accesses.
116 Enabling this option on architectures that support unaligned
117 accesses may produce a lot of false positives.
118
119 config KERNEL_UBSAN_NULL
120 bool "Enable checking of null pointers"
121 depends on KERNEL_UBSAN
122 help
123 This option enables detection of memory accesses via a
124 null pointer.
125
126 config KERNEL_KASAN
127 bool "Compile the kernel with KASan: runtime memory debugger"
128 select KERNEL_SLUB_DEBUG
129 depends on (x86_64 || aarch64)
130 help
131 Enables kernel address sanitizer - runtime memory debugger,
132 designed to find out-of-bounds accesses and use-after-free bugs.
133 This is strictly a debugging feature and it requires a gcc version
134 of 4.9.2 or later. Detection of out of bounds accesses to stack or
135 global variables requires gcc 5.0 or later.
136 This feature consumes about 1/8 of available memory and brings about
137 ~x3 performance slowdown.
138 For better error detection enable CONFIG_STACKTRACE.
139 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
140 (the resulting kernel does not boot).
141
142 config KERNEL_KASAN_EXTRA
143 bool "KAsan: extra checks"
144 depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
145 help
146 This enables further checks in the kernel address sanitizer, for now
147 it only includes the address-use-after-scope check that can lead
148 to excessive kernel stack usage, frame size warnings and longer
149 compile time.
150 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
151
152
153 choice
154 prompt "Instrumentation type"
155 depends on KERNEL_KASAN
156 default KERNEL_KASAN_OUTLINE
157
158 config KERNEL_KASAN_OUTLINE
159 bool "Outline instrumentation"
160 help
161 Before every memory access compiler insert function call
162 __asan_load*/__asan_store*. These functions performs check
163 of shadow memory. This is slower than inline instrumentation,
164 however it doesn't bloat size of kernel's .text section so
165 much as inline does.
166
167 config KERNEL_KASAN_INLINE
168 bool "Inline instrumentation"
169 help
170 Compiler directly inserts code checking shadow memory before
171 memory accesses. This is faster than outline (in some workloads
172 it gives about x2 boost over outline instrumentation), but
173 make kernel's .text size much bigger.
174 This requires a gcc version of 5.0 or later.
175
176 endchoice
177
178 config KERNEL_KCOV
179 bool "Compile the kernel with code coverage for fuzzing"
180 select KERNEL_DEBUG_FS
181 help
182 KCOV exposes kernel code coverage information in a form suitable
183 for coverage-guided fuzzing (randomized testing).
184
185 If RANDOMIZE_BASE is enabled, PC values will not be stable across
186 different machines and across reboots. If you need stable PC values,
187 disable RANDOMIZE_BASE.
188
189 For more details, see Documentation/kcov.txt.
190
191 config KERNEL_KCOV_ENABLE_COMPARISONS
192 bool "Enable comparison operands collection by KCOV"
193 depends on KERNEL_KCOV
194 help
195 KCOV also exposes operands of every comparison in the instrumented
196 code along with operand sizes and PCs of the comparison instructions.
197 These operands can be used by fuzzing engines to improve the quality
198 of fuzzing coverage.
199
200 config KERNEL_KCOV_INSTRUMENT_ALL
201 bool "Instrument all code by default"
202 depends on KERNEL_KCOV
203 default y if KERNEL_KCOV
204 help
205 If you are doing generic system call fuzzing (like e.g. syzkaller),
206 then you will want to instrument the whole kernel and you should
207 say y here. If you are doing more targeted fuzzing (like e.g.
208 filesystem fuzzing with AFL) then you will want to enable coverage
209 for more specific subsets of files, and should say n here.
210
211 config KERNEL_TASKSTATS
212 bool "Compile the kernel with task resource/io statistics and accounting"
213 default n
214 help
215 Enable the collection and publishing of task/io statistics and
216 accounting. Enable this option to enable i/o monitoring in system
217 monitors.
218
219 if KERNEL_TASKSTATS
220
221 config KERNEL_TASK_DELAY_ACCT
222 def_bool y
223
224 config KERNEL_TASK_IO_ACCOUNTING
225 def_bool y
226
227 config KERNEL_TASK_XACCT
228 def_bool y
229
230 endif
231
232 config KERNEL_KALLSYMS
233 bool "Compile the kernel with symbol table information"
234 default y if !SMALL_FLASH
235 help
236 This will give you more information in stack traces from kernel oopses.
237
238 config KERNEL_FTRACE
239 bool "Compile the kernel with tracing support"
240 depends on !TARGET_uml
241 default n
242
243 config KERNEL_FTRACE_SYSCALLS
244 bool "Trace system calls"
245 depends on KERNEL_FTRACE
246 default n
247
248 config KERNEL_ENABLE_DEFAULT_TRACERS
249 bool "Trace process context switches and events"
250 depends on KERNEL_FTRACE
251 default n
252
253 config KERNEL_FUNCTION_TRACER
254 bool "Function tracer"
255 depends on KERNEL_FTRACE
256 default n
257
258 config KERNEL_FUNCTION_GRAPH_TRACER
259 bool "Function graph tracer"
260 depends on KERNEL_FUNCTION_TRACER
261 default n
262
263 config KERNEL_DYNAMIC_FTRACE
264 bool "Enable/disable function tracing dynamically"
265 depends on KERNEL_FUNCTION_TRACER
266 default n
267
268 config KERNEL_FUNCTION_PROFILER
269 bool "Function profiler"
270 depends on KERNEL_FUNCTION_TRACER
271 default n
272
273 config KERNEL_IRQSOFF_TRACER
274 bool "Interrupts-off Latency Tracer"
275 depends on KERNEL_FTRACE
276 help
277 This option measures the time spent in irqs-off critical
278 sections, with microsecond accuracy.
279
280 The default measurement method is a maximum search, which is
281 disabled by default and can be runtime (re-)started
282 via:
283
284 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
285
286 (Note that kernel size and overhead increase with this option
287 enabled. This option and the preempt-off timing option can be
288 used together or separately.)
289
290 config KERNEL_PREEMPT_TRACER
291 bool "Preemption-off Latency Tracer"
292 depends on KERNEL_FTRACE
293 help
294 This option measures the time spent in preemption-off critical
295 sections, with microsecond accuracy.
296
297 The default measurement method is a maximum search, which is
298 disabled by default and can be runtime (re-)started
299 via:
300
301 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
302
303 (Note that kernel size and overhead increase with this option
304 enabled. This option and the irqs-off timing option can be
305 used together or separately.)
306
307 config KERNEL_DEBUG_KERNEL
308 bool
309 default n
310
311 config KERNEL_DEBUG_INFO
312 bool "Compile the kernel with debug information"
313 default y if !SMALL_FLASH
314 select KERNEL_DEBUG_KERNEL
315 help
316 This will compile your kernel and modules with debug information.
317
318 config KERNEL_DEBUG_LL_UART_NONE
319 bool
320 default n
321 depends on arm
322
323 config KERNEL_DEBUG_LL
324 bool
325 default n
326 depends on arm
327 select KERNEL_DEBUG_LL_UART_NONE
328 help
329 ARM low level debugging.
330
331 config KERNEL_DYNAMIC_DEBUG
332 bool "Compile the kernel with dynamic printk"
333 select KERNEL_DEBUG_FS
334 default n
335 help
336 Compiles debug level messages into the kernel, which would not
337 otherwise be available at runtime. These messages can then be
338 enabled/disabled based on various levels of scope - per source file,
339 function, module, format string, and line number. This mechanism
340 implicitly compiles in all pr_debug() and dev_dbg() calls, which
341 enlarges the kernel text size by about 2%.
342
343 config KERNEL_EARLY_PRINTK
344 bool "Compile the kernel with early printk"
345 default y if TARGET_bcm53xx
346 default n
347 depends on arm
348 select KERNEL_DEBUG_KERNEL
349 select KERNEL_DEBUG_LL if arm
350 help
351 Compile the kernel with early printk support. This is only useful for
352 debugging purposes to send messages over the serial console in early boot.
353 Enable this to debug early boot problems.
354
355 config KERNEL_KPROBES
356 bool "Compile the kernel with kprobes support"
357 default n
358 select KERNEL_FTRACE
359 select KERNEL_PERF_EVENTS
360 help
361 Compiles the kernel with KPROBES support, which allows you to trap
362 at almost any kernel address and execute a callback function.
363 register_kprobe() establishes a probepoint and specifies the
364 callback. Kprobes is useful for kernel debugging, non-intrusive
365 instrumentation and testing.
366 If in doubt, say "N".
367
368 config KERNEL_KPROBE_EVENT
369 bool
370 default y if KERNEL_KPROBES
371
372 config KERNEL_KPROBE_EVENTS
373 bool
374 default y if KERNEL_KPROBES
375
376 config KERNEL_AIO
377 bool "Compile the kernel with asynchronous IO support"
378 default y if !SMALL_FLASH
379
380 config KERNEL_IO_URING
381 bool "Compile the kernel with io_uring support"
382 default y if !SMALL_FLASH
383
384 config KERNEL_FHANDLE
385 bool "Compile the kernel with support for fhandle syscalls"
386 default y if !SMALL_FLASH
387
388 config KERNEL_FANOTIFY
389 bool "Compile the kernel with modern file notification support"
390 default y if !SMALL_FLASH
391
392 config KERNEL_BLK_DEV_BSG
393 bool "Compile the kernel with SCSI generic v4 support for any block device"
394 default n
395
396 config KERNEL_TRANSPARENT_HUGEPAGE
397 bool
398
399 choice
400 prompt "Transparent Hugepage Support sysfs defaults"
401 depends on KERNEL_TRANSPARENT_HUGEPAGE
402 default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
403
404 config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
405 bool "always"
406
407 config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
408 bool "madvise"
409 endchoice
410
411 config KERNEL_HUGETLBFS
412 bool
413
414 config KERNEL_HUGETLB_PAGE
415 bool "Compile the kernel with HugeTLB support"
416 select KERNEL_TRANSPARENT_HUGEPAGE
417 select KERNEL_HUGETLBFS
418 default n
419
420 config KERNEL_MAGIC_SYSRQ
421 bool "Compile the kernel with SysRq support"
422 default y
423
424 config KERNEL_DEBUG_PINCTRL
425 bool "Compile the kernel with pinctrl debugging"
426 select KERNEL_DEBUG_KERNEL
427
428 config KERNEL_DEBUG_GPIO
429 bool "Compile the kernel with gpio debugging"
430 select KERNEL_DEBUG_KERNEL
431
432 config KERNEL_COREDUMP
433 bool
434
435 config KERNEL_ELF_CORE
436 bool "Enable process core dump support"
437 select KERNEL_COREDUMP
438 default y if !SMALL_FLASH
439
440 config KERNEL_PROVE_LOCKING
441 bool "Enable kernel lock checking"
442 select KERNEL_DEBUG_KERNEL
443 default n
444
445 config KERNEL_LOCKUP_DETECTOR
446 bool "Compile the kernel with detect Hard and Soft Lockups"
447 depends on KERNEL_DEBUG_KERNEL
448 help
449 Say Y here to enable the kernel to act as a watchdog to detect
450 hard and soft lockups.
451
452 Softlockups are bugs that cause the kernel to loop in kernel
453 mode for more than 20 seconds, without giving other tasks a
454 chance to run. The current stack trace is displayed upon
455 detection and the system will stay locked up.
456
457 Hardlockups are bugs that cause the CPU to loop in kernel mode
458 for more than 10 seconds, without letting other interrupts have a
459 chance to run. The current stack trace is displayed upon detection
460 and the system will stay locked up.
461
462 The overhead should be minimal. A periodic hrtimer runs to
463 generate interrupts and kick the watchdog task every 4 seconds.
464 An NMI is generated every 10 seconds or so to check for hardlockups.
465
466 The frequency of hrtimer and NMI events and the soft and hard lockup
467 thresholds can be controlled through the sysctl watchdog_thresh.
468
469 config KERNEL_DETECT_HUNG_TASK
470 bool "Compile the kernel with detect Hung Tasks"
471 depends on KERNEL_DEBUG_KERNEL
472 default KERNEL_LOCKUP_DETECTOR
473 help
474 Say Y here to enable the kernel to detect "hung tasks",
475 which are bugs that cause the task to be stuck in
476 uninterruptible "D" state indefinitely.
477
478 When a hung task is detected, the kernel will print the
479 current stack trace (which you should report), but the
480 task will stay in uninterruptible state. If lockdep is
481 enabled then all held locks will also be reported. This
482 feature has negligible overhead.
483
484 config KERNEL_WQ_WATCHDOG
485 bool "Compile the kernel with detect Workqueue Stalls"
486 depends on KERNEL_DEBUG_KERNEL
487 help
488 Say Y here to enable stall detection on workqueues. If a
489 worker pool doesn't make forward progress on a pending work
490 item for over a given amount of time, 30s by default, a
491 warning message is printed along with dump of workqueue
492 state. This can be configured through kernel parameter
493 "workqueue.watchdog_thresh" and its sysfs counterpart.
494
495 config KERNEL_DEBUG_ATOMIC_SLEEP
496 bool "Compile the kernel with sleep inside atomic section checking"
497 depends on KERNEL_DEBUG_KERNEL
498 help
499 If you say Y here, various routines which may sleep will become very
500 noisy if they are called inside atomic sections: when a spinlock is
501 held, inside an rcu read side critical section, inside preempt disabled
502 sections, inside an interrupt, etc...
503
504 config KERNEL_DEBUG_VM
505 bool "Compile the kernel with debug VM"
506 depends on KERNEL_DEBUG_KERNEL
507 help
508 Enable this to turn on extended checks in the virtual-memory system
509 that may impact performance.
510
511 If unsure, say N.
512
513 config KERNEL_PRINTK_TIME
514 bool "Enable printk timestamps"
515 default y
516
517 config KERNEL_SLUB_DEBUG
518 bool
519
520 config KERNEL_SLUB_DEBUG_ON
521 bool
522
523 config KERNEL_SLABINFO
524 select KERNEL_SLUB_DEBUG
525 select KERNEL_SLUB_DEBUG_ON
526 bool "Enable /proc slab debug info"
527
528 config KERNEL_PROC_PAGE_MONITOR
529 bool "Enable /proc page monitoring"
530
531 config KERNEL_RELAY
532 bool
533
534 config KERNEL_KEXEC
535 bool "Enable kexec support"
536
537 config KERNEL_PROC_VMCORE
538 bool
539
540 config KERNEL_PROC_KCORE
541 bool
542
543 config KERNEL_CRASH_DUMP
544 depends on i386 || x86_64 || arm || armeb
545 select KERNEL_KEXEC
546 select KERNEL_PROC_VMCORE
547 select KERNEL_PROC_KCORE
548 bool "Enable support for kexec crashdump"
549 default y
550
551 config USE_RFKILL
552 bool "Enable rfkill support"
553 default RFKILL_SUPPORT
554
555 config USE_SPARSE
556 bool "Enable sparse check during kernel build"
557 default n
558
559 config KERNEL_DEVTMPFS
560 bool "Compile the kernel with device tmpfs enabled"
561 default n
562 help
563 devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
564 devices nodes for all registered devices to simplify boot, but leaves more
565 complex tasks to userspace (e.g. udev).
566
567 if KERNEL_DEVTMPFS
568
569 config KERNEL_DEVTMPFS_MOUNT
570 bool "Automatically mount devtmpfs after root filesystem is mounted"
571 default n
572
573 endif
574
575 config KERNEL_KEYS
576 bool "Enable kernel access key retention support"
577 default !SMALL_FLASH
578
579 config KERNEL_PERSISTENT_KEYRINGS
580 bool "Enable kernel persistent keyrings"
581 depends on KERNEL_KEYS
582 default n
583
584 config KERNEL_KEYS_REQUEST_CACHE
585 bool "Enable temporary caching of the last request_key() result"
586 depends on KERNEL_KEYS
587 default n
588
589 config KERNEL_BIG_KEYS
590 bool "Enable large payload keys on kernel keyrings"
591 depends on KERNEL_KEYS
592 default n
593
594 #
595 # CGROUP support symbols
596 #
597
598 config KERNEL_CGROUPS
599 bool "Enable kernel cgroups"
600 default y if !SMALL_FLASH
601
602 if KERNEL_CGROUPS
603
604 config KERNEL_CGROUP_DEBUG
605 bool "Example debug cgroup subsystem"
606 default n
607 help
608 This option enables a simple cgroup subsystem that
609 exports useful debugging information about the cgroups
610 framework.
611
612 config KERNEL_FREEZER
613 bool
614
615 config KERNEL_CGROUP_FREEZER
616 bool "legacy Freezer cgroup subsystem"
617 default n
618 select KERNEL_FREEZER
619 help
620 Provides a way to freeze and unfreeze all tasks in a
621 cgroup.
622 (legacy cgroup1-only controller, in cgroup2 freezer
623 is integrated in the Memory controller)
624
625 config KERNEL_CGROUP_DEVICE
626 bool "legacy Device controller for cgroups"
627 default n
628 help
629 Provides a cgroup implementing whitelists for devices which
630 a process in the cgroup can mknod or open.
631 (legacy cgroup1-only controller)
632
633 config KERNEL_CGROUP_HUGETLB
634 bool "HugeTLB controller"
635 default n
636 select KERNEL_HUGETLB_PAGE
637
638 config KERNEL_CGROUP_PIDS
639 bool "PIDs cgroup subsystem"
640 default y
641 help
642 Provides enforcement of process number limits in the scope of a
643 cgroup.
644
645 config KERNEL_CGROUP_RDMA
646 bool "RDMA controller for cgroups"
647 default y
648
649 config KERNEL_CGROUP_BPF
650 bool "Support for eBPF programs attached to cgroups"
651 default y
652
653 config KERNEL_CPUSETS
654 bool "Cpuset support"
655 default y
656 help
657 This option will let you create and manage CPUSETs which
658 allow dynamically partitioning a system into sets of CPUs and
659 Memory Nodes and assigning tasks to run only within those sets.
660 This is primarily useful on large SMP or NUMA systems.
661
662 config KERNEL_PROC_PID_CPUSET
663 bool "Include legacy /proc/<pid>/cpuset file"
664 default n
665 depends on KERNEL_CPUSETS
666
667 config KERNEL_CGROUP_CPUACCT
668 bool "Simple CPU accounting cgroup subsystem"
669 default y
670 help
671 Provides a simple Resource Controller for monitoring the
672 total CPU consumed by the tasks in a cgroup.
673
674 config KERNEL_RESOURCE_COUNTERS
675 bool "Resource counters"
676 default y
677 help
678 This option enables controller independent resource accounting
679 infrastructure that works with cgroups.
680
681 config KERNEL_MM_OWNER
682 bool
683 default y if KERNEL_MEMCG
684
685 config KERNEL_MEMCG
686 bool "Memory Resource Controller for Control Groups"
687 default y
688 select KERNEL_FREEZER
689 depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
690 help
691 Provides a memory resource controller that manages both anonymous
692 memory and page cache. (See Documentation/cgroups/memory.txt)
693
694 Note that setting this option increases fixed memory overhead
695 associated with each page of memory in the system. By this,
696 20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
697 usage tracking struct at boot. Total amount of this is printed out
698 at boot.
699
700 Only enable when you're ok with these tradeoffs and really
701 sure you need the memory resource controller. Even when you enable
702 this, you can set "cgroup_disable=memory" at your boot option to
703 disable memory resource controller and you can avoid overheads
704 (but lose benefits of memory resource controller).
705
706 This config option also selects MM_OWNER config option, which
707 could in turn add some fork/exit overhead.
708
709 config KERNEL_MEMCG_SWAP
710 bool "Memory Resource Controller Swap Extension"
711 default y
712 depends on KERNEL_MEMCG
713 help
714 Add swap management feature to memory resource controller. When you
715 enable this, you can limit mem+swap usage per cgroup. In other words,
716 when you disable this, memory resource controller has no cares to
717 usage of swap...a process can exhaust all of the swap. This extension
718 is useful when you want to avoid exhaustion swap but this itself
719 adds more overheads and consumes memory for remembering information.
720 Especially if you use 32bit system or small memory system, please
721 be careful about enabling this. When memory resource controller
722 is disabled by boot option, this will be automatically disabled and
723 there will be no overhead from this. Even when you set this config=y,
724 if boot option "swapaccount=0" is set, swap will not be accounted.
725 Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
726 size is 4096bytes, 512k per 1Gbytes of swap.
727
728 config KERNEL_MEMCG_SWAP_ENABLED
729 bool "Memory Resource Controller Swap Extension enabled by default"
730 default n
731 depends on KERNEL_MEMCG_SWAP
732 help
733 Memory Resource Controller Swap Extension comes with its price in
734 a bigger memory consumption. General purpose distribution kernels
735 which want to enable the feature but keep it disabled by default
736 and let the user enable it by swapaccount boot command line
737 parameter should have this option unselected.
738
739 Those who want to have the feature enabled by default should
740 select this option (if, for some reason, they need to disable it,
741 then swapaccount=0 does the trick).
742
743
744 config KERNEL_MEMCG_KMEM
745 bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
746 default y
747 depends on KERNEL_MEMCG
748 help
749 The Kernel Memory extension for Memory Resource Controller can limit
750 the amount of memory used by kernel objects in the system. Those are
751 fundamentally different from the entities handled by the standard
752 Memory Controller, which are page-based, and can be swapped. Users of
753 the kmem extension can use it to guarantee that no group of processes
754 will ever exhaust kernel resources alone.
755
756 config KERNEL_CGROUP_PERF
757 bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
758 select KERNEL_PERF_EVENTS
759 default n
760 help
761 This option extends the per-cpu mode to restrict monitoring to
762 threads which belong to the cgroup specified and run on the
763 designated cpu.
764
765 menuconfig KERNEL_CGROUP_SCHED
766 bool "Group CPU scheduler"
767 default y
768 help
769 This feature lets CPU scheduler recognize task groups and control CPU
770 bandwidth allocation to such task groups. It uses cgroups to group
771 tasks.
772
773 if KERNEL_CGROUP_SCHED
774
775 config KERNEL_FAIR_GROUP_SCHED
776 bool "Group scheduling for SCHED_OTHER"
777 default y
778
779 config KERNEL_CFS_BANDWIDTH
780 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
781 default y
782 depends on KERNEL_FAIR_GROUP_SCHED
783 help
784 This option allows users to define CPU bandwidth rates (limits) for
785 tasks running within the fair group scheduler. Groups with no limit
786 set are considered to be unconstrained and will run with no
787 restriction.
788 See tip/Documentation/scheduler/sched-bwc.txt for more information.
789
790 config KERNEL_RT_GROUP_SCHED
791 bool "Group scheduling for SCHED_RR/FIFO"
792 default y
793 help
794 This feature lets you explicitly allocate real CPU bandwidth
795 to task groups. If enabled, it will also make it impossible to
796 schedule realtime tasks for non-root users until you allocate
797 realtime bandwidth for them.
798
799 endif
800
801 config KERNEL_BLK_CGROUP
802 bool "Block IO controller"
803 default y
804 help
805 Generic block IO controller cgroup interface. This is the common
806 cgroup interface which should be used by various IO controlling
807 policies.
808
809 Currently, CFQ IO scheduler uses it to recognize task groups and
810 control disk bandwidth allocation (proportional time slice allocation)
811 to such task groups. It is also used by bio throttling logic in
812 block layer to implement upper limit in IO rates on a device.
813
814 This option only enables generic Block IO controller infrastructure.
815 One needs to also enable actual IO controlling logic/policy. For
816 enabling proportional weight division of disk bandwidth in CFQ, set
817 CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
818 CONFIG_BLK_DEV_THROTTLING=y.
819
820 if KERNEL_BLK_CGROUP
821
822 config KERNEL_CFQ_GROUP_IOSCHED
823 bool "Proportional weight of disk bandwidth in CFQ"
824
825 config KERNEL_BLK_DEV_THROTTLING
826 bool "Enable throttling policy"
827 default y
828
829 config KERNEL_BLK_DEV_THROTTLING_LOW
830 bool "Block throttling .low limit interface support (EXPERIMENTAL)"
831 depends on KERNEL_BLK_DEV_THROTTLING
832 endif
833
834 config KERNEL_DEBUG_BLK_CGROUP
835 bool "Enable Block IO controller debugging"
836 default n
837 depends on KERNEL_BLK_CGROUP
838 help
839 Enable some debugging help. Currently it exports additional stat
840 files in a cgroup which can be useful for debugging.
841
842 config KERNEL_NET_CLS_CGROUP
843 bool "legacy Control Group Classifier"
844 default n
845
846 config KERNEL_CGROUP_NET_CLASSID
847 bool "legacy Network classid cgroup"
848 default n
849
850 config KERNEL_CGROUP_NET_PRIO
851 bool "legacy Network priority cgroup"
852 default n
853
854 endif
855
856 #
857 # Namespace support symbols
858 #
859
860 config KERNEL_NAMESPACES
861 bool "Enable kernel namespaces"
862 default y if !SMALL_FLASH
863
864 if KERNEL_NAMESPACES
865
866 config KERNEL_UTS_NS
867 bool "UTS namespace"
868 default y
869 help
870 In this namespace, tasks see different info provided
871 with the uname() system call.
872
873 config KERNEL_IPC_NS
874 bool "IPC namespace"
875 default y
876 help
877 In this namespace, tasks work with IPC ids which correspond to
878 different IPC objects in different namespaces.
879
880 config KERNEL_USER_NS
881 bool "User namespace (EXPERIMENTAL)"
882 default y
883 help
884 This allows containers, i.e. vservers, to use user namespaces
885 to provide different user info for different servers.
886
887 config KERNEL_PID_NS
888 bool "PID Namespaces"
889 default y
890 help
891 Support process id namespaces. This allows having multiple
892 processes with the same pid as long as they are in different
893 pid namespaces. This is a building block of containers.
894
895 config KERNEL_NET_NS
896 bool "Network namespace"
897 default y
898 help
899 Allow user space to create what appear to be multiple instances
900 of the network stack.
901
902 endif
903
904 config KERNEL_DEVPTS_MULTIPLE_INSTANCES
905 bool "Support multiple instances of devpts"
906 default y if !SMALL_FLASH
907 help
908 Enable support for multiple instances of devpts filesystem.
909 If you want to have isolated PTY namespaces (eg: in containers),
910 say Y here. Otherwise, say N. If enabled, each mount of devpts
911 filesystem with the '-o newinstance' option will create an
912 independent PTY namespace.
913
914 config KERNEL_POSIX_MQUEUE
915 bool "POSIX Message Queues"
916 default y if !SMALL_FLASH
917 help
918 POSIX variant of message queues is a part of IPC. In POSIX message
919 queues every message has a priority which decides about succession
920 of receiving it by a process. If you want to compile and run
921 programs written e.g. for Solaris with use of its POSIX message
922 queues (functions mq_*) say Y here.
923
924 POSIX message queues are visible as a filesystem called 'mqueue'
925 and can be mounted somewhere if you want to do filesystem
926 operations on message queues.
927
928
929 config KERNEL_SECCOMP_FILTER
930 bool
931 default y if !SMALL_FLASH
932
933 config KERNEL_SECCOMP
934 bool "Enable seccomp support"
935 depends on !(TARGET_uml)
936 select KERNEL_SECCOMP_FILTER
937 default y if !SMALL_FLASH
938 help
939 Build kernel with support for seccomp.
940
941 #
942 # IPv4 configuration
943 #
944
945 config KERNEL_IP_MROUTE
946 bool "Enable IPv4 multicast routing"
947 default y
948 help
949 Multicast routing requires a multicast routing daemon in
950 addition to kernel support.
951
952 #
953 # IPv6 configuration
954 #
955
956 config KERNEL_IPV6
957 def_bool IPV6
958
959 if KERNEL_IPV6
960
961 config KERNEL_IPV6_MULTIPLE_TABLES
962 def_bool y
963
964 config KERNEL_IPV6_SUBTREES
965 def_bool y
966
967 config KERNEL_IPV6_MROUTE
968 bool "Enable IPv6 multicast routing"
969 default y
970 help
971 Multicast routing requires a multicast routing daemon in
972 addition to kernel support.
973
974 config KERNEL_IPV6_PIMSM_V2
975 def_bool n
976
977 config KERNEL_IPV6_SEG6_LWTUNNEL
978 bool "Enable support for lightweight tunnels"
979 default y if !SMALL_FLASH
980 help
981 Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
982
983 config KERNEL_LWTUNNEL_BPF
984 def_bool n
985
986 endif
987
988 #
989 # NFS related symbols
990 #
991 config KERNEL_IP_PNP
992 bool "Compile the kernel with rootfs on NFS"
993 help
994 If you want to make your kernel boot off a NFS server as root
995 filesystem, select Y here.
996
997 if KERNEL_IP_PNP
998
999 config KERNEL_IP_PNP_DHCP
1000 def_bool y
1001
1002 config KERNEL_IP_PNP_BOOTP
1003 def_bool n
1004
1005 config KERNEL_IP_PNP_RARP
1006 def_bool n
1007
1008 config KERNEL_NFS_FS
1009 def_bool y
1010
1011 config KERNEL_NFS_V2
1012 def_bool y
1013
1014 config KERNEL_NFS_V3
1015 def_bool y
1016
1017 config KERNEL_ROOT_NFS
1018 def_bool y
1019
1020 endif
1021
1022 menu "Filesystem ACL and attr support options"
1023 config USE_FS_ACL_ATTR
1024 bool "Use filesystem ACL and attr support by default"
1025 default n
1026 help
1027 Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
1028 for kernel and packages, except tmpfs, flash filesystems,
1029 and old NFS. Also enable userspace extended attribute support
1030 by default. (OpenWrt already has an expection it will be
1031 present in the kernel).
1032
1033 config KERNEL_FS_POSIX_ACL
1034 bool "Enable POSIX ACL support"
1035 default y if USE_FS_ACL_ATTR
1036
1037 config KERNEL_BTRFS_FS_POSIX_ACL
1038 bool "Enable POSIX ACL for BtrFS Filesystems"
1039 select KERNEL_FS_POSIX_ACL
1040 default y if USE_FS_ACL_ATTR
1041
1042 config KERNEL_EXT4_FS_POSIX_ACL
1043 bool "Enable POSIX ACL for Ext4 Filesystems"
1044 select KERNEL_FS_POSIX_ACL
1045 default y if USE_FS_ACL_ATTR
1046
1047 config KERNEL_F2FS_FS_POSIX_ACL
1048 bool "Enable POSIX ACL for F2FS Filesystems"
1049 select KERNEL_FS_POSIX_ACL
1050 default n
1051
1052 config KERNEL_JFFS2_FS_POSIX_ACL
1053 bool "Enable POSIX ACL for JFFS2 Filesystems"
1054 select KERNEL_FS_POSIX_ACL
1055 default n
1056
1057 config KERNEL_TMPFS_POSIX_ACL
1058 bool "Enable POSIX ACL for TMPFS Filesystems"
1059 select KERNEL_FS_POSIX_ACL
1060 default n
1061
1062 config KERNEL_CIFS_ACL
1063 bool "Enable CIFS ACLs"
1064 select KERNEL_FS_POSIX_ACL
1065 default y if USE_FS_ACL_ATTR
1066
1067 config KERNEL_HFS_FS_POSIX_ACL
1068 bool "Enable POSIX ACL for HFS Filesystems"
1069 select KERNEL_FS_POSIX_ACL
1070 default y if USE_FS_ACL_ATTR
1071
1072 config KERNEL_HFSPLUS_FS_POSIX_ACL
1073 bool "Enable POSIX ACL for HFS+ Filesystems"
1074 select KERNEL_FS_POSIX_ACL
1075 default y if USE_FS_ACL_ATTR
1076
1077 config KERNEL_NFS_ACL_SUPPORT
1078 bool "Enable ACLs for NFS"
1079 default y if USE_FS_ACL_ATTR
1080
1081 config KERNEL_NFS_V3_ACL_SUPPORT
1082 bool "Enable ACLs for NFSv3"
1083 default n
1084
1085 config KERNEL_NFSD_V2_ACL_SUPPORT
1086 bool "Enable ACLs for NFSDv2"
1087 default n
1088
1089 config KERNEL_NFSD_V3_ACL_SUPPORT
1090 bool "Enable ACLs for NFSDv3"
1091 default n
1092
1093 config KERNEL_REISER_FS_POSIX_ACL
1094 bool "Enable POSIX ACLs for ReiserFS"
1095 select KERNEL_FS_POSIX_ACL
1096 default y if USE_FS_ACL_ATTR
1097
1098 config KERNEL_XFS_POSIX_ACL
1099 bool "Enable POSIX ACLs for XFS"
1100 select KERNEL_FS_POSIX_ACL
1101 default y if USE_FS_ACL_ATTR
1102
1103 config KERNEL_JFS_POSIX_ACL
1104 bool "Enable POSIX ACLs for JFS"
1105 select KERNEL_FS_POSIX_ACL
1106 default y if USE_FS_ACL_ATTR
1107
1108 endmenu
1109
1110 config KERNEL_DEVMEM
1111 bool "/dev/mem virtual device support"
1112 help
1113 Say Y here if you want to support the /dev/mem device.
1114 The /dev/mem device is used to access areas of physical
1115 memory.
1116
1117 config KERNEL_DEVKMEM
1118 bool "/dev/kmem virtual device support"
1119 help
1120 Say Y here if you want to support the /dev/kmem device. The
1121 /dev/kmem device is rarely used, but can be used for certain
1122 kind of kernel debugging operations.
1123
1124 config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
1125 int "Number of squashfs fragments cached"
1126 default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
1127 default 3
1128
1129 config KERNEL_SQUASHFS_XATTR
1130 bool "Squashfs XATTR support"
1131
1132 #
1133 # compile optimiziation setting
1134 #
1135 choice
1136 prompt "Compiler optimization level"
1137 default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
1138
1139 config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
1140 bool "Optimize for performance"
1141 help
1142 This is the default optimization level for the kernel, building
1143 with the "-O2" compiler flag for best performance and most
1144 helpful compile-time warnings.
1145
1146 config KERNEL_CC_OPTIMIZE_FOR_SIZE
1147 bool "Optimize for size"
1148 help
1149 Enabling this option will pass "-Os" instead of "-O2" to
1150 your compiler resulting in a smaller kernel.
1151
1152 endchoice
1153
1154 config KERNEL_AUDIT
1155 bool "Auditing support"
1156
1157 config KERNEL_SECURITY
1158 bool "Enable different security models"
1159
1160 config KERNEL_SECURITY_NETWORK
1161 bool "Socket and Networking Security Hooks"
1162 select KERNEL_SECURITY
1163
1164 config KERNEL_SECURITY_SELINUX
1165 bool "NSA SELinux Support"
1166 select KERNEL_SECURITY_NETWORK
1167 select KERNEL_AUDIT
1168
1169 config KERNEL_SECURITY_SELINUX_BOOTPARAM
1170 bool "NSA SELinux boot parameter"
1171 depends on KERNEL_SECURITY_SELINUX
1172 default y
1173
1174 config KERNEL_SECURITY_SELINUX_DISABLE
1175 bool "NSA SELinux runtime disable"
1176 depends on KERNEL_SECURITY_SELINUX
1177
1178 config KERNEL_SECURITY_SELINUX_DEVELOP
1179 bool "NSA SELinux Development Support"
1180 depends on KERNEL_SECURITY_SELINUX
1181 default y
1182
1183 config KERNEL_LSM
1184 string
1185 default "lockdown,yama,loadpin,safesetid,integrity,selinux"
1186 depends on KERNEL_SECURITY_SELINUX
1187
1188 config KERNEL_EXT4_FS_SECURITY
1189 bool "Ext4 Security Labels"
1190
1191 config KERNEL_F2FS_FS_SECURITY
1192 bool "F2FS Security Labels"
1193
1194 config KERNEL_UBIFS_FS_SECURITY
1195 bool "UBIFS Security Labels"
1196
1197 config KERNEL_JFFS2_FS_SECURITY
1198 bool "JFFS2 Security Labels"
OpenWrt Source Repository