projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ipq40xx: fritzrepeater-1200: fix MDIO and PHY probing
[openwrt/openwrt.git] / config / Config-kernel.in
1 # SPDX-License-Identifier: GPL-2.0-only
2 #
3 # Copyright (C) 2006-2014 OpenWrt.org
4
5 config KERNEL_BUILD_USER
6 string "Custom Kernel Build User Name"
7 default "builder" if BUILDBOT
8 default ""
9 help
10 Sets the Kernel build user string, which for example will be returned
11 by 'uname -a' on running systems.
12 If not set, uses system user at build time.
13
14 config KERNEL_BUILD_DOMAIN
15 string "Custom Kernel Build Domain Name"
16 default "buildhost" if BUILDBOT
17 default ""
18 help
19 Sets the Kernel build domain string, which for example will be
20 returned by 'uname -a' on running systems.
21 If not set, uses system hostname at build time.
22
23 config KERNEL_PRINTK
24 bool "Enable support for printk"
25 default y
26
27 config KERNEL_SWAP
28 bool "Support for paging of anonymous memory (swap)"
29 default y if !SMALL_FLASH
30
31 config KERNEL_PROC_STRIPPED
32 bool "Strip non-essential /proc functionality to reduce code size"
33 default y if SMALL_FLASH
34
35 config KERNEL_DEBUG_FS
36 bool "Compile the kernel with debug filesystem enabled"
37 default y
38 help
39 debugfs is a virtual file system that kernel developers use to put
40 debugging files into. Enable this option to be able to read and
41 write to these files. Many common debugging facilities, such as
42 ftrace, require the existence of debugfs.
43
44 config KERNEL_MIPS_FP_SUPPORT
45 bool
46 default y if TARGET_pistachio
47
48 config KERNEL_ARM_PMU
49 bool
50 default y if TARGET_armsr_armv8
51 depends on (arm || aarch64)
52
53 config KERNEL_RISCV_PMU
54 bool
55 select KERNEL_RISCV_PMU_SBI
56 depends on riscv64
57
58 config KERNEL_RISCV_PMU_SBI
59 bool
60 depends on riscv64
61
62 config KERNEL_X86_VSYSCALL_EMULATION
63 bool "Enable vsyscall emulation"
64 depends on x86_64
65 help
66 This enables emulation of the legacy vsyscall page. Disabling
67 it is roughly equivalent to booting with vsyscall=none, except
68 that it will also disable the helpful warning if a program
69 tries to use a vsyscall. With this option set to N, offending
70 programs will just segfault, citing addresses of the form
71 0xffffffffff600?00.
72
73 This option is required by many programs built before 2013, and
74 care should be used even with newer programs if set to N.
75
76 Disabling this option saves about 7K of kernel size and
77 possibly 4K of additional runtime pagetable memory.
78
79 config KERNEL_PERF_EVENTS
80 bool "Compile the kernel with performance events and counters"
81 select KERNEL_ARM_PMU if (arm || aarch64)
82 select KERNEL_RISCV_PMU if riscv64
83
84 config KERNEL_PROFILING
85 bool "Compile the kernel with profiling enabled"
86 select KERNEL_PERF_EVENTS
87 help
88 Enable the extended profiling support mechanisms used by profilers such
89 as OProfile.
90
91 config KERNEL_RPI_AXIPERF
92 bool "Compile the kernel with RaspberryPi AXI Performance monitors"
93 default y
94 depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
95
96 config KERNEL_UBSAN
97 bool "Compile the kernel with undefined behaviour sanity checker"
98 help
99 This option enables undefined behaviour sanity checker
100 Compile-time instrumentation is used to detect various undefined
101 behaviours in runtime. Various types of checks may be enabled
102 via boot parameter ubsan_handle
103 (see: Documentation/dev-tools/ubsan.rst).
104
105 config KERNEL_UBSAN_SANITIZE_ALL
106 bool "Enable instrumentation for the entire kernel"
107 depends on KERNEL_UBSAN
108 default y
109 help
110 This option activates instrumentation for the entire kernel.
111 If you don't enable this option, you have to explicitly specify
112 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
113 Enabling this option will get kernel image size increased
114 significantly.
115
116 config KERNEL_UBSAN_ALIGNMENT
117 bool "Enable checking of pointers alignment"
118 depends on KERNEL_UBSAN
119 help
120 This option enables detection of unaligned memory accesses.
121 Enabling this option on architectures that support unaligned
122 accesses may produce a lot of false positives.
123
124 config KERNEL_UBSAN_BOUNDS
125 bool "Perform array index bounds checking"
126 depends on KERNEL_UBSAN
127 help
128 This option enables detection of directly indexed out of bounds array
129 accesses, where the array size is known at compile time. Note that
130 this does not protect array overflows via bad calls to the
131 {str,mem}*cpy() family of functions (that is addressed by
132 FORTIFY_SOURCE).
133
134 config KERNEL_UBSAN_NULL
135 bool "Enable checking of null pointers"
136 depends on KERNEL_UBSAN
137 help
138 This option enables detection of memory accesses via a
139 null pointer.
140
141 config KERNEL_UBSAN_TRAP
142 bool "On Sanitizer warnings, abort the running kernel code"
143 depends on KERNEL_UBSAN
144 help
145 Building kernels with Sanitizer features enabled tends to grow the
146 kernel size by around 5%, due to adding all the debugging text on
147 failure paths. To avoid this, Sanitizer instrumentation can just
148 issue a trap. This reduces the kernel size overhead but turns all
149 warnings (including potentially harmless conditions) into full
150 exceptions that abort the running kernel code (regardless of context,
151 locks held, etc), which may destabilize the system. For some system
152 builders this is an acceptable trade-off.
153
154 config KERNEL_KASAN
155 bool "Compile the kernel with KASan: runtime memory debugger"
156 select KERNEL_SLUB_DEBUG
157 depends on (x86_64 || aarch64 || arm || powerpc || riscv64)
158 help
159 Enables kernel address sanitizer - runtime memory debugger,
160 designed to find out-of-bounds accesses and use-after-free bugs.
161 This is strictly a debugging feature and it requires a gcc version
162 of 4.9.2 or later. Detection of out of bounds accesses to stack or
163 global variables requires gcc 5.0 or later.
164 This feature consumes about 1/8 of available memory and brings about
165 ~x3 performance slowdown.
166 For better error detection enable CONFIG_STACKTRACE.
167 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
168 (the resulting kernel does not boot).
169
170 config KERNEL_KASAN_EXTRA
171 bool "KAsan: extra checks"
172 depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
173 help
174 This enables further checks in the kernel address sanitizer, for now
175 it only includes the address-use-after-scope check that can lead
176 to excessive kernel stack usage, frame size warnings and longer
177 compile time.
178 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
179
180 config KERNEL_KASAN_VMALLOC
181 bool "Back mappings in vmalloc space with real shadow memory"
182 depends on KERNEL_KASAN
183 help
184 By default, the shadow region for vmalloc space is the read-only
185 zero page. This means that KASAN cannot detect errors involving
186 vmalloc space.
187
188 Enabling this option will hook in to vmap/vmalloc and back those
189 mappings with real shadow memory allocated on demand. This allows
190 for KASAN to detect more sorts of errors (and to support vmapped
191 stacks), but at the cost of higher memory usage.
192
193 This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
194 depend on that in here, so it is possible that enabling this
195 will have no effect.
196
197 if KERNEL_KASAN
198 choice
199 prompt "KASAN mode"
200 depends on KERNEL_KASAN
201 default KERNEL_KASAN_GENERIC
202 help
203 KASAN has three modes:
204
205 1. Generic KASAN (supported by many architectures, enabled with
206 CONFIG_KASAN_GENERIC, similar to userspace ASan),
207 2. Software Tag-Based KASAN (arm64 only, based on software memory
208 tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
209 HWASan), and
210 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
211 tagging, enabled with CONFIG_KASAN_HW_TAGS).
212
213 config KERNEL_KASAN_GENERIC
214 bool "Generic KASAN"
215 select KERNEL_SLUB_DEBUG
216 help
217 Enables Generic KASAN.
218
219 Consumes about 1/8th of available memory at kernel start and adds an
220 overhead of ~50% for dynamic allocations.
221 The performance slowdown is ~x3.
222
223 config KERNEL_KASAN_SW_TAGS
224 bool "Software Tag-Based KASAN"
225 depends on aarch64
226 select KERNEL_SLUB_DEBUG
227 help
228 Enables Software Tag-Based KASAN.
229
230 Supported only on arm64 CPUs and relies on Top Byte Ignore.
231
232 Consumes about 1/16th of available memory at kernel start and
233 add an overhead of ~20% for dynamic allocations.
234
235 May potentially introduce problems related to pointer casting and
236 comparison, as it embeds a tag into the top byte of each pointer.
237
238 config KERNEL_KASAN_HW_TAGS
239 bool "Hardware Tag-Based KASAN"
240 depends on aarch64
241 select KERNEL_SLUB_DEBUG
242 select KERNEL_ARM64_MTE
243 help
244 Enables Hardware Tag-Based KASAN.
245
246 Supported only on arm64 CPUs starting from ARMv8.5 and relies on
247 Memory Tagging Extension and Top Byte Ignore.
248
249 Consumes about 1/32nd of available memory.
250
251 May potentially introduce problems related to pointer casting and
252 comparison, as it embeds a tag into the top byte of each pointer.
253
254 endchoice
255
256 config KERNEL_ARM64_MTE
257 def_bool n
258
259 endif
260
261 choice
262 prompt "Instrumentation type"
263 depends on KERNEL_KASAN
264 depends on !KERNEL_KASAN_HW_TAGS
265 default KERNEL_KASAN_OUTLINE
266
267 config KERNEL_KASAN_OUTLINE
268 bool "Outline instrumentation"
269 help
270 Before every memory access compiler insert function call
271 __asan_load*/__asan_store*. These functions performs check
272 of shadow memory. This is slower than inline instrumentation,
273 however it doesn't bloat size of kernel's .text section so
274 much as inline does.
275
276 config KERNEL_KASAN_INLINE
277 bool "Inline instrumentation"
278 help
279 Compiler directly inserts code checking shadow memory before
280 memory accesses. This is faster than outline (in some workloads
281 it gives about x2 boost over outline instrumentation), but
282 make kernel's .text size much bigger.
283 This requires a gcc version of 5.0 or later.
284
285 endchoice
286
287 config KERNEL_KCOV
288 bool "Compile the kernel with code coverage for fuzzing"
289 select KERNEL_DEBUG_FS
290 help
291 KCOV exposes kernel code coverage information in a form suitable
292 for coverage-guided fuzzing (randomized testing).
293
294 If RANDOMIZE_BASE is enabled, PC values will not be stable across
295 different machines and across reboots. If you need stable PC values,
296 disable RANDOMIZE_BASE.
297
298 For more details, see Documentation/kcov.txt.
299
300 config KERNEL_KCOV_ENABLE_COMPARISONS
301 bool "Enable comparison operands collection by KCOV"
302 depends on KERNEL_KCOV
303 help
304 KCOV also exposes operands of every comparison in the instrumented
305 code along with operand sizes and PCs of the comparison instructions.
306 These operands can be used by fuzzing engines to improve the quality
307 of fuzzing coverage.
308
309 config KERNEL_KCOV_INSTRUMENT_ALL
310 bool "Instrument all code by default"
311 depends on KERNEL_KCOV
312 default y if KERNEL_KCOV
313 help
314 If you are doing generic system call fuzzing (like e.g. syzkaller),
315 then you will want to instrument the whole kernel and you should
316 say y here. If you are doing more targeted fuzzing (like e.g.
317 filesystem fuzzing with AFL) then you will want to enable coverage
318 for more specific subsets of files, and should say n here.
319
320 config KERNEL_TASKSTATS
321 bool "Compile the kernel with task resource/io statistics and accounting"
322 help
323 Enable the collection and publishing of task/io statistics and
324 accounting. Enable this option to enable i/o monitoring in system
325 monitors.
326
327 if KERNEL_TASKSTATS
328
329 config KERNEL_TASK_DELAY_ACCT
330 def_bool y
331
332 config KERNEL_TASK_IO_ACCOUNTING
333 def_bool y
334
335 config KERNEL_TASK_XACCT
336 def_bool y
337
338 endif
339
340 config KERNEL_KALLSYMS
341 bool "Compile the kernel with symbol table information"
342 default y if !SMALL_FLASH
343 help
344 This will give you more information in stack traces from kernel oopses.
345
346 config KERNEL_FTRACE
347 bool "Compile the kernel with tracing support"
348 depends on !TARGET_uml
349
350 config KERNEL_FTRACE_SYSCALLS
351 bool "Trace system calls"
352 depends on KERNEL_FTRACE
353
354 config KERNEL_ENABLE_DEFAULT_TRACERS
355 bool "Trace process context switches and events"
356 depends on KERNEL_FTRACE
357
358 config KERNEL_FUNCTION_TRACER
359 bool "Function tracer"
360 depends on KERNEL_FTRACE
361
362 config KERNEL_FUNCTION_GRAPH_TRACER
363 bool "Function graph tracer"
364 depends on KERNEL_FUNCTION_TRACER
365
366 config KERNEL_DYNAMIC_FTRACE
367 bool "Enable/disable function tracing dynamically"
368 depends on KERNEL_FUNCTION_TRACER
369
370 config KERNEL_FUNCTION_PROFILER
371 bool "Function profiler"
372 depends on KERNEL_FUNCTION_TRACER
373
374 config KERNEL_IRQSOFF_TRACER
375 bool "Interrupts-off Latency Tracer"
376 depends on KERNEL_FTRACE
377 help
378 This option measures the time spent in irqs-off critical
379 sections, with microsecond accuracy.
380
381 The default measurement method is a maximum search, which is
382 disabled by default and can be runtime (re-)started
383 via:
384
385 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
386
387 (Note that kernel size and overhead increase with this option
388 enabled. This option and the preempt-off timing option can be
389 used together or separately.)
390
391 config KERNEL_PREEMPT_TRACER
392 bool "Preemption-off Latency Tracer"
393 depends on KERNEL_FTRACE
394 help
395 This option measures the time spent in preemption-off critical
396 sections, with microsecond accuracy.
397
398 The default measurement method is a maximum search, which is
399 disabled by default and can be runtime (re-)started
400 via:
401
402 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
403
404 (Note that kernel size and overhead increase with this option
405 enabled. This option and the irqs-off timing option can be
406 used together or separately.)
407
408 config KERNEL_HIST_TRIGGERS
409 bool "Histogram triggers"
410 depends on KERNEL_FTRACE
411 help
412 Hist triggers allow one or more arbitrary trace event fields to be
413 aggregated into hash tables and dumped to stdout by reading a
414 debugfs/tracefs file. They're useful for gathering quick and dirty
415 (though precise) summaries of event activity as an initial guide for
416 further investigation using more advanced tools.
417
418 Inter-event tracing of quantities such as latencies is also
419 supported using hist triggers under this option.
420
421 config KERNEL_DEBUG_KERNEL
422 bool
423
424 config KERNEL_DEBUG_INFO
425 bool "Compile the kernel with debug information"
426 default y if !SMALL_FLASH
427 select KERNEL_DEBUG_KERNEL
428 help
429 This will compile your kernel and modules with debug information.
430
431 config KERNEL_DEBUG_INFO_BTF
432
433 bool "Enable additional BTF type information"
434 depends on !HOST_OS_MACOS
435 depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
436 select DWARVES
437 help
438 Generate BPF Type Format (BTF) information from DWARF debug info.
439 Turning this on expects presence of pahole tool, which will convert
440 DWARF type info into equivalent deduplicated BTF type info.
441
442 Required to run BPF CO-RE applications.
443
444 config KERNEL_MODULE_ALLOW_BTF_MISMATCH
445 bool "Allow loading modules with non-matching BTF type info"
446 depends on KERNEL_DEBUG_INFO_BTF
447 help
448 For modules whose split BTF does not match vmlinux, load without
449 BTF rather than refusing to load. The default behavior with
450 module BTF enabled is to reject modules with such mismatches;
451 this option will still load module BTF where possible but ignore
452 it when a mismatch is found.
453
454 config KERNEL_DEBUG_INFO_REDUCED
455 bool "Reduce debugging information"
456 default y
457 depends on KERNEL_DEBUG_INFO
458 help
459 If you say Y here gcc is instructed to generate less debugging
460 information for structure types. This means that tools that
461 need full debugging information (like kgdb or systemtap) won't
462 be happy. But if you merely need debugging information to
463 resolve line numbers there is no loss. Advantage is that
464 build directory object sizes shrink dramatically over a full
465 DEBUG_INFO build and compile times are reduced too.
466 Only works with newer gcc versions.
467
468 config KERNEL_FRAME_WARN
469 int
470 range 0 8192
471 default 1280 if KERNEL_KASAN && !ARCH_64BIT
472 default 1024 if !ARCH_64BIT
473 default 2048 if ARCH_64BIT
474 help
475 Tell the compiler to warn at build time for stack frames larger than this.
476 Setting this too low will cause a lot of warnings.
477 Setting it to 0 disables the warning.
478
479 # KERNEL_DEBUG_LL symbols must have the default value set as otherwise
480 # KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
481 # which means that buildroot wont override the DEBUG_LL symbols in target
482 # kernel configurations and lead to devices that dont have working console
483 config KERNEL_DEBUG_LL_UART_NONE
484 bool
485 default n
486 depends on arm
487
488 config KERNEL_DEBUG_LL
489 bool
490 default n
491 depends on arm
492 select KERNEL_DEBUG_LL_UART_NONE
493 help
494 ARM low level debugging.
495
496 config KERNEL_DEBUG_VIRTUAL
497 bool "Compile the kernel with VM translations debugging"
498 select KERNEL_DEBUG_KERNEL
499 help
500 Enable checks sanity checks to catch invalid uses of
501 virt_to_phys()/phys_to_virt() against the non-linear address space.
502
503 config KERNEL_DYNAMIC_DEBUG
504 bool "Compile the kernel with dynamic printk"
505 select KERNEL_DEBUG_FS
506 help
507 Compiles debug level messages into the kernel, which would not
508 otherwise be available at runtime. These messages can then be
509 enabled/disabled based on various levels of scope - per source file,
510 function, module, format string, and line number. This mechanism
511 implicitly compiles in all pr_debug() and dev_dbg() calls, which
512 enlarges the kernel text size by about 2%.
513
514 config KERNEL_EARLY_PRINTK
515 bool "Compile the kernel with early printk"
516 default y if TARGET_bcm53xx
517 depends on arm
518 select KERNEL_DEBUG_KERNEL
519 select KERNEL_DEBUG_LL if arm
520 help
521 Compile the kernel with early printk support. This is only useful for
522 debugging purposes to send messages over the serial console in early boot.
523 Enable this to debug early boot problems.
524
525 config KERNEL_KPROBES
526 bool "Compile the kernel with kprobes support"
527 select KERNEL_FTRACE
528 select KERNEL_PERF_EVENTS
529 help
530 Compiles the kernel with KPROBES support, which allows you to trap
531 at almost any kernel address and execute a callback function.
532 register_kprobe() establishes a probepoint and specifies the
533 callback. Kprobes is useful for kernel debugging, non-intrusive
534 instrumentation and testing.
535 If in doubt, say "N".
536
537 config KERNEL_KPROBE_EVENTS
538 bool
539 default y if KERNEL_KPROBES
540
541 config KERNEL_BPF_EVENTS
542 bool "Compile the kernel with BPF event support"
543 select KERNEL_KPROBES
544 help
545 Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
546 This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
547 for sending data from BPF programs to user-space for post-processing
548 or logging.
549
550 config KERNEL_BPF_KPROBE_OVERRIDE
551 bool
552 depends on KERNEL_KPROBES
553 default n
554
555 config KERNEL_AIO
556 bool "Compile the kernel with asynchronous IO support"
557 default y if !SMALL_FLASH
558
559 config KERNEL_IO_URING
560 bool "Compile the kernel with io_uring support"
561 depends on !SMALL_FLASH
562 default y if (x86_64 || aarch64)
563
564 config KERNEL_FHANDLE
565 bool "Compile the kernel with support for fhandle syscalls"
566 default y if !SMALL_FLASH
567
568 config KERNEL_FANOTIFY
569 bool "Compile the kernel with modern file notification support"
570 default y if !SMALL_FLASH
571
572 config KERNEL_BLK_DEV_BSG
573 bool "Compile the kernel with SCSI generic v4 support for any block device"
574
575 config KERNEL_TRANSPARENT_HUGEPAGE
576 bool
577
578 choice
579 prompt "Transparent Hugepage Support sysfs defaults"
580 depends on KERNEL_TRANSPARENT_HUGEPAGE
581 default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
582
583 config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
584 bool "always"
585
586 config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
587 bool "madvise"
588 endchoice
589
590 config KERNEL_HUGETLBFS
591 bool
592
593 config KERNEL_HUGETLB_PAGE
594 bool "Compile the kernel with HugeTLB support"
595 select KERNEL_TRANSPARENT_HUGEPAGE
596 select KERNEL_HUGETLBFS
597
598 config KERNEL_MAGIC_SYSRQ
599 bool "Compile the kernel with SysRq support"
600 default y
601
602 config KERNEL_DEBUG_PINCTRL
603 bool "Compile the kernel with pinctrl debugging"
604 select KERNEL_DEBUG_KERNEL
605
606 config KERNEL_DEBUG_GPIO
607 bool "Compile the kernel with gpio debugging"
608 select KERNEL_DEBUG_KERNEL
609
610 config KERNEL_COREDUMP
611 bool
612
613 config KERNEL_ELF_CORE
614 bool "Enable process core dump support"
615 select KERNEL_COREDUMP
616 default y if !SMALL_FLASH
617
618 config KERNEL_PROVE_LOCKING
619 bool "Enable kernel lock checking"
620 select KERNEL_DEBUG_KERNEL
621
622 config KERNEL_SOFTLOCKUP_DETECTOR
623 bool "Compile the kernel with detect Soft Lockups"
624 depends on KERNEL_DEBUG_KERNEL
625 help
626 Say Y here to enable the kernel to act as a watchdog to detect
627 soft lockups.
628
629 Softlockups are bugs that cause the kernel to loop in kernel
630 mode for more than 20 seconds, without giving other tasks a
631 chance to run. The current stack trace is displayed upon
632 detection and the system will stay locked up.
633
634 config KERNEL_HARDLOCKUP_DETECTOR
635 bool "Compile the kernel with detect Hard Lockups"
636 depends on KERNEL_DEBUG_KERNEL
637 help
638 Say Y here to enable the kernel to act as a watchdog to detect
639 hard lockups.
640
641 Hardlockups are bugs that cause the CPU to loop in kernel mode
642 for more than 10 seconds, without letting other interrupts have a
643 chance to run. The current stack trace is displayed upon detection
644 and the system will stay locked up.
645
646 config KERNEL_DETECT_HUNG_TASK
647 bool "Compile the kernel with detect Hung Tasks"
648 depends on KERNEL_DEBUG_KERNEL
649 default KERNEL_SOFTLOCKUP_DETECTOR
650 help
651 Say Y here to enable the kernel to detect "hung tasks",
652 which are bugs that cause the task to be stuck in
653 uninterruptible "D" state indefinitely.
654
655 When a hung task is detected, the kernel will print the
656 current stack trace (which you should report), but the
657 task will stay in uninterruptible state. If lockdep is
658 enabled then all held locks will also be reported. This
659 feature has negligible overhead.
660
661 config KERNEL_WQ_WATCHDOG
662 bool "Compile the kernel with detect Workqueue Stalls"
663 depends on KERNEL_DEBUG_KERNEL
664 help
665 Say Y here to enable stall detection on workqueues. If a
666 worker pool doesn't make forward progress on a pending work
667 item for over a given amount of time, 30s by default, a
668 warning message is printed along with dump of workqueue
669 state. This can be configured through kernel parameter
670 "workqueue.watchdog_thresh" and its sysfs counterpart.
671
672 config KERNEL_DEBUG_ATOMIC_SLEEP
673 bool "Compile the kernel with sleep inside atomic section checking"
674 depends on KERNEL_DEBUG_KERNEL
675 help
676 If you say Y here, various routines which may sleep will become very
677 noisy if they are called inside atomic sections: when a spinlock is
678 held, inside an rcu read side critical section, inside preempt disabled
679 sections, inside an interrupt, etc...
680
681 config KERNEL_DEBUG_VM
682 bool "Compile the kernel with debug VM"
683 depends on KERNEL_DEBUG_KERNEL
684 help
685 Enable this to turn on extended checks in the virtual-memory system
686 that may impact performance.
687
688 If unsure, say N.
689
690 config KERNEL_PRINTK_TIME
691 bool "Enable printk timestamps"
692 default y
693
694 config KERNEL_SLUB_DEBUG
695 bool "Enable SLUB debugging support"
696 help
697 This enables various debugging features:
698 - Accepts "slub_debug" kernel parameter
699 - Provides caches debugging options (e.g. tracing, validating)
700 - Adds /sys/kernel/slab/ attrs for reading amounts of *objects*
701 - Enables /proc/slabinfo support
702 - Prints info when running out of memory
703
704 Enabling this can result in a significant increase of code size.
705
706 config KERNEL_SLUB_DEBUG_ON
707 depends on KERNEL_SLUB_DEBUG
708 bool "Boot kernel with basic caches debugging enabled"
709 help
710 This enables by default sanity_checks, red_zone, poison and store_user
711 debugging options for all caches.
712
713 config KERNEL_SLABINFO
714 select KERNEL_SLUB_DEBUG
715 select KERNEL_SLUB_DEBUG_ON
716 bool "Enable /proc slab debug info"
717
718 config KERNEL_PROC_PAGE_MONITOR
719 bool "Enable /proc page monitoring"
720
721 config KERNEL_RELAY
722 bool
723
724 config KERNEL_KEXEC
725 bool "Enable kexec support"
726
727 config KERNEL_PROC_VMCORE
728 bool
729
730 config KERNEL_PROC_KCORE
731 bool
732
733 config KERNEL_CRASH_DUMP
734 depends on i386 || x86_64 || arm || armeb
735 select KERNEL_KEXEC
736 select KERNEL_PROC_VMCORE
737 select KERNEL_PROC_KCORE
738 bool "Enable support for kexec crashdump"
739 default y
740
741 config USE_RFKILL
742 bool "Enable rfkill support"
743 default RFKILL_SUPPORT
744
745 config USE_SPARSE
746 bool "Enable sparse check during kernel build"
747
748 config KERNEL_DEVTMPFS
749 bool "Compile the kernel with device tmpfs enabled"
750 help
751 devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
752 devices nodes for all registered devices to simplify boot, but leaves more
753 complex tasks to userspace (e.g. udev).
754
755 if KERNEL_DEVTMPFS
756
757 config KERNEL_DEVTMPFS_MOUNT
758 bool "Automatically mount devtmpfs after root filesystem is mounted"
759
760 endif
761
762 config KERNEL_KEYS
763 bool "Enable kernel access key retention support"
764 default !SMALL_FLASH
765
766 config KERNEL_PERSISTENT_KEYRINGS
767 bool "Enable kernel persistent keyrings"
768 depends on KERNEL_KEYS
769
770 config KERNEL_KEYS_REQUEST_CACHE
771 bool "Enable temporary caching of the last request_key() result"
772 depends on KERNEL_KEYS
773
774 config KERNEL_BIG_KEYS
775 bool "Enable large payload keys on kernel keyrings"
776 depends on KERNEL_KEYS
777
778 #
779 # CGROUP support symbols
780 #
781
782 config KERNEL_CGROUPS
783 bool "Enable kernel cgroups"
784 default y if !SMALL_FLASH
785
786 if KERNEL_CGROUPS
787
788 config KERNEL_CGROUP_DEBUG
789 bool "Example debug cgroup subsystem"
790 help
791 This option enables a simple cgroup subsystem that
792 exports useful debugging information about the cgroups
793 framework.
794
795 config KERNEL_FREEZER
796 bool
797
798 config KERNEL_CGROUP_FREEZER
799 bool "legacy Freezer cgroup subsystem"
800 select KERNEL_FREEZER
801 help
802 Provides a way to freeze and unfreeze all tasks in a
803 cgroup.
804 (legacy cgroup1-only controller, in cgroup2 freezer
805 is integrated in the Memory controller)
806
807 config KERNEL_CGROUP_DEVICE
808 bool "legacy Device controller for cgroups"
809 help
810 Provides a cgroup implementing whitelists for devices which
811 a process in the cgroup can mknod or open.
812 (legacy cgroup1-only controller)
813
814 config KERNEL_CGROUP_HUGETLB
815 bool "HugeTLB controller"
816 select KERNEL_HUGETLB_PAGE
817
818 config KERNEL_CGROUP_PIDS
819 bool "PIDs cgroup subsystem"
820 default y
821 help
822 Provides enforcement of process number limits in the scope of a
823 cgroup.
824
825 config KERNEL_CGROUP_RDMA
826 bool "RDMA controller for cgroups"
827 default y
828
829 config KERNEL_CGROUP_BPF
830 bool "Support for eBPF programs attached to cgroups"
831 default y
832
833 config KERNEL_CPUSETS
834 bool "Cpuset support"
835 default y
836 help
837 This option will let you create and manage CPUSETs which
838 allow dynamically partitioning a system into sets of CPUs and
839 Memory Nodes and assigning tasks to run only within those sets.
840 This is primarily useful on large SMP or NUMA systems.
841
842 config KERNEL_PROC_PID_CPUSET
843 bool "Include legacy /proc/<pid>/cpuset file"
844 depends on KERNEL_CPUSETS
845
846 config KERNEL_CGROUP_CPUACCT
847 bool "Simple CPU accounting cgroup subsystem"
848 default y
849 help
850 Provides a simple Resource Controller for monitoring the
851 total CPU consumed by the tasks in a cgroup.
852
853 config KERNEL_RESOURCE_COUNTERS
854 bool "Resource counters"
855 default y
856 help
857 This option enables controller independent resource accounting
858 infrastructure that works with cgroups.
859
860 config KERNEL_MM_OWNER
861 bool
862 default y if KERNEL_MEMCG
863
864 config KERNEL_MEMCG
865 bool "Memory Resource Controller for Control Groups"
866 default y
867 select KERNEL_FREEZER
868 depends on KERNEL_RESOURCE_COUNTERS
869 help
870 Provides a memory resource controller that manages both anonymous
871 memory and page cache. (See Documentation/cgroups/memory.txt)
872
873 Note that setting this option increases fixed memory overhead
874 associated with each page of memory in the system. By this,
875 20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
876 usage tracking struct at boot. Total amount of this is printed out
877 at boot.
878
879 Only enable when you're ok with these tradeoffs and really
880 sure you need the memory resource controller. Even when you enable
881 this, you can set "cgroup_disable=memory" at your boot option to
882 disable memory resource controller and you can avoid overheads
883 (but lose benefits of memory resource controller).
884
885 This config option also selects MM_OWNER config option, which
886 could in turn add some fork/exit overhead.
887
888 config KERNEL_MEMCG_SWAP
889 bool "Memory Resource Controller Swap Extension"
890 default y
891 depends on KERNEL_MEMCG
892 help
893 Add swap management feature to memory resource controller. When you
894 enable this, you can limit mem+swap usage per cgroup. In other words,
895 when you disable this, memory resource controller has no cares to
896 usage of swap...a process can exhaust all of the swap. This extension
897 is useful when you want to avoid exhaustion swap but this itself
898 adds more overheads and consumes memory for remembering information.
899 Especially if you use 32bit system or small memory system, please
900 be careful about enabling this. When memory resource controller
901 is disabled by boot option, this will be automatically disabled and
902 there will be no overhead from this. Even when you set this config=y,
903 if boot option "swapaccount=0" is set, swap will not be accounted.
904 Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
905 size is 4096bytes, 512k per 1Gbytes of swap.
906
907 config KERNEL_MEMCG_SWAP_ENABLED
908 bool "Memory Resource Controller Swap Extension enabled by default"
909 depends on KERNEL_MEMCG_SWAP
910 help
911 Memory Resource Controller Swap Extension comes with its price in
912 a bigger memory consumption. General purpose distribution kernels
913 which want to enable the feature but keep it disabled by default
914 and let the user enable it by swapaccount boot command line
915 parameter should have this option unselected.
916
917 Those who want to have the feature enabled by default should
918 select this option (if, for some reason, they need to disable it,
919 then swapaccount=0 does the trick).
920
921
922 config KERNEL_MEMCG_KMEM
923 bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
924 default y
925 depends on KERNEL_MEMCG
926 help
927 The Kernel Memory extension for Memory Resource Controller can limit
928 the amount of memory used by kernel objects in the system. Those are
929 fundamentally different from the entities handled by the standard
930 Memory Controller, which are page-based, and can be swapped. Users of
931 the kmem extension can use it to guarantee that no group of processes
932 will ever exhaust kernel resources alone.
933
934 config KERNEL_CGROUP_PERF
935 bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
936 select KERNEL_PERF_EVENTS
937 help
938 This option extends the per-cpu mode to restrict monitoring to
939 threads which belong to the cgroup specified and run on the
940 designated cpu.
941
942 menuconfig KERNEL_CGROUP_SCHED
943 bool "Group CPU scheduler"
944 default y
945 help
946 This feature lets CPU scheduler recognize task groups and control CPU
947 bandwidth allocation to such task groups. It uses cgroups to group
948 tasks.
949
950 if KERNEL_CGROUP_SCHED
951
952 config KERNEL_FAIR_GROUP_SCHED
953 bool "Group scheduling for SCHED_OTHER"
954 default y
955
956 config KERNEL_CFS_BANDWIDTH
957 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
958 default y
959 depends on KERNEL_FAIR_GROUP_SCHED
960 help
961 This option allows users to define CPU bandwidth rates (limits) for
962 tasks running within the fair group scheduler. Groups with no limit
963 set are considered to be unconstrained and will run with no
964 restriction.
965 See tip/Documentation/scheduler/sched-bwc.txt for more information.
966
967 config KERNEL_RT_GROUP_SCHED
968 bool "Group scheduling for SCHED_RR/FIFO"
969 default y
970 help
971 This feature lets you explicitly allocate real CPU bandwidth
972 to task groups. If enabled, it will also make it impossible to
973 schedule realtime tasks for non-root users until you allocate
974 realtime bandwidth for them.
975
976 endif
977
978 config KERNEL_BLK_CGROUP
979 bool "Block IO controller"
980 default y
981 help
982 Generic block IO controller cgroup interface. This is the common
983 cgroup interface which should be used by various IO controlling
984 policies.
985
986 Currently, CFQ IO scheduler uses it to recognize task groups and
987 control disk bandwidth allocation (proportional time slice allocation)
988 to such task groups. It is also used by bio throttling logic in
989 block layer to implement upper limit in IO rates on a device.
990
991 This option only enables generic Block IO controller infrastructure.
992 One needs to also enable actual IO controlling logic/policy. For
993 enabling proportional weight division of disk bandwidth in CFQ, set
994 CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
995 CONFIG_BLK_DEV_THROTTLING=y.
996
997 if KERNEL_BLK_CGROUP
998
999 config KERNEL_CFQ_GROUP_IOSCHED
1000 bool "Proportional weight of disk bandwidth in CFQ"
1001
1002 config KERNEL_BLK_DEV_THROTTLING
1003 bool "Enable throttling policy"
1004 default y
1005
1006 config KERNEL_BLK_DEV_THROTTLING_LOW
1007 bool "Block throttling .low limit interface support (EXPERIMENTAL)"
1008 depends on KERNEL_BLK_DEV_THROTTLING
1009 endif
1010
1011 config KERNEL_DEBUG_BLK_CGROUP
1012 bool "Enable Block IO controller debugging"
1013 depends on KERNEL_BLK_CGROUP
1014 help
1015 Enable some debugging help. Currently it exports additional stat
1016 files in a cgroup which can be useful for debugging.
1017
1018 config KERNEL_NET_CLS_CGROUP
1019 bool "legacy Control Group Classifier"
1020
1021 config KERNEL_CGROUP_NET_CLASSID
1022 bool "legacy Network classid cgroup"
1023
1024 config KERNEL_CGROUP_NET_PRIO
1025 bool "legacy Network priority cgroup"
1026
1027 endif
1028
1029 #
1030 # Namespace support symbols
1031 #
1032
1033 config KERNEL_NAMESPACES
1034 bool "Enable kernel namespaces"
1035 default y if !SMALL_FLASH
1036
1037 if KERNEL_NAMESPACES
1038
1039 config KERNEL_UTS_NS
1040 bool "UTS namespace"
1041 default y
1042 help
1043 In this namespace, tasks see different info provided
1044 with the uname() system call.
1045
1046 config KERNEL_IPC_NS
1047 bool "IPC namespace"
1048 default y
1049 help
1050 In this namespace, tasks work with IPC ids which correspond to
1051 different IPC objects in different namespaces.
1052
1053 config KERNEL_USER_NS
1054 bool "User namespace (EXPERIMENTAL)"
1055 default y
1056 help
1057 This allows containers, i.e. vservers, to use user namespaces
1058 to provide different user info for different servers.
1059
1060 config KERNEL_PID_NS
1061 bool "PID Namespaces"
1062 default y
1063 help
1064 Support process id namespaces. This allows having multiple
1065 processes with the same pid as long as they are in different
1066 pid namespaces. This is a building block of containers.
1067
1068 config KERNEL_NET_NS
1069 bool "Network namespace"
1070 default y
1071 help
1072 Allow user space to create what appear to be multiple instances
1073 of the network stack.
1074
1075 endif
1076
1077 config KERNEL_DEVPTS_MULTIPLE_INSTANCES
1078 bool "Support multiple instances of devpts"
1079 default y if !SMALL_FLASH
1080 help
1081 Enable support for multiple instances of devpts filesystem.
1082 If you want to have isolated PTY namespaces (eg: in containers),
1083 say Y here. Otherwise, say N. If enabled, each mount of devpts
1084 filesystem with the '-o newinstance' option will create an
1085 independent PTY namespace.
1086
1087 config KERNEL_POSIX_MQUEUE
1088 bool "POSIX Message Queues"
1089 default y if !SMALL_FLASH
1090 help
1091 POSIX variant of message queues is a part of IPC. In POSIX message
1092 queues every message has a priority which decides about succession
1093 of receiving it by a process. If you want to compile and run
1094 programs written e.g. for Solaris with use of its POSIX message
1095 queues (functions mq_*) say Y here.
1096
1097 POSIX message queues are visible as a filesystem called 'mqueue'
1098 and can be mounted somewhere if you want to do filesystem
1099 operations on message queues.
1100
1101
1102 config KERNEL_SECCOMP_FILTER
1103 bool
1104 default y if !SMALL_FLASH
1105
1106 config KERNEL_SECCOMP
1107 bool "Enable seccomp support"
1108 depends on !(TARGET_uml)
1109 select KERNEL_SECCOMP_FILTER
1110 default y if !SMALL_FLASH
1111 help
1112 Build kernel with support for seccomp.
1113
1114 #
1115 # IPv4 configuration
1116 #
1117
1118 config KERNEL_IP_MROUTE
1119 bool "Enable IPv4 multicast routing"
1120 default y
1121 help
1122 Multicast routing requires a multicast routing daemon in
1123 addition to kernel support.
1124
1125 if KERNEL_IP_MROUTE
1126
1127 config KERNEL_IP_MROUTE_MULTIPLE_TABLES
1128 def_bool y
1129
1130 config KERNEL_IP_PIMSM_V1
1131 def_bool y
1132
1133 config KERNEL_IP_PIMSM_V2
1134 def_bool y
1135
1136 endif
1137
1138 #
1139 # IPv6 configuration
1140 #
1141
1142 config KERNEL_IPV6
1143 def_bool IPV6
1144
1145 if KERNEL_IPV6
1146
1147 config KERNEL_IPV6_MULTIPLE_TABLES
1148 def_bool y
1149
1150 config KERNEL_IPV6_SUBTREES
1151 def_bool y
1152
1153 config KERNEL_IPV6_MROUTE
1154 bool "Enable IPv6 multicast routing"
1155 default y
1156 help
1157 Multicast routing requires a multicast routing daemon in
1158 addition to kernel support.
1159
1160 if KERNEL_IPV6_MROUTE
1161
1162 config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
1163 def_bool y
1164
1165 config KERNEL_IPV6_PIMSM_V2
1166 def_bool y
1167
1168 endif
1169
1170 config KERNEL_IPV6_SEG6_LWTUNNEL
1171 bool "Enable support for lightweight tunnels"
1172 default y if !SMALL_FLASH
1173 help
1174 Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
1175
1176 config KERNEL_LWTUNNEL_BPF
1177 def_bool n
1178
1179 endif
1180
1181 #
1182 # Miscellaneous network configuration
1183 #
1184
1185 config KERNEL_NET_L3_MASTER_DEV
1186 bool "L3 Master device support"
1187 help
1188 This module provides glue between core networking code and device
1189 drivers to support L3 master devices like VRF.
1190
1191 config KERNEL_XDP_SOCKETS
1192 bool "XDP sockets support"
1193 help
1194 XDP sockets allows a channel between XDP programs and
1195 userspace applications.
1196
1197 config KERNEL_PAGE_POOL
1198 def_bool n
1199
1200 config KERNEL_PAGE_POOL_STATS
1201 bool "Page pool stats support"
1202 depends on KERNEL_PAGE_POOL
1203
1204 #
1205 # NFS related symbols
1206 #
1207 config KERNEL_IP_PNP
1208 bool "Compile the kernel with rootfs on NFS"
1209 help
1210 If you want to make your kernel boot off a NFS server as root
1211 filesystem, select Y here.
1212
1213 if KERNEL_IP_PNP
1214
1215 config KERNEL_IP_PNP_DHCP
1216 def_bool y
1217
1218 config KERNEL_IP_PNP_BOOTP
1219 def_bool n
1220
1221 config KERNEL_IP_PNP_RARP
1222 def_bool n
1223
1224 config KERNEL_NFS_FS
1225 def_bool y
1226
1227 config KERNEL_NFS_V2
1228 def_bool y
1229
1230 config KERNEL_NFS_V3
1231 def_bool y
1232
1233 config KERNEL_ROOT_NFS
1234 def_bool y
1235
1236 endif
1237
1238 menu "Filesystem ACL and attr support options"
1239 config USE_FS_ACL_ATTR
1240 bool "Use filesystem ACL and attr support by default"
1241 help
1242 Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
1243 for kernel and packages, except tmpfs, flash filesystems,
1244 and old NFS. Also enable userspace extended attribute support
1245 by default. (OpenWrt already has an expection it will be
1246 present in the kernel).
1247
1248 config KERNEL_FS_POSIX_ACL
1249 bool "Enable POSIX ACL support"
1250 default y if USE_FS_ACL_ATTR
1251
1252 config KERNEL_BTRFS_FS_POSIX_ACL
1253 bool "Enable POSIX ACL for BtrFS Filesystems"
1254 select KERNEL_FS_POSIX_ACL
1255 default y if USE_FS_ACL_ATTR
1256
1257 config KERNEL_EXT4_FS_POSIX_ACL
1258 bool "Enable POSIX ACL for Ext4 Filesystems"
1259 select KERNEL_FS_POSIX_ACL
1260 default y if USE_FS_ACL_ATTR
1261
1262 config KERNEL_F2FS_FS_POSIX_ACL
1263 bool "Enable POSIX ACL for F2FS Filesystems"
1264 select KERNEL_FS_POSIX_ACL
1265
1266 config KERNEL_JFFS2_FS_POSIX_ACL
1267 bool "Enable POSIX ACL for JFFS2 Filesystems"
1268 select KERNEL_FS_POSIX_ACL
1269
1270 config KERNEL_TMPFS_POSIX_ACL
1271 bool "Enable POSIX ACL for TMPFS Filesystems"
1272 select KERNEL_FS_POSIX_ACL
1273
1274 config KERNEL_CIFS_ACL
1275 bool "Enable CIFS ACLs"
1276 select KERNEL_FS_POSIX_ACL
1277 default y if USE_FS_ACL_ATTR
1278
1279 config KERNEL_HFS_FS_POSIX_ACL
1280 bool "Enable POSIX ACL for HFS Filesystems"
1281 select KERNEL_FS_POSIX_ACL
1282 default y if USE_FS_ACL_ATTR
1283
1284 config KERNEL_HFSPLUS_FS_POSIX_ACL
1285 bool "Enable POSIX ACL for HFS+ Filesystems"
1286 select KERNEL_FS_POSIX_ACL
1287 default y if USE_FS_ACL_ATTR
1288
1289 config KERNEL_NFS_ACL_SUPPORT
1290 bool "Enable ACLs for NFS"
1291 default y if USE_FS_ACL_ATTR
1292
1293 config KERNEL_NFS_V3_ACL_SUPPORT
1294 bool "Enable ACLs for NFSv3"
1295
1296 config KERNEL_NFSD_V2_ACL_SUPPORT
1297 bool "Enable ACLs for NFSDv2"
1298
1299 config KERNEL_NFSD_V3_ACL_SUPPORT
1300 bool "Enable ACLs for NFSDv3"
1301
1302 config KERNEL_REISER_FS_POSIX_ACL
1303 bool "Enable POSIX ACLs for ReiserFS"
1304 select KERNEL_FS_POSIX_ACL
1305 default y if USE_FS_ACL_ATTR
1306
1307 config KERNEL_XFS_POSIX_ACL
1308 bool "Enable POSIX ACLs for XFS"
1309 select KERNEL_FS_POSIX_ACL
1310 default y if USE_FS_ACL_ATTR
1311
1312 config KERNEL_JFS_POSIX_ACL
1313 bool "Enable POSIX ACLs for JFS"
1314 select KERNEL_FS_POSIX_ACL
1315 default y if USE_FS_ACL_ATTR
1316
1317 endmenu
1318
1319 config KERNEL_DEVMEM
1320 bool "/dev/mem virtual device support"
1321 help
1322 Say Y here if you want to support the /dev/mem device.
1323 The /dev/mem device is used to access areas of physical
1324 memory.
1325
1326 config KERNEL_DEVKMEM
1327 bool "/dev/kmem virtual device support"
1328 help
1329 Say Y here if you want to support the /dev/kmem device. The
1330 /dev/kmem device is rarely used, but can be used for certain
1331 kind of kernel debugging operations.
1332
1333 config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
1334 int "Number of squashfs fragments cached"
1335 default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
1336 default 3
1337
1338 config KERNEL_SQUASHFS_XATTR
1339 bool "Squashfs XATTR support"
1340
1341 #
1342 # compile optimization setting
1343 #
1344 choice
1345 prompt "Compiler optimization level"
1346 default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
1347
1348 config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
1349 bool "Optimize for performance"
1350 help
1351 This is the default optimization level for the kernel, building
1352 with the "-O2" compiler flag for best performance and most
1353 helpful compile-time warnings.
1354
1355 config KERNEL_CC_OPTIMIZE_FOR_SIZE
1356 bool "Optimize for size"
1357 help
1358 Enabling this option will pass "-Os" instead of "-O2" to
1359 your compiler resulting in a smaller kernel.
1360
1361 endchoice
1362
1363 config KERNEL_AUDIT
1364 bool "Auditing support"
1365
1366 config KERNEL_SECURITY
1367 bool "Enable different security models"
1368
1369 config KERNEL_SECURITY_NETWORK
1370 bool "Socket and Networking Security Hooks"
1371 select KERNEL_SECURITY
1372
1373 config KERNEL_SECURITY_SELINUX
1374 bool "NSA SELinux Support"
1375 select KERNEL_SECURITY_NETWORK
1376 select KERNEL_AUDIT
1377
1378 config KERNEL_SECURITY_SELINUX_BOOTPARAM
1379 bool "NSA SELinux boot parameter"
1380 depends on KERNEL_SECURITY_SELINUX
1381 default y
1382
1383 config KERNEL_SECURITY_SELINUX_DISABLE
1384 bool "NSA SELinux runtime disable"
1385 depends on KERNEL_SECURITY_SELINUX
1386
1387 config KERNEL_SECURITY_SELINUX_DEVELOP
1388 bool "NSA SELinux Development Support"
1389 depends on KERNEL_SECURITY_SELINUX
1390 default y
1391
1392 config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
1393 int
1394 depends on KERNEL_SECURITY_SELINUX
1395 default 9
1396
1397 config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
1398 int
1399 depends on KERNEL_SECURITY_SELINUX
1400 default 256
1401
1402 config KERNEL_LSM
1403 string
1404 default "lockdown,yama,loadpin,safesetid,integrity,selinux"
1405 depends on KERNEL_SECURITY_SELINUX
1406
1407 config KERNEL_EXT4_FS_SECURITY
1408 bool "Ext4 Security Labels"
1409
1410 config KERNEL_F2FS_FS_SECURITY
1411 bool "F2FS Security Labels"
1412
1413 config KERNEL_UBIFS_FS_SECURITY
1414 bool "UBIFS Security Labels"
1415
1416 config KERNEL_JFFS2_FS_SECURITY
1417 bool "JFFS2 Security Labels"
1418
1419 config KERNEL_WERROR
1420 bool "Compile the kernel with warnings as errors"
1421 help
1422 A kernel build should not cause any compiler warnings, and this
1423 enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
1424 to enforce that rule by default. Certain warnings from other tools
1425 such as the linker may be upgraded to errors with this option as
1426 well.
1427
1428 However, if you have a new (or very old) compiler or linker with odd
1429 and unusual warnings, or you have some architecture with problems,
1430 you may need to disable this config option in order to
1431 successfully build the kernel.
OpenWrt Source Repository