projects / openwrt / staging / jow.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
build: add option for building with stack-protector-all
[openwrt/staging/jow.git] / config / Config-kernel.in
1 # SPDX-License-Identifier: GPL-2.0-only
2 #
3 # Copyright (C) 2006-2014 OpenWrt.org
4
5 config KERNEL_BUILD_USER
6 string "Custom Kernel Build User Name"
7 default "builder" if BUILDBOT
8 default ""
9 help
10 Sets the Kernel build user string, which for example will be returned
11 by 'uname -a' on running systems.
12 If not set, uses system user at build time.
13
14 config KERNEL_BUILD_DOMAIN
15 string "Custom Kernel Build Domain Name"
16 default "buildhost" if BUILDBOT
17 default ""
18 help
19 Sets the Kernel build domain string, which for example will be
20 returned by 'uname -a' on running systems.
21 If not set, uses system hostname at build time.
22
23 config KERNEL_PRINTK
24 bool "Enable support for printk"
25 default y
26
27 config KERNEL_SWAP
28 bool "Support for paging of anonymous memory (swap)"
29 default y if !SMALL_FLASH
30
31 config KERNEL_PROC_STRIPPED
32 bool "Strip non-essential /proc functionality to reduce code size"
33 default y if SMALL_FLASH
34
35 config KERNEL_DEBUG_FS
36 bool "Compile the kernel with debug filesystem enabled"
37 default y
38 help
39 debugfs is a virtual file system that kernel developers use to put
40 debugging files into. Enable this option to be able to read and
41 write to these files. Many common debugging facilities, such as
42 ftrace, require the existence of debugfs.
43
44 config KERNEL_MIPS_FP_SUPPORT
45 bool
46 default y if TARGET_pistachio
47
48 config KERNEL_ARM_PMU
49 bool
50 default y if TARGET_armsr_armv8
51 depends on (arm || aarch64)
52
53 config KERNEL_X86_VSYSCALL_EMULATION
54 bool "Enable vsyscall emulation"
55 depends on x86_64
56 help
57 This enables emulation of the legacy vsyscall page. Disabling
58 it is roughly equivalent to booting with vsyscall=none, except
59 that it will also disable the helpful warning if a program
60 tries to use a vsyscall. With this option set to N, offending
61 programs will just segfault, citing addresses of the form
62 0xffffffffff600?00.
63
64 This option is required by many programs built before 2013, and
65 care should be used even with newer programs if set to N.
66
67 Disabling this option saves about 7K of kernel size and
68 possibly 4K of additional runtime pagetable memory.
69
70 config KERNEL_PERF_EVENTS
71 bool "Compile the kernel with performance events and counters"
72 select KERNEL_ARM_PMU if (arm || aarch64)
73
74 config KERNEL_PROFILING
75 bool "Compile the kernel with profiling enabled"
76 select KERNEL_PERF_EVENTS
77 help
78 Enable the extended profiling support mechanisms used by profilers such
79 as OProfile.
80
81 config KERNEL_RPI_AXIPERF
82 bool "Compile the kernel with RaspberryPi AXI Performance monitors"
83 default y
84 depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
85
86 config KERNEL_UBSAN
87 bool "Compile the kernel with undefined behaviour sanity checker"
88 help
89 This option enables undefined behaviour sanity checker
90 Compile-time instrumentation is used to detect various undefined
91 behaviours in runtime. Various types of checks may be enabled
92 via boot parameter ubsan_handle
93 (see: Documentation/dev-tools/ubsan.rst).
94
95 config KERNEL_UBSAN_SANITIZE_ALL
96 bool "Enable instrumentation for the entire kernel"
97 depends on KERNEL_UBSAN
98 default y
99 help
100 This option activates instrumentation for the entire kernel.
101 If you don't enable this option, you have to explicitly specify
102 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
103 Enabling this option will get kernel image size increased
104 significantly.
105
106 config KERNEL_UBSAN_ALIGNMENT
107 bool "Enable checking of pointers alignment"
108 depends on KERNEL_UBSAN
109 help
110 This option enables detection of unaligned memory accesses.
111 Enabling this option on architectures that support unaligned
112 accesses may produce a lot of false positives.
113
114 config KERNEL_UBSAN_BOUNDS
115 bool "Perform array index bounds checking"
116 depends on KERNEL_UBSAN
117 help
118 This option enables detection of directly indexed out of bounds array
119 accesses, where the array size is known at compile time. Note that
120 this does not protect array overflows via bad calls to the
121 {str,mem}*cpy() family of functions (that is addressed by
122 FORTIFY_SOURCE).
123
124 config KERNEL_UBSAN_NULL
125 bool "Enable checking of null pointers"
126 depends on KERNEL_UBSAN
127 help
128 This option enables detection of memory accesses via a
129 null pointer.
130
131 config KERNEL_UBSAN_TRAP
132 bool "On Sanitizer warnings, abort the running kernel code"
133 depends on KERNEL_UBSAN
134 help
135 Building kernels with Sanitizer features enabled tends to grow the
136 kernel size by around 5%, due to adding all the debugging text on
137 failure paths. To avoid this, Sanitizer instrumentation can just
138 issue a trap. This reduces the kernel size overhead but turns all
139 warnings (including potentially harmless conditions) into full
140 exceptions that abort the running kernel code (regardless of context,
141 locks held, etc), which may destabilize the system. For some system
142 builders this is an acceptable trade-off.
143
144 config KERNEL_KASAN
145 bool "Compile the kernel with KASan: runtime memory debugger"
146 select KERNEL_SLUB_DEBUG
147 depends on (x86_64 || aarch64)
148 help
149 Enables kernel address sanitizer - runtime memory debugger,
150 designed to find out-of-bounds accesses and use-after-free bugs.
151 This is strictly a debugging feature and it requires a gcc version
152 of 4.9.2 or later. Detection of out of bounds accesses to stack or
153 global variables requires gcc 5.0 or later.
154 This feature consumes about 1/8 of available memory and brings about
155 ~x3 performance slowdown.
156 For better error detection enable CONFIG_STACKTRACE.
157 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
158 (the resulting kernel does not boot).
159
160 config KERNEL_KASAN_EXTRA
161 bool "KAsan: extra checks"
162 depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
163 help
164 This enables further checks in the kernel address sanitizer, for now
165 it only includes the address-use-after-scope check that can lead
166 to excessive kernel stack usage, frame size warnings and longer
167 compile time.
168 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
169
170 config KERNEL_KASAN_VMALLOC
171 bool "Back mappings in vmalloc space with real shadow memory"
172 depends on KERNEL_KASAN
173 help
174 By default, the shadow region for vmalloc space is the read-only
175 zero page. This means that KASAN cannot detect errors involving
176 vmalloc space.
177
178 Enabling this option will hook in to vmap/vmalloc and back those
179 mappings with real shadow memory allocated on demand. This allows
180 for KASAN to detect more sorts of errors (and to support vmapped
181 stacks), but at the cost of higher memory usage.
182
183 This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
184 depend on that in here, so it is possible that enabling this
185 will have no effect.
186
187 if KERNEL_KASAN
188 choice
189 prompt "KASAN mode"
190 depends on KERNEL_KASAN
191 default KERNEL_KASAN_GENERIC
192 help
193 KASAN has three modes:
194
195 1. Generic KASAN (supported by many architectures, enabled with
196 CONFIG_KASAN_GENERIC, similar to userspace ASan),
197 2. Software Tag-Based KASAN (arm64 only, based on software memory
198 tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
199 HWASan), and
200 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
201 tagging, enabled with CONFIG_KASAN_HW_TAGS).
202
203 config KERNEL_KASAN_GENERIC
204 bool "Generic KASAN"
205 select KERNEL_SLUB_DEBUG
206 help
207 Enables Generic KASAN.
208
209 Consumes about 1/8th of available memory at kernel start and adds an
210 overhead of ~50% for dynamic allocations.
211 The performance slowdown is ~x3.
212
213 config KERNEL_KASAN_SW_TAGS
214 bool "Software Tag-Based KASAN"
215 depends on aarch64
216 select KERNEL_SLUB_DEBUG
217 help
218 Enables Software Tag-Based KASAN.
219
220 Supported only on arm64 CPUs and relies on Top Byte Ignore.
221
222 Consumes about 1/16th of available memory at kernel start and
223 add an overhead of ~20% for dynamic allocations.
224
225 May potentially introduce problems related to pointer casting and
226 comparison, as it embeds a tag into the top byte of each pointer.
227
228 config KERNEL_KASAN_HW_TAGS
229 bool "Hardware Tag-Based KASAN"
230 depends on aarch64
231 select KERNEL_SLUB_DEBUG
232 select KERNEL_ARM64_MTE
233 help
234 Enables Hardware Tag-Based KASAN.
235
236 Supported only on arm64 CPUs starting from ARMv8.5 and relies on
237 Memory Tagging Extension and Top Byte Ignore.
238
239 Consumes about 1/32nd of available memory.
240
241 May potentially introduce problems related to pointer casting and
242 comparison, as it embeds a tag into the top byte of each pointer.
243
244 endchoice
245
246 config KERNEL_ARM64_MTE
247 def_bool n
248
249 endif
250
251 choice
252 prompt "Instrumentation type"
253 depends on KERNEL_KASAN
254 depends on !KERNEL_KASAN_HW_TAGS
255 default KERNEL_KASAN_OUTLINE
256
257 config KERNEL_KASAN_OUTLINE
258 bool "Outline instrumentation"
259 help
260 Before every memory access compiler insert function call
261 __asan_load*/__asan_store*. These functions performs check
262 of shadow memory. This is slower than inline instrumentation,
263 however it doesn't bloat size of kernel's .text section so
264 much as inline does.
265
266 config KERNEL_KASAN_INLINE
267 bool "Inline instrumentation"
268 help
269 Compiler directly inserts code checking shadow memory before
270 memory accesses. This is faster than outline (in some workloads
271 it gives about x2 boost over outline instrumentation), but
272 make kernel's .text size much bigger.
273 This requires a gcc version of 5.0 or later.
274
275 endchoice
276
277 config KERNEL_KCOV
278 bool "Compile the kernel with code coverage for fuzzing"
279 select KERNEL_DEBUG_FS
280 help
281 KCOV exposes kernel code coverage information in a form suitable
282 for coverage-guided fuzzing (randomized testing).
283
284 If RANDOMIZE_BASE is enabled, PC values will not be stable across
285 different machines and across reboots. If you need stable PC values,
286 disable RANDOMIZE_BASE.
287
288 For more details, see Documentation/kcov.txt.
289
290 config KERNEL_KCOV_ENABLE_COMPARISONS
291 bool "Enable comparison operands collection by KCOV"
292 depends on KERNEL_KCOV
293 help
294 KCOV also exposes operands of every comparison in the instrumented
295 code along with operand sizes and PCs of the comparison instructions.
296 These operands can be used by fuzzing engines to improve the quality
297 of fuzzing coverage.
298
299 config KERNEL_KCOV_INSTRUMENT_ALL
300 bool "Instrument all code by default"
301 depends on KERNEL_KCOV
302 default y if KERNEL_KCOV
303 help
304 If you are doing generic system call fuzzing (like e.g. syzkaller),
305 then you will want to instrument the whole kernel and you should
306 say y here. If you are doing more targeted fuzzing (like e.g.
307 filesystem fuzzing with AFL) then you will want to enable coverage
308 for more specific subsets of files, and should say n here.
309
310 config KERNEL_TASKSTATS
311 bool "Compile the kernel with task resource/io statistics and accounting"
312 help
313 Enable the collection and publishing of task/io statistics and
314 accounting. Enable this option to enable i/o monitoring in system
315 monitors.
316
317 if KERNEL_TASKSTATS
318
319 config KERNEL_TASK_DELAY_ACCT
320 def_bool y
321
322 config KERNEL_TASK_IO_ACCOUNTING
323 def_bool y
324
325 config KERNEL_TASK_XACCT
326 def_bool y
327
328 endif
329
330 config KERNEL_KALLSYMS
331 bool "Compile the kernel with symbol table information"
332 default y if !SMALL_FLASH
333 help
334 This will give you more information in stack traces from kernel oopses.
335
336 config KERNEL_FTRACE
337 bool "Compile the kernel with tracing support"
338 depends on !TARGET_uml
339
340 config KERNEL_FTRACE_SYSCALLS
341 bool "Trace system calls"
342 depends on KERNEL_FTRACE
343
344 config KERNEL_ENABLE_DEFAULT_TRACERS
345 bool "Trace process context switches and events"
346 depends on KERNEL_FTRACE
347
348 config KERNEL_FUNCTION_TRACER
349 bool "Function tracer"
350 depends on KERNEL_FTRACE
351
352 config KERNEL_FUNCTION_GRAPH_TRACER
353 bool "Function graph tracer"
354 depends on KERNEL_FUNCTION_TRACER
355
356 config KERNEL_DYNAMIC_FTRACE
357 bool "Enable/disable function tracing dynamically"
358 depends on KERNEL_FUNCTION_TRACER
359
360 config KERNEL_FUNCTION_PROFILER
361 bool "Function profiler"
362 depends on KERNEL_FUNCTION_TRACER
363
364 config KERNEL_IRQSOFF_TRACER
365 bool "Interrupts-off Latency Tracer"
366 depends on KERNEL_FTRACE
367 help
368 This option measures the time spent in irqs-off critical
369 sections, with microsecond accuracy.
370
371 The default measurement method is a maximum search, which is
372 disabled by default and can be runtime (re-)started
373 via:
374
375 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
376
377 (Note that kernel size and overhead increase with this option
378 enabled. This option and the preempt-off timing option can be
379 used together or separately.)
380
381 config KERNEL_PREEMPT_TRACER
382 bool "Preemption-off Latency Tracer"
383 depends on KERNEL_FTRACE
384 help
385 This option measures the time spent in preemption-off critical
386 sections, with microsecond accuracy.
387
388 The default measurement method is a maximum search, which is
389 disabled by default and can be runtime (re-)started
390 via:
391
392 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
393
394 (Note that kernel size and overhead increase with this option
395 enabled. This option and the irqs-off timing option can be
396 used together or separately.)
397
398 config KERNEL_HIST_TRIGGERS
399 bool "Histogram triggers"
400 depends on KERNEL_FTRACE
401 help
402 Hist triggers allow one or more arbitrary trace event fields to be
403 aggregated into hash tables and dumped to stdout by reading a
404 debugfs/tracefs file. They're useful for gathering quick and dirty
405 (though precise) summaries of event activity as an initial guide for
406 further investigation using more advanced tools.
407
408 Inter-event tracing of quantities such as latencies is also
409 supported using hist triggers under this option.
410
411 config KERNEL_DEBUG_KERNEL
412 bool
413
414 config KERNEL_DEBUG_INFO
415 bool "Compile the kernel with debug information"
416 default y if !SMALL_FLASH
417 select KERNEL_DEBUG_KERNEL
418 help
419 This will compile your kernel and modules with debug information.
420
421 config KERNEL_DEBUG_INFO_BTF
422
423 bool "Enable additional BTF type information"
424 depends on !HOST_OS_MACOS
425 depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
426 select DWARVES
427 help
428 Generate BPF Type Format (BTF) information from DWARF debug info.
429 Turning this on expects presence of pahole tool, which will convert
430 DWARF type info into equivalent deduplicated BTF type info.
431
432 Required to run BPF CO-RE applications.
433
434 config KERNEL_MODULE_ALLOW_BTF_MISMATCH
435 bool "Allow loading modules with non-matching BTF type info"
436 depends on KERNEL_DEBUG_INFO_BTF
437 help
438 For modules whose split BTF does not match vmlinux, load without
439 BTF rather than refusing to load. The default behavior with
440 module BTF enabled is to reject modules with such mismatches;
441 this option will still load module BTF where possible but ignore
442 it when a mismatch is found.
443
444 config KERNEL_DEBUG_INFO_REDUCED
445 bool "Reduce debugging information"
446 default y
447 depends on KERNEL_DEBUG_INFO
448 help
449 If you say Y here gcc is instructed to generate less debugging
450 information for structure types. This means that tools that
451 need full debugging information (like kgdb or systemtap) won't
452 be happy. But if you merely need debugging information to
453 resolve line numbers there is no loss. Advantage is that
454 build directory object sizes shrink dramatically over a full
455 DEBUG_INFO build and compile times are reduced too.
456 Only works with newer gcc versions.
457
458 config KERNEL_FRAME_WARN
459 int
460 range 0 8192
461 default 1280 if KERNEL_KASAN && !ARCH_64BIT
462 default 1024 if !ARCH_64BIT
463 default 2048 if ARCH_64BIT
464 help
465 Tell the compiler to warn at build time for stack frames larger than this.
466 Setting this too low will cause a lot of warnings.
467 Setting it to 0 disables the warning.
468
469 # KERNEL_DEBUG_LL symbols must have the default value set as otherwise
470 # KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
471 # which means that buildroot wont override the DEBUG_LL symbols in target
472 # kernel configurations and lead to devices that dont have working console
473 config KERNEL_DEBUG_LL_UART_NONE
474 bool
475 default n
476 depends on arm
477
478 config KERNEL_DEBUG_LL
479 bool
480 default n
481 depends on arm
482 select KERNEL_DEBUG_LL_UART_NONE
483 help
484 ARM low level debugging.
485
486 config KERNEL_DEBUG_VIRTUAL
487 bool "Compile the kernel with VM translations debugging"
488 select KERNEL_DEBUG_KERNEL
489 help
490 Enable checks sanity checks to catch invalid uses of
491 virt_to_phys()/phys_to_virt() against the non-linear address space.
492
493 config KERNEL_DYNAMIC_DEBUG
494 bool "Compile the kernel with dynamic printk"
495 select KERNEL_DEBUG_FS
496 help
497 Compiles debug level messages into the kernel, which would not
498 otherwise be available at runtime. These messages can then be
499 enabled/disabled based on various levels of scope - per source file,
500 function, module, format string, and line number. This mechanism
501 implicitly compiles in all pr_debug() and dev_dbg() calls, which
502 enlarges the kernel text size by about 2%.
503
504 config KERNEL_EARLY_PRINTK
505 bool "Compile the kernel with early printk"
506 default y if TARGET_bcm53xx
507 depends on arm
508 select KERNEL_DEBUG_KERNEL
509 select KERNEL_DEBUG_LL if arm
510 help
511 Compile the kernel with early printk support. This is only useful for
512 debugging purposes to send messages over the serial console in early boot.
513 Enable this to debug early boot problems.
514
515 config KERNEL_KPROBES
516 bool "Compile the kernel with kprobes support"
517 select KERNEL_FTRACE
518 select KERNEL_PERF_EVENTS
519 help
520 Compiles the kernel with KPROBES support, which allows you to trap
521 at almost any kernel address and execute a callback function.
522 register_kprobe() establishes a probepoint and specifies the
523 callback. Kprobes is useful for kernel debugging, non-intrusive
524 instrumentation and testing.
525 If in doubt, say "N".
526
527 config KERNEL_KPROBE_EVENTS
528 bool
529 default y if KERNEL_KPROBES
530
531 config KERNEL_BPF_EVENTS
532 bool "Compile the kernel with BPF event support"
533 select KERNEL_KPROBES
534 help
535 Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
536 This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
537 for sending data from BPF programs to user-space for post-processing
538 or logging.
539
540 config KERNEL_BPF_KPROBE_OVERRIDE
541 bool
542 depends on KERNEL_KPROBES
543 default n
544
545 config KERNEL_AIO
546 bool "Compile the kernel with asynchronous IO support"
547 default y if !SMALL_FLASH
548
549 config KERNEL_IO_URING
550 bool "Compile the kernel with io_uring support"
551 depends on !SMALL_FLASH
552 default y if (x86_64 || aarch64)
553
554 config KERNEL_FHANDLE
555 bool "Compile the kernel with support for fhandle syscalls"
556 default y if !SMALL_FLASH
557
558 config KERNEL_FANOTIFY
559 bool "Compile the kernel with modern file notification support"
560 default y if !SMALL_FLASH
561
562 config KERNEL_BLK_DEV_BSG
563 bool "Compile the kernel with SCSI generic v4 support for any block device"
564
565 config KERNEL_TRANSPARENT_HUGEPAGE
566 bool
567
568 choice
569 prompt "Transparent Hugepage Support sysfs defaults"
570 depends on KERNEL_TRANSPARENT_HUGEPAGE
571 default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
572
573 config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
574 bool "always"
575
576 config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
577 bool "madvise"
578 endchoice
579
580 config KERNEL_HUGETLBFS
581 bool
582
583 config KERNEL_HUGETLB_PAGE
584 bool "Compile the kernel with HugeTLB support"
585 select KERNEL_TRANSPARENT_HUGEPAGE
586 select KERNEL_HUGETLBFS
587
588 config KERNEL_MAGIC_SYSRQ
589 bool "Compile the kernel with SysRq support"
590 default y
591
592 config KERNEL_DEBUG_PINCTRL
593 bool "Compile the kernel with pinctrl debugging"
594 select KERNEL_DEBUG_KERNEL
595
596 config KERNEL_DEBUG_GPIO
597 bool "Compile the kernel with gpio debugging"
598 select KERNEL_DEBUG_KERNEL
599
600 config KERNEL_COREDUMP
601 bool
602
603 config KERNEL_ELF_CORE
604 bool "Enable process core dump support"
605 select KERNEL_COREDUMP
606 default y if !SMALL_FLASH
607
608 config KERNEL_PROVE_LOCKING
609 bool "Enable kernel lock checking"
610 select KERNEL_DEBUG_KERNEL
611
612 config KERNEL_SOFTLOCKUP_DETECTOR
613 bool "Compile the kernel with detect Soft Lockups"
614 depends on KERNEL_DEBUG_KERNEL
615 help
616 Say Y here to enable the kernel to act as a watchdog to detect
617 soft lockups.
618
619 Softlockups are bugs that cause the kernel to loop in kernel
620 mode for more than 20 seconds, without giving other tasks a
621 chance to run. The current stack trace is displayed upon
622 detection and the system will stay locked up.
623
624 config KERNEL_HARDLOCKUP_DETECTOR
625 bool "Compile the kernel with detect Hard Lockups"
626 depends on KERNEL_DEBUG_KERNEL
627 help
628 Say Y here to enable the kernel to act as a watchdog to detect
629 hard lockups.
630
631 Hardlockups are bugs that cause the CPU to loop in kernel mode
632 for more than 10 seconds, without letting other interrupts have a
633 chance to run. The current stack trace is displayed upon detection
634 and the system will stay locked up.
635
636 config KERNEL_DETECT_HUNG_TASK
637 bool "Compile the kernel with detect Hung Tasks"
638 depends on KERNEL_DEBUG_KERNEL
639 default KERNEL_SOFTLOCKUP_DETECTOR
640 help
641 Say Y here to enable the kernel to detect "hung tasks",
642 which are bugs that cause the task to be stuck in
643 uninterruptible "D" state indefinitely.
644
645 When a hung task is detected, the kernel will print the
646 current stack trace (which you should report), but the
647 task will stay in uninterruptible state. If lockdep is
648 enabled then all held locks will also be reported. This
649 feature has negligible overhead.
650
651 config KERNEL_WQ_WATCHDOG
652 bool "Compile the kernel with detect Workqueue Stalls"
653 depends on KERNEL_DEBUG_KERNEL
654 help
655 Say Y here to enable stall detection on workqueues. If a
656 worker pool doesn't make forward progress on a pending work
657 item for over a given amount of time, 30s by default, a
658 warning message is printed along with dump of workqueue
659 state. This can be configured through kernel parameter
660 "workqueue.watchdog_thresh" and its sysfs counterpart.
661
662 config KERNEL_DEBUG_ATOMIC_SLEEP
663 bool "Compile the kernel with sleep inside atomic section checking"
664 depends on KERNEL_DEBUG_KERNEL
665 help
666 If you say Y here, various routines which may sleep will become very
667 noisy if they are called inside atomic sections: when a spinlock is
668 held, inside an rcu read side critical section, inside preempt disabled
669 sections, inside an interrupt, etc...
670
671 config KERNEL_DEBUG_VM
672 bool "Compile the kernel with debug VM"
673 depends on KERNEL_DEBUG_KERNEL
674 help
675 Enable this to turn on extended checks in the virtual-memory system
676 that may impact performance.
677
678 If unsure, say N.
679
680 config KERNEL_PRINTK_TIME
681 bool "Enable printk timestamps"
682 default y
683
684 config KERNEL_SLUB_DEBUG
685 bool "Enable SLUB debugging support"
686 help
687 This enables various debugging features:
688 - Accepts "slub_debug" kernel parameter
689 - Provides caches debugging options (e.g. tracing, validating)
690 - Adds /sys/kernel/slab/ attrs for reading amounts of *objects*
691 - Enables /proc/slabinfo support
692 - Prints info when running out of memory
693
694 Enabling this can result in a significant increase of code size.
695
696 config KERNEL_SLUB_DEBUG_ON
697 depends on KERNEL_SLUB_DEBUG
698 bool "Boot kernel with basic caches debugging enabled"
699 help
700 This enables by default sanity_checks, red_zone, poison and store_user
701 debugging options for all caches.
702
703 config KERNEL_SLABINFO
704 select KERNEL_SLUB_DEBUG
705 select KERNEL_SLUB_DEBUG_ON
706 bool "Enable /proc slab debug info"
707
708 config KERNEL_PROC_PAGE_MONITOR
709 bool "Enable /proc page monitoring"
710
711 config KERNEL_RELAY
712 bool
713
714 config KERNEL_KEXEC
715 bool "Enable kexec support"
716
717 config KERNEL_PROC_VMCORE
718 bool
719
720 config KERNEL_PROC_KCORE
721 bool
722
723 config KERNEL_CRASH_DUMP
724 depends on i386 || x86_64 || arm || armeb
725 select KERNEL_KEXEC
726 select KERNEL_PROC_VMCORE
727 select KERNEL_PROC_KCORE
728 bool "Enable support for kexec crashdump"
729 default y
730
731 config USE_RFKILL
732 bool "Enable rfkill support"
733 default RFKILL_SUPPORT
734
735 config USE_SPARSE
736 bool "Enable sparse check during kernel build"
737
738 config KERNEL_DEVTMPFS
739 bool "Compile the kernel with device tmpfs enabled"
740 help
741 devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
742 devices nodes for all registered devices to simplify boot, but leaves more
743 complex tasks to userspace (e.g. udev).
744
745 if KERNEL_DEVTMPFS
746
747 config KERNEL_DEVTMPFS_MOUNT
748 bool "Automatically mount devtmpfs after root filesystem is mounted"
749
750 endif
751
752 config KERNEL_KEYS
753 bool "Enable kernel access key retention support"
754 default !SMALL_FLASH
755
756 config KERNEL_PERSISTENT_KEYRINGS
757 bool "Enable kernel persistent keyrings"
758 depends on KERNEL_KEYS
759
760 config KERNEL_KEYS_REQUEST_CACHE
761 bool "Enable temporary caching of the last request_key() result"
762 depends on KERNEL_KEYS
763
764 config KERNEL_BIG_KEYS
765 bool "Enable large payload keys on kernel keyrings"
766 depends on KERNEL_KEYS
767
768 #
769 # CGROUP support symbols
770 #
771
772 config KERNEL_CGROUPS
773 bool "Enable kernel cgroups"
774 default y if !SMALL_FLASH
775
776 if KERNEL_CGROUPS
777
778 config KERNEL_CGROUP_DEBUG
779 bool "Example debug cgroup subsystem"
780 help
781 This option enables a simple cgroup subsystem that
782 exports useful debugging information about the cgroups
783 framework.
784
785 config KERNEL_FREEZER
786 bool
787
788 config KERNEL_CGROUP_FREEZER
789 bool "legacy Freezer cgroup subsystem"
790 select KERNEL_FREEZER
791 help
792 Provides a way to freeze and unfreeze all tasks in a
793 cgroup.
794 (legacy cgroup1-only controller, in cgroup2 freezer
795 is integrated in the Memory controller)
796
797 config KERNEL_CGROUP_DEVICE
798 bool "legacy Device controller for cgroups"
799 help
800 Provides a cgroup implementing whitelists for devices which
801 a process in the cgroup can mknod or open.
802 (legacy cgroup1-only controller)
803
804 config KERNEL_CGROUP_HUGETLB
805 bool "HugeTLB controller"
806 select KERNEL_HUGETLB_PAGE
807
808 config KERNEL_CGROUP_PIDS
809 bool "PIDs cgroup subsystem"
810 default y
811 help
812 Provides enforcement of process number limits in the scope of a
813 cgroup.
814
815 config KERNEL_CGROUP_RDMA
816 bool "RDMA controller for cgroups"
817 default y
818
819 config KERNEL_CGROUP_BPF
820 bool "Support for eBPF programs attached to cgroups"
821 default y
822
823 config KERNEL_CPUSETS
824 bool "Cpuset support"
825 default y
826 help
827 This option will let you create and manage CPUSETs which
828 allow dynamically partitioning a system into sets of CPUs and
829 Memory Nodes and assigning tasks to run only within those sets.
830 This is primarily useful on large SMP or NUMA systems.
831
832 config KERNEL_PROC_PID_CPUSET
833 bool "Include legacy /proc/<pid>/cpuset file"
834 depends on KERNEL_CPUSETS
835
836 config KERNEL_CGROUP_CPUACCT
837 bool "Simple CPU accounting cgroup subsystem"
838 default y
839 help
840 Provides a simple Resource Controller for monitoring the
841 total CPU consumed by the tasks in a cgroup.
842
843 config KERNEL_RESOURCE_COUNTERS
844 bool "Resource counters"
845 default y
846 help
847 This option enables controller independent resource accounting
848 infrastructure that works with cgroups.
849
850 config KERNEL_MM_OWNER
851 bool
852 default y if KERNEL_MEMCG
853
854 config KERNEL_MEMCG
855 bool "Memory Resource Controller for Control Groups"
856 default y
857 select KERNEL_FREEZER
858 depends on KERNEL_RESOURCE_COUNTERS
859 help
860 Provides a memory resource controller that manages both anonymous
861 memory and page cache. (See Documentation/cgroups/memory.txt)
862
863 Note that setting this option increases fixed memory overhead
864 associated with each page of memory in the system. By this,
865 20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
866 usage tracking struct at boot. Total amount of this is printed out
867 at boot.
868
869 Only enable when you're ok with these tradeoffs and really
870 sure you need the memory resource controller. Even when you enable
871 this, you can set "cgroup_disable=memory" at your boot option to
872 disable memory resource controller and you can avoid overheads
873 (but lose benefits of memory resource controller).
874
875 This config option also selects MM_OWNER config option, which
876 could in turn add some fork/exit overhead.
877
878 config KERNEL_MEMCG_SWAP
879 bool "Memory Resource Controller Swap Extension"
880 default y
881 depends on KERNEL_MEMCG
882 help
883 Add swap management feature to memory resource controller. When you
884 enable this, you can limit mem+swap usage per cgroup. In other words,
885 when you disable this, memory resource controller has no cares to
886 usage of swap...a process can exhaust all of the swap. This extension
887 is useful when you want to avoid exhaustion swap but this itself
888 adds more overheads and consumes memory for remembering information.
889 Especially if you use 32bit system or small memory system, please
890 be careful about enabling this. When memory resource controller
891 is disabled by boot option, this will be automatically disabled and
892 there will be no overhead from this. Even when you set this config=y,
893 if boot option "swapaccount=0" is set, swap will not be accounted.
894 Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
895 size is 4096bytes, 512k per 1Gbytes of swap.
896
897 config KERNEL_MEMCG_SWAP_ENABLED
898 bool "Memory Resource Controller Swap Extension enabled by default"
899 depends on KERNEL_MEMCG_SWAP
900 help
901 Memory Resource Controller Swap Extension comes with its price in
902 a bigger memory consumption. General purpose distribution kernels
903 which want to enable the feature but keep it disabled by default
904 and let the user enable it by swapaccount boot command line
905 parameter should have this option unselected.
906
907 Those who want to have the feature enabled by default should
908 select this option (if, for some reason, they need to disable it,
909 then swapaccount=0 does the trick).
910
911
912 config KERNEL_MEMCG_KMEM
913 bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
914 default y
915 depends on KERNEL_MEMCG
916 help
917 The Kernel Memory extension for Memory Resource Controller can limit
918 the amount of memory used by kernel objects in the system. Those are
919 fundamentally different from the entities handled by the standard
920 Memory Controller, which are page-based, and can be swapped. Users of
921 the kmem extension can use it to guarantee that no group of processes
922 will ever exhaust kernel resources alone.
923
924 config KERNEL_CGROUP_PERF
925 bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
926 select KERNEL_PERF_EVENTS
927 help
928 This option extends the per-cpu mode to restrict monitoring to
929 threads which belong to the cgroup specified and run on the
930 designated cpu.
931
932 menuconfig KERNEL_CGROUP_SCHED
933 bool "Group CPU scheduler"
934 default y
935 help
936 This feature lets CPU scheduler recognize task groups and control CPU
937 bandwidth allocation to such task groups. It uses cgroups to group
938 tasks.
939
940 if KERNEL_CGROUP_SCHED
941
942 config KERNEL_FAIR_GROUP_SCHED
943 bool "Group scheduling for SCHED_OTHER"
944 default y
945
946 config KERNEL_CFS_BANDWIDTH
947 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
948 default y
949 depends on KERNEL_FAIR_GROUP_SCHED
950 help
951 This option allows users to define CPU bandwidth rates (limits) for
952 tasks running within the fair group scheduler. Groups with no limit
953 set are considered to be unconstrained and will run with no
954 restriction.
955 See tip/Documentation/scheduler/sched-bwc.txt for more information.
956
957 config KERNEL_RT_GROUP_SCHED
958 bool "Group scheduling for SCHED_RR/FIFO"
959 default y
960 help
961 This feature lets you explicitly allocate real CPU bandwidth
962 to task groups. If enabled, it will also make it impossible to
963 schedule realtime tasks for non-root users until you allocate
964 realtime bandwidth for them.
965
966 endif
967
968 config KERNEL_BLK_CGROUP
969 bool "Block IO controller"
970 default y
971 help
972 Generic block IO controller cgroup interface. This is the common
973 cgroup interface which should be used by various IO controlling
974 policies.
975
976 Currently, CFQ IO scheduler uses it to recognize task groups and
977 control disk bandwidth allocation (proportional time slice allocation)
978 to such task groups. It is also used by bio throttling logic in
979 block layer to implement upper limit in IO rates on a device.
980
981 This option only enables generic Block IO controller infrastructure.
982 One needs to also enable actual IO controlling logic/policy. For
983 enabling proportional weight division of disk bandwidth in CFQ, set
984 CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
985 CONFIG_BLK_DEV_THROTTLING=y.
986
987 if KERNEL_BLK_CGROUP
988
989 config KERNEL_CFQ_GROUP_IOSCHED
990 bool "Proportional weight of disk bandwidth in CFQ"
991
992 config KERNEL_BLK_DEV_THROTTLING
993 bool "Enable throttling policy"
994 default y
995
996 config KERNEL_BLK_DEV_THROTTLING_LOW
997 bool "Block throttling .low limit interface support (EXPERIMENTAL)"
998 depends on KERNEL_BLK_DEV_THROTTLING
999 endif
1000
1001 config KERNEL_DEBUG_BLK_CGROUP
1002 bool "Enable Block IO controller debugging"
1003 depends on KERNEL_BLK_CGROUP
1004 help
1005 Enable some debugging help. Currently it exports additional stat
1006 files in a cgroup which can be useful for debugging.
1007
1008 config KERNEL_NET_CLS_CGROUP
1009 bool "legacy Control Group Classifier"
1010
1011 config KERNEL_CGROUP_NET_CLASSID
1012 bool "legacy Network classid cgroup"
1013
1014 config KERNEL_CGROUP_NET_PRIO
1015 bool "legacy Network priority cgroup"
1016
1017 endif
1018
1019 #
1020 # Namespace support symbols
1021 #
1022
1023 config KERNEL_NAMESPACES
1024 bool "Enable kernel namespaces"
1025 default y if !SMALL_FLASH
1026
1027 if KERNEL_NAMESPACES
1028
1029 config KERNEL_UTS_NS
1030 bool "UTS namespace"
1031 default y
1032 help
1033 In this namespace, tasks see different info provided
1034 with the uname() system call.
1035
1036 config KERNEL_IPC_NS
1037 bool "IPC namespace"
1038 default y
1039 help
1040 In this namespace, tasks work with IPC ids which correspond to
1041 different IPC objects in different namespaces.
1042
1043 config KERNEL_USER_NS
1044 bool "User namespace (EXPERIMENTAL)"
1045 default y
1046 help
1047 This allows containers, i.e. vservers, to use user namespaces
1048 to provide different user info for different servers.
1049
1050 config KERNEL_PID_NS
1051 bool "PID Namespaces"
1052 default y
1053 help
1054 Support process id namespaces. This allows having multiple
1055 processes with the same pid as long as they are in different
1056 pid namespaces. This is a building block of containers.
1057
1058 config KERNEL_NET_NS
1059 bool "Network namespace"
1060 default y
1061 help
1062 Allow user space to create what appear to be multiple instances
1063 of the network stack.
1064
1065 endif
1066
1067 config KERNEL_DEVPTS_MULTIPLE_INSTANCES
1068 bool "Support multiple instances of devpts"
1069 default y if !SMALL_FLASH
1070 help
1071 Enable support for multiple instances of devpts filesystem.
1072 If you want to have isolated PTY namespaces (eg: in containers),
1073 say Y here. Otherwise, say N. If enabled, each mount of devpts
1074 filesystem with the '-o newinstance' option will create an
1075 independent PTY namespace.
1076
1077 config KERNEL_POSIX_MQUEUE
1078 bool "POSIX Message Queues"
1079 default y if !SMALL_FLASH
1080 help
1081 POSIX variant of message queues is a part of IPC. In POSIX message
1082 queues every message has a priority which decides about succession
1083 of receiving it by a process. If you want to compile and run
1084 programs written e.g. for Solaris with use of its POSIX message
1085 queues (functions mq_*) say Y here.
1086
1087 POSIX message queues are visible as a filesystem called 'mqueue'
1088 and can be mounted somewhere if you want to do filesystem
1089 operations on message queues.
1090
1091
1092 config KERNEL_SECCOMP_FILTER
1093 bool
1094 default y if !SMALL_FLASH
1095
1096 config KERNEL_SECCOMP
1097 bool "Enable seccomp support"
1098 depends on !(TARGET_uml)
1099 select KERNEL_SECCOMP_FILTER
1100 default y if !SMALL_FLASH
1101 help
1102 Build kernel with support for seccomp.
1103
1104 #
1105 # IPv4 configuration
1106 #
1107
1108 config KERNEL_IP_MROUTE
1109 bool "Enable IPv4 multicast routing"
1110 default y
1111 help
1112 Multicast routing requires a multicast routing daemon in
1113 addition to kernel support.
1114
1115 if KERNEL_IP_MROUTE
1116
1117 config KERNEL_IP_MROUTE_MULTIPLE_TABLES
1118 def_bool y
1119
1120 config KERNEL_IP_PIMSM_V1
1121 def_bool y
1122
1123 config KERNEL_IP_PIMSM_V2
1124 def_bool y
1125
1126 endif
1127
1128 #
1129 # IPv6 configuration
1130 #
1131
1132 config KERNEL_IPV6
1133 def_bool IPV6
1134
1135 if KERNEL_IPV6
1136
1137 config KERNEL_IPV6_MULTIPLE_TABLES
1138 def_bool y
1139
1140 config KERNEL_IPV6_SUBTREES
1141 def_bool y
1142
1143 config KERNEL_IPV6_MROUTE
1144 bool "Enable IPv6 multicast routing"
1145 default y
1146 help
1147 Multicast routing requires a multicast routing daemon in
1148 addition to kernel support.
1149
1150 if KERNEL_IPV6_MROUTE
1151
1152 config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
1153 def_bool y
1154
1155 config KERNEL_IPV6_PIMSM_V2
1156 def_bool y
1157
1158 endif
1159
1160 config KERNEL_IPV6_SEG6_LWTUNNEL
1161 bool "Enable support for lightweight tunnels"
1162 default y if !SMALL_FLASH
1163 help
1164 Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
1165
1166 config KERNEL_LWTUNNEL_BPF
1167 def_bool n
1168
1169 endif
1170
1171 #
1172 # Miscellaneous network configuration
1173 #
1174
1175 config KERNEL_NET_L3_MASTER_DEV
1176 bool "L3 Master device support"
1177 help
1178 This module provides glue between core networking code and device
1179 drivers to support L3 master devices like VRF.
1180
1181 config KERNEL_XDP_SOCKETS
1182 bool "XDP sockets support"
1183 help
1184 XDP sockets allows a channel between XDP programs and
1185 userspace applications.
1186
1187 config KERNEL_WIRELESS_EXT
1188 def_bool n
1189
1190 config KERNEL_WEXT_CORE
1191 def_bool KERNEL_WIRELESS_EXT
1192
1193 config KERNEL_WEXT_PRIV
1194 def_bool KERNEL_WIRELESS_EXT
1195
1196 config KERNEL_WEXT_PROC
1197 def_bool KERNEL_WIRELESS_EXT
1198
1199 config KERNEL_WEXT_SPY
1200 def_bool KERNEL_WIRELESS_EXT
1201
1202 config KERNEL_PAGE_POOL
1203 def_bool n
1204
1205 config KERNEL_PAGE_POOL_STATS
1206 bool "Page pool stats support"
1207 depends on KERNEL_PAGE_POOL
1208
1209 #
1210 # NFS related symbols
1211 #
1212 config KERNEL_IP_PNP
1213 bool "Compile the kernel with rootfs on NFS"
1214 help
1215 If you want to make your kernel boot off a NFS server as root
1216 filesystem, select Y here.
1217
1218 if KERNEL_IP_PNP
1219
1220 config KERNEL_IP_PNP_DHCP
1221 def_bool y
1222
1223 config KERNEL_IP_PNP_BOOTP
1224 def_bool n
1225
1226 config KERNEL_IP_PNP_RARP
1227 def_bool n
1228
1229 config KERNEL_NFS_FS
1230 def_bool y
1231
1232 config KERNEL_NFS_V2
1233 def_bool y
1234
1235 config KERNEL_NFS_V3
1236 def_bool y
1237
1238 config KERNEL_ROOT_NFS
1239 def_bool y
1240
1241 endif
1242
1243 menu "Filesystem ACL and attr support options"
1244 config USE_FS_ACL_ATTR
1245 bool "Use filesystem ACL and attr support by default"
1246 help
1247 Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
1248 for kernel and packages, except tmpfs, flash filesystems,
1249 and old NFS. Also enable userspace extended attribute support
1250 by default. (OpenWrt already has an expection it will be
1251 present in the kernel).
1252
1253 config KERNEL_FS_POSIX_ACL
1254 bool "Enable POSIX ACL support"
1255 default y if USE_FS_ACL_ATTR
1256
1257 config KERNEL_BTRFS_FS_POSIX_ACL
1258 bool "Enable POSIX ACL for BtrFS Filesystems"
1259 select KERNEL_FS_POSIX_ACL
1260 default y if USE_FS_ACL_ATTR
1261
1262 config KERNEL_EXT4_FS_POSIX_ACL
1263 bool "Enable POSIX ACL for Ext4 Filesystems"
1264 select KERNEL_FS_POSIX_ACL
1265 default y if USE_FS_ACL_ATTR
1266
1267 config KERNEL_F2FS_FS_POSIX_ACL
1268 bool "Enable POSIX ACL for F2FS Filesystems"
1269 select KERNEL_FS_POSIX_ACL
1270
1271 config KERNEL_JFFS2_FS_POSIX_ACL
1272 bool "Enable POSIX ACL for JFFS2 Filesystems"
1273 select KERNEL_FS_POSIX_ACL
1274
1275 config KERNEL_TMPFS_POSIX_ACL
1276 bool "Enable POSIX ACL for TMPFS Filesystems"
1277 select KERNEL_FS_POSIX_ACL
1278
1279 config KERNEL_CIFS_ACL
1280 bool "Enable CIFS ACLs"
1281 select KERNEL_FS_POSIX_ACL
1282 default y if USE_FS_ACL_ATTR
1283
1284 config KERNEL_HFS_FS_POSIX_ACL
1285 bool "Enable POSIX ACL for HFS Filesystems"
1286 select KERNEL_FS_POSIX_ACL
1287 default y if USE_FS_ACL_ATTR
1288
1289 config KERNEL_HFSPLUS_FS_POSIX_ACL
1290 bool "Enable POSIX ACL for HFS+ Filesystems"
1291 select KERNEL_FS_POSIX_ACL
1292 default y if USE_FS_ACL_ATTR
1293
1294 config KERNEL_NFS_ACL_SUPPORT
1295 bool "Enable ACLs for NFS"
1296 default y if USE_FS_ACL_ATTR
1297
1298 config KERNEL_NFS_V3_ACL_SUPPORT
1299 bool "Enable ACLs for NFSv3"
1300
1301 config KERNEL_NFSD_V2_ACL_SUPPORT
1302 bool "Enable ACLs for NFSDv2"
1303
1304 config KERNEL_NFSD_V3_ACL_SUPPORT
1305 bool "Enable ACLs for NFSDv3"
1306
1307 config KERNEL_REISER_FS_POSIX_ACL
1308 bool "Enable POSIX ACLs for ReiserFS"
1309 select KERNEL_FS_POSIX_ACL
1310 default y if USE_FS_ACL_ATTR
1311
1312 config KERNEL_XFS_POSIX_ACL
1313 bool "Enable POSIX ACLs for XFS"
1314 select KERNEL_FS_POSIX_ACL
1315 default y if USE_FS_ACL_ATTR
1316
1317 config KERNEL_JFS_POSIX_ACL
1318 bool "Enable POSIX ACLs for JFS"
1319 select KERNEL_FS_POSIX_ACL
1320 default y if USE_FS_ACL_ATTR
1321
1322 endmenu
1323
1324 config KERNEL_DEVMEM
1325 bool "/dev/mem virtual device support"
1326 help
1327 Say Y here if you want to support the /dev/mem device.
1328 The /dev/mem device is used to access areas of physical
1329 memory.
1330
1331 config KERNEL_DEVKMEM
1332 bool "/dev/kmem virtual device support"
1333 help
1334 Say Y here if you want to support the /dev/kmem device. The
1335 /dev/kmem device is rarely used, but can be used for certain
1336 kind of kernel debugging operations.
1337
1338 config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
1339 int "Number of squashfs fragments cached"
1340 default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
1341 default 3
1342
1343 config KERNEL_SQUASHFS_XATTR
1344 bool "Squashfs XATTR support"
1345
1346 #
1347 # compile optimization setting
1348 #
1349 choice
1350 prompt "Compiler optimization level"
1351 default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
1352
1353 config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
1354 bool "Optimize for performance"
1355 help
1356 This is the default optimization level for the kernel, building
1357 with the "-O2" compiler flag for best performance and most
1358 helpful compile-time warnings.
1359
1360 config KERNEL_CC_OPTIMIZE_FOR_SIZE
1361 bool "Optimize for size"
1362 help
1363 Enabling this option will pass "-Os" instead of "-O2" to
1364 your compiler resulting in a smaller kernel.
1365
1366 endchoice
1367
1368 config KERNEL_AUDIT
1369 bool "Auditing support"
1370
1371 config KERNEL_SECURITY
1372 bool "Enable different security models"
1373
1374 config KERNEL_SECURITY_NETWORK
1375 bool "Socket and Networking Security Hooks"
1376 select KERNEL_SECURITY
1377
1378 config KERNEL_SECURITY_SELINUX
1379 bool "NSA SELinux Support"
1380 select KERNEL_SECURITY_NETWORK
1381 select KERNEL_AUDIT
1382
1383 config KERNEL_SECURITY_SELINUX_BOOTPARAM
1384 bool "NSA SELinux boot parameter"
1385 depends on KERNEL_SECURITY_SELINUX
1386 default y
1387
1388 config KERNEL_SECURITY_SELINUX_DISABLE
1389 bool "NSA SELinux runtime disable"
1390 depends on KERNEL_SECURITY_SELINUX
1391
1392 config KERNEL_SECURITY_SELINUX_DEVELOP
1393 bool "NSA SELinux Development Support"
1394 depends on KERNEL_SECURITY_SELINUX
1395 default y
1396
1397 config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
1398 int
1399 depends on KERNEL_SECURITY_SELINUX
1400 default 9
1401
1402 config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
1403 int
1404 depends on KERNEL_SECURITY_SELINUX
1405 default 256
1406
1407 config KERNEL_LSM
1408 string
1409 default "lockdown,yama,loadpin,safesetid,integrity,selinux"
1410 depends on KERNEL_SECURITY_SELINUX
1411
1412 config KERNEL_EXT4_FS_SECURITY
1413 bool "Ext4 Security Labels"
1414
1415 config KERNEL_F2FS_FS_SECURITY
1416 bool "F2FS Security Labels"
1417
1418 config KERNEL_UBIFS_FS_SECURITY
1419 bool "UBIFS Security Labels"
1420
1421 config KERNEL_JFFS2_FS_SECURITY
1422 bool "JFFS2 Security Labels"
1423
1424 config KERNEL_WERROR
1425 bool "Compile the kernel with warnings as errors"
1426 default BUILDBOT
1427 default y if GCC_USE_VERSION_12
1428 help
1429 A kernel build should not cause any compiler warnings, and this
1430 enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
1431 to enforce that rule by default. Certain warnings from other tools
1432 such as the linker may be upgraded to errors with this option as
1433 well.
1434
1435 However, if you have a new (or very old) compiler or linker with odd
1436 and unusual warnings, or you have some architecture with problems,
1437 you may need to disable this config option in order to
1438 successfully build the kernel.
Staging tree of Jo-Philipp Wich