projects / openwrt / staging / nbd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
build: Add option KERNEL_KASAN_SW_TAGS and HW_TAGS
[openwrt/staging/nbd.git] / config / Config-kernel.in
1 # SPDX-License-Identifier: GPL-2.0-only
2 #
3 # Copyright (C) 2006-2014 OpenWrt.org
4
5 config KERNEL_BUILD_USER
6 string "Custom Kernel Build User Name"
7 default "builder" if BUILDBOT
8 default ""
9 help
10 Sets the Kernel build user string, which for example will be returned
11 by 'uname -a' on running systems.
12 If not set, uses system user at build time.
13
14 config KERNEL_BUILD_DOMAIN
15 string "Custom Kernel Build Domain Name"
16 default "buildhost" if BUILDBOT
17 default ""
18 help
19 Sets the Kernel build domain string, which for example will be
20 returned by 'uname -a' on running systems.
21 If not set, uses system hostname at build time.
22
23 config KERNEL_PRINTK
24 bool "Enable support for printk"
25 default y
26
27 config KERNEL_SWAP
28 bool "Support for paging of anonymous memory (swap)"
29 default y if !SMALL_FLASH
30
31 config KERNEL_PROC_STRIPPED
32 bool "Strip non-essential /proc functionality to reduce code size"
33 default y if SMALL_FLASH
34
35 config KERNEL_DEBUG_FS
36 bool "Compile the kernel with debug filesystem enabled"
37 default y
38 help
39 debugfs is a virtual file system that kernel developers use to put
40 debugging files into. Enable this option to be able to read and
41 write to these files. Many common debugging facilities, such as
42 ftrace, require the existence of debugfs.
43
44 config KERNEL_MIPS_FP_SUPPORT
45 bool
46 default y if TARGET_pistachio
47
48 config KERNEL_ARM_PMU
49 bool
50 depends on (arm || aarch64)
51
52 config KERNEL_X86_VSYSCALL_EMULATION
53 bool "Enable vsyscall emulation"
54 depends on x86_64
55 help
56 This enables emulation of the legacy vsyscall page. Disabling
57 it is roughly equivalent to booting with vsyscall=none, except
58 that it will also disable the helpful warning if a program
59 tries to use a vsyscall. With this option set to N, offending
60 programs will just segfault, citing addresses of the form
61 0xffffffffff600?00.
62
63 This option is required by many programs built before 2013, and
64 care should be used even with newer programs if set to N.
65
66 Disabling this option saves about 7K of kernel size and
67 possibly 4K of additional runtime pagetable memory.
68
69 config KERNEL_PERF_EVENTS
70 bool "Compile the kernel with performance events and counters"
71 select KERNEL_ARM_PMU if (arm || aarch64)
72
73 config KERNEL_PROFILING
74 bool "Compile the kernel with profiling enabled"
75 select KERNEL_PERF_EVENTS
76 help
77 Enable the extended profiling support mechanisms used by profilers such
78 as OProfile.
79
80 config KERNEL_RPI_AXIPERF
81 bool "Compile the kernel with RaspberryPi AXI Performance monitors"
82 default y
83 depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
84
85 config KERNEL_UBSAN
86 bool "Compile the kernel with undefined behaviour sanity checker"
87 help
88 This option enables undefined behaviour sanity checker
89 Compile-time instrumentation is used to detect various undefined
90 behaviours in runtime. Various types of checks may be enabled
91 via boot parameter ubsan_handle
92 (see: Documentation/dev-tools/ubsan.rst).
93
94 config KERNEL_UBSAN_SANITIZE_ALL
95 bool "Enable instrumentation for the entire kernel"
96 depends on KERNEL_UBSAN
97 default y
98 help
99 This option activates instrumentation for the entire kernel.
100 If you don't enable this option, you have to explicitly specify
101 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
102 Enabling this option will get kernel image size increased
103 significantly.
104
105 config KERNEL_UBSAN_ALIGNMENT
106 bool "Enable checking of pointers alignment"
107 depends on KERNEL_UBSAN
108 help
109 This option enables detection of unaligned memory accesses.
110 Enabling this option on architectures that support unaligned
111 accesses may produce a lot of false positives.
112
113 config KERNEL_UBSAN_BOUNDS
114 bool "Perform array index bounds checking"
115 depends on KERNEL_UBSAN
116 help
117 This option enables detection of directly indexed out of bounds array
118 accesses, where the array size is known at compile time. Note that
119 this does not protect array overflows via bad calls to the
120 {str,mem}*cpy() family of functions (that is addressed by
121 FORTIFY_SOURCE).
122
123 config KERNEL_UBSAN_NULL
124 bool "Enable checking of null pointers"
125 depends on KERNEL_UBSAN
126 help
127 This option enables detection of memory accesses via a
128 null pointer.
129
130 config KERNEL_UBSAN_TRAP
131 bool "On Sanitizer warnings, abort the running kernel code"
132 depends on KERNEL_UBSAN
133 help
134 Building kernels with Sanitizer features enabled tends to grow the
135 kernel size by around 5%, due to adding all the debugging text on
136 failure paths. To avoid this, Sanitizer instrumentation can just
137 issue a trap. This reduces the kernel size overhead but turns all
138 warnings (including potentially harmless conditions) into full
139 exceptions that abort the running kernel code (regardless of context,
140 locks held, etc), which may destabilize the system. For some system
141 builders this is an acceptable trade-off.
142
143 config KERNEL_KASAN
144 bool "Compile the kernel with KASan: runtime memory debugger"
145 select KERNEL_SLUB_DEBUG
146 depends on (x86_64 || aarch64)
147 help
148 Enables kernel address sanitizer - runtime memory debugger,
149 designed to find out-of-bounds accesses and use-after-free bugs.
150 This is strictly a debugging feature and it requires a gcc version
151 of 4.9.2 or later. Detection of out of bounds accesses to stack or
152 global variables requires gcc 5.0 or later.
153 This feature consumes about 1/8 of available memory and brings about
154 ~x3 performance slowdown.
155 For better error detection enable CONFIG_STACKTRACE.
156 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
157 (the resulting kernel does not boot).
158
159 config KERNEL_KASAN_EXTRA
160 bool "KAsan: extra checks"
161 depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
162 help
163 This enables further checks in the kernel address sanitizer, for now
164 it only includes the address-use-after-scope check that can lead
165 to excessive kernel stack usage, frame size warnings and longer
166 compile time.
167 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
168
169 config KERNEL_KASAN_VMALLOC
170 bool "Back mappings in vmalloc space with real shadow memory"
171 depends on KERNEL_KASAN
172 help
173 By default, the shadow region for vmalloc space is the read-only
174 zero page. This means that KASAN cannot detect errors involving
175 vmalloc space.
176
177 Enabling this option will hook in to vmap/vmalloc and back those
178 mappings with real shadow memory allocated on demand. This allows
179 for KASAN to detect more sorts of errors (and to support vmapped
180 stacks), but at the cost of higher memory usage.
181
182 This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
183 depend on that in here, so it is possible that enabling this
184 will have no effect.
185
186 if KERNEL_KASAN
187 choice
188 prompt "KASAN mode"
189 depends on KERNEL_KASAN
190 default KERNEL_KASAN_GENERIC
191 help
192 KASAN has three modes:
193
194 1. Generic KASAN (supported by many architectures, enabled with
195 CONFIG_KASAN_GENERIC, similar to userspace ASan),
196 2. Software Tag-Based KASAN (arm64 only, based on software memory
197 tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
198 HWASan), and
199 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
200 tagging, enabled with CONFIG_KASAN_HW_TAGS).
201
202 config KERNEL_KASAN_GENERIC
203 bool "Generic KASAN"
204 select KERNEL_SLUB_DEBUG
205 help
206 Enables Generic KASAN.
207
208 Consumes about 1/8th of available memory at kernel start and adds an
209 overhead of ~50% for dynamic allocations.
210 The performance slowdown is ~x3.
211
212 config KERNEL_KASAN_SW_TAGS
213 bool "Software Tag-Based KASAN"
214 depends on aarch64
215 select KERNEL_SLUB_DEBUG
216 help
217 Enables Software Tag-Based KASAN.
218
219 Supported only on arm64 CPUs and relies on Top Byte Ignore.
220
221 Consumes about 1/16th of available memory at kernel start and
222 add an overhead of ~20% for dynamic allocations.
223
224 May potentially introduce problems related to pointer casting and
225 comparison, as it embeds a tag into the top byte of each pointer.
226
227 config KERNEL_KASAN_HW_TAGS
228 bool "Hardware Tag-Based KASAN"
229 depends on aarch64
230 select KERNEL_SLUB_DEBUG
231 select KERNEL_ARM64_MTE
232 help
233 Enables Hardware Tag-Based KASAN.
234
235 Supported only on arm64 CPUs starting from ARMv8.5 and relies on
236 Memory Tagging Extension and Top Byte Ignore.
237
238 Consumes about 1/32nd of available memory.
239
240 May potentially introduce problems related to pointer casting and
241 comparison, as it embeds a tag into the top byte of each pointer.
242
243 endchoice
244
245 config KERNEL_ARM64_MTE
246 def_bool n
247
248 endif
249
250 choice
251 prompt "Instrumentation type"
252 depends on KERNEL_KASAN
253 depends on !KERNEL_KASAN_HW_TAGS
254 default KERNEL_KASAN_OUTLINE
255
256 config KERNEL_KASAN_OUTLINE
257 bool "Outline instrumentation"
258 help
259 Before every memory access compiler insert function call
260 __asan_load*/__asan_store*. These functions performs check
261 of shadow memory. This is slower than inline instrumentation,
262 however it doesn't bloat size of kernel's .text section so
263 much as inline does.
264
265 config KERNEL_KASAN_INLINE
266 bool "Inline instrumentation"
267 help
268 Compiler directly inserts code checking shadow memory before
269 memory accesses. This is faster than outline (in some workloads
270 it gives about x2 boost over outline instrumentation), but
271 make kernel's .text size much bigger.
272 This requires a gcc version of 5.0 or later.
273
274 endchoice
275
276 config KERNEL_KCOV
277 bool "Compile the kernel with code coverage for fuzzing"
278 select KERNEL_DEBUG_FS
279 help
280 KCOV exposes kernel code coverage information in a form suitable
281 for coverage-guided fuzzing (randomized testing).
282
283 If RANDOMIZE_BASE is enabled, PC values will not be stable across
284 different machines and across reboots. If you need stable PC values,
285 disable RANDOMIZE_BASE.
286
287 For more details, see Documentation/kcov.txt.
288
289 config KERNEL_KCOV_ENABLE_COMPARISONS
290 bool "Enable comparison operands collection by KCOV"
291 depends on KERNEL_KCOV
292 help
293 KCOV also exposes operands of every comparison in the instrumented
294 code along with operand sizes and PCs of the comparison instructions.
295 These operands can be used by fuzzing engines to improve the quality
296 of fuzzing coverage.
297
298 config KERNEL_KCOV_INSTRUMENT_ALL
299 bool "Instrument all code by default"
300 depends on KERNEL_KCOV
301 default y if KERNEL_KCOV
302 help
303 If you are doing generic system call fuzzing (like e.g. syzkaller),
304 then you will want to instrument the whole kernel and you should
305 say y here. If you are doing more targeted fuzzing (like e.g.
306 filesystem fuzzing with AFL) then you will want to enable coverage
307 for more specific subsets of files, and should say n here.
308
309 config KERNEL_TASKSTATS
310 bool "Compile the kernel with task resource/io statistics and accounting"
311 help
312 Enable the collection and publishing of task/io statistics and
313 accounting. Enable this option to enable i/o monitoring in system
314 monitors.
315
316 if KERNEL_TASKSTATS
317
318 config KERNEL_TASK_DELAY_ACCT
319 def_bool y
320
321 config KERNEL_TASK_IO_ACCOUNTING
322 def_bool y
323
324 config KERNEL_TASK_XACCT
325 def_bool y
326
327 endif
328
329 config KERNEL_KALLSYMS
330 bool "Compile the kernel with symbol table information"
331 default y if !SMALL_FLASH
332 help
333 This will give you more information in stack traces from kernel oopses.
334
335 config KERNEL_FTRACE
336 bool "Compile the kernel with tracing support"
337 depends on !TARGET_uml
338
339 config KERNEL_FTRACE_SYSCALLS
340 bool "Trace system calls"
341 depends on KERNEL_FTRACE
342
343 config KERNEL_ENABLE_DEFAULT_TRACERS
344 bool "Trace process context switches and events"
345 depends on KERNEL_FTRACE
346
347 config KERNEL_FUNCTION_TRACER
348 bool "Function tracer"
349 depends on KERNEL_FTRACE
350
351 config KERNEL_FUNCTION_GRAPH_TRACER
352 bool "Function graph tracer"
353 depends on KERNEL_FUNCTION_TRACER
354
355 config KERNEL_DYNAMIC_FTRACE
356 bool "Enable/disable function tracing dynamically"
357 depends on KERNEL_FUNCTION_TRACER
358
359 config KERNEL_FUNCTION_PROFILER
360 bool "Function profiler"
361 depends on KERNEL_FUNCTION_TRACER
362
363 config KERNEL_IRQSOFF_TRACER
364 bool "Interrupts-off Latency Tracer"
365 depends on KERNEL_FTRACE
366 help
367 This option measures the time spent in irqs-off critical
368 sections, with microsecond accuracy.
369
370 The default measurement method is a maximum search, which is
371 disabled by default and can be runtime (re-)started
372 via:
373
374 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
375
376 (Note that kernel size and overhead increase with this option
377 enabled. This option and the preempt-off timing option can be
378 used together or separately.)
379
380 config KERNEL_PREEMPT_TRACER
381 bool "Preemption-off Latency Tracer"
382 depends on KERNEL_FTRACE
383 help
384 This option measures the time spent in preemption-off critical
385 sections, with microsecond accuracy.
386
387 The default measurement method is a maximum search, which is
388 disabled by default and can be runtime (re-)started
389 via:
390
391 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
392
393 (Note that kernel size and overhead increase with this option
394 enabled. This option and the irqs-off timing option can be
395 used together or separately.)
396
397 config KERNEL_HIST_TRIGGERS
398 bool "Histogram triggers"
399 depends on KERNEL_FTRACE
400 help
401 Hist triggers allow one or more arbitrary trace event fields to be
402 aggregated into hash tables and dumped to stdout by reading a
403 debugfs/tracefs file. They're useful for gathering quick and dirty
404 (though precise) summaries of event activity as an initial guide for
405 further investigation using more advanced tools.
406
407 Inter-event tracing of quantities such as latencies is also
408 supported using hist triggers under this option.
409
410 config KERNEL_DEBUG_KERNEL
411 bool
412
413 config KERNEL_DEBUG_INFO
414 bool "Compile the kernel with debug information"
415 default y if !SMALL_FLASH
416 select KERNEL_DEBUG_KERNEL
417 help
418 This will compile your kernel and modules with debug information.
419
420 config KERNEL_DEBUG_INFO_BTF
421
422 bool "Enable additional BTF type information"
423 depends on !HOST_OS_MACOS
424 depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
425 select DWARVES
426 help
427 Generate BPF Type Format (BTF) information from DWARF debug info.
428 Turning this on expects presence of pahole tool, which will convert
429 DWARF type info into equivalent deduplicated BTF type info.
430
431 Required to run BPF CO-RE applications.
432
433 config KERNEL_MODULE_ALLOW_BTF_MISMATCH
434 bool "Allow loading modules with non-matching BTF type info"
435 depends on KERNEL_DEBUG_INFO_BTF
436 help
437 For modules whose split BTF does not match vmlinux, load without
438 BTF rather than refusing to load. The default behavior with
439 module BTF enabled is to reject modules with such mismatches;
440 this option will still load module BTF where possible but ignore
441 it when a mismatch is found.
442
443 config KERNEL_DEBUG_INFO_REDUCED
444 bool "Reduce debugging information"
445 default y
446 depends on KERNEL_DEBUG_INFO
447 help
448 If you say Y here gcc is instructed to generate less debugging
449 information for structure types. This means that tools that
450 need full debugging information (like kgdb or systemtap) won't
451 be happy. But if you merely need debugging information to
452 resolve line numbers there is no loss. Advantage is that
453 build directory object sizes shrink dramatically over a full
454 DEBUG_INFO build and compile times are reduced too.
455 Only works with newer gcc versions.
456
457 config KERNEL_FRAME_WARN
458 int
459 range 0 8192
460 default 1280 if KERNEL_KASAN && !ARCH_64BIT
461 default 1024 if !ARCH_64BIT
462 default 2048 if ARCH_64BIT
463 help
464 Tell the compiler to warn at build time for stack frames larger than this.
465 Setting this too low will cause a lot of warnings.
466 Setting it to 0 disables the warning.
467
468 # KERNEL_DEBUG_LL symbols must have the default value set as otherwise
469 # KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
470 # which means that buildroot wont override the DEBUG_LL symbols in target
471 # kernel configurations and lead to devices that dont have working console
472 config KERNEL_DEBUG_LL_UART_NONE
473 bool
474 default n
475 depends on arm
476
477 config KERNEL_DEBUG_LL
478 bool
479 default n
480 depends on arm
481 select KERNEL_DEBUG_LL_UART_NONE
482 help
483 ARM low level debugging.
484
485 config KERNEL_DEBUG_VIRTUAL
486 bool "Compile the kernel with VM translations debugging"
487 select KERNEL_DEBUG_KERNEL
488 help
489 Enable checks sanity checks to catch invalid uses of
490 virt_to_phys()/phys_to_virt() against the non-linear address space.
491
492 config KERNEL_DYNAMIC_DEBUG
493 bool "Compile the kernel with dynamic printk"
494 select KERNEL_DEBUG_FS
495 help
496 Compiles debug level messages into the kernel, which would not
497 otherwise be available at runtime. These messages can then be
498 enabled/disabled based on various levels of scope - per source file,
499 function, module, format string, and line number. This mechanism
500 implicitly compiles in all pr_debug() and dev_dbg() calls, which
501 enlarges the kernel text size by about 2%.
502
503 config KERNEL_EARLY_PRINTK
504 bool "Compile the kernel with early printk"
505 default y if TARGET_bcm53xx
506 depends on arm
507 select KERNEL_DEBUG_KERNEL
508 select KERNEL_DEBUG_LL if arm
509 help
510 Compile the kernel with early printk support. This is only useful for
511 debugging purposes to send messages over the serial console in early boot.
512 Enable this to debug early boot problems.
513
514 config KERNEL_KPROBES
515 bool "Compile the kernel with kprobes support"
516 select KERNEL_FTRACE
517 select KERNEL_PERF_EVENTS
518 help
519 Compiles the kernel with KPROBES support, which allows you to trap
520 at almost any kernel address and execute a callback function.
521 register_kprobe() establishes a probepoint and specifies the
522 callback. Kprobes is useful for kernel debugging, non-intrusive
523 instrumentation and testing.
524 If in doubt, say "N".
525
526 config KERNEL_KPROBE_EVENTS
527 bool
528 default y if KERNEL_KPROBES
529
530 config KERNEL_BPF_EVENTS
531 bool "Compile the kernel with BPF event support"
532 select KERNEL_KPROBES
533 help
534 Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
535 This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
536 for sending data from BPF programs to user-space for post-processing
537 or logging.
538
539 config KERNEL_BPF_KPROBE_OVERRIDE
540 bool
541 depends on KERNEL_KPROBES
542 default n
543
544 config KERNEL_AIO
545 bool "Compile the kernel with asynchronous IO support"
546 default y if !SMALL_FLASH
547
548 config KERNEL_IO_URING
549 bool "Compile the kernel with io_uring support"
550 depends on !SMALL_FLASH
551 default y if (x86_64 || aarch64)
552
553 config KERNEL_FHANDLE
554 bool "Compile the kernel with support for fhandle syscalls"
555 default y if !SMALL_FLASH
556
557 config KERNEL_FANOTIFY
558 bool "Compile the kernel with modern file notification support"
559 default y if !SMALL_FLASH
560
561 config KERNEL_BLK_DEV_BSG
562 bool "Compile the kernel with SCSI generic v4 support for any block device"
563
564 config KERNEL_TRANSPARENT_HUGEPAGE
565 bool
566
567 choice
568 prompt "Transparent Hugepage Support sysfs defaults"
569 depends on KERNEL_TRANSPARENT_HUGEPAGE
570 default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
571
572 config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
573 bool "always"
574
575 config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
576 bool "madvise"
577 endchoice
578
579 config KERNEL_HUGETLBFS
580 bool
581
582 config KERNEL_HUGETLB_PAGE
583 bool "Compile the kernel with HugeTLB support"
584 select KERNEL_TRANSPARENT_HUGEPAGE
585 select KERNEL_HUGETLBFS
586
587 config KERNEL_MAGIC_SYSRQ
588 bool "Compile the kernel with SysRq support"
589 default y
590
591 config KERNEL_DEBUG_PINCTRL
592 bool "Compile the kernel with pinctrl debugging"
593 select KERNEL_DEBUG_KERNEL
594
595 config KERNEL_DEBUG_GPIO
596 bool "Compile the kernel with gpio debugging"
597 select KERNEL_DEBUG_KERNEL
598
599 config KERNEL_COREDUMP
600 bool
601
602 config KERNEL_ELF_CORE
603 bool "Enable process core dump support"
604 select KERNEL_COREDUMP
605 default y if !SMALL_FLASH
606
607 config KERNEL_PROVE_LOCKING
608 bool "Enable kernel lock checking"
609 select KERNEL_DEBUG_KERNEL
610
611 config KERNEL_SOFTLOCKUP_DETECTOR
612 bool "Compile the kernel with detect Soft Lockups"
613 depends on KERNEL_DEBUG_KERNEL
614 help
615 Say Y here to enable the kernel to act as a watchdog to detect
616 soft lockups.
617
618 Softlockups are bugs that cause the kernel to loop in kernel
619 mode for more than 20 seconds, without giving other tasks a
620 chance to run. The current stack trace is displayed upon
621 detection and the system will stay locked up.
622
623 config KERNEL_HARDLOCKUP_DETECTOR
624 bool "Compile the kernel with detect Hard Lockups"
625 depends on KERNEL_DEBUG_KERNEL
626 help
627 Say Y here to enable the kernel to act as a watchdog to detect
628 hard lockups.
629
630 Hardlockups are bugs that cause the CPU to loop in kernel mode
631 for more than 10 seconds, without letting other interrupts have a
632 chance to run. The current stack trace is displayed upon detection
633 and the system will stay locked up.
634
635 config KERNEL_DETECT_HUNG_TASK
636 bool "Compile the kernel with detect Hung Tasks"
637 depends on KERNEL_DEBUG_KERNEL
638 default KERNEL_SOFTLOCKUP_DETECTOR
639 help
640 Say Y here to enable the kernel to detect "hung tasks",
641 which are bugs that cause the task to be stuck in
642 uninterruptible "D" state indefinitely.
643
644 When a hung task is detected, the kernel will print the
645 current stack trace (which you should report), but the
646 task will stay in uninterruptible state. If lockdep is
647 enabled then all held locks will also be reported. This
648 feature has negligible overhead.
649
650 config KERNEL_WQ_WATCHDOG
651 bool "Compile the kernel with detect Workqueue Stalls"
652 depends on KERNEL_DEBUG_KERNEL
653 help
654 Say Y here to enable stall detection on workqueues. If a
655 worker pool doesn't make forward progress on a pending work
656 item for over a given amount of time, 30s by default, a
657 warning message is printed along with dump of workqueue
658 state. This can be configured through kernel parameter
659 "workqueue.watchdog_thresh" and its sysfs counterpart.
660
661 config KERNEL_DEBUG_ATOMIC_SLEEP
662 bool "Compile the kernel with sleep inside atomic section checking"
663 depends on KERNEL_DEBUG_KERNEL
664 help
665 If you say Y here, various routines which may sleep will become very
666 noisy if they are called inside atomic sections: when a spinlock is
667 held, inside an rcu read side critical section, inside preempt disabled
668 sections, inside an interrupt, etc...
669
670 config KERNEL_DEBUG_VM
671 bool "Compile the kernel with debug VM"
672 depends on KERNEL_DEBUG_KERNEL
673 help
674 Enable this to turn on extended checks in the virtual-memory system
675 that may impact performance.
676
677 If unsure, say N.
678
679 config KERNEL_PRINTK_TIME
680 bool "Enable printk timestamps"
681 default y
682
683 config KERNEL_SLUB_DEBUG
684 bool
685
686 config KERNEL_SLUB_DEBUG_ON
687 bool
688
689 config KERNEL_SLABINFO
690 select KERNEL_SLUB_DEBUG
691 select KERNEL_SLUB_DEBUG_ON
692 bool "Enable /proc slab debug info"
693
694 config KERNEL_PROC_PAGE_MONITOR
695 bool "Enable /proc page monitoring"
696
697 config KERNEL_RELAY
698 bool
699
700 config KERNEL_KEXEC
701 bool "Enable kexec support"
702
703 config KERNEL_PROC_VMCORE
704 bool
705
706 config KERNEL_PROC_KCORE
707 bool
708
709 config KERNEL_CRASH_DUMP
710 depends on i386 || x86_64 || arm || armeb
711 select KERNEL_KEXEC
712 select KERNEL_PROC_VMCORE
713 select KERNEL_PROC_KCORE
714 bool "Enable support for kexec crashdump"
715 default y
716
717 config USE_RFKILL
718 bool "Enable rfkill support"
719 default RFKILL_SUPPORT
720
721 config USE_SPARSE
722 bool "Enable sparse check during kernel build"
723
724 config KERNEL_DEVTMPFS
725 bool "Compile the kernel with device tmpfs enabled"
726 help
727 devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
728 devices nodes for all registered devices to simplify boot, but leaves more
729 complex tasks to userspace (e.g. udev).
730
731 if KERNEL_DEVTMPFS
732
733 config KERNEL_DEVTMPFS_MOUNT
734 bool "Automatically mount devtmpfs after root filesystem is mounted"
735
736 endif
737
738 config KERNEL_KEYS
739 bool "Enable kernel access key retention support"
740 default !SMALL_FLASH
741
742 config KERNEL_PERSISTENT_KEYRINGS
743 bool "Enable kernel persistent keyrings"
744 depends on KERNEL_KEYS
745
746 config KERNEL_KEYS_REQUEST_CACHE
747 bool "Enable temporary caching of the last request_key() result"
748 depends on KERNEL_KEYS
749
750 config KERNEL_BIG_KEYS
751 bool "Enable large payload keys on kernel keyrings"
752 depends on KERNEL_KEYS
753
754 #
755 # CGROUP support symbols
756 #
757
758 config KERNEL_CGROUPS
759 bool "Enable kernel cgroups"
760 default y if !SMALL_FLASH
761
762 if KERNEL_CGROUPS
763
764 config KERNEL_CGROUP_DEBUG
765 bool "Example debug cgroup subsystem"
766 help
767 This option enables a simple cgroup subsystem that
768 exports useful debugging information about the cgroups
769 framework.
770
771 config KERNEL_FREEZER
772 bool
773
774 config KERNEL_CGROUP_FREEZER
775 bool "legacy Freezer cgroup subsystem"
776 select KERNEL_FREEZER
777 help
778 Provides a way to freeze and unfreeze all tasks in a
779 cgroup.
780 (legacy cgroup1-only controller, in cgroup2 freezer
781 is integrated in the Memory controller)
782
783 config KERNEL_CGROUP_DEVICE
784 bool "legacy Device controller for cgroups"
785 help
786 Provides a cgroup implementing whitelists for devices which
787 a process in the cgroup can mknod or open.
788 (legacy cgroup1-only controller)
789
790 config KERNEL_CGROUP_HUGETLB
791 bool "HugeTLB controller"
792 select KERNEL_HUGETLB_PAGE
793
794 config KERNEL_CGROUP_PIDS
795 bool "PIDs cgroup subsystem"
796 default y
797 help
798 Provides enforcement of process number limits in the scope of a
799 cgroup.
800
801 config KERNEL_CGROUP_RDMA
802 bool "RDMA controller for cgroups"
803 default y
804
805 config KERNEL_CGROUP_BPF
806 bool "Support for eBPF programs attached to cgroups"
807 default y
808
809 config KERNEL_CPUSETS
810 bool "Cpuset support"
811 default y
812 help
813 This option will let you create and manage CPUSETs which
814 allow dynamically partitioning a system into sets of CPUs and
815 Memory Nodes and assigning tasks to run only within those sets.
816 This is primarily useful on large SMP or NUMA systems.
817
818 config KERNEL_PROC_PID_CPUSET
819 bool "Include legacy /proc/<pid>/cpuset file"
820 depends on KERNEL_CPUSETS
821
822 config KERNEL_CGROUP_CPUACCT
823 bool "Simple CPU accounting cgroup subsystem"
824 default y
825 help
826 Provides a simple Resource Controller for monitoring the
827 total CPU consumed by the tasks in a cgroup.
828
829 config KERNEL_RESOURCE_COUNTERS
830 bool "Resource counters"
831 default y
832 help
833 This option enables controller independent resource accounting
834 infrastructure that works with cgroups.
835
836 config KERNEL_MM_OWNER
837 bool
838 default y if KERNEL_MEMCG
839
840 config KERNEL_MEMCG
841 bool "Memory Resource Controller for Control Groups"
842 default y
843 select KERNEL_FREEZER
844 depends on KERNEL_RESOURCE_COUNTERS
845 help
846 Provides a memory resource controller that manages both anonymous
847 memory and page cache. (See Documentation/cgroups/memory.txt)
848
849 Note that setting this option increases fixed memory overhead
850 associated with each page of memory in the system. By this,
851 20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
852 usage tracking struct at boot. Total amount of this is printed out
853 at boot.
854
855 Only enable when you're ok with these tradeoffs and really
856 sure you need the memory resource controller. Even when you enable
857 this, you can set "cgroup_disable=memory" at your boot option to
858 disable memory resource controller and you can avoid overheads
859 (but lose benefits of memory resource controller).
860
861 This config option also selects MM_OWNER config option, which
862 could in turn add some fork/exit overhead.
863
864 config KERNEL_MEMCG_SWAP
865 bool "Memory Resource Controller Swap Extension"
866 default y
867 depends on KERNEL_MEMCG
868 help
869 Add swap management feature to memory resource controller. When you
870 enable this, you can limit mem+swap usage per cgroup. In other words,
871 when you disable this, memory resource controller has no cares to
872 usage of swap...a process can exhaust all of the swap. This extension
873 is useful when you want to avoid exhaustion swap but this itself
874 adds more overheads and consumes memory for remembering information.
875 Especially if you use 32bit system or small memory system, please
876 be careful about enabling this. When memory resource controller
877 is disabled by boot option, this will be automatically disabled and
878 there will be no overhead from this. Even when you set this config=y,
879 if boot option "swapaccount=0" is set, swap will not be accounted.
880 Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
881 size is 4096bytes, 512k per 1Gbytes of swap.
882
883 config KERNEL_MEMCG_SWAP_ENABLED
884 bool "Memory Resource Controller Swap Extension enabled by default"
885 depends on KERNEL_MEMCG_SWAP
886 help
887 Memory Resource Controller Swap Extension comes with its price in
888 a bigger memory consumption. General purpose distribution kernels
889 which want to enable the feature but keep it disabled by default
890 and let the user enable it by swapaccount boot command line
891 parameter should have this option unselected.
892
893 Those who want to have the feature enabled by default should
894 select this option (if, for some reason, they need to disable it,
895 then swapaccount=0 does the trick).
896
897
898 config KERNEL_MEMCG_KMEM
899 bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
900 default y
901 depends on KERNEL_MEMCG
902 help
903 The Kernel Memory extension for Memory Resource Controller can limit
904 the amount of memory used by kernel objects in the system. Those are
905 fundamentally different from the entities handled by the standard
906 Memory Controller, which are page-based, and can be swapped. Users of
907 the kmem extension can use it to guarantee that no group of processes
908 will ever exhaust kernel resources alone.
909
910 config KERNEL_CGROUP_PERF
911 bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
912 select KERNEL_PERF_EVENTS
913 help
914 This option extends the per-cpu mode to restrict monitoring to
915 threads which belong to the cgroup specified and run on the
916 designated cpu.
917
918 menuconfig KERNEL_CGROUP_SCHED
919 bool "Group CPU scheduler"
920 default y
921 help
922 This feature lets CPU scheduler recognize task groups and control CPU
923 bandwidth allocation to such task groups. It uses cgroups to group
924 tasks.
925
926 if KERNEL_CGROUP_SCHED
927
928 config KERNEL_FAIR_GROUP_SCHED
929 bool "Group scheduling for SCHED_OTHER"
930 default y
931
932 config KERNEL_CFS_BANDWIDTH
933 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
934 default y
935 depends on KERNEL_FAIR_GROUP_SCHED
936 help
937 This option allows users to define CPU bandwidth rates (limits) for
938 tasks running within the fair group scheduler. Groups with no limit
939 set are considered to be unconstrained and will run with no
940 restriction.
941 See tip/Documentation/scheduler/sched-bwc.txt for more information.
942
943 config KERNEL_RT_GROUP_SCHED
944 bool "Group scheduling for SCHED_RR/FIFO"
945 default y
946 help
947 This feature lets you explicitly allocate real CPU bandwidth
948 to task groups. If enabled, it will also make it impossible to
949 schedule realtime tasks for non-root users until you allocate
950 realtime bandwidth for them.
951
952 endif
953
954 config KERNEL_BLK_CGROUP
955 bool "Block IO controller"
956 default y
957 help
958 Generic block IO controller cgroup interface. This is the common
959 cgroup interface which should be used by various IO controlling
960 policies.
961
962 Currently, CFQ IO scheduler uses it to recognize task groups and
963 control disk bandwidth allocation (proportional time slice allocation)
964 to such task groups. It is also used by bio throttling logic in
965 block layer to implement upper limit in IO rates on a device.
966
967 This option only enables generic Block IO controller infrastructure.
968 One needs to also enable actual IO controlling logic/policy. For
969 enabling proportional weight division of disk bandwidth in CFQ, set
970 CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
971 CONFIG_BLK_DEV_THROTTLING=y.
972
973 if KERNEL_BLK_CGROUP
974
975 config KERNEL_CFQ_GROUP_IOSCHED
976 bool "Proportional weight of disk bandwidth in CFQ"
977
978 config KERNEL_BLK_DEV_THROTTLING
979 bool "Enable throttling policy"
980 default y
981
982 config KERNEL_BLK_DEV_THROTTLING_LOW
983 bool "Block throttling .low limit interface support (EXPERIMENTAL)"
984 depends on KERNEL_BLK_DEV_THROTTLING
985 endif
986
987 config KERNEL_DEBUG_BLK_CGROUP
988 bool "Enable Block IO controller debugging"
989 depends on KERNEL_BLK_CGROUP
990 help
991 Enable some debugging help. Currently it exports additional stat
992 files in a cgroup which can be useful for debugging.
993
994 config KERNEL_NET_CLS_CGROUP
995 bool "legacy Control Group Classifier"
996
997 config KERNEL_CGROUP_NET_CLASSID
998 bool "legacy Network classid cgroup"
999
1000 config KERNEL_CGROUP_NET_PRIO
1001 bool "legacy Network priority cgroup"
1002
1003 endif
1004
1005 #
1006 # Namespace support symbols
1007 #
1008
1009 config KERNEL_NAMESPACES
1010 bool "Enable kernel namespaces"
1011 default y if !SMALL_FLASH
1012
1013 if KERNEL_NAMESPACES
1014
1015 config KERNEL_UTS_NS
1016 bool "UTS namespace"
1017 default y
1018 help
1019 In this namespace, tasks see different info provided
1020 with the uname() system call.
1021
1022 config KERNEL_IPC_NS
1023 bool "IPC namespace"
1024 default y
1025 help
1026 In this namespace, tasks work with IPC ids which correspond to
1027 different IPC objects in different namespaces.
1028
1029 config KERNEL_USER_NS
1030 bool "User namespace (EXPERIMENTAL)"
1031 default y
1032 help
1033 This allows containers, i.e. vservers, to use user namespaces
1034 to provide different user info for different servers.
1035
1036 config KERNEL_PID_NS
1037 bool "PID Namespaces"
1038 default y
1039 help
1040 Support process id namespaces. This allows having multiple
1041 processes with the same pid as long as they are in different
1042 pid namespaces. This is a building block of containers.
1043
1044 config KERNEL_NET_NS
1045 bool "Network namespace"
1046 default y
1047 help
1048 Allow user space to create what appear to be multiple instances
1049 of the network stack.
1050
1051 endif
1052
1053 config KERNEL_DEVPTS_MULTIPLE_INSTANCES
1054 bool "Support multiple instances of devpts"
1055 default y if !SMALL_FLASH
1056 help
1057 Enable support for multiple instances of devpts filesystem.
1058 If you want to have isolated PTY namespaces (eg: in containers),
1059 say Y here. Otherwise, say N. If enabled, each mount of devpts
1060 filesystem with the '-o newinstance' option will create an
1061 independent PTY namespace.
1062
1063 config KERNEL_POSIX_MQUEUE
1064 bool "POSIX Message Queues"
1065 default y if !SMALL_FLASH
1066 help
1067 POSIX variant of message queues is a part of IPC. In POSIX message
1068 queues every message has a priority which decides about succession
1069 of receiving it by a process. If you want to compile and run
1070 programs written e.g. for Solaris with use of its POSIX message
1071 queues (functions mq_*) say Y here.
1072
1073 POSIX message queues are visible as a filesystem called 'mqueue'
1074 and can be mounted somewhere if you want to do filesystem
1075 operations on message queues.
1076
1077
1078 config KERNEL_SECCOMP_FILTER
1079 bool
1080 default y if !SMALL_FLASH
1081
1082 config KERNEL_SECCOMP
1083 bool "Enable seccomp support"
1084 depends on !(TARGET_uml)
1085 select KERNEL_SECCOMP_FILTER
1086 default y if !SMALL_FLASH
1087 help
1088 Build kernel with support for seccomp.
1089
1090 #
1091 # IPv4 configuration
1092 #
1093
1094 config KERNEL_IP_MROUTE
1095 bool "Enable IPv4 multicast routing"
1096 default y
1097 help
1098 Multicast routing requires a multicast routing daemon in
1099 addition to kernel support.
1100
1101 if KERNEL_IP_MROUTE
1102
1103 config KERNEL_IP_MROUTE_MULTIPLE_TABLES
1104 def_bool y
1105
1106 config KERNEL_IP_PIMSM_V1
1107 def_bool y
1108
1109 config KERNEL_IP_PIMSM_V2
1110 def_bool y
1111
1112 endif
1113
1114 #
1115 # IPv6 configuration
1116 #
1117
1118 config KERNEL_IPV6
1119 def_bool IPV6
1120
1121 if KERNEL_IPV6
1122
1123 config KERNEL_IPV6_MULTIPLE_TABLES
1124 def_bool y
1125
1126 config KERNEL_IPV6_SUBTREES
1127 def_bool y
1128
1129 config KERNEL_IPV6_MROUTE
1130 bool "Enable IPv6 multicast routing"
1131 default y
1132 help
1133 Multicast routing requires a multicast routing daemon in
1134 addition to kernel support.
1135
1136 if KERNEL_IPV6_MROUTE
1137
1138 config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
1139 def_bool y
1140
1141 config KERNEL_IPV6_PIMSM_V2
1142 def_bool y
1143
1144 endif
1145
1146 config KERNEL_IPV6_SEG6_LWTUNNEL
1147 bool "Enable support for lightweight tunnels"
1148 default y if !SMALL_FLASH
1149 help
1150 Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
1151
1152 config KERNEL_LWTUNNEL_BPF
1153 def_bool n
1154
1155 endif
1156
1157 #
1158 # Miscellaneous network configuration
1159 #
1160
1161 config KERNEL_NET_L3_MASTER_DEV
1162 bool "L3 Master device support"
1163 help
1164 This module provides glue between core networking code and device
1165 drivers to support L3 master devices like VRF.
1166
1167 config KERNEL_XDP_SOCKETS
1168 bool "XDP sockets support"
1169 help
1170 XDP sockets allows a channel between XDP programs and
1171 userspace applications.
1172
1173 config KERNEL_WIRELESS_EXT
1174 def_bool n
1175
1176 config KERNEL_WEXT_CORE
1177 def_bool KERNEL_WIRELESS_EXT
1178
1179 config KERNEL_WEXT_PRIV
1180 def_bool KERNEL_WIRELESS_EXT
1181
1182 config KERNEL_WEXT_PROC
1183 def_bool KERNEL_WIRELESS_EXT
1184
1185 config KERNEL_WEXT_SPY
1186 def_bool KERNEL_WIRELESS_EXT
1187
1188 config KERNEL_PAGE_POOL
1189 def_bool n
1190
1191 config KERNEL_PAGE_POOL_STATS
1192 bool "Page pool stats support"
1193 depends on KERNEL_PAGE_POOL
1194
1195 #
1196 # NFS related symbols
1197 #
1198 config KERNEL_IP_PNP
1199 bool "Compile the kernel with rootfs on NFS"
1200 help
1201 If you want to make your kernel boot off a NFS server as root
1202 filesystem, select Y here.
1203
1204 if KERNEL_IP_PNP
1205
1206 config KERNEL_IP_PNP_DHCP
1207 def_bool y
1208
1209 config KERNEL_IP_PNP_BOOTP
1210 def_bool n
1211
1212 config KERNEL_IP_PNP_RARP
1213 def_bool n
1214
1215 config KERNEL_NFS_FS
1216 def_bool y
1217
1218 config KERNEL_NFS_V2
1219 def_bool y
1220
1221 config KERNEL_NFS_V3
1222 def_bool y
1223
1224 config KERNEL_ROOT_NFS
1225 def_bool y
1226
1227 endif
1228
1229 menu "Filesystem ACL and attr support options"
1230 config USE_FS_ACL_ATTR
1231 bool "Use filesystem ACL and attr support by default"
1232 help
1233 Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
1234 for kernel and packages, except tmpfs, flash filesystems,
1235 and old NFS. Also enable userspace extended attribute support
1236 by default. (OpenWrt already has an expection it will be
1237 present in the kernel).
1238
1239 config KERNEL_FS_POSIX_ACL
1240 bool "Enable POSIX ACL support"
1241 default y if USE_FS_ACL_ATTR
1242
1243 config KERNEL_BTRFS_FS_POSIX_ACL
1244 bool "Enable POSIX ACL for BtrFS Filesystems"
1245 select KERNEL_FS_POSIX_ACL
1246 default y if USE_FS_ACL_ATTR
1247
1248 config KERNEL_EXT4_FS_POSIX_ACL
1249 bool "Enable POSIX ACL for Ext4 Filesystems"
1250 select KERNEL_FS_POSIX_ACL
1251 default y if USE_FS_ACL_ATTR
1252
1253 config KERNEL_F2FS_FS_POSIX_ACL
1254 bool "Enable POSIX ACL for F2FS Filesystems"
1255 select KERNEL_FS_POSIX_ACL
1256
1257 config KERNEL_JFFS2_FS_POSIX_ACL
1258 bool "Enable POSIX ACL for JFFS2 Filesystems"
1259 select KERNEL_FS_POSIX_ACL
1260
1261 config KERNEL_TMPFS_POSIX_ACL
1262 bool "Enable POSIX ACL for TMPFS Filesystems"
1263 select KERNEL_FS_POSIX_ACL
1264
1265 config KERNEL_CIFS_ACL
1266 bool "Enable CIFS ACLs"
1267 select KERNEL_FS_POSIX_ACL
1268 default y if USE_FS_ACL_ATTR
1269
1270 config KERNEL_HFS_FS_POSIX_ACL
1271 bool "Enable POSIX ACL for HFS Filesystems"
1272 select KERNEL_FS_POSIX_ACL
1273 default y if USE_FS_ACL_ATTR
1274
1275 config KERNEL_HFSPLUS_FS_POSIX_ACL
1276 bool "Enable POSIX ACL for HFS+ Filesystems"
1277 select KERNEL_FS_POSIX_ACL
1278 default y if USE_FS_ACL_ATTR
1279
1280 config KERNEL_NFS_ACL_SUPPORT
1281 bool "Enable ACLs for NFS"
1282 default y if USE_FS_ACL_ATTR
1283
1284 config KERNEL_NFS_V3_ACL_SUPPORT
1285 bool "Enable ACLs for NFSv3"
1286
1287 config KERNEL_NFSD_V2_ACL_SUPPORT
1288 bool "Enable ACLs for NFSDv2"
1289
1290 config KERNEL_NFSD_V3_ACL_SUPPORT
1291 bool "Enable ACLs for NFSDv3"
1292
1293 config KERNEL_REISER_FS_POSIX_ACL
1294 bool "Enable POSIX ACLs for ReiserFS"
1295 select KERNEL_FS_POSIX_ACL
1296 default y if USE_FS_ACL_ATTR
1297
1298 config KERNEL_XFS_POSIX_ACL
1299 bool "Enable POSIX ACLs for XFS"
1300 select KERNEL_FS_POSIX_ACL
1301 default y if USE_FS_ACL_ATTR
1302
1303 config KERNEL_JFS_POSIX_ACL
1304 bool "Enable POSIX ACLs for JFS"
1305 select KERNEL_FS_POSIX_ACL
1306 default y if USE_FS_ACL_ATTR
1307
1308 endmenu
1309
1310 config KERNEL_DEVMEM
1311 bool "/dev/mem virtual device support"
1312 help
1313 Say Y here if you want to support the /dev/mem device.
1314 The /dev/mem device is used to access areas of physical
1315 memory.
1316
1317 config KERNEL_DEVKMEM
1318 bool "/dev/kmem virtual device support"
1319 help
1320 Say Y here if you want to support the /dev/kmem device. The
1321 /dev/kmem device is rarely used, but can be used for certain
1322 kind of kernel debugging operations.
1323
1324 config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
1325 int "Number of squashfs fragments cached"
1326 default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
1327 default 3
1328
1329 config KERNEL_SQUASHFS_XATTR
1330 bool "Squashfs XATTR support"
1331
1332 #
1333 # compile optimization setting
1334 #
1335 choice
1336 prompt "Compiler optimization level"
1337 default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
1338
1339 config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
1340 bool "Optimize for performance"
1341 help
1342 This is the default optimization level for the kernel, building
1343 with the "-O2" compiler flag for best performance and most
1344 helpful compile-time warnings.
1345
1346 config KERNEL_CC_OPTIMIZE_FOR_SIZE
1347 bool "Optimize for size"
1348 help
1349 Enabling this option will pass "-Os" instead of "-O2" to
1350 your compiler resulting in a smaller kernel.
1351
1352 endchoice
1353
1354 config KERNEL_AUDIT
1355 bool "Auditing support"
1356
1357 config KERNEL_SECURITY
1358 bool "Enable different security models"
1359
1360 config KERNEL_SECURITY_NETWORK
1361 bool "Socket and Networking Security Hooks"
1362 select KERNEL_SECURITY
1363
1364 config KERNEL_SECURITY_SELINUX
1365 bool "NSA SELinux Support"
1366 select KERNEL_SECURITY_NETWORK
1367 select KERNEL_AUDIT
1368
1369 config KERNEL_SECURITY_SELINUX_BOOTPARAM
1370 bool "NSA SELinux boot parameter"
1371 depends on KERNEL_SECURITY_SELINUX
1372 default y
1373
1374 config KERNEL_SECURITY_SELINUX_DISABLE
1375 bool "NSA SELinux runtime disable"
1376 depends on KERNEL_SECURITY_SELINUX
1377
1378 config KERNEL_SECURITY_SELINUX_DEVELOP
1379 bool "NSA SELinux Development Support"
1380 depends on KERNEL_SECURITY_SELINUX
1381 default y
1382
1383 config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
1384 int
1385 depends on KERNEL_SECURITY_SELINUX
1386 default 9
1387
1388 config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
1389 int
1390 depends on KERNEL_SECURITY_SELINUX
1391 default 256
1392
1393 config KERNEL_LSM
1394 string
1395 default "lockdown,yama,loadpin,safesetid,integrity,selinux"
1396 depends on KERNEL_SECURITY_SELINUX
1397
1398 config KERNEL_EXT4_FS_SECURITY
1399 bool "Ext4 Security Labels"
1400
1401 config KERNEL_F2FS_FS_SECURITY
1402 bool "F2FS Security Labels"
1403
1404 config KERNEL_UBIFS_FS_SECURITY
1405 bool "UBIFS Security Labels"
1406
1407 config KERNEL_JFFS2_FS_SECURITY
1408 bool "JFFS2 Security Labels"
1409
1410 config KERNEL_WERROR
1411 bool "Compile the kernel with warnings as errors"
1412 default BUILDBOT
1413 default y if GCC_USE_VERSION_12
1414 help
1415 A kernel build should not cause any compiler warnings, and this
1416 enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
1417 to enforce that rule by default. Certain warnings from other tools
1418 such as the linker may be upgraded to errors with this option as
1419 well.
1420
1421 However, if you have a new (or very old) compiler or linker with odd
1422 and unusual warnings, or you have some architecture with problems,
1423 you may need to disable this config option in order to
1424 successfully build the kernel.
Felix Fietkaus staging tree