412dc26c99
Not everyone will want to bloat their kernel by 24 kiB for such a niche
feature.
Fixes: a1a7f3274e
"kernel: enable SRv6 support by
enabling lwtunnel"
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
1199 lines
34 KiB
Plaintext
1199 lines
34 KiB
Plaintext
# Copyright (C) 2006-2014 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
config KERNEL_BUILD_USER
|
|
string "Custom Kernel Build User Name"
|
|
default "builder" if BUILDBOT
|
|
default ""
|
|
help
|
|
Sets the Kernel build user string, which for example will be returned
|
|
by 'uname -a' on running systems.
|
|
If not set, uses system user at build time.
|
|
|
|
config KERNEL_BUILD_DOMAIN
|
|
string "Custom Kernel Build Domain Name"
|
|
default "buildhost" if BUILDBOT
|
|
default ""
|
|
help
|
|
Sets the Kernel build domain string, which for example will be
|
|
returned by 'uname -a' on running systems.
|
|
If not set, uses system hostname at build time.
|
|
|
|
config KERNEL_PRINTK
|
|
bool "Enable support for printk"
|
|
default y
|
|
|
|
config KERNEL_CRASHLOG
|
|
bool "Crash logging"
|
|
depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
|
|
default y
|
|
|
|
config KERNEL_SWAP
|
|
bool "Support for paging of anonymous memory (swap)"
|
|
default y if !SMALL_FLASH
|
|
|
|
config KERNEL_PROC_STRIPPED
|
|
bool "Strip non-essential /proc functionality to reduce code size"
|
|
default y if SMALL_FLASH
|
|
|
|
config KERNEL_DEBUG_FS
|
|
bool "Compile the kernel with debug filesystem enabled"
|
|
default y
|
|
help
|
|
debugfs is a virtual file system that kernel developers use to put
|
|
debugging files into. Enable this option to be able to read and
|
|
write to these files. Many common debugging facilities, such as
|
|
ftrace, require the existence of debugfs.
|
|
|
|
config KERNEL_MIPS_FP_SUPPORT
|
|
bool
|
|
default y if TARGET_pistachio
|
|
|
|
config KERNEL_ARM_PMU
|
|
bool
|
|
default n
|
|
depends on (arm || aarch64)
|
|
|
|
config KERNEL_X86_VSYSCALL_EMULATION
|
|
bool "Enable vsyscall emulation"
|
|
default n
|
|
depends on x86_64
|
|
help
|
|
This enables emulation of the legacy vsyscall page. Disabling
|
|
it is roughly equivalent to booting with vsyscall=none, except
|
|
that it will also disable the helpful warning if a program
|
|
tries to use a vsyscall. With this option set to N, offending
|
|
programs will just segfault, citing addresses of the form
|
|
0xffffffffff600?00.
|
|
|
|
This option is required by many programs built before 2013, and
|
|
care should be used even with newer programs if set to N.
|
|
|
|
Disabling this option saves about 7K of kernel size and
|
|
possibly 4K of additional runtime pagetable memory.
|
|
|
|
config KERNEL_PERF_EVENTS
|
|
bool "Compile the kernel with performance events and counters"
|
|
default n
|
|
select KERNEL_ARM_PMU if (arm || aarch64)
|
|
|
|
config KERNEL_PROFILING
|
|
bool "Compile the kernel with profiling enabled"
|
|
default n
|
|
select KERNEL_PERF_EVENTS
|
|
help
|
|
Enable the extended profiling support mechanisms used by profilers such
|
|
as OProfile.
|
|
|
|
config KERNEL_UBSAN
|
|
bool "Compile the kernel with undefined behaviour sanity checker"
|
|
help
|
|
This option enables undefined behaviour sanity checker
|
|
Compile-time instrumentation is used to detect various undefined
|
|
behaviours in runtime. Various types of checks may be enabled
|
|
via boot parameter ubsan_handle
|
|
(see: Documentation/dev-tools/ubsan.rst).
|
|
|
|
config KERNEL_UBSAN_SANITIZE_ALL
|
|
bool "Enable instrumentation for the entire kernel"
|
|
depends on KERNEL_UBSAN
|
|
default y
|
|
help
|
|
This option activates instrumentation for the entire kernel.
|
|
If you don't enable this option, you have to explicitly specify
|
|
UBSAN_SANITIZE := y for the files/directories you want to check for UB.
|
|
Enabling this option will get kernel image size increased
|
|
significantly.
|
|
|
|
config KERNEL_UBSAN_ALIGNMENT
|
|
bool "Enable checking of pointers alignment"
|
|
depends on KERNEL_UBSAN
|
|
help
|
|
This option enables detection of unaligned memory accesses.
|
|
Enabling this option on architectures that support unaligned
|
|
accesses may produce a lot of false positives.
|
|
|
|
config KERNEL_UBSAN_NULL
|
|
bool "Enable checking of null pointers"
|
|
depends on KERNEL_UBSAN
|
|
help
|
|
This option enables detection of memory accesses via a
|
|
null pointer.
|
|
|
|
config KERNEL_KASAN
|
|
bool "Compile the kernel with KASan: runtime memory debugger"
|
|
select KERNEL_SLUB_DEBUG
|
|
depends on (x86_64 || aarch64)
|
|
help
|
|
Enables kernel address sanitizer - runtime memory debugger,
|
|
designed to find out-of-bounds accesses and use-after-free bugs.
|
|
This is strictly a debugging feature and it requires a gcc version
|
|
of 4.9.2 or later. Detection of out of bounds accesses to stack or
|
|
global variables requires gcc 5.0 or later.
|
|
This feature consumes about 1/8 of available memory and brings about
|
|
~x3 performance slowdown.
|
|
For better error detection enable CONFIG_STACKTRACE.
|
|
Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
|
|
(the resulting kernel does not boot).
|
|
|
|
config KERNEL_KASAN_EXTRA
|
|
bool "KAsan: extra checks"
|
|
depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
|
|
help
|
|
This enables further checks in the kernel address sanitizer, for now
|
|
it only includes the address-use-after-scope check that can lead
|
|
to excessive kernel stack usage, frame size warnings and longer
|
|
compile time.
|
|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
|
|
|
|
|
|
choice
|
|
prompt "Instrumentation type"
|
|
depends on KERNEL_KASAN
|
|
default KERNEL_KASAN_OUTLINE
|
|
|
|
config KERNEL_KASAN_OUTLINE
|
|
bool "Outline instrumentation"
|
|
help
|
|
Before every memory access compiler insert function call
|
|
__asan_load*/__asan_store*. These functions performs check
|
|
of shadow memory. This is slower than inline instrumentation,
|
|
however it doesn't bloat size of kernel's .text section so
|
|
much as inline does.
|
|
|
|
config KERNEL_KASAN_INLINE
|
|
bool "Inline instrumentation"
|
|
help
|
|
Compiler directly inserts code checking shadow memory before
|
|
memory accesses. This is faster than outline (in some workloads
|
|
it gives about x2 boost over outline instrumentation), but
|
|
make kernel's .text size much bigger.
|
|
This requires a gcc version of 5.0 or later.
|
|
|
|
endchoice
|
|
|
|
config KERNEL_KCOV
|
|
bool "Compile the kernel with code coverage for fuzzing"
|
|
select KERNEL_DEBUG_FS
|
|
help
|
|
KCOV exposes kernel code coverage information in a form suitable
|
|
for coverage-guided fuzzing (randomized testing).
|
|
|
|
If RANDOMIZE_BASE is enabled, PC values will not be stable across
|
|
different machines and across reboots. If you need stable PC values,
|
|
disable RANDOMIZE_BASE.
|
|
|
|
For more details, see Documentation/kcov.txt.
|
|
|
|
config KERNEL_KCOV_ENABLE_COMPARISONS
|
|
bool "Enable comparison operands collection by KCOV"
|
|
depends on KERNEL_KCOV
|
|
help
|
|
KCOV also exposes operands of every comparison in the instrumented
|
|
code along with operand sizes and PCs of the comparison instructions.
|
|
These operands can be used by fuzzing engines to improve the quality
|
|
of fuzzing coverage.
|
|
|
|
config KERNEL_KCOV_INSTRUMENT_ALL
|
|
bool "Instrument all code by default"
|
|
depends on KERNEL_KCOV
|
|
default y if KERNEL_KCOV
|
|
help
|
|
If you are doing generic system call fuzzing (like e.g. syzkaller),
|
|
then you will want to instrument the whole kernel and you should
|
|
say y here. If you are doing more targeted fuzzing (like e.g.
|
|
filesystem fuzzing with AFL) then you will want to enable coverage
|
|
for more specific subsets of files, and should say n here.
|
|
|
|
config KERNEL_TASKSTATS
|
|
bool "Compile the kernel with task resource/io statistics and accounting"
|
|
default n
|
|
help
|
|
Enable the collection and publishing of task/io statistics and
|
|
accounting. Enable this option to enable i/o monitoring in system
|
|
monitors.
|
|
|
|
if KERNEL_TASKSTATS
|
|
|
|
config KERNEL_TASK_DELAY_ACCT
|
|
def_bool y
|
|
|
|
config KERNEL_TASK_IO_ACCOUNTING
|
|
def_bool y
|
|
|
|
config KERNEL_TASK_XACCT
|
|
def_bool y
|
|
|
|
endif
|
|
|
|
config KERNEL_KALLSYMS
|
|
bool "Compile the kernel with symbol table information"
|
|
default y if !SMALL_FLASH
|
|
help
|
|
This will give you more information in stack traces from kernel oopses.
|
|
|
|
config KERNEL_FTRACE
|
|
bool "Compile the kernel with tracing support"
|
|
depends on !TARGET_uml
|
|
default n
|
|
|
|
config KERNEL_FTRACE_SYSCALLS
|
|
bool "Trace system calls"
|
|
depends on KERNEL_FTRACE
|
|
default n
|
|
|
|
config KERNEL_ENABLE_DEFAULT_TRACERS
|
|
bool "Trace process context switches and events"
|
|
depends on KERNEL_FTRACE
|
|
default n
|
|
|
|
config KERNEL_FUNCTION_TRACER
|
|
bool "Function tracer"
|
|
depends on KERNEL_FTRACE
|
|
default n
|
|
|
|
config KERNEL_FUNCTION_GRAPH_TRACER
|
|
bool "Function graph tracer"
|
|
depends on KERNEL_FUNCTION_TRACER
|
|
default n
|
|
|
|
config KERNEL_DYNAMIC_FTRACE
|
|
bool "Enable/disable function tracing dynamically"
|
|
depends on KERNEL_FUNCTION_TRACER
|
|
default n
|
|
|
|
config KERNEL_FUNCTION_PROFILER
|
|
bool "Function profiler"
|
|
depends on KERNEL_FUNCTION_TRACER
|
|
default n
|
|
|
|
config KERNEL_IRQSOFF_TRACER
|
|
bool "Interrupts-off Latency Tracer"
|
|
depends on KERNEL_FTRACE
|
|
help
|
|
This option measures the time spent in irqs-off critical
|
|
sections, with microsecond accuracy.
|
|
|
|
The default measurement method is a maximum search, which is
|
|
disabled by default and can be runtime (re-)started
|
|
via:
|
|
|
|
echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
|
|
|
|
(Note that kernel size and overhead increase with this option
|
|
enabled. This option and the preempt-off timing option can be
|
|
used together or separately.)
|
|
|
|
config KERNEL_PREEMPT_TRACER
|
|
bool "Preemption-off Latency Tracer"
|
|
depends on KERNEL_FTRACE
|
|
help
|
|
This option measures the time spent in preemption-off critical
|
|
sections, with microsecond accuracy.
|
|
|
|
The default measurement method is a maximum search, which is
|
|
disabled by default and can be runtime (re-)started
|
|
via:
|
|
|
|
echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
|
|
|
|
(Note that kernel size and overhead increase with this option
|
|
enabled. This option and the irqs-off timing option can be
|
|
used together or separately.)
|
|
|
|
config KERNEL_DEBUG_KERNEL
|
|
bool
|
|
default n
|
|
|
|
config KERNEL_DEBUG_INFO
|
|
bool "Compile the kernel with debug information"
|
|
default y if !SMALL_FLASH
|
|
select KERNEL_DEBUG_KERNEL
|
|
help
|
|
This will compile your kernel and modules with debug information.
|
|
|
|
config KERNEL_DEBUG_LL_UART_NONE
|
|
bool
|
|
default n
|
|
depends on arm
|
|
|
|
config KERNEL_DEBUG_LL
|
|
bool
|
|
default n
|
|
depends on arm
|
|
select KERNEL_DEBUG_LL_UART_NONE
|
|
help
|
|
ARM low level debugging.
|
|
|
|
config KERNEL_DYNAMIC_DEBUG
|
|
bool "Compile the kernel with dynamic printk"
|
|
select KERNEL_DEBUG_FS
|
|
default n
|
|
help
|
|
Compiles debug level messages into the kernel, which would not
|
|
otherwise be available at runtime. These messages can then be
|
|
enabled/disabled based on various levels of scope - per source file,
|
|
function, module, format string, and line number. This mechanism
|
|
implicitly compiles in all pr_debug() and dev_dbg() calls, which
|
|
enlarges the kernel text size by about 2%.
|
|
|
|
config KERNEL_EARLY_PRINTK
|
|
bool "Compile the kernel with early printk"
|
|
default y if TARGET_bcm53xx
|
|
default n
|
|
depends on arm
|
|
select KERNEL_DEBUG_KERNEL
|
|
select KERNEL_DEBUG_LL if arm
|
|
help
|
|
Compile the kernel with early printk support. This is only useful for
|
|
debugging purposes to send messages over the serial console in early boot.
|
|
Enable this to debug early boot problems.
|
|
|
|
config KERNEL_KPROBES
|
|
bool "Compile the kernel with kprobes support"
|
|
default n
|
|
select KERNEL_FTRACE
|
|
select KERNEL_PERF_EVENTS
|
|
help
|
|
Compiles the kernel with KPROBES support, which allows you to trap
|
|
at almost any kernel address and execute a callback function.
|
|
register_kprobe() establishes a probepoint and specifies the
|
|
callback. Kprobes is useful for kernel debugging, non-intrusive
|
|
instrumentation and testing.
|
|
If in doubt, say "N".
|
|
|
|
config KERNEL_KPROBE_EVENT
|
|
bool
|
|
default y if KERNEL_KPROBES
|
|
|
|
config KERNEL_KPROBE_EVENTS
|
|
bool
|
|
default y if KERNEL_KPROBES
|
|
|
|
config KERNEL_AIO
|
|
bool "Compile the kernel with asynchronous IO support"
|
|
default y if !SMALL_FLASH
|
|
|
|
config KERNEL_IO_URING
|
|
bool "Compile the kernel with io_uring support"
|
|
default y if !SMALL_FLASH
|
|
|
|
config KERNEL_FHANDLE
|
|
bool "Compile the kernel with support for fhandle syscalls"
|
|
default y if !SMALL_FLASH
|
|
|
|
config KERNEL_FANOTIFY
|
|
bool "Compile the kernel with modern file notification support"
|
|
default y if !SMALL_FLASH
|
|
|
|
config KERNEL_BLK_DEV_BSG
|
|
bool "Compile the kernel with SCSI generic v4 support for any block device"
|
|
default n
|
|
|
|
config KERNEL_TRANSPARENT_HUGEPAGE
|
|
bool
|
|
|
|
choice
|
|
prompt "Transparent Hugepage Support sysfs defaults"
|
|
depends on KERNEL_TRANSPARENT_HUGEPAGE
|
|
default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
|
|
|
|
config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
|
|
bool "always"
|
|
|
|
config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
|
|
bool "madvise"
|
|
endchoice
|
|
|
|
config KERNEL_HUGETLBFS
|
|
bool
|
|
|
|
config KERNEL_HUGETLB_PAGE
|
|
bool "Compile the kernel with HugeTLB support"
|
|
select KERNEL_TRANSPARENT_HUGEPAGE
|
|
select KERNEL_HUGETLBFS
|
|
default n
|
|
|
|
config KERNEL_MAGIC_SYSRQ
|
|
bool "Compile the kernel with SysRq support"
|
|
default y
|
|
|
|
config KERNEL_DEBUG_PINCTRL
|
|
bool "Compile the kernel with pinctrl debugging"
|
|
select KERNEL_DEBUG_KERNEL
|
|
|
|
config KERNEL_DEBUG_GPIO
|
|
bool "Compile the kernel with gpio debugging"
|
|
select KERNEL_DEBUG_KERNEL
|
|
|
|
config KERNEL_COREDUMP
|
|
bool
|
|
|
|
config KERNEL_ELF_CORE
|
|
bool "Enable process core dump support"
|
|
select KERNEL_COREDUMP
|
|
default y if !SMALL_FLASH
|
|
|
|
config KERNEL_PROVE_LOCKING
|
|
bool "Enable kernel lock checking"
|
|
select KERNEL_DEBUG_KERNEL
|
|
default n
|
|
|
|
config KERNEL_LOCKUP_DETECTOR
|
|
bool "Compile the kernel with detect Hard and Soft Lockups"
|
|
depends on KERNEL_DEBUG_KERNEL
|
|
help
|
|
Say Y here to enable the kernel to act as a watchdog to detect
|
|
hard and soft lockups.
|
|
|
|
Softlockups are bugs that cause the kernel to loop in kernel
|
|
mode for more than 20 seconds, without giving other tasks a
|
|
chance to run. The current stack trace is displayed upon
|
|
detection and the system will stay locked up.
|
|
|
|
Hardlockups are bugs that cause the CPU to loop in kernel mode
|
|
for more than 10 seconds, without letting other interrupts have a
|
|
chance to run. The current stack trace is displayed upon detection
|
|
and the system will stay locked up.
|
|
|
|
The overhead should be minimal. A periodic hrtimer runs to
|
|
generate interrupts and kick the watchdog task every 4 seconds.
|
|
An NMI is generated every 10 seconds or so to check for hardlockups.
|
|
|
|
The frequency of hrtimer and NMI events and the soft and hard lockup
|
|
thresholds can be controlled through the sysctl watchdog_thresh.
|
|
|
|
config KERNEL_DETECT_HUNG_TASK
|
|
bool "Compile the kernel with detect Hung Tasks"
|
|
depends on KERNEL_DEBUG_KERNEL
|
|
default KERNEL_LOCKUP_DETECTOR
|
|
help
|
|
Say Y here to enable the kernel to detect "hung tasks",
|
|
which are bugs that cause the task to be stuck in
|
|
uninterruptible "D" state indefinitely.
|
|
|
|
When a hung task is detected, the kernel will print the
|
|
current stack trace (which you should report), but the
|
|
task will stay in uninterruptible state. If lockdep is
|
|
enabled then all held locks will also be reported. This
|
|
feature has negligible overhead.
|
|
|
|
config KERNEL_WQ_WATCHDOG
|
|
bool "Compile the kernel with detect Workqueue Stalls"
|
|
depends on KERNEL_DEBUG_KERNEL
|
|
help
|
|
Say Y here to enable stall detection on workqueues. If a
|
|
worker pool doesn't make forward progress on a pending work
|
|
item for over a given amount of time, 30s by default, a
|
|
warning message is printed along with dump of workqueue
|
|
state. This can be configured through kernel parameter
|
|
"workqueue.watchdog_thresh" and its sysfs counterpart.
|
|
|
|
config KERNEL_DEBUG_ATOMIC_SLEEP
|
|
bool "Compile the kernel with sleep inside atomic section checking"
|
|
depends on KERNEL_DEBUG_KERNEL
|
|
help
|
|
If you say Y here, various routines which may sleep will become very
|
|
noisy if they are called inside atomic sections: when a spinlock is
|
|
held, inside an rcu read side critical section, inside preempt disabled
|
|
sections, inside an interrupt, etc...
|
|
|
|
config KERNEL_DEBUG_VM
|
|
bool "Compile the kernel with debug VM"
|
|
depends on KERNEL_DEBUG_KERNEL
|
|
help
|
|
Enable this to turn on extended checks in the virtual-memory system
|
|
that may impact performance.
|
|
|
|
If unsure, say N.
|
|
|
|
config KERNEL_PRINTK_TIME
|
|
bool "Enable printk timestamps"
|
|
default y
|
|
|
|
config KERNEL_SLUB_DEBUG
|
|
bool
|
|
|
|
config KERNEL_SLUB_DEBUG_ON
|
|
bool
|
|
|
|
config KERNEL_SLABINFO
|
|
select KERNEL_SLUB_DEBUG
|
|
select KERNEL_SLUB_DEBUG_ON
|
|
bool "Enable /proc slab debug info"
|
|
|
|
config KERNEL_PROC_PAGE_MONITOR
|
|
bool "Enable /proc page monitoring"
|
|
|
|
config KERNEL_RELAY
|
|
bool
|
|
|
|
config KERNEL_KEXEC
|
|
bool "Enable kexec support"
|
|
|
|
config KERNEL_PROC_VMCORE
|
|
bool
|
|
|
|
config KERNEL_PROC_KCORE
|
|
bool
|
|
|
|
config KERNEL_CRASH_DUMP
|
|
depends on i386 || x86_64 || arm || armeb
|
|
select KERNEL_KEXEC
|
|
select KERNEL_PROC_VMCORE
|
|
select KERNEL_PROC_KCORE
|
|
bool "Enable support for kexec crashdump"
|
|
default y
|
|
|
|
config USE_RFKILL
|
|
bool "Enable rfkill support"
|
|
default RFKILL_SUPPORT
|
|
|
|
config USE_SPARSE
|
|
bool "Enable sparse check during kernel build"
|
|
default n
|
|
|
|
config KERNEL_DEVTMPFS
|
|
bool "Compile the kernel with device tmpfs enabled"
|
|
default n
|
|
help
|
|
devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
|
|
devices nodes for all registered devices to simplify boot, but leaves more
|
|
complex tasks to userspace (e.g. udev).
|
|
|
|
if KERNEL_DEVTMPFS
|
|
|
|
config KERNEL_DEVTMPFS_MOUNT
|
|
bool "Automatically mount devtmpfs after root filesystem is mounted"
|
|
default n
|
|
|
|
endif
|
|
|
|
config KERNEL_KEYS
|
|
bool "Enable kernel access key retention support"
|
|
default !SMALL_FLASH
|
|
|
|
config KERNEL_PERSISTENT_KEYRINGS
|
|
bool "Enable kernel persistent keyrings"
|
|
depends on KERNEL_KEYS
|
|
default n
|
|
|
|
config KERNEL_KEYS_REQUEST_CACHE
|
|
bool "Enable temporary caching of the last request_key() result"
|
|
depends on KERNEL_KEYS
|
|
default n
|
|
|
|
config KERNEL_BIG_KEYS
|
|
bool "Enable large payload keys on kernel keyrings"
|
|
depends on KERNEL_KEYS
|
|
default n
|
|
|
|
#
|
|
# CGROUP support symbols
|
|
#
|
|
|
|
config KERNEL_CGROUPS
|
|
bool "Enable kernel cgroups"
|
|
default y if !SMALL_FLASH
|
|
|
|
if KERNEL_CGROUPS
|
|
|
|
config KERNEL_CGROUP_DEBUG
|
|
bool "Example debug cgroup subsystem"
|
|
default n
|
|
help
|
|
This option enables a simple cgroup subsystem that
|
|
exports useful debugging information about the cgroups
|
|
framework.
|
|
|
|
config KERNEL_FREEZER
|
|
bool
|
|
|
|
config KERNEL_CGROUP_FREEZER
|
|
bool "legacy Freezer cgroup subsystem"
|
|
default n
|
|
select KERNEL_FREEZER
|
|
help
|
|
Provides a way to freeze and unfreeze all tasks in a
|
|
cgroup.
|
|
(legacy cgroup1-only controller, in cgroup2 freezer
|
|
is integrated in the Memory controller)
|
|
|
|
config KERNEL_CGROUP_DEVICE
|
|
bool "legacy Device controller for cgroups"
|
|
default n
|
|
help
|
|
Provides a cgroup implementing whitelists for devices which
|
|
a process in the cgroup can mknod or open.
|
|
(legacy cgroup1-only controller)
|
|
|
|
config KERNEL_CGROUP_HUGETLB
|
|
bool "HugeTLB controller"
|
|
default n
|
|
select KERNEL_HUGETLB_PAGE
|
|
|
|
config KERNEL_CGROUP_PIDS
|
|
bool "PIDs cgroup subsystem"
|
|
default y
|
|
help
|
|
Provides enforcement of process number limits in the scope of a
|
|
cgroup.
|
|
|
|
config KERNEL_CGROUP_RDMA
|
|
bool "RDMA controller for cgroups"
|
|
default y
|
|
|
|
config KERNEL_CGROUP_BPF
|
|
bool "Support for eBPF programs attached to cgroups"
|
|
default y
|
|
|
|
config KERNEL_CPUSETS
|
|
bool "Cpuset support"
|
|
default y
|
|
help
|
|
This option will let you create and manage CPUSETs which
|
|
allow dynamically partitioning a system into sets of CPUs and
|
|
Memory Nodes and assigning tasks to run only within those sets.
|
|
This is primarily useful on large SMP or NUMA systems.
|
|
|
|
config KERNEL_PROC_PID_CPUSET
|
|
bool "Include legacy /proc/<pid>/cpuset file"
|
|
default n
|
|
depends on KERNEL_CPUSETS
|
|
|
|
config KERNEL_CGROUP_CPUACCT
|
|
bool "Simple CPU accounting cgroup subsystem"
|
|
default y
|
|
help
|
|
Provides a simple Resource Controller for monitoring the
|
|
total CPU consumed by the tasks in a cgroup.
|
|
|
|
config KERNEL_RESOURCE_COUNTERS
|
|
bool "Resource counters"
|
|
default y
|
|
help
|
|
This option enables controller independent resource accounting
|
|
infrastructure that works with cgroups.
|
|
|
|
config KERNEL_MM_OWNER
|
|
bool
|
|
default y if KERNEL_MEMCG
|
|
|
|
config KERNEL_MEMCG
|
|
bool "Memory Resource Controller for Control Groups"
|
|
default y
|
|
select KERNEL_FREEZER
|
|
depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
|
|
help
|
|
Provides a memory resource controller that manages both anonymous
|
|
memory and page cache. (See Documentation/cgroups/memory.txt)
|
|
|
|
Note that setting this option increases fixed memory overhead
|
|
associated with each page of memory in the system. By this,
|
|
20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
|
|
usage tracking struct at boot. Total amount of this is printed out
|
|
at boot.
|
|
|
|
Only enable when you're ok with these tradeoffs and really
|
|
sure you need the memory resource controller. Even when you enable
|
|
this, you can set "cgroup_disable=memory" at your boot option to
|
|
disable memory resource controller and you can avoid overheads
|
|
(but lose benefits of memory resource controller).
|
|
|
|
This config option also selects MM_OWNER config option, which
|
|
could in turn add some fork/exit overhead.
|
|
|
|
config KERNEL_MEMCG_SWAP
|
|
bool "Memory Resource Controller Swap Extension"
|
|
default y
|
|
depends on KERNEL_MEMCG
|
|
help
|
|
Add swap management feature to memory resource controller. When you
|
|
enable this, you can limit mem+swap usage per cgroup. In other words,
|
|
when you disable this, memory resource controller has no cares to
|
|
usage of swap...a process can exhaust all of the swap. This extension
|
|
is useful when you want to avoid exhaustion swap but this itself
|
|
adds more overheads and consumes memory for remembering information.
|
|
Especially if you use 32bit system or small memory system, please
|
|
be careful about enabling this. When memory resource controller
|
|
is disabled by boot option, this will be automatically disabled and
|
|
there will be no overhead from this. Even when you set this config=y,
|
|
if boot option "swapaccount=0" is set, swap will not be accounted.
|
|
Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
|
|
size is 4096bytes, 512k per 1Gbytes of swap.
|
|
|
|
config KERNEL_MEMCG_SWAP_ENABLED
|
|
bool "Memory Resource Controller Swap Extension enabled by default"
|
|
default n
|
|
depends on KERNEL_MEMCG_SWAP
|
|
help
|
|
Memory Resource Controller Swap Extension comes with its price in
|
|
a bigger memory consumption. General purpose distribution kernels
|
|
which want to enable the feature but keep it disabled by default
|
|
and let the user enable it by swapaccount boot command line
|
|
parameter should have this option unselected.
|
|
|
|
Those who want to have the feature enabled by default should
|
|
select this option (if, for some reason, they need to disable it,
|
|
then swapaccount=0 does the trick).
|
|
|
|
|
|
config KERNEL_MEMCG_KMEM
|
|
bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
|
|
default y
|
|
depends on KERNEL_MEMCG
|
|
help
|
|
The Kernel Memory extension for Memory Resource Controller can limit
|
|
the amount of memory used by kernel objects in the system. Those are
|
|
fundamentally different from the entities handled by the standard
|
|
Memory Controller, which are page-based, and can be swapped. Users of
|
|
the kmem extension can use it to guarantee that no group of processes
|
|
will ever exhaust kernel resources alone.
|
|
|
|
config KERNEL_CGROUP_PERF
|
|
bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
|
|
select KERNEL_PERF_EVENTS
|
|
default n
|
|
help
|
|
This option extends the per-cpu mode to restrict monitoring to
|
|
threads which belong to the cgroup specified and run on the
|
|
designated cpu.
|
|
|
|
menuconfig KERNEL_CGROUP_SCHED
|
|
bool "Group CPU scheduler"
|
|
default y
|
|
help
|
|
This feature lets CPU scheduler recognize task groups and control CPU
|
|
bandwidth allocation to such task groups. It uses cgroups to group
|
|
tasks.
|
|
|
|
if KERNEL_CGROUP_SCHED
|
|
|
|
config KERNEL_FAIR_GROUP_SCHED
|
|
bool "Group scheduling for SCHED_OTHER"
|
|
default y
|
|
|
|
config KERNEL_CFS_BANDWIDTH
|
|
bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
|
|
default y
|
|
depends on KERNEL_FAIR_GROUP_SCHED
|
|
help
|
|
This option allows users to define CPU bandwidth rates (limits) for
|
|
tasks running within the fair group scheduler. Groups with no limit
|
|
set are considered to be unconstrained and will run with no
|
|
restriction.
|
|
See tip/Documentation/scheduler/sched-bwc.txt for more information.
|
|
|
|
config KERNEL_RT_GROUP_SCHED
|
|
bool "Group scheduling for SCHED_RR/FIFO"
|
|
default y
|
|
help
|
|
This feature lets you explicitly allocate real CPU bandwidth
|
|
to task groups. If enabled, it will also make it impossible to
|
|
schedule realtime tasks for non-root users until you allocate
|
|
realtime bandwidth for them.
|
|
|
|
endif
|
|
|
|
config KERNEL_BLK_CGROUP
|
|
bool "Block IO controller"
|
|
default y
|
|
help
|
|
Generic block IO controller cgroup interface. This is the common
|
|
cgroup interface which should be used by various IO controlling
|
|
policies.
|
|
|
|
Currently, CFQ IO scheduler uses it to recognize task groups and
|
|
control disk bandwidth allocation (proportional time slice allocation)
|
|
to such task groups. It is also used by bio throttling logic in
|
|
block layer to implement upper limit in IO rates on a device.
|
|
|
|
This option only enables generic Block IO controller infrastructure.
|
|
One needs to also enable actual IO controlling logic/policy. For
|
|
enabling proportional weight division of disk bandwidth in CFQ, set
|
|
CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
|
|
CONFIG_BLK_DEV_THROTTLING=y.
|
|
|
|
if KERNEL_BLK_CGROUP
|
|
|
|
config KERNEL_CFQ_GROUP_IOSCHED
|
|
bool "Proportional weight of disk bandwidth in CFQ"
|
|
|
|
config KERNEL_BLK_DEV_THROTTLING
|
|
bool "Enable throttling policy"
|
|
default y
|
|
|
|
config KERNEL_BLK_DEV_THROTTLING_LOW
|
|
bool "Block throttling .low limit interface support (EXPERIMENTAL)"
|
|
depends on KERNEL_BLK_DEV_THROTTLING
|
|
endif
|
|
|
|
config KERNEL_DEBUG_BLK_CGROUP
|
|
bool "Enable Block IO controller debugging"
|
|
default n
|
|
depends on KERNEL_BLK_CGROUP
|
|
help
|
|
Enable some debugging help. Currently it exports additional stat
|
|
files in a cgroup which can be useful for debugging.
|
|
|
|
config KERNEL_NET_CLS_CGROUP
|
|
bool "legacy Control Group Classifier"
|
|
default n
|
|
|
|
config KERNEL_CGROUP_NET_CLASSID
|
|
bool "legacy Network classid cgroup"
|
|
default n
|
|
|
|
config KERNEL_CGROUP_NET_PRIO
|
|
bool "legacy Network priority cgroup"
|
|
default n
|
|
|
|
endif
|
|
|
|
#
|
|
# Namespace support symbols
|
|
#
|
|
|
|
config KERNEL_NAMESPACES
|
|
bool "Enable kernel namespaces"
|
|
default y if !SMALL_FLASH
|
|
|
|
if KERNEL_NAMESPACES
|
|
|
|
config KERNEL_UTS_NS
|
|
bool "UTS namespace"
|
|
default y
|
|
help
|
|
In this namespace, tasks see different info provided
|
|
with the uname() system call.
|
|
|
|
config KERNEL_IPC_NS
|
|
bool "IPC namespace"
|
|
default y
|
|
help
|
|
In this namespace, tasks work with IPC ids which correspond to
|
|
different IPC objects in different namespaces.
|
|
|
|
config KERNEL_USER_NS
|
|
bool "User namespace (EXPERIMENTAL)"
|
|
default y
|
|
help
|
|
This allows containers, i.e. vservers, to use user namespaces
|
|
to provide different user info for different servers.
|
|
|
|
config KERNEL_PID_NS
|
|
bool "PID Namespaces"
|
|
default y
|
|
help
|
|
Support process id namespaces. This allows having multiple
|
|
processes with the same pid as long as they are in different
|
|
pid namespaces. This is a building block of containers.
|
|
|
|
config KERNEL_NET_NS
|
|
bool "Network namespace"
|
|
default y
|
|
help
|
|
Allow user space to create what appear to be multiple instances
|
|
of the network stack.
|
|
|
|
endif
|
|
|
|
config KERNEL_DEVPTS_MULTIPLE_INSTANCES
|
|
bool "Support multiple instances of devpts"
|
|
default y if !SMALL_FLASH
|
|
help
|
|
Enable support for multiple instances of devpts filesystem.
|
|
If you want to have isolated PTY namespaces (eg: in containers),
|
|
say Y here. Otherwise, say N. If enabled, each mount of devpts
|
|
filesystem with the '-o newinstance' option will create an
|
|
independent PTY namespace.
|
|
|
|
config KERNEL_POSIX_MQUEUE
|
|
bool "POSIX Message Queues"
|
|
default y if !SMALL_FLASH
|
|
help
|
|
POSIX variant of message queues is a part of IPC. In POSIX message
|
|
queues every message has a priority which decides about succession
|
|
of receiving it by a process. If you want to compile and run
|
|
programs written e.g. for Solaris with use of its POSIX message
|
|
queues (functions mq_*) say Y here.
|
|
|
|
POSIX message queues are visible as a filesystem called 'mqueue'
|
|
and can be mounted somewhere if you want to do filesystem
|
|
operations on message queues.
|
|
|
|
|
|
config KERNEL_SECCOMP_FILTER
|
|
bool
|
|
default y if !SMALL_FLASH
|
|
|
|
config KERNEL_SECCOMP
|
|
bool "Enable seccomp support"
|
|
depends on !(TARGET_uml)
|
|
select KERNEL_SECCOMP_FILTER
|
|
default y if !SMALL_FLASH
|
|
help
|
|
Build kernel with support for seccomp.
|
|
|
|
#
|
|
# IPv4 configuration
|
|
#
|
|
|
|
config KERNEL_IP_MROUTE
|
|
bool "Enable IPv4 multicast routing"
|
|
default y
|
|
help
|
|
Multicast routing requires a multicast routing daemon in
|
|
addition to kernel support.
|
|
|
|
#
|
|
# IPv6 configuration
|
|
#
|
|
|
|
config KERNEL_IPV6
|
|
def_bool IPV6
|
|
|
|
if KERNEL_IPV6
|
|
|
|
config KERNEL_IPV6_MULTIPLE_TABLES
|
|
def_bool y
|
|
|
|
config KERNEL_IPV6_SUBTREES
|
|
def_bool y
|
|
|
|
config KERNEL_IPV6_MROUTE
|
|
bool "Enable IPv6 multicast routing"
|
|
default y
|
|
help
|
|
Multicast routing requires a multicast routing daemon in
|
|
addition to kernel support.
|
|
|
|
config KERNEL_IPV6_PIMSM_V2
|
|
def_bool n
|
|
|
|
config KERNEL_IPV6_SEG6_LWTUNNEL
|
|
bool "Enable support for lightweight tunnels"
|
|
default y if !SMALL_FLASH
|
|
help
|
|
Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
|
|
|
|
config KERNEL_LWTUNNEL_BPF
|
|
def_bool n
|
|
|
|
endif
|
|
|
|
#
|
|
# NFS related symbols
|
|
#
|
|
config KERNEL_IP_PNP
|
|
bool "Compile the kernel with rootfs on NFS"
|
|
help
|
|
If you want to make your kernel boot off a NFS server as root
|
|
filesystem, select Y here.
|
|
|
|
if KERNEL_IP_PNP
|
|
|
|
config KERNEL_IP_PNP_DHCP
|
|
def_bool y
|
|
|
|
config KERNEL_IP_PNP_BOOTP
|
|
def_bool n
|
|
|
|
config KERNEL_IP_PNP_RARP
|
|
def_bool n
|
|
|
|
config KERNEL_NFS_FS
|
|
def_bool y
|
|
|
|
config KERNEL_NFS_V2
|
|
def_bool y
|
|
|
|
config KERNEL_NFS_V3
|
|
def_bool y
|
|
|
|
config KERNEL_ROOT_NFS
|
|
def_bool y
|
|
|
|
endif
|
|
|
|
menu "Filesystem ACL and attr support options"
|
|
config USE_FS_ACL_ATTR
|
|
bool "Use filesystem ACL and attr support by default"
|
|
default n
|
|
help
|
|
Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
|
|
for kernel and packages, except tmpfs, flash filesystems,
|
|
and old NFS. Also enable userspace extended attribute support
|
|
by default. (OpenWrt already has an expection it will be
|
|
present in the kernel).
|
|
|
|
config KERNEL_FS_POSIX_ACL
|
|
bool "Enable POSIX ACL support"
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_BTRFS_FS_POSIX_ACL
|
|
bool "Enable POSIX ACL for BtrFS Filesystems"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_EXT4_FS_POSIX_ACL
|
|
bool "Enable POSIX ACL for Ext4 Filesystems"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_F2FS_FS_POSIX_ACL
|
|
bool "Enable POSIX ACL for F2FS Filesystems"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default n
|
|
|
|
config KERNEL_JFFS2_FS_POSIX_ACL
|
|
bool "Enable POSIX ACL for JFFS2 Filesystems"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default n
|
|
|
|
config KERNEL_TMPFS_POSIX_ACL
|
|
bool "Enable POSIX ACL for TMPFS Filesystems"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default n
|
|
|
|
config KERNEL_CIFS_ACL
|
|
bool "Enable CIFS ACLs"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_HFS_FS_POSIX_ACL
|
|
bool "Enable POSIX ACL for HFS Filesystems"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_HFSPLUS_FS_POSIX_ACL
|
|
bool "Enable POSIX ACL for HFS+ Filesystems"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_NFS_ACL_SUPPORT
|
|
bool "Enable ACLs for NFS"
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_NFS_V3_ACL_SUPPORT
|
|
bool "Enable ACLs for NFSv3"
|
|
default n
|
|
|
|
config KERNEL_NFSD_V2_ACL_SUPPORT
|
|
bool "Enable ACLs for NFSDv2"
|
|
default n
|
|
|
|
config KERNEL_NFSD_V3_ACL_SUPPORT
|
|
bool "Enable ACLs for NFSDv3"
|
|
default n
|
|
|
|
config KERNEL_REISER_FS_POSIX_ACL
|
|
bool "Enable POSIX ACLs for ReiserFS"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_XFS_POSIX_ACL
|
|
bool "Enable POSIX ACLs for XFS"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
config KERNEL_JFS_POSIX_ACL
|
|
bool "Enable POSIX ACLs for JFS"
|
|
select KERNEL_FS_POSIX_ACL
|
|
default y if USE_FS_ACL_ATTR
|
|
|
|
endmenu
|
|
|
|
config KERNEL_DEVMEM
|
|
bool "/dev/mem virtual device support"
|
|
help
|
|
Say Y here if you want to support the /dev/mem device.
|
|
The /dev/mem device is used to access areas of physical
|
|
memory.
|
|
|
|
config KERNEL_DEVKMEM
|
|
bool "/dev/kmem virtual device support"
|
|
help
|
|
Say Y here if you want to support the /dev/kmem device. The
|
|
/dev/kmem device is rarely used, but can be used for certain
|
|
kind of kernel debugging operations.
|
|
|
|
config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
|
|
int "Number of squashfs fragments cached"
|
|
default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
|
|
default 3
|
|
|
|
config KERNEL_SQUASHFS_XATTR
|
|
bool "Squashfs XATTR support"
|
|
|
|
#
|
|
# compile optimiziation setting
|
|
#
|
|
choice
|
|
prompt "Compiler optimization level"
|
|
default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
|
|
|
|
config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
|
|
bool "Optimize for performance"
|
|
help
|
|
This is the default optimization level for the kernel, building
|
|
with the "-O2" compiler flag for best performance and most
|
|
helpful compile-time warnings.
|
|
|
|
config KERNEL_CC_OPTIMIZE_FOR_SIZE
|
|
bool "Optimize for size"
|
|
help
|
|
Enabling this option will pass "-Os" instead of "-O2" to
|
|
your compiler resulting in a smaller kernel.
|
|
|
|
endchoice
|
|
|
|
config KERNEL_AUDIT
|
|
bool "Auditing support"
|
|
|
|
config KERNEL_SECURITY
|
|
bool "Enable different security models"
|
|
|
|
config KERNEL_SECURITY_NETWORK
|
|
bool "Socket and Networking Security Hooks"
|
|
select KERNEL_SECURITY
|
|
|
|
config KERNEL_SECURITY_SELINUX
|
|
bool "NSA SELinux Support"
|
|
select KERNEL_SECURITY_NETWORK
|
|
select KERNEL_AUDIT
|
|
|
|
config KERNEL_SECURITY_SELINUX_BOOTPARAM
|
|
bool "NSA SELinux boot parameter"
|
|
depends on KERNEL_SECURITY_SELINUX
|
|
default y
|
|
|
|
config KERNEL_SECURITY_SELINUX_DISABLE
|
|
bool "NSA SELinux runtime disable"
|
|
depends on KERNEL_SECURITY_SELINUX
|
|
|
|
config KERNEL_SECURITY_SELINUX_DEVELOP
|
|
bool "NSA SELinux Development Support"
|
|
depends on KERNEL_SECURITY_SELINUX
|
|
default y
|
|
|
|
config KERNEL_LSM
|
|
string
|
|
default "lockdown,yama,loadpin,safesetid,integrity,selinux"
|
|
depends on KERNEL_SECURITY_SELINUX
|
|
|
|
config KERNEL_EXT4_FS_SECURITY
|
|
bool "Ext4 Security Labels"
|
|
|
|
config KERNEL_F2FS_FS_SECURITY
|
|
bool "F2FS Security Labels"
|
|
|
|
config KERNEL_UBIFS_FS_SECURITY
|
|
bool "UBIFS Security Labels"
|
|
|
|
config KERNEL_JFFS2_FS_SECURITY
|
|
bool "JFFS2 Security Labels"
|