projects / openwrt / openwrt.git / blob
? search:


dc249a6031f52a378a344eaa2aa845ca7697894c
[openwrt/openwrt.git] / config / Config-kernel.in
1 # SPDX-License-Identifier: GPL-2.0-only
2 #
3 # Copyright (C) 2006-2014 OpenWrt.org
4
5 config KERNEL_BUILD_USER
6 string "Custom Kernel Build User Name"
7 default "builder" if BUILDBOT
8 default ""
9 help
10 Sets the Kernel build user string, which for example will be returned
11 by 'uname -a' on running systems.
12 If not set, uses system user at build time.
13
14 config KERNEL_BUILD_DOMAIN
15 string "Custom Kernel Build Domain Name"
16 default "buildhost" if BUILDBOT
17 default ""
18 help
19 Sets the Kernel build domain string, which for example will be
20 returned by 'uname -a' on running systems.
21 If not set, uses system hostname at build time.
22
23 config KERNEL_PRINTK
24 bool "Enable support for printk"
25 default y
26
27 config KERNEL_CRASHLOG
28 bool "Crash logging"
29 depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
30 default y
31
32 config KERNEL_SWAP
33 bool "Support for paging of anonymous memory (swap)"
34 default y if !SMALL_FLASH
35
36 config KERNEL_PROC_STRIPPED
37 bool "Strip non-essential /proc functionality to reduce code size"
38 default y if SMALL_FLASH
39
40 config KERNEL_DEBUG_FS
41 bool "Compile the kernel with debug filesystem enabled"
42 default y
43 help
44 debugfs is a virtual file system that kernel developers use to put
45 debugging files into. Enable this option to be able to read and
46 write to these files. Many common debugging facilities, such as
47 ftrace, require the existence of debugfs.
48
49 config KERNEL_MIPS_FP_SUPPORT
50 bool
51 default y if TARGET_pistachio
52
53 config KERNEL_ARM_PMU
54 bool
55 default n
56 depends on (arm || aarch64)
57
58 config KERNEL_X86_VSYSCALL_EMULATION
59 bool "Enable vsyscall emulation"
60 default n
61 depends on x86_64
62 help
63 This enables emulation of the legacy vsyscall page. Disabling
64 it is roughly equivalent to booting with vsyscall=none, except
65 that it will also disable the helpful warning if a program
66 tries to use a vsyscall. With this option set to N, offending
67 programs will just segfault, citing addresses of the form
68 0xffffffffff600?00.
69
70 This option is required by many programs built before 2013, and
71 care should be used even with newer programs if set to N.
72
73 Disabling this option saves about 7K of kernel size and
74 possibly 4K of additional runtime pagetable memory.
75
76 config KERNEL_PERF_EVENTS
77 bool "Compile the kernel with performance events and counters"
78 default n
79 select KERNEL_ARM_PMU if (arm || aarch64)
80
81 config KERNEL_PROFILING
82 bool "Compile the kernel with profiling enabled"
83 default n
84 select KERNEL_PERF_EVENTS
85 help
86 Enable the extended profiling support mechanisms used by profilers such
87 as OProfile.
88
89 config KERNEL_UBSAN
90 bool "Compile the kernel with undefined behaviour sanity checker"
91 help
92 This option enables undefined behaviour sanity checker
93 Compile-time instrumentation is used to detect various undefined
94 behaviours in runtime. Various types of checks may be enabled
95 via boot parameter ubsan_handle
96 (see: Documentation/dev-tools/ubsan.rst).
97
98 config KERNEL_UBSAN_SANITIZE_ALL
99 bool "Enable instrumentation for the entire kernel"
100 depends on KERNEL_UBSAN
101 default y
102 help
103 This option activates instrumentation for the entire kernel.
104 If you don't enable this option, you have to explicitly specify
105 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
106 Enabling this option will get kernel image size increased
107 significantly.
108
109 config KERNEL_UBSAN_ALIGNMENT
110 bool "Enable checking of pointers alignment"
111 depends on KERNEL_UBSAN
112 help
113 This option enables detection of unaligned memory accesses.
114 Enabling this option on architectures that support unaligned
115 accesses may produce a lot of false positives.
116
117 config KERNEL_UBSAN_NULL
118 bool "Enable checking of null pointers"
119 depends on KERNEL_UBSAN
120 help
121 This option enables detection of memory accesses via a
122 null pointer.
123
124 config KERNEL_KASAN
125 bool "Compile the kernel with KASan: runtime memory debugger"
126 select KERNEL_SLUB_DEBUG
127 depends on (x86_64 || aarch64)
128 help
129 Enables kernel address sanitizer - runtime memory debugger,
130 designed to find out-of-bounds accesses and use-after-free bugs.
131 This is strictly a debugging feature and it requires a gcc version
132 of 4.9.2 or later. Detection of out of bounds accesses to stack or
133 global variables requires gcc 5.0 or later.
134 This feature consumes about 1/8 of available memory and brings about
135 ~x3 performance slowdown.
136 For better error detection enable CONFIG_STACKTRACE.
137 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
138 (the resulting kernel does not boot).
139
140 config KERNEL_KASAN_EXTRA
141 bool "KAsan: extra checks"
142 depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
143 help
144 This enables further checks in the kernel address sanitizer, for now
145 it only includes the address-use-after-scope check that can lead
146 to excessive kernel stack usage, frame size warnings and longer
147 compile time.
148 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
149
150
151 choice
152 prompt "Instrumentation type"
153 depends on KERNEL_KASAN
154 default KERNEL_KASAN_OUTLINE
155
156 config KERNEL_KASAN_OUTLINE
157 bool "Outline instrumentation"
158 help
159 Before every memory access compiler insert function call
160 __asan_load*/__asan_store*. These functions performs check
161 of shadow memory. This is slower than inline instrumentation,
162 however it doesn't bloat size of kernel's .text section so
163 much as inline does.
164
165 config KERNEL_KASAN_INLINE
166 bool "Inline instrumentation"
167 help
168 Compiler directly inserts code checking shadow memory before
169 memory accesses. This is faster than outline (in some workloads
170 it gives about x2 boost over outline instrumentation), but
171 make kernel's .text size much bigger.
172 This requires a gcc version of 5.0 or later.
173
174 endchoice
175
176 config KERNEL_KCOV
177 bool "Compile the kernel with code coverage for fuzzing"
178 select KERNEL_DEBUG_FS
179 help
180 KCOV exposes kernel code coverage information in a form suitable
181 for coverage-guided fuzzing (randomized testing).
182
183 If RANDOMIZE_BASE is enabled, PC values will not be stable across
184 different machines and across reboots. If you need stable PC values,
185 disable RANDOMIZE_BASE.
186
187 For more details, see Documentation/kcov.txt.
188
189 config KERNEL_KCOV_ENABLE_COMPARISONS
190 bool "Enable comparison operands collection by KCOV"
191 depends on KERNEL_KCOV
192 help
193 KCOV also exposes operands of every comparison in the instrumented
194 code along with operand sizes and PCs of the comparison instructions.
195 These operands can be used by fuzzing engines to improve the quality
196 of fuzzing coverage.
197
198 config KERNEL_KCOV_INSTRUMENT_ALL
199 bool "Instrument all code by default"
200 depends on KERNEL_KCOV
201 default y if KERNEL_KCOV
202 help
203 If you are doing generic system call fuzzing (like e.g. syzkaller),
204 then you will want to instrument the whole kernel and you should
205 say y here. If you are doing more targeted fuzzing (like e.g.
206 filesystem fuzzing with AFL) then you will want to enable coverage
207 for more specific subsets of files, and should say n here.
208
209 config KERNEL_TASKSTATS
210 bool "Compile the kernel with task resource/io statistics and accounting"
211 default n
212 help
213 Enable the collection and publishing of task/io statistics and
214 accounting. Enable this option to enable i/o monitoring in system
215 monitors.
216
217 if KERNEL_TASKSTATS
218
219 config KERNEL_TASK_DELAY_ACCT
220 def_bool y
221
222 config KERNEL_TASK_IO_ACCOUNTING
223 def_bool y
224
225 config KERNEL_TASK_XACCT
226 def_bool y
227
228 endif
229
230 config KERNEL_KALLSYMS
231 bool "Compile the kernel with symbol table information"
232 default y if !SMALL_FLASH
233 help
234 This will give you more information in stack traces from kernel oopses.
235
236 config KERNEL_FTRACE
237 bool "Compile the kernel with tracing support"
238 depends on !TARGET_uml
239 default n
240
241 config KERNEL_FTRACE_SYSCALLS
242 bool "Trace system calls"
243 depends on KERNEL_FTRACE
244 default n
245
246 config KERNEL_ENABLE_DEFAULT_TRACERS
247 bool "Trace process context switches and events"
248 depends on KERNEL_FTRACE
249 default n
250
251 config KERNEL_FUNCTION_TRACER
252 bool "Function tracer"
253 depends on KERNEL_FTRACE
254 default n
255
256 config KERNEL_FUNCTION_GRAPH_TRACER
257 bool "Function graph tracer"
258 depends on KERNEL_FUNCTION_TRACER
259 default n
260
261 config KERNEL_DYNAMIC_FTRACE
262 bool "Enable/disable function tracing dynamically"
263 depends on KERNEL_FUNCTION_TRACER
264 default n
265
266 config KERNEL_FUNCTION_PROFILER
267 bool "Function profiler"
268 depends on KERNEL_FUNCTION_TRACER
269 default n
270
271 config KERNEL_IRQSOFF_TRACER
272 bool "Interrupts-off Latency Tracer"
273 depends on KERNEL_FTRACE
274 help
275 This option measures the time spent in irqs-off critical
276 sections, with microsecond accuracy.
277
278 The default measurement method is a maximum search, which is
279 disabled by default and can be runtime (re-)started
280 via:
281
282 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
283
284 (Note that kernel size and overhead increase with this option
285 enabled. This option and the preempt-off timing option can be
286 used together or separately.)
287
288 config KERNEL_PREEMPT_TRACER
289 bool "Preemption-off Latency Tracer"
290 depends on KERNEL_FTRACE
291 help
292 This option measures the time spent in preemption-off critical
293 sections, with microsecond accuracy.
294
295 The default measurement method is a maximum search, which is
296 disabled by default and can be runtime (re-)started
297 via:
298
299 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
300
301 (Note that kernel size and overhead increase with this option
302 enabled. This option and the irqs-off timing option can be
303 used together or separately.)
304
305 config KERNEL_DEBUG_KERNEL
306 bool
307 default n
308
309 config KERNEL_DEBUG_INFO
310 bool "Compile the kernel with debug information"
311 default y if !SMALL_FLASH
312 select KERNEL_DEBUG_KERNEL
313 help
314 This will compile your kernel and modules with debug information.
315
316 config KERNEL_DEBUG_LL_UART_NONE
317 bool
318 default n
319 depends on arm
320
321 config KERNEL_DEBUG_LL
322 bool
323 default n
324 depends on arm
325 select KERNEL_DEBUG_LL_UART_NONE
326 help
327 ARM low level debugging.
328
329 config KERNEL_DYNAMIC_DEBUG
330 bool "Compile the kernel with dynamic printk"
331 select KERNEL_DEBUG_FS
332 default n
333 help
334 Compiles debug level messages into the kernel, which would not
335 otherwise be available at runtime. These messages can then be
336 enabled/disabled based on various levels of scope - per source file,
337 function, module, format string, and line number. This mechanism
338 implicitly compiles in all pr_debug() and dev_dbg() calls, which
339 enlarges the kernel text size by about 2%.
340
341 config KERNEL_EARLY_PRINTK
342 bool "Compile the kernel with early printk"
343 default y if TARGET_bcm53xx
344 default n
345 depends on arm
346 select KERNEL_DEBUG_KERNEL
347 select KERNEL_DEBUG_LL if arm
348 help
349 Compile the kernel with early printk support. This is only useful for
350 debugging purposes to send messages over the serial console in early boot.
351 Enable this to debug early boot problems.
352
353 config KERNEL_KPROBES
354 bool "Compile the kernel with kprobes support"
355 default n
356 select KERNEL_FTRACE
357 select KERNEL_PERF_EVENTS
358 help
359 Compiles the kernel with KPROBES support, which allows you to trap
360 at almost any kernel address and execute a callback function.
361 register_kprobe() establishes a probepoint and specifies the
362 callback. Kprobes is useful for kernel debugging, non-intrusive
363 instrumentation and testing.
364 If in doubt, say "N".
365
366 config KERNEL_KPROBE_EVENTS
367 bool
368 default y if KERNEL_KPROBES
369
370 config KERNEL_AIO
371 bool "Compile the kernel with asynchronous IO support"
372 default y if !SMALL_FLASH
373
374 config KERNEL_IO_URING
375 bool "Compile the kernel with io_uring support"
376 default y if !SMALL_FLASH
377
378 config KERNEL_FHANDLE
379 bool "Compile the kernel with support for fhandle syscalls"
380 default y if !SMALL_FLASH
381
382 config KERNEL_FANOTIFY
383 bool "Compile the kernel with modern file notification support"
384 default y if !SMALL_FLASH
385
386 config KERNEL_BLK_DEV_BSG
387 bool "Compile the kernel with SCSI generic v4 support for any block device"
388 default n
389
390 config KERNEL_TRANSPARENT_HUGEPAGE
391 bool
392
393 choice
394 prompt "Transparent Hugepage Support sysfs defaults"
395 depends on KERNEL_TRANSPARENT_HUGEPAGE
396 default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
397
398 config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
399 bool "always"
400
401 config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
402 bool "madvise"
403 endchoice
404
405 config KERNEL_HUGETLBFS
406 bool
407
408 config KERNEL_HUGETLB_PAGE
409 bool "Compile the kernel with HugeTLB support"
410 select KERNEL_TRANSPARENT_HUGEPAGE
411 select KERNEL_HUGETLBFS
412 default n
413
414 config KERNEL_MAGIC_SYSRQ
415 bool "Compile the kernel with SysRq support"
416 default y
417
418 config KERNEL_DEBUG_PINCTRL
419 bool "Compile the kernel with pinctrl debugging"
420 select KERNEL_DEBUG_KERNEL
421
422 config KERNEL_DEBUG_GPIO
423 bool "Compile the kernel with gpio debugging"
424 select KERNEL_DEBUG_KERNEL
425
426 config KERNEL_COREDUMP
427 bool
428
429 config KERNEL_ELF_CORE
430 bool "Enable process core dump support"
431 select KERNEL_COREDUMP
432 default y if !SMALL_FLASH
433
434 config KERNEL_PROVE_LOCKING
435 bool "Enable kernel lock checking"
436 select KERNEL_DEBUG_KERNEL
437 default n
438
439 config KERNEL_SOFTLOCKUP_DETECTOR
440 bool "Compile the kernel with detect Soft Lockups"
441 depends on KERNEL_DEBUG_KERNEL
442 help
443 Say Y here to enable the kernel to act as a watchdog to detect
444 soft lockups.
445
446 Softlockups are bugs that cause the kernel to loop in kernel
447 mode for more than 20 seconds, without giving other tasks a
448 chance to run. The current stack trace is displayed upon
449 detection and the system will stay locked up.
450
451 config KERNEL_DETECT_HUNG_TASK
452 bool "Compile the kernel with detect Hung Tasks"
453 depends on KERNEL_DEBUG_KERNEL
454 default KERNEL_SOFTLOCKUP_DETECTOR
455 help
456 Say Y here to enable the kernel to detect "hung tasks",
457 which are bugs that cause the task to be stuck in
458 uninterruptible "D" state indefinitely.
459
460 When a hung task is detected, the kernel will print the
461 current stack trace (which you should report), but the
462 task will stay in uninterruptible state. If lockdep is
463 enabled then all held locks will also be reported. This
464 feature has negligible overhead.
465
466 config KERNEL_WQ_WATCHDOG
467 bool "Compile the kernel with detect Workqueue Stalls"
468 depends on KERNEL_DEBUG_KERNEL
469 help
470 Say Y here to enable stall detection on workqueues. If a
471 worker pool doesn't make forward progress on a pending work
472 item for over a given amount of time, 30s by default, a
473 warning message is printed along with dump of workqueue
474 state. This can be configured through kernel parameter
475 "workqueue.watchdog_thresh" and its sysfs counterpart.
476
477 config KERNEL_DEBUG_ATOMIC_SLEEP
478 bool "Compile the kernel with sleep inside atomic section checking"
479 depends on KERNEL_DEBUG_KERNEL
480 help
481 If you say Y here, various routines which may sleep will become very
482 noisy if they are called inside atomic sections: when a spinlock is
483 held, inside an rcu read side critical section, inside preempt disabled
484 sections, inside an interrupt, etc...
485
486 config KERNEL_DEBUG_VM
487 bool "Compile the kernel with debug VM"
488 depends on KERNEL_DEBUG_KERNEL
489 help
490 Enable this to turn on extended checks in the virtual-memory system
491 that may impact performance.
492
493 If unsure, say N.
494
495 config KERNEL_PRINTK_TIME
496 bool "Enable printk timestamps"
497 default y
498
499 config KERNEL_SLUB_DEBUG
500 bool
501
502 config KERNEL_SLUB_DEBUG_ON
503 bool
504
505 config KERNEL_SLABINFO
506 select KERNEL_SLUB_DEBUG
507 select KERNEL_SLUB_DEBUG_ON
508 bool "Enable /proc slab debug info"
509
510 config KERNEL_PROC_PAGE_MONITOR
511 bool "Enable /proc page monitoring"
512
513 config KERNEL_RELAY
514 bool
515
516 config KERNEL_KEXEC
517 bool "Enable kexec support"
518
519 config KERNEL_PROC_VMCORE
520 bool
521
522 config KERNEL_PROC_KCORE
523 bool
524
525 config KERNEL_CRASH_DUMP
526 depends on i386 || x86_64 || arm || armeb
527 select KERNEL_KEXEC
528 select KERNEL_PROC_VMCORE
529 select KERNEL_PROC_KCORE
530 bool "Enable support for kexec crashdump"
531 default y
532
533 config USE_RFKILL
534 bool "Enable rfkill support"
535 default RFKILL_SUPPORT
536
537 config USE_SPARSE
538 bool "Enable sparse check during kernel build"
539 default n
540
541 config KERNEL_DEVTMPFS
542 bool "Compile the kernel with device tmpfs enabled"
543 default n
544 help
545 devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
546 devices nodes for all registered devices to simplify boot, but leaves more
547 complex tasks to userspace (e.g. udev).
548
549 if KERNEL_DEVTMPFS
550
551 config KERNEL_DEVTMPFS_MOUNT
552 bool "Automatically mount devtmpfs after root filesystem is mounted"
553 default n
554
555 endif
556
557 config KERNEL_KEYS
558 bool "Enable kernel access key retention support"
559 default !SMALL_FLASH
560
561 config KERNEL_PERSISTENT_KEYRINGS
562 bool "Enable kernel persistent keyrings"
563 depends on KERNEL_KEYS
564 default n
565
566 config KERNEL_KEYS_REQUEST_CACHE
567 bool "Enable temporary caching of the last request_key() result"
568 depends on KERNEL_KEYS
569 default n
570
571 config KERNEL_BIG_KEYS
572 bool "Enable large payload keys on kernel keyrings"
573 depends on KERNEL_KEYS
574 default n
575
576 #
577 # CGROUP support symbols
578 #
579
580 config KERNEL_CGROUPS
581 bool "Enable kernel cgroups"
582 default y if !SMALL_FLASH
583
584 if KERNEL_CGROUPS
585
586 config KERNEL_CGROUP_DEBUG
587 bool "Example debug cgroup subsystem"
588 default n
589 help
590 This option enables a simple cgroup subsystem that
591 exports useful debugging information about the cgroups
592 framework.
593
594 config KERNEL_FREEZER
595 bool
596
597 config KERNEL_CGROUP_FREEZER
598 bool "legacy Freezer cgroup subsystem"
599 default n
600 select KERNEL_FREEZER
601 help
602 Provides a way to freeze and unfreeze all tasks in a
603 cgroup.
604 (legacy cgroup1-only controller, in cgroup2 freezer
605 is integrated in the Memory controller)
606
607 config KERNEL_CGROUP_DEVICE
608 bool "legacy Device controller for cgroups"
609 default n
610 help
611 Provides a cgroup implementing whitelists for devices which
612 a process in the cgroup can mknod or open.
613 (legacy cgroup1-only controller)
614
615 config KERNEL_CGROUP_HUGETLB
616 bool "HugeTLB controller"
617 default n
618 select KERNEL_HUGETLB_PAGE
619
620 config KERNEL_CGROUP_PIDS
621 bool "PIDs cgroup subsystem"
622 default y
623 help
624 Provides enforcement of process number limits in the scope of a
625 cgroup.
626
627 config KERNEL_CGROUP_RDMA
628 bool "RDMA controller for cgroups"
629 default y
630
631 config KERNEL_CGROUP_BPF
632 bool "Support for eBPF programs attached to cgroups"
633 default y
634
635 config KERNEL_CPUSETS
636 bool "Cpuset support"
637 default y
638 help
639 This option will let you create and manage CPUSETs which
640 allow dynamically partitioning a system into sets of CPUs and
641 Memory Nodes and assigning tasks to run only within those sets.
642 This is primarily useful on large SMP or NUMA systems.
643
644 config KERNEL_PROC_PID_CPUSET
645 bool "Include legacy /proc/<pid>/cpuset file"
646 default n
647 depends on KERNEL_CPUSETS
648
649 config KERNEL_CGROUP_CPUACCT
650 bool "Simple CPU accounting cgroup subsystem"
651 default y
652 help
653 Provides a simple Resource Controller for monitoring the
654 total CPU consumed by the tasks in a cgroup.
655
656 config KERNEL_RESOURCE_COUNTERS
657 bool "Resource counters"
658 default y
659 help
660 This option enables controller independent resource accounting
661 infrastructure that works with cgroups.
662
663 config KERNEL_MM_OWNER
664 bool
665 default y if KERNEL_MEMCG
666
667 config KERNEL_MEMCG
668 bool "Memory Resource Controller for Control Groups"
669 default y
670 select KERNEL_FREEZER
671 depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
672 help
673 Provides a memory resource controller that manages both anonymous
674 memory and page cache. (See Documentation/cgroups/memory.txt)
675
676 Note that setting this option increases fixed memory overhead
677 associated with each page of memory in the system. By this,
678 20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
679 usage tracking struct at boot. Total amount of this is printed out
680 at boot.
681
682 Only enable when you're ok with these tradeoffs and really
683 sure you need the memory resource controller. Even when you enable
684 this, you can set "cgroup_disable=memory" at your boot option to
685 disable memory resource controller and you can avoid overheads
686 (but lose benefits of memory resource controller).
687
688 This config option also selects MM_OWNER config option, which
689 could in turn add some fork/exit overhead.
690
691 config KERNEL_MEMCG_SWAP
692 bool "Memory Resource Controller Swap Extension"
693 default y
694 depends on KERNEL_MEMCG
695 help
696 Add swap management feature to memory resource controller. When you
697 enable this, you can limit mem+swap usage per cgroup. In other words,
698 when you disable this, memory resource controller has no cares to
699 usage of swap...a process can exhaust all of the swap. This extension
700 is useful when you want to avoid exhaustion swap but this itself
701 adds more overheads and consumes memory for remembering information.
702 Especially if you use 32bit system or small memory system, please
703 be careful about enabling this. When memory resource controller
704 is disabled by boot option, this will be automatically disabled and
705 there will be no overhead from this. Even when you set this config=y,
706 if boot option "swapaccount=0" is set, swap will not be accounted.
707 Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
708 size is 4096bytes, 512k per 1Gbytes of swap.
709
710 config KERNEL_MEMCG_SWAP_ENABLED
711 bool "Memory Resource Controller Swap Extension enabled by default"
712 default n
713 depends on KERNEL_MEMCG_SWAP
714 help
715 Memory Resource Controller Swap Extension comes with its price in
716 a bigger memory consumption. General purpose distribution kernels
717 which want to enable the feature but keep it disabled by default
718 and let the user enable it by swapaccount boot command line
719 parameter should have this option unselected.
720
721 Those who want to have the feature enabled by default should
722 select this option (if, for some reason, they need to disable it,
723 then swapaccount=0 does the trick).
724
725
726 config KERNEL_MEMCG_KMEM
727 bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
728 default y
729 depends on KERNEL_MEMCG
730 help
731 The Kernel Memory extension for Memory Resource Controller can limit
732 the amount of memory used by kernel objects in the system. Those are
733 fundamentally different from the entities handled by the standard
734 Memory Controller, which are page-based, and can be swapped. Users of
735 the kmem extension can use it to guarantee that no group of processes
736 will ever exhaust kernel resources alone.
737
738 config KERNEL_CGROUP_PERF
739 bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
740 select KERNEL_PERF_EVENTS
741 default n
742 help
743 This option extends the per-cpu mode to restrict monitoring to
744 threads which belong to the cgroup specified and run on the
745 designated cpu.
746
747 menuconfig KERNEL_CGROUP_SCHED
748 bool "Group CPU scheduler"
749 default y
750 help
751 This feature lets CPU scheduler recognize task groups and control CPU
752 bandwidth allocation to such task groups. It uses cgroups to group
753 tasks.
754
755 if KERNEL_CGROUP_SCHED
756
757 config KERNEL_FAIR_GROUP_SCHED
758 bool "Group scheduling for SCHED_OTHER"
759 default y
760
761 config KERNEL_CFS_BANDWIDTH
762 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
763 default y
764 depends on KERNEL_FAIR_GROUP_SCHED
765 help
766 This option allows users to define CPU bandwidth rates (limits) for
767 tasks running within the fair group scheduler. Groups with no limit
768 set are considered to be unconstrained and will run with no
769 restriction.
770 See tip/Documentation/scheduler/sched-bwc.txt for more information.
771
772 config KERNEL_RT_GROUP_SCHED
773 bool "Group scheduling for SCHED_RR/FIFO"
774 default y
775 help
776 This feature lets you explicitly allocate real CPU bandwidth
777 to task groups. If enabled, it will also make it impossible to
778 schedule realtime tasks for non-root users until you allocate
779 realtime bandwidth for them.
780
781 endif
782
783 config KERNEL_BLK_CGROUP
784 bool "Block IO controller"
785 default y
786 help
787 Generic block IO controller cgroup interface. This is the common
788 cgroup interface which should be used by various IO controlling
789 policies.
790
791 Currently, CFQ IO scheduler uses it to recognize task groups and
792 control disk bandwidth allocation (proportional time slice allocation)
793 to such task groups. It is also used by bio throttling logic in
794 block layer to implement upper limit in IO rates on a device.
795
796 This option only enables generic Block IO controller infrastructure.
797 One needs to also enable actual IO controlling logic/policy. For
798 enabling proportional weight division of disk bandwidth in CFQ, set
799 CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
800 CONFIG_BLK_DEV_THROTTLING=y.
801
802 if KERNEL_BLK_CGROUP
803
804 config KERNEL_CFQ_GROUP_IOSCHED
805 bool "Proportional weight of disk bandwidth in CFQ"
806
807 config KERNEL_BLK_DEV_THROTTLING
808 bool "Enable throttling policy"
809 default y
810
811 config KERNEL_BLK_DEV_THROTTLING_LOW
812 bool "Block throttling .low limit interface support (EXPERIMENTAL)"
813 depends on KERNEL_BLK_DEV_THROTTLING
814 endif
815
816 config KERNEL_DEBUG_BLK_CGROUP
817 bool "Enable Block IO controller debugging"
818 default n
819 depends on KERNEL_BLK_CGROUP
820 help
821 Enable some debugging help. Currently it exports additional stat
822 files in a cgroup which can be useful for debugging.
823
824 config KERNEL_NET_CLS_CGROUP
825 bool "legacy Control Group Classifier"
826 default n
827
828 config KERNEL_CGROUP_NET_CLASSID
829 bool "legacy Network classid cgroup"
830 default n
831
832 config KERNEL_CGROUP_NET_PRIO
833 bool "legacy Network priority cgroup"
834 default n
835
836 endif
837
838 #
839 # Namespace support symbols
840 #
841
842 config KERNEL_NAMESPACES
843 bool "Enable kernel namespaces"
844 default y if !SMALL_FLASH
845
846 if KERNEL_NAMESPACES
847
848 config KERNEL_UTS_NS
849 bool "UTS namespace"
850 default y
851 help
852 In this namespace, tasks see different info provided
853 with the uname() system call.
854
855 config KERNEL_IPC_NS
856 bool "IPC namespace"
857 default y
858 help
859 In this namespace, tasks work with IPC ids which correspond to
860 different IPC objects in different namespaces.
861
862 config KERNEL_USER_NS
863 bool "User namespace (EXPERIMENTAL)"
864 default y
865 help
866 This allows containers, i.e. vservers, to use user namespaces
867 to provide different user info for different servers.
868
869 config KERNEL_PID_NS
870 bool "PID Namespaces"
871 default y
872 help
873 Support process id namespaces. This allows having multiple
874 processes with the same pid as long as they are in different
875 pid namespaces. This is a building block of containers.
876
877 config KERNEL_NET_NS
878 bool "Network namespace"
879 default y
880 help
881 Allow user space to create what appear to be multiple instances
882 of the network stack.
883
884 endif
885
886 config KERNEL_DEVPTS_MULTIPLE_INSTANCES
887 bool "Support multiple instances of devpts"
888 default y if !SMALL_FLASH
889 help
890 Enable support for multiple instances of devpts filesystem.
891 If you want to have isolated PTY namespaces (eg: in containers),
892 say Y here. Otherwise, say N. If enabled, each mount of devpts
893 filesystem with the '-o newinstance' option will create an
894 independent PTY namespace.
895
896 config KERNEL_POSIX_MQUEUE
897 bool "POSIX Message Queues"
898 default y if !SMALL_FLASH
899 help
900 POSIX variant of message queues is a part of IPC. In POSIX message
901 queues every message has a priority which decides about succession
902 of receiving it by a process. If you want to compile and run
903 programs written e.g. for Solaris with use of its POSIX message
904 queues (functions mq_*) say Y here.
905
906 POSIX message queues are visible as a filesystem called 'mqueue'
907 and can be mounted somewhere if you want to do filesystem
908 operations on message queues.
909
910
911 config KERNEL_SECCOMP_FILTER
912 bool
913 default y if !SMALL_FLASH
914
915 config KERNEL_SECCOMP
916 bool "Enable seccomp support"
917 depends on !(TARGET_uml)
918 select KERNEL_SECCOMP_FILTER
919 default y if !SMALL_FLASH
920 help
921 Build kernel with support for seccomp.
922
923 #
924 # IPv4 configuration
925 #
926
927 config KERNEL_IP_MROUTE
928 bool "Enable IPv4 multicast routing"
929 default y
930 help
931 Multicast routing requires a multicast routing daemon in
932 addition to kernel support.
933
934 #
935 # IPv6 configuration
936 #
937
938 config KERNEL_IPV6
939 def_bool IPV6
940
941 if KERNEL_IPV6
942
943 config KERNEL_IPV6_MULTIPLE_TABLES
944 def_bool y
945
946 config KERNEL_IPV6_SUBTREES
947 def_bool y
948
949 config KERNEL_IPV6_MROUTE
950 bool "Enable IPv6 multicast routing"
951 default y
952 help
953 Multicast routing requires a multicast routing daemon in
954 addition to kernel support.
955
956 config KERNEL_IPV6_PIMSM_V2
957 def_bool n
958
959 config KERNEL_IPV6_SEG6_LWTUNNEL
960 bool "Enable support for lightweight tunnels"
961 default y if !SMALL_FLASH
962 help
963 Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
964
965 config KERNEL_LWTUNNEL_BPF
966 def_bool n
967
968 endif
969
970 #
971 # NFS related symbols
972 #
973 config KERNEL_IP_PNP
974 bool "Compile the kernel with rootfs on NFS"
975 help
976 If you want to make your kernel boot off a NFS server as root
977 filesystem, select Y here.
978
979 if KERNEL_IP_PNP
980
981 config KERNEL_IP_PNP_DHCP
982 def_bool y
983
984 config KERNEL_IP_PNP_BOOTP
985 def_bool n
986
987 config KERNEL_IP_PNP_RARP
988 def_bool n
989
990 config KERNEL_NFS_FS
991 def_bool y
992
993 config KERNEL_NFS_V2
994 def_bool y
995
996 config KERNEL_NFS_V3
997 def_bool y
998
999 config KERNEL_ROOT_NFS
1000 def_bool y
1001
1002 endif
1003
1004 menu "Filesystem ACL and attr support options"
1005 config USE_FS_ACL_ATTR
1006 bool "Use filesystem ACL and attr support by default"
1007 default n
1008 help
1009 Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
1010 for kernel and packages, except tmpfs, flash filesystems,
1011 and old NFS. Also enable userspace extended attribute support
1012 by default. (OpenWrt already has an expection it will be
1013 present in the kernel).
1014
1015 config KERNEL_FS_POSIX_ACL
1016 bool "Enable POSIX ACL support"
1017 default y if USE_FS_ACL_ATTR
1018
1019 config KERNEL_BTRFS_FS_POSIX_ACL
1020 bool "Enable POSIX ACL for BtrFS Filesystems"
1021 select KERNEL_FS_POSIX_ACL
1022 default y if USE_FS_ACL_ATTR
1023
1024 config KERNEL_EXT4_FS_POSIX_ACL
1025 bool "Enable POSIX ACL for Ext4 Filesystems"
1026 select KERNEL_FS_POSIX_ACL
1027 default y if USE_FS_ACL_ATTR
1028
1029 config KERNEL_F2FS_FS_POSIX_ACL
1030 bool "Enable POSIX ACL for F2FS Filesystems"
1031 select KERNEL_FS_POSIX_ACL
1032 default n
1033
1034 config KERNEL_JFFS2_FS_POSIX_ACL
1035 bool "Enable POSIX ACL for JFFS2 Filesystems"
1036 select KERNEL_FS_POSIX_ACL
1037 default n
1038
1039 config KERNEL_TMPFS_POSIX_ACL
1040 bool "Enable POSIX ACL for TMPFS Filesystems"
1041 select KERNEL_FS_POSIX_ACL
1042 default n
1043
1044 config KERNEL_CIFS_ACL
1045 bool "Enable CIFS ACLs"
1046 select KERNEL_FS_POSIX_ACL
1047 default y if USE_FS_ACL_ATTR
1048
1049 config KERNEL_HFS_FS_POSIX_ACL
1050 bool "Enable POSIX ACL for HFS Filesystems"
1051 select KERNEL_FS_POSIX_ACL
1052 default y if USE_FS_ACL_ATTR
1053
1054 config KERNEL_HFSPLUS_FS_POSIX_ACL
1055 bool "Enable POSIX ACL for HFS+ Filesystems"
1056 select KERNEL_FS_POSIX_ACL
1057 default y if USE_FS_ACL_ATTR
1058
1059 config KERNEL_NFS_ACL_SUPPORT
1060 bool "Enable ACLs for NFS"
1061 default y if USE_FS_ACL_ATTR
1062
1063 config KERNEL_NFS_V3_ACL_SUPPORT
1064 bool "Enable ACLs for NFSv3"
1065 default n
1066
1067 config KERNEL_NFSD_V2_ACL_SUPPORT
1068 bool "Enable ACLs for NFSDv2"
1069 default n
1070
1071 config KERNEL_NFSD_V3_ACL_SUPPORT
1072 bool "Enable ACLs for NFSDv3"
1073 default n
1074
1075 config KERNEL_REISER_FS_POSIX_ACL
1076 bool "Enable POSIX ACLs for ReiserFS"
1077 select KERNEL_FS_POSIX_ACL
1078 default y if USE_FS_ACL_ATTR
1079
1080 config KERNEL_XFS_POSIX_ACL
1081 bool "Enable POSIX ACLs for XFS"
1082 select KERNEL_FS_POSIX_ACL
1083 default y if USE_FS_ACL_ATTR
1084
1085 config KERNEL_JFS_POSIX_ACL
1086 bool "Enable POSIX ACLs for JFS"
1087 select KERNEL_FS_POSIX_ACL
1088 default y if USE_FS_ACL_ATTR
1089
1090 endmenu
1091
1092 config KERNEL_DEVMEM
1093 bool "/dev/mem virtual device support"
1094 help
1095 Say Y here if you want to support the /dev/mem device.
1096 The /dev/mem device is used to access areas of physical
1097 memory.
1098
1099 config KERNEL_DEVKMEM
1100 bool "/dev/kmem virtual device support"
1101 help
1102 Say Y here if you want to support the /dev/kmem device. The
1103 /dev/kmem device is rarely used, but can be used for certain
1104 kind of kernel debugging operations.
1105
1106 config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
1107 int "Number of squashfs fragments cached"
1108 default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
1109 default 3
1110
1111 config KERNEL_SQUASHFS_XATTR
1112 bool "Squashfs XATTR support"
1113
1114 #
1115 # compile optimization setting
1116 #
1117 choice
1118 prompt "Compiler optimization level"
1119 default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
1120
1121 config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
1122 bool "Optimize for performance"
1123 help
1124 This is the default optimization level for the kernel, building
1125 with the "-O2" compiler flag for best performance and most
1126 helpful compile-time warnings.
1127
1128 config KERNEL_CC_OPTIMIZE_FOR_SIZE
1129 bool "Optimize for size"
1130 help
1131 Enabling this option will pass "-Os" instead of "-O2" to
1132 your compiler resulting in a smaller kernel.
1133
1134 endchoice
1135
1136 config KERNEL_AUDIT
1137 bool "Auditing support"
1138
1139 config KERNEL_SECURITY
1140 bool "Enable different security models"
1141
1142 config KERNEL_SECURITY_NETWORK
1143 bool "Socket and Networking Security Hooks"
1144 select KERNEL_SECURITY
1145
1146 config KERNEL_SECURITY_SELINUX
1147 bool "NSA SELinux Support"
1148 select KERNEL_SECURITY_NETWORK
1149 select KERNEL_AUDIT
1150
1151 config KERNEL_SECURITY_SELINUX_BOOTPARAM
1152 bool "NSA SELinux boot parameter"
1153 depends on KERNEL_SECURITY_SELINUX
1154 default y
1155
1156 config KERNEL_SECURITY_SELINUX_DISABLE
1157 bool "NSA SELinux runtime disable"
1158 depends on KERNEL_SECURITY_SELINUX
1159
1160 config KERNEL_SECURITY_SELINUX_DEVELOP
1161 bool "NSA SELinux Development Support"
1162 depends on KERNEL_SECURITY_SELINUX
1163 default y
1164
1165 config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
1166 int
1167 depends on KERNEL_SECURITY_SELINUX
1168 default 9
1169
1170 config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
1171 int
1172 depends on KERNEL_SECURITY_SELINUX
1173 default 256
1174
1175 config KERNEL_LSM
1176 string
1177 default "lockdown,yama,loadpin,safesetid,integrity,selinux"
1178 depends on KERNEL_SECURITY_SELINUX
1179
1180 config KERNEL_EXT4_FS_SECURITY
1181 bool "Ext4 Security Labels"
1182
1183 config KERNEL_F2FS_FS_SECURITY
1184 bool "F2FS Security Labels"
1185
1186 config KERNEL_UBIFS_FS_SECURITY
1187 bool "UBIFS Security Labels"
1188
1189 config KERNEL_JFFS2_FS_SECURITY
1190 bool "JFFS2 Security Labels"
OpenWrt Source Repository