1 # SPDX-License-Identifier: GPL-2.0-only
3 # Copyright (C) 2006-2014 OpenWrt.org
5 config KERNEL_BUILD_USER
6 string "Custom Kernel Build User Name"
7 default "builder" if BUILDBOT
10 Sets the Kernel build user string, which for example will be returned
11 by 'uname -a' on running systems.
12 If not set, uses system user at build time.
14 config KERNEL_BUILD_DOMAIN
15 string "Custom Kernel Build Domain Name"
16 default "buildhost" if BUILDBOT
19 Sets the Kernel build domain string, which for example will be
20 returned by 'uname -a' on running systems.
21 If not set, uses system hostname at build time.
24 bool "Enable support for printk"
28 bool "Support for paging of anonymous memory (swap)"
29 default y if !SMALL_FLASH
31 config KERNEL_PROC_STRIPPED
32 bool "Strip non-essential /proc functionality to reduce code size"
33 default y if SMALL_FLASH
35 config KERNEL_DEBUG_FS
36 bool "Compile the kernel with debug filesystem enabled"
39 debugfs is a virtual file system that kernel developers use to put
40 debugging files into. Enable this option to be able to read and
41 write to these files. Many common debugging facilities, such as
42 ftrace, require the existence of debugfs.
44 config KERNEL_MIPS_FP_SUPPORT
46 default y if TARGET_pistachio
50 default y if TARGET_armsr_armv8
51 depends on (arm || aarch64)
53 config KERNEL_ARM_PMUV3
55 default y if TARGET_armsr_armv8
56 depends on (arm_v7 || aarch64) && LINUX_6_6
58 config KERNEL_RISCV_PMU
60 select KERNEL_RISCV_PMU_SBI
63 config KERNEL_RISCV_PMU_SBI
67 config KERNEL_X86_VSYSCALL_EMULATION
68 bool "Enable vsyscall emulation"
71 This enables emulation of the legacy vsyscall page. Disabling
72 it is roughly equivalent to booting with vsyscall=none, except
73 that it will also disable the helpful warning if a program
74 tries to use a vsyscall. With this option set to N, offending
75 programs will just segfault, citing addresses of the form
78 This option is required by many programs built before 2013, and
79 care should be used even with newer programs if set to N.
81 Disabling this option saves about 7K of kernel size and
82 possibly 4K of additional runtime pagetable memory.
84 config KERNEL_PERF_EVENTS
85 bool "Compile the kernel with performance events and counters"
86 select KERNEL_ARM_PMU if (arm || aarch64)
87 select KERNEL_ARM_PMUV3 if (arm_v7 || aarch64) && LINUX_6_6
88 select KERNEL_RISCV_PMU if riscv64
90 config KERNEL_PROFILING
91 bool "Compile the kernel with profiling enabled"
92 select KERNEL_PERF_EVENTS
94 Enable the extended profiling support mechanisms used by profilers such
97 config KERNEL_RPI_AXIPERF
98 bool "Compile the kernel with RaspberryPi AXI Performance monitors"
100 depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
103 bool "Compile the kernel with undefined behaviour sanity checker"
105 This option enables undefined behaviour sanity checker
106 Compile-time instrumentation is used to detect various undefined
107 behaviours in runtime. Various types of checks may be enabled
108 via boot parameter ubsan_handle
109 (see: Documentation/dev-tools/ubsan.rst).
111 config KERNEL_UBSAN_SANITIZE_ALL
112 bool "Enable instrumentation for the entire kernel"
113 depends on KERNEL_UBSAN
116 This option activates instrumentation for the entire kernel.
117 If you don't enable this option, you have to explicitly specify
118 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
119 Enabling this option will get kernel image size increased
122 config KERNEL_UBSAN_ALIGNMENT
123 bool "Enable checking of pointers alignment"
124 depends on KERNEL_UBSAN
126 This option enables detection of unaligned memory accesses.
127 Enabling this option on architectures that support unaligned
128 accesses may produce a lot of false positives.
130 config KERNEL_UBSAN_BOUNDS
131 bool "Perform array index bounds checking"
132 depends on KERNEL_UBSAN
134 This option enables detection of directly indexed out of bounds array
135 accesses, where the array size is known at compile time. Note that
136 this does not protect array overflows via bad calls to the
137 {str,mem}*cpy() family of functions (that is addressed by
140 config KERNEL_UBSAN_NULL
141 bool "Enable checking of null pointers"
142 depends on KERNEL_UBSAN
144 This option enables detection of memory accesses via a
147 config KERNEL_UBSAN_TRAP
148 bool "On Sanitizer warnings, abort the running kernel code"
149 depends on KERNEL_UBSAN
151 Building kernels with Sanitizer features enabled tends to grow the
152 kernel size by around 5%, due to adding all the debugging text on
153 failure paths. To avoid this, Sanitizer instrumentation can just
154 issue a trap. This reduces the kernel size overhead but turns all
155 warnings (including potentially harmless conditions) into full
156 exceptions that abort the running kernel code (regardless of context,
157 locks held, etc), which may destabilize the system. For some system
158 builders this is an acceptable trade-off.
161 bool "Compile the kernel with KASan: runtime memory debugger"
162 select KERNEL_SLUB_DEBUG
163 depends on (x86_64 || aarch64 || arm || powerpc || riscv64)
165 Enables kernel address sanitizer - runtime memory debugger,
166 designed to find out-of-bounds accesses and use-after-free bugs.
167 This is strictly a debugging feature and it requires a gcc version
168 of 4.9.2 or later. Detection of out of bounds accesses to stack or
169 global variables requires gcc 5.0 or later.
170 This feature consumes about 1/8 of available memory and brings about
171 ~x3 performance slowdown.
172 For better error detection enable CONFIG_STACKTRACE.
173 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
174 (the resulting kernel does not boot).
176 config KERNEL_KASAN_VMALLOC
177 bool "Back mappings in vmalloc space with real shadow memory"
178 depends on KERNEL_KASAN
180 By default, the shadow region for vmalloc space is the read-only
181 zero page. This means that KASAN cannot detect errors involving
184 Enabling this option will hook in to vmap/vmalloc and back those
185 mappings with real shadow memory allocated on demand. This allows
186 for KASAN to detect more sorts of errors (and to support vmapped
187 stacks), but at the cost of higher memory usage.
189 This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
190 depend on that in here, so it is possible that enabling this
196 depends on KERNEL_KASAN
197 default KERNEL_KASAN_GENERIC
199 KASAN has three modes:
201 1. Generic KASAN (supported by many architectures, enabled with
202 CONFIG_KASAN_GENERIC, similar to userspace ASan),
203 2. Software Tag-Based KASAN (arm64 only, based on software memory
204 tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
206 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
207 tagging, enabled with CONFIG_KASAN_HW_TAGS).
209 config KERNEL_KASAN_GENERIC
211 select KERNEL_SLUB_DEBUG
213 Enables Generic KASAN.
215 Consumes about 1/8th of available memory at kernel start and adds an
216 overhead of ~50% for dynamic allocations.
217 The performance slowdown is ~x3.
219 config KERNEL_KASAN_SW_TAGS
220 bool "Software Tag-Based KASAN"
222 select KERNEL_SLUB_DEBUG
224 Enables Software Tag-Based KASAN.
226 Supported only on arm64 CPUs and relies on Top Byte Ignore.
228 Consumes about 1/16th of available memory at kernel start and
229 add an overhead of ~20% for dynamic allocations.
231 May potentially introduce problems related to pointer casting and
232 comparison, as it embeds a tag into the top byte of each pointer.
234 config KERNEL_KASAN_HW_TAGS
235 bool "Hardware Tag-Based KASAN"
237 select KERNEL_SLUB_DEBUG
238 select KERNEL_ARM64_MTE
240 Enables Hardware Tag-Based KASAN.
242 Supported only on arm64 CPUs starting from ARMv8.5 and relies on
243 Memory Tagging Extension and Top Byte Ignore.
245 Consumes about 1/32nd of available memory.
247 May potentially introduce problems related to pointer casting and
248 comparison, as it embeds a tag into the top byte of each pointer.
252 config KERNEL_ARM64_MTE
258 prompt "Instrumentation type"
259 depends on KERNEL_KASAN
260 depends on !KERNEL_KASAN_HW_TAGS
261 default KERNEL_KASAN_OUTLINE
263 config KERNEL_KASAN_OUTLINE
264 bool "Outline instrumentation"
266 Before every memory access compiler insert function call
267 __asan_load*/__asan_store*. These functions performs check
268 of shadow memory. This is slower than inline instrumentation,
269 however it doesn't bloat size of kernel's .text section so
272 config KERNEL_KASAN_INLINE
273 bool "Inline instrumentation"
275 Compiler directly inserts code checking shadow memory before
276 memory accesses. This is faster than outline (in some workloads
277 it gives about x2 boost over outline instrumentation), but
278 make kernel's .text size much bigger.
279 This requires a gcc version of 5.0 or later.
284 bool "Compile the kernel with code coverage for fuzzing"
285 select KERNEL_DEBUG_FS
287 KCOV exposes kernel code coverage information in a form suitable
288 for coverage-guided fuzzing (randomized testing).
290 If RANDOMIZE_BASE is enabled, PC values will not be stable across
291 different machines and across reboots. If you need stable PC values,
292 disable RANDOMIZE_BASE.
294 For more details, see Documentation/kcov.txt.
296 config KERNEL_KCOV_ENABLE_COMPARISONS
297 bool "Enable comparison operands collection by KCOV"
298 depends on KERNEL_KCOV
300 KCOV also exposes operands of every comparison in the instrumented
301 code along with operand sizes and PCs of the comparison instructions.
302 These operands can be used by fuzzing engines to improve the quality
305 config KERNEL_KCOV_INSTRUMENT_ALL
306 bool "Instrument all code by default"
307 depends on KERNEL_KCOV
308 default y if KERNEL_KCOV
310 If you are doing generic system call fuzzing (like e.g. syzkaller),
311 then you will want to instrument the whole kernel and you should
312 say y here. If you are doing more targeted fuzzing (like e.g.
313 filesystem fuzzing with AFL) then you will want to enable coverage
314 for more specific subsets of files, and should say n here.
316 config KERNEL_TASKSTATS
317 bool "Compile the kernel with task resource/io statistics and accounting"
319 Enable the collection and publishing of task/io statistics and
320 accounting. Enable this option to enable i/o monitoring in system
325 config KERNEL_TASK_DELAY_ACCT
328 config KERNEL_TASK_IO_ACCOUNTING
331 config KERNEL_TASK_XACCT
336 config KERNEL_KALLSYMS
337 bool "Compile the kernel with symbol table information"
338 default y if !SMALL_FLASH
340 This will give you more information in stack traces from kernel oopses.
343 bool "Compile the kernel with tracing support"
344 depends on !TARGET_uml
346 config KERNEL_FTRACE_SYSCALLS
347 bool "Trace system calls"
348 depends on KERNEL_FTRACE
350 config KERNEL_ENABLE_DEFAULT_TRACERS
351 bool "Trace process context switches and events"
352 depends on KERNEL_FTRACE
354 config KERNEL_FUNCTION_TRACER
355 bool "Function tracer"
356 depends on KERNEL_FTRACE
358 config KERNEL_FUNCTION_GRAPH_TRACER
359 bool "Function graph tracer"
360 depends on KERNEL_FUNCTION_TRACER
362 config KERNEL_DYNAMIC_FTRACE
363 bool "Enable/disable function tracing dynamically"
364 depends on KERNEL_FUNCTION_TRACER
366 config KERNEL_FUNCTION_PROFILER
367 bool "Function profiler"
368 depends on KERNEL_FUNCTION_TRACER
370 config KERNEL_IRQSOFF_TRACER
371 bool "Interrupts-off Latency Tracer"
372 depends on KERNEL_FTRACE
374 This option measures the time spent in irqs-off critical
375 sections, with microsecond accuracy.
377 The default measurement method is a maximum search, which is
378 disabled by default and can be runtime (re-)started
381 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
383 (Note that kernel size and overhead increase with this option
384 enabled. This option and the preempt-off timing option can be
385 used together or separately.)
387 config KERNEL_PREEMPT_TRACER
388 bool "Preemption-off Latency Tracer"
389 depends on KERNEL_FTRACE
391 This option measures the time spent in preemption-off critical
392 sections, with microsecond accuracy.
394 The default measurement method is a maximum search, which is
395 disabled by default and can be runtime (re-)started
398 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
400 (Note that kernel size and overhead increase with this option
401 enabled. This option and the irqs-off timing option can be
402 used together or separately.)
404 config KERNEL_HIST_TRIGGERS
405 bool "Histogram triggers"
406 depends on KERNEL_FTRACE
408 Hist triggers allow one or more arbitrary trace event fields to be
409 aggregated into hash tables and dumped to stdout by reading a
410 debugfs/tracefs file. They're useful for gathering quick and dirty
411 (though precise) summaries of event activity as an initial guide for
412 further investigation using more advanced tools.
414 Inter-event tracing of quantities such as latencies is also
415 supported using hist triggers under this option.
417 config KERNEL_DEBUG_KERNEL
420 config KERNEL_DEBUG_INFO
421 bool "Compile the kernel with debug information"
422 default y if !SMALL_FLASH
423 select KERNEL_DEBUG_KERNEL
425 This will compile your kernel and modules with debug information.
427 config KERNEL_DEBUG_INFO_BTF
428 bool "Enable additional BTF type information"
429 depends on !HOST_OS_MACOS
430 depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
433 Generate BPF Type Format (BTF) information from DWARF debug info.
434 Turning this on expects presence of pahole tool, which will convert
435 DWARF type info into equivalent deduplicated BTF type info.
437 Required to run BPF CO-RE applications.
439 config KERNEL_DEBUG_INFO_BTF_MODULES
441 depends on KERNEL_DEBUG_INFO_BTF
443 config KERNEL_MODULE_ALLOW_BTF_MISMATCH
444 bool "Allow loading modules with non-matching BTF type info"
445 depends on KERNEL_DEBUG_INFO_BTF_MODULES
447 For modules whose split BTF does not match vmlinux, load without
448 BTF rather than refusing to load. The default behavior with
449 module BTF enabled is to reject modules with such mismatches;
450 this option will still load module BTF where possible but ignore
451 it when a mismatch is found.
453 config KERNEL_DEBUG_INFO_REDUCED
454 bool "Reduce debugging information"
456 depends on KERNEL_DEBUG_INFO
458 If you say Y here gcc is instructed to generate less debugging
459 information for structure types. This means that tools that
460 need full debugging information (like kgdb or systemtap) won't
461 be happy. But if you merely need debugging information to
462 resolve line numbers there is no loss. Advantage is that
463 build directory object sizes shrink dramatically over a full
464 DEBUG_INFO build and compile times are reduced too.
465 Only works with newer gcc versions.
467 config KERNEL_FRAME_WARN
470 default 1280 if KERNEL_KASAN && !ARCH_64BIT
471 default 1024 if !ARCH_64BIT
472 default 2048 if ARCH_64BIT
474 Tell the compiler to warn at build time for stack frames larger than this.
475 Setting this too low will cause a lot of warnings.
476 Setting it to 0 disables the warning.
478 # KERNEL_DEBUG_LL symbols must have the default value set as otherwise
479 # KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
480 # which means that buildroot wont override the DEBUG_LL symbols in target
481 # kernel configurations and lead to devices that dont have working console
482 config KERNEL_DEBUG_LL_UART_NONE
487 config KERNEL_DEBUG_LL
491 select KERNEL_DEBUG_LL_UART_NONE
493 ARM low level debugging.
495 config KERNEL_DEBUG_VIRTUAL
496 bool "Compile the kernel with VM translations debugging"
497 select KERNEL_DEBUG_KERNEL
499 Enable checks sanity checks to catch invalid uses of
500 virt_to_phys()/phys_to_virt() against the non-linear address space.
502 config KERNEL_DYNAMIC_DEBUG
503 bool "Compile the kernel with dynamic printk"
504 select KERNEL_DEBUG_FS
506 Compiles debug level messages into the kernel, which would not
507 otherwise be available at runtime. These messages can then be
508 enabled/disabled based on various levels of scope - per source file,
509 function, module, format string, and line number. This mechanism
510 implicitly compiles in all pr_debug() and dev_dbg() calls, which
511 enlarges the kernel text size by about 2%.
513 config KERNEL_EARLY_PRINTK
514 bool "Compile the kernel with early printk"
515 default y if TARGET_bcm53xx
517 select KERNEL_DEBUG_KERNEL
518 select KERNEL_DEBUG_LL if arm
520 Compile the kernel with early printk support. This is only useful for
521 debugging purposes to send messages over the serial console in early boot.
522 Enable this to debug early boot problems.
524 config KERNEL_KPROBES
525 bool "Compile the kernel with kprobes support"
527 select KERNEL_PERF_EVENTS
529 Compiles the kernel with KPROBES support, which allows you to trap
530 at almost any kernel address and execute a callback function.
531 register_kprobe() establishes a probepoint and specifies the
532 callback. Kprobes is useful for kernel debugging, non-intrusive
533 instrumentation and testing.
534 If in doubt, say "N".
536 config KERNEL_KPROBE_EVENTS
538 default y if KERNEL_KPROBES
540 config KERNEL_BPF_EVENTS
541 bool "Compile the kernel with BPF event support"
542 select KERNEL_KPROBES
544 Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
545 This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
546 for sending data from BPF programs to user-space for post-processing
549 config KERNEL_PROBE_EVENTS_BTF_ARGS
550 bool "Support BTF function arguments for probe events"
551 depends on KERNEL_DEBUG_INFO_BTF && KERNEL_KPROBE_EVENTS && LINUX_6_6
553 config KERNEL_BPF_KPROBE_OVERRIDE
555 depends on KERNEL_KPROBES
559 bool "Compile the kernel with asynchronous IO support"
560 default y if !SMALL_FLASH
562 config KERNEL_IO_URING
563 bool "Compile the kernel with io_uring support"
564 depends on !SMALL_FLASH
565 default y if (x86_64 || aarch64)
567 config KERNEL_FHANDLE
568 bool "Compile the kernel with support for fhandle syscalls"
569 default y if !SMALL_FLASH
571 config KERNEL_FANOTIFY
572 bool "Compile the kernel with modern file notification support"
573 default y if !SMALL_FLASH
575 config KERNEL_BLK_DEV_BSG
576 bool "Compile the kernel with SCSI generic v4 support for any block device"
578 config KERNEL_TRANSPARENT_HUGEPAGE
582 prompt "Transparent Hugepage Support sysfs defaults"
583 depends on KERNEL_TRANSPARENT_HUGEPAGE
584 default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
586 config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
589 config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
593 config KERNEL_HUGETLBFS
596 config KERNEL_HUGETLB_PAGE
597 bool "Compile the kernel with HugeTLB support"
598 select KERNEL_TRANSPARENT_HUGEPAGE
599 select KERNEL_HUGETLBFS
601 config KERNEL_MAGIC_SYSRQ
602 bool "Compile the kernel with SysRq support"
605 config KERNEL_DEBUG_PINCTRL
606 bool "Compile the kernel with pinctrl debugging"
607 select KERNEL_DEBUG_KERNEL
609 config KERNEL_DEBUG_GPIO
610 bool "Compile the kernel with gpio debugging"
611 select KERNEL_DEBUG_KERNEL
613 config KERNEL_COREDUMP
616 config KERNEL_ELF_CORE
617 bool "Enable process core dump support"
618 select KERNEL_COREDUMP
619 default y if !SMALL_FLASH
621 config KERNEL_PROVE_LOCKING
622 bool "Enable kernel lock checking"
623 select KERNEL_DEBUG_KERNEL
625 config KERNEL_SOFTLOCKUP_DETECTOR
626 bool "Compile the kernel with detect Soft Lockups"
627 depends on KERNEL_DEBUG_KERNEL
629 Say Y here to enable the kernel to act as a watchdog to detect
632 Softlockups are bugs that cause the kernel to loop in kernel
633 mode for more than 20 seconds, without giving other tasks a
634 chance to run. The current stack trace is displayed upon
635 detection and the system will stay locked up.
637 config KERNEL_HARDLOCKUP_DETECTOR
638 bool "Compile the kernel with detect Hard Lockups"
639 depends on KERNEL_DEBUG_KERNEL
641 Say Y here to enable the kernel to act as a watchdog to detect
644 Hardlockups are bugs that cause the CPU to loop in kernel mode
645 for more than 10 seconds, without letting other interrupts have a
646 chance to run. The current stack trace is displayed upon detection
647 and the system will stay locked up.
649 config KERNEL_DETECT_HUNG_TASK
650 bool "Compile the kernel with detect Hung Tasks"
651 depends on KERNEL_DEBUG_KERNEL
652 default KERNEL_SOFTLOCKUP_DETECTOR
654 Say Y here to enable the kernel to detect "hung tasks",
655 which are bugs that cause the task to be stuck in
656 uninterruptible "D" state indefinitely.
658 When a hung task is detected, the kernel will print the
659 current stack trace (which you should report), but the
660 task will stay in uninterruptible state. If lockdep is
661 enabled then all held locks will also be reported. This
662 feature has negligible overhead.
664 config KERNEL_WQ_WATCHDOG
665 bool "Compile the kernel with detect Workqueue Stalls"
666 depends on KERNEL_DEBUG_KERNEL
668 Say Y here to enable stall detection on workqueues. If a
669 worker pool doesn't make forward progress on a pending work
670 item for over a given amount of time, 30s by default, a
671 warning message is printed along with dump of workqueue
672 state. This can be configured through kernel parameter
673 "workqueue.watchdog_thresh" and its sysfs counterpart.
675 config KERNEL_DEBUG_ATOMIC_SLEEP
676 bool "Compile the kernel with sleep inside atomic section checking"
677 depends on KERNEL_DEBUG_KERNEL
679 If you say Y here, various routines which may sleep will become very
680 noisy if they are called inside atomic sections: when a spinlock is
681 held, inside an rcu read side critical section, inside preempt disabled
682 sections, inside an interrupt, etc...
684 config KERNEL_DEBUG_VM
685 bool "Compile the kernel with debug VM"
686 depends on KERNEL_DEBUG_KERNEL
688 Enable this to turn on extended checks in the virtual-memory system
689 that may impact performance.
693 config KERNEL_PRINTK_TIME
694 bool "Enable printk timestamps"
697 config KERNEL_SLUB_DEBUG
698 bool "Enable SLUB debugging support"
700 This enables various debugging features:
701 - Accepts "slub_debug" kernel parameter
702 - Provides caches debugging options (e.g. tracing, validating)
703 - Adds /sys/kernel/slab/ attrs for reading amounts of *objects*
704 - Enables /proc/slabinfo support
705 - Prints info when running out of memory
707 Enabling this can result in a significant increase of code size.
709 config KERNEL_SLUB_DEBUG_ON
710 depends on KERNEL_SLUB_DEBUG
711 bool "Boot kernel with basic caches debugging enabled"
713 This enables by default sanity_checks, red_zone, poison and store_user
714 debugging options for all caches.
716 config KERNEL_SLABINFO
717 select KERNEL_SLUB_DEBUG
718 select KERNEL_SLUB_DEBUG_ON
719 bool "Enable /proc slab debug info"
721 config KERNEL_PROC_PAGE_MONITOR
722 bool "Enable /proc page monitoring"
728 bool "Enable kexec support"
730 config KERNEL_PROC_VMCORE
733 config KERNEL_PROC_KCORE
736 config KERNEL_CRASH_DUMP
737 depends on i386 || x86_64 || arm || armeb
739 select KERNEL_PROC_VMCORE
740 select KERNEL_PROC_KCORE
741 bool "Enable support for kexec crashdump"
745 bool "Enable rfkill support"
746 default RFKILL_SUPPORT
749 bool "Enable sparse check during kernel build"
751 config KERNEL_DEVTMPFS
752 bool "Compile the kernel with device tmpfs enabled"
754 devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
755 devices nodes for all registered devices to simplify boot, but leaves more
756 complex tasks to userspace (e.g. udev).
760 config KERNEL_DEVTMPFS_MOUNT
761 bool "Automatically mount devtmpfs after root filesystem is mounted"
766 bool "Enable kernel access key retention support"
769 config KERNEL_PERSISTENT_KEYRINGS
770 bool "Enable kernel persistent keyrings"
771 depends on KERNEL_KEYS
773 config KERNEL_KEYS_REQUEST_CACHE
774 bool "Enable temporary caching of the last request_key() result"
775 depends on KERNEL_KEYS
777 config KERNEL_BIG_KEYS
778 bool "Enable large payload keys on kernel keyrings"
779 depends on KERNEL_KEYS
782 # CGROUP support symbols
785 config KERNEL_CGROUPS
786 bool "Enable kernel cgroups"
787 default y if !SMALL_FLASH
791 config KERNEL_CGROUP_DEBUG
792 bool "Example debug cgroup subsystem"
794 This option enables a simple cgroup subsystem that
795 exports useful debugging information about the cgroups
798 config KERNEL_FREEZER
801 config KERNEL_CGROUP_FREEZER
802 bool "legacy Freezer cgroup subsystem"
803 select KERNEL_FREEZER
805 Provides a way to freeze and unfreeze all tasks in a
807 (legacy cgroup1-only controller, in cgroup2 freezer
808 is integrated in the Memory controller)
810 config KERNEL_CGROUP_DEVICE
811 bool "legacy Device controller for cgroups"
813 Provides a cgroup implementing whitelists for devices which
814 a process in the cgroup can mknod or open.
815 (legacy cgroup1-only controller)
817 config KERNEL_CGROUP_HUGETLB
818 bool "HugeTLB controller"
819 select KERNEL_HUGETLB_PAGE
821 config KERNEL_CGROUP_PIDS
822 bool "PIDs cgroup subsystem"
825 Provides enforcement of process number limits in the scope of a
828 config KERNEL_CGROUP_RDMA
829 bool "RDMA controller for cgroups"
832 config KERNEL_CGROUP_BPF
833 bool "Support for eBPF programs attached to cgroups"
836 config KERNEL_CPUSETS
837 bool "Cpuset support"
840 This option will let you create and manage CPUSETs which
841 allow dynamically partitioning a system into sets of CPUs and
842 Memory Nodes and assigning tasks to run only within those sets.
843 This is primarily useful on large SMP or NUMA systems.
845 config KERNEL_PROC_PID_CPUSET
846 bool "Include legacy /proc/<pid>/cpuset file"
847 depends on KERNEL_CPUSETS
849 config KERNEL_CGROUP_CPUACCT
850 bool "Simple CPU accounting cgroup subsystem"
853 Provides a simple Resource Controller for monitoring the
854 total CPU consumed by the tasks in a cgroup.
856 config KERNEL_RESOURCE_COUNTERS
857 bool "Resource counters"
860 This option enables controller independent resource accounting
861 infrastructure that works with cgroups.
863 config KERNEL_MM_OWNER
865 default y if KERNEL_MEMCG
868 bool "Memory Resource Controller for Control Groups"
870 select KERNEL_FREEZER
871 depends on KERNEL_RESOURCE_COUNTERS
873 Provides a memory resource controller that manages both anonymous
874 memory and page cache. (See Documentation/cgroups/memory.txt)
876 Note that setting this option increases fixed memory overhead
877 associated with each page of memory in the system. By this,
878 20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
879 usage tracking struct at boot. Total amount of this is printed out
882 Only enable when you're ok with these tradeoffs and really
883 sure you need the memory resource controller. Even when you enable
884 this, you can set "cgroup_disable=memory" at your boot option to
885 disable memory resource controller and you can avoid overheads
886 (but lose benefits of memory resource controller).
888 This config option also selects MM_OWNER config option, which
889 could in turn add some fork/exit overhead.
891 config KERNEL_MEMCG_SWAP
892 bool "Memory Resource Controller Swap Extension"
894 depends on KERNEL_MEMCG
896 Add swap management feature to memory resource controller. When you
897 enable this, you can limit mem+swap usage per cgroup. In other words,
898 when you disable this, memory resource controller has no cares to
899 usage of swap...a process can exhaust all of the swap. This extension
900 is useful when you want to avoid exhaustion swap but this itself
901 adds more overheads and consumes memory for remembering information.
902 Especially if you use 32bit system or small memory system, please
903 be careful about enabling this. When memory resource controller
904 is disabled by boot option, this will be automatically disabled and
905 there will be no overhead from this. Even when you set this config=y,
906 if boot option "swapaccount=0" is set, swap will not be accounted.
907 Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
908 size is 4096bytes, 512k per 1Gbytes of swap.
910 config KERNEL_MEMCG_SWAP_ENABLED
911 bool "Memory Resource Controller Swap Extension enabled by default"
912 depends on KERNEL_MEMCG_SWAP
914 Memory Resource Controller Swap Extension comes with its price in
915 a bigger memory consumption. General purpose distribution kernels
916 which want to enable the feature but keep it disabled by default
917 and let the user enable it by swapaccount boot command line
918 parameter should have this option unselected.
920 Those who want to have the feature enabled by default should
921 select this option (if, for some reason, they need to disable it,
922 then swapaccount=0 does the trick).
925 config KERNEL_MEMCG_KMEM
926 bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
928 depends on KERNEL_MEMCG
930 The Kernel Memory extension for Memory Resource Controller can limit
931 the amount of memory used by kernel objects in the system. Those are
932 fundamentally different from the entities handled by the standard
933 Memory Controller, which are page-based, and can be swapped. Users of
934 the kmem extension can use it to guarantee that no group of processes
935 will ever exhaust kernel resources alone.
937 config KERNEL_CGROUP_PERF
938 bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
939 select KERNEL_PERF_EVENTS
941 This option extends the per-cpu mode to restrict monitoring to
942 threads which belong to the cgroup specified and run on the
945 menuconfig KERNEL_CGROUP_SCHED
946 bool "Group CPU scheduler"
949 This feature lets CPU scheduler recognize task groups and control CPU
950 bandwidth allocation to such task groups. It uses cgroups to group
953 if KERNEL_CGROUP_SCHED
955 config KERNEL_FAIR_GROUP_SCHED
956 bool "Group scheduling for SCHED_OTHER"
959 config KERNEL_CFS_BANDWIDTH
960 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
962 depends on KERNEL_FAIR_GROUP_SCHED
964 This option allows users to define CPU bandwidth rates (limits) for
965 tasks running within the fair group scheduler. Groups with no limit
966 set are considered to be unconstrained and will run with no
968 See tip/Documentation/scheduler/sched-bwc.txt for more information.
970 config KERNEL_RT_GROUP_SCHED
971 bool "Group scheduling for SCHED_RR/FIFO"
974 This feature lets you explicitly allocate real CPU bandwidth
975 to task groups. If enabled, it will also make it impossible to
976 schedule realtime tasks for non-root users until you allocate
977 realtime bandwidth for them.
981 config KERNEL_BLK_CGROUP
982 bool "Block IO controller"
985 Generic block IO controller cgroup interface. This is the common
986 cgroup interface which should be used by various IO controlling
989 Currently, CFQ IO scheduler uses it to recognize task groups and
990 control disk bandwidth allocation (proportional time slice allocation)
991 to such task groups. It is also used by bio throttling logic in
992 block layer to implement upper limit in IO rates on a device.
994 This option only enables generic Block IO controller infrastructure.
995 One needs to also enable actual IO controlling logic/policy. For
996 enabling proportional weight division of disk bandwidth in CFQ, set
997 CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
998 CONFIG_BLK_DEV_THROTTLING=y.
1000 if KERNEL_BLK_CGROUP
1002 config KERNEL_CFQ_GROUP_IOSCHED
1003 bool "Proportional weight of disk bandwidth in CFQ"
1005 config KERNEL_BLK_DEV_THROTTLING
1006 bool "Enable throttling policy"
1009 config KERNEL_BLK_DEV_THROTTLING_LOW
1010 bool "Block throttling .low limit interface support (EXPERIMENTAL)"
1011 depends on KERNEL_BLK_DEV_THROTTLING
1014 config KERNEL_DEBUG_BLK_CGROUP
1015 bool "Enable Block IO controller debugging"
1016 depends on KERNEL_BLK_CGROUP
1018 Enable some debugging help. Currently it exports additional stat
1019 files in a cgroup which can be useful for debugging.
1021 config KERNEL_NET_CLS_CGROUP
1022 bool "legacy Control Group Classifier"
1024 config KERNEL_CGROUP_NET_CLASSID
1025 bool "legacy Network classid cgroup"
1027 config KERNEL_CGROUP_NET_PRIO
1028 bool "legacy Network priority cgroup"
1033 # Namespace support symbols
1036 config KERNEL_NAMESPACES
1037 bool "Enable kernel namespaces"
1038 default y if !SMALL_FLASH
1040 if KERNEL_NAMESPACES
1042 config KERNEL_UTS_NS
1043 bool "UTS namespace"
1046 In this namespace, tasks see different info provided
1047 with the uname() system call.
1049 config KERNEL_IPC_NS
1050 bool "IPC namespace"
1053 In this namespace, tasks work with IPC ids which correspond to
1054 different IPC objects in different namespaces.
1056 config KERNEL_USER_NS
1057 bool "User namespace (EXPERIMENTAL)"
1060 This allows containers, i.e. vservers, to use user namespaces
1061 to provide different user info for different servers.
1063 config KERNEL_PID_NS
1064 bool "PID Namespaces"
1067 Support process id namespaces. This allows having multiple
1068 processes with the same pid as long as they are in different
1069 pid namespaces. This is a building block of containers.
1071 config KERNEL_NET_NS
1072 bool "Network namespace"
1075 Allow user space to create what appear to be multiple instances
1076 of the network stack.
1080 config KERNEL_DEVPTS_MULTIPLE_INSTANCES
1081 bool "Support multiple instances of devpts"
1082 default y if !SMALL_FLASH
1084 Enable support for multiple instances of devpts filesystem.
1085 If you want to have isolated PTY namespaces (eg: in containers),
1086 say Y here. Otherwise, say N. If enabled, each mount of devpts
1087 filesystem with the '-o newinstance' option will create an
1088 independent PTY namespace.
1090 config KERNEL_POSIX_MQUEUE
1091 bool "POSIX Message Queues"
1092 default y if !SMALL_FLASH
1094 POSIX variant of message queues is a part of IPC. In POSIX message
1095 queues every message has a priority which decides about succession
1096 of receiving it by a process. If you want to compile and run
1097 programs written e.g. for Solaris with use of its POSIX message
1098 queues (functions mq_*) say Y here.
1100 POSIX message queues are visible as a filesystem called 'mqueue'
1101 and can be mounted somewhere if you want to do filesystem
1102 operations on message queues.
1105 config KERNEL_SECCOMP_FILTER
1107 default y if !SMALL_FLASH
1109 config KERNEL_SECCOMP
1110 bool "Enable seccomp support"
1111 depends on !(TARGET_uml)
1112 select KERNEL_SECCOMP_FILTER
1113 default y if !SMALL_FLASH
1115 Build kernel with support for seccomp.
1118 # IPv4 configuration
1121 config KERNEL_IP_MROUTE
1122 bool "Enable IPv4 multicast routing"
1125 Multicast routing requires a multicast routing daemon in
1126 addition to kernel support.
1130 config KERNEL_IP_MROUTE_MULTIPLE_TABLES
1133 config KERNEL_IP_PIMSM_V1
1136 config KERNEL_IP_PIMSM_V2
1142 # IPv6 configuration
1150 config KERNEL_IPV6_MULTIPLE_TABLES
1153 config KERNEL_IPV6_SUBTREES
1156 config KERNEL_IPV6_MROUTE
1157 bool "Enable IPv6 multicast routing"
1160 Multicast routing requires a multicast routing daemon in
1161 addition to kernel support.
1163 if KERNEL_IPV6_MROUTE
1165 config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
1168 config KERNEL_IPV6_PIMSM_V2
1173 config KERNEL_IPV6_SEG6_LWTUNNEL
1174 bool "Enable support for lightweight tunnels"
1175 default y if !SMALL_FLASH
1177 Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
1179 config KERNEL_LWTUNNEL_BPF
1185 # Miscellaneous network configuration
1188 config KERNEL_NET_L3_MASTER_DEV
1189 bool "L3 Master device support"
1191 This module provides glue between core networking code and device
1192 drivers to support L3 master devices like VRF.
1194 config KERNEL_XDP_SOCKETS
1195 bool "XDP sockets support"
1197 XDP sockets allows a channel between XDP programs and
1198 userspace applications.
1200 config KERNEL_PAGE_POOL
1203 config KERNEL_PAGE_POOL_STATS
1204 bool "Page pool stats support"
1205 depends on KERNEL_PAGE_POOL
1208 # NFS related symbols
1210 config KERNEL_IP_PNP
1211 bool "Compile the kernel with rootfs on NFS"
1213 If you want to make your kernel boot off a NFS server as root
1214 filesystem, select Y here.
1218 config KERNEL_IP_PNP_DHCP
1221 config KERNEL_IP_PNP_BOOTP
1224 config KERNEL_IP_PNP_RARP
1227 config KERNEL_NFS_FS
1230 config KERNEL_NFS_V2
1233 config KERNEL_NFS_V3
1236 config KERNEL_ROOT_NFS
1241 config KERNEL_BTRFS_FS
1242 bool "Compile the kernel with built-in BTRFS support"
1244 Say Y here if you want to make the kernel to be able to boot off a
1247 menu "Filesystem ACL and attr support options"
1248 config USE_FS_ACL_ATTR
1249 bool "Use filesystem ACL and attr support by default"
1250 default y if !SMALL_FLASH
1252 Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
1253 for kernel and packages, except old NFS.
1254 Also enable userspace extended attribute support
1255 by default. (OpenWrt already has an expection it will be
1256 present in the kernel).
1258 config KERNEL_FS_POSIX_ACL
1259 bool "Enable POSIX ACL support"
1260 default y if USE_FS_ACL_ATTR
1262 config KERNEL_BTRFS_FS_POSIX_ACL
1263 bool "Enable POSIX ACL for BtrFS Filesystems"
1264 select KERNEL_FS_POSIX_ACL
1265 default y if USE_FS_ACL_ATTR
1267 config KERNEL_EXT4_FS_POSIX_ACL
1268 bool "Enable POSIX ACL for Ext4 Filesystems"
1269 select KERNEL_FS_POSIX_ACL
1270 default y if USE_FS_ACL_ATTR
1272 config KERNEL_F2FS_FS_POSIX_ACL
1273 bool "Enable POSIX ACL for F2FS Filesystems"
1274 select KERNEL_FS_POSIX_ACL
1275 default y if USE_FS_ACL_ATTR
1277 config KERNEL_JFFS2_FS_POSIX_ACL
1278 bool "Enable POSIX ACL for JFFS2 Filesystems"
1279 select KERNEL_FS_POSIX_ACL
1280 default y if USE_FS_ACL_ATTR
1282 config KERNEL_TMPFS_POSIX_ACL
1283 bool "Enable POSIX ACL for TMPFS Filesystems"
1284 select KERNEL_FS_POSIX_ACL
1285 default y if USE_FS_ACL_ATTR
1287 config KERNEL_CIFS_ACL
1288 bool "Enable CIFS ACLs"
1289 select KERNEL_FS_POSIX_ACL
1290 default y if USE_FS_ACL_ATTR
1292 config KERNEL_HFS_FS_POSIX_ACL
1293 bool "Enable POSIX ACL for HFS Filesystems"
1294 select KERNEL_FS_POSIX_ACL
1295 default y if USE_FS_ACL_ATTR
1297 config KERNEL_HFSPLUS_FS_POSIX_ACL
1298 bool "Enable POSIX ACL for HFS+ Filesystems"
1299 select KERNEL_FS_POSIX_ACL
1300 default y if USE_FS_ACL_ATTR
1302 config KERNEL_NFS_ACL_SUPPORT
1303 bool "Enable ACLs for NFS"
1304 default y if USE_FS_ACL_ATTR
1306 config KERNEL_NFS_V3_ACL_SUPPORT
1307 bool "Enable ACLs for NFSv3"
1309 config KERNEL_NFSD_V2_ACL_SUPPORT
1310 bool "Enable ACLs for NFSDv2"
1312 config KERNEL_NFSD_V3_ACL_SUPPORT
1313 bool "Enable ACLs for NFSDv3"
1315 config KERNEL_REISER_FS_POSIX_ACL
1316 bool "Enable POSIX ACLs for ReiserFS"
1317 select KERNEL_FS_POSIX_ACL
1318 default y if USE_FS_ACL_ATTR
1320 config KERNEL_XFS_POSIX_ACL
1321 bool "Enable POSIX ACLs for XFS"
1322 select KERNEL_FS_POSIX_ACL
1323 default y if USE_FS_ACL_ATTR
1325 config KERNEL_JFS_POSIX_ACL
1326 bool "Enable POSIX ACLs for JFS"
1327 select KERNEL_FS_POSIX_ACL
1328 default y if USE_FS_ACL_ATTR
1332 config KERNEL_DEVMEM
1333 bool "/dev/mem virtual device support"
1335 Say Y here if you want to support the /dev/mem device.
1336 The /dev/mem device is used to access areas of physical
1339 config KERNEL_DEVKMEM
1340 bool "/dev/kmem virtual device support"
1342 Say Y here if you want to support the /dev/kmem device. The
1343 /dev/kmem device is rarely used, but can be used for certain
1344 kind of kernel debugging operations.
1346 config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
1347 int "Number of squashfs fragments cached"
1348 default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
1351 config KERNEL_SQUASHFS_XATTR
1352 bool "Squashfs XATTR support"
1355 # compile optimization setting
1358 prompt "Compiler optimization level"
1359 default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
1361 config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
1362 bool "Optimize for performance"
1364 This is the default optimization level for the kernel, building
1365 with the "-O2" compiler flag for best performance and most
1366 helpful compile-time warnings.
1368 config KERNEL_CC_OPTIMIZE_FOR_SIZE
1369 bool "Optimize for size"
1371 Enabling this option will pass "-Os" instead of "-O2" to
1372 your compiler resulting in a smaller kernel.
1377 bool "Auditing support"
1379 config KERNEL_SECURITY
1380 bool "Enable different security models"
1382 config KERNEL_SECURITY_NETWORK
1383 bool "Socket and Networking Security Hooks"
1384 select KERNEL_SECURITY
1386 config KERNEL_SECURITY_SELINUX
1387 bool "NSA SELinux Support"
1388 select KERNEL_SECURITY_NETWORK
1391 config KERNEL_SECURITY_SELINUX_BOOTPARAM
1392 bool "NSA SELinux boot parameter"
1393 depends on KERNEL_SECURITY_SELINUX
1396 config KERNEL_SECURITY_SELINUX_DISABLE
1397 bool "NSA SELinux runtime disable"
1398 depends on KERNEL_SECURITY_SELINUX
1400 config KERNEL_SECURITY_SELINUX_DEVELOP
1401 bool "NSA SELinux Development Support"
1402 depends on KERNEL_SECURITY_SELINUX
1405 config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
1407 depends on KERNEL_SECURITY_SELINUX
1410 config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
1412 depends on KERNEL_SECURITY_SELINUX
1417 default "lockdown,yama,loadpin,safesetid,integrity,selinux"
1418 depends on KERNEL_SECURITY_SELINUX
1420 config KERNEL_EXT4_FS_SECURITY
1421 bool "Ext4 Security Labels"
1422 default y if !SMALL_FLASH
1424 config KERNEL_F2FS_FS_SECURITY
1425 bool "F2FS Security Labels"
1426 default y if !SMALL_FLASH
1428 config KERNEL_UBIFS_FS_SECURITY
1429 bool "UBIFS Security Labels"
1430 default y if !SMALL_FLASH
1432 config KERNEL_JFFS2_FS_SECURITY
1433 bool "JFFS2 Security Labels"
1434 default y if !SMALL_FLASH
1436 config KERNEL_WERROR
1437 bool "Compile the kernel with warnings as errors"
1439 A kernel build should not cause any compiler warnings, and this
1440 enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
1441 to enforce that rule by default. Certain warnings from other tools
1442 such as the linker may be upgraded to errors with this option as
1445 However, if you have a new (or very old) compiler or linker with odd
1446 and unusual warnings, or you have some architecture with problems,
1447 you may need to disable this config option in order to
1448 successfully build the kernel.