1 # SPDX-License-Identifier: GPL-2.0-only
3 # Copyright (C) 2006-2014 OpenWrt.org
5 config KERNEL_BUILD_USER
6 string "Custom Kernel Build User Name"
7 default "builder" if BUILDBOT
10 Sets the Kernel build user string, which for example will be returned
11 by 'uname -a' on running systems.
12 If not set, uses system user at build time.
14 config KERNEL_BUILD_DOMAIN
15 string "Custom Kernel Build Domain Name"
16 default "buildhost" if BUILDBOT
19 Sets the Kernel build domain string, which for example will be
20 returned by 'uname -a' on running systems.
21 If not set, uses system hostname at build time.
24 bool "Enable support for printk"
28 bool "Support for paging of anonymous memory (swap)"
29 default y if !SMALL_FLASH
31 config KERNEL_PROC_STRIPPED
32 bool "Strip non-essential /proc functionality to reduce code size"
33 default y if SMALL_FLASH
35 config KERNEL_DEBUG_FS
36 bool "Compile the kernel with debug filesystem enabled"
39 debugfs is a virtual file system that kernel developers use to put
40 debugging files into. Enable this option to be able to read and
41 write to these files. Many common debugging facilities, such as
42 ftrace, require the existence of debugfs.
44 config KERNEL_MIPS_FP_SUPPORT
46 default y if TARGET_pistachio
50 depends on (arm || aarch64)
52 config KERNEL_X86_VSYSCALL_EMULATION
53 bool "Enable vsyscall emulation"
56 This enables emulation of the legacy vsyscall page. Disabling
57 it is roughly equivalent to booting with vsyscall=none, except
58 that it will also disable the helpful warning if a program
59 tries to use a vsyscall. With this option set to N, offending
60 programs will just segfault, citing addresses of the form
63 This option is required by many programs built before 2013, and
64 care should be used even with newer programs if set to N.
66 Disabling this option saves about 7K of kernel size and
67 possibly 4K of additional runtime pagetable memory.
69 config KERNEL_PERF_EVENTS
70 bool "Compile the kernel with performance events and counters"
71 select KERNEL_ARM_PMU if (arm || aarch64)
73 config KERNEL_PROFILING
74 bool "Compile the kernel with profiling enabled"
75 select KERNEL_PERF_EVENTS
77 Enable the extended profiling support mechanisms used by profilers such
80 config KERNEL_RPI_AXIPERF
81 bool "Compile the kernel with RaspberryPi AXI Performance monitors"
83 depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
86 bool "Compile the kernel with undefined behaviour sanity checker"
88 This option enables undefined behaviour sanity checker
89 Compile-time instrumentation is used to detect various undefined
90 behaviours in runtime. Various types of checks may be enabled
91 via boot parameter ubsan_handle
92 (see: Documentation/dev-tools/ubsan.rst).
94 config KERNEL_UBSAN_SANITIZE_ALL
95 bool "Enable instrumentation for the entire kernel"
96 depends on KERNEL_UBSAN
99 This option activates instrumentation for the entire kernel.
100 If you don't enable this option, you have to explicitly specify
101 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
102 Enabling this option will get kernel image size increased
105 config KERNEL_UBSAN_ALIGNMENT
106 bool "Enable checking of pointers alignment"
107 depends on KERNEL_UBSAN
109 This option enables detection of unaligned memory accesses.
110 Enabling this option on architectures that support unaligned
111 accesses may produce a lot of false positives.
113 config KERNEL_UBSAN_BOUNDS
114 bool "Perform array index bounds checking"
115 depends on KERNEL_UBSAN
117 This option enables detection of directly indexed out of bounds array
118 accesses, where the array size is known at compile time. Note that
119 this does not protect array overflows via bad calls to the
120 {str,mem}*cpy() family of functions (that is addressed by
123 config KERNEL_UBSAN_NULL
124 bool "Enable checking of null pointers"
125 depends on KERNEL_UBSAN
127 This option enables detection of memory accesses via a
130 config KERNEL_UBSAN_TRAP
131 bool "On Sanitizer warnings, abort the running kernel code"
132 depends on KERNEL_UBSAN
134 Building kernels with Sanitizer features enabled tends to grow the
135 kernel size by around 5%, due to adding all the debugging text on
136 failure paths. To avoid this, Sanitizer instrumentation can just
137 issue a trap. This reduces the kernel size overhead but turns all
138 warnings (including potentially harmless conditions) into full
139 exceptions that abort the running kernel code (regardless of context,
140 locks held, etc), which may destabilize the system. For some system
141 builders this is an acceptable trade-off.
144 bool "Compile the kernel with KASan: runtime memory debugger"
145 select KERNEL_SLUB_DEBUG
146 depends on (x86_64 || aarch64)
148 Enables kernel address sanitizer - runtime memory debugger,
149 designed to find out-of-bounds accesses and use-after-free bugs.
150 This is strictly a debugging feature and it requires a gcc version
151 of 4.9.2 or later. Detection of out of bounds accesses to stack or
152 global variables requires gcc 5.0 or later.
153 This feature consumes about 1/8 of available memory and brings about
154 ~x3 performance slowdown.
155 For better error detection enable CONFIG_STACKTRACE.
156 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
157 (the resulting kernel does not boot).
159 config KERNEL_KASAN_EXTRA
160 bool "KAsan: extra checks"
161 depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
163 This enables further checks in the kernel address sanitizer, for now
164 it only includes the address-use-after-scope check that can lead
165 to excessive kernel stack usage, frame size warnings and longer
167 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
169 config KERNEL_KASAN_VMALLOC
170 bool "Back mappings in vmalloc space with real shadow memory"
171 depends on KERNEL_KASAN
173 By default, the shadow region for vmalloc space is the read-only
174 zero page. This means that KASAN cannot detect errors involving
177 Enabling this option will hook in to vmap/vmalloc and back those
178 mappings with real shadow memory allocated on demand. This allows
179 for KASAN to detect more sorts of errors (and to support vmapped
180 stacks), but at the cost of higher memory usage.
182 This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
183 depend on that in here, so it is possible that enabling this
189 depends on KERNEL_KASAN
190 default KERNEL_KASAN_GENERIC
192 KASAN has three modes:
194 1. Generic KASAN (supported by many architectures, enabled with
195 CONFIG_KASAN_GENERIC, similar to userspace ASan),
196 2. Software Tag-Based KASAN (arm64 only, based on software memory
197 tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
199 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
200 tagging, enabled with CONFIG_KASAN_HW_TAGS).
202 config KERNEL_KASAN_GENERIC
204 select KERNEL_SLUB_DEBUG
206 Enables Generic KASAN.
208 Consumes about 1/8th of available memory at kernel start and adds an
209 overhead of ~50% for dynamic allocations.
210 The performance slowdown is ~x3.
212 config KERNEL_KASAN_SW_TAGS
213 bool "Software Tag-Based KASAN"
215 select KERNEL_SLUB_DEBUG
217 Enables Software Tag-Based KASAN.
219 Supported only on arm64 CPUs and relies on Top Byte Ignore.
221 Consumes about 1/16th of available memory at kernel start and
222 add an overhead of ~20% for dynamic allocations.
224 May potentially introduce problems related to pointer casting and
225 comparison, as it embeds a tag into the top byte of each pointer.
227 config KERNEL_KASAN_HW_TAGS
228 bool "Hardware Tag-Based KASAN"
230 select KERNEL_SLUB_DEBUG
231 select KERNEL_ARM64_MTE
233 Enables Hardware Tag-Based KASAN.
235 Supported only on arm64 CPUs starting from ARMv8.5 and relies on
236 Memory Tagging Extension and Top Byte Ignore.
238 Consumes about 1/32nd of available memory.
240 May potentially introduce problems related to pointer casting and
241 comparison, as it embeds a tag into the top byte of each pointer.
245 config KERNEL_ARM64_MTE
251 prompt "Instrumentation type"
252 depends on KERNEL_KASAN
253 depends on !KERNEL_KASAN_HW_TAGS
254 default KERNEL_KASAN_OUTLINE
256 config KERNEL_KASAN_OUTLINE
257 bool "Outline instrumentation"
259 Before every memory access compiler insert function call
260 __asan_load*/__asan_store*. These functions performs check
261 of shadow memory. This is slower than inline instrumentation,
262 however it doesn't bloat size of kernel's .text section so
265 config KERNEL_KASAN_INLINE
266 bool "Inline instrumentation"
268 Compiler directly inserts code checking shadow memory before
269 memory accesses. This is faster than outline (in some workloads
270 it gives about x2 boost over outline instrumentation), but
271 make kernel's .text size much bigger.
272 This requires a gcc version of 5.0 or later.
277 bool "Compile the kernel with code coverage for fuzzing"
278 select KERNEL_DEBUG_FS
280 KCOV exposes kernel code coverage information in a form suitable
281 for coverage-guided fuzzing (randomized testing).
283 If RANDOMIZE_BASE is enabled, PC values will not be stable across
284 different machines and across reboots. If you need stable PC values,
285 disable RANDOMIZE_BASE.
287 For more details, see Documentation/kcov.txt.
289 config KERNEL_KCOV_ENABLE_COMPARISONS
290 bool "Enable comparison operands collection by KCOV"
291 depends on KERNEL_KCOV
293 KCOV also exposes operands of every comparison in the instrumented
294 code along with operand sizes and PCs of the comparison instructions.
295 These operands can be used by fuzzing engines to improve the quality
298 config KERNEL_KCOV_INSTRUMENT_ALL
299 bool "Instrument all code by default"
300 depends on KERNEL_KCOV
301 default y if KERNEL_KCOV
303 If you are doing generic system call fuzzing (like e.g. syzkaller),
304 then you will want to instrument the whole kernel and you should
305 say y here. If you are doing more targeted fuzzing (like e.g.
306 filesystem fuzzing with AFL) then you will want to enable coverage
307 for more specific subsets of files, and should say n here.
309 config KERNEL_TASKSTATS
310 bool "Compile the kernel with task resource/io statistics and accounting"
312 Enable the collection and publishing of task/io statistics and
313 accounting. Enable this option to enable i/o monitoring in system
318 config KERNEL_TASK_DELAY_ACCT
321 config KERNEL_TASK_IO_ACCOUNTING
324 config KERNEL_TASK_XACCT
329 config KERNEL_KALLSYMS
330 bool "Compile the kernel with symbol table information"
331 default y if !SMALL_FLASH
333 This will give you more information in stack traces from kernel oopses.
336 bool "Compile the kernel with tracing support"
337 depends on !TARGET_uml
339 config KERNEL_FTRACE_SYSCALLS
340 bool "Trace system calls"
341 depends on KERNEL_FTRACE
343 config KERNEL_ENABLE_DEFAULT_TRACERS
344 bool "Trace process context switches and events"
345 depends on KERNEL_FTRACE
347 config KERNEL_FUNCTION_TRACER
348 bool "Function tracer"
349 depends on KERNEL_FTRACE
351 config KERNEL_FUNCTION_GRAPH_TRACER
352 bool "Function graph tracer"
353 depends on KERNEL_FUNCTION_TRACER
355 config KERNEL_DYNAMIC_FTRACE
356 bool "Enable/disable function tracing dynamically"
357 depends on KERNEL_FUNCTION_TRACER
359 config KERNEL_FUNCTION_PROFILER
360 bool "Function profiler"
361 depends on KERNEL_FUNCTION_TRACER
363 config KERNEL_IRQSOFF_TRACER
364 bool "Interrupts-off Latency Tracer"
365 depends on KERNEL_FTRACE
367 This option measures the time spent in irqs-off critical
368 sections, with microsecond accuracy.
370 The default measurement method is a maximum search, which is
371 disabled by default and can be runtime (re-)started
374 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
376 (Note that kernel size and overhead increase with this option
377 enabled. This option and the preempt-off timing option can be
378 used together or separately.)
380 config KERNEL_PREEMPT_TRACER
381 bool "Preemption-off Latency Tracer"
382 depends on KERNEL_FTRACE
384 This option measures the time spent in preemption-off critical
385 sections, with microsecond accuracy.
387 The default measurement method is a maximum search, which is
388 disabled by default and can be runtime (re-)started
391 echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
393 (Note that kernel size and overhead increase with this option
394 enabled. This option and the irqs-off timing option can be
395 used together or separately.)
397 config KERNEL_HIST_TRIGGERS
398 bool "Histogram triggers"
399 depends on KERNEL_FTRACE
401 Hist triggers allow one or more arbitrary trace event fields to be
402 aggregated into hash tables and dumped to stdout by reading a
403 debugfs/tracefs file. They're useful for gathering quick and dirty
404 (though precise) summaries of event activity as an initial guide for
405 further investigation using more advanced tools.
407 Inter-event tracing of quantities such as latencies is also
408 supported using hist triggers under this option.
410 config KERNEL_DEBUG_KERNEL
413 config KERNEL_DEBUG_INFO
414 bool "Compile the kernel with debug information"
415 default y if !SMALL_FLASH
416 select KERNEL_DEBUG_KERNEL
418 This will compile your kernel and modules with debug information.
420 config KERNEL_DEBUG_INFO_BTF
422 bool "Enable additional BTF type information"
423 depends on !HOST_OS_MACOS
424 depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
427 Generate BPF Type Format (BTF) information from DWARF debug info.
428 Turning this on expects presence of pahole tool, which will convert
429 DWARF type info into equivalent deduplicated BTF type info.
431 Required to run BPF CO-RE applications.
433 config KERNEL_MODULE_ALLOW_BTF_MISMATCH
434 bool "Allow loading modules with non-matching BTF type info"
435 depends on KERNEL_DEBUG_INFO_BTF
437 For modules whose split BTF does not match vmlinux, load without
438 BTF rather than refusing to load. The default behavior with
439 module BTF enabled is to reject modules with such mismatches;
440 this option will still load module BTF where possible but ignore
441 it when a mismatch is found.
443 config KERNEL_DEBUG_INFO_REDUCED
444 bool "Reduce debugging information"
446 depends on KERNEL_DEBUG_INFO
448 If you say Y here gcc is instructed to generate less debugging
449 information for structure types. This means that tools that
450 need full debugging information (like kgdb or systemtap) won't
451 be happy. But if you merely need debugging information to
452 resolve line numbers there is no loss. Advantage is that
453 build directory object sizes shrink dramatically over a full
454 DEBUG_INFO build and compile times are reduced too.
455 Only works with newer gcc versions.
457 config KERNEL_FRAME_WARN
460 default 1280 if KERNEL_KASAN && !ARCH_64BIT
461 default 1024 if !ARCH_64BIT
462 default 2048 if ARCH_64BIT
464 Tell the compiler to warn at build time for stack frames larger than this.
465 Setting this too low will cause a lot of warnings.
466 Setting it to 0 disables the warning.
468 # KERNEL_DEBUG_LL symbols must have the default value set as otherwise
469 # KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
470 # which means that buildroot wont override the DEBUG_LL symbols in target
471 # kernel configurations and lead to devices that dont have working console
472 config KERNEL_DEBUG_LL_UART_NONE
477 config KERNEL_DEBUG_LL
481 select KERNEL_DEBUG_LL_UART_NONE
483 ARM low level debugging.
485 config KERNEL_DEBUG_VIRTUAL
486 bool "Compile the kernel with VM translations debugging"
487 select KERNEL_DEBUG_KERNEL
489 Enable checks sanity checks to catch invalid uses of
490 virt_to_phys()/phys_to_virt() against the non-linear address space.
492 config KERNEL_DYNAMIC_DEBUG
493 bool "Compile the kernel with dynamic printk"
494 select KERNEL_DEBUG_FS
496 Compiles debug level messages into the kernel, which would not
497 otherwise be available at runtime. These messages can then be
498 enabled/disabled based on various levels of scope - per source file,
499 function, module, format string, and line number. This mechanism
500 implicitly compiles in all pr_debug() and dev_dbg() calls, which
501 enlarges the kernel text size by about 2%.
503 config KERNEL_EARLY_PRINTK
504 bool "Compile the kernel with early printk"
505 default y if TARGET_bcm53xx
507 select KERNEL_DEBUG_KERNEL
508 select KERNEL_DEBUG_LL if arm
510 Compile the kernel with early printk support. This is only useful for
511 debugging purposes to send messages over the serial console in early boot.
512 Enable this to debug early boot problems.
514 config KERNEL_KPROBES
515 bool "Compile the kernel with kprobes support"
517 select KERNEL_PERF_EVENTS
519 Compiles the kernel with KPROBES support, which allows you to trap
520 at almost any kernel address and execute a callback function.
521 register_kprobe() establishes a probepoint and specifies the
522 callback. Kprobes is useful for kernel debugging, non-intrusive
523 instrumentation and testing.
524 If in doubt, say "N".
526 config KERNEL_KPROBE_EVENTS
528 default y if KERNEL_KPROBES
530 config KERNEL_BPF_EVENTS
531 bool "Compile the kernel with BPF event support"
532 select KERNEL_KPROBES
534 Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
535 This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
536 for sending data from BPF programs to user-space for post-processing
539 config KERNEL_BPF_KPROBE_OVERRIDE
541 depends on KERNEL_KPROBES
545 bool "Compile the kernel with asynchronous IO support"
546 default y if !SMALL_FLASH
548 config KERNEL_IO_URING
549 bool "Compile the kernel with io_uring support"
550 depends on !SMALL_FLASH
551 default y if (x86_64 || aarch64)
553 config KERNEL_FHANDLE
554 bool "Compile the kernel with support for fhandle syscalls"
555 default y if !SMALL_FLASH
557 config KERNEL_FANOTIFY
558 bool "Compile the kernel with modern file notification support"
559 default y if !SMALL_FLASH
561 config KERNEL_BLK_DEV_BSG
562 bool "Compile the kernel with SCSI generic v4 support for any block device"
564 config KERNEL_TRANSPARENT_HUGEPAGE
568 prompt "Transparent Hugepage Support sysfs defaults"
569 depends on KERNEL_TRANSPARENT_HUGEPAGE
570 default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
572 config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
575 config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
579 config KERNEL_HUGETLBFS
582 config KERNEL_HUGETLB_PAGE
583 bool "Compile the kernel with HugeTLB support"
584 select KERNEL_TRANSPARENT_HUGEPAGE
585 select KERNEL_HUGETLBFS
587 config KERNEL_MAGIC_SYSRQ
588 bool "Compile the kernel with SysRq support"
591 config KERNEL_DEBUG_PINCTRL
592 bool "Compile the kernel with pinctrl debugging"
593 select KERNEL_DEBUG_KERNEL
595 config KERNEL_DEBUG_GPIO
596 bool "Compile the kernel with gpio debugging"
597 select KERNEL_DEBUG_KERNEL
599 config KERNEL_COREDUMP
602 config KERNEL_ELF_CORE
603 bool "Enable process core dump support"
604 select KERNEL_COREDUMP
605 default y if !SMALL_FLASH
607 config KERNEL_PROVE_LOCKING
608 bool "Enable kernel lock checking"
609 select KERNEL_DEBUG_KERNEL
611 config KERNEL_SOFTLOCKUP_DETECTOR
612 bool "Compile the kernel with detect Soft Lockups"
613 depends on KERNEL_DEBUG_KERNEL
615 Say Y here to enable the kernel to act as a watchdog to detect
618 Softlockups are bugs that cause the kernel to loop in kernel
619 mode for more than 20 seconds, without giving other tasks a
620 chance to run. The current stack trace is displayed upon
621 detection and the system will stay locked up.
623 config KERNEL_HARDLOCKUP_DETECTOR
624 bool "Compile the kernel with detect Hard Lockups"
625 depends on KERNEL_DEBUG_KERNEL
627 Say Y here to enable the kernel to act as a watchdog to detect
630 Hardlockups are bugs that cause the CPU to loop in kernel mode
631 for more than 10 seconds, without letting other interrupts have a
632 chance to run. The current stack trace is displayed upon detection
633 and the system will stay locked up.
635 config KERNEL_DETECT_HUNG_TASK
636 bool "Compile the kernel with detect Hung Tasks"
637 depends on KERNEL_DEBUG_KERNEL
638 default KERNEL_SOFTLOCKUP_DETECTOR
640 Say Y here to enable the kernel to detect "hung tasks",
641 which are bugs that cause the task to be stuck in
642 uninterruptible "D" state indefinitely.
644 When a hung task is detected, the kernel will print the
645 current stack trace (which you should report), but the
646 task will stay in uninterruptible state. If lockdep is
647 enabled then all held locks will also be reported. This
648 feature has negligible overhead.
650 config KERNEL_WQ_WATCHDOG
651 bool "Compile the kernel with detect Workqueue Stalls"
652 depends on KERNEL_DEBUG_KERNEL
654 Say Y here to enable stall detection on workqueues. If a
655 worker pool doesn't make forward progress on a pending work
656 item for over a given amount of time, 30s by default, a
657 warning message is printed along with dump of workqueue
658 state. This can be configured through kernel parameter
659 "workqueue.watchdog_thresh" and its sysfs counterpart.
661 config KERNEL_DEBUG_ATOMIC_SLEEP
662 bool "Compile the kernel with sleep inside atomic section checking"
663 depends on KERNEL_DEBUG_KERNEL
665 If you say Y here, various routines which may sleep will become very
666 noisy if they are called inside atomic sections: when a spinlock is
667 held, inside an rcu read side critical section, inside preempt disabled
668 sections, inside an interrupt, etc...
670 config KERNEL_DEBUG_VM
671 bool "Compile the kernel with debug VM"
672 depends on KERNEL_DEBUG_KERNEL
674 Enable this to turn on extended checks in the virtual-memory system
675 that may impact performance.
679 config KERNEL_PRINTK_TIME
680 bool "Enable printk timestamps"
683 config KERNEL_SLUB_DEBUG
686 config KERNEL_SLUB_DEBUG_ON
689 config KERNEL_SLABINFO
690 select KERNEL_SLUB_DEBUG
691 select KERNEL_SLUB_DEBUG_ON
692 bool "Enable /proc slab debug info"
694 config KERNEL_PROC_PAGE_MONITOR
695 bool "Enable /proc page monitoring"
701 bool "Enable kexec support"
703 config KERNEL_PROC_VMCORE
706 config KERNEL_PROC_KCORE
709 config KERNEL_CRASH_DUMP
710 depends on i386 || x86_64 || arm || armeb
712 select KERNEL_PROC_VMCORE
713 select KERNEL_PROC_KCORE
714 bool "Enable support for kexec crashdump"
718 bool "Enable rfkill support"
719 default RFKILL_SUPPORT
722 bool "Enable sparse check during kernel build"
724 config KERNEL_DEVTMPFS
725 bool "Compile the kernel with device tmpfs enabled"
727 devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
728 devices nodes for all registered devices to simplify boot, but leaves more
729 complex tasks to userspace (e.g. udev).
733 config KERNEL_DEVTMPFS_MOUNT
734 bool "Automatically mount devtmpfs after root filesystem is mounted"
739 bool "Enable kernel access key retention support"
742 config KERNEL_PERSISTENT_KEYRINGS
743 bool "Enable kernel persistent keyrings"
744 depends on KERNEL_KEYS
746 config KERNEL_KEYS_REQUEST_CACHE
747 bool "Enable temporary caching of the last request_key() result"
748 depends on KERNEL_KEYS
750 config KERNEL_BIG_KEYS
751 bool "Enable large payload keys on kernel keyrings"
752 depends on KERNEL_KEYS
755 # CGROUP support symbols
758 config KERNEL_CGROUPS
759 bool "Enable kernel cgroups"
760 default y if !SMALL_FLASH
764 config KERNEL_CGROUP_DEBUG
765 bool "Example debug cgroup subsystem"
767 This option enables a simple cgroup subsystem that
768 exports useful debugging information about the cgroups
771 config KERNEL_FREEZER
774 config KERNEL_CGROUP_FREEZER
775 bool "legacy Freezer cgroup subsystem"
776 select KERNEL_FREEZER
778 Provides a way to freeze and unfreeze all tasks in a
780 (legacy cgroup1-only controller, in cgroup2 freezer
781 is integrated in the Memory controller)
783 config KERNEL_CGROUP_DEVICE
784 bool "legacy Device controller for cgroups"
786 Provides a cgroup implementing whitelists for devices which
787 a process in the cgroup can mknod or open.
788 (legacy cgroup1-only controller)
790 config KERNEL_CGROUP_HUGETLB
791 bool "HugeTLB controller"
792 select KERNEL_HUGETLB_PAGE
794 config KERNEL_CGROUP_PIDS
795 bool "PIDs cgroup subsystem"
798 Provides enforcement of process number limits in the scope of a
801 config KERNEL_CGROUP_RDMA
802 bool "RDMA controller for cgroups"
805 config KERNEL_CGROUP_BPF
806 bool "Support for eBPF programs attached to cgroups"
809 config KERNEL_CPUSETS
810 bool "Cpuset support"
813 This option will let you create and manage CPUSETs which
814 allow dynamically partitioning a system into sets of CPUs and
815 Memory Nodes and assigning tasks to run only within those sets.
816 This is primarily useful on large SMP or NUMA systems.
818 config KERNEL_PROC_PID_CPUSET
819 bool "Include legacy /proc/<pid>/cpuset file"
820 depends on KERNEL_CPUSETS
822 config KERNEL_CGROUP_CPUACCT
823 bool "Simple CPU accounting cgroup subsystem"
826 Provides a simple Resource Controller for monitoring the
827 total CPU consumed by the tasks in a cgroup.
829 config KERNEL_RESOURCE_COUNTERS
830 bool "Resource counters"
833 This option enables controller independent resource accounting
834 infrastructure that works with cgroups.
836 config KERNEL_MM_OWNER
838 default y if KERNEL_MEMCG
841 bool "Memory Resource Controller for Control Groups"
843 select KERNEL_FREEZER
844 depends on KERNEL_RESOURCE_COUNTERS
846 Provides a memory resource controller that manages both anonymous
847 memory and page cache. (See Documentation/cgroups/memory.txt)
849 Note that setting this option increases fixed memory overhead
850 associated with each page of memory in the system. By this,
851 20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
852 usage tracking struct at boot. Total amount of this is printed out
855 Only enable when you're ok with these tradeoffs and really
856 sure you need the memory resource controller. Even when you enable
857 this, you can set "cgroup_disable=memory" at your boot option to
858 disable memory resource controller and you can avoid overheads
859 (but lose benefits of memory resource controller).
861 This config option also selects MM_OWNER config option, which
862 could in turn add some fork/exit overhead.
864 config KERNEL_MEMCG_SWAP
865 bool "Memory Resource Controller Swap Extension"
867 depends on KERNEL_MEMCG
869 Add swap management feature to memory resource controller. When you
870 enable this, you can limit mem+swap usage per cgroup. In other words,
871 when you disable this, memory resource controller has no cares to
872 usage of swap...a process can exhaust all of the swap. This extension
873 is useful when you want to avoid exhaustion swap but this itself
874 adds more overheads and consumes memory for remembering information.
875 Especially if you use 32bit system or small memory system, please
876 be careful about enabling this. When memory resource controller
877 is disabled by boot option, this will be automatically disabled and
878 there will be no overhead from this. Even when you set this config=y,
879 if boot option "swapaccount=0" is set, swap will not be accounted.
880 Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
881 size is 4096bytes, 512k per 1Gbytes of swap.
883 config KERNEL_MEMCG_SWAP_ENABLED
884 bool "Memory Resource Controller Swap Extension enabled by default"
885 depends on KERNEL_MEMCG_SWAP
887 Memory Resource Controller Swap Extension comes with its price in
888 a bigger memory consumption. General purpose distribution kernels
889 which want to enable the feature but keep it disabled by default
890 and let the user enable it by swapaccount boot command line
891 parameter should have this option unselected.
893 Those who want to have the feature enabled by default should
894 select this option (if, for some reason, they need to disable it,
895 then swapaccount=0 does the trick).
898 config KERNEL_MEMCG_KMEM
899 bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
901 depends on KERNEL_MEMCG
903 The Kernel Memory extension for Memory Resource Controller can limit
904 the amount of memory used by kernel objects in the system. Those are
905 fundamentally different from the entities handled by the standard
906 Memory Controller, which are page-based, and can be swapped. Users of
907 the kmem extension can use it to guarantee that no group of processes
908 will ever exhaust kernel resources alone.
910 config KERNEL_CGROUP_PERF
911 bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
912 select KERNEL_PERF_EVENTS
914 This option extends the per-cpu mode to restrict monitoring to
915 threads which belong to the cgroup specified and run on the
918 menuconfig KERNEL_CGROUP_SCHED
919 bool "Group CPU scheduler"
922 This feature lets CPU scheduler recognize task groups and control CPU
923 bandwidth allocation to such task groups. It uses cgroups to group
926 if KERNEL_CGROUP_SCHED
928 config KERNEL_FAIR_GROUP_SCHED
929 bool "Group scheduling for SCHED_OTHER"
932 config KERNEL_CFS_BANDWIDTH
933 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
935 depends on KERNEL_FAIR_GROUP_SCHED
937 This option allows users to define CPU bandwidth rates (limits) for
938 tasks running within the fair group scheduler. Groups with no limit
939 set are considered to be unconstrained and will run with no
941 See tip/Documentation/scheduler/sched-bwc.txt for more information.
943 config KERNEL_RT_GROUP_SCHED
944 bool "Group scheduling for SCHED_RR/FIFO"
947 This feature lets you explicitly allocate real CPU bandwidth
948 to task groups. If enabled, it will also make it impossible to
949 schedule realtime tasks for non-root users until you allocate
950 realtime bandwidth for them.
954 config KERNEL_BLK_CGROUP
955 bool "Block IO controller"
958 Generic block IO controller cgroup interface. This is the common
959 cgroup interface which should be used by various IO controlling
962 Currently, CFQ IO scheduler uses it to recognize task groups and
963 control disk bandwidth allocation (proportional time slice allocation)
964 to such task groups. It is also used by bio throttling logic in
965 block layer to implement upper limit in IO rates on a device.
967 This option only enables generic Block IO controller infrastructure.
968 One needs to also enable actual IO controlling logic/policy. For
969 enabling proportional weight division of disk bandwidth in CFQ, set
970 CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
971 CONFIG_BLK_DEV_THROTTLING=y.
975 config KERNEL_CFQ_GROUP_IOSCHED
976 bool "Proportional weight of disk bandwidth in CFQ"
978 config KERNEL_BLK_DEV_THROTTLING
979 bool "Enable throttling policy"
982 config KERNEL_BLK_DEV_THROTTLING_LOW
983 bool "Block throttling .low limit interface support (EXPERIMENTAL)"
984 depends on KERNEL_BLK_DEV_THROTTLING
987 config KERNEL_DEBUG_BLK_CGROUP
988 bool "Enable Block IO controller debugging"
989 depends on KERNEL_BLK_CGROUP
991 Enable some debugging help. Currently it exports additional stat
992 files in a cgroup which can be useful for debugging.
994 config KERNEL_NET_CLS_CGROUP
995 bool "legacy Control Group Classifier"
997 config KERNEL_CGROUP_NET_CLASSID
998 bool "legacy Network classid cgroup"
1000 config KERNEL_CGROUP_NET_PRIO
1001 bool "legacy Network priority cgroup"
1006 # Namespace support symbols
1009 config KERNEL_NAMESPACES
1010 bool "Enable kernel namespaces"
1011 default y if !SMALL_FLASH
1013 if KERNEL_NAMESPACES
1015 config KERNEL_UTS_NS
1016 bool "UTS namespace"
1019 In this namespace, tasks see different info provided
1020 with the uname() system call.
1022 config KERNEL_IPC_NS
1023 bool "IPC namespace"
1026 In this namespace, tasks work with IPC ids which correspond to
1027 different IPC objects in different namespaces.
1029 config KERNEL_USER_NS
1030 bool "User namespace (EXPERIMENTAL)"
1033 This allows containers, i.e. vservers, to use user namespaces
1034 to provide different user info for different servers.
1036 config KERNEL_PID_NS
1037 bool "PID Namespaces"
1040 Support process id namespaces. This allows having multiple
1041 processes with the same pid as long as they are in different
1042 pid namespaces. This is a building block of containers.
1044 config KERNEL_NET_NS
1045 bool "Network namespace"
1048 Allow user space to create what appear to be multiple instances
1049 of the network stack.
1053 config KERNEL_DEVPTS_MULTIPLE_INSTANCES
1054 bool "Support multiple instances of devpts"
1055 default y if !SMALL_FLASH
1057 Enable support for multiple instances of devpts filesystem.
1058 If you want to have isolated PTY namespaces (eg: in containers),
1059 say Y here. Otherwise, say N. If enabled, each mount of devpts
1060 filesystem with the '-o newinstance' option will create an
1061 independent PTY namespace.
1063 config KERNEL_POSIX_MQUEUE
1064 bool "POSIX Message Queues"
1065 default y if !SMALL_FLASH
1067 POSIX variant of message queues is a part of IPC. In POSIX message
1068 queues every message has a priority which decides about succession
1069 of receiving it by a process. If you want to compile and run
1070 programs written e.g. for Solaris with use of its POSIX message
1071 queues (functions mq_*) say Y here.
1073 POSIX message queues are visible as a filesystem called 'mqueue'
1074 and can be mounted somewhere if you want to do filesystem
1075 operations on message queues.
1078 config KERNEL_SECCOMP_FILTER
1080 default y if !SMALL_FLASH
1082 config KERNEL_SECCOMP
1083 bool "Enable seccomp support"
1084 depends on !(TARGET_uml)
1085 select KERNEL_SECCOMP_FILTER
1086 default y if !SMALL_FLASH
1088 Build kernel with support for seccomp.
1091 # IPv4 configuration
1094 config KERNEL_IP_MROUTE
1095 bool "Enable IPv4 multicast routing"
1098 Multicast routing requires a multicast routing daemon in
1099 addition to kernel support.
1103 config KERNEL_IP_MROUTE_MULTIPLE_TABLES
1106 config KERNEL_IP_PIMSM_V1
1109 config KERNEL_IP_PIMSM_V2
1115 # IPv6 configuration
1123 config KERNEL_IPV6_MULTIPLE_TABLES
1126 config KERNEL_IPV6_SUBTREES
1129 config KERNEL_IPV6_MROUTE
1130 bool "Enable IPv6 multicast routing"
1133 Multicast routing requires a multicast routing daemon in
1134 addition to kernel support.
1136 if KERNEL_IPV6_MROUTE
1138 config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
1141 config KERNEL_IPV6_PIMSM_V2
1146 config KERNEL_IPV6_SEG6_LWTUNNEL
1147 bool "Enable support for lightweight tunnels"
1148 default y if !SMALL_FLASH
1150 Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
1152 config KERNEL_LWTUNNEL_BPF
1158 # Miscellaneous network configuration
1161 config KERNEL_NET_L3_MASTER_DEV
1162 bool "L3 Master device support"
1164 This module provides glue between core networking code and device
1165 drivers to support L3 master devices like VRF.
1167 config KERNEL_XDP_SOCKETS
1168 bool "XDP sockets support"
1170 XDP sockets allows a channel between XDP programs and
1171 userspace applications.
1173 config KERNEL_WIRELESS_EXT
1176 config KERNEL_WEXT_CORE
1177 def_bool KERNEL_WIRELESS_EXT
1179 config KERNEL_WEXT_PRIV
1180 def_bool KERNEL_WIRELESS_EXT
1182 config KERNEL_WEXT_PROC
1183 def_bool KERNEL_WIRELESS_EXT
1185 config KERNEL_WEXT_SPY
1186 def_bool KERNEL_WIRELESS_EXT
1188 config KERNEL_PAGE_POOL
1191 config KERNEL_PAGE_POOL_STATS
1192 bool "Page pool stats support"
1193 depends on KERNEL_PAGE_POOL
1196 # NFS related symbols
1198 config KERNEL_IP_PNP
1199 bool "Compile the kernel with rootfs on NFS"
1201 If you want to make your kernel boot off a NFS server as root
1202 filesystem, select Y here.
1206 config KERNEL_IP_PNP_DHCP
1209 config KERNEL_IP_PNP_BOOTP
1212 config KERNEL_IP_PNP_RARP
1215 config KERNEL_NFS_FS
1218 config KERNEL_NFS_V2
1221 config KERNEL_NFS_V3
1224 config KERNEL_ROOT_NFS
1229 menu "Filesystem ACL and attr support options"
1230 config USE_FS_ACL_ATTR
1231 bool "Use filesystem ACL and attr support by default"
1233 Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
1234 for kernel and packages, except tmpfs, flash filesystems,
1235 and old NFS. Also enable userspace extended attribute support
1236 by default. (OpenWrt already has an expection it will be
1237 present in the kernel).
1239 config KERNEL_FS_POSIX_ACL
1240 bool "Enable POSIX ACL support"
1241 default y if USE_FS_ACL_ATTR
1243 config KERNEL_BTRFS_FS_POSIX_ACL
1244 bool "Enable POSIX ACL for BtrFS Filesystems"
1245 select KERNEL_FS_POSIX_ACL
1246 default y if USE_FS_ACL_ATTR
1248 config KERNEL_EXT4_FS_POSIX_ACL
1249 bool "Enable POSIX ACL for Ext4 Filesystems"
1250 select KERNEL_FS_POSIX_ACL
1251 default y if USE_FS_ACL_ATTR
1253 config KERNEL_F2FS_FS_POSIX_ACL
1254 bool "Enable POSIX ACL for F2FS Filesystems"
1255 select KERNEL_FS_POSIX_ACL
1257 config KERNEL_JFFS2_FS_POSIX_ACL
1258 bool "Enable POSIX ACL for JFFS2 Filesystems"
1259 select KERNEL_FS_POSIX_ACL
1261 config KERNEL_TMPFS_POSIX_ACL
1262 bool "Enable POSIX ACL for TMPFS Filesystems"
1263 select KERNEL_FS_POSIX_ACL
1265 config KERNEL_CIFS_ACL
1266 bool "Enable CIFS ACLs"
1267 select KERNEL_FS_POSIX_ACL
1268 default y if USE_FS_ACL_ATTR
1270 config KERNEL_HFS_FS_POSIX_ACL
1271 bool "Enable POSIX ACL for HFS Filesystems"
1272 select KERNEL_FS_POSIX_ACL
1273 default y if USE_FS_ACL_ATTR
1275 config KERNEL_HFSPLUS_FS_POSIX_ACL
1276 bool "Enable POSIX ACL for HFS+ Filesystems"
1277 select KERNEL_FS_POSIX_ACL
1278 default y if USE_FS_ACL_ATTR
1280 config KERNEL_NFS_ACL_SUPPORT
1281 bool "Enable ACLs for NFS"
1282 default y if USE_FS_ACL_ATTR
1284 config KERNEL_NFS_V3_ACL_SUPPORT
1285 bool "Enable ACLs for NFSv3"
1287 config KERNEL_NFSD_V2_ACL_SUPPORT
1288 bool "Enable ACLs for NFSDv2"
1290 config KERNEL_NFSD_V3_ACL_SUPPORT
1291 bool "Enable ACLs for NFSDv3"
1293 config KERNEL_REISER_FS_POSIX_ACL
1294 bool "Enable POSIX ACLs for ReiserFS"
1295 select KERNEL_FS_POSIX_ACL
1296 default y if USE_FS_ACL_ATTR
1298 config KERNEL_XFS_POSIX_ACL
1299 bool "Enable POSIX ACLs for XFS"
1300 select KERNEL_FS_POSIX_ACL
1301 default y if USE_FS_ACL_ATTR
1303 config KERNEL_JFS_POSIX_ACL
1304 bool "Enable POSIX ACLs for JFS"
1305 select KERNEL_FS_POSIX_ACL
1306 default y if USE_FS_ACL_ATTR
1310 config KERNEL_DEVMEM
1311 bool "/dev/mem virtual device support"
1313 Say Y here if you want to support the /dev/mem device.
1314 The /dev/mem device is used to access areas of physical
1317 config KERNEL_DEVKMEM
1318 bool "/dev/kmem virtual device support"
1320 Say Y here if you want to support the /dev/kmem device. The
1321 /dev/kmem device is rarely used, but can be used for certain
1322 kind of kernel debugging operations.
1324 config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
1325 int "Number of squashfs fragments cached"
1326 default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
1329 config KERNEL_SQUASHFS_XATTR
1330 bool "Squashfs XATTR support"
1333 # compile optimization setting
1336 prompt "Compiler optimization level"
1337 default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
1339 config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
1340 bool "Optimize for performance"
1342 This is the default optimization level for the kernel, building
1343 with the "-O2" compiler flag for best performance and most
1344 helpful compile-time warnings.
1346 config KERNEL_CC_OPTIMIZE_FOR_SIZE
1347 bool "Optimize for size"
1349 Enabling this option will pass "-Os" instead of "-O2" to
1350 your compiler resulting in a smaller kernel.
1355 bool "Auditing support"
1357 config KERNEL_SECURITY
1358 bool "Enable different security models"
1360 config KERNEL_SECURITY_NETWORK
1361 bool "Socket and Networking Security Hooks"
1362 select KERNEL_SECURITY
1364 config KERNEL_SECURITY_SELINUX
1365 bool "NSA SELinux Support"
1366 select KERNEL_SECURITY_NETWORK
1369 config KERNEL_SECURITY_SELINUX_BOOTPARAM
1370 bool "NSA SELinux boot parameter"
1371 depends on KERNEL_SECURITY_SELINUX
1374 config KERNEL_SECURITY_SELINUX_DISABLE
1375 bool "NSA SELinux runtime disable"
1376 depends on KERNEL_SECURITY_SELINUX
1378 config KERNEL_SECURITY_SELINUX_DEVELOP
1379 bool "NSA SELinux Development Support"
1380 depends on KERNEL_SECURITY_SELINUX
1383 config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
1385 depends on KERNEL_SECURITY_SELINUX
1388 config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
1390 depends on KERNEL_SECURITY_SELINUX
1395 default "lockdown,yama,loadpin,safesetid,integrity,selinux"
1396 depends on KERNEL_SECURITY_SELINUX
1398 config KERNEL_EXT4_FS_SECURITY
1399 bool "Ext4 Security Labels"
1401 config KERNEL_F2FS_FS_SECURITY
1402 bool "F2FS Security Labels"
1404 config KERNEL_UBIFS_FS_SECURITY
1405 bool "UBIFS Security Labels"
1407 config KERNEL_JFFS2_FS_SECURITY
1408 bool "JFFS2 Security Labels"
1410 config KERNEL_WERROR
1411 bool "Compile the kernel with warnings as errors"
1413 default y if GCC_USE_VERSION_12
1415 A kernel build should not cause any compiler warnings, and this
1416 enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
1417 to enforce that rule by default. Certain warnings from other tools
1418 such as the linker may be upgraded to errors with this option as
1421 However, if you have a new (or very old) compiler or linker with odd
1422 and unusual warnings, or you have some architecture with problems,
1423 you may need to disable this config option in order to
1424 successfully build the kernel.