config KERNEL_BUILD_USER
string "Custom Kernel Build User Name"
+ default "builder" if BUILDBOT
default ""
help
Sets the Kernel build user string, which for example will be returned
config KERNEL_BUILD_DOMAIN
string "Custom Kernel Build Domain Name"
+ default "buildhost" if BUILDBOT
default ""
help
Sets the Kernel build domain string, which for example will be
default n
depends on (arm || aarch64)
+config KERNEL_X86_VSYSCALL_EMULATION
+ bool "Enable vsyscall emulation"
+ default n
+ depends on x86_64
+ help
+ This enables emulation of the legacy vsyscall page. Disabling
+ it is roughly equivalent to booting with vsyscall=none, except
+ that it will also disable the helpful warning if a program
+ tries to use a vsyscall. With this option set to N, offending
+ programs will just segfault, citing addresses of the form
+ 0xffffffffff600?00.
+
+ This option is required by many programs built before 2013, and
+ care should be used even with newer programs if set to N.
+
+ Disabling this option saves about 7K of kernel size and
+ possibly 4K of additional runtime pagetable memory.
+
config KERNEL_PERF_EVENTS
bool "Compile the kernel with performance events and counters"
default n
Enable the extended profiling support mechanisms used by profilers such
as OProfile.
+config KERNEL_UBSAN
+ bool "Compile the kernel with undefined behaviour sanity checker"
+ help
+ This option enables undefined behaviour sanity checker
+ Compile-time instrumentation is used to detect various undefined
+ behaviours in runtime. Various types of checks may be enabled
+ via boot parameter ubsan_handle
+ (see: Documentation/dev-tools/ubsan.rst).
+
+config KERNEL_UBSAN_SANITIZE_ALL
+ bool "Enable instrumentation for the entire kernel"
+ depends on KERNEL_UBSAN
+ default y
+ help
+ This option activates instrumentation for the entire kernel.
+ If you don't enable this option, you have to explicitly specify
+ UBSAN_SANITIZE := y for the files/directories you want to check for UB.
+ Enabling this option will get kernel image size increased
+ significantly.
+
+config KERNEL_UBSAN_ALIGNMENT
+ bool "Enable checking of pointers alignment"
+ depends on KERNEL_UBSAN
+ help
+ This option enables detection of unaligned memory accesses.
+ Enabling this option on architectures that support unaligned
+ accesses may produce a lot of false positives.
+
+config KERNEL_UBSAN_NULL
+ bool "Enable checking of null pointers"
+ depends on KERNEL_UBSAN
+ help
+ This option enables detection of memory accesses via a
+ null pointer.
+
+config KERNEL_KASAN
+ bool "Compile the kernel with KASan: runtime memory debugger"
+ select KERNEL_SLUB_DEBUG
+ depends on (x86_64 || aarch64)
+ help
+ Enables kernel address sanitizer - runtime memory debugger,
+ designed to find out-of-bounds accesses and use-after-free bugs.
+ This is strictly a debugging feature and it requires a gcc version
+ of 4.9.2 or later. Detection of out of bounds accesses to stack or
+ global variables requires gcc 5.0 or later.
+ This feature consumes about 1/8 of available memory and brings about
+ ~x3 performance slowdown.
+ For better error detection enable CONFIG_STACKTRACE.
+ Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
+ (the resulting kernel does not boot).
+
+config KERNEL_KASAN_EXTRA
+ bool "KAsan: extra checks"
+ depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
+ help
+ This enables further checks in the kernel address sanitizer, for now
+ it only includes the address-use-after-scope check that can lead
+ to excessive kernel stack usage, frame size warnings and longer
+ compile time.
+ https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
+
+
+choice
+ prompt "Instrumentation type"
+ depends on KERNEL_KASAN
+ default KERNEL_KASAN_OUTLINE
+
+config KERNEL_KASAN_OUTLINE
+ bool "Outline instrumentation"
+ help
+ Before every memory access compiler insert function call
+ __asan_load*/__asan_store*. These functions performs check
+ of shadow memory. This is slower than inline instrumentation,
+ however it doesn't bloat size of kernel's .text section so
+ much as inline does.
+
+config KERNEL_KASAN_INLINE
+ bool "Inline instrumentation"
+ help
+ Compiler directly inserts code checking shadow memory before
+ memory accesses. This is faster than outline (in some workloads
+ it gives about x2 boost over outline instrumentation), but
+ make kernel's .text size much bigger.
+ This requires a gcc version of 5.0 or later.
+
+endchoice
+
+config KERNEL_KCOV
+ bool "Compile the kernel with code coverage for fuzzing"
+ select KERNEL_DEBUG_FS
+ help
+ KCOV exposes kernel code coverage information in a form suitable
+ for coverage-guided fuzzing (randomized testing).
+
+ If RANDOMIZE_BASE is enabled, PC values will not be stable across
+ different machines and across reboots. If you need stable PC values,
+ disable RANDOMIZE_BASE.
+
+ For more details, see Documentation/kcov.txt.
+
+config KERNEL_KCOV_ENABLE_COMPARISONS
+ bool "Enable comparison operands collection by KCOV"
+ depends on KERNEL_KCOV
+ help
+ KCOV also exposes operands of every comparison in the instrumented
+ code along with operand sizes and PCs of the comparison instructions.
+ These operands can be used by fuzzing engines to improve the quality
+ of fuzzing coverage.
+
+config KERNEL_KCOV_INSTRUMENT_ALL
+ bool "Instrument all code by default"
+ depends on KERNEL_KCOV
+ default y if KERNEL_KCOV
+ help
+ If you are doing generic system call fuzzing (like e.g. syzkaller),
+ then you will want to instrument the whole kernel and you should
+ say y here. If you are doing more targeted fuzzing (like e.g.
+ filesystem fuzzing with AFL) then you will want to enable coverage
+ for more specific subsets of files, and should say n here.
+
config KERNEL_TASKSTATS
bool "Compile the kernel with task resource/io statistics and accounting"
default n
config KERNEL_BLK_DEV_THROTTLING
bool "Enable throttling policy"
- default y if TARGET_brcm2708
+ default y if TARGET_bcm27xx
config KERNEL_BLK_DEV_THROTTLING_LOW
bool "Block throttling .low limit interface support (EXPERIMENTAL)"
endif
-#
-# LXC related symbols
-#
-
-config KERNEL_LXC_MISC
- bool "Enable miscellaneous LXC related options"
+config KERNEL_DEVPTS_MULTIPLE_INSTANCES
+ bool "Support multiple instances of devpts"
default y if !SMALL_FLASH
+ help
+ Enable support for multiple instances of devpts filesystem.
+ If you want to have isolated PTY namespaces (eg: in containers),
+ say Y here. Otherwise, say N. If enabled, each mount of devpts
+ filesystem with the '-o newinstance' option will create an
+ independent PTY namespace.
+
+config KERNEL_POSIX_MQUEUE
+ bool "POSIX Message Queues"
+ default y if !SMALL_FLASH
+ help
+ POSIX variant of message queues is a part of IPC. In POSIX message
+ queues every message has a priority which decides about succession
+ of receiving it by a process. If you want to compile and run
+ programs written e.g. for Solaris with use of its POSIX message
+ queues (functions mq_*) say Y here.
-if KERNEL_LXC_MISC
-
- config KERNEL_DEVPTS_MULTIPLE_INSTANCES
- bool "Support multiple instances of devpts"
- default y
- help
- Enable support for multiple instances of devpts filesystem.
- If you want to have isolated PTY namespaces (eg: in containers),
- say Y here. Otherwise, say N. If enabled, each mount of devpts
- filesystem with the '-o newinstance' option will create an
- independent PTY namespace.
-
- config KERNEL_POSIX_MQUEUE
- bool "POSIX Message Queues"
- default y
- help
- POSIX variant of message queues is a part of IPC. In POSIX message
- queues every message has a priority which decides about succession
- of receiving it by a process. If you want to compile and run
- programs written e.g. for Solaris with use of its POSIX message
- queues (functions mq_*) say Y here.
-
- POSIX message queues are visible as a filesystem called 'mqueue'
- and can be mounted somewhere if you want to do filesystem
- operations on message queues.
+ POSIX message queues are visible as a filesystem called 'mqueue'
+ and can be mounted somewhere if you want to do filesystem
+ operations on message queues.
-endif
config KERNEL_SECCOMP_FILTER
bool
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
- config KERNEL_HFSPLUG_FS_POSIX_ACL
+ config KERNEL_HFSPLUS_FS_POSIX_ACL
bool "Enable POSIX ACL for HFS+ Filesystems"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR