X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-kernel.in;h=07d65bc465c5ef7063372e49955968fb96d64ee2;hb=fd4ad6cae88d009e9560e4ee902bf20a5b42d36e;hp=f6464b7574cf15a262be98c3a48825146e76cc69;hpb=d1a8217d87bffa33fd7d4562b3ed2f797c14beaf;p=openwrt%2Fstaging%2Fjow.git diff --git a/config/Config-kernel.in b/config/Config-kernel.in index f6464b7574..07d65bc465 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -1,8 +1,6 @@ -# Copyright (C) 2006-2014 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. +# SPDX-License-Identifier: GPL-2.0-only # +# Copyright (C) 2006-2014 OpenWrt.org config KERNEL_BUILD_USER string "Custom Kernel Build User Name" @@ -26,15 +24,14 @@ config KERNEL_PRINTK bool "Enable support for printk" default y -config KERNEL_CRASHLOG - bool "Crash logging" - depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64) - default y - config KERNEL_SWAP bool "Support for paging of anonymous memory (swap)" default y if !SMALL_FLASH +config KERNEL_PROC_STRIPPED + bool "Strip non-essential /proc functionality to reduce code size" + default y if SMALL_FLASH + config KERNEL_DEBUG_FS bool "Compile the kernel with debug filesystem enabled" default y @@ -44,15 +41,9 @@ config KERNEL_DEBUG_FS write to these files. Many common debugging facilities, such as ftrace, require the existence of debugfs. -# remove KERNEL_MIPS_FPU_EMULATOR after kernel 4.14 and 4.14 are gone -config KERNEL_MIPS_FPU_EMULATOR - bool "Compile the kernel with MIPS FPU Emulator" - default y if TARGET_pistachio - depends on (mips || mipsel || mips64 || mips64el) - config KERNEL_MIPS_FP_SUPPORT bool - default y if KERNEL_MIPS_FPU_EMULATOR + default y if TARGET_pistachio config KERNEL_ARM_PMU bool @@ -118,6 +109,16 @@ config KERNEL_UBSAN_ALIGNMENT Enabling this option on architectures that support unaligned accesses may produce a lot of false positives. +config KERNEL_UBSAN_BOUNDS + bool "Perform array index bounds checking" + depends on KERNEL_UBSAN + help + This option enables detection of directly indexed out of bounds array + accesses, where the array size is known at compile time. Note that + this does not protect array overflows via bad calls to the + {str,mem}*cpy() family of functions (that is addressed by + FORTIFY_SOURCE). + config KERNEL_UBSAN_NULL bool "Enable checking of null pointers" depends on KERNEL_UBSAN @@ -125,6 +126,19 @@ config KERNEL_UBSAN_NULL This option enables detection of memory accesses via a null pointer. +config KERNEL_UBSAN_TRAP + bool "On Sanitizer warnings, abort the running kernel code" + depends on KERNEL_UBSAN + help + Building kernels with Sanitizer features enabled tends to grow the + kernel size by around 5%, due to adding all the debugging text on + failure paths. To avoid this, Sanitizer instrumentation can just + issue a trap. This reduces the kernel size overhead but turns all + warnings (including potentially harmless conditions) into full + exceptions that abort the running kernel code (regardless of context, + locks held, etc), which may destabilize the system. For some system + builders this is an acceptable trade-off. + config KERNEL_KASAN bool "Compile the kernel with KASan: runtime memory debugger" select KERNEL_SLUB_DEBUG @@ -151,6 +165,30 @@ config KERNEL_KASAN_EXTRA compile time. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more +config KERNEL_KASAN_VMALLOC + bool "Back mappings in vmalloc space with real shadow memory" + depends on KERNEL_KASAN + help + By default, the shadow region for vmalloc space is the read-only + zero page. This means that KASAN cannot detect errors involving + vmalloc space. + + Enabling this option will hook in to vmap/vmalloc and back those + mappings with real shadow memory allocated on demand. This allows + for KASAN to detect more sorts of errors (and to support vmapped + stacks), but at the cost of higher memory usage. + + This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't + depend on that in here, so it is possible that enabling this + will have no effect. + +if KERNEL_KASAN + config KERNEL_KASAN_GENERIC + def_bool y + + config KERNEL_KASAN_SW_TAGS + def_bool n +endif choice prompt "Instrumentation type" @@ -272,6 +310,53 @@ config KERNEL_FUNCTION_PROFILER depends on KERNEL_FUNCTION_TRACER default n +config KERNEL_IRQSOFF_TRACER + bool "Interrupts-off Latency Tracer" + depends on KERNEL_FTRACE + help + This option measures the time spent in irqs-off critical + sections, with microsecond accuracy. + + The default measurement method is a maximum search, which is + disabled by default and can be runtime (re-)started + via: + + echo 0 > /sys/kernel/debug/tracing/tracing_max_latency + + (Note that kernel size and overhead increase with this option + enabled. This option and the preempt-off timing option can be + used together or separately.) + +config KERNEL_PREEMPT_TRACER + bool "Preemption-off Latency Tracer" + depends on KERNEL_FTRACE + help + This option measures the time spent in preemption-off critical + sections, with microsecond accuracy. + + The default measurement method is a maximum search, which is + disabled by default and can be runtime (re-)started + via: + + echo 0 > /sys/kernel/debug/tracing/tracing_max_latency + + (Note that kernel size and overhead increase with this option + enabled. This option and the irqs-off timing option can be + used together or separately.) + +config KERNEL_HIST_TRIGGERS + bool "Histogram triggers" + depends on KERNEL_FTRACE + help + Hist triggers allow one or more arbitrary trace event fields to be + aggregated into hash tables and dumped to stdout by reading a + debugfs/tracefs file. They're useful for gathering quick and dirty + (though precise) summaries of event activity as an initial guide for + further investigation using more advanced tools. + + Inter-event tracing of quantities such as latencies is also + supported using hist triggers under this option. + config KERNEL_DEBUG_KERNEL bool default n @@ -333,10 +418,6 @@ config KERNEL_KPROBES instrumentation and testing. If in doubt, say "N". -config KERNEL_KPROBE_EVENT - bool - default y if KERNEL_KPROBES - config KERNEL_KPROBE_EVENTS bool default y if KERNEL_KPROBES @@ -345,6 +426,10 @@ config KERNEL_AIO bool "Compile the kernel with asynchronous IO support" default y if !SMALL_FLASH +config KERNEL_IO_URING + bool "Compile the kernel with io_uring support" + default y if !SMALL_FLASH + config KERNEL_FHANDLE bool "Compile the kernel with support for fhandle syscalls" default y if !SMALL_FLASH @@ -360,6 +445,18 @@ config KERNEL_BLK_DEV_BSG config KERNEL_TRANSPARENT_HUGEPAGE bool +choice + prompt "Transparent Hugepage Support sysfs defaults" + depends on KERNEL_TRANSPARENT_HUGEPAGE + default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS + + config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS + bool "always" + + config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE + bool "madvise" +endchoice + config KERNEL_HUGETLBFS bool @@ -394,34 +491,22 @@ config KERNEL_PROVE_LOCKING select KERNEL_DEBUG_KERNEL default n -config KERNEL_LOCKUP_DETECTOR - bool "Compile the kernel with detect Hard and Soft Lockups" +config KERNEL_SOFTLOCKUP_DETECTOR + bool "Compile the kernel with detect Soft Lockups" depends on KERNEL_DEBUG_KERNEL help Say Y here to enable the kernel to act as a watchdog to detect - hard and soft lockups. + soft lockups. Softlockups are bugs that cause the kernel to loop in kernel mode for more than 20 seconds, without giving other tasks a chance to run. The current stack trace is displayed upon detection and the system will stay locked up. - Hardlockups are bugs that cause the CPU to loop in kernel mode - for more than 10 seconds, without letting other interrupts have a - chance to run. The current stack trace is displayed upon detection - and the system will stay locked up. - - The overhead should be minimal. A periodic hrtimer runs to - generate interrupts and kick the watchdog task every 4 seconds. - An NMI is generated every 10 seconds or so to check for hardlockups. - - The frequency of hrtimer and NMI events and the soft and hard lockup - thresholds can be controlled through the sysctl watchdog_thresh. - config KERNEL_DETECT_HUNG_TASK bool "Compile the kernel with detect Hung Tasks" depends on KERNEL_DEBUG_KERNEL - default KERNEL_LOCKUP_DETECTOR + default KERNEL_SOFTLOCKUP_DETECTOR help Say Y here to enable the kernel to detect "hung tasks", which are bugs that cause the task to be stuck in @@ -525,23 +610,23 @@ if KERNEL_DEVTMPFS endif config KERNEL_KEYS - bool "Enable kernel access key retention support" - default n + bool "Enable kernel access key retention support" + default !SMALL_FLASH config KERNEL_PERSISTENT_KEYRINGS - bool "Enable kernel persistent keyrings" - depends on KERNEL_KEYS - default n + bool "Enable kernel persistent keyrings" + depends on KERNEL_KEYS + default n -config KERNEL_BIG_KEYS - bool "Enable large payload keys on kernel keyrings" - depends on KERNEL_KEYS - default n +config KERNEL_KEYS_REQUEST_CACHE + bool "Enable temporary caching of the last request_key() result" + depends on KERNEL_KEYS + default n -config KERNEL_ENCRYPTED_KEYS - tristate "Enable keys with encrypted payloads on kernel keyrings" - depends on KERNEL_KEYS - default n +config KERNEL_BIG_KEYS + bool "Enable large payload keys on kernel keyrings" + depends on KERNEL_KEYS + default n # # CGROUP support symbols @@ -584,8 +669,8 @@ if KERNEL_CGROUPS config KERNEL_CGROUP_HUGETLB bool "HugeTLB controller" - default y if KERNEL_HUGETLB_PAGE - depends on KERNEL_HUGETLB_PAGE + default n + select KERNEL_HUGETLB_PAGE config KERNEL_CGROUP_PIDS bool "PIDs cgroup subsystem" @@ -604,7 +689,7 @@ if KERNEL_CGROUPS config KERNEL_CPUSETS bool "Cpuset support" - default y if !SMALL_FLASH + default y help This option will let you create and manage CPUSETs which allow dynamically partitioning a system into sets of CPUs and @@ -618,14 +703,14 @@ if KERNEL_CGROUPS config KERNEL_CGROUP_CPUACCT bool "Simple CPU accounting cgroup subsystem" - default y if !SMALL_FLASH + default y help Provides a simple Resource Controller for monitoring the total CPU consumed by the tasks in a cgroup. config KERNEL_RESOURCE_COUNTERS bool "Resource counters" - default y if !SMALL_FLASH + default y help This option enables controller independent resource accounting infrastructure that works with cgroups. @@ -636,7 +721,7 @@ if KERNEL_CGROUPS config KERNEL_MEMCG bool "Memory Resource Controller for Control Groups" - default y if !SMALL_FLASH + default y select KERNEL_FREEZER depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18 help @@ -660,7 +745,7 @@ if KERNEL_CGROUPS config KERNEL_MEMCG_SWAP bool "Memory Resource Controller Swap Extension" - default y if !SMALL_FLASH + default y depends on KERNEL_MEMCG help Add swap management feature to memory resource controller. When you @@ -695,7 +780,7 @@ if KERNEL_CGROUPS config KERNEL_MEMCG_KMEM bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)" - default y if !SMALL_FLASH + default y depends on KERNEL_MEMCG help The Kernel Memory extension for Memory Resource Controller can limit @@ -716,7 +801,7 @@ if KERNEL_CGROUPS menuconfig KERNEL_CGROUP_SCHED bool "Group CPU scheduler" - default y if !SMALL_FLASH + default y help This feature lets CPU scheduler recognize task groups and control CPU bandwidth allocation to such task groups. It uses cgroups to group @@ -726,11 +811,11 @@ if KERNEL_CGROUPS config KERNEL_FAIR_GROUP_SCHED bool "Group scheduling for SCHED_OTHER" - default y if !SMALL_FLASH + default y config KERNEL_CFS_BANDWIDTH bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED" - default n + default y depends on KERNEL_FAIR_GROUP_SCHED help This option allows users to define CPU bandwidth rates (limits) for @@ -741,7 +826,7 @@ if KERNEL_CGROUPS config KERNEL_RT_GROUP_SCHED bool "Group scheduling for SCHED_RR/FIFO" - default y if !SMALL_FLASH + default y help This feature lets you explicitly allocate real CPU bandwidth to task groups. If enabled, it will also make it impossible to @@ -776,7 +861,7 @@ if KERNEL_CGROUPS config KERNEL_BLK_DEV_THROTTLING bool "Enable throttling policy" - default y if TARGET_bcm27xx + default y config KERNEL_BLK_DEV_THROTTLING_LOW bool "Block throttling .low limit interface support (EXPERIMENTAL)" @@ -795,6 +880,10 @@ if KERNEL_CGROUPS bool "legacy Control Group Classifier" default n + config KERNEL_CGROUP_NET_CLASSID + bool "legacy Network classid cgroup" + default n + config KERNEL_CGROUP_NET_PRIO bool "legacy Network priority cgroup" default n @@ -922,6 +1011,15 @@ if KERNEL_IPV6 config KERNEL_IPV6_PIMSM_V2 def_bool n + config KERNEL_IPV6_SEG6_LWTUNNEL + bool "Enable support for lightweight tunnels" + default y if !SMALL_FLASH + help + Using lwtunnel (needed for IPv6 segment routing) requires ip-full package. + + config KERNEL_LWTUNNEL_BPF + def_bool n + endif # @@ -1065,8 +1163,11 @@ config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT) default 3 +config KERNEL_SQUASHFS_XATTR + bool "Squashfs XATTR support" + # -# compile optimiziation setting +# compile optimization setting # choice prompt "Compiler optimization level" @@ -1086,3 +1187,59 @@ config KERNEL_CC_OPTIMIZE_FOR_SIZE your compiler resulting in a smaller kernel. endchoice + +config KERNEL_AUDIT + bool "Auditing support" + +config KERNEL_SECURITY + bool "Enable different security models" + +config KERNEL_SECURITY_NETWORK + bool "Socket and Networking Security Hooks" + select KERNEL_SECURITY + +config KERNEL_SECURITY_SELINUX + bool "NSA SELinux Support" + select KERNEL_SECURITY_NETWORK + select KERNEL_AUDIT + +config KERNEL_SECURITY_SELINUX_BOOTPARAM + bool "NSA SELinux boot parameter" + depends on KERNEL_SECURITY_SELINUX + default y + +config KERNEL_SECURITY_SELINUX_DISABLE + bool "NSA SELinux runtime disable" + depends on KERNEL_SECURITY_SELINUX + +config KERNEL_SECURITY_SELINUX_DEVELOP + bool "NSA SELinux Development Support" + depends on KERNEL_SECURITY_SELINUX + default y + +config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS + int + depends on KERNEL_SECURITY_SELINUX + default 9 + +config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE + int + depends on KERNEL_SECURITY_SELINUX + default 256 + +config KERNEL_LSM + string + default "lockdown,yama,loadpin,safesetid,integrity,selinux" + depends on KERNEL_SECURITY_SELINUX + +config KERNEL_EXT4_FS_SECURITY + bool "Ext4 Security Labels" + +config KERNEL_F2FS_FS_SECURITY + bool "F2FS Security Labels" + +config KERNEL_UBIFS_FS_SECURITY + bool "UBIFS Security Labels" + +config KERNEL_JFFS2_FS_SECURITY + bool "JFFS2 Security Labels"