libreCMC/config/Config-kernel.in

# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright (C) 2006-2014 OpenWrt.org

config KERNEL_BUILD_USER
	string "Custom Kernel Build User Name"
	default "builder" if BUILDBOT
	default ""
	help
	  Sets the Kernel build user string, which for example will be returned
	  by 'uname -a' on running systems.
	  If not set, uses system user at build time.

config KERNEL_BUILD_DOMAIN
	string "Custom Kernel Build Domain Name"
	default "buildhost" if BUILDBOT
	default ""
	help
	  Sets the Kernel build domain string, which for example will be
	  returned by 'uname -a' on running systems.
	  If not set, uses system hostname at build time.

config KERNEL_PRINTK
	bool "Enable support for printk"
	default y

config KERNEL_SWAP
	bool "Support for paging of anonymous memory (swap)"
	default y if !SMALL_FLASH

config KERNEL_PROC_STRIPPED
	bool "Strip non-essential /proc functionality to reduce code size"
	default y if SMALL_FLASH

config KERNEL_DEBUG_FS
	bool "Compile the kernel with debug filesystem enabled"
	default y
	help
	  debugfs is a virtual file system that kernel developers use to put
	  debugging files into. Enable this option to be able to read and
	  write to these files. Many common debugging facilities, such as
	  ftrace, require the existence of debugfs.

config KERNEL_MIPS_FP_SUPPORT
	bool
	default y if TARGET_pistachio

config KERNEL_ARM_PMU
	bool
	default y if TARGET_armsr_armv8
	depends on (arm || aarch64)

config KERNEL_X86_VSYSCALL_EMULATION
	bool "Enable vsyscall emulation"
	depends on x86_64
	help
	  This enables emulation of the legacy vsyscall page.  Disabling
	  it is roughly equivalent to booting with vsyscall=none, except
	  that it will also disable the helpful warning if a program
	  tries to use a vsyscall.  With this option set to N, offending
	  programs will just segfault, citing addresses of the form
	  0xffffffffff600?00.

	  This option is required by many programs built before 2013, and
	  care should be used even with newer programs if set to N.

	  Disabling this option saves about 7K of kernel size and
	  possibly 4K of additional runtime pagetable memory.

config KERNEL_PERF_EVENTS
	bool "Compile the kernel with performance events and counters"
	select KERNEL_ARM_PMU if (arm || aarch64)

config KERNEL_PROFILING
	bool "Compile the kernel with profiling enabled"
	select KERNEL_PERF_EVENTS
	help
	  Enable the extended profiling support mechanisms used by profilers such
	  as OProfile.

config KERNEL_RPI_AXIPERF
	bool "Compile the kernel with RaspberryPi AXI Performance monitors"
	default y
	depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx

config KERNEL_UBSAN
	bool "Compile the kernel with undefined behaviour sanity checker"
	help
	  This option enables undefined behaviour sanity checker
	  Compile-time instrumentation is used to detect various undefined
	  behaviours in runtime. Various types of checks may be enabled
	  via boot parameter ubsan_handle
	  (see: Documentation/dev-tools/ubsan.rst).

config KERNEL_UBSAN_SANITIZE_ALL
	bool "Enable instrumentation for the entire kernel"
	depends on KERNEL_UBSAN
	default y
	help
	  This option activates instrumentation for the entire kernel.
	  If you don't enable this option, you have to explicitly specify
	  UBSAN_SANITIZE := y for the files/directories you want to check for UB.
	  Enabling this option will get kernel image size increased
	  significantly.

config KERNEL_UBSAN_ALIGNMENT
	bool "Enable checking of pointers alignment"
	depends on KERNEL_UBSAN
	help
	  This option enables detection of unaligned memory accesses.
	  Enabling this option on architectures that support unaligned
	  accesses may produce a lot of false positives.

config KERNEL_UBSAN_BOUNDS
	bool "Perform array index bounds checking"
	depends on KERNEL_UBSAN
	help
	  This option enables detection of directly indexed out of bounds array
	  accesses, where the array size is known at compile time. Note that
	  this does not protect array overflows via bad calls to the
	  {str,mem}*cpy() family of functions (that is addressed by
	  FORTIFY_SOURCE).

config KERNEL_UBSAN_NULL
	bool "Enable checking of null pointers"
	depends on KERNEL_UBSAN
	help
	  This option enables detection of memory accesses via a
	  null pointer.

config KERNEL_UBSAN_TRAP
	bool "On Sanitizer warnings, abort the running kernel code"
	depends on KERNEL_UBSAN
	help
	  Building kernels with Sanitizer features enabled tends to grow the
	  kernel size by around 5%, due to adding all the debugging text on
	  failure paths. To avoid this, Sanitizer instrumentation can just
	  issue a trap. This reduces the kernel size overhead but turns all
	  warnings (including potentially harmless conditions) into full
	  exceptions that abort the running kernel code (regardless of context,
	  locks held, etc), which may destabilize the system. For some system
	  builders this is an acceptable trade-off.

config KERNEL_KASAN
	bool "Compile the kernel with KASan: runtime memory debugger"
	select KERNEL_SLUB_DEBUG
	depends on (x86_64 || aarch64)
	help
	  Enables kernel address sanitizer - runtime memory debugger,
	  designed to find out-of-bounds accesses and use-after-free bugs.
	  This is strictly a debugging feature and it requires a gcc version
	  of 4.9.2 or later. Detection of out of bounds accesses to stack or
	  global variables requires gcc 5.0 or later.
	  This feature consumes about 1/8 of available memory and brings about
	  ~x3 performance slowdown.
	  For better error detection enable CONFIG_STACKTRACE.
	  Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
	  (the resulting kernel does not boot).

config KERNEL_KASAN_EXTRA
	bool "KAsan: extra checks"
	depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
	help
	  This enables further checks in the kernel address sanitizer, for now
	  it only includes the address-use-after-scope check that can lead
	  to excessive kernel stack usage, frame size warnings and longer
	  compile time.
	  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more

config KERNEL_KASAN_VMALLOC
	bool "Back mappings in vmalloc space with real shadow memory"
	depends on KERNEL_KASAN
	help
	  By default, the shadow region for vmalloc space is the read-only
	  zero page. This means that KASAN cannot detect errors involving
	  vmalloc space.

	  Enabling this option will hook in to vmap/vmalloc and back those
	  mappings with real shadow memory allocated on demand. This allows
	  for KASAN to detect more sorts of errors (and to support vmapped
	  stacks), but at the cost of higher memory usage.

	  This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
	  depend on that in here, so it is possible that enabling this
	  will have no effect.

if KERNEL_KASAN
	config KERNEL_KASAN_GENERIC
	def_bool y

	config KERNEL_KASAN_SW_TAGS
	def_bool n
endif

choice
	prompt "Instrumentation type"
	depends on KERNEL_KASAN
	default KERNEL_KASAN_OUTLINE

config KERNEL_KASAN_OUTLINE
	bool "Outline instrumentation"
	help
	  Before every memory access compiler insert function call
	  __asan_load*/__asan_store*. These functions performs check
	  of shadow memory. This is slower than inline instrumentation,
	  however it doesn't bloat size of kernel's .text section so
	  much as inline does.

config KERNEL_KASAN_INLINE
	bool "Inline instrumentation"
	help
	  Compiler directly inserts code checking shadow memory before
	  memory accesses. This is faster than outline (in some workloads
	  it gives about x2 boost over outline instrumentation), but
	  make kernel's .text size much bigger.
	  This requires a gcc version of 5.0 or later.

endchoice

config KERNEL_KCOV
	bool "Compile the kernel with code coverage for fuzzing"
	select KERNEL_DEBUG_FS
	help
	  KCOV exposes kernel code coverage information in a form suitable
	  for coverage-guided fuzzing (randomized testing).

	  If RANDOMIZE_BASE is enabled, PC values will not be stable across
	  different machines and across reboots. If you need stable PC values,
	  disable RANDOMIZE_BASE.

	  For more details, see Documentation/kcov.txt.

config KERNEL_KCOV_ENABLE_COMPARISONS
	bool "Enable comparison operands collection by KCOV"
	depends on KERNEL_KCOV
	help
	  KCOV also exposes operands of every comparison in the instrumented
	  code along with operand sizes and PCs of the comparison instructions.
	  These operands can be used by fuzzing engines to improve the quality
	  of fuzzing coverage.

config KERNEL_KCOV_INSTRUMENT_ALL
	bool "Instrument all code by default"
	depends on KERNEL_KCOV
	default y if KERNEL_KCOV
	help
	  If you are doing generic system call fuzzing (like e.g. syzkaller),
	  then you will want to instrument the whole kernel and you should
	  say y here. If you are doing more targeted fuzzing (like e.g.
	  filesystem fuzzing with AFL) then you will want to enable coverage
	  for more specific subsets of files, and should say n here.

config KERNEL_TASKSTATS
	bool "Compile the kernel with task resource/io statistics and accounting"
	help
	  Enable the collection and publishing of task/io statistics and
	  accounting.  Enable this option to enable i/o monitoring in system
	  monitors.

if KERNEL_TASKSTATS

	config KERNEL_TASK_DELAY_ACCT
		def_bool y

	config KERNEL_TASK_IO_ACCOUNTING
		def_bool y

	config KERNEL_TASK_XACCT
		def_bool y

endif

config KERNEL_KALLSYMS
	bool "Compile the kernel with symbol table information"
	default y if !SMALL_FLASH
	help
	  This will give you more information in stack traces from kernel oopses.

config KERNEL_FTRACE
	bool "Compile the kernel with tracing support"
	depends on !TARGET_uml

config KERNEL_FTRACE_SYSCALLS
	bool "Trace system calls"
	depends on KERNEL_FTRACE

config KERNEL_ENABLE_DEFAULT_TRACERS
	bool "Trace process context switches and events"
	depends on KERNEL_FTRACE

config KERNEL_FUNCTION_TRACER
	bool "Function tracer"
	depends on KERNEL_FTRACE

config KERNEL_FUNCTION_GRAPH_TRACER
	bool "Function graph tracer"
	depends on KERNEL_FUNCTION_TRACER

config KERNEL_DYNAMIC_FTRACE
	bool "Enable/disable function tracing dynamically"
	depends on KERNEL_FUNCTION_TRACER

config KERNEL_FUNCTION_PROFILER
	bool "Function profiler"
	depends on KERNEL_FUNCTION_TRACER

config KERNEL_IRQSOFF_TRACER
	bool "Interrupts-off Latency Tracer"
	depends on KERNEL_FTRACE
	help
	  This option measures the time spent in irqs-off critical
	  sections, with microsecond accuracy.

	  The default measurement method is a maximum search, which is
	  disabled by default and can be runtime (re-)started
	  via:

	      echo 0 > /sys/kernel/debug/tracing/tracing_max_latency

	  (Note that kernel size and overhead increase with this option
	  enabled. This option and the preempt-off timing option can be
	  used together or separately.)

config KERNEL_PREEMPT_TRACER
	bool "Preemption-off Latency Tracer"
	depends on KERNEL_FTRACE
	help
	  This option measures the time spent in preemption-off critical
	  sections, with microsecond accuracy.

	  The default measurement method is a maximum search, which is
	  disabled by default and can be runtime (re-)started
	  via:

	      echo 0 > /sys/kernel/debug/tracing/tracing_max_latency

	  (Note that kernel size and overhead increase with this option
	  enabled. This option and the irqs-off timing option can be
	  used together or separately.)

config KERNEL_HIST_TRIGGERS
	bool "Histogram triggers"
	depends on KERNEL_FTRACE
	help
	  Hist triggers allow one or more arbitrary trace event fields to be
	  aggregated into hash tables and dumped to stdout by reading a
	  debugfs/tracefs file. They're useful for gathering quick and dirty
	  (though precise) summaries of event activity as an initial guide for
	  further investigation using more advanced tools.

	  Inter-event tracing of quantities such as latencies is also
	  supported using hist triggers under this option.

config KERNEL_DEBUG_KERNEL
	bool

config KERNEL_DEBUG_INFO
	bool "Compile the kernel with debug information"
	default y if !SMALL_FLASH
	select KERNEL_DEBUG_KERNEL
	help
	  This will compile your kernel and modules with debug information.

config KERNEL_DEBUG_INFO_BTF

	bool "Enable additional BTF type information"
	depends on !HOST_OS_MACOS
	depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
	select DWARVES
	help
	  Generate BPF Type Format (BTF) information from DWARF debug info.
	  Turning this on expects presence of pahole tool, which will convert
	  DWARF type info into equivalent deduplicated BTF type info.

	  Required to run BPF CO-RE applications.

config KERNEL_DEBUG_INFO_REDUCED
	bool "Reduce debugging information"
	default y
	depends on KERNEL_DEBUG_INFO
	help
	  If you say Y here gcc is instructed to generate less debugging
	  information for structure types. This means that tools that
	  need full debugging information (like kgdb or systemtap) won't
	  be happy. But if you merely need debugging information to
	  resolve line numbers there is no loss. Advantage is that
	  build directory object sizes shrink dramatically over a full
	  DEBUG_INFO build and compile times are reduced too.
	  Only works with newer gcc versions.

config KERNEL_FRAME_WARN
	int
	range 0 8192
	default 1280 if KERNEL_KASAN && !ARCH_64BIT
	default 1024 if !ARCH_64BIT
	default 2048 if ARCH_64BIT
	help
	  Tell the compiler to warn at build time for stack frames larger than this.
	  Setting this too low will cause a lot of warnings.
	  Setting it to 0 disables the warning.

# KERNEL_DEBUG_LL symbols must have the default value set as otherwise
# KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
# which means that buildroot wont override the DEBUG_LL symbols in target
# kernel configurations and lead to devices that dont have working console
config KERNEL_DEBUG_LL_UART_NONE
	bool
	default n
	depends on arm

config KERNEL_DEBUG_LL
	bool
	default n
	depends on arm
	select KERNEL_DEBUG_LL_UART_NONE
	help
	  ARM low level debugging.

config KERNEL_DEBUG_VIRTUAL
	bool "Compile the kernel with VM translations debugging"
	select KERNEL_DEBUG_KERNEL
	help
	  Enable checks sanity checks to catch invalid uses of
	  virt_to_phys()/phys_to_virt() against the non-linear address space.

config KERNEL_DYNAMIC_DEBUG
	bool "Compile the kernel with dynamic printk"
	select KERNEL_DEBUG_FS
	help
	  Compiles debug level messages into the kernel, which would not
	  otherwise be available at runtime. These messages can then be
	  enabled/disabled based on various levels of scope - per source file,
	  function, module, format string, and line number. This mechanism
	  implicitly compiles in all pr_debug() and dev_dbg() calls, which
	  enlarges the kernel text size by about 2%.

config KERNEL_EARLY_PRINTK
	bool "Compile the kernel with early printk"
	default y if TARGET_bcm53xx
	depends on arm
	select KERNEL_DEBUG_KERNEL
	select KERNEL_DEBUG_LL if arm
	help
	  Compile the kernel with early printk support.  This is only useful for
	  debugging purposes to send messages over the serial console in early boot.
	  Enable this to debug early boot problems.

config KERNEL_KPROBES
	bool "Compile the kernel with kprobes support"
	select KERNEL_FTRACE
	select KERNEL_PERF_EVENTS
	help
	  Compiles the kernel with KPROBES support, which allows you to trap
	  at almost any kernel address and execute a callback function.
	  register_kprobe() establishes a probepoint and specifies the
	  callback. Kprobes is useful for kernel debugging, non-intrusive
	  instrumentation and testing.
	  If in doubt, say "N".

config KERNEL_KPROBE_EVENTS
	bool
	default y if KERNEL_KPROBES

config KERNEL_BPF_EVENTS
	bool "Compile the kernel with BPF event support"
	select KERNEL_KPROBES
	help
	  Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
	  This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
	  for sending data from BPF programs to user-space for post-processing
	  or logging.

config KERNEL_BPF_KPROBE_OVERRIDE
	bool
	depends on KERNEL_KPROBES
	default n

config KERNEL_AIO
	bool "Compile the kernel with asynchronous IO support"
	default y if !SMALL_FLASH

config KERNEL_IO_URING
	bool "Compile the kernel with io_uring support"
	depends on !SMALL_FLASH
	default y if (x86_64 || aarch64)

config KERNEL_FHANDLE
	bool "Compile the kernel with support for fhandle syscalls"
	default y if !SMALL_FLASH

config KERNEL_FANOTIFY
	bool "Compile the kernel with modern file notification support"
	default y if !SMALL_FLASH

config KERNEL_BLK_DEV_BSG
	bool "Compile the kernel with SCSI generic v4 support for any block device"

config KERNEL_TRANSPARENT_HUGEPAGE
	bool

choice
	prompt "Transparent Hugepage Support sysfs defaults"
	depends on KERNEL_TRANSPARENT_HUGEPAGE
	default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS

	config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
		bool "always"

	config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
		bool "madvise"
endchoice

config KERNEL_HUGETLBFS
	bool

config KERNEL_HUGETLB_PAGE
	bool "Compile the kernel with HugeTLB support"
	select KERNEL_TRANSPARENT_HUGEPAGE
	select KERNEL_HUGETLBFS

config KERNEL_MAGIC_SYSRQ
	bool "Compile the kernel with SysRq support"
	default y

config KERNEL_DEBUG_PINCTRL
	bool "Compile the kernel with pinctrl debugging"
	select KERNEL_DEBUG_KERNEL

config KERNEL_DEBUG_GPIO
	bool "Compile the kernel with gpio debugging"
	select KERNEL_DEBUG_KERNEL

config KERNEL_COREDUMP
	bool

config KERNEL_ELF_CORE
	bool "Enable process core dump support"
	select KERNEL_COREDUMP
	default y if !SMALL_FLASH

config KERNEL_PROVE_LOCKING
	bool "Enable kernel lock checking"
	select KERNEL_DEBUG_KERNEL

config KERNEL_SOFTLOCKUP_DETECTOR
	bool "Compile the kernel with detect Soft Lockups"
	depends on KERNEL_DEBUG_KERNEL
	help
	  Say Y here to enable the kernel to act as a watchdog to detect
	  soft lockups.

	  Softlockups are bugs that cause the kernel to loop in kernel
	  mode for more than 20 seconds, without giving other tasks a
	  chance to run.  The current stack trace is displayed upon
	  detection and the system will stay locked up.

config KERNEL_HARDLOCKUP_DETECTOR
	bool "Compile the kernel with detect Hard Lockups"
	depends on KERNEL_DEBUG_KERNEL
	help
	  Say Y here to enable the kernel to act as a watchdog to detect
	  hard lockups.

	  Hardlockups are bugs that cause the CPU to loop in kernel mode
	  for more than 10 seconds, without letting other interrupts have a
	  chance to run.  The current stack trace is displayed upon detection
	  and the system will stay locked up.

config KERNEL_DETECT_HUNG_TASK
	bool "Compile the kernel with detect Hung Tasks"
	depends on KERNEL_DEBUG_KERNEL
	default KERNEL_SOFTLOCKUP_DETECTOR
	help
	  Say Y here to enable the kernel to detect "hung tasks",
	  which are bugs that cause the task to be stuck in
	  uninterruptible "D" state indefinitely.

	  When a hung task is detected, the kernel will print the
	  current stack trace (which you should report), but the
	  task will stay in uninterruptible state. If lockdep is
	  enabled then all held locks will also be reported. This
	  feature has negligible overhead.

config KERNEL_WQ_WATCHDOG
	bool "Compile the kernel with detect Workqueue Stalls"
	depends on KERNEL_DEBUG_KERNEL
	help
	  Say Y here to enable stall detection on workqueues.  If a
	  worker pool doesn't make forward progress on a pending work
	  item for over a given amount of time, 30s by default, a
	  warning message is printed along with dump of workqueue
	  state.  This can be configured through kernel parameter
	  "workqueue.watchdog_thresh" and its sysfs counterpart.

config KERNEL_DEBUG_ATOMIC_SLEEP
	bool "Compile the kernel with sleep inside atomic section checking"
	depends on KERNEL_DEBUG_KERNEL
	help
	  If you say Y here, various routines which may sleep will become very
	  noisy if they are called inside atomic sections: when a spinlock is
	  held, inside an rcu read side critical section, inside preempt disabled
	  sections, inside an interrupt, etc...

config KERNEL_DEBUG_VM
	bool "Compile the kernel with debug VM"
	depends on KERNEL_DEBUG_KERNEL
	help
	  Enable this to turn on extended checks in the virtual-memory system
          that may impact performance.

	  If unsure, say N.

config KERNEL_PRINTK_TIME
	bool "Enable printk timestamps"
	default y

config KERNEL_SLUB_DEBUG
	bool

config KERNEL_SLUB_DEBUG_ON
	bool

config KERNEL_SLABINFO
	select KERNEL_SLUB_DEBUG
	select KERNEL_SLUB_DEBUG_ON
	bool "Enable /proc slab debug info"

config KERNEL_PROC_PAGE_MONITOR
	bool "Enable /proc page monitoring"

config KERNEL_RELAY
	bool

config KERNEL_KEXEC
	bool "Enable kexec support"

config KERNEL_PROC_VMCORE
	bool

config KERNEL_PROC_KCORE
	bool

config KERNEL_CRASH_DUMP
	depends on i386 || x86_64 || arm || armeb
	select KERNEL_KEXEC
	select KERNEL_PROC_VMCORE
	select KERNEL_PROC_KCORE
	bool "Enable support for kexec crashdump"
	default y

config USE_RFKILL
	bool "Enable rfkill support"
	default RFKILL_SUPPORT

config USE_SPARSE
	bool "Enable sparse check during kernel build"

config KERNEL_DEVTMPFS
	bool "Compile the kernel with device tmpfs enabled"
	help
	  devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
	  devices nodes for all registered devices to simplify boot, but leaves more
	  complex tasks to userspace (e.g. udev).

if KERNEL_DEVTMPFS

	config KERNEL_DEVTMPFS_MOUNT
		bool "Automatically mount devtmpfs after root filesystem is mounted"

endif

config KERNEL_KEYS
	bool "Enable kernel access key retention support"
	default !SMALL_FLASH

config KERNEL_PERSISTENT_KEYRINGS
	bool "Enable kernel persistent keyrings"
	depends on KERNEL_KEYS

config KERNEL_KEYS_REQUEST_CACHE
	bool "Enable temporary caching of the last request_key() result"
	depends on KERNEL_KEYS

config KERNEL_BIG_KEYS
	bool "Enable large payload keys on kernel keyrings"
	depends on KERNEL_KEYS

#
# CGROUP support symbols
#

config KERNEL_CGROUPS
	bool "Enable kernel cgroups"
	default y if !SMALL_FLASH

if KERNEL_CGROUPS

	config KERNEL_CGROUP_DEBUG
		bool "Example debug cgroup subsystem"
		help
		  This option enables a simple cgroup subsystem that
		  exports useful debugging information about the cgroups
		  framework.

	config KERNEL_FREEZER
		bool

	config KERNEL_CGROUP_FREEZER
		bool "legacy Freezer cgroup subsystem"
		select KERNEL_FREEZER
		help
		  Provides a way to freeze and unfreeze all tasks in a
		  cgroup.
		  (legacy cgroup1-only controller, in cgroup2 freezer
		  is integrated in the Memory controller)

	config KERNEL_CGROUP_DEVICE
		bool "legacy Device controller for cgroups"
		help
		  Provides a cgroup implementing whitelists for devices which
		  a process in the cgroup can mknod or open.
		  (legacy cgroup1-only controller)

	config KERNEL_CGROUP_HUGETLB
		bool "HugeTLB controller"
		select KERNEL_HUGETLB_PAGE

	config KERNEL_CGROUP_PIDS
		bool "PIDs cgroup subsystem"
		default y
		help
		  Provides enforcement of process number limits in the scope of a
		  cgroup.

	config KERNEL_CGROUP_RDMA
		bool "RDMA controller for cgroups"
		default y

	config KERNEL_CGROUP_BPF
		bool "Support for eBPF programs attached to cgroups"
		default y

	config KERNEL_CPUSETS
		bool "Cpuset support"
		default y
		help
		  This option will let you create and manage CPUSETs which
		  allow dynamically partitioning a system into sets of CPUs and
		  Memory Nodes and assigning tasks to run only within those sets.
		  This is primarily useful on large SMP or NUMA systems.

	config KERNEL_PROC_PID_CPUSET
		bool "Include legacy /proc/<pid>/cpuset file"
		depends on KERNEL_CPUSETS

	config KERNEL_CGROUP_CPUACCT
		bool "Simple CPU accounting cgroup subsystem"
		default y
		help
		  Provides a simple Resource Controller for monitoring the
		  total CPU consumed by the tasks in a cgroup.

	config KERNEL_RESOURCE_COUNTERS
		bool "Resource counters"
		default y
		help
		  This option enables controller independent resource accounting
		  infrastructure that works with cgroups.

	config KERNEL_MM_OWNER
		bool
		default y if KERNEL_MEMCG

	config KERNEL_MEMCG
		bool "Memory Resource Controller for Control Groups"
		default y
		select KERNEL_FREEZER
		depends on KERNEL_RESOURCE_COUNTERS
		help
		  Provides a memory resource controller that manages both anonymous
		  memory and page cache. (See Documentation/cgroups/memory.txt)

		  Note that setting this option increases fixed memory overhead
		  associated with each page of memory in the system. By this,
		  20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
		  usage tracking struct at boot. Total amount of this is printed out
		  at boot.

		  Only enable when you're ok with these tradeoffs and really
		  sure you need the memory resource controller. Even when you enable
		  this, you can set "cgroup_disable=memory" at your boot option to
		  disable memory resource controller and you can avoid overheads
		  (but lose benefits of memory resource controller).

		  This config option also selects MM_OWNER config option, which
		  could in turn add some fork/exit overhead.

	config KERNEL_MEMCG_SWAP
		bool "Memory Resource Controller Swap Extension"
		default y
		depends on KERNEL_MEMCG
		help
		  Add swap management feature to memory resource controller. When you
		  enable this, you can limit mem+swap usage per cgroup. In other words,
		  when you disable this, memory resource controller has no cares to
		  usage of swap...a process can exhaust all of the swap. This extension
		  is useful when you want to avoid exhaustion swap but this itself
		  adds more overheads and consumes memory for remembering information.
		  Especially if you use 32bit system or small memory system, please
		  be careful about enabling this. When memory resource controller
		  is disabled by boot option, this will be automatically disabled and
		  there will be no overhead from this. Even when you set this config=y,
		  if boot option "swapaccount=0" is set, swap will not be accounted.
		  Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
		  size is 4096bytes, 512k per 1Gbytes of swap.

	config KERNEL_MEMCG_SWAP_ENABLED
		bool "Memory Resource Controller Swap Extension enabled by default"
		depends on KERNEL_MEMCG_SWAP
		help
		  Memory Resource Controller Swap Extension comes with its price in
		  a bigger memory consumption. General purpose distribution kernels
		  which want to enable the feature but keep it disabled by default
		  and let the user enable it by swapaccount boot command line
		  parameter should have this option unselected.

		  Those who want to have the feature enabled by default should
		  select this option (if, for some reason, they need to disable it,
		  then swapaccount=0 does the trick).


	config KERNEL_MEMCG_KMEM
		bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
		default y
		depends on KERNEL_MEMCG
		help
		  The Kernel Memory extension for Memory Resource Controller can limit
		  the amount of memory used by kernel objects in the system. Those are
		  fundamentally different from the entities handled by the standard
		  Memory Controller, which are page-based, and can be swapped. Users of
		  the kmem extension can use it to guarantee that no group of processes
		  will ever exhaust kernel resources alone.

	config KERNEL_CGROUP_PERF
		bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
		select KERNEL_PERF_EVENTS
		help
		  This option extends the per-cpu mode to restrict monitoring to
		  threads which belong to the cgroup specified and run on the
		  designated cpu.

	menuconfig KERNEL_CGROUP_SCHED
		bool "Group CPU scheduler"
		default y
		help
		  This feature lets CPU scheduler recognize task groups and control CPU
		  bandwidth allocation to such task groups. It uses cgroups to group
		  tasks.

	if KERNEL_CGROUP_SCHED

		config KERNEL_FAIR_GROUP_SCHED
			bool "Group scheduling for SCHED_OTHER"
			default y

		config KERNEL_CFS_BANDWIDTH
			bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
			default y
			depends on KERNEL_FAIR_GROUP_SCHED
			help
			  This option allows users to define CPU bandwidth rates (limits) for
			  tasks running within the fair group scheduler.  Groups with no limit
			  set are considered to be unconstrained and will run with no
			  restriction.
			  See tip/Documentation/scheduler/sched-bwc.txt for more information.

		config KERNEL_RT_GROUP_SCHED
			bool "Group scheduling for SCHED_RR/FIFO"
			default y
			help
			  This feature lets you explicitly allocate real CPU bandwidth
			  to task groups. If enabled, it will also make it impossible to
			  schedule realtime tasks for non-root users until you allocate
			  realtime bandwidth for them.

	endif

	config KERNEL_BLK_CGROUP
		bool "Block IO controller"
		default y
		help
		  Generic block IO controller cgroup interface. This is the common
		  cgroup interface which should be used by various IO controlling
		  policies.

		  Currently, CFQ IO scheduler uses it to recognize task groups and
		  control disk bandwidth allocation (proportional time slice allocation)
		  to such task groups. It is also used by bio throttling logic in
		  block layer to implement upper limit in IO rates on a device.

		  This option only enables generic Block IO controller infrastructure.
		  One needs to also enable actual IO controlling logic/policy. For
		  enabling proportional weight division of disk bandwidth in CFQ, set
		  CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
		  CONFIG_BLK_DEV_THROTTLING=y.

	if KERNEL_BLK_CGROUP

		config KERNEL_CFQ_GROUP_IOSCHED
			bool "Proportional weight of disk bandwidth in CFQ"

		config KERNEL_BLK_DEV_THROTTLING
			bool "Enable throttling policy"
			default y

		config KERNEL_BLK_DEV_THROTTLING_LOW
			bool "Block throttling .low limit interface support (EXPERIMENTAL)"
			depends on KERNEL_BLK_DEV_THROTTLING
	endif

	config KERNEL_DEBUG_BLK_CGROUP
		bool "Enable Block IO controller debugging"
		depends on KERNEL_BLK_CGROUP
		help
		  Enable some debugging help. Currently it exports additional stat
		  files in a cgroup which can be useful for debugging.

	config KERNEL_NET_CLS_CGROUP
		bool "legacy Control Group Classifier"

	config KERNEL_CGROUP_NET_CLASSID
		bool "legacy Network classid cgroup"

	config KERNEL_CGROUP_NET_PRIO
		bool "legacy Network priority cgroup"

endif

#
# Namespace support symbols
#

config KERNEL_NAMESPACES
	bool "Enable kernel namespaces"
	default y if !SMALL_FLASH

if KERNEL_NAMESPACES

	config KERNEL_UTS_NS
		bool "UTS namespace"
		default y
		help
		  In this namespace, tasks see different info provided
		  with the uname() system call.

	config KERNEL_IPC_NS
		bool "IPC namespace"
		default y
		help
		  In this namespace, tasks work with IPC ids which correspond to
		  different IPC objects in different namespaces.

	config KERNEL_USER_NS
		bool "User namespace (EXPERIMENTAL)"
		default y
		help
		  This allows containers, i.e. vservers, to use user namespaces
		  to provide different user info for different servers.

	config KERNEL_PID_NS
		bool "PID Namespaces"
		default y
		help
		  Support process id namespaces. This allows having multiple
		  processes with the same pid as long as they are in different
		  pid namespaces. This is a building block of containers.

	config KERNEL_NET_NS
		bool "Network namespace"
		default y
		help
		  Allow user space to create what appear to be multiple instances
		  of the network stack.

endif

config KERNEL_DEVPTS_MULTIPLE_INSTANCES
	bool "Support multiple instances of devpts"
	default y if !SMALL_FLASH
	help
	  Enable support for multiple instances of devpts filesystem.
	  If you want to have isolated PTY namespaces (eg: in containers),
	  say Y here. Otherwise, say N. If enabled, each mount of devpts
	  filesystem with the '-o newinstance' option will create an
	  independent PTY namespace.

config KERNEL_POSIX_MQUEUE
	bool "POSIX Message Queues"
	default y if !SMALL_FLASH
	help
	  POSIX variant of message queues is a part of IPC. In POSIX message
	  queues every message has a priority which decides about succession
	  of receiving it by a process. If you want to compile and run
	  programs written e.g. for Solaris with use of its POSIX message
	  queues (functions mq_*) say Y here.

	  POSIX message queues are visible as a filesystem called 'mqueue'
	  and can be mounted somewhere if you want to do filesystem
	  operations on message queues.


config KERNEL_SECCOMP_FILTER
	bool
	default y if !SMALL_FLASH

config KERNEL_SECCOMP
	bool "Enable seccomp support"
		depends on !(TARGET_uml)
		select KERNEL_SECCOMP_FILTER
		default y if !SMALL_FLASH
		help
		  Build kernel with support for seccomp.

#
# IPv4 configuration
#

config KERNEL_IP_MROUTE
	bool "Enable IPv4 multicast routing"
	default y
	help
	  Multicast routing requires a multicast routing daemon in
	  addition to kernel support.

if KERNEL_IP_MROUTE

	config KERNEL_IP_MROUTE_MULTIPLE_TABLES
		def_bool y

	config KERNEL_IP_PIMSM_V1
		def_bool y

	config KERNEL_IP_PIMSM_V2
		def_bool y

endif

#
# IPv6 configuration
#

config KERNEL_IPV6
	def_bool IPV6

if KERNEL_IPV6

	config KERNEL_IPV6_MULTIPLE_TABLES
		def_bool y

	config KERNEL_IPV6_SUBTREES
		def_bool y

	config KERNEL_IPV6_MROUTE
		bool "Enable IPv6 multicast routing"
		default y
		help
		  Multicast routing requires a multicast routing daemon in
		  addition to kernel support.

	if KERNEL_IPV6_MROUTE

		config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
			def_bool y

		config KERNEL_IPV6_PIMSM_V2
			def_bool y

	endif

	config KERNEL_IPV6_SEG6_LWTUNNEL
		bool "Enable support for lightweight tunnels"
		default y if !SMALL_FLASH
		help
		  Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.

	config KERNEL_LWTUNNEL_BPF
		def_bool n

endif

#
# Miscellaneous network configuration
#

config KERNEL_NET_L3_MASTER_DEV
	bool "L3 Master device support"
	help
	  This module provides glue between core networking code and device
	  drivers to support L3 master devices like VRF.

config KERNEL_XDP_SOCKETS
	bool "XDP sockets support"
	help
	  XDP sockets allows a channel between XDP programs and
	  userspace applications.

config KERNEL_WIRELESS_EXT
	def_bool n

config KERNEL_WEXT_CORE
	def_bool KERNEL_WIRELESS_EXT

config KERNEL_WEXT_PRIV
	def_bool KERNEL_WIRELESS_EXT

config KERNEL_WEXT_PROC
	def_bool KERNEL_WIRELESS_EXT

config KERNEL_WEXT_SPY
	def_bool KERNEL_WIRELESS_EXT

config KERNEL_PAGE_POOL
	def_bool n

config KERNEL_PAGE_POOL_STATS
	bool "Page pool stats support"
	depends on KERNEL_PAGE_POOL

#
# NFS related symbols
#
config KERNEL_IP_PNP
	bool "Compile the kernel with rootfs on NFS"
	help
	   If you want to make your kernel boot off a NFS server as root
	   filesystem, select Y here.

if KERNEL_IP_PNP

	config KERNEL_IP_PNP_DHCP
		def_bool y

	config KERNEL_IP_PNP_BOOTP
		def_bool n

	config KERNEL_IP_PNP_RARP
		def_bool n

	config KERNEL_NFS_FS
		def_bool y

	config KERNEL_NFS_V2
		def_bool y

	config KERNEL_NFS_V3
		def_bool y

	config KERNEL_ROOT_NFS
		def_bool y

endif

menu "Filesystem ACL and attr support options"
	config USE_FS_ACL_ATTR
		bool "Use filesystem ACL and attr support by default"
		help
		  Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
		  for kernel and packages, except tmpfs, flash filesystems,
		  and old NFS.  Also enable userspace extended attribute support
		  by default.  (libreCMC already has an expection it will be
		  present in the kernel).

	config KERNEL_FS_POSIX_ACL
		bool "Enable POSIX ACL support"
		default y if USE_FS_ACL_ATTR

	config KERNEL_BTRFS_FS_POSIX_ACL
		bool "Enable POSIX ACL for BtrFS Filesystems"
		select KERNEL_FS_POSIX_ACL
		default y if USE_FS_ACL_ATTR

	config KERNEL_EXT4_FS_POSIX_ACL
		bool "Enable POSIX ACL for Ext4 Filesystems"
		select KERNEL_FS_POSIX_ACL
		default y if USE_FS_ACL_ATTR

	config KERNEL_F2FS_FS_POSIX_ACL
		bool "Enable POSIX ACL for F2FS Filesystems"
		select KERNEL_FS_POSIX_ACL

	config KERNEL_JFFS2_FS_POSIX_ACL
		bool "Enable POSIX ACL for JFFS2 Filesystems"
		select KERNEL_FS_POSIX_ACL

	config KERNEL_TMPFS_POSIX_ACL
		bool "Enable POSIX ACL for TMPFS Filesystems"
		select KERNEL_FS_POSIX_ACL

	config KERNEL_CIFS_ACL
		bool "Enable CIFS ACLs"
		select KERNEL_FS_POSIX_ACL
		default y if USE_FS_ACL_ATTR

	config KERNEL_HFS_FS_POSIX_ACL
		bool "Enable POSIX ACL for HFS Filesystems"
		select KERNEL_FS_POSIX_ACL
		default y if USE_FS_ACL_ATTR

	config KERNEL_HFSPLUS_FS_POSIX_ACL
		bool "Enable POSIX ACL for HFS+ Filesystems"
		select KERNEL_FS_POSIX_ACL
		default y if USE_FS_ACL_ATTR

	config KERNEL_NFS_ACL_SUPPORT
		bool "Enable ACLs for NFS"
		default y if USE_FS_ACL_ATTR

	config KERNEL_NFS_V3_ACL_SUPPORT
		bool "Enable ACLs for NFSv3"

	config KERNEL_NFSD_V2_ACL_SUPPORT
		bool "Enable ACLs for NFSDv2"

	config KERNEL_NFSD_V3_ACL_SUPPORT
		bool "Enable ACLs for NFSDv3"

	config KERNEL_REISER_FS_POSIX_ACL
		bool "Enable POSIX ACLs for ReiserFS"
		select KERNEL_FS_POSIX_ACL
		default y if USE_FS_ACL_ATTR

	config KERNEL_XFS_POSIX_ACL
		bool "Enable POSIX ACLs for XFS"
		select KERNEL_FS_POSIX_ACL
		default y if USE_FS_ACL_ATTR

	config KERNEL_JFS_POSIX_ACL
		bool "Enable POSIX ACLs for JFS"
		select KERNEL_FS_POSIX_ACL
		default y if USE_FS_ACL_ATTR

endmenu

config KERNEL_DEVMEM
	bool "/dev/mem virtual device support"
	help
	  Say Y here if you want to support the /dev/mem device.
	  The /dev/mem device is used to access areas of physical
	  memory.

config KERNEL_DEVKMEM
	bool "/dev/kmem virtual device support"
	help
	  Say Y here if you want to support the /dev/kmem device. The
	  /dev/kmem device is rarely used, but can be used for certain
	  kind of kernel debugging operations.

config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
	int "Number of squashfs fragments cached"
	default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
	default 3

config KERNEL_SQUASHFS_XATTR
	bool "Squashfs XATTR support"

#
# compile optimization setting
#
choice
	prompt "Compiler optimization level"
	default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH

config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
	bool "Optimize for performance"
	help
	  This is the default optimization level for the kernel, building
	  with the "-O2" compiler flag for best performance and most
	  helpful compile-time warnings.

config KERNEL_CC_OPTIMIZE_FOR_SIZE
	bool "Optimize for size"
	help
	  Enabling this option will pass "-Os" instead of "-O2" to
	  your compiler resulting in a smaller kernel.

endchoice

config KERNEL_AUDIT
	bool "Auditing support"

config KERNEL_SECURITY
	bool "Enable different security models"

config KERNEL_SECURITY_NETWORK
	bool "Socket and Networking Security Hooks"
	select KERNEL_SECURITY

config KERNEL_SECURITY_SELINUX
	bool "NSA SELinux Support"
	select KERNEL_SECURITY_NETWORK
	select KERNEL_AUDIT

config KERNEL_SECURITY_SELINUX_BOOTPARAM
	bool "NSA SELinux boot parameter"
	depends on KERNEL_SECURITY_SELINUX
	default y

config KERNEL_SECURITY_SELINUX_DISABLE
	bool "NSA SELinux runtime disable"
	depends on KERNEL_SECURITY_SELINUX

config KERNEL_SECURITY_SELINUX_DEVELOP
	bool "NSA SELinux Development Support"
	depends on KERNEL_SECURITY_SELINUX
	default y

config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
	int
	depends on KERNEL_SECURITY_SELINUX
	default 9

config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
	int
	depends on KERNEL_SECURITY_SELINUX
	default 256

config KERNEL_LSM
	string
	default "lockdown,yama,loadpin,safesetid,integrity,selinux"
	depends on KERNEL_SECURITY_SELINUX

config KERNEL_EXT4_FS_SECURITY
	bool "Ext4 Security Labels"

config KERNEL_F2FS_FS_SECURITY
	bool "F2FS Security Labels"

config KERNEL_UBIFS_FS_SECURITY
	bool "UBIFS Security Labels"

config KERNEL_JFFS2_FS_SECURITY
	bool "JFFS2 Security Labels"

config KERNEL_WERROR
	bool "Compile the kernel with warnings as errors"
	default BUILDBOT
	default y if GCC_USE_VERSION_12
	help
	  A kernel build should not cause any compiler warnings, and this
	  enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
	  to enforce that rule by default. Certain warnings from other tools
	  such as the linker may be upgraded to errors with this option as
	  well.

	  However, if you have a new (or very old) compiler or linker with odd
	  and unusual warnings, or you have some architecture with problems,
	  you may need to disable this config option in order to
	  successfully build the kernel.