build: Add option KERNEL_KASAN

[oweals/openwrt.git] / config / Config-kernel.in

# Copyright (C) 2006-2014 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

config KERNEL_BUILD_USER
        string "Custom Kernel Build User Name"
        default "builder" if BUILDBOT
        default ""
        help
          Sets the Kernel build user string, which for example will be returned
          by 'uname -a' on running systems.
          If not set, uses system user at build time.

config KERNEL_BUILD_DOMAIN
        string "Custom Kernel Build Domain Name"
        default "buildhost" if BUILDBOT
        default ""
        help
          Sets the Kernel build domain string, which for example will be
          returned by 'uname -a' on running systems.
          If not set, uses system hostname at build time.

config KERNEL_PRINTK
        bool "Enable support for printk"
        default y

config KERNEL_CRASHLOG
        bool "Crash logging"
        depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
        default y

config KERNEL_SWAP
        bool "Support for paging of anonymous memory (swap)"
        default y if !SMALL_FLASH

config KERNEL_DEBUG_FS
        bool "Compile the kernel with debug filesystem enabled"
        default y
        help
          debugfs is a virtual file system that kernel developers use to put
          debugging files into. Enable this option to be able to read and
          write to these files. Many common debugging facilities, such as
          ftrace, require the existence of debugfs.

config KERNEL_MIPS_FPU_EMULATOR
        bool "Compile the kernel with MIPS FPU Emulator"
        default y if TARGET_pistachio
        depends on (mips || mipsel || mips64 || mips64el)

config KERNEL_ARM_PMU
        bool
        default n
        depends on (arm || aarch64)

config KERNEL_X86_VSYSCALL_EMULATION
        bool "Enable vsyscall emulation"
        default n
        depends on x86_64
        help
          This enables emulation of the legacy vsyscall page.  Disabling
          it is roughly equivalent to booting with vsyscall=none, except
          that it will also disable the helpful warning if a program
          tries to use a vsyscall.  With this option set to N, offending
          programs will just segfault, citing addresses of the form
          0xffffffffff600?00.

          This option is required by many programs built before 2013, and
          care should be used even with newer programs if set to N.

          Disabling this option saves about 7K of kernel size and
          possibly 4K of additional runtime pagetable memory.

config KERNEL_PERF_EVENTS
        bool "Compile the kernel with performance events and counters"
        default n
        select KERNEL_ARM_PMU if (arm || aarch64)

config KERNEL_PROFILING
        bool "Compile the kernel with profiling enabled"
        default n
        select KERNEL_PERF_EVENTS
        help
          Enable the extended profiling support mechanisms used by profilers such
          as OProfile.

config KERNEL_UBSAN
        bool "Compile the kernel with undefined behaviour sanity checker"
        help
          This option enables undefined behaviour sanity checker
          Compile-time instrumentation is used to detect various undefined
          behaviours in runtime. Various types of checks may be enabled
          via boot parameter ubsan_handle
          (see: Documentation/dev-tools/ubsan.rst).

config KERNEL_UBSAN_SANITIZE_ALL
        bool "Enable instrumentation for the entire kernel"
        depends on KERNEL_UBSAN
        default y
        help
          This option activates instrumentation for the entire kernel.
          If you don't enable this option, you have to explicitly specify
          UBSAN_SANITIZE := y for the files/directories you want to check for UB.
          Enabling this option will get kernel image size increased
          significantly.

config KERNEL_UBSAN_ALIGNMENT
        bool "Enable checking of pointers alignment"
        depends on KERNEL_UBSAN
        help
          This option enables detection of unaligned memory accesses.
          Enabling this option on architectures that support unaligned
          accesses may produce a lot of false positives.

config KERNEL_UBSAN_NULL
        bool "Enable checking of null pointers"
        depends on KERNEL_UBSAN
        help
          This option enables detection of memory accesses via a
          null pointer.

config KERNEL_KASAN
        bool "Compile the kernel with KASan: runtime memory debugger"
        select KERNEL_SLUB_DEBUG
        depends on (x86_64 || aarch64)
        help
          Enables kernel address sanitizer - runtime memory debugger,
          designed to find out-of-bounds accesses and use-after-free bugs.
          This is strictly a debugging feature and it requires a gcc version
          of 4.9.2 or later. Detection of out of bounds accesses to stack or
          global variables requires gcc 5.0 or later.
          This feature consumes about 1/8 of available memory and brings about
          ~x3 performance slowdown.
          For better error detection enable CONFIG_STACKTRACE.
          Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
          (the resulting kernel does not boot).

config KERNEL_KASAN_EXTRA
        bool "KAsan: extra checks"
        depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
        help
          This enables further checks in the kernel address sanitizer, for now
          it only includes the address-use-after-scope check that can lead
          to excessive kernel stack usage, frame size warnings and longer
          compile time.
          https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more


choice
        prompt "Instrumentation type"
        depends on KERNEL_KASAN
        default KERNEL_KASAN_OUTLINE

config KERNEL_KASAN_OUTLINE
        bool "Outline instrumentation"
        help
          Before every memory access compiler insert function call
          __asan_load*/__asan_store*. These functions performs check
          of shadow memory. This is slower than inline instrumentation,
          however it doesn't bloat size of kernel's .text section so
          much as inline does.

config KERNEL_KASAN_INLINE
        bool "Inline instrumentation"
        help
          Compiler directly inserts code checking shadow memory before
          memory accesses. This is faster than outline (in some workloads
          it gives about x2 boost over outline instrumentation), but
          make kernel's .text size much bigger.
          This requires a gcc version of 5.0 or later.

endchoice

config KERNEL_TASKSTATS
        bool "Compile the kernel with task resource/io statistics and accounting"
        default n
        help
          Enable the collection and publishing of task/io statistics and
          accounting.  Enable this option to enable i/o monitoring in system
          monitors.

if KERNEL_TASKSTATS

        config KERNEL_TASK_DELAY_ACCT
                def_bool y

        config KERNEL_TASK_IO_ACCOUNTING
                def_bool y

        config KERNEL_TASK_XACCT
                def_bool y

endif

config KERNEL_KALLSYMS
        bool "Compile the kernel with symbol table information"
        default y if !SMALL_FLASH
        help
          This will give you more information in stack traces from kernel oopses.

config KERNEL_FTRACE
        bool "Compile the kernel with tracing support"
        depends on !TARGET_uml
        default n

config KERNEL_FTRACE_SYSCALLS
        bool "Trace system calls"
        depends on KERNEL_FTRACE
        default n

config KERNEL_ENABLE_DEFAULT_TRACERS
        bool "Trace process context switches and events"
        depends on KERNEL_FTRACE
        default n

config KERNEL_FUNCTION_TRACER
        bool "Function tracer"
        depends on KERNEL_FTRACE
        default n

config KERNEL_FUNCTION_GRAPH_TRACER
        bool "Function graph tracer"
        depends on KERNEL_FUNCTION_TRACER
        default n

config KERNEL_DYNAMIC_FTRACE
        bool "Enable/disable function tracing dynamically"
        depends on KERNEL_FUNCTION_TRACER
        default n

config KERNEL_FUNCTION_PROFILER
        bool "Function profiler"
        depends on KERNEL_FUNCTION_TRACER
        default n

config KERNEL_DEBUG_KERNEL
        bool
        default n

config KERNEL_DEBUG_INFO
        bool "Compile the kernel with debug information"
        default y if !SMALL_FLASH
        select KERNEL_DEBUG_KERNEL
        help
          This will compile your kernel and modules with debug information.

config KERNEL_DEBUG_LL_UART_NONE
        bool
        default n
        depends on arm

config KERNEL_DEBUG_LL
        bool
        default n
        depends on arm
        select KERNEL_DEBUG_LL_UART_NONE
        help
          ARM low level debugging.

config KERNEL_DYNAMIC_DEBUG
        bool "Compile the kernel with dynamic printk"
        select KERNEL_DEBUG_FS
        default n
        help
          Compiles debug level messages into the kernel, which would not
          otherwise be available at runtime. These messages can then be
          enabled/disabled based on various levels of scope - per source file,
          function, module, format string, and line number. This mechanism
          implicitly compiles in all pr_debug() and dev_dbg() calls, which
          enlarges the kernel text size by about 2%.

config KERNEL_EARLY_PRINTK
        bool "Compile the kernel with early printk"
        default y if TARGET_bcm53xx
        default n
        depends on arm
        select KERNEL_DEBUG_KERNEL
        select KERNEL_DEBUG_LL if arm
        help
          Compile the kernel with early printk support.  This is only useful for
          debugging purposes to send messages over the serial console in early boot.
          Enable this to debug early boot problems.

config KERNEL_KPROBES
        bool "Compile the kernel with kprobes support"
        default n
        select KERNEL_FTRACE
        select KERNEL_PERF_EVENTS
        help
          Compiles the kernel with KPROBES support, which allows you to trap
          at almost any kernel address and execute a callback function.
          register_kprobe() establishes a probepoint and specifies the
          callback. Kprobes is useful for kernel debugging, non-intrusive
          instrumentation and testing.
          If in doubt, say "N".

config KERNEL_KPROBE_EVENT
        bool
        default y if KERNEL_KPROBES

config KERNEL_KPROBE_EVENTS
        bool
        default y if KERNEL_KPROBES

config KERNEL_AIO
        bool "Compile the kernel with asynchronous IO support"
        default y if !SMALL_FLASH

config KERNEL_FHANDLE
        bool "Compile the kernel with support for fhandle syscalls"
        default y if !SMALL_FLASH

config KERNEL_FANOTIFY
        bool "Compile the kernel with modern file notification support"
        default y if !SMALL_FLASH

config KERNEL_BLK_DEV_BSG
        bool "Compile the kernel with SCSI generic v4 support for any block device"
        default n

config KERNEL_MAGIC_SYSRQ
        bool "Compile the kernel with SysRq support"
        default y

config KERNEL_DEBUG_PINCTRL
        bool "Compile the kernel with pinctrl debugging"
        select KERNEL_DEBUG_KERNEL

config KERNEL_DEBUG_GPIO
        bool "Compile the kernel with gpio debugging"
        select KERNEL_DEBUG_KERNEL

config KERNEL_COREDUMP
        bool

config KERNEL_ELF_CORE
        bool "Enable process core dump support"
        select KERNEL_COREDUMP
        default y if !SMALL_FLASH

config KERNEL_PROVE_LOCKING
        bool "Enable kernel lock checking"
        select KERNEL_DEBUG_KERNEL
        default n

config KERNEL_PRINTK_TIME
        bool "Enable printk timestamps"
        default y

config KERNEL_SLUB_DEBUG
        bool

config KERNEL_SLUB_DEBUG_ON
        bool

config KERNEL_SLABINFO
        select KERNEL_SLUB_DEBUG
        select KERNEL_SLUB_DEBUG_ON
        bool "Enable /proc slab debug info"

config KERNEL_PROC_PAGE_MONITOR
        bool "Enable /proc page monitoring"

config KERNEL_RELAY
        bool

config KERNEL_KEXEC
        bool "Enable kexec support"

config KERNEL_PROC_VMCORE
        bool

config KERNEL_CRASH_DUMP
        depends on i386 || x86_64 || arm || armeb
        select KERNEL_KEXEC
        select KERNEL_PROC_VMCORE
        bool "Enable support for kexec crashdump"
        default y

config USE_RFKILL
        bool "Enable rfkill support"
        default RFKILL_SUPPORT

config USE_SPARSE
        bool "Enable sparse check during kernel build"
        default n

config KERNEL_DEVTMPFS
        bool "Compile the kernel with device tmpfs enabled"
        default n
        help
          devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
          devices nodes for all registered devices to simplify boot, but leaves more
          complex tasks to userspace (e.g. udev).

if KERNEL_DEVTMPFS

        config KERNEL_DEVTMPFS_MOUNT
                bool "Automatically mount devtmpfs after root filesystem is mounted"
                default n

endif

config KERNEL_KEYS
    bool "Enable kernel access key retention support"
    default n

config KERNEL_PERSISTENT_KEYRINGS
    bool "Enable kernel persistent keyrings"
    depends on KERNEL_KEYS
    default n

config KERNEL_BIG_KEYS
    bool "Enable large payload keys on kernel keyrings"
    depends on KERNEL_KEYS
    default n

config KERNEL_ENCRYPTED_KEYS
    tristate "Enable keys with encrypted payloads on kernel keyrings"
    depends on KERNEL_KEYS
    default n

#
# CGROUP support symbols
#

config KERNEL_CGROUPS
        bool "Enable kernel cgroups"
        default y if !SMALL_FLASH

if KERNEL_CGROUPS

        config KERNEL_CGROUP_DEBUG
                bool "Example debug cgroup subsystem"
                default n
                help
                  This option enables a simple cgroup subsystem that
                  exports useful debugging information about the cgroups
                  framework.

        config KERNEL_FREEZER
                bool
                default y if KERNEL_CGROUP_FREEZER

        config KERNEL_CGROUP_FREEZER
                bool "Freezer cgroup subsystem"
                default y
                help
                  Provides a way to freeze and unfreeze all tasks in a
                  cgroup.

        config KERNEL_CGROUP_DEVICE
                bool "Device controller for cgroups"
                default y
                help
                  Provides a cgroup implementing whitelists for devices which
                  a process in the cgroup can mknod or open.

        config KERNEL_CGROUP_PIDS
                bool "PIDs cgroup subsystem"
                default y
                help
                  Provides enforcement of process number limits in the scope of a
                  cgroup.

        config KERNEL_CPUSETS
                bool "Cpuset support"
                default y if !SMALL_FLASH
                help
                  This option will let you create and manage CPUSETs which
                  allow dynamically partitioning a system into sets of CPUs and
                  Memory Nodes and assigning tasks to run only within those sets.
                  This is primarily useful on large SMP or NUMA systems.

        config KERNEL_PROC_PID_CPUSET
                bool "Include legacy /proc/<pid>/cpuset file"
                default n
                depends on KERNEL_CPUSETS

        config KERNEL_CGROUP_CPUACCT
                bool "Simple CPU accounting cgroup subsystem"
                default y if !SMALL_FLASH
                help
                  Provides a simple Resource Controller for monitoring the
                  total CPU consumed by the tasks in a cgroup.

        config KERNEL_RESOURCE_COUNTERS
                bool "Resource counters"
                default y if !SMALL_FLASH
                help
                  This option enables controller independent resource accounting
                  infrastructure that works with cgroups.

        config KERNEL_MM_OWNER
                bool
                default y if KERNEL_MEMCG

        config KERNEL_MEMCG
                bool "Memory Resource Controller for Control Groups"
                default y if !SMALL_FLASH
                depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
                help
                  Provides a memory resource controller that manages both anonymous
                  memory and page cache. (See Documentation/cgroups/memory.txt)

                  Note that setting this option increases fixed memory overhead
                  associated with each page of memory in the system. By this,
                  20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
                  usage tracking struct at boot. Total amount of this is printed out
                  at boot.

                  Only enable when you're ok with these tradeoffs and really
                  sure you need the memory resource controller. Even when you enable
                  this, you can set "cgroup_disable=memory" at your boot option to
                  disable memory resource controller and you can avoid overheads
                  (but lose benefits of memory resource controller).

                  This config option also selects MM_OWNER config option, which
                  could in turn add some fork/exit overhead.

        config KERNEL_MEMCG_SWAP
                bool "Memory Resource Controller Swap Extension"
                default n
                depends on KERNEL_MEMCG
                help
                  Add swap management feature to memory resource controller. When you
                  enable this, you can limit mem+swap usage per cgroup. In other words,
                  when you disable this, memory resource controller has no cares to
                  usage of swap...a process can exhaust all of the swap. This extension
                  is useful when you want to avoid exhaustion swap but this itself
                  adds more overheads and consumes memory for remembering information.
                  Especially if you use 32bit system or small memory system, please
                  be careful about enabling this. When memory resource controller
                  is disabled by boot option, this will be automatically disabled and
                  there will be no overhead from this. Even when you set this config=y,
                  if boot option "swapaccount=0" is set, swap will not be accounted.
                  Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
                  size is 4096bytes, 512k per 1Gbytes of swap.

        config KERNEL_MEMCG_SWAP_ENABLED
                bool "Memory Resource Controller Swap Extension enabled by default"
                default n
                depends on KERNEL_MEMCG_SWAP
                help
                  Memory Resource Controller Swap Extension comes with its price in
                  a bigger memory consumption. General purpose distribution kernels
                  which want to enable the feature but keep it disabled by default
                  and let the user enable it by swapaccount boot command line
                  parameter should have this option unselected.

                  Those who want to have the feature enabled by default should
                  select this option (if, for some reason, they need to disable it,
                  then swapaccount=0 does the trick).


        config KERNEL_MEMCG_KMEM
                bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
                default y if !SMALL_FLASH
                depends on KERNEL_MEMCG
                help
                  The Kernel Memory extension for Memory Resource Controller can limit
                  the amount of memory used by kernel objects in the system. Those are
                  fundamentally different from the entities handled by the standard
                  Memory Controller, which are page-based, and can be swapped. Users of
                  the kmem extension can use it to guarantee that no group of processes
                  will ever exhaust kernel resources alone.

        config KERNEL_CGROUP_PERF
                bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
                select KERNEL_PERF_EVENTS
                default n
                help
                  This option extends the per-cpu mode to restrict monitoring to
                  threads which belong to the cgroup specified and run on the
                  designated cpu.

        menuconfig KERNEL_CGROUP_SCHED
                bool "Group CPU scheduler"
                default y if !SMALL_FLASH
                help
                  This feature lets CPU scheduler recognize task groups and control CPU
                  bandwidth allocation to such task groups. It uses cgroups to group
                  tasks.

        if KERNEL_CGROUP_SCHED

                config KERNEL_FAIR_GROUP_SCHED
                        bool "Group scheduling for SCHED_OTHER"
                        default y if !SMALL_FLASH

                config KERNEL_CFS_BANDWIDTH
                        bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
                        default n
                        depends on KERNEL_FAIR_GROUP_SCHED
                        help
                          This option allows users to define CPU bandwidth rates (limits) for
                          tasks running within the fair group scheduler.  Groups with no limit
                          set are considered to be unconstrained and will run with no
                          restriction.
                          See tip/Documentation/scheduler/sched-bwc.txt for more information.

                config KERNEL_RT_GROUP_SCHED
                        bool "Group scheduling for SCHED_RR/FIFO"
                        default y if !SMALL_FLASH
                        help
                          This feature lets you explicitly allocate real CPU bandwidth
                          to task groups. If enabled, it will also make it impossible to
                          schedule realtime tasks for non-root users until you allocate
                          realtime bandwidth for them.

        endif

        config KERNEL_BLK_CGROUP
                bool "Block IO controller"
                default y
                help
                  Generic block IO controller cgroup interface. This is the common
                  cgroup interface which should be used by various IO controlling
                  policies.

                  Currently, CFQ IO scheduler uses it to recognize task groups and
                  control disk bandwidth allocation (proportional time slice allocation)
                  to such task groups. It is also used by bio throttling logic in
                  block layer to implement upper limit in IO rates on a device.

                  This option only enables generic Block IO controller infrastructure.
                  One needs to also enable actual IO controlling logic/policy. For
                  enabling proportional weight division of disk bandwidth in CFQ, set
                  CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
                  CONFIG_BLK_DEV_THROTTLING=y.

        if KERNEL_BLK_CGROUP

                config KERNEL_CFQ_GROUP_IOSCHED
                        bool "Proportional weight of disk bandwidth in CFQ"

                config KERNEL_BLK_DEV_THROTTLING
                        bool "Enable throttling policy"
                        default y if TARGET_bcm27xx

                config KERNEL_BLK_DEV_THROTTLING_LOW
                        bool "Block throttling .low limit interface support (EXPERIMENTAL)"
                        depends on KERNEL_BLK_DEV_THROTTLING
        endif

        config KERNEL_DEBUG_BLK_CGROUP
                bool "Enable Block IO controller debugging"
                default n
                depends on KERNEL_BLK_CGROUP
                help
                  Enable some debugging help. Currently it exports additional stat
                  files in a cgroup which can be useful for debugging.

        config KERNEL_NET_CLS_CGROUP
                bool "Control Group Classifier"
                default y

        config KERNEL_NETPRIO_CGROUP
                bool "Network priority cgroup"
                default y

endif

#
# Namespace support symbols
#

config KERNEL_NAMESPACES
        bool "Enable kernel namespaces"
        default y if !SMALL_FLASH

if KERNEL_NAMESPACES

        config KERNEL_UTS_NS
                bool "UTS namespace"
                default y
                help
                  In this namespace, tasks see different info provided
                  with the uname() system call.

        config KERNEL_IPC_NS
                bool "IPC namespace"
                default y
                help
                  In this namespace, tasks work with IPC ids which correspond to
                  different IPC objects in different namespaces.

        config KERNEL_USER_NS
                bool "User namespace (EXPERIMENTAL)"
                default y
                help
                  This allows containers, i.e. vservers, to use user namespaces
                  to provide different user info for different servers.

        config KERNEL_PID_NS
                bool "PID Namespaces"
                default y
                help
                  Support process id namespaces. This allows having multiple
                  processes with the same pid as long as they are in different
                  pid namespaces. This is a building block of containers.

        config KERNEL_NET_NS
                bool "Network namespace"
                default y
                help
                  Allow user space to create what appear to be multiple instances
                  of the network stack.

endif

config KERNEL_DEVPTS_MULTIPLE_INSTANCES
        bool "Support multiple instances of devpts"
        default y if !SMALL_FLASH
        help
          Enable support for multiple instances of devpts filesystem.
          If you want to have isolated PTY namespaces (eg: in containers),
          say Y here. Otherwise, say N. If enabled, each mount of devpts
          filesystem with the '-o newinstance' option will create an
          independent PTY namespace.

config KERNEL_POSIX_MQUEUE
        bool "POSIX Message Queues"
        default y if !SMALL_FLASH
        help
          POSIX variant of message queues is a part of IPC. In POSIX message
          queues every message has a priority which decides about succession
          of receiving it by a process. If you want to compile and run
          programs written e.g. for Solaris with use of its POSIX message
          queues (functions mq_*) say Y here.

          POSIX message queues are visible as a filesystem called 'mqueue'
          and can be mounted somewhere if you want to do filesystem
          operations on message queues.


config KERNEL_SECCOMP_FILTER
        bool
        default y if !SMALL_FLASH

config KERNEL_SECCOMP
        bool "Enable seccomp support"
                depends on !(TARGET_uml)
                select KERNEL_SECCOMP_FILTER
                default y if !SMALL_FLASH
                help
                  Build kernel with support for seccomp.

#
# IPv4 configuration
#

config KERNEL_IP_MROUTE
        bool "Enable IPv4 multicast routing"
        default y
        help
          Multicast routing requires a multicast routing daemon in
          addition to kernel support.

#
# IPv6 configuration
#

config KERNEL_IPV6
        def_bool IPV6

if KERNEL_IPV6

        config KERNEL_IPV6_MULTIPLE_TABLES
                def_bool y

        config KERNEL_IPV6_SUBTREES
                def_bool y

        config KERNEL_IPV6_MROUTE
                bool "Enable IPv6 multicast routing"
                default y
                help
                  Multicast routing requires a multicast routing daemon in
                  addition to kernel support.

        config KERNEL_IPV6_PIMSM_V2
                def_bool n

endif

#
# NFS related symbols
#
config KERNEL_IP_PNP
        bool "Compile the kernel with rootfs on NFS"
        help
           If you want to make your kernel boot off a NFS server as root
           filesystem, select Y here.

if KERNEL_IP_PNP

        config KERNEL_IP_PNP_DHCP
                def_bool y

        config KERNEL_IP_PNP_BOOTP
                def_bool n

        config KERNEL_IP_PNP_RARP
                def_bool n

        config KERNEL_NFS_FS
                def_bool y

        config KERNEL_NFS_V2
                def_bool y

        config KERNEL_NFS_V3
                def_bool y

        config KERNEL_ROOT_NFS
                def_bool y

endif

menu "Filesystem ACL and attr support options"
        config USE_FS_ACL_ATTR
                bool "Use filesystem ACL and attr support by default"
                default n
                help
                  Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
                  for kernel and packages, except tmpfs, flash filesystems,
                  and old NFS.  Also enable userspace extended attribute support
                  by default.  (OpenWrt already has an expection it will be
                  present in the kernel).

        config KERNEL_FS_POSIX_ACL
                bool "Enable POSIX ACL support"
                default y if USE_FS_ACL_ATTR

        config KERNEL_BTRFS_FS_POSIX_ACL
                bool "Enable POSIX ACL for BtrFS Filesystems"
                select KERNEL_FS_POSIX_ACL
                default y if USE_FS_ACL_ATTR

        config KERNEL_EXT4_FS_POSIX_ACL
                bool "Enable POSIX ACL for Ext4 Filesystems"
                select KERNEL_FS_POSIX_ACL
                default y if USE_FS_ACL_ATTR

        config KERNEL_F2FS_FS_POSIX_ACL
                bool "Enable POSIX ACL for F2FS Filesystems"
                select KERNEL_FS_POSIX_ACL
                default n

        config KERNEL_JFFS2_FS_POSIX_ACL
                bool "Enable POSIX ACL for JFFS2 Filesystems"
                select KERNEL_FS_POSIX_ACL
                default n

        config KERNEL_TMPFS_POSIX_ACL
                bool "Enable POSIX ACL for TMPFS Filesystems"
                select KERNEL_FS_POSIX_ACL
                default n

        config KERNEL_CIFS_ACL
                bool "Enable CIFS ACLs"
                select KERNEL_FS_POSIX_ACL
                default y if USE_FS_ACL_ATTR

        config KERNEL_HFS_FS_POSIX_ACL
                bool "Enable POSIX ACL for HFS Filesystems"
                select KERNEL_FS_POSIX_ACL
                default y if USE_FS_ACL_ATTR

        config KERNEL_HFSPLUS_FS_POSIX_ACL
                bool "Enable POSIX ACL for HFS+ Filesystems"
                select KERNEL_FS_POSIX_ACL
                default y if USE_FS_ACL_ATTR

        config KERNEL_NFS_ACL_SUPPORT
                bool "Enable ACLs for NFS"
                default y if USE_FS_ACL_ATTR

        config KERNEL_NFS_V3_ACL_SUPPORT
                bool "Enable ACLs for NFSv3"
                default n

        config KERNEL_NFSD_V2_ACL_SUPPORT
                bool "Enable ACLs for NFSDv2"
                default n

        config KERNEL_NFSD_V3_ACL_SUPPORT
                bool "Enable ACLs for NFSDv3"
                default n

        config KERNEL_REISER_FS_POSIX_ACL
                bool "Enable POSIX ACLs for ReiserFS"
                select KERNEL_FS_POSIX_ACL
                default y if USE_FS_ACL_ATTR

        config KERNEL_XFS_POSIX_ACL
                bool "Enable POSIX ACLs for XFS"
                select KERNEL_FS_POSIX_ACL
                default y if USE_FS_ACL_ATTR

        config KERNEL_JFS_POSIX_ACL
                bool "Enable POSIX ACLs for JFS"
                select KERNEL_FS_POSIX_ACL
                default y if USE_FS_ACL_ATTR

endmenu

config KERNEL_DEVMEM
        bool "/dev/mem virtual device support"
        help
          Say Y here if you want to support the /dev/mem device.
          The /dev/mem device is used to access areas of physical
          memory.

config KERNEL_DEVKMEM
        bool "/dev/kmem virtual device support"
        help
          Say Y here if you want to support the /dev/kmem device. The
          /dev/kmem device is rarely used, but can be used for certain
          kind of kernel debugging operations.

config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
        int "Number of squashfs fragments cached"
        default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
        default 3

#
# compile optimiziation setting
#
choice
        prompt "Compiler optimization level"
        default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH

config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
        bool "Optimize for performance"
        help
          This is the default optimization level for the kernel, building
          with the "-O2" compiler flag for best performance and most
          helpful compile-time warnings.

config KERNEL_CC_OPTIMIZE_FOR_SIZE
        bool "Optimize for size"
        help
          Enabling this option will pass "-Os" instead of "-O2" to
          your compiler resulting in a smaller kernel.

endchoice