Commit Graph

69 Commits

Author SHA1 Message Date
Paul Spooren
f922a3e00e config: add KERNEL_LSM symbol
The LSM (Linux security mechanism) list is the successor of the now
legacy *major LSM*. Instead of defining a single security mechanism the
LSM symbol is a comma separated list of mechanisms to load.

Until recently OpenWrt would only support DAC (Unix discretionary access
controls) which don't require an additional entry in the LSM list. With
the newly introduced SELinux support the LSM needs to be extended else
only a manual modified Kernel cmdline (`security=selinux`) would
activate SELinux.

As the default OpenWrt Kernel config sets DAC as default security
mechanism, SELinux is stripped from the LSM list, even if
`KERNEL_DEFAULT_SECURITY_SELINUX` is activated. To allow SELinux without
a modified cmdline this commit sets a specific LSM list if
`KERNEL_SECURITY_SELINUX` is enabled.

The upstream Kconfig adds even more mechanisms
(smack,selinux,tomoyo,apparmor), but until they're ported to OpenWrt,
these can be ignored.

To compile SELinux Kernel support but disable it from loading, the
already present options `KERNEL_SECURITY_SELINUX_DISABLE` or
`KERNEL_SECURITY_SELINUX_BOOTPARAM` (with custom cmdline `selinux=0`)
can be used. Further it's possible to edit `/etc/selinux/config`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-03 14:14:33 +01:00
Adrian Schmutzler
6362a04725 kernel: remove obsolete kernel version switches for 4.14
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.

This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:23 +02:00
Thomas Petazzoni
168faef443 kernel: add options needed for SELinux
This adds a number of options to config/Config-kernel.in so that
packages related to SELinux support can enable the appropriate Linux
kernel support.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase; add ext4, F2FS, UBIFS, and JFFS2 support; add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Yuan Tao
ba2ddba56b config: kernel: fix missed CGROUP_HUGETLB symbol
The symbol KERNEL_CGROUP_HUGETLB is always used whenever KERNEL_CGROUPS is enabled.
The absence of this notation will cause the user to be asked to enter this parameter the first time it is compiled.

Signed-off-by: Yuan Tao <ty@wevs.org>
2020-08-24 01:09:30 +01:00
Daniel Golle
42abe56f1b kernel: further clean-up options and defaults
Remove `if !SMALL_FLASH` in places which are anyway already augmented
by `if !SMALL_FLASH`.
Always enable CONFIG_BLK_DEV_THROTTLING on !SMALL_FLASH devices rather
than just enabling it on bcm27xx.
Enabled CPU bandwidth provisioning for FAIR_GROUP_SCHED on !SMALL_FLASH
devices as CONFIG_FAIR_GROUP_SCHED is already enabled and becomes more
useful for cgroups with that option enbled as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:54:14 +01:00
Stijn Tintel
5c3e83fa88 kernel: fix missing TRANSPARENT_HUGEPAGE symbols
Enabling KERNEL_TRANSPARENT_HUGEPAGE exposes 2 missing symbols:
* CONFIG_READ_ONLY_THP_FOR_FS
* TRANSPARENT_HUGEPAGE_ALWAYS
* TRANSPARENT_HUGEPAGE_MADVISE

The first one was added in 5.4, and is marked experimental there so just
disable it in the generic config.

For the latter two, we should not force the user to use either of them,
so add them as build-configurable kernel options.

Fixes: d1a8217d87 ("kernel: clean-up build-configurable kernel config symbols")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-08-01 14:33:46 +01:00
Daniel Golle
9950bc92e3 kernel: add menuconfig entry for kernel CONFIG_CGROUP_NET_CLASSID
It was removed from target defaults though it didn't exist in the
build-systems kernel configuration options. Add it there.

Fixes: d1a8217d87 ("kernel: clean-up build-configurable kernel config symbols")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-31 22:50:38 +01:00
Daniel Golle
d1a8217d87 kernel: clean-up build-configurable kernel config symbols
Don't explicitely disable options in target/linux/generic/config-* if
they are already controlled in config/Config-kernel.in.
Add a bunch of new symbols  and prepare defaults for using only unified
hierarchy (ie. cgroup2). Update symbol dependencies while at it

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-30 16:59:47 +01:00
Javier Marcet
caf09f2b84 kernel: rename CONFIG_NETPRIO_CGROUP to CONFIG_CGROUP_NET_PRIO
This has been changed in kernel 3.14.

Signed-off-by: Javier Marcet <javier@marcet.info>
2020-06-27 00:19:13 +02:00
Chen Minqiang
ec5e8461c1 x86: make crashdump works
1. KERNEL_CRASH_DUMP should depends on KERNEL_PROC_KCORE (kexec use it)
2. select crashkernel mem size by totalmem
   mem <= 256M disable crashkernel by default
   mem >= 4G use 256M for crashkernel
   mem >= 8G use 512M for crashkernel
   default use 128M
3. set BOOT_IMAGE in kdump.init
4. resolve a "Unhandled rela relocation: R_X86_64_PLT32" error

Tested on x86_64

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-03-20 21:45:06 +00:00
Hauke Mehrtens
69d179ec81 kernel: Use new symbol to deactivate MIPS FPU support
With kernel 5.4 the upstream kernel supports deactivating the FPU
support on MIPS. Use this new upstream feature instead of our older
patch which was removed when porting the kernel patches to kernel 5.4.

This way both options are set which should work for older kernel
versions and also new ones.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
b951f53fba build: Add additional kernel debug options
Make it possible to activate some additional kernel debug options.
This can be used to debug some problems in kernel drivers.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2020-02-22 16:34:57 +01:00
Hauke Mehrtens
947d2e0a70 build: Add KCOV kernel code coverage for fuzzing
The adds an option to activate KCOV (Code coverage for fuzzing).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2020-02-22 16:34:57 +01:00
Hauke Mehrtens
431594a978 build: Add option KERNEL_KASAN
The kernel kernel address sanitizer is able to detect some memory
bugs in the kernel like out of range array accesses.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2020-02-22 16:34:57 +01:00
Hauke Mehrtens
d9b043c03c build: Add option KERNEL_UBSAN
The kernel Undefined Behavior Sanitizer is able to detect some memory
bugs in the kernel like out of range array accesses.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2020-02-22 16:34:57 +01:00
Adrian Schmutzler
7d7aa2fd92 brcm2708: rename target to bcm27xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Despite, since subtargets range from bcm2708 to bcm2711, it seems
appropriate to use bcm27xx instead of bcm2708 (again, as already done
for BOARDNAME).

This also renames the packages brcm2708-userland and brcm2708-gpu-fw.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-14 14:10:51 +01:00
Stijn Tintel
5f68333952 config: kernel: fix typo in HFSPLUG_FS_POSIX_ACL
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-11-28 02:02:17 +02:00
Daniel Golle
7cc22d72e9 config: kernel: only enable container features if !SMALL_FLASH
KERNEL_DEVPTS_MULTIPLE_INSTANCES and KERNEL_POSIX_MQUEUE were
previously enabled by default only if KERNEL_LXC_MISC was selected.
KERNEL_LXC_MISC was enabled only if the SMALL_FLASH (anti-)feature
was not selected.
Now that KERNEL_LXC_MISC no longer exists, make sure that those
options are also only enabled by default for !SMALL_FLASH targets.

Fixes: 4f94a331 ("config: kernel: remove KERNEL_LXC_MISC")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-09-12 13:17:24 +02:00
Yousong Zhou
4f94a331e1 config: kernel: remove KERNEL_LXC_MISC
Kernel features are neutral.  The two cascaded features can also be
useful for other container related tools

It's also less error-prone if only kconfig symbols from the kernel are
prefixed KERNEL_

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-12 02:30:26 +00:00
Yousong Zhou
083bb9b6a4 config: kernel: add KERNEL_X86_VSYSCALL_EMULATION
Binaries in container images may need this.  E.g. nginx:1.7.9 used in
k8s default deployment manifest file for demostration [1]

 [1] https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#creating-a-deployment

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-12 02:30:26 +00:00
Alexander Couzens
fdd0a8d491
Make linux kernel builds reproducible when BUILDBOT selected
The linux kernel is not reproducible because the build user
and domain is included into the kernel. Set the build user
to `builder` and build domain to buildhost.

It's also possible to build reproducible builds by setting
KERNEL_BUILD_USER KERNEL_BUILD_DOMAIN to static values.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-07-02 16:32:47 +02:00
Daniel Golle
fcb41decf6 config: enable some useful features on !SMALL_FLASH devices
enable kernel features needed for procd-ujail, procd-seccomp, lxc and
more on devices with big enough flash. Those packages are currently
useless in binary builds due to missing kernel features.
Enable the features on devices which can bare with the extra space
consumption.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-06-12 23:33:45 +02:00
Petr Štetiar
97d3f800a8 config: kernel: Add KPROBE_EVENTS config option
Upstream has renamed KPROBE_EVENT to KPROBE_EVENTS in the following
commit:

 commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4
 Author: Anton Blanchard <anton@samba.org>
 Date:   Thu Feb 16 17:00:50 2017 +1100

     perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS

     We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
     well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS.

     Consistently use the plurals.

So I'm adding this plural option in order to make kconfig happy and stop
asking about it if kernel is compiled with verbose logging:

  Enable kprobes-based dynamic events (KPROBE_EVENTS) [Y/n/?] (NEW)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-05 14:41:49 +02:00
Daniel F. Dickinson
da50f027f0 config: kernel: Fix missing symbol on brcm2708 with CGROUPS
When CGROUP block io is enabled a new symbol is exposed and needs to
be set or unset else kernel oldconfig hangs waiting for input during
normal OpenWrt builds.  Therefore add sane defaults for this symbol
in that case.  Also, the defaults brcm2708 are different than generic
defaults because the platform's defconfig enables BLK_DEV_THROTTLING
by default (in defconfig config from the patches used to match
upstream's kernel, not in OpenWrt config-4.xx).

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
[make KERNEL_BLK_DEV_THROTTLING_LOW depend on KERNEL_BLK_DEV_THROTTLING]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 18:22:40 +01:00
Alex Maclean
11d6547455 config: extend small_flash feature
Extend the small_flash feature to disable swap, core dumps, and
kernel debug info, and change the squashfs block size to 1024KiB.

Also change squashfs fragment cache to 2 for small_flash to ease memory
usage.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
2018-07-12 18:15:33 +02:00
Mathias Kresin
cf7154db07 kernel: only optimized for size if small_flash
Add a new config option to allow to select the default compile
optimization level for the kernel.

Select the optimization for size by default if the small_flash feature is
set. Otherwise "Optimize for performance" is set.

Add the small_flash feature flag to all (sub)targets which had the
optimization for size in their default kernel config.

Remove CC_OPTIMIZE_FOR_* symbols from all kernel configs to apply the new
setting.

Exceptions to the above are:

  - lantiq, where the optimization for size is only required for the
    xway_legacy subtarget but was set for the whole target
  - mediatek, ramips/mt7620 & ramips/mt76x8 where boards should have
    plenty of space and an optimization for size doesn't make much sense
  - rb532, which has 128MByte flash

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-07-12 18:15:32 +02:00
Jeremiah McConnell
206fbbfec2 config: add config option for KERNEL_TASKSTATS
In order for monitoring tools such as atop and htop to track and report
i/o data, kernel support for task statistics and io accounting is
required.

Add a config option to enable building this support in the kernel.

Signed-off-by: Jeremiah McConnell <miah@miah.com>
2018-07-07 18:33:57 +02:00
Hauke Mehrtens
fc166931fa config: fix ARM64 dependency check
The ARM64 CPUs use aarch64 config symbol, fix the depends lines.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 20:16:39 +01:00
Yousong Zhou
d76ad1dc79 lantiq: ase: turn off fpu emulator in default build
It was only enabled when the target was added back in commit 9b321bc
("lantiq: add Amazon-SE subtarget")

Leave pistachio alone as devices of this target are not likely have
small_flash or low_mem constraint

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-29 17:34:48 +08:00
Yousong Zhou
82ceb2ad2a build: add config option KERNEL_MIPS_FPU_EMULATOR
To make it more accessible for nodejs users to configure and run a build
on mips target lacking hardware fpu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-29 15:06:53 +08:00
Matthias Schiffer
ef27f15330
kernel: allow disabling multicast routing support
Multicast routing support is not needed in most setups, and increases the
size of the kernel considerably (>10K after LZMA). Add a config switch to
allow disabling it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-11 11:51:24 +01:00
Sascha Paunovic
d810a2aebf kernel: fix spelling in CONFIG_DEVTMPFS help text
Change "ti" to "to", as that's the correct spelling.

Signed-off-by: Sascha Paunovic <azarus@posteo.net>
2017-12-11 12:43:29 +01:00
Florian Fainelli
90336ef4cd kernel: Make KERNEL_PERF_EVENTS selectable
The kernel itself allows enabling/disabling CONFIG_PERF_EVENTS, so allow
doing the same thing.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:25 -07:00
Daniel Golle
48d71ab502 kernel: enable CRASH_DUMP on supported platforms
While we have CRASHLOG on MIPS it makes sense to support 'classic'
kexec-based CRASH_DUMP on x86 and arm platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-05-20 00:26:03 +02:00
Felix Fietkau
0b7ed65cec kernel: remove out of tree direct-io disable hack
Direct-IO support has to be enabled for the release build anyway, so
this hack is not worth keeping

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-26 10:27:45 +02:00
Felix Fietkau
749918911d x86: disable crashlog
It could cause crashes with some forms of virtualization, and it is
unlikely to work properly with most systems.
It's safer to just disable it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 15:15:09 +01:00
Hauke Mehrtens
6e7fdf07b7 kernel: add KERNEL_DEVMEM and KERNEL_DEVKMEM
These options are needed to create /dev/mem or /dev/kmem .
/dev/mem is needed by the io tool to access raw hardware memory, which
is helpful when debugging and developing drivers.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2016-12-24 14:55:35 +01:00
Hauke Mehrtens
c058f4f22d kernel: add KERNEL_DEBUG_PINCTRL and KERNEL_DEBUG_GPIO
This makes it possible to activate the gpio and the pinctl debugging
from LEDE menuconfig.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-10 16:06:34 +01:00
Nathaniel Wesley Filardo
39d817cf38 Add config symbols for kernel keyring support
Enable selection of the kernel key retention framework and some of its
additional facilities; see Documentation/security/keys.txt and
security/keys/Kconfig for details

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
2016-09-02 14:43:52 +02:00
Daniel Dickinson
b9952797e6 kernel: Move POSIX ACL and attr support options into submenu
Make global options menuconfig cleaner by moving POSIX ACL
and attr support options into a submenu.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-07-05 22:59:14 +02:00
Daniel Dickinson
e408abd7fb kernel: Add option to make using filesystem ACL support the default
This adds a configuration options that allows to make filesystem ACL support
the default in the kernel, except for old nfs.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-06-30 22:48:39 +02:00
John Crispin
30acacb0af config: add a small_flash feature
this causes KALLSYMS to be off by default

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
Daniel Golle
2aa818a0bb kernel: add missing symbol
Add missing symbol When building kernel with profiling enabled and ARM
or ARM64 targets.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Florian Fainelli
312367665a buildroot: add options to build the kernel for NFS boot
Add the basic set of kernel options to allow it from mounting a NFS root
and boot from it.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 48590
2016-02-01 01:06:39 +00:00
Felix Fietkau
b3f7902a06 include/kernel: add custom USER/DOMAIN config options
These allow the generated kernel's build metadata to be defined explicitly.
This metadata is reported, eg, at boot time and in `uname -a` on running
systems. If the variables aren't configured, the current build system username
and hostname are used as normal.

The motivation for this option is to achive reproducible (bit-for-bit
identical) kernel builds of official openwrt releases.

Signed-off-by: bryan newbold <bnewbold@robocracy.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48541
2016-01-28 22:42:34 +00:00
Felix Fietkau
33beafa8d8 Configure IPv6 kernel options in config/Config-kernel.in
Revision 46834 changed IPv6 support from a module to builtin. But
since the configuration of the IPv6 kernel options was left in
package/kernel/linux/modules/netsupport.mk, this means that an
empty kmod-ipv6 module was still being generated (not packaged).

This patch moves the configuration of the IPv6 kernel options to
config/Config-kernel.in to remove this last bit of the module.

Note that CONFIG_IPV6_PRIVACY was dropped (enabled by default
since Linux v3.13), so this option is no longer needed.

See 5d9efa7ee9

Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>

SVN-Revision: 48132
2016-01-04 23:30:36 +00:00
John Crispin
b4564e3163 kernel: add support for KERNEL_CGROUP_PIDS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 47275
2015-10-26 11:54:56 +00:00
Luka Perkov
75078acd93 cosmetic: remove trailing whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47197
2015-10-15 22:12:13 +00:00
Felix Fietkau
b3d81b2dec kernel: mitigate cgroups config dependency changes
Memory Resource Controller no longer depends on Resource counters since
Kernel version 4.0.
3.18 is the only still supported version needing Resource counters for
MEMCG, thus declare the dependency only for that version.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 46024
2015-06-18 06:39:00 +00:00
John Crispin
3ec7ccf501 config: add an option to enable KPROBE
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>

SVN-Revision: 45212
2015-04-01 08:33:04 +00:00