diff --git a/config/Config-build.in b/config/Config-build.in index 49f40bb00..5425ab056 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -152,7 +152,7 @@ menu "Global build settings" default n help Adds -g3 to the CFLAGS. - + config USE_GC_SECTIONS bool prompt "Dead code and data elimination for all packages (EXPERIMENTAL)" @@ -191,7 +191,6 @@ menu "Global build settings" help This will install binaries stripped using strip from binutils. - config USE_SSTRIP bool "sstrip" depends on !USE_GLIBC @@ -218,6 +217,7 @@ menu "Global build settings" config STRIP_KERNEL_EXPORTS bool "Strip unnecessary exports from the kernel image" + depends on !LINUX_6_6 help Reduces kernel size by stripping unused kernel exports from the kernel image. Note that this might make the kernel incompatible with any kernel @@ -283,6 +283,8 @@ menu "Global build settings" bool "Regular" config PKG_CC_STACKPROTECTOR_STRONG bool "Strong" + config PKG_CC_STACKPROTECTOR_ALL + bool "All" endchoice choice diff --git a/config/Config-images.in b/config/Config-images.in index f0627874e..39e7f84ba 100644 --- a/config/Config-images.in +++ b/config/Config-images.in @@ -157,7 +157,7 @@ menu "Target Images" depends on TARGET_ROOTFS_SQUASHFS default 64 if LOW_MEMORY_FOOTPRINT default 1024 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT) - default 1024 + default 256 help Select squashfs block size, must be one of: 4, 8, 16, 32, 64, 128, 256, 512, 1024 @@ -202,17 +202,19 @@ menu "Target Images" depends on TARGET_x86 depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS select PACKAGE_grub2 + select PACKAGE_grub2-bios-setup default n config GRUB_EFI_IMAGES bool "Build GRUB EFI images" - depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 || TARGET_phytium_armv8 + depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 || TARGET_phytium depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS select PACKAGE_grub2 if TARGET_x86 select PACKAGE_grub2-efi if TARGET_x86 select PACKAGE_grub2-bios-setup if TARGET_x86 select PACKAGE_grub2-efi-arm if TARGET_armvirt select PACKAGE_grub2-efi-arm if TARGET_phytium_armv8 + select PACKAGE_grub2-efi-loongarch64 if TARGET_loongarch64 select PACKAGE_kmod-fs-vfat default y @@ -221,11 +223,6 @@ menu "Target Images" depends on GRUB_IMAGES || GRUB_EFI_IMAGES default y - config GRUB_SERIAL - string "Serial port device" - depends on GRUB_IMAGES || GRUB_EFI_IMAGES - default "ttyS0" - config GRUB_BAUDRATE int "Serial port baud rate" depends on GRUB_IMAGES || GRUB_EFI_IMAGES @@ -234,7 +231,8 @@ menu "Target Images" config GRUB_FLOWCONTROL bool "Use RTE/CTS on serial console" - depends on GRUB_SERIAL != "" + depends on GRUB_IMAGES || GRUB_EFI_IMAGES + depends on TARGET_SERIAL != "" default n config GRUB_BOOTOPTS @@ -277,9 +275,8 @@ menu "Target Images" config VMDK_IMAGES bool "Build VMware image files (VMDK)" - depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 + depends on TARGET_x86 || TARGET_armvirt depends on GRUB_IMAGES || GRUB_EFI_IMAGES - default y select PACKAGE_kmod-e1000 config VHDX_IMAGES @@ -288,29 +285,35 @@ menu "Target Images" depends on GRUB_IMAGES || GRUB_EFI_IMAGES select PACKAGE_kmod-e1000 + config TARGET_SERIAL + string "Serial port device" + depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 + default "ttyS0" + config TARGET_IMAGES_GZIP bool "GZip images" - depends on TARGET_ROOTFS_EXT4FS || TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 || TARGET_malta + depends on TARGET_ROOTFS_EXT4FS || TARGET_x86 || TARGET_armvirt || TARGET_malta || TARGET_loongarch64 default y comment "Image Options" source "target/linux/*/image/Config.in" + source "target/linux/*/*/image/Config.in" config TARGET_KERNEL_PARTSIZE int "Kernel partition size (in MiB)" depends on USES_BOOT_PART default 8 if TARGET_apm821xx_sata default 64 if TARGET_bcm27xx - default 32 if TARGET_rockchip default 128 if TARGET_armvirt + default 32 if TARGET_rockchip default 16 config TARGET_ROOTFS_PARTSIZE int "Root filesystem partition size (in MiB)" depends on USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS default 232 if TARGET_loongarch64 - default 400 if TARGET_x86 + default 448 if TARGET_mediatek || TARGET_x86 default 160 help Select the root filesystem partition size. diff --git a/config/Config-kernel.in b/config/Config-kernel.in index f7a8d5181..69e3fc925 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -47,12 +47,12 @@ config KERNEL_MIPS_FP_SUPPORT config KERNEL_ARM_PMU bool - default n + default y if TARGET_armvirt depends on (arm || aarch64) config KERNEL_ARM_PMUV3 bool - default y if TARGET_armsr_armv8 + default y if TARGET_armvirt depends on (arm_v7 || aarch64) && LINUX_6_6 config KERNEL_RISCV_PMU @@ -163,7 +163,7 @@ config KERNEL_UBSAN_TRAP config KERNEL_KASAN bool "Compile the kernel with KASan: runtime memory debugger" select KERNEL_SLUB_DEBUG - depends on (x86_64 || aarch64) + depends on (x86_64 || aarch64 || arm || powerpc || riscv64) help Enables kernel address sanitizer - runtime memory debugger, designed to find out-of-bounds accesses and use-after-free bugs. @@ -176,16 +176,6 @@ config KERNEL_KASAN Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB (the resulting kernel does not boot). -config KERNEL_KASAN_EXTRA - bool "KAsan: extra checks" - depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL - help - This enables further checks in the kernel address sanitizer, for now - it only includes the address-use-after-scope check that can lead - to excessive kernel stack usage, frame size warnings and longer - compile time. - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more - config KERNEL_KASAN_VMALLOC bool "Back mappings in vmalloc space with real shadow memory" depends on KERNEL_KASAN @@ -204,16 +194,73 @@ config KERNEL_KASAN_VMALLOC will have no effect. if KERNEL_KASAN - config KERNEL_KASAN_GENERIC - def_bool y +choice + prompt "KASAN mode" + depends on KERNEL_KASAN + default KERNEL_KASAN_GENERIC + help + KASAN has three modes: + + 1. Generic KASAN (supported by many architectures, enabled with + CONFIG_KASAN_GENERIC, similar to userspace ASan), + 2. Software Tag-Based KASAN (arm64 only, based on software memory + tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace + HWASan), and + 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory + tagging, enabled with CONFIG_KASAN_HW_TAGS). + +config KERNEL_KASAN_GENERIC + bool "Generic KASAN" + select KERNEL_SLUB_DEBUG + help + Enables Generic KASAN. + + Consumes about 1/8th of available memory at kernel start and adds an + overhead of ~50% for dynamic allocations. + The performance slowdown is ~x3. + +config KERNEL_KASAN_SW_TAGS + bool "Software Tag-Based KASAN" + depends on aarch64 + select KERNEL_SLUB_DEBUG + help + Enables Software Tag-Based KASAN. + + Supported only on arm64 CPUs and relies on Top Byte Ignore. + + Consumes about 1/16th of available memory at kernel start and + add an overhead of ~20% for dynamic allocations. + + May potentially introduce problems related to pointer casting and + comparison, as it embeds a tag into the top byte of each pointer. + +config KERNEL_KASAN_HW_TAGS + bool "Hardware Tag-Based KASAN" + depends on aarch64 + select KERNEL_SLUB_DEBUG + select KERNEL_ARM64_MTE + help + Enables Hardware Tag-Based KASAN. + + Supported only on arm64 CPUs starting from ARMv8.5 and relies on + Memory Tagging Extension and Top Byte Ignore. + + Consumes about 1/32nd of available memory. + + May potentially introduce problems related to pointer casting and + comparison, as it embeds a tag into the top byte of each pointer. + +endchoice + + config KERNEL_ARM64_MTE + def_bool n - config KERNEL_KASAN_SW_TAGS - def_bool n endif choice prompt "Instrumentation type" depends on KERNEL_KASAN + depends on !KERNEL_KASAN_HW_TAGS default KERNEL_KASAN_OUTLINE config KERNEL_KASAN_OUTLINE @@ -390,7 +437,6 @@ config KERNEL_DEBUG_INFO This will compile your kernel and modules with debug information. config KERNEL_DEBUG_INFO_BTF - bool "Enable additional BTF type information" default n depends on !HOST_OS_MACOS @@ -403,6 +449,20 @@ config KERNEL_DEBUG_INFO_BTF Required to run BPF CO-RE applications. +config KERNEL_DEBUG_INFO_BTF_MODULES + def_bool y + depends on KERNEL_DEBUG_INFO_BTF + +config KERNEL_MODULE_ALLOW_BTF_MISMATCH + bool "Allow loading modules with non-matching BTF type info" + depends on KERNEL_DEBUG_INFO_BTF_MODULES + help + For modules whose split BTF does not match vmlinux, load without + BTF rather than refusing to load. The default behavior with + module BTF enabled is to reject modules with such mismatches; + this option will still load module BTF where possible but ignore + it when a mismatch is found. + config KERNEL_DEBUG_INFO_REDUCED bool "Reduce debugging information" default y @@ -428,6 +488,10 @@ config KERNEL_FRAME_WARN Setting this too low will cause a lot of warnings. Setting it to 0 disables the warning. +# KERNEL_DEBUG_LL symbols must have the default value set as otherwise +# KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected +# which means that buildroot wont override the DEBUG_LL symbols in target +# kernel configurations and lead to devices that dont have working console config KERNEL_DEBUG_LL_UART_NONE bool default n @@ -502,8 +566,8 @@ config KERNEL_BPF_EVENTS config KERNEL_BPF_KPROBE_OVERRIDE bool - default n depends on KERNEL_KPROBES + default n config KERNEL_AIO bool "Compile the kernel with asynchronous IO support" @@ -511,7 +575,8 @@ config KERNEL_AIO config KERNEL_IO_URING bool "Compile the kernel with io_uring support" - default y if !SMALL_FLASH + depends on !SMALL_FLASH + default y if (x86_64 || aarch64) config KERNEL_FHANDLE bool "Compile the kernel with support for fhandle syscalls" @@ -586,6 +651,18 @@ config KERNEL_SOFTLOCKUP_DETECTOR chance to run. The current stack trace is displayed upon detection and the system will stay locked up. +config KERNEL_HARDLOCKUP_DETECTOR + bool "Compile the kernel with detect Hard Lockups" + depends on KERNEL_DEBUG_KERNEL + help + Say Y here to enable the kernel to act as a watchdog to detect + hard lockups. + + Hardlockups are bugs that cause the CPU to loop in kernel mode + for more than 10 seconds, without letting other interrupts have a + chance to run. The current stack trace is displayed upon detection + and the system will stay locked up. + config KERNEL_DETECT_HUNG_TASK bool "Compile the kernel with detect Hung Tasks" depends on KERNEL_DEBUG_KERNEL @@ -635,10 +712,23 @@ config KERNEL_PRINTK_TIME default y config KERNEL_SLUB_DEBUG - bool + bool "Enable SLUB debugging support" + help + This enables various debugging features: + - Accepts "slub_debug" kernel parameter + - Provides caches debugging options (e.g. tracing, validating) + - Adds /sys/kernel/slab/ attrs for reading amounts of *objects* + - Enables /proc/slabinfo support + - Prints info when running out of memory + + Enabling this can result in a significant increase of code size. config KERNEL_SLUB_DEBUG_ON - bool + depends on KERNEL_SLUB_DEBUG + bool "Boot kernel with basic caches debugging enabled" + help + This enables by default sanity_checks, red_zone, poison and store_user + debugging options for all caches. config KERNEL_SLABINFO select KERNEL_SLUB_DEBUG @@ -1083,13 +1173,6 @@ if KERNEL_IP_MROUTE endif -config KERNEL_MPTCP - bool "Enable IPv4 MultiPath TCP support" - default y - depends on !(LINUX_4_4||LINUX_5_4) - help - IPv4 MultiPath TCP to kernel support. - # # IPv6 configuration # @@ -1131,14 +1214,6 @@ if KERNEL_IPV6 config KERNEL_LWTUNNEL_BPF def_bool n - config KERNEL_MPTCP_IPV6 - bool "Enable IPv6 MultiPath TCP support" - default y - depends on KERNEL_MPTCP - depends on !(LINUX_4_4||LINUX_5_4) - help - IPv6 MultiPath TCP to kernel support. - endif # @@ -1153,7 +1228,6 @@ config KERNEL_NET_L3_MASTER_DEV config KERNEL_XDP_SOCKETS bool "XDP sockets support" - default y if KERNEL_DEBUG_INFO_BTF help XDP sockets allows a channel between XDP programs and userspace applications.