This allows loading modules with large memory requirements, recently needed
while testing on armvirt/32. Past forum discussions [1] and bug reports [2]
also raised this and the ipq806x target already set it in response [3].
Given this increases kernel image size by only ~1KB, is generally useful on
multi-platform kernels, and enabled by default on upstream arm32 Linux, add
it to the generic config.
The setting has similar utility on arm64, is a requirement for KASLR, and
already enabled on most OpenWrt aarch64 targets, so pull this into the
top-level generic config.
[1]: https://forum.openwrt.org/t/vmap-allocation-for-size-442368-failed-use-vmalloc-size-to-increase-size/34545/7
[2]: https://github.com/openwrt/openwrt/issues/8282
[3]: f81e148eb6 ("ipq806x: update 4.19 kernel config").
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
From 5.15 and up linux kernel introduced CONFIG_WERROR to flag any
warning as error. To improve code quality, enable this by default to
catch any warning and fix it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Since CONFIG_DYNAMIC_DEBUG is already managed via the KERNEL_DYNAMIC_DEBUG
setting in Config-kernel.in (default N), remove or disable it in target
configs which unconditionally enable it, along with the related setting
CONFIG_DYNAMIC_DEBUG_CORE. This saves several KB in the kernels for
ipq40xx, ipq806x, filogic, mt7622, qoriq, and sunxi.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This activates CONFIG_SLAB_FREELIST_RANDOM.
This option make the free list less predictable. This makes it harder to
exploit heap based security vulnerabilities.
This adds a little bit more code to the kernel and a small additional
compute overhead.
This option is activated in Debian by default.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates the CONFIG_SCHED_STACK_END_CHECK option.
The kernel will check if the kernel stack overflowed in the schedule()
function. This just adds a very small computational overhead.
This option is activated in Debian by default.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates some extra checks in SLAB or SLUB to make it harder to
execute kernel heap exploits. This adds a minor performance
degradation which I haven't measured-.
Many mainstream Linux distributions also activate this option.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates the following kernel options by default:
* CONFIG_RANDOM_TRUST_CPU
* CONFIG_RANDOM_TRUST_BOOTLOADER
With these option Linux will also use data from the CPU RNG e.g. RDRAND
and the bootloader to initialize the Linux RNG if such sources are
available.
These random bits are used in addition to the other sources, no other
sources are getting deactivated. I read that the Chacha mixer isn't
vulnerable to injected entropy, so this should not be a problem even if
these sources might inject bad random data.
The Linux kernel suggests to activate both options, Debian also
activates them. This does not increase kernel code size.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
They add NVMEM layouts support. It allows handling NVMEM content
independently of NVMEM device access.
Skip U-Boot env data patch for now as it break our downstream MAC hacks.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The current patches are old, update them from mainline.
Backports taken from https://github.com/yuzhaogoogle/linux/commits/mglru-5.15
Tested-by: Kazuki H <kazukih0205@gmail.com> #mt7622/Linksys E8450 UBI
Signed-off-by: Kazuki H <kazukih0205@gmail.com>
Make it possible to change the kernel configuration option
CONFIG_HARDLOCKUP_DETECTOR from OpenWrt.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This sets the CONFIG_KCOV_IRQ_AREA_SIZE kernel configuration option to its default value.
This is shown when I set CONFIG_KERNEL_KCOV=y in the OpenWrt configuration on x86/64.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This deactivates some kernel configuration options I see when
CONFIG_KERNEL_KASAN=y is set in the OpenWrt configuration on x86/64.
Set CONFIG_STACK_HASH_ORDER to its default value.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This sets some kernel configuration options to their default values. I saw
these as warnings when I set CONFIG_KERNEL_UBSAN=y is set in the OpenWrt
configuration on x86/64.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This deactivates some kernel configuration options I see when
CONFIG_KERNEL_DYNAMIC_FTRACE=y is set in the OpenWrt configuration on x86/64.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This deactivates some kernel configuration options I see when
CONFIG_KERNEL_HIST_TRIGGERS=y is set in the OpenWrt configuration on x86/64.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This deactivates some kernel configuration options I see when
CONFIG_KERNEL_DEBUG_VIRTUAL=y is set in the OpenWrt configuration on x86/64.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This deactivates some kernel configuratoion options I see when
CONFIG_KERNEL_DEBUG_VM=y is set in the OpenWrt configuration on x86/64.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
The CONFIG_PPC_QUEUED_SPINLOCKS configuration option is not defined for
kernel 5.15, it is defined for kernel 5.10.
This fixes the compilation of mpc85xx/p2020 with kernel 5.15.
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
"842" is a compression scheme and this is the software implementation
which is too slow to really use beyond a proof of concept. It can be
selected in ZRAM, ZSWAP, or `fs/pstore`, and is here for completeness.
In general you need a Power8 or better with 842-in-hardware for it to
be fast, but other 842-accelerators are emerging.
Signed-off-by: Tony Butler <spudz76@gmail.com>
In the build of the ramips/mt76x8 target the user gets asked about these
two configuration options, add them to the generic kernel configuration.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The CONFIG_DRM_XEN_FRONTEND configuration symbol is also used by the
layerscape target, move it to the generic kernel configuration.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
