mirror of
https://github.com/torvalds/linux.git
synced 2024-12-13 14:43:03 +00:00
cd94154cc6
Git commit 36409f6353
"use generic RCU
page-table freeing code" introduced a tlb flushing bug. Partially revert
the above git commit and go back to s390 specific page table flush code.
For s390 the TLB can contain three types of entries, "normal" TLB
page-table entries, TLB combined region-and-segment-table (CRST) entries
and real-space entries. Linux does not use real-space entries which
leaves normal TLB entries and CRST entries. The CRST entries are
intermediate steps in the page-table translation called translation paths.
For example a 4K page access in a three-level page table setup will
create two CRST TLB entries and one page-table TLB entry. The advantage
of that approach is that a page access next to the previous one can reuse
the CRST entries and needs just a single read from memory to create the
page-table TLB entry. The disadvantage is that the TLB flushing rules are
more complicated, before any page-table may be freed the TLB needs to be
flushed.
In short: the generic RCU page-table freeing code is incorrect for the
CRST entries, in particular the check for mm_users < 2 is troublesome.
This is applicable to 3.0+ kernels.
Cc: <stable@vger.kernel.org>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
649 lines
18 KiB
Plaintext
649 lines
18 KiB
Plaintext
config MMU
|
|
def_bool y
|
|
|
|
config ZONE_DMA
|
|
def_bool y
|
|
|
|
config LOCKDEP_SUPPORT
|
|
def_bool y
|
|
|
|
config STACKTRACE_SUPPORT
|
|
def_bool y
|
|
|
|
config HAVE_LATENCYTOP_SUPPORT
|
|
def_bool y
|
|
|
|
config RWSEM_GENERIC_SPINLOCK
|
|
bool
|
|
|
|
config RWSEM_XCHGADD_ALGORITHM
|
|
def_bool y
|
|
|
|
config ARCH_HAS_ILOG2_U32
|
|
def_bool n
|
|
|
|
config ARCH_HAS_ILOG2_U64
|
|
def_bool n
|
|
|
|
config GENERIC_HWEIGHT
|
|
def_bool y
|
|
|
|
config GENERIC_TIME_VSYSCALL
|
|
def_bool y
|
|
|
|
config GENERIC_CLOCKEVENTS
|
|
def_bool y
|
|
|
|
config GENERIC_BUG
|
|
def_bool y if BUG
|
|
|
|
config GENERIC_BUG_RELATIVE_POINTERS
|
|
def_bool y
|
|
|
|
config NO_IOMEM
|
|
def_bool y
|
|
|
|
config NO_DMA
|
|
def_bool y
|
|
|
|
config ARCH_DMA_ADDR_T_64BIT
|
|
def_bool 64BIT
|
|
|
|
config GENERIC_LOCKBREAK
|
|
def_bool y if SMP && PREEMPT
|
|
|
|
config PGSTE
|
|
def_bool y if KVM
|
|
|
|
config VIRT_CPU_ACCOUNTING
|
|
def_bool y
|
|
|
|
config ARCH_SUPPORTS_DEBUG_PAGEALLOC
|
|
def_bool y
|
|
|
|
config S390
|
|
def_bool y
|
|
select USE_GENERIC_SMP_HELPERS if SMP
|
|
select GENERIC_CPU_DEVICES if !SMP
|
|
select HAVE_SYSCALL_WRAPPERS
|
|
select HAVE_FUNCTION_TRACER
|
|
select HAVE_FUNCTION_TRACE_MCOUNT_TEST
|
|
select HAVE_FTRACE_MCOUNT_RECORD
|
|
select HAVE_C_RECORDMCOUNT
|
|
select HAVE_SYSCALL_TRACEPOINTS
|
|
select HAVE_DYNAMIC_FTRACE
|
|
select HAVE_FUNCTION_GRAPH_TRACER
|
|
select HAVE_REGS_AND_STACK_ACCESS_API
|
|
select HAVE_OPROFILE
|
|
select HAVE_KPROBES
|
|
select HAVE_KRETPROBES
|
|
select HAVE_KVM if 64BIT
|
|
select HAVE_ARCH_TRACEHOOK
|
|
select INIT_ALL_POSSIBLE
|
|
select HAVE_IRQ_WORK
|
|
select HAVE_PERF_EVENTS
|
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
|
select HAVE_KERNEL_GZIP
|
|
select HAVE_KERNEL_BZIP2
|
|
select HAVE_KERNEL_LZMA
|
|
select HAVE_KERNEL_LZO
|
|
select HAVE_KERNEL_XZ
|
|
select HAVE_ARCH_MUTEX_CPU_RELAX
|
|
select HAVE_ARCH_JUMP_LABEL if !MARCH_G5
|
|
select ARCH_SAVE_PAGE_KEYS if HIBERNATION
|
|
select HAVE_MEMBLOCK
|
|
select HAVE_MEMBLOCK_NODE_MAP
|
|
select ARCH_DISCARD_MEMBLOCK
|
|
select ARCH_INLINE_SPIN_TRYLOCK
|
|
select ARCH_INLINE_SPIN_TRYLOCK_BH
|
|
select ARCH_INLINE_SPIN_LOCK
|
|
select ARCH_INLINE_SPIN_LOCK_BH
|
|
select ARCH_INLINE_SPIN_LOCK_IRQ
|
|
select ARCH_INLINE_SPIN_LOCK_IRQSAVE
|
|
select ARCH_INLINE_SPIN_UNLOCK
|
|
select ARCH_INLINE_SPIN_UNLOCK_BH
|
|
select ARCH_INLINE_SPIN_UNLOCK_IRQ
|
|
select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE
|
|
select ARCH_INLINE_READ_TRYLOCK
|
|
select ARCH_INLINE_READ_LOCK
|
|
select ARCH_INLINE_READ_LOCK_BH
|
|
select ARCH_INLINE_READ_LOCK_IRQ
|
|
select ARCH_INLINE_READ_LOCK_IRQSAVE
|
|
select ARCH_INLINE_READ_UNLOCK
|
|
select ARCH_INLINE_READ_UNLOCK_BH
|
|
select ARCH_INLINE_READ_UNLOCK_IRQ
|
|
select ARCH_INLINE_READ_UNLOCK_IRQRESTORE
|
|
select ARCH_INLINE_WRITE_TRYLOCK
|
|
select ARCH_INLINE_WRITE_LOCK
|
|
select ARCH_INLINE_WRITE_LOCK_BH
|
|
select ARCH_INLINE_WRITE_LOCK_IRQ
|
|
select ARCH_INLINE_WRITE_LOCK_IRQSAVE
|
|
select ARCH_INLINE_WRITE_UNLOCK
|
|
select ARCH_INLINE_WRITE_UNLOCK_BH
|
|
select ARCH_INLINE_WRITE_UNLOCK_IRQ
|
|
select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE
|
|
|
|
config SCHED_OMIT_FRAME_POINTER
|
|
def_bool y
|
|
|
|
source "init/Kconfig"
|
|
|
|
source "kernel/Kconfig.freezer"
|
|
|
|
menu "Base setup"
|
|
|
|
comment "Processor type and features"
|
|
|
|
source "kernel/time/Kconfig"
|
|
|
|
config 64BIT
|
|
def_bool y
|
|
prompt "64 bit kernel"
|
|
help
|
|
Select this option if you have an IBM z/Architecture machine
|
|
and want to use the 64 bit addressing mode.
|
|
|
|
config 32BIT
|
|
def_bool y if !64BIT
|
|
|
|
config KTIME_SCALAR
|
|
def_bool 32BIT
|
|
|
|
config SMP
|
|
def_bool y
|
|
prompt "Symmetric multi-processing support"
|
|
---help---
|
|
This enables support for systems with more than one CPU. If you have
|
|
a system with only one CPU, like most personal computers, say N. If
|
|
you have a system with more than one CPU, say Y.
|
|
|
|
If you say N here, the kernel will run on single and multiprocessor
|
|
machines, but will use only one CPU of a multiprocessor machine. If
|
|
you say Y here, the kernel will run on many, but not all,
|
|
singleprocessor machines. On a singleprocessor machine, the kernel
|
|
will run faster if you say N here.
|
|
|
|
See also the SMP-HOWTO available at
|
|
<http://www.tldp.org/docs.html#howto>.
|
|
|
|
Even if you don't know what to do here, say Y.
|
|
|
|
config NR_CPUS
|
|
int "Maximum number of CPUs (2-64)"
|
|
range 2 64
|
|
depends on SMP
|
|
default "32" if !64BIT
|
|
default "64" if 64BIT
|
|
help
|
|
This allows you to specify the maximum number of CPUs which this
|
|
kernel will support. The maximum supported value is 64 and the
|
|
minimum value which makes sense is 2.
|
|
|
|
This is purely to save memory - each supported CPU adds
|
|
approximately sixteen kilobytes to the kernel image.
|
|
|
|
config HOTPLUG_CPU
|
|
def_bool y
|
|
prompt "Support for hot-pluggable CPUs"
|
|
depends on SMP
|
|
select HOTPLUG
|
|
help
|
|
Say Y here to be able to turn CPUs off and on. CPUs
|
|
can be controlled through /sys/devices/system/cpu/cpu#.
|
|
Say N if you want to disable CPU hotplug.
|
|
|
|
config SCHED_MC
|
|
def_bool n
|
|
|
|
config SCHED_BOOK
|
|
def_bool y
|
|
prompt "Book scheduler support"
|
|
depends on SMP
|
|
select SCHED_MC
|
|
help
|
|
Book scheduler support improves the CPU scheduler's decision making
|
|
when dealing with machines that have several books.
|
|
|
|
config MATHEMU
|
|
def_bool y
|
|
prompt "IEEE FPU emulation"
|
|
depends on MARCH_G5
|
|
help
|
|
This option is required for IEEE compliant floating point arithmetic
|
|
on older ESA/390 machines. Say Y unless you know your machine doesn't
|
|
need this.
|
|
|
|
config COMPAT
|
|
def_bool y
|
|
prompt "Kernel support for 31 bit emulation"
|
|
depends on 64BIT
|
|
select COMPAT_BINFMT_ELF
|
|
select ARCH_WANT_OLD_COMPAT_IPC
|
|
help
|
|
Select this option if you want to enable your system kernel to
|
|
handle system-calls from ELF binaries for 31 bit ESA. This option
|
|
(and some other stuff like libraries and such) is needed for
|
|
executing 31 bit applications. It is safe to say "Y".
|
|
|
|
config SYSVIPC_COMPAT
|
|
def_bool y if COMPAT && SYSVIPC
|
|
|
|
config KEYS_COMPAT
|
|
def_bool y if COMPAT && KEYS
|
|
|
|
config AUDIT_ARCH
|
|
def_bool y
|
|
|
|
comment "Code generation options"
|
|
|
|
choice
|
|
prompt "Processor type"
|
|
default MARCH_G5
|
|
|
|
config MARCH_G5
|
|
bool "System/390 model G5 and G6"
|
|
depends on !64BIT
|
|
help
|
|
Select this to build a 31 bit kernel that works
|
|
on all ESA/390 and z/Architecture machines.
|
|
|
|
config MARCH_Z900
|
|
bool "IBM zSeries model z800 and z900"
|
|
help
|
|
Select this to enable optimizations for model z800/z900 (2064 and
|
|
2066 series). This will enable some optimizations that are not
|
|
available on older ESA/390 (31 Bit) only CPUs.
|
|
|
|
config MARCH_Z990
|
|
bool "IBM zSeries model z890 and z990"
|
|
help
|
|
Select this to enable optimizations for model z890/z990 (2084 and
|
|
2086 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z9_109
|
|
bool "IBM System z9"
|
|
help
|
|
Select this to enable optimizations for IBM System z9 (2094 and
|
|
2096 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z10
|
|
bool "IBM System z10"
|
|
help
|
|
Select this to enable optimizations for IBM System z10 (2097 and
|
|
2098 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z196
|
|
bool "IBM zEnterprise 114 and 196"
|
|
help
|
|
Select this to enable optimizations for IBM zEnterprise 114 and 196
|
|
(2818 and 2817 series). The kernel will be slightly faster but will
|
|
not work on older machines.
|
|
|
|
endchoice
|
|
|
|
config PACK_STACK
|
|
def_bool y
|
|
prompt "Pack kernel stack"
|
|
help
|
|
This option enables the compiler option -mkernel-backchain if it
|
|
is available. If the option is available the compiler supports
|
|
the new stack layout which dramatically reduces the minimum stack
|
|
frame size. With an old compiler a non-leaf function needs a
|
|
minimum of 96 bytes on 31 bit and 160 bytes on 64 bit. With
|
|
-mkernel-backchain the minimum size drops to 16 byte on 31 bit
|
|
and 24 byte on 64 bit.
|
|
|
|
Say Y if you are unsure.
|
|
|
|
config SMALL_STACK
|
|
def_bool n
|
|
prompt "Use 8kb for kernel stack instead of 16kb"
|
|
depends on PACK_STACK && 64BIT && !LOCKDEP
|
|
help
|
|
If you say Y here and the compiler supports the -mkernel-backchain
|
|
option the kernel will use a smaller kernel stack size. The reduced
|
|
size is 8kb instead of 16kb. This allows to run more threads on a
|
|
system and reduces the pressure on the memory management for higher
|
|
order page allocations.
|
|
|
|
Say N if you are unsure.
|
|
|
|
config CHECK_STACK
|
|
def_bool y
|
|
prompt "Detect kernel stack overflow"
|
|
help
|
|
This option enables the compiler option -mstack-guard and
|
|
-mstack-size if they are available. If the compiler supports them
|
|
it will emit additional code to each function prolog to trigger
|
|
an illegal operation if the kernel stack is about to overflow.
|
|
|
|
Say N if you are unsure.
|
|
|
|
config STACK_GUARD
|
|
int "Size of the guard area (128-1024)"
|
|
range 128 1024
|
|
depends on CHECK_STACK
|
|
default "256"
|
|
help
|
|
This allows you to specify the size of the guard area at the lower
|
|
end of the kernel stack. If the kernel stack points into the guard
|
|
area on function entry an illegal operation is triggered. The size
|
|
needs to be a power of 2. Please keep in mind that the size of an
|
|
interrupt frame is 184 bytes for 31 bit and 328 bytes on 64 bit.
|
|
The minimum size for the stack guard should be 256 for 31 bit and
|
|
512 for 64 bit.
|
|
|
|
config WARN_DYNAMIC_STACK
|
|
def_bool n
|
|
prompt "Emit compiler warnings for function with dynamic stack usage"
|
|
help
|
|
This option enables the compiler option -mwarn-dynamicstack. If the
|
|
compiler supports this options generates warnings for functions
|
|
that dynamically allocate stack space using alloca.
|
|
|
|
Say N if you are unsure.
|
|
|
|
comment "Kernel preemption"
|
|
|
|
source "kernel/Kconfig.preempt"
|
|
|
|
config ARCH_SPARSEMEM_ENABLE
|
|
def_bool y
|
|
select SPARSEMEM_VMEMMAP_ENABLE
|
|
select SPARSEMEM_VMEMMAP
|
|
select SPARSEMEM_STATIC if !64BIT
|
|
|
|
config ARCH_SPARSEMEM_DEFAULT
|
|
def_bool y
|
|
|
|
config ARCH_SELECT_MEMORY_MODEL
|
|
def_bool y
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTPLUG
|
|
def_bool y if SPARSEMEM
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTREMOVE
|
|
def_bool y
|
|
|
|
config ARCH_HIBERNATION_POSSIBLE
|
|
def_bool y if 64BIT
|
|
|
|
source "mm/Kconfig"
|
|
|
|
comment "I/O subsystem configuration"
|
|
|
|
config QDIO
|
|
def_tristate y
|
|
prompt "QDIO support"
|
|
---help---
|
|
This driver provides the Queued Direct I/O base support for
|
|
IBM System z.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called qdio.
|
|
|
|
If unsure, say Y.
|
|
|
|
config CHSC_SCH
|
|
def_tristate m
|
|
prompt "Support for CHSC subchannels"
|
|
help
|
|
This driver allows usage of CHSC subchannels. A CHSC subchannel
|
|
is usually present on LPAR only.
|
|
The driver creates a device /dev/chsc, which may be used to
|
|
obtain I/O configuration information about the machine and
|
|
to issue asynchronous chsc commands (DANGEROUS).
|
|
You will usually only want to use this interface on a special
|
|
LPAR designated for system management.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called chsc_sch.
|
|
|
|
If unsure, say N.
|
|
|
|
comment "Misc"
|
|
|
|
config IPL
|
|
def_bool y
|
|
prompt "Builtin IPL record support"
|
|
help
|
|
If you want to use the produced kernel to IPL directly from a
|
|
device, you have to merge a bootsector specific to the device
|
|
into the first bytes of the kernel. You will have to select the
|
|
IPL device.
|
|
|
|
choice
|
|
prompt "IPL method generated into head.S"
|
|
depends on IPL
|
|
default IPL_VM
|
|
help
|
|
Select "tape" if you want to IPL the image from a Tape.
|
|
|
|
Select "vm_reader" if you are running under VM/ESA and want
|
|
to IPL the image from the emulated card reader.
|
|
|
|
config IPL_TAPE
|
|
bool "tape"
|
|
|
|
config IPL_VM
|
|
bool "vm_reader"
|
|
|
|
endchoice
|
|
|
|
source "fs/Kconfig.binfmt"
|
|
|
|
config FORCE_MAX_ZONEORDER
|
|
int
|
|
default "9"
|
|
|
|
config PFAULT
|
|
def_bool y
|
|
prompt "Pseudo page fault support"
|
|
help
|
|
Select this option, if you want to use PFAULT pseudo page fault
|
|
handling under VM. If running native or in LPAR, this option
|
|
has no effect. If your VM does not support PFAULT, PAGEEX
|
|
pseudo page fault handling will be used.
|
|
Note that VM 4.2 supports PFAULT but has a bug in its
|
|
implementation that causes some problems.
|
|
Everybody who wants to run Linux under VM != VM4.2 should select
|
|
this option.
|
|
|
|
config SHARED_KERNEL
|
|
def_bool y
|
|
prompt "VM shared kernel support"
|
|
help
|
|
Select this option, if you want to share the text segment of the
|
|
Linux kernel between different VM guests. This reduces memory
|
|
usage with lots of guests but greatly increases kernel size.
|
|
Also if a kernel was IPL'ed from a shared segment the kexec system
|
|
call will not work.
|
|
You should only select this option if you know what you are
|
|
doing and want to exploit this feature.
|
|
|
|
config CMM
|
|
def_tristate n
|
|
prompt "Cooperative memory management"
|
|
help
|
|
Select this option, if you want to enable the kernel interface
|
|
to reduce the memory size of the system. This is accomplished
|
|
by allocating pages of memory and put them "on hold". This only
|
|
makes sense for a system running under VM where the unused pages
|
|
will be reused by VM for other guest systems. The interface
|
|
allows an external monitor to balance memory of many systems.
|
|
Everybody who wants to run Linux under VM should select this
|
|
option.
|
|
|
|
config CMM_IUCV
|
|
def_bool y
|
|
prompt "IUCV special message interface to cooperative memory management"
|
|
depends on CMM && (SMSGIUCV=y || CMM=SMSGIUCV)
|
|
help
|
|
Select this option to enable the special message interface to
|
|
the cooperative memory management.
|
|
|
|
config APPLDATA_BASE
|
|
def_bool n
|
|
prompt "Linux - VM Monitor Stream, base infrastructure"
|
|
depends on PROC_FS
|
|
help
|
|
This provides a kernel interface for creating and updating z/VM APPLDATA
|
|
monitor records. The monitor records are updated at certain time
|
|
intervals, once the timer is started.
|
|
Writing 1 or 0 to /proc/appldata/timer starts(1) or stops(0) the timer,
|
|
i.e. enables or disables monitoring on the Linux side.
|
|
A custom interval value (in seconds) can be written to
|
|
/proc/appldata/interval.
|
|
|
|
Defaults are 60 seconds interval and timer off.
|
|
The /proc entries can also be read from, showing the current settings.
|
|
|
|
config APPLDATA_MEM
|
|
def_tristate m
|
|
prompt "Monitor memory management statistics"
|
|
depends on APPLDATA_BASE && VM_EVENT_COUNTERS
|
|
help
|
|
This provides memory management related data to the Linux - VM Monitor
|
|
Stream, like paging/swapping rate, memory utilisation, etc.
|
|
Writing 1 or 0 to /proc/appldata/memory creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
The /proc entry can also be read from, showing the current settings.
|
|
|
|
This can also be compiled as a module, which will be called
|
|
appldata_mem.o.
|
|
|
|
config APPLDATA_OS
|
|
def_tristate m
|
|
prompt "Monitor OS statistics"
|
|
depends on APPLDATA_BASE
|
|
help
|
|
This provides OS related data to the Linux - VM Monitor Stream, like
|
|
CPU utilisation, etc.
|
|
Writing 1 or 0 to /proc/appldata/os creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
This can also be compiled as a module, which will be called
|
|
appldata_os.o.
|
|
|
|
config APPLDATA_NET_SUM
|
|
def_tristate m
|
|
prompt "Monitor overall network statistics"
|
|
depends on APPLDATA_BASE && NET
|
|
help
|
|
This provides network related data to the Linux - VM Monitor Stream,
|
|
currently there is only a total sum of network I/O statistics, no
|
|
per-interface data.
|
|
Writing 1 or 0 to /proc/appldata/net_sum creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
This can also be compiled as a module, which will be called
|
|
appldata_net_sum.o.
|
|
|
|
source kernel/Kconfig.hz
|
|
|
|
config S390_HYPFS_FS
|
|
def_bool y
|
|
prompt "s390 hypervisor file system support"
|
|
select SYS_HYPERVISOR
|
|
help
|
|
This is a virtual file system intended to provide accounting
|
|
information in an s390 hypervisor environment.
|
|
|
|
config KEXEC
|
|
def_bool n
|
|
prompt "kexec system call"
|
|
help
|
|
kexec is a system call that implements the ability to shutdown your
|
|
current kernel, and to start another kernel. It is like a reboot
|
|
but is independent of hardware/microcode support.
|
|
|
|
config CRASH_DUMP
|
|
bool "kernel crash dumps"
|
|
depends on 64BIT
|
|
select KEXEC
|
|
help
|
|
Generate crash dump after being started by kexec.
|
|
Crash dump kernels are loaded in the main kernel with kexec-tools
|
|
into a specially reserved region and then later executed after
|
|
a crash by kdump/kexec.
|
|
For more details see Documentation/kdump/kdump.txt
|
|
|
|
config ZFCPDUMP
|
|
def_bool n
|
|
prompt "zfcpdump support"
|
|
select SMP
|
|
help
|
|
Select this option if you want to build an zfcpdump enabled kernel.
|
|
Refer to <file:Documentation/s390/zfcpdump.txt> for more details on this.
|
|
|
|
config S390_GUEST
|
|
def_bool y
|
|
prompt "s390 guest support for KVM (EXPERIMENTAL)"
|
|
depends on 64BIT && EXPERIMENTAL
|
|
select VIRTUALIZATION
|
|
select VIRTIO
|
|
select VIRTIO_RING
|
|
select VIRTIO_CONSOLE
|
|
help
|
|
Select this option if you want to run the kernel as a guest under
|
|
the KVM hypervisor. This will add detection for KVM as well as a
|
|
virtio transport. If KVM is detected, the virtio console will be
|
|
the default console.
|
|
|
|
config SECCOMP
|
|
def_bool y
|
|
prompt "Enable seccomp to safely compute untrusted bytecode"
|
|
depends on PROC_FS
|
|
help
|
|
This kernel feature is useful for number crunching applications
|
|
that may need to compute untrusted bytecode during their
|
|
execution. By using pipes or other transports made available to
|
|
the process as file descriptors supporting the read/write
|
|
syscalls, it's possible to isolate those applications in
|
|
their own address space using seccomp. Once seccomp is
|
|
enabled via /proc/<pid>/seccomp, it cannot be disabled
|
|
and the task is only allowed to execute a few safe syscalls
|
|
defined by each seccomp mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
endmenu
|
|
|
|
menu "Power Management"
|
|
|
|
source "kernel/power/Kconfig"
|
|
|
|
endmenu
|
|
|
|
source "net/Kconfig"
|
|
|
|
config PCMCIA
|
|
def_bool n
|
|
|
|
config CCW
|
|
def_bool y
|
|
|
|
source "drivers/Kconfig"
|
|
|
|
source "fs/Kconfig"
|
|
|
|
source "arch/s390/Kconfig.debug"
|
|
|
|
source "security/Kconfig"
|
|
|
|
source "crypto/Kconfig"
|
|
|
|
source "lib/Kconfig"
|
|
|
|
source "arch/s390/kvm/Kconfig"
|