#
# Mach Operating System
# Copyright (c) 1986 Carnegie-Mellon University
-# Copyright 2001-2014 Apple Inc.
+# Copyright 2001-2018 Apple Inc.
#
# All rights reserved. The CMU software License Agreement
# specifies the terms and conditions for use and redistribution.
-#
+#
#######################################################################
#
# Master machine independent configuration file.
# medium = medium scale system configuration
# small = small scale system configuration
# xsmall = extra small scale system configuration
-# bsmall = special extra small scale system configuration
+# bsmall = special extra small scale system configuration
#
#######################################################################
#
options MACH_NBC # No buffer cache # <nbc>
options MACH_NET # Fast network access # <mach_net>
options MACH_XP # external pager support # <xp>
-options NO_DIRECT_RPC # for untyped mig servers #
+options NO_DIRECT_RPC # for untyped mig servers #
options LOOP # loopback support # <loop>
options VLAN # # <vlan>
+options SIXLOWPAN # 6LoWPAN support # <sixlowpan>
options BOND # # <bond>
+options IF_FAKE # # <if_fake>
+options IF_HEADLESS # # <if_headless>
options AH_ALL_CRYPTO # AH all crypto algs # <ah_all_crypto>
-options IPCOMP_ZLIB # IP compression using zlib # <ipcomp_zlib>
options PF # Packet Filter # <pf>
-options PF_ALTQ # PF ALTQ (Alternate Queueing) # <pf_altq>
options PF_ECN # PF use ECN marking # <pf_ecn>
options PFLOG # PF log interface # <pflog>
-options PKTSCHED_CBQ # CBQ packet scheduler # <pktsched_cbq>
-options PKTSCHED_HFSC # H-FSC packet scheduler # <pktsched_hfsc>
-options PKTSCHED_PRIQ # PRIQ packet scheduler # <pktsched_priq>
-options PKTSCHED_FAIRQ # FAIRQ packet scheduler # <pktsched_fairq>
options MEASURE_BW # interface bandwidth measurement # <measure_bw>
-options CLASSQ_BLUE # BLUE queueing algorithm # <classq_blue>
-options CLASSQ_RED # RED queueing algorithm # <classq_red>
-options CLASSQ_RIO # RIO queueing algorithm # <classq_rio>
options DUMMYNET # dummynet support # <dummynet>
options TRAFFIC_MGT # traffic management support # <traffic_mgt>
options MULTICAST # Internet Protocol Class-D $
options TCPDEBUG # TCP debug # <tcpdebug>
-options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # <tcpdrop_synfin>
options ICMP_BANDLIM # ICMP bandwidth limiting sysctl
options IFNET_INPUT_SANITY_CHK # allow dlil/ifnet input sanity check # <ifnet_input_chk>
options MULTIPATH # Multipath domain # <multipath>
options NECP # <necp>
options CONTENT_FILTER # # <content_filter>
options PACKET_MANGLER # # <packet_mangler>
-
+options SIXLOWPAN # # <sixlowpan>
# secure_kernel - secure kernel from user programs
-options SECURE_KERNEL # <secure_kernel>
+options SECURE_KERNEL # <secure_kernel>
options OLD_SEMWAIT_SIGNAL # old semwait_signal handler
#
-# 4.4 general kernel
+# 4.4 general kernel
#
-options SOCKETS # socket support # <inet, inet6>
+options SOCKETS # socket support # <inet>
options DIAGNOSTIC # diagnostics # <diagnostic>
-options GPROF # build profiling # <profile>
options PROFILE # kernel profiling # <profile>
options SENDFILE # sendfile # <sendfile>
-options NETWORKING # networking layer # <inet, inet6>
+options NETWORKING # networking layer # <inet>
options CONFIG_FSE # file system events # <config_fse>
options CONFIG_IMAGEBOOT # local image boot # <config_imageboot>
+options CONFIG_LOCKERBOOT # locker boot # <config_lockerboot>
options CONFIG_MBUF_JUMBO # jumbo cluster pool # <config_mbuf_jumbo>
+options CONFIG_IMAGEBOOT_IMG4 # authenticate image with AppleImage4 # <config_imageboot_img4>
+options CONFIG_IMAGEBOOT_CHUNKLIST # authenticate image with a chunk list # <config_imageboot_chunklist>
options CONFIG_WORKQUEUE # <config_workqueue>
+options CONFIG_WORKLOOP_DEBUG # <config_workloop_debug>
#
-# 4.4 filesystems
+# 4.4 filesystems
#
options MOCKFS # Boot from an executable # <mockfs>
options FIFO # fifo support # <fifo>
options DEVFS # devfs support # <devfs>
options ROUTEFS # routefs support # <routefs>
options NULLFS # nullfs support # <nullfs>
+options BINDFS # bindfs support # <bindfs>
options FS_COMPRESSION # fs compression # <fs_compression>
options CONFIG_DEV_KMEM # /dev/kmem device for reading KVA # <config_dev_kmem>
options CONFIG_TRIGGERS # trigger vnodes # <config_triggers>
options CONFIG_EXT_RESOLVER # e.g. memberd # <config_ext_resolver>
options CONFIG_SEARCHFS # searchfs syscall support # <config_searchfs>
+options CONFIG_MNT_SUID # allow suid binaries # <config_mnt_suid>
+options CONFIG_MNT_ROOTSNAP # allow rooting from snapshot # <config_mnt_rootsnap>
+options CONFIG_ROSV_STARTUP # allow read-only system volume startup # <config_rosv_startup>
+options CONFIG_FIRMLINKS # support "firmlinks" # <config_firmlinks>
+options CONFIG_MOUNT_VM # mount VM volume on startup # <config_mount_vm>
+options CONFIG_MOUNT_PREBOOTRECOVERY # mount Preboot and/or Recovery volume on startup # <config_mount_prebootrecovery>
+options CONFIG_DATALESS_FILES # support dataless file materialization # <config_dataless_files>
+options CONFIG_BASESYSTEMROOT # mount BaseSystem as initial root filesystem on some kinds of startup # <config_basesystemroot>
#
# NFS support
#
options NFSCLIENT # Be an NFS client # <nfsclient>
options NFSSERVER # Be an NFS server # <nfsserver>
+options CONFIG_NFS_GSS # Support NFS GSSAPI # <config_nfs_gss>
+options CONFIG_NFS4 # Use NFSv4 # <config_nfs4>
+options CONFIG_NETBOOT # network booting (requires NFSCLIENT) # <config_netboot>
#
# Machine Independent Apple Features
#
profile # build a profiling kernel # <profile>
-#
+#
# IPv6 Support
-#
-options "INET6" # kernel IPv6 Support # <inet6>
-options IPV6SEND # Secure Neighbor Discovery # <ipv6send>
+#
options IPSEC # IP security # <ipsec>
options IPSEC_ESP # IP security # <ipsec>
-options "IPV6FIREWALL" # IPv6 Firewall Feature # <ipv6firewall>
-options "IPV6FIREWALL_DEFAULT_TO_ACCEPT" #IPv6 Firewall Feature # <ipv6firewall>
-#options "IPV6FIREWALL_VERBOSE" #IPv6 Firewall Feature # <ipv6firewall>
pseudo-device gif 1 # <gif>
pseudo-device dummy 2 # <dummy>
options CRYPTO_SHA2 # <crypto_sha2>
options ENCRYPTED_SWAP # <encrypted_swap>
+options CONFIG_IMG4 # <config_img4>
+
options ZLIB # inflate/deflate support # <zlib>
+options ZLIBC # inflate/deflate support # <zlibc>
options IF_BRIDGE # <if_bridge>
#
-# configurable kernel event related resources
+# configurable kernel event related resources
#
options CONFIG_KN_HASHSIZE=64 # <medium,large,xlarge>
options CONFIG_KN_HASHSIZE=48 # <small,xsmall>
options CONFIG_KN_HASHSIZE=20 # <bsmall>
#
-# configurable vfs related resources
-# CONFIG_VNODES - used to pre allocate vnode related resources
-# CONFIG_VNODE_FREE_MIN - mininmum number of free vnodes
+# configurable vfs related resources
+# CONFIG_VNODES - used to pre allocate vnode related resources
# CONFIG_NC_HASH - name cache hash table allocation
# CONFIG_VFS_NAMES - name strings
#
-# 263168 magic number for medium CONFIG_VNODES is based on memory
-# Number vnodes is (memsize/64k) + 1024
+# 263168 magic number for medium CONFIG_VNODES is based on memory
+# Number vnodes is (memsize/64k) + 1024
# This is the calculation that is used by launchd in tiger
-# we are clipping the max based on 16G
+# we are clipping the max based on 16G
# ie ((16*1024*1024*1024)/(64 *1024)) + 1024 = 263168;
options CONFIG_VNODES=263168 # <large,xlarge>
options CONFIG_VNODES=10240 # <small>
options CONFIG_VNODES=750 # <bsmall>
-options CONFIG_VNODE_FREE_MIN=500 # <large,xlarge>
-options CONFIG_VNODE_FREE_MIN=300 # <medium>
-options CONFIG_VNODE_FREE_MIN=200 # <small>
-options CONFIG_VNODE_FREE_MIN=100 # <xsmall>
-options CONFIG_VNODE_FREE_MIN=75 # <bsmall>
-
options CONFIG_NC_HASH=5120 # <large,xlarge>
options CONFIG_NC_HASH=4096 # <medium>
options CONFIG_NC_HASH=2048 # <small,xsmall>
options CONFIG_MAX_CLUSTERS=4 # <small,xsmall,bsmall>
#
-# configurable options for minumum number of buffers for kernel memory
+# configurable options for minumum number of buffers for kernel memory
#
options CONFIG_MIN_NBUF=256 # <medium,large,xlarge>
options CONFIG_MIN_NBUF=128 # <small>
options CONFIG_ICMP_BANDLIM=50 # <xsmall,small,bsmall>
#
-# configurable async IO options
+# configurable async IO options
# CONFIG_AIO_MAX - system wide limit of async IO requests.
# CONFIG_AIO_PROCESS_MAX - process limit of async IO requests.
# CONFIG_AIO_THREAD_COUNT - number of async IO worker threads created.
#
# configurable kernel message buffer size
#
-options CONFIG_MSG_BSIZE=4096 # <bsmall,small,xsmall>
-options CONFIG_MSG_BSIZE=16384 # <medium,large,xlarge>
+options CONFIG_MSG_BSIZE_REL=4096 # <msgb_small>
+options CONFIG_MSG_BSIZE_DEV=4096 # <msgb_small>
+options CONFIG_MSG_BSIZE_REL=16384 # <msgb_large>
+options CONFIG_MSG_BSIZE_DEV=131072 # <msgb_large>
+options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_REL # <!development,debug>
+options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_DEV # <development,debug>
#
# maximum size of the per-process Mach IPC table
options CONFIG_IPC_TABLE_ENTRIES_STEPS=64 # 137898 entries # <bsmall,small,xsmall>
options CONFIG_IPC_TABLE_ENTRIES_STEPS=256 # 300714 entries # <medium,large,xlarge>
-
#
# configurable kernel - use these options to strip strings from panic
# and printf calls.
-# no_panic_str - saves around 50K of kernel footprint.
# no_printf_str - saves around 45K of kernel footprint.
#
-options CONFIG_NO_PANIC_STRINGS # <no_panic_str>
options CONFIG_NO_PRINTF_STRINGS # <no_printf_str>
options CONFIG_NO_KPRINTF_STRINGS # <no_kprintf_str>
+# support vsprintf (deprecated in favor of vsnprintf)
+options CONFIG_VSPRINTF # <vsprintf>
+
#
-# use finer-grained lock groups for the proc subsystem
+# configurable kernel - general switch to say we are building for an
+# embedded device
#
-options CONFIG_FINE_LOCK_GROUPS # <medium,large,xlarge>
+options CONFIG_EMBEDDED # <config_embedded>
+
+options CONFIG_ARROW # <config_arrow>
# support dynamic signing of code
#
options CONFIG_DYNAMIC_CODE_SIGNING # <dynamic_codesigning>
-# enforce library validation on all processes.
+# enforce library validation on all processes.
#
options CONFIG_ENFORCE_LIBRARY_VALIDATION # <config_library_validation>
+# support loading a second static trust cache
+#
+options CONFIG_SECOND_STATIC_TRUST_CACHE # <second_static_trust_cache>
+
+# support supplemental signatures
+#
+options CONFIG_SUPPLEMENTAL_SIGNATURES # <config_supplemental_signatures>
+
#
# code decryption... used on embedded for app protection, DSMOS on desktop
#
#
options CONFIG_PROTECT # <config_protect>
+#allow write-protection of key page
+options CONFIG_KEYPAGE_WP # <config_keypage_wp>
+
+#
+# allow vm_pageout_scan to dynamically adjust its priority based on priorities of waiters
+#
+options CONFIG_VPS_DYNAMIC_PRIO # <vps_dynamic_prio>
+
#
# enable per-process memory priority tracking
#
options CONFIG_MEMORYSTATUS # <memorystatus>
+#
+# enable per-process dirty-status tracking
+#
+options CONFIG_DIRTYSTATUS_TRACKING # <dirtystatus_tracking>
#
# enable jetsam - used on embedded
#
options CHECK_CS_VALIDATION_BITMAP # <config_cs_validation_bitmap>
+#
+# enable physical writes accounting
+#
+options CONFIG_PHYS_WRITE_ACCT # <phys_write_acct>
+
#
# enable detectiion of file cache thrashing - used on platforms with
# dynamic VM compression enabled
options CONFIG_BACKGROUND_QUEUE # <config_background_queue>
+#
+# Ledger features
+#
+options CONFIG_LEDGER_INTERVAL_MAX # <config_ledger_interval_max>
+
#
# I/O Scheduling
#
# For now debug is enabled wherever inheritance is
#
options IMPORTANCE_INHERITANCE # <importance_inheritance>
-options IMPORTANCE_DEBUG # <importance_inheritance>
+options IMPORTANCE_TRACE # <importance_trace>
+options IMPORTANCE_DEBUG # <importance_debug>
options CONFIG_TELEMETRY # <config_telemetry>
#
# ECC data logging
-#
+#
options CONFIG_ECC_LOGGING # <config_ecc_logging>
#
#
options CONFIG_COREDUMP # <config_coredump>
+#
+# Vnode guards
+#
+options CONFIG_VNGUARD # <config_vnguard>
+
#
# Ethernet (ARP)
#
-pseudo-device ether # <networking,inet,inet6>
+pseudo-device ether # <networking,inet>
#
# Network loopback device
#
-pseudo-device loop # <networking,inet,inet6>
+pseudo-device loop # <networking,inet>
#
# UCB pseudo terminal service
#
#
# packet filter device
#
-pseudo-device bpfilter 4 init bpf_init # <networking,inet,inet6>
+pseudo-device bpfilter 4 init bpf_init # <networking,inet>
#
# fsevents device
pseudo-device dtrace 1 init dtrace_init # <config_dtrace>
pseudo-device helper 1 init helper_init # <config_dtrace>
pseudo-device lockstat 1 init lockstat_init # <config_dtrace>
+pseudo-device lockprof 1 init lockprof_init # <config_dtrace>
pseudo-device sdt 1 init sdt_init # <config_dtrace>
pseudo-device systrace 1 init systrace_init # <config_dtrace>
pseudo-device fbt 1 init fbt_init # <config_dtrace>
pseudo-device profile_prvd 1 init profile_init # <config_dtrace>
+
#
# IOKit configuration options
#
options IOKITSTATS # IOKit statistics # <iokitstats>
options IOTRACKING # IOKit tracking # <iotracking>
options CONFIG_SLEEP # # <config_sleep>
-options CONFIG_MAX_THREADS=64 # IOConfigThread threads
+options CONFIG_MAX_THREADS=500 # IOConfigThread threads
options NO_KEXTD # <no_kextd>
options NO_KERNEL_HID # <no_kernel_hid>
#
options LIBKERNCPP # C++ implementation # <libkerncpp>
+options CONFIG_BLOCKS # Blocks runtime # <config_blocks>
options CONFIG_KXLD # kxld/runtime linking of kexts # <config_kxld>
options CONFIG_KEC_FIPS # Kernel External Components for FIPS compliance (KEC_FIPS) # <config_kec_fips>
options CONFIG_MACF # Mandatory Access Control Framework # <config_macf>
options CONFIG_MACF_SOCKET_SUBSET # MAC socket subest (no labels) # <config_macf>
-#options CONFIG_MACF_SOCKET # MAC socket labels # <config_macf>
-#options CONFIG_MACF_NET # mbuf # <config_macf>
#options CONFIG_MACF_DEBUG # debug # <config_macf>
options CONFIG_AUDIT # Kernel auditing # <config_audit>
+options CONFIG_ARCADE # Arcade validation support # <config_arcade>
+
+options CONFIG_SETUID # setuid/setgid support # <config_setuid>
+
+options CONFIG_SECURE_BSD_ROOT # secure BSD root # <config_secure_bsd_root>
+
+options CONFIG_KAS_INFO # kas_info support # <config_kas_info>
+
+options CONFIG_ZALLOC_SEQUESTER # Sequester VA for zones # <config_zalloc_sequester>
#
# MACH configuration options.
# forcibly suspending tasks when the demand exceeds supply. This
# option should be on.
#
-options MACH_RT
options TASK_SWAPPER # <task_swapper_disabled>
#
# hardclock device driver.
#
options MACH_MP_DEBUG # # <debug>
-#
-# ZONE_DEBUG keeps track of all zalloc()ed elements to perform further
-# operations on each element.
-#
-options ZONE_DEBUG # # <debug>
-
+options CONFIG_ZCACHE # Enable per-cpu caching for zones # <config_zcache>
options CONFIG_ZLEAKS # Live zone leak debugging # <zleaks>
#
# available when the kernel is being debugged.
#
options CONFIG_DEBUGGER_FOR_ZONE_INFO # <debugger_for_zone_info>
-#
-# XPR_DEBUG enables the gathering of data through the XPR macros inserted
-# into various subsystems. This option is normally only enabled for
-# specific performance or behavior studies, as the overhead in both
-# code and data space is large. The data is normally retrieved through
-# the kernel debugger (kdb) or by reading /dev/kmem.
-#
-options XPR_DEBUG # # <debug>
-#
+#
# MACH_LDEBUG controls the internal consistency checks and
# data gathering in the locking package. This also enables a debug-only
# version of simple-locks on uniprocessor machines. The code size and
# performance impact of this option is significant.
-#
+#
options MACH_LDEBUG # # <debug>
#
#
options CONFIG_DTRACE # # <config_dtrace>
+options LOCK_STATS # # <lock_stats>
+
# kernel performance tracing
options KPERF # <kperf>
options KPC # <kpc>
+
+options PGO # <pgo>
+
# MACH_COUNTERS enables code that handles various counters in the system.
-#
+#
options MACH_COUNTERS # # <debug>
# DEVELOPMENT define for development builds
# DEBUG kernel
options DEBUG # general debugging code # <debug>
+options CONFIG_NONFATAL_ASSERTS # non fatal asserts # <softasserts>
##########################################################
#
options IOKIT # # <iokit>
#
-# configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in
+# configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in
# sync with bsd/conf/MASTER until we fix the config system... todo XXX
#
options CONFIG_THREAD_MAX=2560 # <medium,large,xlarge>
options CONFIG_TASK_MAX=768 # <small,>
options CONFIG_TASK_MAX=512 # <xsmall,bsmall>
-options CONFIG_ZONE_MAP_MIN=12582912 # <medium,large,xlarge>
-options CONFIG_ZONE_MAP_MIN=6291456 # <small>
-options CONFIG_ZONE_MAP_MIN=1048576 # <xsmall,bsmall>
+#
+# Minimum zone map size: 115 MB
+#
+options CONFIG_ZONE_MAP_MIN=120586240 # <xsmall,bsmall,small,medium,large,xlarge>
-# Sizes must be a power of two for the zhash to
-# be able to just mask off bits instead of mod
+# Sizes must be a power of two for the zhash to
+# be able to just mask off bits instead of mod
options CONFIG_ZLEAK_ALLOCATION_MAP_NUM=16384 #<medium,large,xlarge>
options CONFIG_ZLEAK_ALLOCATION_MAP_NUM=8192 #<small,xsmall,bsmall>
options CONFIG_ZLEAK_TRACE_MAP_NUM=8192 #<medium,large,xlarge>
options CONFIG_SCHED_GRRR_CORE # <config_sched_grrr>
options CONFIG_SCHED_MULTIQ # <config_sched_multiq>
options CONFIG_SCHED_TIMESHARE_CORE # <config_sched_traditional,config_sched_multiq>
+options CONFIG_CLUTCH # <config_clutch>
+options CONFIG_SCHED_AUTO_JOIN # <config_sched_auto_join>
options CONFIG_SCHED_IDLE_IN_PLACE # <config_sched_idle_in_place>
options CONFIG_SCHED_SFI # <config_sched_sfi>
options CONFIG_SERIAL_KDP # KDP over serial # <config_serial_kdp>
options CONFIG_KDP_INTERACTIVE_DEBUGGING # <kdp_interactive_debugging>
+options CONFIG_TASKWATCH
#
# Kernel Power On Self Tests
#
#
options CONFIG_ATM # <config_atm>
-#
-# Kernel Voucher Attr Manager for BANK
-#
-options CONFIG_BANK # <config_bank>
-
-
# Group related tasks together into coalitions
options CONFIG_COALITIONS # <config_coalitions>
# Configurable Security Restrictions
options CONFIG_CSR # <config_csr>
+options CONFIG_CSR_FROM_DT # <config_csr_from_dt>
#
# Console options
# Syscall options
#
options CONFIG_REQUIRES_U32_MUNGING # incoming U32 argument structures must be munged to match U64 # <config_requires_u32_munging>
+
+#
+# copyout() instrumentation
+#
+options COPYOUT_SHIM # Shim for copyout memory analysis via kext #<copyout_shim>
+
+#
+# Enable hardware correlation of mach absolute time
+# across intel/arm boundary
+options CONFIG_MACH_BRIDGE_SEND_TIME # # <config_mach_bridge_send_time>
+options CONFIG_MACH_BRIDGE_RECV_TIME # # <config_mach_bridge_recv_time>
+
+#
+# Telemetry for 32-bit process launch
+#
+options CONFIG_32BIT_TELEMETRY # # <config_32bit_telemetry>
+
+options CONFIG_QUIESCE_COUNTER # Support for _COMM_PAGE_CPU_QUIESCENT_COUNTER # <config_quiesce_counter>
+options CONFIG_ARM_PFZ # Support for PFZ on ARM # <config_arm_pfz>
+
+#
+# Sanitizers
+#
+options CONFIG_KASAN # <config_kasan>
+options CONFIG_UBSAN # <config_ubsan>
+options CONFIG_KSANCOV # <config_ksancov>
+
+# dark boot support
+options CONFIG_DARKBOOT # <config_darkboot>
+
+# support for processes delaying idle sleep for pending IO
+options CONFIG_DELAY_IDLE_SLEEP # <config_delay_idle_sleep>
+
+# support for storing a 64-bit user supplied value in the proc structure
+options CONFIG_PROC_UDATA_STORAGE # <config_proc_udata_storage>
+
+pseudo-device ksancov 1 init ksancov_init_dev # <config_ksancov>
+
+# debug instrumentation to catch code that leaves interrupts masked
+# for an excessive period of time
+options INTERRUPT_MASKED_DEBUG # <interrupt_masked_debug>
projects / apple / xnu.git / blobdiff