X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/813fb2f63a553c957e917ede5f119b021d6ce391..c3c9b80d004dbbfdf763edeb97968c6997e3b45b:/config/MASTER diff --git a/config/MASTER b/config/MASTER index cdacdd750..8beac4230 100644 --- a/config/MASTER +++ b/config/MASTER @@ -1,11 +1,11 @@ # # Mach Operating System # Copyright (c) 1986 Carnegie-Mellon University -# Copyright 2001-2014 Apple Inc. +# Copyright 2001-2018 Apple Inc. # # All rights reserved. The CMU software License Agreement # specifies the terms and conditions for use and redistribution. -# +# ####################################################################### # # Master machine independent configuration file. @@ -48,7 +48,7 @@ # medium = medium scale system configuration # small = small scale system configuration # xsmall = extra small scale system configuration -# bsmall = special extra small scale system configuration +# bsmall = special extra small scale system configuration # ####################################################################### # @@ -68,29 +68,22 @@ options MACH_NP # Mach IPC support # options MACH_NBC # No buffer cache # options MACH_NET # Fast network access # options MACH_XP # external pager support # -options NO_DIRECT_RPC # for untyped mig servers # +options NO_DIRECT_RPC # for untyped mig servers # options LOOP # loopback support # options VLAN # # +options SIXLOWPAN # 6LoWPAN support # options BOND # # +options IF_FAKE # # +options IF_HEADLESS # # options AH_ALL_CRYPTO # AH all crypto algs # -options IPCOMP_ZLIB # IP compression using zlib # options PF # Packet Filter # -options PF_ALTQ # PF ALTQ (Alternate Queueing) # options PF_ECN # PF use ECN marking # options PFLOG # PF log interface # -options PKTSCHED_CBQ # CBQ packet scheduler # -options PKTSCHED_HFSC # H-FSC packet scheduler # -options PKTSCHED_PRIQ # PRIQ packet scheduler # -options PKTSCHED_FAIRQ # FAIRQ packet scheduler # options MEASURE_BW # interface bandwidth measurement # -options CLASSQ_BLUE # BLUE queueing algorithm # -options CLASSQ_RED # RED queueing algorithm # -options CLASSQ_RIO # RIO queueing algorithm # options DUMMYNET # dummynet support # options TRAFFIC_MGT # traffic management support # options MULTICAST # Internet Protocol Class-D $ options TCPDEBUG # TCP debug # -options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # options ICMP_BANDLIM # ICMP bandwidth limiting sysctl options IFNET_INPUT_SANITY_CHK # allow dlil/ifnet input sanity check # options MULTIPATH # Multipath domain # @@ -103,29 +96,32 @@ options FLOW_DIVERT # options NECP # options CONTENT_FILTER # # options PACKET_MANGLER # # - +options SIXLOWPAN # # # secure_kernel - secure kernel from user programs -options SECURE_KERNEL # +options SECURE_KERNEL # options OLD_SEMWAIT_SIGNAL # old semwait_signal handler # -# 4.4 general kernel +# 4.4 general kernel # -options SOCKETS # socket support # +options SOCKETS # socket support # options DIAGNOSTIC # diagnostics # -options GPROF # build profiling # options PROFILE # kernel profiling # options SENDFILE # sendfile # -options NETWORKING # networking layer # +options NETWORKING # networking layer # options CONFIG_FSE # file system events # options CONFIG_IMAGEBOOT # local image boot # +options CONFIG_LOCKERBOOT # locker boot # options CONFIG_MBUF_JUMBO # jumbo cluster pool # +options CONFIG_IMAGEBOOT_IMG4 # authenticate image with AppleImage4 # +options CONFIG_IMAGEBOOT_CHUNKLIST # authenticate image with a chunk list # options CONFIG_WORKQUEUE # +options CONFIG_WORKLOOP_DEBUG # # -# 4.4 filesystems +# 4.4 filesystems # options MOCKFS # Boot from an executable # options FIFO # fifo support # @@ -133,6 +129,7 @@ options FDESC # fdesc_fs support # options DEVFS # devfs support # options ROUTEFS # routefs support # options NULLFS # nullfs support # +options BINDFS # bindfs support # options FS_COMPRESSION # fs compression # options CONFIG_DEV_KMEM # /dev/kmem device for reading KVA # @@ -148,28 +145,33 @@ options CONFIG_TRIGGERS # trigger vnodes # options CONFIG_EXT_RESOLVER # e.g. memberd # options CONFIG_SEARCHFS # searchfs syscall support # options CONFIG_MNT_SUID # allow suid binaries # +options CONFIG_MNT_ROOTSNAP # allow rooting from snapshot # +options CONFIG_ROSV_STARTUP # allow read-only system volume startup # +options CONFIG_FIRMLINKS # support "firmlinks" # +options CONFIG_MOUNT_VM # mount VM volume on startup # +options CONFIG_MOUNT_PREBOOTRECOVERY # mount Preboot and/or Recovery volume on startup # +options CONFIG_DATALESS_FILES # support dataless file materialization # +options CONFIG_BASESYSTEMROOT # mount BaseSystem as initial root filesystem on some kinds of startup # # # NFS support # options NFSCLIENT # Be an NFS client # options NFSSERVER # Be an NFS server # +options CONFIG_NFS_GSS # Support NFS GSSAPI # +options CONFIG_NFS4 # Use NFSv4 # +options CONFIG_NETBOOT # network booting (requires NFSCLIENT) # # # Machine Independent Apple Features # profile # build a profiling kernel # -# +# # IPv6 Support -# -options "INET6" # kernel IPv6 Support # -options IPV6SEND # Secure Neighbor Discovery # +# options IPSEC # IP security # options IPSEC_ESP # IP security # -options "IPV6FIREWALL" # IPv6 Firewall Feature # -options "IPV6FIREWALL_DEFAULT_TO_ACCEPT" #IPv6 Firewall Feature # -#options "IPV6FIREWALL_VERBOSE" #IPv6 Firewall Feature # pseudo-device gif 1 # pseudo-device dummy 2 # @@ -179,28 +181,30 @@ options CRYPTO # options CRYPTO_SHA2 # options ENCRYPTED_SWAP # +options CONFIG_IMG4 # + options ZLIB # inflate/deflate support # +options ZLIBC # inflate/deflate support # options IF_BRIDGE # # -# configurable kernel event related resources +# configurable kernel event related resources # options CONFIG_KN_HASHSIZE=64 # options CONFIG_KN_HASHSIZE=48 # options CONFIG_KN_HASHSIZE=20 # # -# configurable vfs related resources -# CONFIG_VNODES - used to pre allocate vnode related resources -# CONFIG_VNODE_FREE_MIN - mininmum number of free vnodes +# configurable vfs related resources +# CONFIG_VNODES - used to pre allocate vnode related resources # CONFIG_NC_HASH - name cache hash table allocation # CONFIG_VFS_NAMES - name strings # -# 263168 magic number for medium CONFIG_VNODES is based on memory -# Number vnodes is (memsize/64k) + 1024 +# 263168 magic number for medium CONFIG_VNODES is based on memory +# Number vnodes is (memsize/64k) + 1024 # This is the calculation that is used by launchd in tiger -# we are clipping the max based on 16G +# we are clipping the max based on 16G # ie ((16*1024*1024*1024)/(64 *1024)) + 1024 = 263168; options CONFIG_VNODES=263168 # @@ -208,12 +212,6 @@ options CONFIG_VNODES=263168 # options CONFIG_VNODES=10240 # options CONFIG_VNODES=750 # -options CONFIG_VNODE_FREE_MIN=500 # -options CONFIG_VNODE_FREE_MIN=300 # -options CONFIG_VNODE_FREE_MIN=200 # -options CONFIG_VNODE_FREE_MIN=100 # -options CONFIG_VNODE_FREE_MIN=75 # - options CONFIG_NC_HASH=5120 # options CONFIG_NC_HASH=4096 # options CONFIG_NC_HASH=2048 # @@ -228,7 +226,7 @@ options CONFIG_MAX_CLUSTERS=8 # options CONFIG_MAX_CLUSTERS=4 # # -# configurable options for minumum number of buffers for kernel memory +# configurable options for minumum number of buffers for kernel memory # options CONFIG_MIN_NBUF=256 # options CONFIG_MIN_NBUF=128 # @@ -259,7 +257,7 @@ options CONFIG_ICMP_BANDLIM=250 # options CONFIG_ICMP_BANDLIM=50 # # -# configurable async IO options +# configurable async IO options # CONFIG_AIO_MAX - system wide limit of async IO requests. # CONFIG_AIO_PROCESS_MAX - process limit of async IO requests. # CONFIG_AIO_THREAD_COUNT - number of async IO worker threads created. @@ -295,8 +293,12 @@ options CONFIG_MFCTBLSIZ=16 # # # configurable kernel message buffer size # -options CONFIG_MSG_BSIZE=4096 # -options CONFIG_MSG_BSIZE=16384 # +options CONFIG_MSG_BSIZE_REL=16384 # +options CONFIG_MSG_BSIZE_DEV=131072 # +options CONFIG_MSG_BSIZE_REL=131072 # +options CONFIG_MSG_BSIZE_DEV=131072 # +options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_REL # +options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_DEV # # # maximum size of the per-process Mach IPC table @@ -304,31 +306,51 @@ options CONFIG_MSG_BSIZE=16384 # options CONFIG_IPC_TABLE_ENTRIES_STEPS=64 # 137898 entries # options CONFIG_IPC_TABLE_ENTRIES_STEPS=256 # 300714 entries # +# +# maximum copyout size for IPC debugging tools +# +options CONFIG_IPC_KERNEL_MAP_SIZE=16 # 16M # +options CONFIG_IPC_KERNEL_MAP_SIZE=64 # 64M # # # configurable kernel - use these options to strip strings from panic # and printf calls. -# no_panic_str - saves around 50K of kernel footprint. # no_printf_str - saves around 45K of kernel footprint. # -options CONFIG_NO_PANIC_STRINGS # options CONFIG_NO_PRINTF_STRINGS # options CONFIG_NO_KPRINTF_STRINGS # +# support vsprintf (deprecated in favor of vsnprintf) +options CONFIG_VSPRINTF # + # -# use finer-grained lock groups for the proc subsystem +# configurable kernel - general switch to say we are building for an +# embedded device # -options CONFIG_FINE_LOCK_GROUPS # +options CONFIG_EMBEDDED # +options CONFIG_ARROW # + + +options NOS_ARM_ASM # +options NOS_ARM_PMAP # # support dynamic signing of code # options CONFIG_DYNAMIC_CODE_SIGNING # -# enforce library validation on all processes. +# enforce library validation on all processes. # options CONFIG_ENFORCE_LIBRARY_VALIDATION # +# support loading a second static trust cache +# +options CONFIG_SECOND_STATIC_TRUST_CACHE # + +# support supplemental signatures +# +options CONFIG_SUPPLEMENTAL_SIGNATURES # + # # code decryption... used on embedded for app protection, DSMOS on desktop # @@ -339,11 +361,23 @@ options CONFIG_CODE_DECRYPTION # # options CONFIG_PROTECT # +#allow write-protection of key page +options CONFIG_KEYPAGE_WP # + +# +# allow vm_pageout_scan to dynamically adjust its priority based on priorities of waiters +# +options CONFIG_VPS_DYNAMIC_PRIO # + # # enable per-process memory priority tracking # options CONFIG_MEMORYSTATUS # +# +# enable per-process dirty-status tracking +# +options CONFIG_DIRTYSTATUS_TRACKING # # # enable jetsam - used on embedded # @@ -369,6 +403,11 @@ options CONFIG_FREEZE # options CHECK_CS_VALIDATION_BITMAP # +# +# enable physical writes accounting +# +options CONFIG_PHYS_WRITE_ACCT # + # # enable detectiion of file cache thrashing - used on platforms with # dynamic VM compression enabled @@ -384,6 +423,11 @@ options CONFIG_SECLUDED_MEMORY # options CONFIG_BACKGROUND_QUEUE # +# +# Ledger features +# +options CONFIG_LEDGER_INTERVAL_MAX # + # # I/O Scheduling # @@ -399,7 +443,8 @@ options CONFIG_IO_ACCOUNTING # # For now debug is enabled wherever inheritance is # options IMPORTANCE_INHERITANCE # -options IMPORTANCE_DEBUG # +options IMPORTANCE_TRACE # +options IMPORTANCE_DEBUG # options CONFIG_TELEMETRY # @@ -407,7 +452,7 @@ options CONFIG_PROC_UUID_POLICY # # # ECC data logging -# +# options CONFIG_ECC_LOGGING # # @@ -415,14 +460,19 @@ options CONFIG_ECC_LOGGING # # options CONFIG_COREDUMP # +# +# Vnode guards +# +options CONFIG_VNGUARD # + # # Ethernet (ARP) # -pseudo-device ether # +pseudo-device ether # # # Network loopback device # -pseudo-device loop # +pseudo-device loop # # # UCB pseudo terminal service # @@ -450,7 +500,7 @@ pseudo-device mdevdevice 1 init mdevinit # # packet filter device # -pseudo-device bpfilter 4 init bpf_init # +pseudo-device bpfilter 4 init bpf_init # # # fsevents device @@ -460,11 +510,13 @@ pseudo-device random 1 init random_init pseudo-device dtrace 1 init dtrace_init # pseudo-device helper 1 init helper_init # pseudo-device lockstat 1 init lockstat_init # +pseudo-device lockprof 1 init lockprof_init # pseudo-device sdt 1 init sdt_init # pseudo-device systrace 1 init systrace_init # pseudo-device fbt 1 init fbt_init # pseudo-device profile_prvd 1 init profile_init # + # # IOKit configuration options # @@ -474,7 +526,7 @@ options IOKITCPP # C++ implementation # options IOKITSTATS # IOKit statistics # options IOTRACKING # IOKit tracking # options CONFIG_SLEEP # # -options CONFIG_MAX_THREADS=64 # IOConfigThread threads +options CONFIG_MAX_THREADS=500 # IOConfigThread threads options NO_KEXTD # options NO_KERNEL_HID # @@ -483,6 +535,7 @@ options NO_KERNEL_HID # # options LIBKERNCPP # C++ implementation # +options CONFIG_BLOCKS # Blocks runtime # options CONFIG_KXLD # kxld/runtime linking of kexts # options CONFIG_KEC_FIPS # Kernel External Components for FIPS compliance (KEC_FIPS) # @@ -511,22 +564,21 @@ options PERSONA_DEBUG # Persona debugging # options CONFIG_MACF # Mandatory Access Control Framework # options CONFIG_MACF_SOCKET_SUBSET # MAC socket subest (no labels) # -#options CONFIG_MACF_SOCKET # MAC socket labels # -#options CONFIG_MACF_NET # mbuf # #options CONFIG_MACF_DEBUG # debug # options CONFIG_AUDIT # Kernel auditing # +options CONFIG_ARCADE # Arcade validation support # + +options CONFIG_SETUID # setuid/setgid support # + +options CONFIG_SECURE_BSD_ROOT # secure BSD root # + +options CONFIG_KAS_INFO # kas_info support # # # MACH configuration options. # -# TASK_SWAPPER enables code that manages demand for physical memory by -# forcibly suspending tasks when the demand exceeds supply. This -# option should be on. -# -options MACH_RT -options TASK_SWAPPER # # # This defines configuration options that are normally used only during @@ -556,12 +608,6 @@ options MACH_VM_DEBUG # # # hardclock device driver. # options MACH_MP_DEBUG # # -# -# ZONE_DEBUG keeps track of all zalloc()ed elements to perform further -# operations on each element. -# -options ZONE_DEBUG # # - options CONFIG_ZLEAKS # Live zone leak debugging # # @@ -574,20 +620,12 @@ options CONFIG_TASK_ZONE_INFO # # available when the kernel is being debugged. # options CONFIG_DEBUGGER_FOR_ZONE_INFO # -# -# XPR_DEBUG enables the gathering of data through the XPR macros inserted -# into various subsystems. This option is normally only enabled for -# specific performance or behavior studies, as the overhead in both -# code and data space is large. The data is normally retrieved through -# the kernel debugger (kdb) or by reading /dev/kmem. -# -options XPR_DEBUG # # -# +# # MACH_LDEBUG controls the internal consistency checks and # data gathering in the locking package. This also enables a debug-only # version of simple-locks on uniprocessor machines. The code size and # performance impact of this option is significant. -# +# options MACH_LDEBUG # # # @@ -603,21 +641,21 @@ options NO_KDEBUG # no kernel tracing # # options CONFIG_DTRACE # # +options LOCK_STATS # # + # kernel performance tracing options KPERF # options KPC # -options PGO # -# MACH_COUNTERS enables code that handles various counters in the system. -# -options MACH_COUNTERS # # +options PGO # # DEVELOPMENT define for development builds options DEVELOPMENT # dev kernel # # DEBUG kernel options DEBUG # general debugging code # +options CONFIG_NONFATAL_ASSERTS # non fatal asserts # ########################################################## # @@ -642,7 +680,7 @@ options MACH_BSD # BSD subsystem on top of Mach # options IOKIT # # # -# configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in +# configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in # sync with bsd/conf/MASTER until we fix the config system... todo XXX # options CONFIG_THREAD_MAX=2560 # @@ -653,12 +691,13 @@ options CONFIG_TASK_MAX=1024 # options CONFIG_TASK_MAX=768 # options CONFIG_TASK_MAX=512 # -options CONFIG_ZONE_MAP_MIN=12582912 # -options CONFIG_ZONE_MAP_MIN=6291456 # -options CONFIG_ZONE_MAP_MIN=1048576 # +# +# Minimum zone map size: 115 MB +# +options CONFIG_ZONE_MAP_MIN=120586240 # -# Sizes must be a power of two for the zhash to -# be able to just mask off bits instead of mod +# Sizes must be a power of two for the zhash to +# be able to just mask off bits instead of mod options CONFIG_ZLEAK_ALLOCATION_MAP_NUM=16384 # options CONFIG_ZLEAK_ALLOCATION_MAP_NUM=8192 # options CONFIG_ZLEAK_TRACE_MAP_NUM=8192 # @@ -676,6 +715,8 @@ options CONFIG_SCHED_GRRR # options CONFIG_SCHED_GRRR_CORE # options CONFIG_SCHED_MULTIQ # options CONFIG_SCHED_TIMESHARE_CORE # +options CONFIG_CLUTCH # +options CONFIG_SCHED_AUTO_JOIN # options CONFIG_SCHED_IDLE_IN_PLACE # options CONFIG_SCHED_SFI # @@ -696,6 +737,8 @@ options MACH_KDP # KDP # options CONFIG_SERIAL_KDP # KDP over serial # options CONFIG_KDP_INTERACTIVE_DEBUGGING # +options CONFIG_TASKWATCH +options CONFIG_USER_NOTIFICATION # # # Kernel Power On Self Tests # @@ -706,22 +749,11 @@ options CONFIG_XNUPOST # # options PROC_REF_DEBUG # -# -# Kernel OS reason debug instrumentation -# -options OS_REASON_DEBUG # - # # Kernel Voucher Attr Manager for Activity Trace # options CONFIG_ATM # -# -# Kernel Voucher Attr Manager for BANK -# -options CONFIG_BANK # - - # Group related tasks together into coalitions options CONFIG_COALITIONS # @@ -730,6 +762,10 @@ options CONFIG_SYSDIAGNOSE # # Configurable Security Restrictions options CONFIG_CSR # +options CONFIG_CSR_FROM_DT # + +# Enable collection of IO Compression statistics +options CONFIG_IO_COMPRESSION_STATS # # # Console options @@ -741,3 +777,44 @@ options VIDEO_CONSOLE # uni-directional output over framebuffer # Syscall options # options CONFIG_REQUIRES_U32_MUNGING # incoming U32 argument structures must be munged to match U64 # + +# +# copyout() instrumentation +# +options COPYOUT_SHIM # Shim for copyout memory analysis via kext # + +# +# Enable hardware correlation of mach absolute time +# across intel/arm boundary +options CONFIG_MACH_BRIDGE_SEND_TIME # # +options CONFIG_MACH_BRIDGE_RECV_TIME # # + +# +# Telemetry for 32-bit process launch +# +options CONFIG_32BIT_TELEMETRY # # + +options CONFIG_QUIESCE_COUNTER # Support for _COMM_PAGE_CPU_QUIESCENT_COUNTER # +options CONFIG_ARM_PFZ # Support for PFZ on ARM # + +# +# Sanitizers +# +options CONFIG_KASAN # +options CONFIG_UBSAN # +options CONFIG_KSANCOV # + +# dark boot support +options CONFIG_DARKBOOT # + +# support for processes delaying idle sleep for pending IO +options CONFIG_DELAY_IDLE_SLEEP # + +# support for storing a 64-bit user supplied value in the proc structure +options CONFIG_PROC_UDATA_STORAGE # + +pseudo-device ksancov 1 init ksancov_init_dev # + +# debug instrumentation to catch code that leaves interrupts masked +# for an excessive period of time +options INTERRUPT_MASKED_DEBUG #