openEuler x86 config update
Cheng Jian (2): x86/config: enable files cgroup x86/config: enable some performance or security features
arch/x86/configs/openeuler_defconfig | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I1M0WB CVE: NA
-------------------------------------------------
openEuler x86 does not support files cgroups now, containers cannot use files-limit function, ARM currently supports.
Since it causes KABI changes, now the KABI has been circumvented by commit 293d508e6e91 ("cgroup: Fix kabi broken by files_cgroup introduced") we can safely open it.
Signed-off-by: Cheng Jian cj.chengjian@huawei.com --- arch/x86/configs/openeuler_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig index 208c408c358a..5371fca7cf33 100644 --- a/arch/x86/configs/openeuler_defconfig +++ b/arch/x86/configs/openeuler_defconfig @@ -144,7 +144,7 @@ CONFIG_CGROUP_PERF=y CONFIG_CGROUP_BPF=y # CONFIG_CGROUP_DEBUG is not set CONFIG_SOCK_CGROUP_DATA=y -# CONFIG_CGROUP_FILES is not set +CONFIG_CGROUP_FILES=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y
Reviewed-by: Xie XiuQi xiexiuqi@huawei.com
On 2021/4/1 11:54, Cheng Jian wrote:
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I1M0WB CVE: NA
openEuler x86 does not support files cgroups now, containers cannot use files-limit function, ARM currently supports.
Since it causes KABI changes, now the KABI has been circumvented by commit 293d508e6e91 ("cgroup: Fix kabi broken by files_cgroup introduced") we can safely open it.
Signed-off-by: Cheng Jian cj.chengjian@huawei.com
arch/x86/configs/openeuler_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig index 208c408c358a..5371fca7cf33 100644 --- a/arch/x86/configs/openeuler_defconfig +++ b/arch/x86/configs/openeuler_defconfig @@ -144,7 +144,7 @@ CONFIG_CGROUP_PERF=y CONFIG_CGROUP_BPF=y # CONFIG_CGROUP_DEBUG is not set CONFIG_SOCK_CGROUP_DATA=y -# CONFIG_CGROUP_FILES is not set +CONFIG_CGROUP_FILES=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y
hulk inclusion category: bugfix bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=20 CVE: NA
-------------------------------------------------
Some features are recommended to enable for openEuler X86. It's good for performance or security.
enable the following features this time:
CONFIG_NUMA_AWARE_SPINLOCKS=y CONFIG_SHRINK_PAGECACHE=y CONFIG_SECURITY_PATH=y
Signed-off-by: Cheng Jian cj.chengjian@huawei.com --- arch/x86/configs/openeuler_defconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig index 5371fca7cf33..33bf7ef1707c 100644 --- a/arch/x86/configs/openeuler_defconfig +++ b/arch/x86/configs/openeuler_defconfig @@ -368,7 +368,7 @@ CONFIG_ARCH_HAS_MEM_ENCRYPT=y CONFIG_AMD_MEM_ENCRYPT=y # CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is not set CONFIG_NUMA=y -# CONFIG_NUMA_AWARE_SPINLOCKS is not set +CONFIG_NUMA_AWARE_SPINLOCKS=y CONFIG_AMD_NUMA=y CONFIG_X86_64_ACPI_NUMA=y CONFIG_NODES_SPAN_OTHER_NODES=y @@ -991,7 +991,7 @@ CONFIG_THP_SWAP=y CONFIG_TRANSPARENT_HUGE_PAGECACHE=y CONFIG_CLEANCACHE=y CONFIG_FRONTSWAP=y -# CONFIG_SHRINK_PAGECACHE is not set +CONFIG_SHRINK_PAGECACHE=y # CONFIG_CMA is not set CONFIG_MEM_SOFT_DIRTY=y CONFIG_ZSWAP=y @@ -6892,7 +6892,7 @@ CONFIG_SECURITY_NETWORK=y CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y -# CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
NUMA_AWARE_SPINLOCKS may break the compatibility, do not enable in SP1/SP2 on x86 platform.
The rest is good to me.
On 2021/4/1 11:54, Cheng Jian wrote:
hulk inclusion category: bugfix bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=20 CVE: NA
Some features are recommended to enable for openEuler X86. It's good for performance or security.
enable the following features this time:
CONFIG_NUMA_AWARE_SPINLOCKS=y CONFIG_SHRINK_PAGECACHE=y CONFIG_SECURITY_PATH=y
Signed-off-by: Cheng Jian cj.chengjian@huawei.com
arch/x86/configs/openeuler_defconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig index 5371fca7cf33..33bf7ef1707c 100644 --- a/arch/x86/configs/openeuler_defconfig +++ b/arch/x86/configs/openeuler_defconfig @@ -368,7 +368,7 @@ CONFIG_ARCH_HAS_MEM_ENCRYPT=y CONFIG_AMD_MEM_ENCRYPT=y # CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is not set CONFIG_NUMA=y -# CONFIG_NUMA_AWARE_SPINLOCKS is not set +CONFIG_NUMA_AWARE_SPINLOCKS=y CONFIG_AMD_NUMA=y CONFIG_X86_64_ACPI_NUMA=y CONFIG_NODES_SPAN_OTHER_NODES=y @@ -991,7 +991,7 @@ CONFIG_THP_SWAP=y CONFIG_TRANSPARENT_HUGE_PAGECACHE=y CONFIG_CLEANCACHE=y CONFIG_FRONTSWAP=y -# CONFIG_SHRINK_PAGECACHE is not set +CONFIG_SHRINK_PAGECACHE=y # CONFIG_CMA is not set CONFIG_MEM_SOFT_DIRTY=y CONFIG_ZSWAP=y @@ -6892,7 +6892,7 @@ CONFIG_SECURITY_NETWORK=y CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y -# CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y