board configs sync - netfilter-modules + make oldconfig

[tabrisnet]

Description

this is the result from #8661 plus executing

time for br in current legacy edge ; do time for b in rpi4b radxa-nio-12l mba8mpxl jethubj100 beaglebone-ai64 gateway-gz80x radxa-zero aml-a311d-cc aml-c400-plus aml-c400-plus khadas-vim1s odroidxu4 phytiumpi radxa-dragon-q6a oneplus-kebab bananapif3 inovato-quadra bigtreetech-cb1 bananapi bananapim2plus ; do time ./compile.sh rewrite-kernel-config PREFER_DOCKER=yes BOARD=$b BRANCH=$br RELEASE=bookworm BUILD_MINIMAL=yes KERNEL_GIT=full ;done; done

where the board list is from

for f in $(grep BOARDFAMILY -hr config/boards|cut -d = -f 2 |grep '^"' |sort -u|cut -d '"' -f 2); do grep "\"$f\"" config/boards/*|head -n 1; done|cut -d : -f 1 |cut -d / -f 3|egrep 'conf$'|cut -d . -f 1 |xargs echo

Note: I excluded community-supported & EOS boards from this list, only taking board config files ending in .conf
Additionally, I avoided vendor kernels & boards not supported by bookworm [RISC-V & loong64 were specifically called out in the rewrite-kernel-config runs].

As this is purely generated changes, there's not much to do to review it.

Below is the list of generated kernel packages, from having run builds for all of
rpi4b radxa-nio-12l mba8mpxl jethubj100 beaglebone-ai64 gateway-gz80x radxa-zero aml-a311d-cc aml-c400-plus aml-c400-plus khadas-vim1s odroidxu4 phytiumpi radxa-dragon-q6a oneplus-kebab inovato-quadra bigtreetech-cb1 bananapi bananapim2plus - note that there must be some kernel duplicates in this list.

tabris@brunnt:~/build/armbian-build$ ls output/debs/linux-image-*.deb |cut -d - -f 3-|cut -d _ -f 1|wc -l
22
tabris@brunnt:~/build/armbian-build$ ls output/debs/linux-image-*.deb |cut -d - -f 3-|cut -d _ -f 1      
current-bcm2711
current-imx8m
current-k3
current-meson64
current-odroidxu4
current-phytium-embedded
current-sm8250
current-sunxi
current-sunxi64
edge-bcm2711
edge-k3
edge-meson64
edge-odroidxu4
edge-qcs6490
edge-sm8250
edge-sunxi
edge-sunxi64
legacy-bcm2711
legacy-meson-s4t7
legacy-phytium-embedded
legacy-sunxi
legacy-sunxi64

Note that this count of 22 matches the number of files in this PR.

How Has This Been Tested?

• see above for details of kernels built & the method by which this PR was generated.
• needs a full set of builds

[coderabbitai]

Walkthrough

The PR updates multiple kernel configuration files across various SoC targets. Changes predominantly enable additional Netfilter/nftables features (XT targets/matches, NFT modules, NETLINK hooks/glue), adjust ZSWAP default zpool to ZBUD, add ZRAM memory tracking/writeback, and toggle networking features (e.g., BRIDGE=m→y in several configs, NETKIT). Some configs add HID PID/USB HIDDEV, SCTP/DCCP matches, and TI ADC drivers. Several scheduler, cgroup, and namespace options are enabled in certain targets (e.g., RT_GROUP_SCHED, NAMESPACES). A few options are removed or downgraded (e.g., AUDIT, SYSV_FS, specific drivers), with occasional reordering or module/built-in flips.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• armbian build machinery - force all iptables/nftables to be built #8661 — Also expands NETFILTER/NFT kernel config across multiple targets.
• Sunxi64: Enable more I2C, IIO, SENSORS and other misc bits #8421 — Touches I2C configuration including CONFIG_I2C_DESIGNWARE_SLAVE.
• Migrate Radxa Cubie A5E to mainline 6.16 #8447 — Modifies sunxi/sunxi64 edge kernel configs with overlapping CONFIG_* toggles.

Suggested labels

Needs review, Framework

Suggested reviewers

• rpardini
• chraac
• EvilOlaf
• igorpecovnik
• leggewie
• teknoid
• AGM1968

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title clearly and concisely summarizes the main purpose of the pull request, namely synchronizing board configuration files with updated netfilter modules and performing an oldconfig run, which aligns with the extensive generated changes in the diff.
Description Check	✅ Passed	The description directly explains how the changes were produced via a follow-up to PR #8661, details the shell commands used to regenerate configs across boards, lists the resulting packages, and notes testing status, making it clearly related to the diff.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 9

🧹 Nitpick comments (20)

config/kernel/linux-meson-s4t7-legacy.config (1)

466-466: BRIDGE=m → y: larger kernel image, earlier availability.

Looks fine if you need bridging in early boot; otherwise consider keeping as module to reduce image size.

config/kernel/linux-bcm2711-current.config (1)

877-877: I2C_DESIGNWARE_SLAVE is bool; only needed if DesignWare IP is present.

On bcm2711 it’s likely unused; consider dropping to avoid dead code. Based on learnings.

- CONFIG_I2C_DESIGNWARE_SLAVE=y
+ # (drop; inherit arch default)

config/kernel/linux-bcm2711-legacy.config (1)

827-827: I2C_SLAVE=y: enable only if you need kernel‑level I2C slave mode.

Most Pi users don’t; consider disabling to reduce attack surface.

- CONFIG_I2C_SLAVE=y
+ # CONFIG_I2C_SLAVE is not set

config/kernel/linux-meson64-edge.config (1)

2903-2905: Prefer modular HID raw/PID.

Switch HID PID/USB_HIDDEV to modules to reduce attack surface on headless devices.

Apply this diff:

-CONFIG_HID_PID=y
-CONFIG_USB_HIDDEV=y
+CONFIG_HID_PID=m
+CONFIG_USB_HIDDEV=m

config/kernel/linux-sm8250-edge.config (2)

288-291: WEXT compat kept — consider optional drop.

Deprecated; consider disabling on images where legacy tools aren’t required.

-CONFIG_CFG80211_WEXT=y
+# Legacy WEXT off unless required:
+# CONFIG_CFG80211_WEXT is not set

---

695-695: HID/USB HIDDEV: make modular.

Prefer modules to minimize always‑on attack surface.

-CONFIG_HID_LOGITECH=m
-CONFIG_USB_HIDDEV=y
+CONFIG_HID_LOGITECH=m
+CONFIG_USB_HIDDEV=m

Also applies to: 703-703

config/kernel/linux-sunxi-current.config (1)

550-555: Disable firmware userhelper fallback; it’s long-deprecated and risky.

UEVENT_HELPER and FW_LOADER_USER_HELPER_FALLBACK can stall boot and are discouraged by upstream. Let udev handle firmware normally.

Apply:

-CONFIG_UEVENT_HELPER=y
-CONFIG_FW_LOADER_USER_HELPER=y
-CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y
+# CONFIG_UEVENT_HELPER is not set
+# CONFIG_FW_LOADER_USER_HELPER is not set
+# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set

Based on learnings

config/kernel/linux-odroidxu4-edge.config (3)

75-75: Enabling ZSWAP is fine; consider zpool default (avoid ZBUD on new trees).

You didn’t pin a zpool here. That’s OK; kernel defaults apply. If you plan to set one, prefer ZSMALLOC over ZBUD on 6.13+.

---

525-526: WEXT=y is legacy; keep only if needed by userspace.

Wireless Extensions are deprecated; cfg80211/nl80211 is preferred. If no driver/tool needs WEXT, drop it.

Apply:

-CONFIG_CFG80211_WEXT=y
+# CONFIG_CFG80211_WEXT is not set

---

1632-1635: USB HID/HIDDEV enablement: OK; ensure no size regressions for minimal images.

HIDDEV can be large with many HID quirks. If image size becomes a concern, consider modules over built‑ins.

config/kernel/linux-sunxi64-current.config (1)

399-401: BRIDGE=m → y: check for consistency across families.

Built‑in bridge can’t be unloaded and slightly increases core image. If there’s no early‑boot bridge dependency, keeping it modular may reduce image size.

-CONFIG_BRIDGE=y
+CONFIG_BRIDGE=m

config/kernel/linux-phytium-embedded-legacy.config (1)

935-941: Numerous TEST/DEBUG options are enabled across files; consider trimming for minimal images.

Given BUILD_MINIMAL=yes was used to regenerate, disabling kernel selftests/debug where not needed can reduce image size and build time.

Would you like a follow‑up patch that turns off CONFIG_TEST_* and heavy DEBUG options across these configs?

config/kernel/linux-sunxi-edge.config (3)

584-584: ZRAM memory tracking enabled

This adds small overhead. If not needed for field debugging, consider disabling to trim.

---

2065-2066: HID PID and USB_HIDDEV set to =y — consider =m

These expose legacy user interfaces; recommending modules to reduce attack surface and image size unless you need them very early.

-CONFIG_HID_PID=y
-CONFIG_USB_HIDDEV=y
+CONFIG_HID_PID=m
+CONFIG_USB_HIDDEV=m

---

240-240: Remove unused DCCP/SCTP xt matches: neither CONFIG_IP_DCCP nor CONFIG_IP_SCTP are set in config/kernel/linux-sunxi-edge.config (rg returned no matches), so CONFIG_NETFILTER_XT_MATCH_DCCP (line 240) and …_SCTP (line 264) never build—drop them to reduce image size.

config/kernel/linux-sunxi64-edge.config (3)

241-241: XT_MATCH_IPVS — confirm IPVS usage

Great if IPVS is in use; otherwise can be removed to slim.

---

547-549: WEXT and mac80211 mesh enabled

WEXT is deprecated; keep only if legacy userspace requires it. Mesh is fine if used.

---

1931-1933: HID PID + USB_HIDDEV=y — prefer modules

Same reasoning as sunxi-edge; suggest =m unless needed at boot.

-CONFIG_HID_PID=y
-CONFIG_USB_HIDDEV=y
+CONFIG_HID_PID=m
+CONFIG_USB_HIDDEV=m

config/kernel/linux-k3-current.config (1)

97-99: ZSWAP_ZBUD default is deprecated upstream

ZBUD is deprecated (removed in newer kernels). Drop the default to avoid forward-incompatibility; let zpool default to zsmalloc.

 CONFIG_ZSWAP=y
-CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y

Based on learnings

config/kernel/linux-phytium-embedded-current.config (1)

132-155: Prune unused DCCP/SCTP xt matches
Detected CONFIG_NETFILTER_XT_MATCH_DCCP=m (line 162) and CONFIG_NETFILTER_XT_MATCH_SCTP=m (line 188) without any CONFIG_IP_DCCP/SCTP entries—safely remove these to slim down the build.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 83ccbbf and 4296a59.

📒 Files selected for processing (22)

• config/kernel/linux-bcm2711-current.config (3 hunks)
• config/kernel/linux-bcm2711-edge.config (6 hunks)
• config/kernel/linux-bcm2711-legacy.config (4 hunks)
• config/kernel/linux-k3-current.config (10 hunks)
• config/kernel/linux-k3-edge.config (7 hunks)
• config/kernel/linux-meson-s4t7-legacy.config (3 hunks)
• config/kernel/linux-meson64-current.config (5 hunks)
• config/kernel/linux-meson64-edge.config (10 hunks)
• config/kernel/linux-odroidxu4-current.config (2 hunks)
• config/kernel/linux-odroidxu4-edge.config (7 hunks)
• config/kernel/linux-phytium-embedded-current.config (8 hunks)
• config/kernel/linux-phytium-embedded-legacy.config (8 hunks)
• config/kernel/linux-qcs6490-edge.config (1 hunks)
• config/kernel/linux-sm8250-current.config (6 hunks)
• config/kernel/linux-sm8250-edge.config (8 hunks)
• config/kernel/linux-sunxi-current.config (6 hunks)
• config/kernel/linux-sunxi-edge.config (11 hunks)
• config/kernel/linux-sunxi-legacy.config (4 hunks)
• config/kernel/linux-sunxi64-current.config (7 hunks)
• config/kernel/linux-sunxi64-edge.config (15 hunks)
• config/kernel/linux-sunxi64-legacy.config (4 hunks)
• config/kernel/linux-tqma-current.config (10 hunks)

🧰 Additional context used

🧠 Learnings (19)

📓 Common learnings

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

📚 Learning: 2025-08-30T04:13:16.457Z

Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

• config/kernel/linux-sunxi64-legacy.config
• config/kernel/linux-odroidxu4-current.config
• config/kernel/linux-sunxi-legacy.config
• config/kernel/linux-bcm2711-current.config
• config/kernel/linux-sm8250-current.config
• config/kernel/linux-bcm2711-legacy.config
• config/kernel/linux-meson64-current.config
• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-tqma-current.config
• config/kernel/linux-bcm2711-edge.config
• config/kernel/linux-sunxi64-current.config
• config/kernel/linux-phytium-embedded-legacy.config
• config/kernel/linux-odroidxu4-edge.config
• config/kernel/linux-k3-current.config
• config/kernel/linux-sunxi64-edge.config
• config/kernel/linux-sunxi-current.config
• config/kernel/linux-phytium-embedded-current.config

📚 Learning: 2025-07-27T15:53:30.629Z

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:805-825
Timestamp: 2025-07-27T15:53:30.629Z
Learning: In the Armbian build system, kernel configurations prioritize broad hardware compatibility over optimization concerns. Even when including numerous legacy/obsolete drivers causes technical issues like increased initramfs size and slower enumeration, the project philosophy is to "appease the masses" by ensuring maximum device compatibility rather than optimizing for specific use cases.

Applied to files:

• config/kernel/linux-sunxi64-legacy.config

📚 Learning: 2025-08-30T06:56:33.372Z

Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

• config/kernel/linux-sunxi64-legacy.config
• config/kernel/linux-sm8250-current.config
• config/kernel/linux-bcm2711-legacy.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-sunxi64-current.config
• config/kernel/linux-odroidxu4-edge.config

📚 Learning: 2025-07-19T00:03:42.995Z

Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

• config/kernel/linux-sunxi64-legacy.config
• config/kernel/linux-sunxi-legacy.config
• config/kernel/linux-sm8250-current.config
• config/kernel/linux-meson64-current.config
• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-k3-edge.config
• config/kernel/linux-tqma-current.config
• config/kernel/linux-sunxi64-current.config
• config/kernel/linux-odroidxu4-edge.config
• config/kernel/linux-k3-current.config
• config/kernel/linux-sunxi-current.config

📚 Learning: 2025-09-14T06:19:06.828Z

Learnt from: amazingfate
PR: armbian/build#8619
File: config/kernel/linux-rockchip-vendor.config:0-0
Timestamp: 2025-09-14T06:19:06.828Z
Learning: CONFIG_ZSWAP has an implicit kernel-level dependency on CONFIG_SWAP, so when CONFIG_ZSWAP=y is set in Armbian overlay configs, CONFIG_SWAP gets automatically enabled during kernel build configuration processing, even if not explicitly specified in the overlay file.

Applied to files:

• config/kernel/linux-sunxi64-legacy.config
• config/kernel/linux-sunxi-legacy.config
• config/kernel/linux-sm8250-current.config
• config/kernel/linux-meson-s4t7-legacy.config
• config/kernel/linux-bcm2711-legacy.config
• config/kernel/linux-meson64-current.config
• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-k3-edge.config
• config/kernel/linux-tqma-current.config
• config/kernel/linux-bcm2711-edge.config
• config/kernel/linux-sunxi64-current.config
• config/kernel/linux-phytium-embedded-legacy.config
• config/kernel/linux-odroidxu4-edge.config
• config/kernel/linux-k3-current.config
• config/kernel/linux-sunxi64-edge.config
• config/kernel/linux-sunxi-current.config
• config/kernel/linux-phytium-embedded-current.config

📚 Learning: 2025-07-26T11:17:56.870Z

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:1058-1061
Timestamp: 2025-07-26T11:17:56.870Z
Learning: I2C_DESIGNWARE_SLAVE is a bool configuration option in Linux kernel Kconfig, not tristate. This means it can only be set to 'y' (enabled) or 'n' (disabled), never 'm' (module). When enabled, the slave functionality is compiled into the I2C_DESIGNWARE_CORE driver, regardless of whether the core driver is built-in or as a module.

Applied to files:

• config/kernel/linux-bcm2711-current.config
• config/kernel/linux-bcm2711-legacy.config
• config/kernel/linux-bcm2711-edge.config
• config/kernel/linux-sunxi64-edge.config

📚 Learning: 2025-07-26T11:14:41.697Z

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:82-83
Timestamp: 2025-07-26T11:14:41.697Z
Learning: In Linux kernel 6.13 and later, CONFIG_ZBUD was deprecated and is scheduled for removal in kernel 6.15. The zbud compressed page allocator was found to consume more memory than alternatives like zsmalloc. Therefore, CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD becomes obsolete in current kernels, and make defconfig will auto-correct by removing such deprecated options. This demonstrates how kernel defconfigs can be backwards compatible but not forward compatible.

Applied to files:

• config/kernel/linux-sm8250-current.config
• config/kernel/linux-meson64-current.config
• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-k3-edge.config
• config/kernel/linux-tqma-current.config
• config/kernel/linux-bcm2711-edge.config
• config/kernel/linux-sunxi64-current.config
• config/kernel/linux-odroidxu4-edge.config
• config/kernel/linux-k3-current.config
• config/kernel/linux-sunxi64-edge.config
• config/kernel/linux-sunxi-current.config

📚 Learning: 2025-07-19T00:03:42.995Z

Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

• config/kernel/linux-sm8250-current.config
• config/kernel/linux-meson64-current.config
• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-sunxi64-current.config
• config/kernel/linux-odroidxu4-edge.config
• config/kernel/linux-k3-current.config
• config/kernel/linux-sunxi-current.config

📚 Learning: 2025-07-27T13:03:53.146Z

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:2664-2671
Timestamp: 2025-07-27T13:03:53.146Z
Learning: In Linux kernel configuration for the Armbian build system, when CONFIG_EXT2_FS and CONFIG_EXT3_FS are both set to =y (built-in), CONFIG_EXT4_FS is automatically enabled/hard-coded and does not need to be explicitly specified in the configuration file. This dependency relationship means that EXT4 support is implicitly included when EXT2 and EXT3 are built into the kernel.

Applied to files:

• config/kernel/linux-sm8250-current.config
• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-tqma-current.config
• config/kernel/linux-phytium-embedded-legacy.config
• config/kernel/linux-odroidxu4-edge.config
• config/kernel/linux-phytium-embedded-current.config

📚 Learning: 2025-07-27T13:03:53.146Z

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:2664-2671
Timestamp: 2025-07-27T13:03:53.146Z
Learning: In the Armbian build system's kernel configuration, when CONFIG_EXT2_FS=y and CONFIG_EXT3_FS=y are both set to built-in, EXT4 filesystem support becomes automatically available/hard-coded without requiring an explicit CONFIG_EXT4_FS line in the configuration file. This is specific to how Armbian handles kernel configuration and differs from typical standalone Linux kernel configuration behavior.

Applied to files:

• config/kernel/linux-sm8250-current.config
• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-tqma-current.config
• config/kernel/linux-bcm2711-edge.config
• config/kernel/linux-phytium-embedded-legacy.config
• config/kernel/linux-odroidxu4-edge.config
• config/kernel/linux-phytium-embedded-current.config

📚 Learning: 2025-07-27T15:54:35.119Z

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:2168-2173
Timestamp: 2025-07-27T15:54:35.119Z
Learning: In the Armbian build system, staging 802.11 drivers like CONFIG_RTLLIB, CONFIG_RTL8192E, CONFIG_R8712U are kept enabled alongside upstream rtw88 drivers because rtw88 is still under development and suffers from reliability issues. The staging drivers serve as necessary fallbacks when upstream drivers are unstable, prioritizing working hardware over avoiding technical conflicts.

Applied to files:

• config/kernel/linux-meson64-current.config
• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-odroidxu4-edge.config
• config/kernel/linux-sunxi64-edge.config

📚 Learning: 2025-07-22T07:02:58.863Z

Learnt from: igorpecovnik
PR: armbian/build#8408
File: lib/functions/compilation/patch/drivers_network.sh:258-260
Timestamp: 2025-07-22T07:02:58.863Z
Learning: In the Armbian build system, RTL8811CU/RTL8821C wireless driver deprecation starting with kernel 6.12+ is not due to build failures but because support is being integrated into the upstream RTW88 driver. The deprecated drivers still build and function correctly during the transition period.

Applied to files:

• config/kernel/linux-meson64-current.config
• config/kernel/linux-odroidxu4-edge.config

📚 Learning: 2025-08-11T22:00:13.411Z

Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sunxi64-edge.config

📚 Learning: 2025-03-31T12:57:13.880Z

Learnt from: libiunc
PR: armbian/build#8033
File: config/kernel/linux-starfive2-vendor.config:43-43
Timestamp: 2025-03-31T12:57:13.880Z
Learning: For StarFive2 platform kernel configurations, maintain alignment with vendor-provided configurations rather than modifying security settings like SECCOMP. This ensures hardware compatibility as intended by the manufacturer.

Applied to files:

• config/kernel/linux-meson64-edge.config
• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sm8250-edge.config
• config/kernel/linux-k3-current.config

📚 Learning: 2025-07-15T21:09:23.252Z

Learnt from: pyavitz
PR: armbian/build#8383
File: config/kernel/linux-sunxi64-edge.config:57-64
Timestamp: 2025-07-15T21:09:23.252Z
Learning: In Linux kernel configuration, when CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y is set, the ondemand governor is implicitly enabled by default, making the explicit CONFIG_CPU_FREQ_GOV_ONDEMAND=y line redundant. The make menuconfig tool automatically removes such redundant lines. This behavior applies to CPU frequency governor configurations in general - setting a default governor automatically enables that governor.

Applied to files:

• config/kernel/linux-sunxi-edge.config
• config/kernel/linux-sunxi64-current.config
• config/kernel/linux-sunxi-current.config

📚 Learning: 2025-07-27T15:56:34.414Z

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

• config/kernel/linux-k3-edge.config
• config/kernel/linux-tqma-current.config
• config/kernel/linux-phytium-embedded-legacy.config
• config/kernel/linux-phytium-embedded-current.config

📚 Learning: 2025-07-22T07:03:01.165Z

Learnt from: igorpecovnik
PR: armbian/build#8408
File: lib/functions/compilation/patch/drivers_network.sh:303-305
Timestamp: 2025-07-22T07:03:01.165Z
Learning: RTL88x2bu driver support is being integrated into the mainline RTW88 driver, which is why the out-of-tree RTL88x2bu driver is being deprecated starting with kernel 6.12+. The external driver still builds and functions, but the deprecation is due to upstream mainline support becoming available.

Applied to files:

• config/kernel/linux-odroidxu4-edge.config

📚 Learning: 2025-09-22T21:52:01.225Z

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

• config/kernel/linux-k3-current.config

🔇 Additional comments (90)

config/kernel/linux-meson-s4t7-legacy.config (2)

29-29: RT_GROUP_SCHED=y may impact RT latency.

If you have latency‑sensitive workloads, verify scheduling behavior didn’t regress with cgroups enabled.

---

722-723: ZRAM writeback + memory tracking enabled.

Good for diagnostics; slight overhead at high alloc rates—monitor before rolling widely.

config/kernel/linux-bcm2711-current.config (2)

184-184: Enable netfilter ctnetlink glue (GLUE_CT).

Good addition for nft/ct interoperability.

---

218-218: Confirm CONFIG_AUDIT=y
linux-bcm2711-current.config defines CONFIG_NETFILTER_XT_TARGET_AUDIT=m but contains no CONFIG_AUDIT entry; ensure CONFIG_AUDIT=y is set so the xt_AUDIT target can build.

config/kernel/linux-bcm2711-legacy.config (3)

167-167: Enable netfilter ctnetlink glue (GLUE_CT).

Matches “current”; OK.

---

524-524: ZRAM memory tracking.

Reasonable for debugging; minor overhead acknowledged.

---

191-200: Ensure audit support for xt_AUDIT The fragment sets CONFIG_NETFILTER_XT_TARGET_AUDIT=m but does not enable CONFIG_AUDIT; confirm CONFIG_AUDIT=y in the final kernel config so the xt_AUDIT module can build.

config/kernel/linux-qcs6490-edge.config (1)

369-369: xt_sctp requires SCTP core support
I didn’t find any CONFIG_SCTP or CONFIG_IP_SCTP entries in config/kernel/linux-qcs6490-edge.config—please verify that one of these is enabled so xt_sctp can build/load correctly.

config/kernel/linux-meson64-edge.config (8)

62-62: RANDOMIZE_BASE re‑enablement looks good.

Keeps KASLR on edge; no concerns.

---

270-270: Netfilter: DCCP/SCTP matches added as modules — OK.

Matches PR goal to broaden nft/xt coverage without bloating vmlinux.

Also applies to: 294-294

---

429-431: BRIDGE built‑in: verify early‑boot and size impact.

Built‑in bridge simplifies container/ovs setups; please confirm no initramfs/size regressions on low‑RAM boards.

---

691-691: ZRAM memory tracking enabled — OK.

Useful for diagnostics; pairs well with writeback.

---

812-812: NETKIT=y — OK; confirm kernel baseline.

Valid on 6.12+; just ensure all “edge” targets here are ≥6.12.

---

2394-2394: DRM_SIMPLEDRM=m — good default.

Improves early display bring‑up without SoC‑specific DRM.

---

3511-3517: ADC drivers added — OK.

Harmless, gated by DT; no objections.

---

3952-3953: Hardened usercopy/fortify — good hardening.

No further action.

config/kernel/linux-meson64-current.config (3)

63-63: RANDOMIZE_BASE re‑enablement — OK.

---

434-435: BRIDGE built‑in: verify impact.

Same note as edge: validate image size/boot on small systems.

---

695-695: ZRAM tracking + NETKIT — OK; confirm baseline ≥6.12.

Also applies to: 816-816

config/kernel/linux-sm8250-edge.config (5)

93-142: Broad Netfilter/NFT/XT expansion — looks right.

Aligns with “netfilter‑modules” objective; all as modules; no red flags.

Also applies to: 144-207, 220-258, 260-270, 286-291

---

386-387: NETKIT=y — OK.

Matches other targets; no issues.

---

945-952: Keys/AppArmor enablement — good hardening.

Also applies to: 949-949

---

984-985: DWARF5/BTF debug — confirm package split.

These inflate build size; ensure debug info is stripped/split in packages.

---

916-917: BTRFS POSIX ACL — OK.

config/kernel/linux-sm8250-current.config (4)

91-205: Netfilter/NFT/XT coverage — LGTM.

Matches PR intent; modules only; no conflicts spotted.

Also applies to: 206-258, 254-257

---

382-383: NETKIT=y — OK.

---

950-956: Persistent keyrings + AppArmor — good defaults.

---

989-991: BTF/DWARF5 — verify packaging size.

config/kernel/linux-tqma-current.config (7)

20-21: Enable CFS bandwidth and RT group sched — OK.

Improves cgroup QoS controls; sane defaults.

---

85-85: Block throttling enabled — OK.

---

100-101: Expanded Netfilter/NFT/XT set — LGTM.

Consistent with PR goals; all modular.

Also applies to: 116-171, 216-269

---

364-366: ZRAM writeback + tracking — OK.

Useful on memory‑constrained boards.

---

396-405: DUMMY/IPVLAN/VXLAN + NETKIT — OK.

Common for container/overlay networking.

---

986-986: EXT4 security option — OK.

---

1014-1018: Persistent keyrings + AppArmor — good.

config/kernel/linux-sunxi-current.config (3)

204-205: Netfilter additions look consistent with nftables/iptables-compat.

Adding NFT_SYNPROXY, XT_NOTRACK, IP6_NF_SECURITY, and bridge meta is aligned with the PR goal to broaden nft/xt coverage. No issues spotted.

Please confirm you intend to keep both nftables and xtables targets enabled for legacy scripts.

Also applies to: 225-226, 357-363

---

586-587: ZRAM writeback/memory tracking: good call.

Helps with low‑RAM SBCs and doesn’t force runtime behavior.

---

677-678: NETKIT=y is valid on modern kernels.

Enabling NETKIT is fine and matches other families in this PR.

Based on learnings

config/kernel/linux-odroidxu4-edge.config (4)

460-461: NET_EMATCH_IPT addition is OK.

Complements tc flower/cls and ipt matching; no concern.

---

545-546: ZRAM memory tracking: good.

Matches the PR’s memory improvements.

---

631-632: NETKIT=y: good and consistent.

No issues.

Based on learnings

---

2091-2094: Persistent keyrings and DH ops: good for TPM/SSSD/PKI use.

No issues.

config/kernel/linux-sunxi64-current.config (3)

212-212: Netfilter: NFT_SYNPROXY and XT_NOTRACK are fine.

This broadens nft/xt parity. Keep both only if legacy iptables rules are expected.

Also applies to: 234-234

---

633-634: ZRAM tracking and NETKIT: good.

Matches PR intent; valid on modern kernels.

Based on learnings

Also applies to: 723-724

---

942-942: KEYBOARD_SUN4I_LRADC=m duplication in PR text; final state here is m.

Just a sanity check: ensure there’s no conflicting line elsewhere in this overlay.

config/kernel/linux-k3-edge.config (3)

119-176: Large netfilter/nftables expansion LGTM.

Comprehensive and aligned with PR goal. No conflicting selections detected.

Also applies to: 221-236, 247-273

---

394-403: DUMMY/IPVLAN/VXLAN additions: sensible defaults.

Good coverage for virtualization/container scenarios.

---

1049-1051: Persistent keyrings/Encrypted keys/DH ops: good.

Matches security posture across other families.

config/kernel/linux-phytium-embedded-legacy.config (5)

16-17: CFS_BANDWIDTH/RT_GROUP_SCHED/CGROUP_BPF: OK.

Enables throttling and BPF in cgroups; consistent with other families.

Also applies to: 19-19, 25-25

---

87-87: Block throttling enabled: good for multi‑tenant IO control.

No issues.

---

100-107: Netfilter/iptables/nftables suite expansion LGTM.

Broad, consistent with PR objective; no conflicting symbols noted.

Also applies to: 109-209, 210-221, 222-237, 231-232, 251-258, 259-261

---

355-358: ZRAM writeback/memory tracking enabled: good.

Matches memory improvements elsewhere.

---

873-873: Security: EXT4 security labels and keyrings.

Appropriate for SELinux/AppArmor use; OK.

Also applies to: 912-915

config/kernel/linux-sunxi-edge.config (8)

201-206: nft SYNPROXY and netdev NFT bits — looks good

Adds missing nft SYNPROXY and related netdev features consistent with the PR objective to expand nftables coverage.

---

222-222: XT NOTRACK added — OK for legacy iptables users

Keeps legacy parity while nftables is present; safe as a module.

---

356-356: IP6_NF_SECURITY enabled

Fine if you want LSM security labeling via ip6tables; confirm userspace actually relies on it.

---

361-363: NFT_BRIDGE_META added — OK

Bridge metadata support aligns with nft bridge usage.

---

675-675: NETKIT=y — OK

Valid in modern kernels and matches networking goals.

---

1573-1573: simpledrm built as module — check early console needs

On some boards, simpledrm built-in can improve early boot console. Please confirm no regression in boot output/splash.

---

2513-2515: TI ADC drivers added — OK

Harmless as modules; consistent with broad sensor support.

---

2832-2834: FORTIFY_SOURCE and HARDENED_USERCOPY — good hardening

No issues.

config/kernel/linux-sunxi64-edge.config (5)

149-149: NETFILTER_NETLINK_HOOK=m — OK

Needed by nft hooks; good.

---

201-216: IP set + NOTRACK — OK

Matches objective to extend iptables/nftables coverage; modular is right.

---

218-220: XT TRACE/SECMARK — OK

Useful for debugging and SELinux/AppArmor labeling; fine as modules.

---

2802-2803: DWARF5/BTF debug info — verify image size/time

Enabling both can increase build time and package size. Fine for edge/dev, but confirm CI and mirrors are OK.

---

615-617: MTD_CMDLINE_PARTS may remain a module. Search of all sunxi64 board configs and U-Boot boot scripts shows no use of “mtdparts,” so early cmdline partition parsing isn’t required.

config/kernel/linux-k3-current.config (12)

20-20: cgroup RT and namespaces — OK

Good additions for containerized workloads.

Also applies to: 29-29

---

121-156: NETFILTER_NETLINK_HOOK and nft core block — OK

Matches goal to expand nftables; good as modules.

---

156-221: XT targets/matches set — OK

Broad compatibility set; sensible as modules.

---

235-237: IPv4 nft dup/fib — OK

Keeps nft parity; fine.

---

244-271: IPv4/IPv6 iptables extras — OK

Netmap/NPT/SYNPROXY etc. aligned with objective.

---

272-274: nft bridge meta/reject — OK

Bridge stack ready for nft.

---

429-429: NETKIT=y — OK

Consistent with other platforms.

---

698-698: Display panels toggled — OK

Harmless panel coverage as modules.

Also applies to: 709-717

---

741-741: simpledrm=m — verify early console

As with sunxi, check early boot console isn’t impacted.

---

753-754: FB_SIMPLE=m — verify boot text

If firmware/bootloader relies on simplefb for early console, consider built-in.

---

1032-1034: Keyrings/keys enabled — OK

Required for AppArmor/FS-verity workflows.

---

951-951: TI_SCI_PM_DOMAINS=y — OK

Power domains support is desirable on K3.

config/kernel/linux-phytium-embedded-current.config (12)

20-21: CFS bandwidth/RT and block throttling — OK

Useful knobs for multi-tenant/server-like setups.

Also applies to: 75-75

---

87-93: XFRM user + ESP=m — OK

Good for IPSec userspace.

---

96-131: NETFILTER_NETLINK_HOOK and nftables core — OK

Aligns with nftables expansion; modularization is right.

---

197-204: IP sets — OK

Needed for ipset-based workflows.

---

209-211: IPv4 nft dup/fib + ARP — OK

All good.

---

218-221: IPv4/IPv6 iptables extras + nft bridge — OK

Consistent with objective.

Also applies to: 223-245, 246-247

---

264-269: cls_cgroup and act_ipt — OK

Enables tc integration with iptables; fine.

---

273-273: CGROUP_NET_PRIO=y — OK

Matches cgroup telemetry goals.

---

353-355: ZRAM writeback/memory tracking — OK

Expected for constrained devices; keep if you rely on diagnostics.

---

385-393: Dummy/IPvLAN/VXLAN toggles — OK

Reasonable defaults for virtualization/L2 overlays.

---

1079-1081: Keyrings/keys + AppArmor — OK

Security posture improved; no issues.

Also applies to: 1082-1082

---

1044-1044: Verify EXT4 is enabled in the merged kernel config
Overlay shows ext4 security xattrs enabled, but there’s no explicit CONFIG_EXT4_FS=y. Confirm that EXT4 support is present in the final .config post-merge.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fix incompatible CONFIG_I2C_DESIGNWARE_SLAVE selection.

CONFIG_I2C_DESIGNWARE_SLAVE is a bool that depends on CONFIG_I2C_DESIGNWARE_CORE being built-in. With the core still set to m, Kconfig will silently drop this to n, so the intended slave support never lands. Please either make the core built-in or drop the slave option from the overlay to avoid the ineffective setting.

-CONFIG_I2C_DESIGNWARE_CORE=m
-CONFIG_I2C_DESIGNWARE_SLAVE=y
+CONFIG_I2C_DESIGNWARE_CORE=y
+CONFIG_I2C_DESIGNWARE_SLAVE=y

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	CONFIG_I2C_DESIGNWARE_CORE=m
	CONFIG_I2C_DESIGNWARE_SLAVE=y
	CONFIG_I2C_GPIO=m
	CONFIG_I2C_DESIGNWARE_CORE=y
	CONFIG_I2C_DESIGNWARE_SLAVE=y
	CONFIG_I2C_GPIO=m

🤖 Prompt for AI Agents

In config/kernel/linux-bcm2711-edge.config around lines 859 to 861,
CONFIG_I2C_DESIGNWARE_SLAVE is set to 'y' while CONFIG_I2C_DESIGNWARE_CORE is
'm', which makes the slave selection invalid and will be dropped; either change
CONFIG_I2C_DESIGNWARE_CORE to built-in (CONFIG_I2C_DESIGNWARE_CORE=y) so the
slave option can be enabled, or remove/reset CONFIG_I2C_DESIGNWARE_SLAVE from
the config/overlay so it does not attempt an ineffective 'y' selection.

[tabrisnet]

Note that this, with all of the other files in this PR, are from taking the previous version of this file, then making the scripted changes [from #8611] in armbian-kernel.sh, then running the kernel's make oldconfig, then processed by the Armbian machinery back into the config/kernel files. So errors such as you suggest are improbable.

[coderabbitai]

@tabrisnet Thank you for the important clarification! You're absolutely right, and I apologize for the incorrect assessment.

I had misunderstood how CONFIG_I2C_DESIGNWARE_SLAVE works. Looking at the context more carefully, this bool option gets compiled into the I2C_DESIGNWARE_CORE driver regardless of whether the core driver is built-in or as a module. The make oldconfig process would have properly resolved any dependency issues during the automated generation.

Your explanation of the process (previous config → scripted changes from #8661 → make oldconfig → Armbian processing) makes perfect sense, and such automated tooling would indeed handle these kernel configuration dependencies correctly.

I appreciate you taking the time to explain the automated nature of these configuration changes - it's valuable context for understanding how these files are generated and maintained.

🐰💭

---

✏️ Learnings added

Learnt from: tabrisnet
PR: armbian/build#8678
File: config/kernel/linux-bcm2711-edge.config:859-861
Timestamp: 2025-09-27T21:47:57.932Z
Learning: In the Armbian build system, kernel configuration files in config/kernel/ are generated through an automated process: taking previous config → applying scripted changes from armbian-kernel.sh → running kernel's `make oldconfig` → processing by Armbian machinery back into config files. This automated process properly handles kernel configuration dependencies and reduces the likelihood of manual configuration errors.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:1058-1061
Timestamp: 2025-07-26T11:17:56.870Z
Learning: I2C_DESIGNWARE_SLAVE is a bool configuration option in Linux kernel Kconfig, not tristate. This means it can only be set to 'y' (enabled) or 'n' (disabled), never 'm' (module). When enabled, the slave functionality is compiled into the I2C_DESIGNWARE_CORE driver, regardless of whether the core driver is built-in or as a module.

---

Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

---

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

---

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

---

Learnt from: EvilOlaf
PR: armbian/build#8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

---

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid ZBUD default; prefer ZSMALLOC for ZSWAP.

To future‑proof against 6.13+:

-CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y
+CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y

Based on learnings

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	CONFIG_ZSWAP=y
	CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y
	# CONFIG_COMPAT_BRK is not set
	CONFIG_ZSWAP=y
	CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y
	# CONFIG_COMPAT_BRK is not set

🤖 Prompt for AI Agents

In config/kernel/linux-k3-edge.config around lines 97-99, the zswap default is
set to ZBUD which is discouraged for future kernels; remove or unset
CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD and set the zswap zpool default to ZSMALLOC
instead (i.e., ensure CONFIG_ZSWAP remains enabled and enable the
CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC option or equivalent Kconfig choice for
zsmalloc).

[tabrisnet]

Note that this, with all of the other files in this PR, are from taking the previous version of this file, then making the scripted changes [from #8611] in armbian-kernel.sh, then running the kernel's make oldconfig, then processed by the Armbian machinery back into the config/kernel files.

[coderabbitai]

@tabrisnet, thank you for the clarification about the automated process. I understand now that these configuration changes result from the systematic workflow: previous config → scripted changes from armbian-kernel.sh → make oldconfig → Armbian processing.

Given that this is an automated process using make oldconfig (which preserves existing settings rather than auto-correcting deprecated options like make defconfig would), my suggestion about manually changing the ZBUD setting may not be directly applicable to this workflow. The automated process you've described is the proper approach for maintaining kernel configurations across multiple boards while ensuring dependencies are handled correctly.

I appreciate you providing this context about the generation process - it's important to understand that these aren't manual configuration decisions but rather the output of Armbian's established kernel configuration management system.

ʕ •ᴥ•ʔ

---

✏️ Learnings added

Learnt from: tabrisnet
PR: armbian/build#8678
File: config/kernel/linux-k3-edge.config:97-99
Timestamp: 2025-09-27T21:49:27.179Z
Learning: make oldconfig preserves existing deprecated kernel options and only prompts for new configuration options, unlike make defconfig which would auto-correct by removing deprecated options. This explains why deprecated options like CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD might persist through the automated Armbian kernel configuration generation process.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:82-83
Timestamp: 2025-07-26T11:14:41.697Z
Learning: In Linux kernel 6.13 and later, CONFIG_ZBUD was deprecated and is scheduled for removal in kernel 6.15. The zbud compressed page allocator was found to consume more memory than alternatives like zsmalloc. Therefore, CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD becomes obsolete in current kernels, and make defconfig will auto-correct by removing such deprecated options. This demonstrates how kernel defconfigs can be backwards compatible but not forward compatible.

---

Learnt from: amazingfate
PR: armbian/build#8619
File: config/kernel/linux-rockchip-vendor.config:0-0
Timestamp: 2025-09-14T06:19:06.828Z
Learning: CONFIG_ZSWAP has an implicit kernel-level dependency on CONFIG_SWAP, so when CONFIG_ZSWAP=y is set in Armbian overlay configs, CONFIG_SWAP gets automatically enabled during kernel build configuration processing, even if not explicitly specified in the overlay file.

---

Learnt from: amazingfate
PR: armbian/build#8619
File: config/kernel/linux-rockchip-vendor.config:0-0
Timestamp: 2025-09-14T06:19:06.828Z
Learning: CONFIG_ZSWAP has an implicit kernel-level dependency on CONFIG_SWAP, so when CONFIG_ZSWAP=y is set in Armbian overlay configs, CONFIG_SWAP gets automatically enabled during kernel build configuration processing, even if not explicitly specified in the overlay file.

---

Learnt from: tabrisnet
PR: armbian/build#8678
File: config/kernel/linux-bcm2711-edge.config:859-861
Timestamp: 2025-09-27T21:47:57.932Z
Learning: In the Armbian build system, kernel configuration files in config/kernel/ are generated through an automated process: taking previous config → applying scripted changes from armbian-kernel.sh → running kernel's `make oldconfig` → processing by Armbian machinery back into config files. This automated process properly handles kernel configuration dependencies and reduces the likelihood of manual configuration errors.

---

Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

---

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don’t pin ZSWAP to deprecated ZBUD.

ZBUD is deprecated in recent kernels and is memory‑inefficient vs zsmalloc. Let kernel default (zsmalloc) or set ZSMALLOC explicitly; avoid ZBUD.

-CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y
+# Prefer kernel default (zsmalloc) or explicitly:
+# CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y
	# Prefer kernel default (zsmalloc) or explicitly:
	# CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y

🤖 Prompt for AI Agents

In config/kernel/linux-meson64-current.config around line 101, the config pins
ZSWAP to the deprecated ZBUD backend (CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y); remove
that line or replace it with CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y (or simply
unset the explicit zpool choice so the kernel uses the default zsmalloc) to
avoid using the deprecated, less-efficient zbud backend.

[tabrisnet]

Note that this, with all of the other files in this PR, are from taking the previous version of this file, then making the scripted changes [from #8611] in armbian-kernel.sh, then running the kernel's make oldconfig, then processed by the Armbian machinery back into the config/kernel files.

[coderabbitai]

@tabrisnet, thank you for the clarification! This explains exactly why CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD appeared in the generated config.

As you described, the automated process uses make oldconfig, which preserves existing deprecated kernel options and only prompts for new configuration options. This is different from make defconfig, which would auto-correct by removing deprecated options entirely.

Since the previous version of the config likely had CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED=y or similar deprecated ZSWAP settings, when the scripted changes from PR #8661 were applied and make oldconfig was run, the kernel automatically migrated to CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y as the closest equivalent - but unfortunately still a deprecated option.

This automated process properly handles kernel configuration dependencies and reduces the likelihood of manual configuration errors, which is exactly what we see working here. The generated configs represent what the kernel build system determined was the appropriate migration path from the previous settings.

The observation about ZBUD being deprecated still stands for future reference, but in the context of this automated generation process, it makes perfect sense why it appeared.

---

🧠 Learnings used

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:82-83
Timestamp: 2025-07-26T11:14:41.697Z
Learning: In Linux kernel 6.13 and later, CONFIG_ZBUD was deprecated and is scheduled for removal in kernel 6.15. The zbud compressed page allocator was found to consume more memory than alternatives like zsmalloc. Therefore, CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD becomes obsolete in current kernels, and make defconfig will auto-correct by removing such deprecated options. This demonstrates how kernel defconfigs can be backwards compatible but not forward compatible.

---

Learnt from: amazingfate
PR: armbian/build#8619
File: config/kernel/linux-rockchip-vendor.config:0-0
Timestamp: 2025-09-14T06:19:06.828Z
Learning: CONFIG_ZSWAP has an implicit kernel-level dependency on CONFIG_SWAP, so when CONFIG_ZSWAP=y is set in Armbian overlay configs, CONFIG_SWAP gets automatically enabled during kernel build configuration processing, even if not explicitly specified in the overlay file.

---

Learnt from: amazingfate
PR: armbian/build#8619
File: config/kernel/linux-rockchip-vendor.config:0-0
Timestamp: 2025-09-14T06:19:06.828Z
Learning: CONFIG_ZSWAP has an implicit kernel-level dependency on CONFIG_SWAP, so when CONFIG_ZSWAP=y is set in Armbian overlay configs, CONFIG_SWAP gets automatically enabled during kernel build configuration processing, even if not explicitly specified in the overlay file.

---

Learnt from: tabrisnet
PR: armbian/build#8678
File: config/kernel/linux-k3-edge.config:97-99
Timestamp: 2025-09-27T21:49:27.179Z
Learning: make oldconfig preserves existing deprecated kernel options and only prompts for new configuration options, unlike make defconfig which would auto-correct by removing deprecated options. This explains why deprecated options like CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD might persist through the automated Armbian kernel configuration generation process.

---

Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

---

Learnt from: tabrisnet
PR: armbian/build#8678
File: config/kernel/linux-bcm2711-edge.config:859-861
Timestamp: 2025-09-27T21:47:57.932Z
Learning: In the Armbian build system, kernel configuration files in config/kernel/ are generated through an automated process: taking previous config → applying scripted changes from armbian-kernel.sh → running kernel's `make oldconfig` → processing by Armbian machinery back into config files. This automated process properly handles kernel configuration dependencies and reduces the likelihood of manual configuration errors.

---

Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

---

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Replace deprecated ZBUD default zpool with ZSMALLOC (6.13+).

Same concern as sunxi-current: ZBUD default is deprecated; use ZSMALLOC to be forward‑compatible.

-CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y
+CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y

Based on learnings

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y
	CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y

🤖 Prompt for AI Agents

In config/kernel/linux-sunxi64-current.config around line 94, the zswap default
zpool is set to ZBUD which is deprecated; replace it with ZSMALLOC for forward
compatibility (kernel 6.13+). Disable or remove CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD
and enable CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC instead, and ensure any dependent
CONFIG_ZSMALLOC options are enabled so the build picks the zsmalloc zpool; if
this config must remain conditional, gate the change behind a kernel version
check for 6.13+.

[tabrisnet]

Note that this, with all of the other files in this PR, are from taking the previous version of this file, then making the scripted changes [from #8611] in armbian-kernel.sh, then running the kernel's make oldconfig, then processed by the Armbian machinery back into the config/kernel files.

[coderabbitai]

@tabrisnet Thank you for the clarification! You're absolutely right - since these config files are autogenerated through the scripted process (previous config → armbian-kernel.sh changes → make oldconfig → Armbian machinery processing), manually editing individual config options wouldn't be the appropriate approach.

Given this automated generation process, the ZBUD deprecation should be addressed at one of these levels instead:

1. In armbian-kernel.sh: Add logic to handle the ZBUD→ZSMALLOC transition for kernel 6.13+
2. Let make oldconfig handle it: The kernel's oldconfig process should theoretically auto-correct deprecated options, though as you noted in the learning, make oldconfig preserves existing deprecated options rather than auto-correcting them
3. In the Armbian machinery: Add post-processing to replace deprecated options during the final config generation

Since this is part of a systematic config sync across multiple kernel families, the fix should be implemented in the automated tooling rather than as manual config edits.

---

✏️ Learnings added

Learnt from: tabrisnet
PR: armbian/build#8678
File: config/kernel/linux-sunxi64-current.config:94-94
Timestamp: 2025-09-27T21:50:15.908Z
Learning: When kernel config files are generated through Armbian's automated process (previous config → armbian-kernel.sh changes → make oldconfig → Armbian machinery processing), manual config file edits are not appropriate since they would be overwritten. Deprecated option handling should be implemented in the automated tooling instead.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:82-83
Timestamp: 2025-07-26T11:14:41.697Z
Learning: In Linux kernel 6.13 and later, CONFIG_ZBUD was deprecated and is scheduled for removal in kernel 6.15. The zbud compressed page allocator was found to consume more memory than alternatives like zsmalloc. Therefore, CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD becomes obsolete in current kernels, and make defconfig will auto-correct by removing such deprecated options. This demonstrates how kernel defconfigs can be backwards compatible but not forward compatible.

---

Learnt from: amazingfate
PR: armbian/build#8619
File: config/kernel/linux-rockchip-vendor.config:0-0
Timestamp: 2025-09-14T06:19:06.828Z
Learning: CONFIG_ZSWAP has an implicit kernel-level dependency on CONFIG_SWAP, so when CONFIG_ZSWAP=y is set in Armbian overlay configs, CONFIG_SWAP gets automatically enabled during kernel build configuration processing, even if not explicitly specified in the overlay file.

---

Learnt from: amazingfate
PR: armbian/build#8619
File: config/kernel/linux-rockchip-vendor.config:0-0
Timestamp: 2025-09-14T06:19:06.828Z
Learning: CONFIG_ZSWAP has an implicit kernel-level dependency on CONFIG_SWAP, so when CONFIG_ZSWAP=y is set in Armbian overlay configs, CONFIG_SWAP gets automatically enabled during kernel build configuration processing, even if not explicitly specified in the overlay file.

---

Learnt from: tabrisnet
PR: armbian/build#8678
File: config/kernel/linux-k3-edge.config:97-99
Timestamp: 2025-09-27T21:49:27.179Z
Learning: make oldconfig preserves existing deprecated kernel options and only prompts for new configuration options, unlike make defconfig which would auto-correct by removing deprecated options. This explains why deprecated options like CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD might persist through the automated Armbian kernel configuration generation process.

---

Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

---

Learnt from: tabrisnet
PR: armbian/build#8678
File: config/kernel/linux-bcm2711-edge.config:859-861
Timestamp: 2025-09-27T21:47:57.932Z
Learning: In the Armbian build system, kernel configuration files in config/kernel/ are generated through an automated process: taking previous config → applying scripted changes from armbian-kernel.sh → running kernel's `make oldconfig` → processing by Armbian machinery back into config files. This automated process properly handles kernel configuration dependencies and reduces the likelihood of manual configuration errors.

---

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

BPF JIT enabled — tighten unprivileged BPF

With JIT on, keep unprivileged BPF off by default to reduce attack surface. Suggest enabling CONFIG_BPF_UNPRIV_DEFAULT_OFF.

-# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
+CONFIG_BPF_UNPRIV_DEFAULT_OFF=y

Alternatively set kernel.unprivileged_bpf_disabled=1 via sysctl.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	CONFIG_BPF_JIT=y
	CONFIG_BPF_JIT=y
	CONFIG_BPF_UNPRIV_DEFAULT_OFF=y

🤖 Prompt for AI Agents

In config/kernel/linux-sunxi64-edge.config around lines 6 to 6, BPF JIT is
enabled but unprivileged BPF is left permissive; enable
CONFIG_BPF_UNPRIV_DEFAULT_OFF by adding or setting
CONFIG_BPF_UNPRIV_DEFAULT_OFF=y in the kernel config so unprivileged BPF is
disabled by default; alternatively, document and/or set
kernel.unprivileged_bpf_disabled=1 via sysctl if a runtime sysctl-based
mitigation is preferred.

[github-actions]

✅ This PR has been reviewed and approved — all set for merge!