config DEFCONFIG_LIST
        string
        depends on !UML
        option defconfig_list
        default "/lib/modules/$(shell,uname -r)/.config"
        default "/etc/kernel-config"
        default "/boot/config-$(shell,uname -r)"
        default ARCH_DEFCONFIG
        default "arch/$(ARCH)/defconfig"

config CC_IS_GCC
        def_bool $(success,$(CC) --version | head -n 1 | grep -q gcc)

config GCC_VERSION
        int
        default $(shell,$(srctree)/scripts/gcc-version.sh -p $(CC) | sed 's/^0*//') if CC_IS_GCC
        default 0

config CC_IS_CLANG
        def_bool $(success,$(CC) --version | head -n 1 | grep -q clang)

config CLANG_VERSION
        int
        default $(shell,$(srctree)/scripts/clang-version.sh $(CC))

config CONSTRUCTORS
        bool
        depends on !UML

config IRQ_WORK
        bool

config BUILDTIME_EXTABLE_SORT
        bool

config THREAD_INFO_IN_TASK
        bool
        help
          Select this to move thread_info off the stack into task_struct.  To
          make this work, an arch will need to remove all thread_info fields
          except flags and fix any runtime bugs.

          One subtle change that will be needed is to use try_get_task_stack()
          and put_task_stack() in save_thread_stack_tsk() and get_wchan().

menu "General setup"

config BROKEN
        bool

config BROKEN_ON_SMP
        bool
        depends on BROKEN || !SMP
        default y

config INIT_ENV_ARG_LIMIT
        int
        default 32 if !UML
        default 128 if UML
        help
          Maximum of each of the number of arguments and environment
          variables passed to init from the kernel command line.

config COMPILE_TEST
        bool "Compile also drivers which will not load"
        depends on !UML
        default n
        help
          Some drivers can be compiled on a different platform than they are
          intended to be run on. Despite they cannot be loaded there (or even
          when they load they cannot be used due to missing HW support),
          developers still, opposing to distributors, might want to build such
          drivers to compile-test them.

          If you are a developer and want to build everything available, say Y
          here. If you are a user/distributor, say N here to exclude useless
          drivers to be distributed.

config LOCALVERSION
        string "Local version - append to kernel release"
        help
          Append an extra string to the end of your kernel version.
          This will show up when you type uname, for example.
          The string you set here will be appended after the contents of
          any files with a filename matching localversion* in your
          object and source tree, in that order.  Your total string can
          be a maximum of 64 characters.

config LOCALVERSION_AUTO
        bool "Automatically append version information to the version string"
        default y
        depends on !COMPILE_TEST
        help
          This will try to automatically determine if the current tree is a
          release tree by looking for git tags that belong to the current
          top of tree revision.

          A string of the format -gxxxxxxxx will be added to the localversion
          if a git-based tree is found.  The string generated by this will be
          appended after any matching localversion* files, and after the value
          set in CONFIG_LOCALVERSION.

          (The actual string used here is the first eight characters produced
          by running the command:

            $ git rev-parse --verify HEAD

          which is done within the script "scripts/setlocalversion".)

config BUILD_SALT
       string "Build ID Salt"
       default ""
       help
          The build ID is used to link binaries and their debug info. Setting
          this option will use the value in the calculation of the build id.
          This is mostly useful for distributions which want to ensure the
          build is unique between builds. It's safe to leave the default.

config HAVE_KERNEL_GZIP
        bool

config HAVE_KERNEL_BZIP2
        bool

config HAVE_KERNEL_LZMA
        bool

config HAVE_KERNEL_XZ
        bool

config HAVE_KERNEL_LZO
        bool

config HAVE_KERNEL_LZ4
        bool

config HAVE_KERNEL_UNCOMPRESSED
        bool

choice
        prompt "Kernel compression mode"
        default KERNEL_GZIP
        depends on HAVE_KERNEL_GZIP || HAVE_KERNEL_BZIP2 || HAVE_KERNEL_LZMA || HAVE_KERNEL_XZ || HAVE_KERNEL_LZO || HAVE_KERNEL_LZ4 || HAVE_KERNEL_UNCOMPRESSED
        help
          The linux kernel is a kind of self-extracting executable.
          Several compression algorithms are available, which differ
          in efficiency, compression and decompression speed.
          Compression speed is only relevant when building a kernel.
          Decompression speed is relevant at each boot.

          If you have any problems with bzip2 or lzma compressed
          kernels, mail me (Alain Knaff) <alain@knaff.lu>. (An older
          version of this functionality (bzip2 only), for 2.4, was
          supplied by Christian Ludwig)

          High compression options are mostly useful for users, who
          are low on disk space (embedded systems), but for whom ram
          size matters less.

          If in doubt, select 'gzip'

config KERNEL_GZIP
        bool "Gzip"
        depends on HAVE_KERNEL_GZIP
        help
          The old and tried gzip compression. It provides a good balance
          between compression ratio and decompression speed.

config KERNEL_BZIP2
        bool "Bzip2"
        depends on HAVE_KERNEL_BZIP2
        help
          Its compression ratio and speed is intermediate.
          Decompression speed is slowest among the choices.  The kernel
          size is about 10% smaller with bzip2, in comparison to gzip.
          Bzip2 uses a large amount of memory. For modern kernels you
          will need at least 8MB RAM or more for booting.

config KERNEL_LZMA
        bool "LZMA"
        depends on HAVE_KERNEL_LZMA
        help
          This compression algorithm's ratio is best.  Decompression speed
          is between gzip and bzip2.  Compression is slowest.
          The kernel size is about 33% smaller with LZMA in comparison to gzip.

config KERNEL_XZ
        bool "XZ"
        depends on HAVE_KERNEL_XZ
        help
          XZ uses the LZMA2 algorithm and instruction set specific
          BCJ filters which can improve compression ratio of executable
          code. The size of the kernel is about 30% smaller with XZ in
          comparison to gzip. On architectures for which there is a BCJ
          filter (i386, x86_64, ARM, IA-64, PowerPC, and SPARC), XZ
          will create a few percent smaller kernel than plain LZMA.

          The speed is about the same as with LZMA: The decompression
          speed of XZ is better than that of bzip2 but worse than gzip
          and LZO. Compression is slow.

config KERNEL_LZO
        bool "LZO"
        depends on HAVE_KERNEL_LZO
        help
          Its compression ratio is the poorest among the choices. The kernel
          size is about 10% bigger than gzip; however its speed
          (both compression and decompression) is the fastest.

config KERNEL_LZ4
        bool "LZ4"
        depends on HAVE_KERNEL_LZ4
        help
          LZ4 is an LZ77-type compressor with a fixed, byte-oriented encoding.
          A preliminary version of LZ4 de/compression tool is available at
          <https://code.google.com/p/lz4/>.

          Its compression ratio is worse than LZO. The size of the kernel
          is about 8% bigger than LZO. But the decompression speed is
          faster than LZO.

config KERNEL_UNCOMPRESSED
        bool "None"
        depends on HAVE_KERNEL_UNCOMPRESSED
        help
          Produce uncompressed kernel image. This option is usually not what
          you want. It is useful for debugging the kernel in slow simulation
          environments, where decompressing and moving the kernel is awfully
          slow. This option allows early boot code to skip the decompressor
          and jump right at uncompressed kernel image.

endchoice

config DEFAULT_HOSTNAME
        string "Default hostname"
        default "(none)"
        help
          This option determines the default system hostname before userspace
          calls sethostname(2). The kernel traditionally uses "(none)" here,
          but you may wish to use a different default here to make a minimal
          system more usable with less configuration.

#
# For some reason microblaze and nios2 hard code SWAP=n.  Hopefully we can
# add proper SWAP support to them, in which case this can be remove.
#
config ARCH_NO_SWAP
        bool

config SWAP
        bool "Support for paging of anonymous memory (swap)"
        depends on MMU && BLOCK && !ARCH_NO_SWAP
        default y
        help
          This option allows you to choose whether you want to have support
          for so called swap devices or swap files in your kernel that are
          used to provide more virtual memory than the actual RAM present
          in your computer.  If unsure say Y.

config SYSVIPC
        bool "System V IPC"
        ---help---
          Inter Process Communication is a suite of library functions and
          system calls which let processes (running programs) synchronize and
          exchange information. It is generally considered to be a good thing,
          and some programs won't run unless you say Y here. In particular, if
          you want to run the DOS emulator dosemu under Linux (read the
          DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
          you'll need to say Y here.

          You can find documentation about IPC with "info ipc" and also in
          section 6.4 of the Linux Programmer's Guide, available from
          <http://www.tldp.org/guides.html>.

config SYSVIPC_SYSCTL
        bool
        depends on SYSVIPC
        depends on SYSCTL
        default y

config POSIX_MQUEUE
        bool "POSIX Message Queues"
        depends on NET
        ---help---
          POSIX variant of message queues is a part of IPC. In POSIX message
          queues every message has a priority which decides about succession
          of receiving it by a process. If you want to compile and run
          programs written e.g. for Solaris with use of its POSIX message
          queues (functions mq_*) say Y here.

          POSIX message queues are visible as a filesystem called 'mqueue'
          and can be mounted somewhere if you want to do filesystem
          operations on message queues.

          If unsure, say Y.

config POSIX_MQUEUE_SYSCTL
        bool
        depends on POSIX_MQUEUE
        depends on SYSCTL
        default y

config CROSS_MEMORY_ATTACH
        bool "Enable process_vm_readv/writev syscalls"
        depends on MMU
        default y
        help
          Enabling this option adds the system calls process_vm_readv and
          process_vm_writev which allow a process with the correct privileges
          to directly read from or write to another process' address space.
          See the man page for more details.

config USELIB
        bool "uselib syscall"
        def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
        help
          This option enables the uselib syscall, a system call used in the
          dynamic linker from libc5 and earlier.  glibc does not use this
          system call.  If you intend to run programs built on libc5 or
          earlier, you may need to enable this syscall.  Current systems
          running glibc can safely disable this.

config AUDIT
        bool "Auditing support"
        depends on NET
        help
          Enable auditing infrastructure that can be used with another
          kernel subsystem, such as SELinux (which requires this for
          logging of avc messages output).  System call auditing is included
          on architectures which support it.

config HAVE_ARCH_AUDITSYSCALL
        bool

config AUDITSYSCALL
        def_bool y
        depends on AUDIT && HAVE_ARCH_AUDITSYSCALL

config AUDIT_WATCH
        def_bool y
        depends on AUDITSYSCALL
        select FSNOTIFY

config AUDIT_TREE
        def_bool y
        depends on AUDITSYSCALL
        select FSNOTIFY

source "kernel/irq/Kconfig"
source "kernel/time/Kconfig"
source "kernel/Kconfig.preempt"

menu "CPU/Task time and stats accounting"

config VIRT_CPU_ACCOUNTING
        bool

choice
        prompt "Cputime accounting"
        default TICK_CPU_ACCOUNTING if !PPC64
        default VIRT_CPU_ACCOUNTING_NATIVE if PPC64

# Kind of a stub config for the pure tick based cputime accounting
config TICK_CPU_ACCOUNTING
        bool "Simple tick based cputime accounting"
        depends on !S390 && !NO_HZ_FULL
        help
          This is the basic tick based cputime accounting that maintains
          statistics about user, system and idle time spent on per jiffies
          granularity.

          If unsure, say Y.

config VIRT_CPU_ACCOUNTING_NATIVE
        bool "Deterministic task and CPU time accounting"
        depends on HAVE_VIRT_CPU_ACCOUNTING && !NO_HZ_FULL
        select VIRT_CPU_ACCOUNTING
        help
          Select this option to enable more accurate task and CPU time
          accounting.  This is done by reading a CPU counter on each
          kernel entry and exit and on transitions within the kernel
          between system, softirq and hardirq state, so there is a
          small performance impact.  In the case of s390 or IBM POWER > 5,
          this also enables accounting of stolen time on logically-partitioned
          systems.

config VIRT_CPU_ACCOUNTING_GEN
        bool "Full dynticks CPU time accounting"
        depends on HAVE_CONTEXT_TRACKING
        depends on HAVE_VIRT_CPU_ACCOUNTING_GEN
        select VIRT_CPU_ACCOUNTING
        select CONTEXT_TRACKING
        help
          Select this option to enable task and CPU time accounting on full
          dynticks systems. This accounting is implemented by watching every
          kernel-user boundaries using the context tracking subsystem.
          The accounting is thus performed at the expense of some significant
          overhead.

          For now this is only useful if you are working on the full
          dynticks subsystem development.

          If unsure, say N.

endchoice

config IRQ_TIME_ACCOUNTING
        bool "Fine granularity task level IRQ time accounting"
        depends on HAVE_IRQ_TIME_ACCOUNTING && !VIRT_CPU_ACCOUNTING_NATIVE
        help
          Select this option to enable fine granularity task irq time
          accounting. This is done by reading a timestamp on each
          transitions between softirq and hardirq state, so there can be a
          small performance impact.

          If in doubt, say N here.

config BSD_PROCESS_ACCT
        bool "BSD Process Accounting"
        depends on MULTIUSER
        help
          If you say Y here, a user level program will be able to instruct the
          kernel (via a special system call) to write process accounting
          information to a file: whenever a process exits, information about
          that process will be appended to the file by the kernel.  The
          information includes things such as creation time, owning user,
          command name, memory usage, controlling terminal etc. (the complete
          list is in the struct acct in <file:include/linux/acct.h>).  It is
          up to the user level program to do useful things with this
          information.  This is generally a good idea, so say Y.

config BSD_PROCESS_ACCT_V3
        bool "BSD Process Accounting version 3 file format"
        depends on BSD_PROCESS_ACCT
        default n
        help
          If you say Y here, the process accounting information is written
          in a new file format that also logs the process IDs of each
          process and its parent. Note that this file format is incompatible
          with previous v0/v1/v2 file formats, so you will need updated tools
          for processing it. A preliminary version of these tools is available
          at <http://www.gnu.org/software/acct/>.

config TASKSTATS
        bool "Export task/process statistics through netlink"
        depends on NET
        depends on MULTIUSER
        default n
        help
          Export selected statistics for tasks/processes through the
          generic netlink interface. Unlike BSD process accounting, the
          statistics are available during the lifetime of tasks/processes as
          responses to commands. Like BSD accounting, they are sent to user
          space on task exit.

          Say N if unsure.

config TASK_DELAY_ACCT
        bool "Enable per-task delay accounting"
        depends on TASKSTATS
        select SCHED_INFO
        help
          Collect information on time spent by a task waiting for system
          resources like cpu, synchronous block I/O completion and swapping
          in pages. Such statistics can help in setting a task's priorities
          relative to other tasks for cpu, io, rss limits etc.

          Say N if unsure.

config TASK_XACCT
        bool "Enable extended accounting over taskstats"
        depends on TASKSTATS
        help
          Collect extended task accounting data and send the data
          to userland for processing over the taskstats interface.

          Say N if unsure.

config TASK_IO_ACCOUNTING
        bool "Enable per-task storage I/O accounting"
        depends on TASK_XACCT
        help
          Collect information on the number of bytes of storage I/O which this
          task has caused.

          Say N if unsure.

endmenu # "CPU/Task time and stats accounting"

config CPU_ISOLATION
        bool "CPU isolation"
        depends on SMP || COMPILE_TEST
        default y
        help
          Make sure that CPUs running critical tasks are not disturbed by
          any source of "noise" such as unbound workqueues, timers, kthreads...
          Unbound jobs get offloaded to housekeeping CPUs. This is driven by
          the "isolcpus=" boot parameter.

          Say Y if unsure.

source "kernel/rcu/Kconfig"

config BUILD_BIN2C
        bool
        default n

config IKCONFIG
        tristate "Kernel .config support"
        select BUILD_BIN2C
        ---help---
          This option enables the complete Linux kernel ".config" file
          contents to be saved in the kernel. It provides documentation
          of which kernel options are used in a running kernel or in an
          on-disk kernel.  This information can be extracted from the kernel
          image file with the script scripts/extract-ikconfig and used as
          input to rebuild the current kernel or to build another kernel.
          It can also be extracted from a running kernel by reading
          /proc/config.gz if enabled (below).

config IKCONFIG_PROC
        bool "Enable access to .config through /proc/config.gz"
        depends on IKCONFIG && PROC_FS
        ---help---
          This option enables access to the kernel configuration file
          through /proc/config.gz.

config LOG_BUF_SHIFT
        int "Kernel log buffer size (16 => 64KB, 17 => 128KB)"
        range 12 25
        default 17
        depends on PRINTK
        help
          Select the minimal kernel log buffer size as a power of 2.
          The final size is affected by LOG_CPU_MAX_BUF_SHIFT config
          parameter, see below. Any higher size also might be forced
          by "log_buf_len" boot parameter.

          Examples:
                     17 => 128 KB
                     16 => 64 KB
                     15 => 32 KB
                     14 => 16 KB
                     13 =>  8 KB
                     12 =>  4 KB

config LOG_CPU_MAX_BUF_SHIFT
        int "CPU kernel log buffer size contribution (13 => 8 KB, 17 => 128KB)"
        depends on SMP
        range 0 21
        default 12 if !BASE_SMALL
        default 0 if BASE_SMALL
        depends on PRINTK
        help
          This option allows to increase the default ring buffer size
          according to the number of CPUs. The value defines the contribution
          of each CPU as a power of 2. The used space is typically only few
          lines however it might be much more when problems are reported,
          e.g. backtraces.

          The increased size means that a new buffer has to be allocated and
          the original static one is unused. It makes sense only on systems
          with more CPUs. Therefore this value is used only when the sum of
          contributions is greater than the half of the default kernel ring
          buffer as defined by LOG_BUF_SHIFT. The default values are set
          so that more than 64 CPUs are needed to trigger the allocation.

          Also this option is ignored when "log_buf_len" kernel parameter is
          used as it forces an exact (power of two) size of the ring buffer.

          The number of possible CPUs is used for this computation ignoring
          hotplugging making the computation optimal for the worst case
          scenario while allowing a simple algorithm to be used from bootup.

          Examples shift values and their meaning:
                     17 => 128 KB for each CPU
                     16 =>  64 KB for each CPU
                     15 =>  32 KB for each CPU
                     14 =>  16 KB for each CPU
                     13 =>   8 KB for each CPU
                     12 =>   4 KB for each CPU

config PRINTK_SAFE_LOG_BUF_SHIFT
        int "Temporary per-CPU printk log buffer size (12 => 4KB, 13 => 8KB)"
        range 10 21
        default 13
        depends on PRINTK
        help
          Select the size of an alternate printk per-CPU buffer where messages
          printed from usafe contexts are temporary stored. One example would
          be NMI messages, another one - printk recursion. The messages are
          copied to the main log buffer in a safe context to avoid a deadlock.
          The value defines the size as a power of 2.

          Those messages are rare and limited. The largest one is when
          a backtrace is printed. It usually fits into 4KB. Select
          8KB if you want to be on the safe side.

          Examples:
                     17 => 128 KB for each CPU
                     16 =>  64 KB for each CPU
                     15 =>  32 KB for each CPU
                     14 =>  16 KB for each CPU
                     13 =>   8 KB for each CPU
                     12 =>   4 KB for each CPU

#
# Architectures with an unreliable sched_clock() should select this:
#
config HAVE_UNSTABLE_SCHED_CLOCK
        bool

config GENERIC_SCHED_CLOCK
        bool

#
# For architectures that want to enable the support for NUMA-affine scheduler
# balancing logic:
#
config ARCH_SUPPORTS_NUMA_BALANCING
        bool

#
# For architectures that prefer to flush all TLBs after a number of pages
# are unmapped instead of sending one IPI per page to flush. The architecture
# must provide guarantees on what happens if a clean TLB cache entry is
# written after the unmap. Details are in mm/rmap.c near the check for
# should_defer_flush. The architecture should also consider if the full flush
# and the refill costs are offset by the savings of sending fewer IPIs.
config ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
        bool

#
# For architectures that know their GCC __int128 support is sound
#
config ARCH_SUPPORTS_INT128
        bool

# For architectures that (ab)use NUMA to represent different memory regions
# all cpu-local but of different latencies, such as SuperH.
#
config ARCH_WANT_NUMA_VARIABLE_LOCALITY
        bool

config NUMA_BALANCING
        bool "Memory placement aware NUMA scheduler"
        depends on ARCH_SUPPORTS_NUMA_BALANCING
        depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY
        depends on SMP && NUMA && MIGRATION
        help
          This option adds support for automatic NUMA aware memory/task placement.
          The mechanism is quite primitive and is based on migrating memory when
          it has references to the node the task is running on.

          This system will be inactive on UMA systems.

config NUMA_BALANCING_DEFAULT_ENABLED
        bool "Automatically enable NUMA aware memory/task placement"
        default y
        depends on NUMA_BALANCING
        help
          If set, automatic NUMA balancing will be enabled if running on a NUMA
          machine.

menuconfig CGROUPS
        bool "Control Group support"
        select KERNFS
        help
          This option adds support for grouping sets of processes together, for
          use with process control subsystems such as Cpusets, CFS, memory
          controls or device isolation.
          See
                - Documentation/scheduler/sched-design-CFS.txt  (CFS)
                - Documentation/cgroup-v1/ (features for grouping, isolation
                                          and resource control)

          Say N if unsure.

if CGROUPS

config PAGE_COUNTER
       bool

config MEMCG
        bool "Memory controller"
        select PAGE_COUNTER
        select EVENTFD
        help
          Provides control over the memory footprint of tasks in a cgroup.

config MEMCG_SWAP
        bool "Swap controller"
        depends on MEMCG && SWAP
        help
          Provides control over the swap space consumed by tasks in a cgroup.

config MEMCG_SWAP_ENABLED
        bool "Swap controller enabled by default"
        depends on MEMCG_SWAP
        default y
        help
          Memory Resource Controller Swap Extension comes with its price in
          a bigger memory consumption. General purpose distribution kernels
          which want to enable the feature but keep it disabled by default
          and let the user enable it by swapaccount=1 boot command line
          parameter should have this option unselected.
          For those who want to have the feature enabled by default should
          select this option (if, for some reason, they need to disable it
          then swapaccount=0 does the trick).

config MEMCG_KMEM
        bool
        depends on MEMCG && !SLOB
        default y

config BLK_CGROUP
        bool "IO controller"
        depends on BLOCK
        default n
        ---help---
        Generic block IO controller cgroup interface. This is the common
        cgroup interface which should be used by various IO controlling
        policies.

        Currently, CFQ IO scheduler uses it to recognize task groups and
        control disk bandwidth allocation (proportional time slice allocation)
        to such task groups. It is also used by bio throttling logic in
        block layer to implement upper limit in IO rates on a device.

        This option only enables generic Block IO controller infrastructure.
        One needs to also enable actual IO controlling logic/policy. For
        enabling proportional weight division of disk bandwidth in CFQ, set
        CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
        CONFIG_BLK_DEV_THROTTLING=y.

        See Documentation/cgroup-v1/blkio-controller.txt for more information.

config DEBUG_BLK_CGROUP
        bool "IO controller debugging"
        depends on BLK_CGROUP
        default n
        ---help---
        Enable some debugging help. Currently it exports additional stat
        files in a cgroup which can be useful for debugging.

config CGROUP_WRITEBACK
        bool
        depends on MEMCG && BLK_CGROUP
        default y

menuconfig CGROUP_SCHED
        bool "CPU controller"
        default n
        help
          This feature lets CPU scheduler recognize task groups and control CPU
          bandwidth allocation to such task groups. It uses cgroups to group
          tasks.

if CGROUP_SCHED
config FAIR_GROUP_SCHED
        bool "Group scheduling for SCHED_OTHER"
        depends on CGROUP_SCHED
        default CGROUP_SCHED

config CFS_BANDWIDTH
        bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
        depends on FAIR_GROUP_SCHED
        default n
        help
          This option allows users to define CPU bandwidth rates (limits) for
          tasks running within the fair group scheduler.  Groups with no limit
          set are considered to be unconstrained and will run with no
          restriction.
          See Documentation/scheduler/sched-bwc.txt for more information.

config RT_GROUP_SCHED
        bool "Group scheduling for SCHED_RR/FIFO"
        depends on CGROUP_SCHED
        default n
        help
          This feature lets you explicitly allocate real CPU bandwidth
          to task groups. If enabled, it will also make it impossible to
          schedule realtime tasks for non-root users until you allocate
          realtime bandwidth for them.
          See Documentation/scheduler/sched-rt-group.txt for more information.

endif #CGROUP_SCHED

config CGROUP_PIDS
        bool "PIDs controller"
        help
          Provides enforcement of process number limits in the scope of a
          cgroup. Any attempt to fork more processes than is allowed in the
          cgroup will fail. PIDs are fundamentally a global resource because it
          is fairly trivial to reach PID exhaustion before you reach even a
          conservative kmemcg limit. As a result, it is possible to grind a
          system to halt without being limited by other cgroup policies. The
          PIDs controller is designed to stop this from happening.

          It should be noted that organisational operations (such as attaching
          to a cgroup hierarchy will *not* be blocked by the PIDs controller),
          since the PIDs limit only affects a process's ability to fork, not to
          attach to a cgroup.

config CGROUP_RDMA
        bool "RDMA controller"
        help
          Provides enforcement of RDMA resources defined by IB stack.
          It is fairly easy for consumers to exhaust RDMA resources, which
          can result into resource unavailability to other consumers.
          RDMA controller is designed to stop this from happening.
          Attaching processes with active RDMA resources to the cgroup
          hierarchy is allowed even if can cross the hierarchy's limit.

config CGROUP_FREEZER
        bool "Freezer controller"
        help
          Provides a way to freeze and unfreeze all tasks in a
          cgroup.

          This option affects the ORIGINAL cgroup interface. The cgroup2 memory
          controller includes important in-kernel memory consumers per default.

          If you're using cgroup2, say N.

config CGROUP_HUGETLB
        bool "HugeTLB controller"
        depends on HUGETLB_PAGE
        select PAGE_COUNTER
        default n
        help
          Provides a cgroup controller for HugeTLB pages.
          When you enable this, you can put a per cgroup limit on HugeTLB usage.
          The limit is enforced during page fault. Since HugeTLB doesn't
          support page reclaim, enforcing the limit at page fault time implies
          that, the application will get SIGBUS signal if it tries to access
          HugeTLB pages beyond its limit. This requires the application to know
          beforehand how much HugeTLB pages it would require for its use. The
          control group is tracked in the third page lru pointer. This means
          that we cannot use the controller with huge page less than 3 pages.

config CPUSETS
        bool "Cpuset controller"
        depends on SMP
        help
          This option will let you create and manage CPUSETs which
          allow dynamically partitioning a system into sets of CPUs and
          Memory Nodes and assigning tasks to run only within those sets.
          This is primarily useful on large SMP or NUMA systems.

          Say N if unsure.

config PROC_PID_CPUSET
        bool "Include legacy /proc/<pid>/cpuset file"
        depends on CPUSETS
        default y

config CGROUP_DEVICE
        bool "Device controller"
        help
          Provides a cgroup controller implementing whitelists for
          devices which a process in the cgroup can mknod or open.

config CGROUP_CPUACCT
        bool "Simple CPU accounting controller"
        help
          Provides a simple controller for monitoring the
          total CPU consumed by the tasks in a cgroup.

config CGROUP_PERF
        bool "Perf controller"
        depends on PERF_EVENTS
        help
          This option extends the perf per-cpu mode to restrict monitoring
          to threads which belong to the cgroup specified and run on the
          designated cpu.

          Say N if unsure.

config CGROUP_BPF
        bool "Support for eBPF programs attached to cgroups"
        depends on BPF_SYSCALL
        select SOCK_CGROUP_DATA
        help
          Allow attaching eBPF programs to a cgroup using the bpf(2)
          syscall command BPF_PROG_ATTACH.

          In which context these programs are accessed depends on the type
          of attachment. For instance, programs that are attached using
          BPF_CGROUP_INET_INGRESS will be executed on the ingress path of
          inet sockets.

config CGROUP_DEBUG
        bool "Debug controller"
        default n
        depends on DEBUG_KERNEL
        help
          This option enables a simple controller that exports
          debugging information about the cgroups framework. This
          controller is for control cgroup debugging only. Its
          interfaces are not stable.

          Say N.

config SOCK_CGROUP_DATA
        bool
        default n

endif # CGROUPS

menuconfig NAMESPACES
        bool "Namespaces support" if EXPERT
        depends on MULTIUSER
        default !EXPERT
        help
          Provides the way to make tasks work with different objects using
          the same id. For example same IPC id may refer to different objects
          or same user id or pid may refer to different tasks when used in
          different namespaces.

if NAMESPACES

config UTS_NS
        bool "UTS namespace"
        default y
        help
          In this namespace tasks see different info provided with the
          uname() system call

config IPC_NS
        bool "IPC namespace"
        depends on (SYSVIPC || POSIX_MQUEUE)
        default y
        help
          In this namespace tasks work with IPC ids which correspond to
          different IPC objects in different namespaces.

config USER_NS
        bool "User namespace"
        default n
        help
          This allows containers, i.e. vservers, to use user namespaces
          to provide different user info for different servers.

          When user namespaces are enabled in the kernel it is
          recommended that the MEMCG option also be enabled and that
          user-space use the memory control groups to limit the amount
          of memory a memory unprivileged users can use.

          If unsure, say N.

config PID_NS
        bool "PID Namespaces"
        default y
        help
          Support process id namespaces.  This allows having multiple
          processes with the same pid as long as they are in different
          pid namespaces.  This is a building block of containers.

config NET_NS
        bool "Network namespace"
        depends on NET
        default y
        help
          Allow user space to create what appear to be multiple instances
          of the network stack.

endif # NAMESPACES

config CHECKPOINT_RESTORE
        bool "Checkpoint/restore support"
        select PROC_CHILDREN
        default n
        help
          Enables additional kernel features in a sake of checkpoint/restore.
          In particular it adds auxiliary prctl codes to setup process text,
          data and heap segment sizes, and a few additional /proc filesystem
          entries.

          If unsure, say N here.

config SCHED_AUTOGROUP
        bool "Automatic process group scheduling"
        select CGROUPS
        select CGROUP_SCHED
        select FAIR_GROUP_SCHED
        help
          This option optimizes the scheduler for common desktop workloads by
          automatically creating and populating task groups.  This separation
          of workloads isolates aggressive CPU burners (like build jobs) from
          desktop applications.  Task group autogeneration is currently based
          upon task session.

config SYSFS_DEPRECATED
        bool "Enable deprecated sysfs features to support old userspace tools"
        depends on SYSFS
        default n
        help
          This option adds code that switches the layout of the "block" class
          devices, to not show up in /sys/class/block/, but only in

          /sys/block/.

          This switch is only active when the sysfs.deprecated=1 boot option is
          passed or the SYSFS_DEPRECATED_V2 option is set.

          This option allows new kernels to run on old distributions and tools,
          which might get confused by /sys/class/block/. Since 2007/2008 all
          major distributions and tools handle this just fine.

          Recent distributions and userspace tools after 2009/2010 depend on
          the existence of /sys/class/block/, and will not work with this
          option enabled.

          Only if you are using a new kernel on an old distribution, you might
          need to say Y here.

config SYSFS_DEPRECATED_V2
        bool "Enable deprecated sysfs features by default"
        default n
        depends on SYSFS
        depends on SYSFS_DEPRECATED
        help
          Enable deprecated sysfs by default.

          See the CONFIG_SYSFS_DEPRECATED option for more details about this
          option.

          Only if you are using a new kernel on an old distribution, you might
          need to say Y here. Even then, odds are you would not need it
          enabled, you can always pass the boot option if absolutely necessary.

config RELAY
        bool "Kernel->user space relay support (formerly relayfs)"
        select IRQ_WORK
        help
          This option enables support for relay interface support in
          certain file systems (such as debugfs).
          It is designed to provide an efficient mechanism for tools and
          facilities to relay large amounts of data from kernel space to
          user space.

          If unsure, say N.

config BLK_DEV_INITRD
        bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
        help
          The initial RAM filesystem is a ramfs which is loaded by the
          boot loader (loadlin or lilo) and that is mounted as root
          before the normal boot procedure. It is typically used to
          load modules needed to mount the "real" root file system,
          etc. See <file:Documentation/admin-guide/initrd.rst> for details.

          If RAM disk support (BLK_DEV_RAM) is also included, this
          also enables initial RAM disk (initrd) support and adds
          15 Kbytes (more on some other architectures) to the kernel size.

          If unsure say Y.

if BLK_DEV_INITRD

source "usr/Kconfig"

endif

choice
        prompt "Compiler optimization level"
        default CC_OPTIMIZE_FOR_PERFORMANCE

config CC_OPTIMIZE_FOR_PERFORMANCE
        bool "Optimize for performance"
        help
          This is the default optimization level for the kernel, building
          with the "-O2" compiler flag for best performance and most
          helpful compile-time warnings.

config CC_OPTIMIZE_FOR_SIZE
        bool "Optimize for size"
        help
          Enabling this option will pass "-Os" instead of "-O2" to
          your compiler resulting in a smaller kernel.

          If unsure, say N.

endchoice

config HAVE_LD_DEAD_CODE_DATA_ELIMINATION
        bool
        help
          This requires that the arch annotates or otherwise protects
          its external entry points from being discarded. Linker scripts
          must also merge .text.*, .data.*, and .bss.* correctly into
          output sections. Care must be taken not to pull in unrelated
          sections (e.g., '.text.init'). Typically '.' in section names
          is used to distinguish them from label names / C identifiers.

config LD_DEAD_CODE_DATA_ELIMINATION
        bool "Dead code and data elimination (EXPERIMENTAL)"
        depends on HAVE_LD_DEAD_CODE_DATA_ELIMINATION
        depends on EXPERT
        depends on $(cc-option,-ffunction-sections -fdata-sections)
        depends on $(ld-option,--gc-sections)
        help
          Enable this if you want to do dead code and data elimination with
          the linker by compiling with -ffunction-sections -fdata-sections,
          and linking with --gc-sections.

          This can reduce on disk and in-memory size of the kernel
          code and static data, particularly for small configs and
          on small systems. This has the possibility of introducing
          silently broken kernel if the required annotations are not
          present. This option is not well tested yet, so use at your
          own risk.

config SYSCTL
        bool

config ANON_INODES
        bool

config HAVE_UID16
        bool

config SYSCTL_EXCEPTION_TRACE
        bool
        help
          Enable support for /proc/sys/debug/exception-trace.

config SYSCTL_ARCH_UNALIGN_NO_WARN
        bool
        help
          Enable support for /proc/sys/kernel/ignore-unaligned-usertrap
          Allows arch to define/use @no_unaligned_warning to possibly warn
          about unaligned access emulation going on under the hood.

config SYSCTL_ARCH_UNALIGN_ALLOW
        bool
        help
          Enable support for /proc/sys/kernel/unaligned-trap
          Allows arches to define/use @unaligned_enabled to runtime toggle
          the unaligned access emulation.
          see arch/parisc/kernel/unaligned.c for reference

config HAVE_PCSPKR_PLATFORM
        bool

# interpreter that classic socket filters depend on
config BPF
        bool

menuconfig EXPERT
        bool "Configure standard kernel features (expert users)"
        # Unhide debug options, to make the on-by-default options visible
        select DEBUG_KERNEL
        help
          This option allows certain base kernel options and settings
          to be disabled or tweaked. This is for specialized
          environments which can tolerate a "non-standard" kernel.
          Only use this if you really know what you are doing.

config UID16
        bool "Enable 16-bit UID system calls" if EXPERT
        depends on HAVE_UID16 && MULTIUSER
        default y
        help
          This enables the legacy 16-bit UID syscall wrappers.

config MULTIUSER
        bool "Multiple users, groups and capabilities support" if EXPERT
        default y
        help
          This option enables support for non-root users, groups and
          capabilities.

          If you say N here, all processes will run with UID 0, GID 0, and all
          possible capabilities.  Saying N here also compiles out support for
          system calls related to UIDs, GIDs, and capabilities, such as setuid,
          setgid, and capset.

          If unsure, say Y here.

config SGETMASK_SYSCALL
        bool "sgetmask/ssetmask syscalls support" if EXPERT
        def_bool PARISC || M68K || PPC || MIPS || X86 || SPARC || MICROBLAZE || SUPERH
        ---help---
          sys_sgetmask and sys_ssetmask are obsolete system calls
          no longer supported in libc but still enabled by default in some
          architectures.

          If unsure, leave the default option here.

config SYSFS_SYSCALL
        bool "Sysfs syscall support" if EXPERT
        default y
        ---help---
          sys_sysfs is an obsolete system call no longer supported in libc.
          Note that disabling this option is more secure but might break
          compatibility with some systems.

          If unsure say Y here.

config SYSCTL_SYSCALL
        bool "Sysctl syscall support" if EXPERT
        depends on PROC_SYSCTL
        default n
        select SYSCTL
        ---help---
          sys_sysctl uses binary paths that have been found challenging
          to properly maintain and use.  The interface in /proc/sys
          using paths with ascii names is now the primary path to this
          information.

          Almost nothing using the binary sysctl interface so if you are
          trying to save some space it is probably safe to disable this,
          making your kernel marginally smaller.

          If unsure say N here.

config FHANDLE
        bool "open by fhandle syscalls" if EXPERT
        select EXPORTFS
        default y
        help
          If you say Y here, a user level program will be able to map
          file names to handle and then later use the handle for
          different file system operations. This is useful in implementing
          userspace file servers, which now track files using handles instead
          of names. The handle would remain the same even if file names
          get renamed. Enables open_by_handle_at(2) and name_to_handle_at(2)
          syscalls.

config POSIX_TIMERS
        bool "Posix Clocks & timers" if EXPERT
        default y
        help
          This includes native support for POSIX timers to the kernel.
          Some embedded systems have no use for them and therefore they
          can be configured out to reduce the size of the kernel image.

          When this option is disabled, the following syscalls won't be
          available: timer_create, timer_gettime: timer_getoverrun,
          timer_settime, timer_delete, clock_adjtime, getitimer,
          setitimer, alarm. Furthermore, the clock_settime, clock_gettime,
          clock_getres and clock_nanosleep syscalls will be limited to
          CLOCK_REALTIME, CLOCK_MONOTONIC and CLOCK_BOOTTIME only.

          If unsure say y.

config PRINTK
        default y
        bool "Enable support for printk" if EXPERT
        select IRQ_WORK
        help
          This option enables normal printk support. Removing it
          eliminates most of the message strings from the kernel image
          and makes the kernel more or less silent. As this makes it
          very difficult to diagnose system problems, saying N here is
          strongly discouraged.

config PRINTK_NMI
        def_bool y
        depends on PRINTK
        depends on HAVE_NMI

config BUG
        bool "BUG() support" if EXPERT
        default y
        help
          Disabling this option eliminates support for BUG and WARN, reducing
          the size of your kernel image and potentially quietly ignoring
          numerous fatal conditions. You should only consider disabling this
          option for embedded systems with no facilities for reporting errors.
          Just say Y.

config ELF_CORE
        depends on COREDUMP
        default y
        bool "Enable ELF core dumps" if EXPERT
        help
          Enable support for generating core dumps. Disabling saves about 4k.


config PCSPKR_PLATFORM
        bool "Enable PC-Speaker support" if EXPERT
        depends on HAVE_PCSPKR_PLATFORM
        select I8253_LOCK
        default y
        help
          This option allows to disable the internal PC-Speaker
          support, saving some memory.

config BASE_FULL
        default y
        bool "Enable full-sized data structures for core" if EXPERT
        help
          Disabling this option reduces the size of miscellaneous core
          kernel data structures. This saves memory on small machines,
          but may reduce performance.

config FUTEX
        bool "Enable futex support" if EXPERT
        default y
        imply RT_MUTEXES
        help
          Disabling this option will cause the kernel to be built without
          support for "fast userspace mutexes".  The resulting kernel may not
          run glibc-based applications correctly.

config FUTEX_PI
        bool
        depends on FUTEX && RT_MUTEXES
        default y

config HAVE_FUTEX_CMPXCHG
        bool
        depends on FUTEX
        help
          Architectures should select this if futex_atomic_cmpxchg_inatomic()
          is implemented and always working. This removes a couple of runtime
          checks.

config EPOLL
        bool "Enable eventpoll support" if EXPERT
        default y
        select ANON_INODES
        help
          Disabling this option will cause the kernel to be built without
          support for epoll family of system calls.

config SIGNALFD
        bool "Enable signalfd() system call" if EXPERT
        select ANON_INODES
        default y
        help
          Enable the signalfd() system call that allows to receive signals
          on a file descriptor.

          If unsure, say Y.

config TIMERFD
        bool "Enable timerfd() system call" if EXPERT
        select ANON_INODES
        default y
        help
          Enable the timerfd() system call that allows to receive timer
          events on a file descriptor.

          If unsure, say Y.

config EVENTFD
        bool "Enable eventfd() system call" if EXPERT
        select ANON_INODES
        default y
        help
          Enable the eventfd() system call that allows to receive both
          kernel notification (ie. KAIO) or userspace notifications.

          If unsure, say Y.

config SHMEM
        bool "Use full shmem filesystem" if EXPERT
        default y
        depends on MMU
        help
          The shmem is an internal filesystem used to manage shared memory.
          It is backed by swap and manages resource limits. It is also exported
          to userspace as tmpfs if TMPFS is enabled. Disabling this
          option replaces shmem and tmpfs with the much simpler ramfs code,
          which may be appropriate on small systems without swap.

config AIO
        bool "Enable AIO support" if EXPERT
        default y
        help
          This option enables POSIX asynchronous I/O which may by used
          by some high performance threaded applications. Disabling
          this option saves about 7k.

config ADVISE_SYSCALLS
        bool "Enable madvise/fadvise syscalls" if EXPERT
        default y
        help
          This option enables the madvise and fadvise syscalls, used by
          applications to advise the kernel about their future memory or file
          usage, improving performance. If building an embedded system where no
          applications use these syscalls, you can disable this option to save
          space.

config MEMBARRIER
        bool "Enable membarrier() system call" if EXPERT
        default y
        help
          Enable the membarrier() system call that allows issuing memory
          barriers across all running threads, which can be used to distribute
          the cost of user-space memory barriers asymmetrically by transforming
          pairs of memory barriers into pairs consisting of membarrier() and a
          compiler barrier.

          If unsure, say Y.

config KALLSYMS
         bool "Load all symbols for debugging/ksymoops" if EXPERT
         default y
         help
           Say Y here to let the kernel print out symbolic crash information and
           symbolic stack backtraces. This increases the size of the kernel
           somewhat, as all symbols have to be loaded into the kernel image.

config KALLSYMS_ALL
        bool "Include all symbols in kallsyms"
        depends on DEBUG_KERNEL && KALLSYMS
        help
           Normally kallsyms only contains the symbols of functions for nicer
           OOPS messages and backtraces (i.e., symbols from the text and inittext
           sections). This is sufficient for most cases. And only in very rare
           cases (e.g., when a debugger is used) all symbols are required (e.g.,
           names of variables from the data sections, etc).

           This option makes sure that all symbols are loaded into the kernel
           image (i.e., symbols from all sections) in cost of increased kernel
           size (depending on the kernel configuration, it may be 300KiB or
           something like this).

           Say N unless you really need all symbols.

config KALLSYMS_ABSOLUTE_PERCPU
        bool
        depends on KALLSYMS
        default X86_64 && SMP

config KALLSYMS_BASE_RELATIVE
        bool
        depends on KALLSYMS
        default !IA64
        help
          Instead of emitting them as absolute values in the native word size,
          emit the symbol references in the kallsyms table as 32-bit entries,
          each containing a relative value in the range [base, base + U32_MAX]
          or, when KALLSYMS_ABSOLUTE_PERCPU is in effect, each containing either
          an absolute value in the range [0, S32_MAX] or a relative value in the
          range [base, base + S32_MAX], where base is the lowest relative symbol
          address encountered in the image.

          On 64-bit builds, this reduces the size of the address table by 50%,
          but more importantly, it results in entries whose values are build
          time constants, and no relocation pass is required at runtime to fix
          up the entries based on the runtime load address of the kernel.

# end of the "standard kernel features (expert users)" menu

# syscall, maps, verifier
config BPF_SYSCALL
        bool "Enable bpf() system call"
        select ANON_INODES
        select BPF
        select IRQ_WORK
        default n
        help
          Enable the bpf() system call that allows to manipulate eBPF
          programs and maps via file descriptors.

config BPF_JIT_ALWAYS_ON
        bool "Permanently enable BPF JIT and remove BPF interpreter"
        depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT
        help
          Enables BPF JIT and removes BPF interpreter to avoid
          speculative execution of BPF instructions by the interpreter

config USERFAULTFD
        bool "Enable userfaultfd() system call"
        select ANON_INODES
        depends on MMU
        help
          Enable the userfaultfd() system call that allows to intercept and
          handle page faults in userland.

config ARCH_HAS_MEMBARRIER_CALLBACKS
        bool

config ARCH_HAS_MEMBARRIER_SYNC_CORE
        bool

config RSEQ
        bool "Enable rseq() system call" if EXPERT
        default y
        depends on HAVE_RSEQ
        select MEMBARRIER
        help
          Enable the restartable sequences system call. It provides a
          user-space cache for the current CPU number value, which
          speeds up getting the current CPU number from user-space,
          as well as an ABI to speed up user-space operations on
          per-CPU data.

          If unsure, say Y.

config DEBUG_RSEQ
        default n
        bool "Enabled debugging of rseq() system call" if EXPERT
        depends on RSEQ && DEBUG_KERNEL
        help
          Enable extra debugging checks for the rseq system call.

          If unsure, say N.

config EMBEDDED
        bool "Embedded system"
        option allnoconfig_y
        select EXPERT
        help
          This option should be enabled if compiling the kernel for
          an embedded system so certain expert options are available
          for configuration.

config HAVE_PERF_EVENTS
        bool
        help
          See tools/perf/design.txt for details.

config PERF_USE_VMALLOC
        bool
        help
          See tools/perf/design.txt for details

config PC104
        bool "PC/104 support" if EXPERT
        help
          Expose PC/104 form factor device drivers and options available for
          selection and configuration. Enable this option if your target
          machine has a PC/104 bus.

menu "Kernel Performance Events And Counters"

config PERF_EVENTS
        bool "Kernel performance events and counters"
        default y if PROFILING
        depends on HAVE_PERF_EVENTS
        select ANON_INODES
        select IRQ_WORK
        select SRCU
        help
          Enable kernel support for various performance events provided
          by software and hardware.

          Software events are supported either built-in or via the
          use of generic tracepoints.

          Most modern CPUs support performance events via performance
          counter registers. These registers count the number of certain
          types of hw events: such as instructions executed, cachemisses
          suffered, or branches mis-predicted - without slowing down the
          kernel or applications. These registers can also trigger interrupts
          when a threshold number of events have passed - and can thus be
          used to profile the code that runs on that CPU.

          The Linux Performance Event subsystem provides an abstraction of
          these software and hardware event capabilities, available via a
          system call and used by the "perf" utility in tools/perf/. It
          provides per task and per CPU counters, and it provides event
          capabilities on top of those.

          Say Y if unsure.

config DEBUG_PERF_USE_VMALLOC
        default n
        bool "Debug: use vmalloc to back perf mmap() buffers"
        depends on PERF_EVENTS && DEBUG_KERNEL && !PPC
        select PERF_USE_VMALLOC
        help
         Use vmalloc memory to back perf mmap() buffers.

         Mostly useful for debugging the vmalloc code on platforms
         that don't require it.

         Say N if unsure.

endmenu

config VM_EVENT_COUNTERS
        default y
        bool "Enable VM event counters for /proc/vmstat" if EXPERT
        help
          VM event counters are needed for event counts to be shown.
          This option allows the disabling of the VM event counters
          on EXPERT systems.  /proc/vmstat will only show page counts
          if VM event counters are disabled.

config SLUB_DEBUG
        default y
        bool "Enable SLUB debugging support" if EXPERT
        depends on SLUB && SYSFS
        help
          SLUB has extensive debug support features. Disabling these can
          result in significant savings in code size. This also disables
          SLUB sysfs support. /sys/slab will not exist and there will be
          no support for cache validation etc.

config SLUB_MEMCG_SYSFS_ON
        default n
        bool "Enable memcg SLUB sysfs support by default" if EXPERT
        depends on SLUB && SYSFS && MEMCG
        help
          SLUB creates a directory under /sys/kernel/slab for each
          allocation cache to host info and debug files. If memory
          cgroup is enabled, each cache can have per memory cgroup
          caches. SLUB can create the same sysfs directories for these
          caches under /sys/kernel/slab/CACHE/cgroup but it can lead
          to a very high number of debug files being created. This is
          controlled by slub_memcg_sysfs boot parameter and this
          config option determines the parameter's default value.

config COMPAT_BRK
        bool "Disable heap randomization"
        default y
        help
          Randomizing heap placement makes heap exploits harder, but it
          also breaks ancient binaries (including anything libc5 based).
          This option changes the bootup default to heap randomization
          disabled, and can be overridden at runtime by setting
          /proc/sys/kernel/randomize_va_space to 2.

          On non-ancient distros (post-2000 ones) N is usually a safe choice.

choice
        prompt "Choose SLAB allocator"
        default SLUB
        help
           This option allows to select a slab allocator.

config SLAB
        bool "SLAB"
        select HAVE_HARDENED_USERCOPY_ALLOCATOR
        help
          The regular slab allocator that is established and known to work
          well in all environments. It organizes cache hot objects in
          per cpu and per node queues.

config SLUB
        bool "SLUB (Unqueued Allocator)"
        select HAVE_HARDENED_USERCOPY_ALLOCATOR
        help
           SLUB is a slab allocator that minimizes cache line usage
           instead of managing queues of cached objects (SLAB approach).
           Per cpu caching is realized using slabs of objects instead
           of queues of objects. SLUB can use memory efficiently
           and has enhanced diagnostics. SLUB is the default choice for
           a slab allocator.

config SLOB
        depends on EXPERT
        bool "SLOB (Simple Allocator)"
        help
           SLOB replaces the stock allocator with a drastically simpler
           allocator. SLOB is generally more space efficient but
           does not perform as well on large systems.

endchoice

config SLAB_MERGE_DEFAULT
        bool "Allow slab caches to be merged"
        default y
        help
          For reduced kernel memory fragmentation, slab caches can be
          merged when they share the same size and other characteristics.
          This carries a risk of kernel heap overflows being able to
          overwrite objects from merged caches (and more easily control
          cache layout), which makes such heap attacks easier to exploit
          by attackers. By keeping caches unmerged, these kinds of exploits
          can usually only damage objects in the same cache. To disable
          merging at runtime, "slab_nomerge" can be passed on the kernel
          command line.

config SLAB_FREELIST_RANDOM
        default n
        depends on SLAB || SLUB
        bool "SLAB freelist randomization"
        help
          Randomizes the freelist order used on creating new pages. This
          security feature reduces the predictability of the kernel slab
          allocator against heap overflows.

config SLAB_FREELIST_HARDENED
        bool "Harden slab freelist metadata"
        depends on SLUB
        help
          Many kernel heap attacks try to target slab cache metadata and
          other infrastructure. This options makes minor performance
          sacrifies to harden the kernel slab allocator against common
          freelist exploit methods.

config SLUB_CPU_PARTIAL
        default y
        depends on SLUB && SMP
        bool "SLUB per cpu partial cache"
        help
          Per cpu partial caches accellerate objects allocation and freeing
          that is local to a processor at the price of more indeterminism
          in the latency of the free. On overflow these caches will be cleared
          which requires the taking of locks that may cause latency spikes.
          Typically one would choose no for a realtime system.

config MMAP_ALLOW_UNINITIALIZED
        bool "Allow mmapped anonymous memory to be uninitialized"
        depends on EXPERT && !MMU
        default n
        help
          Normally, and according to the Linux spec, anonymous memory obtained
          from mmap() has its contents cleared before it is passed to
          userspace.  Enabling this config option allows you to request that
          mmap() skip that if it is given an MAP_UNINITIALIZED flag, thus
          providing a huge performance boost.  If this option is not enabled,
          then the flag will be ignored.

          This is taken advantage of by uClibc's malloc(), and also by
          ELF-FDPIC binfmt's brk and stack allocator.

          Because of the obvious security issues, this option should only be
          enabled on embedded devices where you control what is run in
          userspace.  Since that isn't generally a problem on no-MMU systems,
          it is normally safe to say Y here.

          See Documentation/nommu-mmap.txt for more information.

config SYSTEM_DATA_VERIFICATION
        def_bool n
        select SYSTEM_TRUSTED_KEYRING
        select KEYS
        select CRYPTO
        select CRYPTO_RSA
        select ASYMMETRIC_KEY_TYPE
        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
        select ASN1
        select OID_REGISTRY
        select X509_CERTIFICATE_PARSER
        select PKCS7_MESSAGE_PARSER
        help
          Provide PKCS#7 message verification using the contents of the system
          trusted keyring to provide public keys.  This then can be used for
          module verification, kexec image verification and firmware blob
          verification.

config PROFILING
        bool "Profiling support"
        help
          Say Y here to enable the extended profiling support mechanisms used
          by profilers such as OProfile.

#
# Place an empty function call at each tracepoint site. Can be
# dynamically changed for a probe function.
#
config TRACEPOINTS
        bool

endmenu         # General setup

source "arch/Kconfig"

config RT_MUTEXES
        bool

config BASE_SMALL
        int
        default 0 if BASE_FULL
        default 1 if !BASE_FULL

menuconfig MODULES
        bool "Enable loadable module support"
        option modules
        help
          Kernel modules are small pieces of compiled code which can
          be inserted in the running kernel, rather than being
          permanently built into the kernel.  You use the "modprobe"
          tool to add (and sometimes remove) them.  If you say Y here,
          many parts of the kernel can be built as modules (by
          answering M instead of Y where indicated): this is most
          useful for infrequently used options which are not required
          for booting.  For more information, see the man pages for
          modprobe, lsmod, modinfo, insmod and rmmod.

          If you say Y here, you will need to run "make
          modules_install" to put the modules under /lib/modules/
          where modprobe can find them (you may need to be root to do
          this).

          If unsure, say Y.

if MODULES

config MODULE_FORCE_LOAD
        bool "Forced module loading"
        default n
        help
          Allow loading of modules without version information (ie. modprobe
          --force).  Forced module loading sets the 'F' (forced) taint flag and
          is usually a really bad idea.

config MODULE_UNLOAD
        bool "Module unloading"
        help
          Without this option you will not be able to unload any
          modules (note that some modules may not be unloadable
          anyway), which makes your kernel smaller, faster
          and simpler.  If unsure, say Y.

config MODULE_FORCE_UNLOAD
        bool "Forced module unloading"
        depends on MODULE_UNLOAD
        help
          This option allows you to force a module to unload, even if the
          kernel believes it is unsafe: the kernel will remove the module
          without waiting for anyone to stop using it (using the -f option to
          rmmod).  This is mainly for kernel developers and desperate users.
          If unsure, say N.

config MODVERSIONS
        bool "Module versioning support"
        help
          Usually, you have to use modules compiled with your kernel.
          Saying Y here makes it sometimes possible to use modules
          compiled for different kernels, by adding enough information
          to the modules to (hopefully) spot any changes which would
          make them incompatible with the kernel you are running.  If
          unsure, say N.

config MODULE_REL_CRCS
        bool
        depends on MODVERSIONS

config MODULE_SRCVERSION_ALL
        bool "Source checksum for all modules"
        help
          Modules which contain a MODULE_VERSION get an extra "srcversion"
          field inserted into their modinfo section, which contains a
          sum of the source files which made it.  This helps maintainers
          see exactly which source was used to build a module (since
          others sometimes change the module source without updating
          the version).  With this option, such a "srcversion" field
          will be created for all modules.  If unsure, say N.

config MODULE_SIG
        bool "Module signature verification"
        depends on MODULES
        select SYSTEM_DATA_VERIFICATION
        help
          Check modules for valid signatures upon load: the signature
          is simply appended to the module. For more information see
          <file:Documentation/admin-guide/module-signing.rst>.

          Note that this option adds the OpenSSL development packages as a
          kernel build dependency so that the signing tool can use its crypto
          library.

          !!!WARNING!!!  If you enable this option, you MUST make sure that the
          module DOES NOT get stripped after being signed.  This includes the
          debuginfo strip done by some packagers (such as rpmbuild) and
          inclusion into an initramfs that wants the module size reduced.

config MODULE_SIG_FORCE
        bool "Require modules to be validly signed"
        depends on MODULE_SIG
        help
          Reject unsigned modules or signed modules for which we don't have a
          key.  Without this, such modules will simply taint the kernel.

config MODULE_SIG_ALL
        bool "Automatically sign all modules"
        default y
        depends on MODULE_SIG
        help
          Sign all modules during make modules_install. Without this option,
          modules must be signed manually, using the scripts/sign-file tool.

comment "Do not forget to sign required modules with scripts/sign-file"
        depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL

choice
        prompt "Which hash algorithm should modules be signed with?"
        depends on MODULE_SIG
        help
          This determines which sort of hashing algorithm will be used during
          signature generation.  This algorithm _must_ be built into the kernel
          directly so that signature verification can take place.  It is not
          possible to load a signed module containing the algorithm to check
          the signature on that module.

config MODULE_SIG_SHA1
        bool "Sign modules with SHA-1"
        select CRYPTO_SHA1

config MODULE_SIG_SHA224
        bool "Sign modules with SHA-224"
        select CRYPTO_SHA256

config MODULE_SIG_SHA256
        bool "Sign modules with SHA-256"
        select CRYPTO_SHA256

config MODULE_SIG_SHA384
        bool "Sign modules with SHA-384"
        select CRYPTO_SHA512

config MODULE_SIG_SHA512
        bool "Sign modules with SHA-512"
        select CRYPTO_SHA512

endchoice

config MODULE_SIG_HASH
        string
        depends on MODULE_SIG
        default "sha1" if MODULE_SIG_SHA1
        default "sha224" if MODULE_SIG_SHA224
        default "sha256" if MODULE_SIG_SHA256
        default "sha384" if MODULE_SIG_SHA384
        default "sha512" if MODULE_SIG_SHA512

config MODULE_COMPRESS
        bool "Compress modules on installation"
        depends on MODULES
        help

          Compresses kernel modules when 'make modules_install' is run; gzip or
          xz depending on "Compression algorithm" below.

          module-init-tools MAY support gzip, and kmod MAY support gzip and xz.

          Out-of-tree kernel modules installed using Kbuild will also be
          compressed upon installation.

          Note: for modules inside an initrd or initramfs, it's more efficient
          to compress the whole initrd or initramfs instead.

          Note: This is fully compatible with signed modules.

          If in doubt, say N.

choice
        prompt "Compression algorithm"
        depends on MODULE_COMPRESS
        default MODULE_COMPRESS_GZIP
        help
          This determines which sort of compression will be used during
          'make modules_install'.

          GZIP (default) and XZ are supported.

config MODULE_COMPRESS_GZIP
        bool "GZIP"

config MODULE_COMPRESS_XZ
        bool "XZ"

endchoice

config TRIM_UNUSED_KSYMS
        bool "Trim unused exported kernel symbols"
        depends on MODULES && !UNUSED_SYMBOLS
        help
          The kernel and some modules make many symbols available for
          other modules to use via EXPORT_SYMBOL() and variants. Depending
          on the set of modules being selected in your kernel configuration,
          many of those exported symbols might never be used.

          This option allows for unused exported symbols to be dropped from
          the build. In turn, this provides the compiler more opportunities
          (especially when using LTO) for optimizing the code and reducing
          binary size.  This might have some security advantages as well.

          If unsure, or if you need to build out-of-tree modules, say N.

endif # MODULES

config MODULES_TREE_LOOKUP
        def_bool y
        depends on PERF_EVENTS || TRACING

config INIT_ALL_POSSIBLE
        bool
        help
          Back when each arch used to define their own cpu_online_mask and
          cpu_possible_mask, some of them chose to initialize cpu_possible_mask
          with all 1s, and others with all 0s.  When they were centralised,
          it was better to provide this option than to break all the archs
          and have several arch maintainers pursuing me down dark alleys.

source "block/Kconfig"

config PREEMPT_NOTIFIERS
        bool

config PADATA
        depends on SMP
        bool

config ASN1
        tristate
        help
          Build a simple ASN.1 grammar compiler that produces a bytecode output
          that can be interpreted by the ASN.1 stream decoder and used to
          inform it as to what tags are to be expected in a stream and what

          functions to call on what tags.

source "kernel/Kconfig.locks"

config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
        bool

# It may be useful for an architecture to override the definitions of the
# SYSCALL_DEFINE() and __SYSCALL_DEFINEx() macros in <linux/syscalls.h>
# and the COMPAT_ variants in <linux/compat.h>, in particular to use a
# different calling convention for syscalls. They can also override the
# macros for not-implemented syscalls in kernel/sys_ni.c and
# kernel/time/posix-stubs.c. All these overrides need to be available in
# <asm/syscall_wrapper.h>.
config ARCH_HAS_SYSCALL_WRAPPER
        def_bool n