1
2config CC_VERSION_TEXT
3 string
4 default "$(CC_VERSION_TEXT)"
5 help
6 This is used in unclear ways:
7
8 - Re-run Kconfig when the compiler is updated
9 The 'default' property references the environment variable,
10 CC_VERSION_TEXT so it is recorded in include/config/auto.conf.cmd.
11 When the compiler is updated, Kconfig will be invoked.
12
13 - Ensure full rebuild when the compiler is updated
14 include/linux/compiler-version.h contains this option in the comment
15 line so fixdep adds include/config/CC_VERSION_TEXT into the
16 auto-generated dependency. When the compiler is updated, syncconfig
17 will touch it and then every file will be rebuilt.
18
19config CC_IS_GCC
20 def_bool $(success,test "$(cc-name)" = GCC)
21
22config GCC_VERSION
23 int
24 default $(cc-version) if CC_IS_GCC
25 default 0
26
27config CC_IS_CLANG
28 def_bool $(success,test "$(cc-name)" = Clang)
29
30config CLANG_VERSION
31 int
32 default $(cc-version) if CC_IS_CLANG
33 default 0
34
35config AS_IS_GNU
36 def_bool $(success,test "$(as-name)" = GNU)
37
38config AS_IS_LLVM
39 def_bool $(success,test "$(as-name)" = LLVM)
40
41config AS_VERSION
42 int
43
44 default CLANG_VERSION if AS_IS_LLVM
45 default $(as-version)
46
47config LD_IS_BFD
48 def_bool $(success,test "$(ld-name)" = BFD)
49
50config LD_VERSION
51 int
52 default $(ld-version) if LD_IS_BFD
53 default 0
54
55config LD_IS_LLD
56 def_bool $(success,test "$(ld-name)" = LLD)
57
58config LLD_VERSION
59 int
60 default $(ld-version) if LD_IS_LLD
61 default 0
62
63config CC_CAN_LINK
64 bool
65 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m64-flag)) if 64BIT
66 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m32-flag))
67
68config CC_CAN_LINK_STATIC
69 bool
70 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m64-flag) -static) if 64BIT
71 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m32-flag) -static)
72
73config CC_HAS_ASM_GOTO
74 def_bool $(success,$(srctree)/scripts/gcc-goto.sh $(CC))
75
76config CC_HAS_ASM_GOTO_OUTPUT
77 depends on CC_HAS_ASM_GOTO
78 def_bool $(success,echo 'int foo(int x) { asm goto ("": "=r"(x) ::: bar); return x; bar: return 0; }' | $(CC) -x c - -c -o /dev/null)
79
80config TOOLS_SUPPORT_RELR
81 def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
82
83config CC_HAS_ASM_INLINE
84 def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
85
86config CONSTRUCTORS
87 bool
88
89config IRQ_WORK
90 bool
91
92config BUILDTIME_TABLE_SORT
93 bool
94
95config THREAD_INFO_IN_TASK
96 bool
97 help
98 Select this to move thread_info off the stack into task_struct. To
99 make this work, an arch will need to remove all thread_info fields
100 except flags and fix any runtime bugs.
101
102 One subtle change that will be needed is to use try_get_task_stack()
103 and put_task_stack() in save_thread_stack_tsk() and get_wchan().
104
105menu "General setup"
106
107config BROKEN
108 bool
109
110config BROKEN_ON_SMP
111 bool
112 depends on BROKEN || !SMP
113 default y
114
115config INIT_ENV_ARG_LIMIT
116 int
117 default 32 if !UML
118 default 128 if UML
119 help
120 Maximum of each of the number of arguments and environment
121 variables passed to init from the kernel command line.
122
123config COMPILE_TEST
124 bool "Compile also drivers which will not load"
125 depends on HAS_IOMEM
126 help
127 Some drivers can be compiled on a different platform than they are
128 intended to be run on. Despite they cannot be loaded there (or even
129 when they load they cannot be used due to missing HW support),
130 developers still, opposing to distributors, might want to build such
131 drivers to compile-test them.
132
133 If you are a developer and want to build everything available, say Y
134 here. If you are a user/distributor, say N here to exclude useless
135 drivers to be distributed.
136
137config UAPI_HEADER_TEST
138 bool "Compile test UAPI headers"
139 depends on HEADERS_INSTALL && CC_CAN_LINK
140 help
141 Compile test headers exported to user-space to ensure they are
142 self-contained, i.e. compilable as standalone units.
143
144 If you are a developer or tester and want to ensure the exported
145 headers are self-contained, say Y here. Otherwise, choose N.
146
147config LOCALVERSION
148 string "Local version - append to kernel release"
149 help
150 Append an extra string to the end of your kernel version.
151 This will show up when you type uname, for example.
152 The string you set here will be appended after the contents of
153 any files with a filename matching localversion* in your
154 object and source tree, in that order. Your total string can
155 be a maximum of 64 characters.
156
157config LOCALVERSION_AUTO
158 bool "Automatically append version information to the version string"
159 default y
160 depends on !COMPILE_TEST
161 help
162 This will try to automatically determine if the current tree is a
163 release tree by looking for git tags that belong to the current
164 top of tree revision.
165
166 A string of the format -gxxxxxxxx will be added to the localversion
167 if a git-based tree is found. The string generated by this will be
168 appended after any matching localversion* files, and after the value
169 set in CONFIG_LOCALVERSION.
170
171 (The actual string used here is the first eight characters produced
172 by running the command:
173
174 $ git rev-parse --verify HEAD
175
176 which is done within the script "scripts/setlocalversion".)
177
178config BUILD_SALT
179 string "Build ID Salt"
180 default ""
181 help
182 The build ID is used to link binaries and their debug info. Setting
183 this option will use the value in the calculation of the build id.
184 This is mostly useful for distributions which want to ensure the
185 build is unique between builds. It's safe to leave the default.
186
187config HAVE_KERNEL_GZIP
188 bool
189
190config HAVE_KERNEL_BZIP2
191 bool
192
193config HAVE_KERNEL_LZMA
194 bool
195
196config HAVE_KERNEL_XZ
197 bool
198
199config HAVE_KERNEL_LZO
200 bool
201
202config HAVE_KERNEL_LZ4
203 bool
204
205config HAVE_KERNEL_ZSTD
206 bool
207
208config HAVE_KERNEL_UNCOMPRESSED
209 bool
210
211choice
212 prompt "Kernel compression mode"
213 default KERNEL_GZIP
214 depends on HAVE_KERNEL_GZIP || HAVE_KERNEL_BZIP2 || HAVE_KERNEL_LZMA || HAVE_KERNEL_XZ || HAVE_KERNEL_LZO || HAVE_KERNEL_LZ4 || HAVE_KERNEL_ZSTD || HAVE_KERNEL_UNCOMPRESSED
215 help
216 The linux kernel is a kind of self-extracting executable.
217 Several compression algorithms are available, which differ
218 in efficiency, compression and decompression speed.
219 Compression speed is only relevant when building a kernel.
220 Decompression speed is relevant at each boot.
221
222 If you have any problems with bzip2 or lzma compressed
223 kernels, mail me (Alain Knaff) <alain@knaff.lu>. (An older
224 version of this functionality (bzip2 only), for 2.4, was
225 supplied by Christian Ludwig)
226
227 High compression options are mostly useful for users, who
228 are low on disk space (embedded systems), but for whom ram
229 size matters less.
230
231 If in doubt, select 'gzip'
232
233config KERNEL_GZIP
234 bool "Gzip"
235 depends on HAVE_KERNEL_GZIP
236 help
237 The old and tried gzip compression. It provides a good balance
238 between compression ratio and decompression speed.
239
240config KERNEL_BZIP2
241 bool "Bzip2"
242 depends on HAVE_KERNEL_BZIP2
243 help
244 Its compression ratio and speed is intermediate.
245 Decompression speed is slowest among the choices. The kernel
246 size is about 10% smaller with bzip2, in comparison to gzip.
247 Bzip2 uses a large amount of memory. For modern kernels you
248 will need at least 8MB RAM or more for booting.
249
250config KERNEL_LZMA
251 bool "LZMA"
252 depends on HAVE_KERNEL_LZMA
253 help
254 This compression algorithm's ratio is best. Decompression speed
255 is between gzip and bzip2. Compression is slowest.
256 The kernel size is about 33% smaller with LZMA in comparison to gzip.
257
258config KERNEL_XZ
259 bool "XZ"
260 depends on HAVE_KERNEL_XZ
261 help
262 XZ uses the LZMA2 algorithm and instruction set specific
263 BCJ filters which can improve compression ratio of executable
264 code. The size of the kernel is about 30% smaller with XZ in
265 comparison to gzip. On architectures for which there is a BCJ
266 filter (i386, x86_64, ARM, IA-64, PowerPC, and SPARC), XZ
267 will create a few percent smaller kernel than plain LZMA.
268
269 The speed is about the same as with LZMA: The decompression
270 speed of XZ is better than that of bzip2 but worse than gzip
271 and LZO. Compression is slow.
272
273config KERNEL_LZO
274 bool "LZO"
275 depends on HAVE_KERNEL_LZO
276 help
277 Its compression ratio is the poorest among the choices. The kernel
278 size is about 10% bigger than gzip; however its speed
279 (both compression and decompression) is the fastest.
280
281config KERNEL_LZ4
282 bool "LZ4"
283 depends on HAVE_KERNEL_LZ4
284 help
285 LZ4 is an LZ77-type compressor with a fixed, byte-oriented encoding.
286 A preliminary version of LZ4 de/compression tool is available at
287 <https://code.google.com/p/lz4/>.
288
289 Its compression ratio is worse than LZO. The size of the kernel
290 is about 8% bigger than LZO. But the decompression speed is
291 faster than LZO.
292
293config KERNEL_ZSTD
294 bool "ZSTD"
295 depends on HAVE_KERNEL_ZSTD
296 help
297 ZSTD is a compression algorithm targeting intermediate compression
298 with fast decompression speed. It will compress better than GZIP and
299 decompress around the same speed as LZO, but slower than LZ4. You
300 will need at least 192 KB RAM or more for booting. The zstd command
301 line tool is required for compression.
302
303config KERNEL_UNCOMPRESSED
304 bool "None"
305 depends on HAVE_KERNEL_UNCOMPRESSED
306 help
307 Produce uncompressed kernel image. This option is usually not what
308 you want. It is useful for debugging the kernel in slow simulation
309 environments, where decompressing and moving the kernel is awfully
310 slow. This option allows early boot code to skip the decompressor
311 and jump right at uncompressed kernel image.
312
313endchoice
314
315config DEFAULT_INIT
316 string "Default init path"
317 default ""
318 help
319 This option determines the default init for the system if no init=
320 option is passed on the kernel command line. If the requested path is
321 not present, we will still then move on to attempting further
322 locations (e.g. /sbin/init, etc). If this is empty, we will just use
323 the fallback list when init= is not passed.
324
325config DEFAULT_HOSTNAME
326 string "Default hostname"
327 default "(none)"
328 help
329 This option determines the default system hostname before userspace
330 calls sethostname(2). The kernel traditionally uses "(none)" here,
331 but you may wish to use a different default here to make a minimal
332 system more usable with less configuration.
333
334
335
336
337
338config ARCH_NO_SWAP
339 bool
340
341config SWAP
342 bool "Support for paging of anonymous memory (swap)"
343 depends on MMU && BLOCK && !ARCH_NO_SWAP
344 default y
345 help
346 This option allows you to choose whether you want to have support
347 for so called swap devices or swap files in your kernel that are
348 used to provide more virtual memory than the actual RAM present
349 in your computer. If unsure say Y.
350
351config SYSVIPC
352 bool "System V IPC"
353 help
354 Inter Process Communication is a suite of library functions and
355 system calls which let processes (running programs) synchronize and
356 exchange information. It is generally considered to be a good thing,
357 and some programs won't run unless you say Y here. In particular, if
358 you want to run the DOS emulator dosemu under Linux (read the
359 DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
360 you'll need to say Y here.
361
362 You can find documentation about IPC with "info ipc" and also in
363 section 6.4 of the Linux Programmer's Guide, available from
364 <http://www.tldp.org/guides.html>.
365
366config SYSVIPC_SYSCTL
367 bool
368 depends on SYSVIPC
369 depends on SYSCTL
370 default y
371
372config POSIX_MQUEUE
373 bool "POSIX Message Queues"
374 depends on NET
375 help
376 POSIX variant of message queues is a part of IPC. In POSIX message
377 queues every message has a priority which decides about succession
378 of receiving it by a process. If you want to compile and run
379 programs written e.g. for Solaris with use of its POSIX message
380 queues (functions mq_*) say Y here.
381
382 POSIX message queues are visible as a filesystem called 'mqueue'
383 and can be mounted somewhere if you want to do filesystem
384 operations on message queues.
385
386 If unsure, say Y.
387
388config POSIX_MQUEUE_SYSCTL
389 bool
390 depends on POSIX_MQUEUE
391 depends on SYSCTL
392 default y
393
394config WATCH_QUEUE
395 bool "General notification queue"
396 default n
397 help
398
399 This is a general notification queue for the kernel to pass events to
400 userspace by splicing them into pipes. It can be used in conjunction
401 with watches for key/keyring change notifications and device
402 notifications.
403
404 See Documentation/watch_queue.rst
405
406config CROSS_MEMORY_ATTACH
407 bool "Enable process_vm_readv/writev syscalls"
408 depends on MMU
409 default y
410 help
411 Enabling this option adds the system calls process_vm_readv and
412 process_vm_writev which allow a process with the correct privileges
413 to directly read from or write to another process' address space.
414 See the man page for more details.
415
416config USELIB
417 bool "uselib syscall"
418 def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
419 help
420 This option enables the uselib syscall, a system call used in the
421 dynamic linker from libc5 and earlier. glibc does not use this
422 system call. If you intend to run programs built on libc5 or
423 earlier, you may need to enable this syscall. Current systems
424 running glibc can safely disable this.
425
426config AUDIT
427 bool "Auditing support"
428 depends on NET
429 help
430 Enable auditing infrastructure that can be used with another
431 kernel subsystem, such as SELinux (which requires this for
432 logging of avc messages output). System call auditing is included
433 on architectures which support it.
434
435config HAVE_ARCH_AUDITSYSCALL
436 bool
437
438config AUDITSYSCALL
439 def_bool y
440 depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
441 select FSNOTIFY
442
443source "kernel/irq/Kconfig"
444source "kernel/time/Kconfig"
445source "kernel/bpf/Kconfig"
446source "kernel/Kconfig.preempt"
447
448menu "CPU/Task time and stats accounting"
449
450config VIRT_CPU_ACCOUNTING
451 bool
452
453choice
454 prompt "Cputime accounting"
455 default TICK_CPU_ACCOUNTING if !PPC64
456 default VIRT_CPU_ACCOUNTING_NATIVE if PPC64
457
458
459config TICK_CPU_ACCOUNTING
460 bool "Simple tick based cputime accounting"
461 depends on !S390 && !NO_HZ_FULL
462 help
463 This is the basic tick based cputime accounting that maintains
464 statistics about user, system and idle time spent on per jiffies
465 granularity.
466
467 If unsure, say Y.
468
469config VIRT_CPU_ACCOUNTING_NATIVE
470 bool "Deterministic task and CPU time accounting"
471 depends on HAVE_VIRT_CPU_ACCOUNTING && !NO_HZ_FULL
472 select VIRT_CPU_ACCOUNTING
473 help
474 Select this option to enable more accurate task and CPU time
475 accounting. This is done by reading a CPU counter on each
476 kernel entry and exit and on transitions within the kernel
477 between system, softirq and hardirq state, so there is a
478 small performance impact. In the case of s390 or IBM POWER > 5,
479 this also enables accounting of stolen time on logically-partitioned
480 systems.
481
482config VIRT_CPU_ACCOUNTING_GEN
483 bool "Full dynticks CPU time accounting"
484 depends on HAVE_CONTEXT_TRACKING
485 depends on HAVE_VIRT_CPU_ACCOUNTING_GEN
486 depends on GENERIC_CLOCKEVENTS
487 select VIRT_CPU_ACCOUNTING
488 select CONTEXT_TRACKING
489 help
490 Select this option to enable task and CPU time accounting on full
491 dynticks systems. This accounting is implemented by watching every
492 kernel-user boundaries using the context tracking subsystem.
493 The accounting is thus performed at the expense of some significant
494 overhead.
495
496 For now this is only useful if you are working on the full
497 dynticks subsystem development.
498
499 If unsure, say N.
500
501endchoice
502
503config IRQ_TIME_ACCOUNTING
504 bool "Fine granularity task level IRQ time accounting"
505 depends on HAVE_IRQ_TIME_ACCOUNTING && !VIRT_CPU_ACCOUNTING_NATIVE
506 help
507 Select this option to enable fine granularity task irq time
508 accounting. This is done by reading a timestamp on each
509 transitions between softirq and hardirq state, so there can be a
510 small performance impact.
511
512 If in doubt, say N here.
513
514config HAVE_SCHED_AVG_IRQ
515 def_bool y
516 depends on IRQ_TIME_ACCOUNTING || PARAVIRT_TIME_ACCOUNTING
517 depends on SMP
518
519config SCHED_THERMAL_PRESSURE
520 bool
521 default y if ARM && ARM_CPU_TOPOLOGY
522 default y if ARM64
523 depends on SMP
524 depends on CPU_FREQ_THERMAL
525 help
526 Select this option to enable thermal pressure accounting in the
527 scheduler. Thermal pressure is the value conveyed to the scheduler
528 that reflects the reduction in CPU compute capacity resulted from
529 thermal throttling. Thermal throttling occurs when the performance of
530 a CPU is capped due to high operating temperatures.
531
532 If selected, the scheduler will be able to balance tasks accordingly,
533 i.e. put less load on throttled CPUs than on non/less throttled ones.
534
535 This requires the architecture to implement
536 arch_set_thermal_pressure() and arch_scale_thermal_pressure().
537
538config BSD_PROCESS_ACCT
539 bool "BSD Process Accounting"
540 depends on MULTIUSER
541 help
542 If you say Y here, a user level program will be able to instruct the
543 kernel (via a special system call) to write process accounting
544 information to a file: whenever a process exits, information about
545 that process will be appended to the file by the kernel. The
546 information includes things such as creation time, owning user,
547 command name, memory usage, controlling terminal etc. (the complete
548 list is in the struct acct in <file:include/linux/acct.h>). It is
549 up to the user level program to do useful things with this
550 information. This is generally a good idea, so say Y.
551
552config BSD_PROCESS_ACCT_V3
553 bool "BSD Process Accounting version 3 file format"
554 depends on BSD_PROCESS_ACCT
555 default n
556 help
557 If you say Y here, the process accounting information is written
558 in a new file format that also logs the process IDs of each
559 process and its parent. Note that this file format is incompatible
560 with previous v0/v1/v2 file formats, so you will need updated tools
561 for processing it. A preliminary version of these tools is available
562 at <http://www.gnu.org/software/acct/>.
563
564config TASKSTATS
565 bool "Export task/process statistics through netlink"
566 depends on NET
567 depends on MULTIUSER
568 default n
569 help
570 Export selected statistics for tasks/processes through the
571 generic netlink interface. Unlike BSD process accounting, the
572 statistics are available during the lifetime of tasks/processes as
573 responses to commands. Like BSD accounting, they are sent to user
574 space on task exit.
575
576 Say N if unsure.
577
578config TASK_DELAY_ACCT
579 bool "Enable per-task delay accounting"
580 depends on TASKSTATS
581 select SCHED_INFO
582 help
583 Collect information on time spent by a task waiting for system
584 resources like cpu, synchronous block I/O completion and swapping
585 in pages. Such statistics can help in setting a task's priorities
586 relative to other tasks for cpu, io, rss limits etc.
587
588 Say N if unsure.
589
590config TASK_XACCT
591 bool "Enable extended accounting over taskstats"
592 depends on TASKSTATS
593 help
594 Collect extended task accounting data and send the data
595 to userland for processing over the taskstats interface.
596
597 Say N if unsure.
598
599config TASK_IO_ACCOUNTING
600 bool "Enable per-task storage I/O accounting"
601 depends on TASK_XACCT
602 help
603 Collect information on the number of bytes of storage I/O which this
604 task has caused.
605
606 Say N if unsure.
607
608config PSI
609 bool "Pressure stall information tracking"
610 help
611 Collect metrics that indicate how overcommitted the CPU, memory,
612 and IO capacity are in the system.
613
614 If you say Y here, the kernel will create /proc/pressure/ with the
615 pressure statistics files cpu, memory, and io. These will indicate
616 the share of walltime in which some or all tasks in the system are
617 delayed due to contention of the respective resource.
618
619 In kernels with cgroup support, cgroups (cgroup2 only) will
620 have cpu.pressure, memory.pressure, and io.pressure files,
621 which aggregate pressure stalls for the grouped tasks only.
622
623 For more details see Documentation/accounting/psi.rst.
624
625 Say N if unsure.
626
627config PSI_DEFAULT_DISABLED
628 bool "Require boot parameter to enable pressure stall information tracking"
629 default n
630 depends on PSI
631 help
632 If set, pressure stall information tracking will be disabled
633 per default but can be enabled through passing psi=1 on the
634 kernel commandline during boot.
635
636 This feature adds some code to the task wakeup and sleep
637 paths of the scheduler. The overhead is too low to affect
638 common scheduling-intense workloads in practice (such as
639 webservers, memcache), but it does show up in artificial
640 scheduler stress tests, such as hackbench.
641
642 If you are paranoid and not sure what the kernel will be
643 used for, say Y.
644
645 Say N if unsure.
646
647endmenu
648
649config CPU_ISOLATION
650 bool "CPU isolation"
651 depends on SMP || COMPILE_TEST
652 default y
653 help
654 Make sure that CPUs running critical tasks are not disturbed by
655 any source of "noise" such as unbound workqueues, timers, kthreads...
656 Unbound jobs get offloaded to housekeeping CPUs. This is driven by
657 the "isolcpus=" boot parameter.
658
659 Say Y if unsure.
660
661source "kernel/rcu/Kconfig"
662
663config BUILD_BIN2C
664 bool
665 default n
666
667config IKCONFIG
668 tristate "Kernel .config support"
669 help
670 This option enables the complete Linux kernel ".config" file
671 contents to be saved in the kernel. It provides documentation
672 of which kernel options are used in a running kernel or in an
673 on-disk kernel. This information can be extracted from the kernel
674 image file with the script scripts/extract-ikconfig and used as
675 input to rebuild the current kernel or to build another kernel.
676 It can also be extracted from a running kernel by reading
677 /proc/config.gz if enabled (below).
678
679config IKCONFIG_PROC
680 bool "Enable access to .config through /proc/config.gz"
681 depends on IKCONFIG && PROC_FS
682 help
683 This option enables access to the kernel configuration file
684 through /proc/config.gz.
685
686config IKHEADERS
687 tristate "Enable kernel headers through /sys/kernel/kheaders.tar.xz"
688 depends on SYSFS
689 help
690 This option enables access to the in-kernel headers that are generated during
691 the build process. These can be used to build eBPF tracing programs,
692 or similar programs. If you build the headers as a module, a module called
693 kheaders.ko is built which can be loaded on-demand to get access to headers.
694
695config LOG_BUF_SHIFT
696 int "Kernel log buffer size (16 => 64KB, 17 => 128KB)"
697 range 12 25 if !H8300
698 range 12 19 if H8300
699 default 17
700 depends on PRINTK
701 help
702 Select the minimal kernel log buffer size as a power of 2.
703 The final size is affected by LOG_CPU_MAX_BUF_SHIFT config
704 parameter, see below. Any higher size also might be forced
705 by "log_buf_len" boot parameter.
706
707 Examples:
708 17 => 128 KB
709 16 => 64 KB
710 15 => 32 KB
711 14 => 16 KB
712 13 => 8 KB
713 12 => 4 KB
714
715config LOG_CPU_MAX_BUF_SHIFT
716 int "CPU kernel log buffer size contribution (13 => 8 KB, 17 => 128KB)"
717 depends on SMP
718 range 0 21
719 default 12 if !BASE_SMALL
720 default 0 if BASE_SMALL
721 depends on PRINTK
722 help
723 This option allows to increase the default ring buffer size
724 according to the number of CPUs. The value defines the contribution
725 of each CPU as a power of 2. The used space is typically only few
726 lines however it might be much more when problems are reported,
727 e.g. backtraces.
728
729 The increased size means that a new buffer has to be allocated and
730 the original static one is unused. It makes sense only on systems
731 with more CPUs. Therefore this value is used only when the sum of
732 contributions is greater than the half of the default kernel ring
733 buffer as defined by LOG_BUF_SHIFT. The default values are set
734 so that more than 16 CPUs are needed to trigger the allocation.
735
736 Also this option is ignored when "log_buf_len" kernel parameter is
737 used as it forces an exact (power of two) size of the ring buffer.
738
739 The number of possible CPUs is used for this computation ignoring
740 hotplugging making the computation optimal for the worst case
741 scenario while allowing a simple algorithm to be used from bootup.
742
743 Examples shift values and their meaning:
744 17 => 128 KB for each CPU
745 16 => 64 KB for each CPU
746 15 => 32 KB for each CPU
747 14 => 16 KB for each CPU
748 13 => 8 KB for each CPU
749 12 => 4 KB for each CPU
750
751config PRINTK_SAFE_LOG_BUF_SHIFT
752 int "Temporary per-CPU printk log buffer size (12 => 4KB, 13 => 8KB)"
753 range 10 21
754 default 13
755 depends on PRINTK
756 help
757 Select the size of an alternate printk per-CPU buffer where messages
758 printed from usafe contexts are temporary stored. One example would
759 be NMI messages, another one - printk recursion. The messages are
760 copied to the main log buffer in a safe context to avoid a deadlock.
761 The value defines the size as a power of 2.
762
763 Those messages are rare and limited. The largest one is when
764 a backtrace is printed. It usually fits into 4KB. Select
765 8KB if you want to be on the safe side.
766
767 Examples:
768 17 => 128 KB for each CPU
769 16 => 64 KB for each CPU
770 15 => 32 KB for each CPU
771 14 => 16 KB for each CPU
772 13 => 8 KB for each CPU
773 12 => 4 KB for each CPU
774
775
776
777
778config HAVE_UNSTABLE_SCHED_CLOCK
779 bool
780
781config GENERIC_SCHED_CLOCK
782 bool
783
784menu "Scheduler features"
785
786config UCLAMP_TASK
787 bool "Enable utilization clamping for RT/FAIR tasks"
788 depends on CPU_FREQ_GOV_SCHEDUTIL
789 help
790 This feature enables the scheduler to track the clamped utilization
791 of each CPU based on RUNNABLE tasks scheduled on that CPU.
792
793 With this option, the user can specify the min and max CPU
794 utilization allowed for RUNNABLE tasks. The max utilization defines
795 the maximum frequency a task should use while the min utilization
796 defines the minimum frequency it should use.
797
798 Both min and max utilization clamp values are hints to the scheduler,
799 aiming at improving its frequency selection policy, but they do not
800 enforce or grant any specific bandwidth for tasks.
801
802 If in doubt, say N.
803
804config UCLAMP_BUCKETS_COUNT
805 int "Number of supported utilization clamp buckets"
806 range 5 20
807 default 5
808 depends on UCLAMP_TASK
809 help
810 Defines the number of clamp buckets to use. The range of each bucket
811 will be SCHED_CAPACITY_SCALE/UCLAMP_BUCKETS_COUNT. The higher the
812 number of clamp buckets the finer their granularity and the higher
813 the precision of clamping aggregation and tracking at run-time.
814
815 For example, with the minimum configuration value we will have 5
816 clamp buckets tracking 20% utilization each. A 25% boosted tasks will
817 be refcounted in the [20..39]% bucket and will set the bucket clamp
818 effective value to 25%.
819 If a second 30% boosted task should be co-scheduled on the same CPU,
820 that task will be refcounted in the same bucket of the first task and
821 it will boost the bucket clamp effective value to 30%.
822 The clamp effective value of a bucket is reset to its nominal value
823 (20% in the example above) when there are no more tasks refcounted in
824 that bucket.
825
826 An additional boost/capping margin can be added to some tasks. In the
827 example above the 25% task will be boosted to 30% until it exits the
828 CPU. If that should be considered not acceptable on certain systems,
829 it's always possible to reduce the margin by increasing the number of
830 clamp buckets to trade off used memory for run-time tracking
831 precision.
832
833 If in doubt, use the default value.
834
835endmenu
836
837
838
839
840
841config ARCH_SUPPORTS_NUMA_BALANCING
842 bool
843
844
845
846
847
848
849
850
851config ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
852 bool
853
854config CC_HAS_INT128
855 def_bool !$(cc-option,$(m64-flag) -D__SIZEOF_INT128__=0) && 64BIT
856
857
858
859
860config ARCH_SUPPORTS_INT128
861 bool
862
863
864
865
866config ARCH_WANT_NUMA_VARIABLE_LOCALITY
867 bool
868
869config NUMA_BALANCING
870 bool "Memory placement aware NUMA scheduler"
871 depends on ARCH_SUPPORTS_NUMA_BALANCING
872 depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY
873 depends on SMP && NUMA && MIGRATION
874 help
875 This option adds support for automatic NUMA aware memory/task placement.
876 The mechanism is quite primitive and is based on migrating memory when
877 it has references to the node the task is running on.
878
879 This system will be inactive on UMA systems.
880
881config NUMA_BALANCING_DEFAULT_ENABLED
882 bool "Automatically enable NUMA aware memory/task placement"
883 default y
884 depends on NUMA_BALANCING
885 help
886 If set, automatic NUMA balancing will be enabled if running on a NUMA
887 machine.
888
889menuconfig CGROUPS
890 bool "Control Group support"
891 select KERNFS
892 help
893 This option adds support for grouping sets of processes together, for
894 use with process control subsystems such as Cpusets, CFS, memory
895 controls or device isolation.
896 See
897 - Documentation/scheduler/sched-design-CFS.rst (CFS)
898 - Documentation/admin-guide/cgroup-v1/ (features for grouping, isolation
899 and resource control)
900
901 Say N if unsure.
902
903if CGROUPS
904
905config PAGE_COUNTER
906 bool
907
908config MEMCG
909 bool "Memory controller"
910 select PAGE_COUNTER
911 select EVENTFD
912 help
913 Provides control over the memory footprint of tasks in a cgroup.
914
915config MEMCG_SWAP
916 bool
917 depends on MEMCG && SWAP
918 default y
919
920config MEMCG_KMEM
921 bool
922 depends on MEMCG && !SLOB
923 default y
924
925config BLK_CGROUP
926 bool "IO controller"
927 depends on BLOCK
928 default n
929 help
930 Generic block IO controller cgroup interface. This is the common
931 cgroup interface which should be used by various IO controlling
932 policies.
933
934 Currently, CFQ IO scheduler uses it to recognize task groups and
935 control disk bandwidth allocation (proportional time slice allocation)
936 to such task groups. It is also used by bio throttling logic in
937 block layer to implement upper limit in IO rates on a device.
938
939 This option only enables generic Block IO controller infrastructure.
940 One needs to also enable actual IO controlling logic/policy. For
941 enabling proportional weight division of disk bandwidth in CFQ, set
942 CONFIG_BFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
943 CONFIG_BLK_DEV_THROTTLING=y.
944
945 See Documentation/admin-guide/cgroup-v1/blkio-controller.rst for more information.
946
947config CGROUP_WRITEBACK
948 bool
949 depends on MEMCG && BLK_CGROUP
950 default y
951
952menuconfig CGROUP_SCHED
953 bool "CPU controller"
954 default n
955 help
956 This feature lets CPU scheduler recognize task groups and control CPU
957 bandwidth allocation to such task groups. It uses cgroups to group
958 tasks.
959
960if CGROUP_SCHED
961config FAIR_GROUP_SCHED
962 bool "Group scheduling for SCHED_OTHER"
963 depends on CGROUP_SCHED
964 default CGROUP_SCHED
965
966config CFS_BANDWIDTH
967 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
968 depends on FAIR_GROUP_SCHED
969 default n
970 help
971 This option allows users to define CPU bandwidth rates (limits) for
972 tasks running within the fair group scheduler. Groups with no limit
973 set are considered to be unconstrained and will run with no
974 restriction.
975 See Documentation/scheduler/sched-bwc.rst for more information.
976
977config RT_GROUP_SCHED
978 bool "Group scheduling for SCHED_RR/FIFO"
979 depends on CGROUP_SCHED
980 default n
981 help
982 This feature lets you explicitly allocate real CPU bandwidth
983 to task groups. If enabled, it will also make it impossible to
984 schedule realtime tasks for non-root users until you allocate
985 realtime bandwidth for them.
986 See Documentation/scheduler/sched-rt-group.rst for more information.
987
988endif
989
990config UCLAMP_TASK_GROUP
991 bool "Utilization clamping per group of tasks"
992 depends on CGROUP_SCHED
993 depends on UCLAMP_TASK
994 default n
995 help
996 This feature enables the scheduler to track the clamped utilization
997 of each CPU based on RUNNABLE tasks currently scheduled on that CPU.
998
999 When this option is enabled, the user can specify a min and max
1000 CPU bandwidth which is allowed for each single task in a group.
1001 The max bandwidth allows to clamp the maximum frequency a task
1002 can use, while the min bandwidth allows to define a minimum
1003 frequency a task will always use.
1004
1005 When task group based utilization clamping is enabled, an eventually
1006 specified task-specific clamp value is constrained by the cgroup
1007 specified clamp value. Both minimum and maximum task clamping cannot
1008 be bigger than the corresponding clamping defined at task group level.
1009
1010 If in doubt, say N.
1011
1012config CGROUP_PIDS
1013 bool "PIDs controller"
1014 help
1015 Provides enforcement of process number limits in the scope of a
1016 cgroup. Any attempt to fork more processes than is allowed in the
1017 cgroup will fail. PIDs are fundamentally a global resource because it
1018 is fairly trivial to reach PID exhaustion before you reach even a
1019 conservative kmemcg limit. As a result, it is possible to grind a
1020 system to halt without being limited by other cgroup policies. The
1021 PIDs controller is designed to stop this from happening.
1022
1023 It should be noted that organisational operations (such as attaching
1024 to a cgroup hierarchy) will *not* be blocked by the PIDs controller,
1025 since the PIDs limit only affects a process's ability to fork, not to
1026 attach to a cgroup.
1027
1028config CGROUP_RDMA
1029 bool "RDMA controller"
1030 help
1031 Provides enforcement of RDMA resources defined by IB stack.
1032 It is fairly easy for consumers to exhaust RDMA resources, which
1033 can result into resource unavailability to other consumers.
1034 RDMA controller is designed to stop this from happening.
1035 Attaching processes with active RDMA resources to the cgroup
1036 hierarchy is allowed even if can cross the hierarchy's limit.
1037
1038config CGROUP_FREEZER
1039 bool "Freezer controller"
1040 help
1041 Provides a way to freeze and unfreeze all tasks in a
1042 cgroup.
1043
1044 This option affects the ORIGINAL cgroup interface. The cgroup2 memory
1045 controller includes important in-kernel memory consumers per default.
1046
1047 If you're using cgroup2, say N.
1048
1049config CGROUP_HUGETLB
1050 bool "HugeTLB controller"
1051 depends on HUGETLB_PAGE
1052 select PAGE_COUNTER
1053 default n
1054 help
1055 Provides a cgroup controller for HugeTLB pages.
1056 When you enable this, you can put a per cgroup limit on HugeTLB usage.
1057 The limit is enforced during page fault. Since HugeTLB doesn't
1058 support page reclaim, enforcing the limit at page fault time implies
1059 that, the application will get SIGBUS signal if it tries to access
1060 HugeTLB pages beyond its limit. This requires the application to know
1061 beforehand how much HugeTLB pages it would require for its use. The
1062 control group is tracked in the third page lru pointer. This means
1063 that we cannot use the controller with huge page less than 3 pages.
1064
1065config CPUSETS
1066 bool "Cpuset controller"
1067 depends on SMP
1068 help
1069 This option will let you create and manage CPUSETs which
1070 allow dynamically partitioning a system into sets of CPUs and
1071 Memory Nodes and assigning tasks to run only within those sets.
1072 This is primarily useful on large SMP or NUMA systems.
1073
1074 Say N if unsure.
1075
1076config PROC_PID_CPUSET
1077 bool "Include legacy /proc/<pid>/cpuset file"
1078 depends on CPUSETS
1079 default y
1080
1081config CGROUP_DEVICE
1082 bool "Device controller"
1083 help
1084 Provides a cgroup controller implementing whitelists for
1085 devices which a process in the cgroup can mknod or open.
1086
1087config CGROUP_CPUACCT
1088 bool "Simple CPU accounting controller"
1089 help
1090 Provides a simple controller for monitoring the
1091 total CPU consumed by the tasks in a cgroup.
1092
1093config CGROUP_PERF
1094 bool "Perf controller"
1095 depends on PERF_EVENTS
1096 help
1097 This option extends the perf per-cpu mode to restrict monitoring
1098 to threads which belong to the cgroup specified and run on the
1099 designated cpu. Or this can be used to have cgroup ID in samples
1100 so that it can monitor performance events among cgroups.
1101
1102 Say N if unsure.
1103
1104config CGROUP_BPF
1105 bool "Support for eBPF programs attached to cgroups"
1106 depends on BPF_SYSCALL
1107 select SOCK_CGROUP_DATA
1108 help
1109 Allow attaching eBPF programs to a cgroup using the bpf(2)
1110 syscall command BPF_PROG_ATTACH.
1111
1112 In which context these programs are accessed depends on the type
1113 of attachment. For instance, programs that are attached using
1114 BPF_CGROUP_INET_INGRESS will be executed on the ingress path of
1115 inet sockets.
1116
1117config CGROUP_MISC
1118 bool "Misc resource controller"
1119 default n
1120 help
1121 Provides a controller for miscellaneous resources on a host.
1122
1123 Miscellaneous scalar resources are the resources on the host system
1124 which cannot be abstracted like the other cgroups. This controller
1125 tracks and limits the miscellaneous resources used by a process
1126 attached to a cgroup hierarchy.
1127
1128 For more information, please check misc cgroup section in
1129 /Documentation/admin-guide/cgroup-v2.rst.
1130
1131config CGROUP_DEBUG
1132 bool "Debug controller"
1133 default n
1134 depends on DEBUG_KERNEL
1135 help
1136 This option enables a simple controller that exports
1137 debugging information about the cgroups framework. This
1138 controller is for control cgroup debugging only. Its
1139 interfaces are not stable.
1140
1141 Say N.
1142
1143config SOCK_CGROUP_DATA
1144 bool
1145 default n
1146
1147endif
1148
1149menuconfig NAMESPACES
1150 bool "Namespaces support" if EXPERT
1151 depends on MULTIUSER
1152 default !EXPERT
1153 help
1154 Provides the way to make tasks work with different objects using
1155 the same id. For example same IPC id may refer to different objects
1156 or same user id or pid may refer to different tasks when used in
1157 different namespaces.
1158
1159if NAMESPACES
1160
1161config UTS_NS
1162 bool "UTS namespace"
1163 default y
1164 help
1165 In this namespace tasks see different info provided with the
1166 uname() system call
1167
1168config TIME_NS
1169 bool "TIME namespace"
1170 depends on GENERIC_VDSO_TIME_NS
1171 default y
1172 help
1173 In this namespace boottime and monotonic clocks can be set.
1174 The time will keep going with the same pace.
1175
1176config IPC_NS
1177 bool "IPC namespace"
1178 depends on (SYSVIPC || POSIX_MQUEUE)
1179 default y
1180 help
1181 In this namespace tasks work with IPC ids which correspond to
1182 different IPC objects in different namespaces.
1183
1184config USER_NS
1185 bool "User namespace"
1186 default n
1187 help
1188 This allows containers, i.e. vservers, to use user namespaces
1189 to provide different user info for different servers.
1190
1191 When user namespaces are enabled in the kernel it is
1192 recommended that the MEMCG option also be enabled and that
1193 user-space use the memory control groups to limit the amount
1194 of memory a memory unprivileged users can use.
1195
1196 If unsure, say N.
1197
1198config PID_NS
1199 bool "PID Namespaces"
1200 default y
1201 help
1202 Support process id namespaces. This allows having multiple
1203 processes with the same pid as long as they are in different
1204 pid namespaces. This is a building block of containers.
1205
1206config NET_NS
1207 bool "Network namespace"
1208 depends on NET
1209 default y
1210 help
1211 Allow user space to create what appear to be multiple instances
1212 of the network stack.
1213
1214endif
1215
1216config CHECKPOINT_RESTORE
1217 bool "Checkpoint/restore support"
1218 select PROC_CHILDREN
1219 select KCMP
1220 default n
1221 help
1222 Enables additional kernel features in a sake of checkpoint/restore.
1223 In particular it adds auxiliary prctl codes to setup process text,
1224 data and heap segment sizes, and a few additional /proc filesystem
1225 entries.
1226
1227 If unsure, say N here.
1228
1229config SCHED_AUTOGROUP
1230 bool "Automatic process group scheduling"
1231 select CGROUPS
1232 select CGROUP_SCHED
1233 select FAIR_GROUP_SCHED
1234 help
1235 This option optimizes the scheduler for common desktop workloads by
1236 automatically creating and populating task groups. This separation
1237 of workloads isolates aggressive CPU burners (like build jobs) from
1238 desktop applications. Task group autogeneration is currently based
1239 upon task session.
1240
1241config SYSFS_DEPRECATED
1242 bool "Enable deprecated sysfs features to support old userspace tools"
1243 depends on SYSFS
1244 default n
1245 help
1246 This option adds code that switches the layout of the "block" class
1247 devices, to not show up in /sys/class/block/, but only in
1248 /sys/block/.
1249
1250 This switch is only active when the sysfs.deprecated=1 boot option is
1251 passed or the SYSFS_DEPRECATED_V2 option is set.
1252
1253 This option allows new kernels to run on old distributions and tools,
1254 which might get confused by /sys/class/block/. Since 2007/2008 all
1255 major distributions and tools handle this just fine.
1256
1257 Recent distributions and userspace tools after 2009/2010 depend on
1258 the existence of /sys/class/block/, and will not work with this
1259 option enabled.
1260
1261 Only if you are using a new kernel on an old distribution, you might
1262 need to say Y here.
1263
1264config SYSFS_DEPRECATED_V2
1265 bool "Enable deprecated sysfs features by default"
1266 default n
1267 depends on SYSFS
1268 depends on SYSFS_DEPRECATED
1269 help
1270 Enable deprecated sysfs by default.
1271
1272 See the CONFIG_SYSFS_DEPRECATED option for more details about this
1273 option.
1274
1275 Only if you are using a new kernel on an old distribution, you might
1276 need to say Y here. Even then, odds are you would not need it
1277 enabled, you can always pass the boot option if absolutely necessary.
1278
1279config RELAY
1280 bool "Kernel->user space relay support (formerly relayfs)"
1281 select IRQ_WORK
1282 help
1283 This option enables support for relay interface support in
1284 certain file systems (such as debugfs).
1285 It is designed to provide an efficient mechanism for tools and
1286 facilities to relay large amounts of data from kernel space to
1287 user space.
1288
1289 If unsure, say N.
1290
1291config BLK_DEV_INITRD
1292 bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
1293 help
1294 The initial RAM filesystem is a ramfs which is loaded by the
1295 boot loader (loadlin or lilo) and that is mounted as root
1296 before the normal boot procedure. It is typically used to
1297 load modules needed to mount the "real" root file system,
1298 etc. See <file:Documentation/admin-guide/initrd.rst> for details.
1299
1300 If RAM disk support (BLK_DEV_RAM) is also included, this
1301 also enables initial RAM disk (initrd) support and adds
1302 15 Kbytes (more on some other architectures) to the kernel size.
1303
1304 If unsure say Y.
1305
1306if BLK_DEV_INITRD
1307
1308source "usr/Kconfig"
1309
1310endif
1311
1312config BOOT_CONFIG
1313 bool "Boot config support"
1314 select BLK_DEV_INITRD
1315 help
1316 Extra boot config allows system admin to pass a config file as
1317 complemental extension of kernel cmdline when booting.
1318 The boot config file must be attached at the end of initramfs
1319 with checksum, size and magic word.
1320 See <file:Documentation/admin-guide/bootconfig.rst> for details.
1321
1322 If unsure, say Y.
1323
1324choice
1325 prompt "Compiler optimization level"
1326 default CC_OPTIMIZE_FOR_PERFORMANCE
1327
1328config CC_OPTIMIZE_FOR_PERFORMANCE
1329 bool "Optimize for performance (-O2)"
1330 help
1331 This is the default optimization level for the kernel, building
1332 with the "-O2" compiler flag for best performance and most
1333 helpful compile-time warnings.
1334
1335config CC_OPTIMIZE_FOR_PERFORMANCE_O3
1336 bool "Optimize more for performance (-O3)"
1337 depends on ARC
1338 help
1339 Choosing this option will pass "-O3" to your compiler to optimize
1340 the kernel yet more for performance.
1341
1342config CC_OPTIMIZE_FOR_SIZE
1343 bool "Optimize for size (-Os)"
1344 help
1345 Choosing this option will pass "-Os" to your compiler resulting
1346 in a smaller kernel.
1347
1348endchoice
1349
1350config HAVE_LD_DEAD_CODE_DATA_ELIMINATION
1351 bool
1352 help
1353 This requires that the arch annotates or otherwise protects
1354 its external entry points from being discarded. Linker scripts
1355 must also merge .text.*, .data.*, and .bss.* correctly into
1356 output sections. Care must be taken not to pull in unrelated
1357 sections (e.g., '.text.init'). Typically '.' in section names
1358 is used to distinguish them from label names / C identifiers.
1359
1360config LD_DEAD_CODE_DATA_ELIMINATION
1361 bool "Dead code and data elimination (EXPERIMENTAL)"
1362 depends on HAVE_LD_DEAD_CODE_DATA_ELIMINATION
1363 depends on EXPERT
1364 depends on $(cc-option,-ffunction-sections -fdata-sections)
1365 depends on $(ld-option,--gc-sections)
1366 help
1367 Enable this if you want to do dead code and data elimination with
1368 the linker by compiling with -ffunction-sections -fdata-sections,
1369 and linking with --gc-sections.
1370
1371 This can reduce on disk and in-memory size of the kernel
1372 code and static data, particularly for small configs and
1373 on small systems. This has the possibility of introducing
1374 silently broken kernel if the required annotations are not
1375 present. This option is not well tested yet, so use at your
1376 own risk.
1377
1378config LD_ORPHAN_WARN
1379 def_bool y
1380 depends on ARCH_WANT_LD_ORPHAN_WARN
1381 depends on !LD_IS_LLD || LLD_VERSION >= 110000
1382 depends on $(ld-option,--orphan-handling=warn)
1383
1384config SYSCTL
1385 bool
1386
1387config HAVE_UID16
1388 bool
1389
1390config SYSCTL_EXCEPTION_TRACE
1391 bool
1392 help
1393 Enable support for /proc/sys/debug/exception-trace.
1394
1395config SYSCTL_ARCH_UNALIGN_NO_WARN
1396 bool
1397 help
1398 Enable support for /proc/sys/kernel/ignore-unaligned-usertrap
1399 Allows arch to define/use @no_unaligned_warning to possibly warn
1400 about unaligned access emulation going on under the hood.
1401
1402config SYSCTL_ARCH_UNALIGN_ALLOW
1403 bool
1404 help
1405 Enable support for /proc/sys/kernel/unaligned-trap
1406 Allows arches to define/use @unaligned_enabled to runtime toggle
1407 the unaligned access emulation.
1408 see arch/parisc/kernel/unaligned.c for reference
1409
1410config HAVE_PCSPKR_PLATFORM
1411 bool
1412
1413
1414config BPF
1415 bool
1416
1417menuconfig EXPERT
1418 bool "Configure standard kernel features (expert users)"
1419
1420 select DEBUG_KERNEL
1421 help
1422 This option allows certain base kernel options and settings
1423 to be disabled or tweaked. This is for specialized
1424 environments which can tolerate a "non-standard" kernel.
1425 Only use this if you really know what you are doing.
1426
1427config UID16
1428 bool "Enable 16-bit UID system calls" if EXPERT
1429 depends on HAVE_UID16 && MULTIUSER
1430 default y
1431 help
1432 This enables the legacy 16-bit UID syscall wrappers.
1433
1434config MULTIUSER
1435 bool "Multiple users, groups and capabilities support" if EXPERT
1436 default y
1437 help
1438 This option enables support for non-root users, groups and
1439 capabilities.
1440
1441 If you say N here, all processes will run with UID 0, GID 0, and all
1442 possible capabilities. Saying N here also compiles out support for
1443 system calls related to UIDs, GIDs, and capabilities, such as setuid,
1444 setgid, and capset.
1445
1446 If unsure, say Y here.
1447
1448config SGETMASK_SYSCALL
1449 bool "sgetmask/ssetmask syscalls support" if EXPERT
1450 def_bool PARISC || M68K || PPC || MIPS || X86 || SPARC || MICROBLAZE || SUPERH
1451 help
1452 sys_sgetmask and sys_ssetmask are obsolete system calls
1453 no longer supported in libc but still enabled by default in some
1454 architectures.
1455
1456 If unsure, leave the default option here.
1457
1458config SYSFS_SYSCALL
1459 bool "Sysfs syscall support" if EXPERT
1460 default y
1461 help
1462 sys_sysfs is an obsolete system call no longer supported in libc.
1463 Note that disabling this option is more secure but might break
1464 compatibility with some systems.
1465
1466 If unsure say Y here.
1467
1468config FHANDLE
1469 bool "open by fhandle syscalls" if EXPERT
1470 select EXPORTFS
1471 default y
1472 help
1473 If you say Y here, a user level program will be able to map
1474 file names to handle and then later use the handle for
1475 different file system operations. This is useful in implementing
1476 userspace file servers, which now track files using handles instead
1477 of names. The handle would remain the same even if file names
1478 get renamed. Enables open_by_handle_at(2) and name_to_handle_at(2)
1479 syscalls.
1480
1481config POSIX_TIMERS
1482 bool "Posix Clocks & timers" if EXPERT
1483 default y
1484 help
1485 This includes native support for POSIX timers to the kernel.
1486 Some embedded systems have no use for them and therefore they
1487 can be configured out to reduce the size of the kernel image.
1488
1489 When this option is disabled, the following syscalls won't be
1490 available: timer_create, timer_gettime: timer_getoverrun,
1491 timer_settime, timer_delete, clock_adjtime, getitimer,
1492 setitimer, alarm. Furthermore, the clock_settime, clock_gettime,
1493 clock_getres and clock_nanosleep syscalls will be limited to
1494 CLOCK_REALTIME, CLOCK_MONOTONIC and CLOCK_BOOTTIME only.
1495
1496 If unsure say y.
1497
1498config PRINTK
1499 default y
1500 bool "Enable support for printk" if EXPERT
1501 select IRQ_WORK
1502 help
1503 This option enables normal printk support. Removing it
1504 eliminates most of the message strings from the kernel image
1505 and makes the kernel more or less silent. As this makes it
1506 very difficult to diagnose system problems, saying N here is
1507 strongly discouraged.
1508
1509config PRINTK_NMI
1510 def_bool y
1511 depends on PRINTK
1512 depends on HAVE_NMI
1513
1514config BUG
1515 bool "BUG() support" if EXPERT
1516 default y
1517 help
1518 Disabling this option eliminates support for BUG and WARN, reducing
1519 the size of your kernel image and potentially quietly ignoring
1520 numerous fatal conditions. You should only consider disabling this
1521 option for embedded systems with no facilities for reporting errors.
1522 Just say Y.
1523
1524config ELF_CORE
1525 depends on COREDUMP
1526 default y
1527 bool "Enable ELF core dumps" if EXPERT
1528 help
1529 Enable support for generating core dumps. Disabling saves about 4k.
1530
1531
1532config PCSPKR_PLATFORM
1533 bool "Enable PC-Speaker support" if EXPERT
1534 depends on HAVE_PCSPKR_PLATFORM
1535 select I8253_LOCK
1536 default y
1537 help
1538 This option allows to disable the internal PC-Speaker
1539 support, saving some memory.
1540
1541config BASE_FULL
1542 default y
1543 bool "Enable full-sized data structures for core" if EXPERT
1544 help
1545 Disabling this option reduces the size of miscellaneous core
1546 kernel data structures. This saves memory on small machines,
1547 but may reduce performance.
1548
1549config FUTEX
1550 bool "Enable futex support" if EXPERT
1551 default y
1552 imply RT_MUTEXES
1553 help
1554 Disabling this option will cause the kernel to be built without
1555 support for "fast userspace mutexes". The resulting kernel may not
1556 run glibc-based applications correctly.
1557
1558config FUTEX_PI
1559 bool
1560 depends on FUTEX && RT_MUTEXES
1561 default y
1562
1563config HAVE_FUTEX_CMPXCHG
1564 bool
1565 depends on FUTEX
1566 help
1567 Architectures should select this if futex_atomic_cmpxchg_inatomic()
1568 is implemented and always working. This removes a couple of runtime
1569 checks.
1570
1571config EPOLL
1572 bool "Enable eventpoll support" if EXPERT
1573 default y
1574 help
1575 Disabling this option will cause the kernel to be built without
1576 support for epoll family of system calls.
1577
1578config SIGNALFD
1579 bool "Enable signalfd() system call" if EXPERT
1580 default y
1581 help
1582 Enable the signalfd() system call that allows to receive signals
1583 on a file descriptor.
1584
1585 If unsure, say Y.
1586
1587config TIMERFD
1588 bool "Enable timerfd() system call" if EXPERT
1589 default y
1590 help
1591 Enable the timerfd() system call that allows to receive timer
1592 events on a file descriptor.
1593
1594 If unsure, say Y.
1595
1596config EVENTFD
1597 bool "Enable eventfd() system call" if EXPERT
1598 default y
1599 help
1600 Enable the eventfd() system call that allows to receive both
1601 kernel notification (ie. KAIO) or userspace notifications.
1602
1603 If unsure, say Y.
1604
1605config SHMEM
1606 bool "Use full shmem filesystem" if EXPERT
1607 default y
1608 depends on MMU
1609 help
1610 The shmem is an internal filesystem used to manage shared memory.
1611 It is backed by swap and manages resource limits. It is also exported
1612 to userspace as tmpfs if TMPFS is enabled. Disabling this
1613 option replaces shmem and tmpfs with the much simpler ramfs code,
1614 which may be appropriate on small systems without swap.
1615
1616config AIO
1617 bool "Enable AIO support" if EXPERT
1618 default y
1619 help
1620 This option enables POSIX asynchronous I/O which may by used
1621 by some high performance threaded applications. Disabling
1622 this option saves about 7k.
1623
1624config IO_URING
1625 bool "Enable IO uring support" if EXPERT
1626 select IO_WQ
1627 default y
1628 help
1629 This option enables support for the io_uring interface, enabling
1630 applications to submit and complete IO through submission and
1631 completion rings that are shared between the kernel and application.
1632
1633config ADVISE_SYSCALLS
1634 bool "Enable madvise/fadvise syscalls" if EXPERT
1635 default y
1636 help
1637 This option enables the madvise and fadvise syscalls, used by
1638 applications to advise the kernel about their future memory or file
1639 usage, improving performance. If building an embedded system where no
1640 applications use these syscalls, you can disable this option to save
1641 space.
1642
1643config HAVE_ARCH_USERFAULTFD_WP
1644 bool
1645 help
1646 Arch has userfaultfd write protection support
1647
1648config HAVE_ARCH_USERFAULTFD_MINOR
1649 bool
1650 help
1651 Arch has userfaultfd minor fault support
1652
1653config MEMBARRIER
1654 bool "Enable membarrier() system call" if EXPERT
1655 default y
1656 help
1657 Enable the membarrier() system call that allows issuing memory
1658 barriers across all running threads, which can be used to distribute
1659 the cost of user-space memory barriers asymmetrically by transforming
1660 pairs of memory barriers into pairs consisting of membarrier() and a
1661 compiler barrier.
1662
1663 If unsure, say Y.
1664
1665config KALLSYMS
1666 bool "Load all symbols for debugging/ksymoops" if EXPERT
1667 default y
1668 help
1669 Say Y here to let the kernel print out symbolic crash information and
1670 symbolic stack backtraces. This increases the size of the kernel
1671 somewhat, as all symbols have to be loaded into the kernel image.
1672
1673config KALLSYMS_ALL
1674 bool "Include all symbols in kallsyms"
1675 depends on DEBUG_KERNEL && KALLSYMS
1676 help
1677 Normally kallsyms only contains the symbols of functions for nicer
1678 OOPS messages and backtraces (i.e., symbols from the text and inittext
1679 sections). This is sufficient for most cases. And only in very rare
1680 cases (e.g., when a debugger is used) all symbols are required (e.g.,
1681 names of variables from the data sections, etc).
1682
1683 This option makes sure that all symbols are loaded into the kernel
1684 image (i.e., symbols from all sections) in cost of increased kernel
1685 size (depending on the kernel configuration, it may be 300KiB or
1686 something like this).
1687
1688 Say N unless you really need all symbols.
1689
1690config KALLSYMS_ABSOLUTE_PERCPU
1691 bool
1692 depends on KALLSYMS
1693 default X86_64 && SMP
1694
1695config KALLSYMS_BASE_RELATIVE
1696 bool
1697 depends on KALLSYMS
1698 default !IA64
1699 help
1700 Instead of emitting them as absolute values in the native word size,
1701 emit the symbol references in the kallsyms table as 32-bit entries,
1702 each containing a relative value in the range [base, base + U32_MAX]
1703 or, when KALLSYMS_ABSOLUTE_PERCPU is in effect, each containing either
1704 an absolute value in the range [0, S32_MAX] or a relative value in the
1705 range [base, base + S32_MAX], where base is the lowest relative symbol
1706 address encountered in the image.
1707
1708 On 64-bit builds, this reduces the size of the address table by 50%,
1709 but more importantly, it results in entries whose values are build
1710 time constants, and no relocation pass is required at runtime to fix
1711 up the entries based on the runtime load address of the kernel.
1712
1713
1714
1715
1716
1717config USERFAULTFD
1718 bool "Enable userfaultfd() system call"
1719 depends on MMU
1720 help
1721 Enable the userfaultfd() system call that allows to intercept and
1722 handle page faults in userland.
1723
1724config ARCH_HAS_MEMBARRIER_CALLBACKS
1725 bool
1726
1727config ARCH_HAS_MEMBARRIER_SYNC_CORE
1728 bool
1729
1730config KCMP
1731 bool "Enable kcmp() system call" if EXPERT
1732 help
1733 Enable the kernel resource comparison system call. It provides
1734 user-space with the ability to compare two processes to see if they
1735 share a common resource, such as a file descriptor or even virtual
1736 memory space.
1737
1738 If unsure, say N.
1739
1740config RSEQ
1741 bool "Enable rseq() system call" if EXPERT
1742 default y
1743 depends on HAVE_RSEQ
1744 select MEMBARRIER
1745 help
1746 Enable the restartable sequences system call. It provides a
1747 user-space cache for the current CPU number value, which
1748 speeds up getting the current CPU number from user-space,
1749 as well as an ABI to speed up user-space operations on
1750 per-CPU data.
1751
1752 If unsure, say Y.
1753
1754config DEBUG_RSEQ
1755 default n
1756 bool "Enabled debugging of rseq() system call" if EXPERT
1757 depends on RSEQ && DEBUG_KERNEL
1758 help
1759 Enable extra debugging checks for the rseq system call.
1760
1761 If unsure, say N.
1762
1763config EMBEDDED
1764 bool "Embedded system"
1765 select EXPERT
1766 help
1767 This option should be enabled if compiling the kernel for
1768 an embedded system so certain expert options are available
1769 for configuration.
1770
1771config HAVE_PERF_EVENTS
1772 bool
1773 help
1774 See tools/perf/design.txt for details.
1775
1776config PERF_USE_VMALLOC
1777 bool
1778 help
1779 See tools/perf/design.txt for details
1780
1781config PC104
1782 bool "PC/104 support" if EXPERT
1783 help
1784 Expose PC/104 form factor device drivers and options available for
1785 selection and configuration. Enable this option if your target
1786 machine has a PC/104 bus.
1787
1788menu "Kernel Performance Events And Counters"
1789
1790config PERF_EVENTS
1791 bool "Kernel performance events and counters"
1792 default y if PROFILING
1793 depends on HAVE_PERF_EVENTS
1794 select IRQ_WORK
1795 select SRCU
1796 help
1797 Enable kernel support for various performance events provided
1798 by software and hardware.
1799
1800 Software events are supported either built-in or via the
1801 use of generic tracepoints.
1802
1803 Most modern CPUs support performance events via performance
1804 counter registers. These registers count the number of certain
1805 types of hw events: such as instructions executed, cachemisses
1806 suffered, or branches mis-predicted - without slowing down the
1807 kernel or applications. These registers can also trigger interrupts
1808 when a threshold number of events have passed - and can thus be
1809 used to profile the code that runs on that CPU.
1810
1811 The Linux Performance Event subsystem provides an abstraction of
1812 these software and hardware event capabilities, available via a
1813 system call and used by the "perf" utility in tools/perf/. It
1814 provides per task and per CPU counters, and it provides event
1815 capabilities on top of those.
1816
1817 Say Y if unsure.
1818
1819config DEBUG_PERF_USE_VMALLOC
1820 default n
1821 bool "Debug: use vmalloc to back perf mmap() buffers"
1822 depends on PERF_EVENTS && DEBUG_KERNEL && !PPC
1823 select PERF_USE_VMALLOC
1824 help
1825 Use vmalloc memory to back perf mmap() buffers.
1826
1827 Mostly useful for debugging the vmalloc code on platforms
1828 that don't require it.
1829
1830 Say N if unsure.
1831
1832endmenu
1833
1834config VM_EVENT_COUNTERS
1835 default y
1836 bool "Enable VM event counters for /proc/vmstat" if EXPERT
1837 help
1838 VM event counters are needed for event counts to be shown.
1839 This option allows the disabling of the VM event counters
1840 on EXPERT systems. /proc/vmstat will only show page counts
1841 if VM event counters are disabled.
1842
1843config SLUB_DEBUG
1844 default y
1845 bool "Enable SLUB debugging support" if EXPERT
1846 depends on SLUB && SYSFS
1847 help
1848 SLUB has extensive debug support features. Disabling these can
1849 result in significant savings in code size. This also disables
1850 SLUB sysfs support. /sys/slab will not exist and there will be
1851 no support for cache validation etc.
1852
1853config COMPAT_BRK
1854 bool "Disable heap randomization"
1855 default y
1856 help
1857 Randomizing heap placement makes heap exploits harder, but it
1858 also breaks ancient binaries (including anything libc5 based).
1859 This option changes the bootup default to heap randomization
1860 disabled, and can be overridden at runtime by setting
1861 /proc/sys/kernel/randomize_va_space to 2.
1862
1863 On non-ancient distros (post-2000 ones) N is usually a safe choice.
1864
1865choice
1866 prompt "Choose SLAB allocator"
1867 default SLUB
1868 help
1869 This option allows to select a slab allocator.
1870
1871config SLAB
1872 bool "SLAB"
1873 select HAVE_HARDENED_USERCOPY_ALLOCATOR
1874 help
1875 The regular slab allocator that is established and known to work
1876 well in all environments. It organizes cache hot objects in
1877 per cpu and per node queues.
1878
1879config SLUB
1880 bool "SLUB (Unqueued Allocator)"
1881 select HAVE_HARDENED_USERCOPY_ALLOCATOR
1882 help
1883 SLUB is a slab allocator that minimizes cache line usage
1884 instead of managing queues of cached objects (SLAB approach).
1885 Per cpu caching is realized using slabs of objects instead
1886 of queues of objects. SLUB can use memory efficiently
1887 and has enhanced diagnostics. SLUB is the default choice for
1888 a slab allocator.
1889
1890config SLOB
1891 depends on EXPERT
1892 bool "SLOB (Simple Allocator)"
1893 help
1894 SLOB replaces the stock allocator with a drastically simpler
1895 allocator. SLOB is generally more space efficient but
1896 does not perform as well on large systems.
1897
1898endchoice
1899
1900config SLAB_MERGE_DEFAULT
1901 bool "Allow slab caches to be merged"
1902 default y
1903 help
1904 For reduced kernel memory fragmentation, slab caches can be
1905 merged when they share the same size and other characteristics.
1906 This carries a risk of kernel heap overflows being able to
1907 overwrite objects from merged caches (and more easily control
1908 cache layout), which makes such heap attacks easier to exploit
1909 by attackers. By keeping caches unmerged, these kinds of exploits
1910 can usually only damage objects in the same cache. To disable
1911 merging at runtime, "slab_nomerge" can be passed on the kernel
1912 command line.
1913
1914config SLAB_FREELIST_RANDOM
1915 bool "Randomize slab freelist"
1916 depends on SLAB || SLUB
1917 help
1918 Randomizes the freelist order used on creating new pages. This
1919 security feature reduces the predictability of the kernel slab
1920 allocator against heap overflows.
1921
1922config SLAB_FREELIST_HARDENED
1923 bool "Harden slab freelist metadata"
1924 depends on SLAB || SLUB
1925 help
1926 Many kernel heap attacks try to target slab cache metadata and
1927 other infrastructure. This options makes minor performance
1928 sacrifices to harden the kernel slab allocator against common
1929 freelist exploit methods. Some slab implementations have more
1930 sanity-checking than others. This option is most effective with
1931 CONFIG_SLUB.
1932
1933config SHUFFLE_PAGE_ALLOCATOR
1934 bool "Page allocator randomization"
1935 default SLAB_FREELIST_RANDOM && ACPI_NUMA
1936 help
1937 Randomization of the page allocator improves the average
1938 utilization of a direct-mapped memory-side-cache. See section
1939 5.2.27 Heterogeneous Memory Attribute Table (HMAT) in the ACPI
1940 6.2a specification for an example of how a platform advertises
1941 the presence of a memory-side-cache. There are also incidental
1942 security benefits as it reduces the predictability of page
1943 allocations to compliment SLAB_FREELIST_RANDOM, but the
1944 default granularity of shuffling on the "MAX_ORDER - 1" i.e,
1945 10th order of pages is selected based on cache utilization
1946 benefits on x86.
1947
1948 While the randomization improves cache utilization it may
1949 negatively impact workloads on platforms without a cache. For
1950 this reason, by default, the randomization is enabled only
1951 after runtime detection of a direct-mapped memory-side-cache.
1952 Otherwise, the randomization may be force enabled with the
1953 'page_alloc.shuffle' kernel command line parameter.
1954
1955 Say Y if unsure.
1956
1957config SLUB_CPU_PARTIAL
1958 default y
1959 depends on SLUB && SMP
1960 bool "SLUB per cpu partial cache"
1961 help
1962 Per cpu partial caches accelerate objects allocation and freeing
1963 that is local to a processor at the price of more indeterminism
1964 in the latency of the free. On overflow these caches will be cleared
1965 which requires the taking of locks that may cause latency spikes.
1966 Typically one would choose no for a realtime system.
1967
1968config MMAP_ALLOW_UNINITIALIZED
1969 bool "Allow mmapped anonymous memory to be uninitialized"
1970 depends on EXPERT && !MMU
1971 default n
1972 help
1973 Normally, and according to the Linux spec, anonymous memory obtained
1974 from mmap() has its contents cleared before it is passed to
1975 userspace. Enabling this config option allows you to request that
1976 mmap() skip that if it is given an MAP_UNINITIALIZED flag, thus
1977 providing a huge performance boost. If this option is not enabled,
1978 then the flag will be ignored.
1979
1980 This is taken advantage of by uClibc's malloc(), and also by
1981 ELF-FDPIC binfmt's brk and stack allocator.
1982
1983 Because of the obvious security issues, this option should only be
1984 enabled on embedded devices where you control what is run in
1985 userspace. Since that isn't generally a problem on no-MMU systems,
1986 it is normally safe to say Y here.
1987
1988 See Documentation/admin-guide/mm/nommu-mmap.rst for more information.
1989
1990config SYSTEM_DATA_VERIFICATION
1991 def_bool n
1992 select SYSTEM_TRUSTED_KEYRING
1993 select KEYS
1994 select CRYPTO
1995 select CRYPTO_RSA
1996 select ASYMMETRIC_KEY_TYPE
1997 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
1998 select ASN1
1999 select OID_REGISTRY
2000 select X509_CERTIFICATE_PARSER
2001 select PKCS7_MESSAGE_PARSER
2002 help
2003 Provide PKCS#7 message verification using the contents of the system
2004 trusted keyring to provide public keys. This then can be used for
2005 module verification, kexec image verification and firmware blob
2006 verification.
2007
2008config PROFILING
2009 bool "Profiling support"
2010 help
2011 Say Y here to enable the extended profiling support mechanisms used
2012 by profilers.
2013
2014
2015
2016
2017
2018config TRACEPOINTS
2019 bool
2020
2021endmenu
2022
2023source "arch/Kconfig"
2024
2025config RT_MUTEXES
2026 bool
2027
2028config BASE_SMALL
2029 int
2030 default 0 if BASE_FULL
2031 default 1 if !BASE_FULL
2032
2033config MODULE_SIG_FORMAT
2034 def_bool n
2035 select SYSTEM_DATA_VERIFICATION
2036
2037menuconfig MODULES
2038 bool "Enable loadable module support"
2039 modules
2040 help
2041 Kernel modules are small pieces of compiled code which can
2042 be inserted in the running kernel, rather than being
2043 permanently built into the kernel. You use the "modprobe"
2044 tool to add (and sometimes remove) them. If you say Y here,
2045 many parts of the kernel can be built as modules (by
2046 answering M instead of Y where indicated): this is most
2047 useful for infrequently used options which are not required
2048 for booting. For more information, see the man pages for
2049 modprobe, lsmod, modinfo, insmod and rmmod.
2050
2051 If you say Y here, you will need to run "make
2052 modules_install" to put the modules under /lib/modules/
2053 where modprobe can find them (you may need to be root to do
2054 this).
2055
2056 If unsure, say Y.
2057
2058if MODULES
2059
2060config MODULE_FORCE_LOAD
2061 bool "Forced module loading"
2062 default n
2063 help
2064 Allow loading of modules without version information (ie. modprobe
2065 --force). Forced module loading sets the 'F' (forced) taint flag and
2066 is usually a really bad idea.
2067
2068config MODULE_UNLOAD
2069 bool "Module unloading"
2070 help
2071 Without this option you will not be able to unload any
2072 modules (note that some modules may not be unloadable
2073 anyway), which makes your kernel smaller, faster
2074 and simpler. If unsure, say Y.
2075
2076config MODULE_FORCE_UNLOAD
2077 bool "Forced module unloading"
2078 depends on MODULE_UNLOAD
2079 help
2080 This option allows you to force a module to unload, even if the
2081 kernel believes it is unsafe: the kernel will remove the module
2082 without waiting for anyone to stop using it (using the -f option to
2083 rmmod). This is mainly for kernel developers and desperate users.
2084 If unsure, say N.
2085
2086config MODVERSIONS
2087 bool "Module versioning support"
2088 help
2089 Usually, you have to use modules compiled with your kernel.
2090 Saying Y here makes it sometimes possible to use modules
2091 compiled for different kernels, by adding enough information
2092 to the modules to (hopefully) spot any changes which would
2093 make them incompatible with the kernel you are running. If
2094 unsure, say N.
2095
2096config ASM_MODVERSIONS
2097 bool
2098 default HAVE_ASM_MODVERSIONS && MODVERSIONS
2099 help
2100 This enables module versioning for exported symbols also from
2101 assembly. This can be enabled only when the target architecture
2102 supports it.
2103
2104config MODULE_REL_CRCS
2105 bool
2106 depends on MODVERSIONS
2107
2108config MODULE_SRCVERSION_ALL
2109 bool "Source checksum for all modules"
2110 help
2111 Modules which contain a MODULE_VERSION get an extra "srcversion"
2112 field inserted into their modinfo section, which contains a
2113 sum of the source files which made it. This helps maintainers
2114 see exactly which source was used to build a module (since
2115 others sometimes change the module source without updating
2116 the version). With this option, such a "srcversion" field
2117 will be created for all modules. If unsure, say N.
2118
2119config MODULE_SIG
2120 bool "Module signature verification"
2121 select MODULE_SIG_FORMAT
2122 help
2123 Check modules for valid signatures upon load: the signature
2124 is simply appended to the module. For more information see
2125 <file:Documentation/admin-guide/module-signing.rst>.
2126
2127 Note that this option adds the OpenSSL development packages as a
2128 kernel build dependency so that the signing tool can use its crypto
2129 library.
2130
2131 You should enable this option if you wish to use either
2132 CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
2133 another LSM - otherwise unsigned modules will be loadable regardless
2134 of the lockdown policy.
2135
2136 !!!WARNING!!! If you enable this option, you MUST make sure that the
2137 module DOES NOT get stripped after being signed. This includes the
2138 debuginfo strip done by some packagers (such as rpmbuild) and
2139 inclusion into an initramfs that wants the module size reduced.
2140
2141config MODULE_SIG_FORCE
2142 bool "Require modules to be validly signed"
2143 depends on MODULE_SIG
2144 help
2145 Reject unsigned modules or signed modules for which we don't have a
2146 key. Without this, such modules will simply taint the kernel.
2147
2148config MODULE_SIG_ALL
2149 bool "Automatically sign all modules"
2150 default y
2151 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
2152 help
2153 Sign all modules during make modules_install. Without this option,
2154 modules must be signed manually, using the scripts/sign-file tool.
2155
2156comment "Do not forget to sign required modules with scripts/sign-file"
2157 depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
2158
2159choice
2160 prompt "Which hash algorithm should modules be signed with?"
2161 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
2162 help
2163 This determines which sort of hashing algorithm will be used during
2164 signature generation. This algorithm _must_ be built into the kernel
2165 directly so that signature verification can take place. It is not
2166 possible to load a signed module containing the algorithm to check
2167 the signature on that module.
2168
2169config MODULE_SIG_SHA1
2170 bool "Sign modules with SHA-1"
2171 select CRYPTO_SHA1
2172
2173config MODULE_SIG_SHA224
2174 bool "Sign modules with SHA-224"
2175 select CRYPTO_SHA256
2176
2177config MODULE_SIG_SHA256
2178 bool "Sign modules with SHA-256"
2179 select CRYPTO_SHA256
2180
2181config MODULE_SIG_SHA384
2182 bool "Sign modules with SHA-384"
2183 select CRYPTO_SHA512
2184
2185config MODULE_SIG_SHA512
2186 bool "Sign modules with SHA-512"
2187 select CRYPTO_SHA512
2188
2189endchoice
2190
2191config MODULE_SIG_HASH
2192 string
2193 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
2194 default "sha1" if MODULE_SIG_SHA1
2195 default "sha224" if MODULE_SIG_SHA224
2196 default "sha256" if MODULE_SIG_SHA256
2197 default "sha384" if MODULE_SIG_SHA384
2198 default "sha512" if MODULE_SIG_SHA512
2199
2200choice
2201 prompt "Module compression mode"
2202 help
2203 This option allows you to choose the algorithm which will be used to
2204 compress modules when 'make modules_install' is run. (or, you can
2205 choose to not compress modules at all.)
2206
2207 External modules will also be compressed in the same way during the
2208 installation.
2209
2210 For modules inside an initrd or initramfs, it's more efficient to
2211 compress the whole initrd or initramfs instead.
2212
2213 This is fully compatible with signed modules.
2214
2215 Please note that the tool used to load modules needs to support the
2216 corresponding algorithm. module-init-tools MAY support gzip, and kmod
2217 MAY support gzip, xz and zstd.
2218
2219 Your build system needs to provide the appropriate compression tool
2220 to compress the modules.
2221
2222 If in doubt, select 'None'.
2223
2224config MODULE_COMPRESS_NONE
2225 bool "None"
2226 help
2227 Do not compress modules. The installed modules are suffixed
2228 with .ko.
2229
2230config MODULE_COMPRESS_GZIP
2231 bool "GZIP"
2232 help
2233 Compress modules with GZIP. The installed modules are suffixed
2234 with .ko.gz.
2235
2236config MODULE_COMPRESS_XZ
2237 bool "XZ"
2238 help
2239 Compress modules with XZ. The installed modules are suffixed
2240 with .ko.xz.
2241
2242config MODULE_COMPRESS_ZSTD
2243 bool "ZSTD"
2244 help
2245 Compress modules with ZSTD. The installed modules are suffixed
2246 with .ko.zst.
2247
2248endchoice
2249
2250config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
2251 bool "Allow loading of modules with missing namespace imports"
2252 help
2253 Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
2254 a namespace. A module that makes use of a symbol exported with such a
2255 namespace is required to import the namespace via MODULE_IMPORT_NS().
2256 There is no technical reason to enforce correct namespace imports,
2257 but it creates consistency between symbols defining namespaces and
2258 users importing namespaces they make use of. This option relaxes this
2259 requirement and lifts the enforcement when loading a module.
2260
2261 If unsure, say N.
2262
2263config MODPROBE_PATH
2264 string "Path to modprobe binary"
2265 default "/sbin/modprobe"
2266 help
2267 When kernel code requests a module, it does so by calling
2268 the "modprobe" userspace utility. This option allows you to
2269 set the path where that binary is found. This can be changed
2270 at runtime via the sysctl file
2271 /proc/sys/kernel/modprobe. Setting this to the empty string
2272 removes the kernel's ability to request modules (but
2273 userspace can still load modules explicitly).
2274
2275config TRIM_UNUSED_KSYMS
2276 bool "Trim unused exported kernel symbols" if EXPERT
2277 depends on !COMPILE_TEST
2278 help
2279 The kernel and some modules make many symbols available for
2280 other modules to use via EXPORT_SYMBOL() and variants. Depending
2281 on the set of modules being selected in your kernel configuration,
2282 many of those exported symbols might never be used.
2283
2284 This option allows for unused exported symbols to be dropped from
2285 the build. In turn, this provides the compiler more opportunities
2286 (especially when using LTO) for optimizing the code and reducing
2287 binary size. This might have some security advantages as well.
2288
2289 If unsure, or if you need to build out-of-tree modules, say N.
2290
2291config UNUSED_KSYMS_WHITELIST
2292 string "Whitelist of symbols to keep in ksymtab"
2293 depends on TRIM_UNUSED_KSYMS
2294 help
2295 By default, all unused exported symbols will be un-exported from the
2296 build when TRIM_UNUSED_KSYMS is selected.
2297
2298 UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
2299 exported at all times, even in absence of in-tree users. The value to
2300 set here is the path to a text file containing the list of symbols,
2301 one per line. The path can be absolute, or relative to the kernel
2302 source tree.
2303
2304endif
2305
2306config MODULES_TREE_LOOKUP
2307 def_bool y
2308 depends on PERF_EVENTS || TRACING || CFI_CLANG
2309
2310config INIT_ALL_POSSIBLE
2311 bool
2312 help
2313 Back when each arch used to define their own cpu_online_mask and
2314 cpu_possible_mask, some of them chose to initialize cpu_possible_mask
2315 with all 1s, and others with all 0s. When they were centralised,
2316 it was better to provide this option than to break all the archs
2317 and have several arch maintainers pursuing me down dark alleys.
2318
2319source "block/Kconfig"
2320
2321config PREEMPT_NOTIFIERS
2322 bool
2323
2324config PADATA
2325 depends on SMP
2326 bool
2327
2328config ASN1
2329 tristate
2330 help
2331 Build a simple ASN.1 grammar compiler that produces a bytecode output
2332 that can be interpreted by the ASN.1 stream decoder and used to
2333 inform it as to what tags are to be expected in a stream and what
2334 functions to call on what tags.
2335
2336source "kernel/Kconfig.locks"
2337
2338config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
2339 bool
2340
2341config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
2342 bool
2343
2344
2345
2346
2347
2348
2349
2350
2351config ARCH_HAS_SYSCALL_WRAPPER
2352 def_bool n
2353