xref: /openbmc/linux/init/Kconfig (revision 15e3ae36)
1# SPDX-License-Identifier: GPL-2.0-only
2config DEFCONFIG_LIST
3	string
4	depends on !UML
5	option defconfig_list
6	default "/lib/modules/$(shell,uname -r)/.config"
7	default "/etc/kernel-config"
8	default "/boot/config-$(shell,uname -r)"
9	default "arch/$(SRCARCH)/configs/$(KBUILD_DEFCONFIG)"
10
11config CC_IS_GCC
12	def_bool $(success,$(CC) --version | head -n 1 | grep -q gcc)
13
14config GCC_VERSION
15	int
16	default $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) if CC_IS_GCC
17	default 0
18
19config LD_VERSION
20	int
21	default $(shell,$(LD) --version | $(srctree)/scripts/ld-version.sh)
22
23config CC_IS_CLANG
24	def_bool $(success,$(CC) --version | head -n 1 | grep -q clang)
25
26config CLANG_VERSION
27	int
28	default $(shell,$(srctree)/scripts/clang-version.sh $(CC))
29
30config CC_CAN_LINK
31	def_bool $(success,$(srctree)/scripts/cc-can-link.sh $(CC))
32
33config CC_HAS_ASM_GOTO
34	def_bool $(success,$(srctree)/scripts/gcc-goto.sh $(CC))
35
36config TOOLS_SUPPORT_RELR
37	def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
38
39config CC_HAS_ASM_INLINE
40	def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
41
42config CC_HAS_WARN_MAYBE_UNINITIALIZED
43	def_bool $(cc-option,-Wmaybe-uninitialized)
44	help
45	  GCC >= 4.7 supports this option.
46
47config CC_DISABLE_WARN_MAYBE_UNINITIALIZED
48	bool
49	depends on CC_HAS_WARN_MAYBE_UNINITIALIZED
50	default CC_IS_GCC && GCC_VERSION < 40900  # unreliable for GCC < 4.9
51	help
52	  GCC's -Wmaybe-uninitialized is not reliable by definition.
53	  Lots of false positive warnings are produced in some cases.
54
55	  If this option is enabled, -Wno-maybe-uninitialzed is passed
56	  to the compiler to suppress maybe-uninitialized warnings.
57
58config CONSTRUCTORS
59	bool
60	depends on !UML
61
62config IRQ_WORK
63	bool
64
65config BUILDTIME_TABLE_SORT
66	bool
67
68config THREAD_INFO_IN_TASK
69	bool
70	help
71	  Select this to move thread_info off the stack into task_struct.  To
72	  make this work, an arch will need to remove all thread_info fields
73	  except flags and fix any runtime bugs.
74
75	  One subtle change that will be needed is to use try_get_task_stack()
76	  and put_task_stack() in save_thread_stack_tsk() and get_wchan().
77
78menu "General setup"
79
80config BROKEN
81	bool
82
83config BROKEN_ON_SMP
84	bool
85	depends on BROKEN || !SMP
86	default y
87
88config INIT_ENV_ARG_LIMIT
89	int
90	default 32 if !UML
91	default 128 if UML
92	help
93	  Maximum of each of the number of arguments and environment
94	  variables passed to init from the kernel command line.
95
96config COMPILE_TEST
97	bool "Compile also drivers which will not load"
98	depends on !UML
99	default n
100	help
101	  Some drivers can be compiled on a different platform than they are
102	  intended to be run on. Despite they cannot be loaded there (or even
103	  when they load they cannot be used due to missing HW support),
104	  developers still, opposing to distributors, might want to build such
105	  drivers to compile-test them.
106
107	  If you are a developer and want to build everything available, say Y
108	  here. If you are a user/distributor, say N here to exclude useless
109	  drivers to be distributed.
110
111config UAPI_HEADER_TEST
112	bool "Compile test UAPI headers"
113	depends on HEADERS_INSTALL && CC_CAN_LINK
114	help
115	  Compile test headers exported to user-space to ensure they are
116	  self-contained, i.e. compilable as standalone units.
117
118	  If you are a developer or tester and want to ensure the exported
119	  headers are self-contained, say Y here. Otherwise, choose N.
120
121config LOCALVERSION
122	string "Local version - append to kernel release"
123	help
124	  Append an extra string to the end of your kernel version.
125	  This will show up when you type uname, for example.
126	  The string you set here will be appended after the contents of
127	  any files with a filename matching localversion* in your
128	  object and source tree, in that order.  Your total string can
129	  be a maximum of 64 characters.
130
131config LOCALVERSION_AUTO
132	bool "Automatically append version information to the version string"
133	default y
134	depends on !COMPILE_TEST
135	help
136	  This will try to automatically determine if the current tree is a
137	  release tree by looking for git tags that belong to the current
138	  top of tree revision.
139
140	  A string of the format -gxxxxxxxx will be added to the localversion
141	  if a git-based tree is found.  The string generated by this will be
142	  appended after any matching localversion* files, and after the value
143	  set in CONFIG_LOCALVERSION.
144
145	  (The actual string used here is the first eight characters produced
146	  by running the command:
147
148	    $ git rev-parse --verify HEAD
149
150	  which is done within the script "scripts/setlocalversion".)
151
152config BUILD_SALT
153	string "Build ID Salt"
154	default ""
155	help
156	  The build ID is used to link binaries and their debug info. Setting
157	  this option will use the value in the calculation of the build id.
158	  This is mostly useful for distributions which want to ensure the
159	  build is unique between builds. It's safe to leave the default.
160
161config HAVE_KERNEL_GZIP
162	bool
163
164config HAVE_KERNEL_BZIP2
165	bool
166
167config HAVE_KERNEL_LZMA
168	bool
169
170config HAVE_KERNEL_XZ
171	bool
172
173config HAVE_KERNEL_LZO
174	bool
175
176config HAVE_KERNEL_LZ4
177	bool
178
179config HAVE_KERNEL_UNCOMPRESSED
180	bool
181
182choice
183	prompt "Kernel compression mode"
184	default KERNEL_GZIP
185	depends on HAVE_KERNEL_GZIP || HAVE_KERNEL_BZIP2 || HAVE_KERNEL_LZMA || HAVE_KERNEL_XZ || HAVE_KERNEL_LZO || HAVE_KERNEL_LZ4 || HAVE_KERNEL_UNCOMPRESSED
186	help
187	  The linux kernel is a kind of self-extracting executable.
188	  Several compression algorithms are available, which differ
189	  in efficiency, compression and decompression speed.
190	  Compression speed is only relevant when building a kernel.
191	  Decompression speed is relevant at each boot.
192
193	  If you have any problems with bzip2 or lzma compressed
194	  kernels, mail me (Alain Knaff) <alain@knaff.lu>. (An older
195	  version of this functionality (bzip2 only), for 2.4, was
196	  supplied by Christian Ludwig)
197
198	  High compression options are mostly useful for users, who
199	  are low on disk space (embedded systems), but for whom ram
200	  size matters less.
201
202	  If in doubt, select 'gzip'
203
204config KERNEL_GZIP
205	bool "Gzip"
206	depends on HAVE_KERNEL_GZIP
207	help
208	  The old and tried gzip compression. It provides a good balance
209	  between compression ratio and decompression speed.
210
211config KERNEL_BZIP2
212	bool "Bzip2"
213	depends on HAVE_KERNEL_BZIP2
214	help
215	  Its compression ratio and speed is intermediate.
216	  Decompression speed is slowest among the choices.  The kernel
217	  size is about 10% smaller with bzip2, in comparison to gzip.
218	  Bzip2 uses a large amount of memory. For modern kernels you
219	  will need at least 8MB RAM or more for booting.
220
221config KERNEL_LZMA
222	bool "LZMA"
223	depends on HAVE_KERNEL_LZMA
224	help
225	  This compression algorithm's ratio is best.  Decompression speed
226	  is between gzip and bzip2.  Compression is slowest.
227	  The kernel size is about 33% smaller with LZMA in comparison to gzip.
228
229config KERNEL_XZ
230	bool "XZ"
231	depends on HAVE_KERNEL_XZ
232	help
233	  XZ uses the LZMA2 algorithm and instruction set specific
234	  BCJ filters which can improve compression ratio of executable
235	  code. The size of the kernel is about 30% smaller with XZ in
236	  comparison to gzip. On architectures for which there is a BCJ
237	  filter (i386, x86_64, ARM, IA-64, PowerPC, and SPARC), XZ
238	  will create a few percent smaller kernel than plain LZMA.
239
240	  The speed is about the same as with LZMA: The decompression
241	  speed of XZ is better than that of bzip2 but worse than gzip
242	  and LZO. Compression is slow.
243
244config KERNEL_LZO
245	bool "LZO"
246	depends on HAVE_KERNEL_LZO
247	help
248	  Its compression ratio is the poorest among the choices. The kernel
249	  size is about 10% bigger than gzip; however its speed
250	  (both compression and decompression) is the fastest.
251
252config KERNEL_LZ4
253	bool "LZ4"
254	depends on HAVE_KERNEL_LZ4
255	help
256	  LZ4 is an LZ77-type compressor with a fixed, byte-oriented encoding.
257	  A preliminary version of LZ4 de/compression tool is available at
258	  <https://code.google.com/p/lz4/>.
259
260	  Its compression ratio is worse than LZO. The size of the kernel
261	  is about 8% bigger than LZO. But the decompression speed is
262	  faster than LZO.
263
264config KERNEL_UNCOMPRESSED
265	bool "None"
266	depends on HAVE_KERNEL_UNCOMPRESSED
267	help
268	  Produce uncompressed kernel image. This option is usually not what
269	  you want. It is useful for debugging the kernel in slow simulation
270	  environments, where decompressing and moving the kernel is awfully
271	  slow. This option allows early boot code to skip the decompressor
272	  and jump right at uncompressed kernel image.
273
274endchoice
275
276config DEFAULT_HOSTNAME
277	string "Default hostname"
278	default "(none)"
279	help
280	  This option determines the default system hostname before userspace
281	  calls sethostname(2). The kernel traditionally uses "(none)" here,
282	  but you may wish to use a different default here to make a minimal
283	  system more usable with less configuration.
284
285#
286# For some reason microblaze and nios2 hard code SWAP=n.  Hopefully we can
287# add proper SWAP support to them, in which case this can be remove.
288#
289config ARCH_NO_SWAP
290	bool
291
292config SWAP
293	bool "Support for paging of anonymous memory (swap)"
294	depends on MMU && BLOCK && !ARCH_NO_SWAP
295	default y
296	help
297	  This option allows you to choose whether you want to have support
298	  for so called swap devices or swap files in your kernel that are
299	  used to provide more virtual memory than the actual RAM present
300	  in your computer.  If unsure say Y.
301
302config SYSVIPC
303	bool "System V IPC"
304	---help---
305	  Inter Process Communication is a suite of library functions and
306	  system calls which let processes (running programs) synchronize and
307	  exchange information. It is generally considered to be a good thing,
308	  and some programs won't run unless you say Y here. In particular, if
309	  you want to run the DOS emulator dosemu under Linux (read the
310	  DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
311	  you'll need to say Y here.
312
313	  You can find documentation about IPC with "info ipc" and also in
314	  section 6.4 of the Linux Programmer's Guide, available from
315	  <http://www.tldp.org/guides.html>.
316
317config SYSVIPC_SYSCTL
318	bool
319	depends on SYSVIPC
320	depends on SYSCTL
321	default y
322
323config POSIX_MQUEUE
324	bool "POSIX Message Queues"
325	depends on NET
326	---help---
327	  POSIX variant of message queues is a part of IPC. In POSIX message
328	  queues every message has a priority which decides about succession
329	  of receiving it by a process. If you want to compile and run
330	  programs written e.g. for Solaris with use of its POSIX message
331	  queues (functions mq_*) say Y here.
332
333	  POSIX message queues are visible as a filesystem called 'mqueue'
334	  and can be mounted somewhere if you want to do filesystem
335	  operations on message queues.
336
337	  If unsure, say Y.
338
339config POSIX_MQUEUE_SYSCTL
340	bool
341	depends on POSIX_MQUEUE
342	depends on SYSCTL
343	default y
344
345config CROSS_MEMORY_ATTACH
346	bool "Enable process_vm_readv/writev syscalls"
347	depends on MMU
348	default y
349	help
350	  Enabling this option adds the system calls process_vm_readv and
351	  process_vm_writev which allow a process with the correct privileges
352	  to directly read from or write to another process' address space.
353	  See the man page for more details.
354
355config USELIB
356	bool "uselib syscall"
357	def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
358	help
359	  This option enables the uselib syscall, a system call used in the
360	  dynamic linker from libc5 and earlier.  glibc does not use this
361	  system call.  If you intend to run programs built on libc5 or
362	  earlier, you may need to enable this syscall.  Current systems
363	  running glibc can safely disable this.
364
365config AUDIT
366	bool "Auditing support"
367	depends on NET
368	help
369	  Enable auditing infrastructure that can be used with another
370	  kernel subsystem, such as SELinux (which requires this for
371	  logging of avc messages output).  System call auditing is included
372	  on architectures which support it.
373
374config HAVE_ARCH_AUDITSYSCALL
375	bool
376
377config AUDITSYSCALL
378	def_bool y
379	depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
380	select FSNOTIFY
381
382source "kernel/irq/Kconfig"
383source "kernel/time/Kconfig"
384source "kernel/Kconfig.preempt"
385
386menu "CPU/Task time and stats accounting"
387
388config VIRT_CPU_ACCOUNTING
389	bool
390
391choice
392	prompt "Cputime accounting"
393	default TICK_CPU_ACCOUNTING if !PPC64
394	default VIRT_CPU_ACCOUNTING_NATIVE if PPC64
395
396# Kind of a stub config for the pure tick based cputime accounting
397config TICK_CPU_ACCOUNTING
398	bool "Simple tick based cputime accounting"
399	depends on !S390 && !NO_HZ_FULL
400	help
401	  This is the basic tick based cputime accounting that maintains
402	  statistics about user, system and idle time spent on per jiffies
403	  granularity.
404
405	  If unsure, say Y.
406
407config VIRT_CPU_ACCOUNTING_NATIVE
408	bool "Deterministic task and CPU time accounting"
409	depends on HAVE_VIRT_CPU_ACCOUNTING && !NO_HZ_FULL
410	select VIRT_CPU_ACCOUNTING
411	help
412	  Select this option to enable more accurate task and CPU time
413	  accounting.  This is done by reading a CPU counter on each
414	  kernel entry and exit and on transitions within the kernel
415	  between system, softirq and hardirq state, so there is a
416	  small performance impact.  In the case of s390 or IBM POWER > 5,
417	  this also enables accounting of stolen time on logically-partitioned
418	  systems.
419
420config VIRT_CPU_ACCOUNTING_GEN
421	bool "Full dynticks CPU time accounting"
422	depends on HAVE_CONTEXT_TRACKING
423	depends on HAVE_VIRT_CPU_ACCOUNTING_GEN
424	depends on GENERIC_CLOCKEVENTS
425	select VIRT_CPU_ACCOUNTING
426	select CONTEXT_TRACKING
427	help
428	  Select this option to enable task and CPU time accounting on full
429	  dynticks systems. This accounting is implemented by watching every
430	  kernel-user boundaries using the context tracking subsystem.
431	  The accounting is thus performed at the expense of some significant
432	  overhead.
433
434	  For now this is only useful if you are working on the full
435	  dynticks subsystem development.
436
437	  If unsure, say N.
438
439endchoice
440
441config IRQ_TIME_ACCOUNTING
442	bool "Fine granularity task level IRQ time accounting"
443	depends on HAVE_IRQ_TIME_ACCOUNTING && !VIRT_CPU_ACCOUNTING_NATIVE
444	help
445	  Select this option to enable fine granularity task irq time
446	  accounting. This is done by reading a timestamp on each
447	  transitions between softirq and hardirq state, so there can be a
448	  small performance impact.
449
450	  If in doubt, say N here.
451
452config HAVE_SCHED_AVG_IRQ
453	def_bool y
454	depends on IRQ_TIME_ACCOUNTING || PARAVIRT_TIME_ACCOUNTING
455	depends on SMP
456
457config SCHED_THERMAL_PRESSURE
458	bool "Enable periodic averaging of thermal pressure"
459	depends on SMP
460
461config BSD_PROCESS_ACCT
462	bool "BSD Process Accounting"
463	depends on MULTIUSER
464	help
465	  If you say Y here, a user level program will be able to instruct the
466	  kernel (via a special system call) to write process accounting
467	  information to a file: whenever a process exits, information about
468	  that process will be appended to the file by the kernel.  The
469	  information includes things such as creation time, owning user,
470	  command name, memory usage, controlling terminal etc. (the complete
471	  list is in the struct acct in <file:include/linux/acct.h>).  It is
472	  up to the user level program to do useful things with this
473	  information.  This is generally a good idea, so say Y.
474
475config BSD_PROCESS_ACCT_V3
476	bool "BSD Process Accounting version 3 file format"
477	depends on BSD_PROCESS_ACCT
478	default n
479	help
480	  If you say Y here, the process accounting information is written
481	  in a new file format that also logs the process IDs of each
482	  process and its parent. Note that this file format is incompatible
483	  with previous v0/v1/v2 file formats, so you will need updated tools
484	  for processing it. A preliminary version of these tools is available
485	  at <http://www.gnu.org/software/acct/>.
486
487config TASKSTATS
488	bool "Export task/process statistics through netlink"
489	depends on NET
490	depends on MULTIUSER
491	default n
492	help
493	  Export selected statistics for tasks/processes through the
494	  generic netlink interface. Unlike BSD process accounting, the
495	  statistics are available during the lifetime of tasks/processes as
496	  responses to commands. Like BSD accounting, they are sent to user
497	  space on task exit.
498
499	  Say N if unsure.
500
501config TASK_DELAY_ACCT
502	bool "Enable per-task delay accounting"
503	depends on TASKSTATS
504	select SCHED_INFO
505	help
506	  Collect information on time spent by a task waiting for system
507	  resources like cpu, synchronous block I/O completion and swapping
508	  in pages. Such statistics can help in setting a task's priorities
509	  relative to other tasks for cpu, io, rss limits etc.
510
511	  Say N if unsure.
512
513config TASK_XACCT
514	bool "Enable extended accounting over taskstats"
515	depends on TASKSTATS
516	help
517	  Collect extended task accounting data and send the data
518	  to userland for processing over the taskstats interface.
519
520	  Say N if unsure.
521
522config TASK_IO_ACCOUNTING
523	bool "Enable per-task storage I/O accounting"
524	depends on TASK_XACCT
525	help
526	  Collect information on the number of bytes of storage I/O which this
527	  task has caused.
528
529	  Say N if unsure.
530
531config PSI
532	bool "Pressure stall information tracking"
533	help
534	  Collect metrics that indicate how overcommitted the CPU, memory,
535	  and IO capacity are in the system.
536
537	  If you say Y here, the kernel will create /proc/pressure/ with the
538	  pressure statistics files cpu, memory, and io. These will indicate
539	  the share of walltime in which some or all tasks in the system are
540	  delayed due to contention of the respective resource.
541
542	  In kernels with cgroup support, cgroups (cgroup2 only) will
543	  have cpu.pressure, memory.pressure, and io.pressure files,
544	  which aggregate pressure stalls for the grouped tasks only.
545
546	  For more details see Documentation/accounting/psi.rst.
547
548	  Say N if unsure.
549
550config PSI_DEFAULT_DISABLED
551	bool "Require boot parameter to enable pressure stall information tracking"
552	default n
553	depends on PSI
554	help
555	  If set, pressure stall information tracking will be disabled
556	  per default but can be enabled through passing psi=1 on the
557	  kernel commandline during boot.
558
559	  This feature adds some code to the task wakeup and sleep
560	  paths of the scheduler. The overhead is too low to affect
561	  common scheduling-intense workloads in practice (such as
562	  webservers, memcache), but it does show up in artificial
563	  scheduler stress tests, such as hackbench.
564
565	  If you are paranoid and not sure what the kernel will be
566	  used for, say Y.
567
568	  Say N if unsure.
569
570endmenu # "CPU/Task time and stats accounting"
571
572config CPU_ISOLATION
573	bool "CPU isolation"
574	depends on SMP || COMPILE_TEST
575	default y
576	help
577	  Make sure that CPUs running critical tasks are not disturbed by
578	  any source of "noise" such as unbound workqueues, timers, kthreads...
579	  Unbound jobs get offloaded to housekeeping CPUs. This is driven by
580	  the "isolcpus=" boot parameter.
581
582	  Say Y if unsure.
583
584source "kernel/rcu/Kconfig"
585
586config BUILD_BIN2C
587	bool
588	default n
589
590config IKCONFIG
591	tristate "Kernel .config support"
592	---help---
593	  This option enables the complete Linux kernel ".config" file
594	  contents to be saved in the kernel. It provides documentation
595	  of which kernel options are used in a running kernel or in an
596	  on-disk kernel.  This information can be extracted from the kernel
597	  image file with the script scripts/extract-ikconfig and used as
598	  input to rebuild the current kernel or to build another kernel.
599	  It can also be extracted from a running kernel by reading
600	  /proc/config.gz if enabled (below).
601
602config IKCONFIG_PROC
603	bool "Enable access to .config through /proc/config.gz"
604	depends on IKCONFIG && PROC_FS
605	---help---
606	  This option enables access to the kernel configuration file
607	  through /proc/config.gz.
608
609config IKHEADERS
610	tristate "Enable kernel headers through /sys/kernel/kheaders.tar.xz"
611	depends on SYSFS
612	help
613	  This option enables access to the in-kernel headers that are generated during
614	  the build process. These can be used to build eBPF tracing programs,
615	  or similar programs.  If you build the headers as a module, a module called
616	  kheaders.ko is built which can be loaded on-demand to get access to headers.
617
618config LOG_BUF_SHIFT
619	int "Kernel log buffer size (16 => 64KB, 17 => 128KB)"
620	range 12 25
621	default 17
622	depends on PRINTK
623	help
624	  Select the minimal kernel log buffer size as a power of 2.
625	  The final size is affected by LOG_CPU_MAX_BUF_SHIFT config
626	  parameter, see below. Any higher size also might be forced
627	  by "log_buf_len" boot parameter.
628
629	  Examples:
630		     17 => 128 KB
631		     16 => 64 KB
632		     15 => 32 KB
633		     14 => 16 KB
634		     13 =>  8 KB
635		     12 =>  4 KB
636
637config LOG_CPU_MAX_BUF_SHIFT
638	int "CPU kernel log buffer size contribution (13 => 8 KB, 17 => 128KB)"
639	depends on SMP
640	range 0 21
641	default 12 if !BASE_SMALL
642	default 0 if BASE_SMALL
643	depends on PRINTK
644	help
645	  This option allows to increase the default ring buffer size
646	  according to the number of CPUs. The value defines the contribution
647	  of each CPU as a power of 2. The used space is typically only few
648	  lines however it might be much more when problems are reported,
649	  e.g. backtraces.
650
651	  The increased size means that a new buffer has to be allocated and
652	  the original static one is unused. It makes sense only on systems
653	  with more CPUs. Therefore this value is used only when the sum of
654	  contributions is greater than the half of the default kernel ring
655	  buffer as defined by LOG_BUF_SHIFT. The default values are set
656	  so that more than 64 CPUs are needed to trigger the allocation.
657
658	  Also this option is ignored when "log_buf_len" kernel parameter is
659	  used as it forces an exact (power of two) size of the ring buffer.
660
661	  The number of possible CPUs is used for this computation ignoring
662	  hotplugging making the computation optimal for the worst case
663	  scenario while allowing a simple algorithm to be used from bootup.
664
665	  Examples shift values and their meaning:
666		     17 => 128 KB for each CPU
667		     16 =>  64 KB for each CPU
668		     15 =>  32 KB for each CPU
669		     14 =>  16 KB for each CPU
670		     13 =>   8 KB for each CPU
671		     12 =>   4 KB for each CPU
672
673config PRINTK_SAFE_LOG_BUF_SHIFT
674	int "Temporary per-CPU printk log buffer size (12 => 4KB, 13 => 8KB)"
675	range 10 21
676	default 13
677	depends on PRINTK
678	help
679	  Select the size of an alternate printk per-CPU buffer where messages
680	  printed from usafe contexts are temporary stored. One example would
681	  be NMI messages, another one - printk recursion. The messages are
682	  copied to the main log buffer in a safe context to avoid a deadlock.
683	  The value defines the size as a power of 2.
684
685	  Those messages are rare and limited. The largest one is when
686	  a backtrace is printed. It usually fits into 4KB. Select
687	  8KB if you want to be on the safe side.
688
689	  Examples:
690		     17 => 128 KB for each CPU
691		     16 =>  64 KB for each CPU
692		     15 =>  32 KB for each CPU
693		     14 =>  16 KB for each CPU
694		     13 =>   8 KB for each CPU
695		     12 =>   4 KB for each CPU
696
697#
698# Architectures with an unreliable sched_clock() should select this:
699#
700config HAVE_UNSTABLE_SCHED_CLOCK
701	bool
702
703config GENERIC_SCHED_CLOCK
704	bool
705
706menu "Scheduler features"
707
708config UCLAMP_TASK
709	bool "Enable utilization clamping for RT/FAIR tasks"
710	depends on CPU_FREQ_GOV_SCHEDUTIL
711	help
712	  This feature enables the scheduler to track the clamped utilization
713	  of each CPU based on RUNNABLE tasks scheduled on that CPU.
714
715	  With this option, the user can specify the min and max CPU
716	  utilization allowed for RUNNABLE tasks. The max utilization defines
717	  the maximum frequency a task should use while the min utilization
718	  defines the minimum frequency it should use.
719
720	  Both min and max utilization clamp values are hints to the scheduler,
721	  aiming at improving its frequency selection policy, but they do not
722	  enforce or grant any specific bandwidth for tasks.
723
724	  If in doubt, say N.
725
726config UCLAMP_BUCKETS_COUNT
727	int "Number of supported utilization clamp buckets"
728	range 5 20
729	default 5
730	depends on UCLAMP_TASK
731	help
732	  Defines the number of clamp buckets to use. The range of each bucket
733	  will be SCHED_CAPACITY_SCALE/UCLAMP_BUCKETS_COUNT. The higher the
734	  number of clamp buckets the finer their granularity and the higher
735	  the precision of clamping aggregation and tracking at run-time.
736
737	  For example, with the minimum configuration value we will have 5
738	  clamp buckets tracking 20% utilization each. A 25% boosted tasks will
739	  be refcounted in the [20..39]% bucket and will set the bucket clamp
740	  effective value to 25%.
741	  If a second 30% boosted task should be co-scheduled on the same CPU,
742	  that task will be refcounted in the same bucket of the first task and
743	  it will boost the bucket clamp effective value to 30%.
744	  The clamp effective value of a bucket is reset to its nominal value
745	  (20% in the example above) when there are no more tasks refcounted in
746	  that bucket.
747
748	  An additional boost/capping margin can be added to some tasks. In the
749	  example above the 25% task will be boosted to 30% until it exits the
750	  CPU. If that should be considered not acceptable on certain systems,
751	  it's always possible to reduce the margin by increasing the number of
752	  clamp buckets to trade off used memory for run-time tracking
753	  precision.
754
755	  If in doubt, use the default value.
756
757endmenu
758
759#
760# For architectures that want to enable the support for NUMA-affine scheduler
761# balancing logic:
762#
763config ARCH_SUPPORTS_NUMA_BALANCING
764	bool
765
766#
767# For architectures that prefer to flush all TLBs after a number of pages
768# are unmapped instead of sending one IPI per page to flush. The architecture
769# must provide guarantees on what happens if a clean TLB cache entry is
770# written after the unmap. Details are in mm/rmap.c near the check for
771# should_defer_flush. The architecture should also consider if the full flush
772# and the refill costs are offset by the savings of sending fewer IPIs.
773config ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
774	bool
775
776config CC_HAS_INT128
777	def_bool !$(cc-option,$(m64-flag) -D__SIZEOF_INT128__=0) && 64BIT
778
779#
780# For architectures that know their GCC __int128 support is sound
781#
782config ARCH_SUPPORTS_INT128
783	bool
784
785# For architectures that (ab)use NUMA to represent different memory regions
786# all cpu-local but of different latencies, such as SuperH.
787#
788config ARCH_WANT_NUMA_VARIABLE_LOCALITY
789	bool
790
791config NUMA_BALANCING
792	bool "Memory placement aware NUMA scheduler"
793	depends on ARCH_SUPPORTS_NUMA_BALANCING
794	depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY
795	depends on SMP && NUMA && MIGRATION
796	help
797	  This option adds support for automatic NUMA aware memory/task placement.
798	  The mechanism is quite primitive and is based on migrating memory when
799	  it has references to the node the task is running on.
800
801	  This system will be inactive on UMA systems.
802
803config NUMA_BALANCING_DEFAULT_ENABLED
804	bool "Automatically enable NUMA aware memory/task placement"
805	default y
806	depends on NUMA_BALANCING
807	help
808	  If set, automatic NUMA balancing will be enabled if running on a NUMA
809	  machine.
810
811menuconfig CGROUPS
812	bool "Control Group support"
813	select KERNFS
814	help
815	  This option adds support for grouping sets of processes together, for
816	  use with process control subsystems such as Cpusets, CFS, memory
817	  controls or device isolation.
818	  See
819		- Documentation/scheduler/sched-design-CFS.rst	(CFS)
820		- Documentation/admin-guide/cgroup-v1/ (features for grouping, isolation
821					  and resource control)
822
823	  Say N if unsure.
824
825if CGROUPS
826
827config PAGE_COUNTER
828	bool
829
830config MEMCG
831	bool "Memory controller"
832	select PAGE_COUNTER
833	select EVENTFD
834	help
835	  Provides control over the memory footprint of tasks in a cgroup.
836
837config MEMCG_SWAP
838	bool "Swap controller"
839	depends on MEMCG && SWAP
840	help
841	  Provides control over the swap space consumed by tasks in a cgroup.
842
843config MEMCG_SWAP_ENABLED
844	bool "Swap controller enabled by default"
845	depends on MEMCG_SWAP
846	default y
847	help
848	  Memory Resource Controller Swap Extension comes with its price in
849	  a bigger memory consumption. General purpose distribution kernels
850	  which want to enable the feature but keep it disabled by default
851	  and let the user enable it by swapaccount=1 boot command line
852	  parameter should have this option unselected.
853	  For those who want to have the feature enabled by default should
854	  select this option (if, for some reason, they need to disable it
855	  then swapaccount=0 does the trick).
856
857config MEMCG_KMEM
858	bool
859	depends on MEMCG && !SLOB
860	default y
861
862config BLK_CGROUP
863	bool "IO controller"
864	depends on BLOCK
865	default n
866	---help---
867	Generic block IO controller cgroup interface. This is the common
868	cgroup interface which should be used by various IO controlling
869	policies.
870
871	Currently, CFQ IO scheduler uses it to recognize task groups and
872	control disk bandwidth allocation (proportional time slice allocation)
873	to such task groups. It is also used by bio throttling logic in
874	block layer to implement upper limit in IO rates on a device.
875
876	This option only enables generic Block IO controller infrastructure.
877	One needs to also enable actual IO controlling logic/policy. For
878	enabling proportional weight division of disk bandwidth in CFQ, set
879	CONFIG_BFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
880	CONFIG_BLK_DEV_THROTTLING=y.
881
882	See Documentation/admin-guide/cgroup-v1/blkio-controller.rst for more information.
883
884config CGROUP_WRITEBACK
885	bool
886	depends on MEMCG && BLK_CGROUP
887	default y
888
889menuconfig CGROUP_SCHED
890	bool "CPU controller"
891	default n
892	help
893	  This feature lets CPU scheduler recognize task groups and control CPU
894	  bandwidth allocation to such task groups. It uses cgroups to group
895	  tasks.
896
897if CGROUP_SCHED
898config FAIR_GROUP_SCHED
899	bool "Group scheduling for SCHED_OTHER"
900	depends on CGROUP_SCHED
901	default CGROUP_SCHED
902
903config CFS_BANDWIDTH
904	bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
905	depends on FAIR_GROUP_SCHED
906	default n
907	help
908	  This option allows users to define CPU bandwidth rates (limits) for
909	  tasks running within the fair group scheduler.  Groups with no limit
910	  set are considered to be unconstrained and will run with no
911	  restriction.
912	  See Documentation/scheduler/sched-bwc.rst for more information.
913
914config RT_GROUP_SCHED
915	bool "Group scheduling for SCHED_RR/FIFO"
916	depends on CGROUP_SCHED
917	default n
918	help
919	  This feature lets you explicitly allocate real CPU bandwidth
920	  to task groups. If enabled, it will also make it impossible to
921	  schedule realtime tasks for non-root users until you allocate
922	  realtime bandwidth for them.
923	  See Documentation/scheduler/sched-rt-group.rst for more information.
924
925endif #CGROUP_SCHED
926
927config UCLAMP_TASK_GROUP
928	bool "Utilization clamping per group of tasks"
929	depends on CGROUP_SCHED
930	depends on UCLAMP_TASK
931	default n
932	help
933	  This feature enables the scheduler to track the clamped utilization
934	  of each CPU based on RUNNABLE tasks currently scheduled on that CPU.
935
936	  When this option is enabled, the user can specify a min and max
937	  CPU bandwidth which is allowed for each single task in a group.
938	  The max bandwidth allows to clamp the maximum frequency a task
939	  can use, while the min bandwidth allows to define a minimum
940	  frequency a task will always use.
941
942	  When task group based utilization clamping is enabled, an eventually
943	  specified task-specific clamp value is constrained by the cgroup
944	  specified clamp value. Both minimum and maximum task clamping cannot
945	  be bigger than the corresponding clamping defined at task group level.
946
947	  If in doubt, say N.
948
949config CGROUP_PIDS
950	bool "PIDs controller"
951	help
952	  Provides enforcement of process number limits in the scope of a
953	  cgroup. Any attempt to fork more processes than is allowed in the
954	  cgroup will fail. PIDs are fundamentally a global resource because it
955	  is fairly trivial to reach PID exhaustion before you reach even a
956	  conservative kmemcg limit. As a result, it is possible to grind a
957	  system to halt without being limited by other cgroup policies. The
958	  PIDs controller is designed to stop this from happening.
959
960	  It should be noted that organisational operations (such as attaching
961	  to a cgroup hierarchy) will *not* be blocked by the PIDs controller,
962	  since the PIDs limit only affects a process's ability to fork, not to
963	  attach to a cgroup.
964
965config CGROUP_RDMA
966	bool "RDMA controller"
967	help
968	  Provides enforcement of RDMA resources defined by IB stack.
969	  It is fairly easy for consumers to exhaust RDMA resources, which
970	  can result into resource unavailability to other consumers.
971	  RDMA controller is designed to stop this from happening.
972	  Attaching processes with active RDMA resources to the cgroup
973	  hierarchy is allowed even if can cross the hierarchy's limit.
974
975config CGROUP_FREEZER
976	bool "Freezer controller"
977	help
978	  Provides a way to freeze and unfreeze all tasks in a
979	  cgroup.
980
981	  This option affects the ORIGINAL cgroup interface. The cgroup2 memory
982	  controller includes important in-kernel memory consumers per default.
983
984	  If you're using cgroup2, say N.
985
986config CGROUP_HUGETLB
987	bool "HugeTLB controller"
988	depends on HUGETLB_PAGE
989	select PAGE_COUNTER
990	default n
991	help
992	  Provides a cgroup controller for HugeTLB pages.
993	  When you enable this, you can put a per cgroup limit on HugeTLB usage.
994	  The limit is enforced during page fault. Since HugeTLB doesn't
995	  support page reclaim, enforcing the limit at page fault time implies
996	  that, the application will get SIGBUS signal if it tries to access
997	  HugeTLB pages beyond its limit. This requires the application to know
998	  beforehand how much HugeTLB pages it would require for its use. The
999	  control group is tracked in the third page lru pointer. This means
1000	  that we cannot use the controller with huge page less than 3 pages.
1001
1002config CPUSETS
1003	bool "Cpuset controller"
1004	depends on SMP
1005	help
1006	  This option will let you create and manage CPUSETs which
1007	  allow dynamically partitioning a system into sets of CPUs and
1008	  Memory Nodes and assigning tasks to run only within those sets.
1009	  This is primarily useful on large SMP or NUMA systems.
1010
1011	  Say N if unsure.
1012
1013config PROC_PID_CPUSET
1014	bool "Include legacy /proc/<pid>/cpuset file"
1015	depends on CPUSETS
1016	default y
1017
1018config CGROUP_DEVICE
1019	bool "Device controller"
1020	help
1021	  Provides a cgroup controller implementing whitelists for
1022	  devices which a process in the cgroup can mknod or open.
1023
1024config CGROUP_CPUACCT
1025	bool "Simple CPU accounting controller"
1026	help
1027	  Provides a simple controller for monitoring the
1028	  total CPU consumed by the tasks in a cgroup.
1029
1030config CGROUP_PERF
1031	bool "Perf controller"
1032	depends on PERF_EVENTS
1033	help
1034	  This option extends the perf per-cpu mode to restrict monitoring
1035	  to threads which belong to the cgroup specified and run on the
1036	  designated cpu.  Or this can be used to have cgroup ID in samples
1037	  so that it can monitor performance events among cgroups.
1038
1039	  Say N if unsure.
1040
1041config CGROUP_BPF
1042	bool "Support for eBPF programs attached to cgroups"
1043	depends on BPF_SYSCALL
1044	select SOCK_CGROUP_DATA
1045	help
1046	  Allow attaching eBPF programs to a cgroup using the bpf(2)
1047	  syscall command BPF_PROG_ATTACH.
1048
1049	  In which context these programs are accessed depends on the type
1050	  of attachment. For instance, programs that are attached using
1051	  BPF_CGROUP_INET_INGRESS will be executed on the ingress path of
1052	  inet sockets.
1053
1054config CGROUP_DEBUG
1055	bool "Debug controller"
1056	default n
1057	depends on DEBUG_KERNEL
1058	help
1059	  This option enables a simple controller that exports
1060	  debugging information about the cgroups framework. This
1061	  controller is for control cgroup debugging only. Its
1062	  interfaces are not stable.
1063
1064	  Say N.
1065
1066config SOCK_CGROUP_DATA
1067	bool
1068	default n
1069
1070endif # CGROUPS
1071
1072menuconfig NAMESPACES
1073	bool "Namespaces support" if EXPERT
1074	depends on MULTIUSER
1075	default !EXPERT
1076	help
1077	  Provides the way to make tasks work with different objects using
1078	  the same id. For example same IPC id may refer to different objects
1079	  or same user id or pid may refer to different tasks when used in
1080	  different namespaces.
1081
1082if NAMESPACES
1083
1084config UTS_NS
1085	bool "UTS namespace"
1086	default y
1087	help
1088	  In this namespace tasks see different info provided with the
1089	  uname() system call
1090
1091config TIME_NS
1092	bool "TIME namespace"
1093	depends on GENERIC_VDSO_TIME_NS
1094	default y
1095	help
1096	  In this namespace boottime and monotonic clocks can be set.
1097	  The time will keep going with the same pace.
1098
1099config IPC_NS
1100	bool "IPC namespace"
1101	depends on (SYSVIPC || POSIX_MQUEUE)
1102	default y
1103	help
1104	  In this namespace tasks work with IPC ids which correspond to
1105	  different IPC objects in different namespaces.
1106
1107config USER_NS
1108	bool "User namespace"
1109	default n
1110	help
1111	  This allows containers, i.e. vservers, to use user namespaces
1112	  to provide different user info for different servers.
1113
1114	  When user namespaces are enabled in the kernel it is
1115	  recommended that the MEMCG option also be enabled and that
1116	  user-space use the memory control groups to limit the amount
1117	  of memory a memory unprivileged users can use.
1118
1119	  If unsure, say N.
1120
1121config PID_NS
1122	bool "PID Namespaces"
1123	default y
1124	help
1125	  Support process id namespaces.  This allows having multiple
1126	  processes with the same pid as long as they are in different
1127	  pid namespaces.  This is a building block of containers.
1128
1129config NET_NS
1130	bool "Network namespace"
1131	depends on NET
1132	default y
1133	help
1134	  Allow user space to create what appear to be multiple instances
1135	  of the network stack.
1136
1137endif # NAMESPACES
1138
1139config CHECKPOINT_RESTORE
1140	bool "Checkpoint/restore support"
1141	select PROC_CHILDREN
1142	default n
1143	help
1144	  Enables additional kernel features in a sake of checkpoint/restore.
1145	  In particular it adds auxiliary prctl codes to setup process text,
1146	  data and heap segment sizes, and a few additional /proc filesystem
1147	  entries.
1148
1149	  If unsure, say N here.
1150
1151config SCHED_AUTOGROUP
1152	bool "Automatic process group scheduling"
1153	select CGROUPS
1154	select CGROUP_SCHED
1155	select FAIR_GROUP_SCHED
1156	help
1157	  This option optimizes the scheduler for common desktop workloads by
1158	  automatically creating and populating task groups.  This separation
1159	  of workloads isolates aggressive CPU burners (like build jobs) from
1160	  desktop applications.  Task group autogeneration is currently based
1161	  upon task session.
1162
1163config SYSFS_DEPRECATED
1164	bool "Enable deprecated sysfs features to support old userspace tools"
1165	depends on SYSFS
1166	default n
1167	help
1168	  This option adds code that switches the layout of the "block" class
1169	  devices, to not show up in /sys/class/block/, but only in
1170	  /sys/block/.
1171
1172	  This switch is only active when the sysfs.deprecated=1 boot option is
1173	  passed or the SYSFS_DEPRECATED_V2 option is set.
1174
1175	  This option allows new kernels to run on old distributions and tools,
1176	  which might get confused by /sys/class/block/. Since 2007/2008 all
1177	  major distributions and tools handle this just fine.
1178
1179	  Recent distributions and userspace tools after 2009/2010 depend on
1180	  the existence of /sys/class/block/, and will not work with this
1181	  option enabled.
1182
1183	  Only if you are using a new kernel on an old distribution, you might
1184	  need to say Y here.
1185
1186config SYSFS_DEPRECATED_V2
1187	bool "Enable deprecated sysfs features by default"
1188	default n
1189	depends on SYSFS
1190	depends on SYSFS_DEPRECATED
1191	help
1192	  Enable deprecated sysfs by default.
1193
1194	  See the CONFIG_SYSFS_DEPRECATED option for more details about this
1195	  option.
1196
1197	  Only if you are using a new kernel on an old distribution, you might
1198	  need to say Y here. Even then, odds are you would not need it
1199	  enabled, you can always pass the boot option if absolutely necessary.
1200
1201config RELAY
1202	bool "Kernel->user space relay support (formerly relayfs)"
1203	select IRQ_WORK
1204	help
1205	  This option enables support for relay interface support in
1206	  certain file systems (such as debugfs).
1207	  It is designed to provide an efficient mechanism for tools and
1208	  facilities to relay large amounts of data from kernel space to
1209	  user space.
1210
1211	  If unsure, say N.
1212
1213config BLK_DEV_INITRD
1214	bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
1215	help
1216	  The initial RAM filesystem is a ramfs which is loaded by the
1217	  boot loader (loadlin or lilo) and that is mounted as root
1218	  before the normal boot procedure. It is typically used to
1219	  load modules needed to mount the "real" root file system,
1220	  etc. See <file:Documentation/admin-guide/initrd.rst> for details.
1221
1222	  If RAM disk support (BLK_DEV_RAM) is also included, this
1223	  also enables initial RAM disk (initrd) support and adds
1224	  15 Kbytes (more on some other architectures) to the kernel size.
1225
1226	  If unsure say Y.
1227
1228if BLK_DEV_INITRD
1229
1230source "usr/Kconfig"
1231
1232endif
1233
1234config BOOT_CONFIG
1235	bool "Boot config support"
1236	select BLK_DEV_INITRD
1237	help
1238	  Extra boot config allows system admin to pass a config file as
1239	  complemental extension of kernel cmdline when booting.
1240	  The boot config file must be attached at the end of initramfs
1241	  with checksum, size and magic word.
1242	  See <file:Documentation/admin-guide/bootconfig.rst> for details.
1243
1244	  If unsure, say Y.
1245
1246choice
1247	prompt "Compiler optimization level"
1248	default CC_OPTIMIZE_FOR_PERFORMANCE
1249
1250config CC_OPTIMIZE_FOR_PERFORMANCE
1251	bool "Optimize for performance (-O2)"
1252	help
1253	  This is the default optimization level for the kernel, building
1254	  with the "-O2" compiler flag for best performance and most
1255	  helpful compile-time warnings.
1256
1257config CC_OPTIMIZE_FOR_PERFORMANCE_O3
1258	bool "Optimize more for performance (-O3)"
1259	depends on ARC
1260	imply CC_DISABLE_WARN_MAYBE_UNINITIALIZED  # avoid false positives
1261	help
1262	  Choosing this option will pass "-O3" to your compiler to optimize
1263	  the kernel yet more for performance.
1264
1265config CC_OPTIMIZE_FOR_SIZE
1266	bool "Optimize for size (-Os)"
1267	imply CC_DISABLE_WARN_MAYBE_UNINITIALIZED  # avoid false positives
1268	help
1269	  Choosing this option will pass "-Os" to your compiler resulting
1270	  in a smaller kernel.
1271
1272endchoice
1273
1274config HAVE_LD_DEAD_CODE_DATA_ELIMINATION
1275	bool
1276	help
1277	  This requires that the arch annotates or otherwise protects
1278	  its external entry points from being discarded. Linker scripts
1279	  must also merge .text.*, .data.*, and .bss.* correctly into
1280	  output sections. Care must be taken not to pull in unrelated
1281	  sections (e.g., '.text.init'). Typically '.' in section names
1282	  is used to distinguish them from label names / C identifiers.
1283
1284config LD_DEAD_CODE_DATA_ELIMINATION
1285	bool "Dead code and data elimination (EXPERIMENTAL)"
1286	depends on HAVE_LD_DEAD_CODE_DATA_ELIMINATION
1287	depends on EXPERT
1288	depends on !(FUNCTION_TRACER && CC_IS_GCC && GCC_VERSION < 40800)
1289	depends on $(cc-option,-ffunction-sections -fdata-sections)
1290	depends on $(ld-option,--gc-sections)
1291	help
1292	  Enable this if you want to do dead code and data elimination with
1293	  the linker by compiling with -ffunction-sections -fdata-sections,
1294	  and linking with --gc-sections.
1295
1296	  This can reduce on disk and in-memory size of the kernel
1297	  code and static data, particularly for small configs and
1298	  on small systems. This has the possibility of introducing
1299	  silently broken kernel if the required annotations are not
1300	  present. This option is not well tested yet, so use at your
1301	  own risk.
1302
1303config SYSCTL
1304	bool
1305
1306config HAVE_UID16
1307	bool
1308
1309config SYSCTL_EXCEPTION_TRACE
1310	bool
1311	help
1312	  Enable support for /proc/sys/debug/exception-trace.
1313
1314config SYSCTL_ARCH_UNALIGN_NO_WARN
1315	bool
1316	help
1317	  Enable support for /proc/sys/kernel/ignore-unaligned-usertrap
1318	  Allows arch to define/use @no_unaligned_warning to possibly warn
1319	  about unaligned access emulation going on under the hood.
1320
1321config SYSCTL_ARCH_UNALIGN_ALLOW
1322	bool
1323	help
1324	  Enable support for /proc/sys/kernel/unaligned-trap
1325	  Allows arches to define/use @unaligned_enabled to runtime toggle
1326	  the unaligned access emulation.
1327	  see arch/parisc/kernel/unaligned.c for reference
1328
1329config HAVE_PCSPKR_PLATFORM
1330	bool
1331
1332# interpreter that classic socket filters depend on
1333config BPF
1334	bool
1335
1336menuconfig EXPERT
1337	bool "Configure standard kernel features (expert users)"
1338	# Unhide debug options, to make the on-by-default options visible
1339	select DEBUG_KERNEL
1340	help
1341	  This option allows certain base kernel options and settings
1342	  to be disabled or tweaked. This is for specialized
1343	  environments which can tolerate a "non-standard" kernel.
1344	  Only use this if you really know what you are doing.
1345
1346config UID16
1347	bool "Enable 16-bit UID system calls" if EXPERT
1348	depends on HAVE_UID16 && MULTIUSER
1349	default y
1350	help
1351	  This enables the legacy 16-bit UID syscall wrappers.
1352
1353config MULTIUSER
1354	bool "Multiple users, groups and capabilities support" if EXPERT
1355	default y
1356	help
1357	  This option enables support for non-root users, groups and
1358	  capabilities.
1359
1360	  If you say N here, all processes will run with UID 0, GID 0, and all
1361	  possible capabilities.  Saying N here also compiles out support for
1362	  system calls related to UIDs, GIDs, and capabilities, such as setuid,
1363	  setgid, and capset.
1364
1365	  If unsure, say Y here.
1366
1367config SGETMASK_SYSCALL
1368	bool "sgetmask/ssetmask syscalls support" if EXPERT
1369	def_bool PARISC || M68K || PPC || MIPS || X86 || SPARC || MICROBLAZE || SUPERH
1370	---help---
1371	  sys_sgetmask and sys_ssetmask are obsolete system calls
1372	  no longer supported in libc but still enabled by default in some
1373	  architectures.
1374
1375	  If unsure, leave the default option here.
1376
1377config SYSFS_SYSCALL
1378	bool "Sysfs syscall support" if EXPERT
1379	default y
1380	---help---
1381	  sys_sysfs is an obsolete system call no longer supported in libc.
1382	  Note that disabling this option is more secure but might break
1383	  compatibility with some systems.
1384
1385	  If unsure say Y here.
1386
1387config FHANDLE
1388	bool "open by fhandle syscalls" if EXPERT
1389	select EXPORTFS
1390	default y
1391	help
1392	  If you say Y here, a user level program will be able to map
1393	  file names to handle and then later use the handle for
1394	  different file system operations. This is useful in implementing
1395	  userspace file servers, which now track files using handles instead
1396	  of names. The handle would remain the same even if file names
1397	  get renamed. Enables open_by_handle_at(2) and name_to_handle_at(2)
1398	  syscalls.
1399
1400config POSIX_TIMERS
1401	bool "Posix Clocks & timers" if EXPERT
1402	default y
1403	help
1404	  This includes native support for POSIX timers to the kernel.
1405	  Some embedded systems have no use for them and therefore they
1406	  can be configured out to reduce the size of the kernel image.
1407
1408	  When this option is disabled, the following syscalls won't be
1409	  available: timer_create, timer_gettime: timer_getoverrun,
1410	  timer_settime, timer_delete, clock_adjtime, getitimer,
1411	  setitimer, alarm. Furthermore, the clock_settime, clock_gettime,
1412	  clock_getres and clock_nanosleep syscalls will be limited to
1413	  CLOCK_REALTIME, CLOCK_MONOTONIC and CLOCK_BOOTTIME only.
1414
1415	  If unsure say y.
1416
1417config PRINTK
1418	default y
1419	bool "Enable support for printk" if EXPERT
1420	select IRQ_WORK
1421	help
1422	  This option enables normal printk support. Removing it
1423	  eliminates most of the message strings from the kernel image
1424	  and makes the kernel more or less silent. As this makes it
1425	  very difficult to diagnose system problems, saying N here is
1426	  strongly discouraged.
1427
1428config PRINTK_NMI
1429	def_bool y
1430	depends on PRINTK
1431	depends on HAVE_NMI
1432
1433config BUG
1434	bool "BUG() support" if EXPERT
1435	default y
1436	help
1437	  Disabling this option eliminates support for BUG and WARN, reducing
1438	  the size of your kernel image and potentially quietly ignoring
1439	  numerous fatal conditions. You should only consider disabling this
1440	  option for embedded systems with no facilities for reporting errors.
1441	  Just say Y.
1442
1443config ELF_CORE
1444	depends on COREDUMP
1445	default y
1446	bool "Enable ELF core dumps" if EXPERT
1447	help
1448	  Enable support for generating core dumps. Disabling saves about 4k.
1449
1450
1451config PCSPKR_PLATFORM
1452	bool "Enable PC-Speaker support" if EXPERT
1453	depends on HAVE_PCSPKR_PLATFORM
1454	select I8253_LOCK
1455	default y
1456	help
1457	  This option allows to disable the internal PC-Speaker
1458	  support, saving some memory.
1459
1460config BASE_FULL
1461	default y
1462	bool "Enable full-sized data structures for core" if EXPERT
1463	help
1464	  Disabling this option reduces the size of miscellaneous core
1465	  kernel data structures. This saves memory on small machines,
1466	  but may reduce performance.
1467
1468config FUTEX
1469	bool "Enable futex support" if EXPERT
1470	default y
1471	imply RT_MUTEXES
1472	help
1473	  Disabling this option will cause the kernel to be built without
1474	  support for "fast userspace mutexes".  The resulting kernel may not
1475	  run glibc-based applications correctly.
1476
1477config FUTEX_PI
1478	bool
1479	depends on FUTEX && RT_MUTEXES
1480	default y
1481
1482config HAVE_FUTEX_CMPXCHG
1483	bool
1484	depends on FUTEX
1485	help
1486	  Architectures should select this if futex_atomic_cmpxchg_inatomic()
1487	  is implemented and always working. This removes a couple of runtime
1488	  checks.
1489
1490config EPOLL
1491	bool "Enable eventpoll support" if EXPERT
1492	default y
1493	help
1494	  Disabling this option will cause the kernel to be built without
1495	  support for epoll family of system calls.
1496
1497config SIGNALFD
1498	bool "Enable signalfd() system call" if EXPERT
1499	default y
1500	help
1501	  Enable the signalfd() system call that allows to receive signals
1502	  on a file descriptor.
1503
1504	  If unsure, say Y.
1505
1506config TIMERFD
1507	bool "Enable timerfd() system call" if EXPERT
1508	default y
1509	help
1510	  Enable the timerfd() system call that allows to receive timer
1511	  events on a file descriptor.
1512
1513	  If unsure, say Y.
1514
1515config EVENTFD
1516	bool "Enable eventfd() system call" if EXPERT
1517	default y
1518	help
1519	  Enable the eventfd() system call that allows to receive both
1520	  kernel notification (ie. KAIO) or userspace notifications.
1521
1522	  If unsure, say Y.
1523
1524config SHMEM
1525	bool "Use full shmem filesystem" if EXPERT
1526	default y
1527	depends on MMU
1528	help
1529	  The shmem is an internal filesystem used to manage shared memory.
1530	  It is backed by swap and manages resource limits. It is also exported
1531	  to userspace as tmpfs if TMPFS is enabled. Disabling this
1532	  option replaces shmem and tmpfs with the much simpler ramfs code,
1533	  which may be appropriate on small systems without swap.
1534
1535config AIO
1536	bool "Enable AIO support" if EXPERT
1537	default y
1538	help
1539	  This option enables POSIX asynchronous I/O which may by used
1540	  by some high performance threaded applications. Disabling
1541	  this option saves about 7k.
1542
1543config IO_URING
1544	bool "Enable IO uring support" if EXPERT
1545	select IO_WQ
1546	default y
1547	help
1548	  This option enables support for the io_uring interface, enabling
1549	  applications to submit and complete IO through submission and
1550	  completion rings that are shared between the kernel and application.
1551
1552config ADVISE_SYSCALLS
1553	bool "Enable madvise/fadvise syscalls" if EXPERT
1554	default y
1555	help
1556	  This option enables the madvise and fadvise syscalls, used by
1557	  applications to advise the kernel about their future memory or file
1558	  usage, improving performance. If building an embedded system where no
1559	  applications use these syscalls, you can disable this option to save
1560	  space.
1561
1562config HAVE_ARCH_USERFAULTFD_WP
1563	bool
1564	help
1565	  Arch has userfaultfd write protection support
1566
1567config MEMBARRIER
1568	bool "Enable membarrier() system call" if EXPERT
1569	default y
1570	help
1571	  Enable the membarrier() system call that allows issuing memory
1572	  barriers across all running threads, which can be used to distribute
1573	  the cost of user-space memory barriers asymmetrically by transforming
1574	  pairs of memory barriers into pairs consisting of membarrier() and a
1575	  compiler barrier.
1576
1577	  If unsure, say Y.
1578
1579config KALLSYMS
1580	bool "Load all symbols for debugging/ksymoops" if EXPERT
1581	default y
1582	help
1583	  Say Y here to let the kernel print out symbolic crash information and
1584	  symbolic stack backtraces. This increases the size of the kernel
1585	  somewhat, as all symbols have to be loaded into the kernel image.
1586
1587config KALLSYMS_ALL
1588	bool "Include all symbols in kallsyms"
1589	depends on DEBUG_KERNEL && KALLSYMS
1590	help
1591	  Normally kallsyms only contains the symbols of functions for nicer
1592	  OOPS messages and backtraces (i.e., symbols from the text and inittext
1593	  sections). This is sufficient for most cases. And only in very rare
1594	  cases (e.g., when a debugger is used) all symbols are required (e.g.,
1595	  names of variables from the data sections, etc).
1596
1597	  This option makes sure that all symbols are loaded into the kernel
1598	  image (i.e., symbols from all sections) in cost of increased kernel
1599	  size (depending on the kernel configuration, it may be 300KiB or
1600	  something like this).
1601
1602	  Say N unless you really need all symbols.
1603
1604config KALLSYMS_ABSOLUTE_PERCPU
1605	bool
1606	depends on KALLSYMS
1607	default X86_64 && SMP
1608
1609config KALLSYMS_BASE_RELATIVE
1610	bool
1611	depends on KALLSYMS
1612	default !IA64
1613	help
1614	  Instead of emitting them as absolute values in the native word size,
1615	  emit the symbol references in the kallsyms table as 32-bit entries,
1616	  each containing a relative value in the range [base, base + U32_MAX]
1617	  or, when KALLSYMS_ABSOLUTE_PERCPU is in effect, each containing either
1618	  an absolute value in the range [0, S32_MAX] or a relative value in the
1619	  range [base, base + S32_MAX], where base is the lowest relative symbol
1620	  address encountered in the image.
1621
1622	  On 64-bit builds, this reduces the size of the address table by 50%,
1623	  but more importantly, it results in entries whose values are build
1624	  time constants, and no relocation pass is required at runtime to fix
1625	  up the entries based on the runtime load address of the kernel.
1626
1627# end of the "standard kernel features (expert users)" menu
1628
1629# syscall, maps, verifier
1630
1631config BPF_LSM
1632	bool "LSM Instrumentation with BPF"
1633	depends on BPF_EVENTS
1634	depends on BPF_SYSCALL
1635	depends on SECURITY
1636	depends on BPF_JIT
1637	help
1638	  Enables instrumentation of the security hooks with eBPF programs for
1639	  implementing dynamic MAC and Audit Policies.
1640
1641	  If you are unsure how to answer this question, answer N.
1642
1643config BPF_SYSCALL
1644	bool "Enable bpf() system call"
1645	select BPF
1646	select IRQ_WORK
1647	default n
1648	help
1649	  Enable the bpf() system call that allows to manipulate eBPF
1650	  programs and maps via file descriptors.
1651
1652config ARCH_WANT_DEFAULT_BPF_JIT
1653	bool
1654
1655config BPF_JIT_ALWAYS_ON
1656	bool "Permanently enable BPF JIT and remove BPF interpreter"
1657	depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT
1658	help
1659	  Enables BPF JIT and removes BPF interpreter to avoid
1660	  speculative execution of BPF instructions by the interpreter
1661
1662config BPF_JIT_DEFAULT_ON
1663	def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON
1664	depends on HAVE_EBPF_JIT && BPF_JIT
1665
1666config USERFAULTFD
1667	bool "Enable userfaultfd() system call"
1668	depends on MMU
1669	help
1670	  Enable the userfaultfd() system call that allows to intercept and
1671	  handle page faults in userland.
1672
1673config ARCH_HAS_MEMBARRIER_CALLBACKS
1674	bool
1675
1676config ARCH_HAS_MEMBARRIER_SYNC_CORE
1677	bool
1678
1679config RSEQ
1680	bool "Enable rseq() system call" if EXPERT
1681	default y
1682	depends on HAVE_RSEQ
1683	select MEMBARRIER
1684	help
1685	  Enable the restartable sequences system call. It provides a
1686	  user-space cache for the current CPU number value, which
1687	  speeds up getting the current CPU number from user-space,
1688	  as well as an ABI to speed up user-space operations on
1689	  per-CPU data.
1690
1691	  If unsure, say Y.
1692
1693config DEBUG_RSEQ
1694	default n
1695	bool "Enabled debugging of rseq() system call" if EXPERT
1696	depends on RSEQ && DEBUG_KERNEL
1697	help
1698	  Enable extra debugging checks for the rseq system call.
1699
1700	  If unsure, say N.
1701
1702config EMBEDDED
1703	bool "Embedded system"
1704	option allnoconfig_y
1705	select EXPERT
1706	help
1707	  This option should be enabled if compiling the kernel for
1708	  an embedded system so certain expert options are available
1709	  for configuration.
1710
1711config HAVE_PERF_EVENTS
1712	bool
1713	help
1714	  See tools/perf/design.txt for details.
1715
1716config PERF_USE_VMALLOC
1717	bool
1718	help
1719	  See tools/perf/design.txt for details
1720
1721config PC104
1722	bool "PC/104 support" if EXPERT
1723	help
1724	  Expose PC/104 form factor device drivers and options available for
1725	  selection and configuration. Enable this option if your target
1726	  machine has a PC/104 bus.
1727
1728menu "Kernel Performance Events And Counters"
1729
1730config PERF_EVENTS
1731	bool "Kernel performance events and counters"
1732	default y if PROFILING
1733	depends on HAVE_PERF_EVENTS
1734	select IRQ_WORK
1735	select SRCU
1736	help
1737	  Enable kernel support for various performance events provided
1738	  by software and hardware.
1739
1740	  Software events are supported either built-in or via the
1741	  use of generic tracepoints.
1742
1743	  Most modern CPUs support performance events via performance
1744	  counter registers. These registers count the number of certain
1745	  types of hw events: such as instructions executed, cachemisses
1746	  suffered, or branches mis-predicted - without slowing down the
1747	  kernel or applications. These registers can also trigger interrupts
1748	  when a threshold number of events have passed - and can thus be
1749	  used to profile the code that runs on that CPU.
1750
1751	  The Linux Performance Event subsystem provides an abstraction of
1752	  these software and hardware event capabilities, available via a
1753	  system call and used by the "perf" utility in tools/perf/. It
1754	  provides per task and per CPU counters, and it provides event
1755	  capabilities on top of those.
1756
1757	  Say Y if unsure.
1758
1759config DEBUG_PERF_USE_VMALLOC
1760	default n
1761	bool "Debug: use vmalloc to back perf mmap() buffers"
1762	depends on PERF_EVENTS && DEBUG_KERNEL && !PPC
1763	select PERF_USE_VMALLOC
1764	help
1765	  Use vmalloc memory to back perf mmap() buffers.
1766
1767	  Mostly useful for debugging the vmalloc code on platforms
1768	  that don't require it.
1769
1770	  Say N if unsure.
1771
1772endmenu
1773
1774config VM_EVENT_COUNTERS
1775	default y
1776	bool "Enable VM event counters for /proc/vmstat" if EXPERT
1777	help
1778	  VM event counters are needed for event counts to be shown.
1779	  This option allows the disabling of the VM event counters
1780	  on EXPERT systems.  /proc/vmstat will only show page counts
1781	  if VM event counters are disabled.
1782
1783config SLUB_DEBUG
1784	default y
1785	bool "Enable SLUB debugging support" if EXPERT
1786	depends on SLUB && SYSFS
1787	help
1788	  SLUB has extensive debug support features. Disabling these can
1789	  result in significant savings in code size. This also disables
1790	  SLUB sysfs support. /sys/slab will not exist and there will be
1791	  no support for cache validation etc.
1792
1793config SLUB_MEMCG_SYSFS_ON
1794	default n
1795	bool "Enable memcg SLUB sysfs support by default" if EXPERT
1796	depends on SLUB && SYSFS && MEMCG
1797	help
1798	  SLUB creates a directory under /sys/kernel/slab for each
1799	  allocation cache to host info and debug files. If memory
1800	  cgroup is enabled, each cache can have per memory cgroup
1801	  caches. SLUB can create the same sysfs directories for these
1802	  caches under /sys/kernel/slab/CACHE/cgroup but it can lead
1803	  to a very high number of debug files being created. This is
1804	  controlled by slub_memcg_sysfs boot parameter and this
1805	  config option determines the parameter's default value.
1806
1807config COMPAT_BRK
1808	bool "Disable heap randomization"
1809	default y
1810	help
1811	  Randomizing heap placement makes heap exploits harder, but it
1812	  also breaks ancient binaries (including anything libc5 based).
1813	  This option changes the bootup default to heap randomization
1814	  disabled, and can be overridden at runtime by setting
1815	  /proc/sys/kernel/randomize_va_space to 2.
1816
1817	  On non-ancient distros (post-2000 ones) N is usually a safe choice.
1818
1819choice
1820	prompt "Choose SLAB allocator"
1821	default SLUB
1822	help
1823	   This option allows to select a slab allocator.
1824
1825config SLAB
1826	bool "SLAB"
1827	select HAVE_HARDENED_USERCOPY_ALLOCATOR
1828	help
1829	  The regular slab allocator that is established and known to work
1830	  well in all environments. It organizes cache hot objects in
1831	  per cpu and per node queues.
1832
1833config SLUB
1834	bool "SLUB (Unqueued Allocator)"
1835	select HAVE_HARDENED_USERCOPY_ALLOCATOR
1836	help
1837	   SLUB is a slab allocator that minimizes cache line usage
1838	   instead of managing queues of cached objects (SLAB approach).
1839	   Per cpu caching is realized using slabs of objects instead
1840	   of queues of objects. SLUB can use memory efficiently
1841	   and has enhanced diagnostics. SLUB is the default choice for
1842	   a slab allocator.
1843
1844config SLOB
1845	depends on EXPERT
1846	bool "SLOB (Simple Allocator)"
1847	help
1848	   SLOB replaces the stock allocator with a drastically simpler
1849	   allocator. SLOB is generally more space efficient but
1850	   does not perform as well on large systems.
1851
1852endchoice
1853
1854config SLAB_MERGE_DEFAULT
1855	bool "Allow slab caches to be merged"
1856	default y
1857	help
1858	  For reduced kernel memory fragmentation, slab caches can be
1859	  merged when they share the same size and other characteristics.
1860	  This carries a risk of kernel heap overflows being able to
1861	  overwrite objects from merged caches (and more easily control
1862	  cache layout), which makes such heap attacks easier to exploit
1863	  by attackers. By keeping caches unmerged, these kinds of exploits
1864	  can usually only damage objects in the same cache. To disable
1865	  merging at runtime, "slab_nomerge" can be passed on the kernel
1866	  command line.
1867
1868config SLAB_FREELIST_RANDOM
1869	default n
1870	depends on SLAB || SLUB
1871	bool "SLAB freelist randomization"
1872	help
1873	  Randomizes the freelist order used on creating new pages. This
1874	  security feature reduces the predictability of the kernel slab
1875	  allocator against heap overflows.
1876
1877config SLAB_FREELIST_HARDENED
1878	bool "Harden slab freelist metadata"
1879	depends on SLUB
1880	help
1881	  Many kernel heap attacks try to target slab cache metadata and
1882	  other infrastructure. This options makes minor performance
1883	  sacrifices to harden the kernel slab allocator against common
1884	  freelist exploit methods.
1885
1886config SHUFFLE_PAGE_ALLOCATOR
1887	bool "Page allocator randomization"
1888	default SLAB_FREELIST_RANDOM && ACPI_NUMA
1889	help
1890	  Randomization of the page allocator improves the average
1891	  utilization of a direct-mapped memory-side-cache. See section
1892	  5.2.27 Heterogeneous Memory Attribute Table (HMAT) in the ACPI
1893	  6.2a specification for an example of how a platform advertises
1894	  the presence of a memory-side-cache. There are also incidental
1895	  security benefits as it reduces the predictability of page
1896	  allocations to compliment SLAB_FREELIST_RANDOM, but the
1897	  default granularity of shuffling on the "MAX_ORDER - 1" i.e,
1898	  10th order of pages is selected based on cache utilization
1899	  benefits on x86.
1900
1901	  While the randomization improves cache utilization it may
1902	  negatively impact workloads on platforms without a cache. For
1903	  this reason, by default, the randomization is enabled only
1904	  after runtime detection of a direct-mapped memory-side-cache.
1905	  Otherwise, the randomization may be force enabled with the
1906	  'page_alloc.shuffle' kernel command line parameter.
1907
1908	  Say Y if unsure.
1909
1910config SLUB_CPU_PARTIAL
1911	default y
1912	depends on SLUB && SMP
1913	bool "SLUB per cpu partial cache"
1914	help
1915	  Per cpu partial caches accelerate objects allocation and freeing
1916	  that is local to a processor at the price of more indeterminism
1917	  in the latency of the free. On overflow these caches will be cleared
1918	  which requires the taking of locks that may cause latency spikes.
1919	  Typically one would choose no for a realtime system.
1920
1921config MMAP_ALLOW_UNINITIALIZED
1922	bool "Allow mmapped anonymous memory to be uninitialized"
1923	depends on EXPERT && !MMU
1924	default n
1925	help
1926	  Normally, and according to the Linux spec, anonymous memory obtained
1927	  from mmap() has its contents cleared before it is passed to
1928	  userspace.  Enabling this config option allows you to request that
1929	  mmap() skip that if it is given an MAP_UNINITIALIZED flag, thus
1930	  providing a huge performance boost.  If this option is not enabled,
1931	  then the flag will be ignored.
1932
1933	  This is taken advantage of by uClibc's malloc(), and also by
1934	  ELF-FDPIC binfmt's brk and stack allocator.
1935
1936	  Because of the obvious security issues, this option should only be
1937	  enabled on embedded devices where you control what is run in
1938	  userspace.  Since that isn't generally a problem on no-MMU systems,
1939	  it is normally safe to say Y here.
1940
1941	  See Documentation/nommu-mmap.txt for more information.
1942
1943config SYSTEM_DATA_VERIFICATION
1944	def_bool n
1945	select SYSTEM_TRUSTED_KEYRING
1946	select KEYS
1947	select CRYPTO
1948	select CRYPTO_RSA
1949	select ASYMMETRIC_KEY_TYPE
1950	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
1951	select ASN1
1952	select OID_REGISTRY
1953	select X509_CERTIFICATE_PARSER
1954	select PKCS7_MESSAGE_PARSER
1955	help
1956	  Provide PKCS#7 message verification using the contents of the system
1957	  trusted keyring to provide public keys.  This then can be used for
1958	  module verification, kexec image verification and firmware blob
1959	  verification.
1960
1961config PROFILING
1962	bool "Profiling support"
1963	help
1964	  Say Y here to enable the extended profiling support mechanisms used
1965	  by profilers such as OProfile.
1966
1967#
1968# Place an empty function call at each tracepoint site. Can be
1969# dynamically changed for a probe function.
1970#
1971config TRACEPOINTS
1972	bool
1973
1974endmenu		# General setup
1975
1976source "arch/Kconfig"
1977
1978config RT_MUTEXES
1979	bool
1980
1981config BASE_SMALL
1982	int
1983	default 0 if BASE_FULL
1984	default 1 if !BASE_FULL
1985
1986config MODULE_SIG_FORMAT
1987	def_bool n
1988	select SYSTEM_DATA_VERIFICATION
1989
1990menuconfig MODULES
1991	bool "Enable loadable module support"
1992	option modules
1993	help
1994	  Kernel modules are small pieces of compiled code which can
1995	  be inserted in the running kernel, rather than being
1996	  permanently built into the kernel.  You use the "modprobe"
1997	  tool to add (and sometimes remove) them.  If you say Y here,
1998	  many parts of the kernel can be built as modules (by
1999	  answering M instead of Y where indicated): this is most
2000	  useful for infrequently used options which are not required
2001	  for booting.  For more information, see the man pages for
2002	  modprobe, lsmod, modinfo, insmod and rmmod.
2003
2004	  If you say Y here, you will need to run "make
2005	  modules_install" to put the modules under /lib/modules/
2006	  where modprobe can find them (you may need to be root to do
2007	  this).
2008
2009	  If unsure, say Y.
2010
2011if MODULES
2012
2013config MODULE_FORCE_LOAD
2014	bool "Forced module loading"
2015	default n
2016	help
2017	  Allow loading of modules without version information (ie. modprobe
2018	  --force).  Forced module loading sets the 'F' (forced) taint flag and
2019	  is usually a really bad idea.
2020
2021config MODULE_UNLOAD
2022	bool "Module unloading"
2023	help
2024	  Without this option you will not be able to unload any
2025	  modules (note that some modules may not be unloadable
2026	  anyway), which makes your kernel smaller, faster
2027	  and simpler.  If unsure, say Y.
2028
2029config MODULE_FORCE_UNLOAD
2030	bool "Forced module unloading"
2031	depends on MODULE_UNLOAD
2032	help
2033	  This option allows you to force a module to unload, even if the
2034	  kernel believes it is unsafe: the kernel will remove the module
2035	  without waiting for anyone to stop using it (using the -f option to
2036	  rmmod).  This is mainly for kernel developers and desperate users.
2037	  If unsure, say N.
2038
2039config MODVERSIONS
2040	bool "Module versioning support"
2041	help
2042	  Usually, you have to use modules compiled with your kernel.
2043	  Saying Y here makes it sometimes possible to use modules
2044	  compiled for different kernels, by adding enough information
2045	  to the modules to (hopefully) spot any changes which would
2046	  make them incompatible with the kernel you are running.  If
2047	  unsure, say N.
2048
2049config ASM_MODVERSIONS
2050	bool
2051	default HAVE_ASM_MODVERSIONS && MODVERSIONS
2052	help
2053	  This enables module versioning for exported symbols also from
2054	  assembly. This can be enabled only when the target architecture
2055	  supports it.
2056
2057config MODULE_REL_CRCS
2058	bool
2059	depends on MODVERSIONS
2060
2061config MODULE_SRCVERSION_ALL
2062	bool "Source checksum for all modules"
2063	help
2064	  Modules which contain a MODULE_VERSION get an extra "srcversion"
2065	  field inserted into their modinfo section, which contains a
2066    	  sum of the source files which made it.  This helps maintainers
2067	  see exactly which source was used to build a module (since
2068	  others sometimes change the module source without updating
2069	  the version).  With this option, such a "srcversion" field
2070	  will be created for all modules.  If unsure, say N.
2071
2072config MODULE_SIG
2073	bool "Module signature verification"
2074	select MODULE_SIG_FORMAT
2075	help
2076	  Check modules for valid signatures upon load: the signature
2077	  is simply appended to the module. For more information see
2078	  <file:Documentation/admin-guide/module-signing.rst>.
2079
2080	  Note that this option adds the OpenSSL development packages as a
2081	  kernel build dependency so that the signing tool can use its crypto
2082	  library.
2083
2084	  You should enable this option if you wish to use either
2085	  CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
2086	  another LSM - otherwise unsigned modules will be loadable regardless
2087	  of the lockdown policy.
2088
2089	  !!!WARNING!!!  If you enable this option, you MUST make sure that the
2090	  module DOES NOT get stripped after being signed.  This includes the
2091	  debuginfo strip done by some packagers (such as rpmbuild) and
2092	  inclusion into an initramfs that wants the module size reduced.
2093
2094config MODULE_SIG_FORCE
2095	bool "Require modules to be validly signed"
2096	depends on MODULE_SIG
2097	help
2098	  Reject unsigned modules or signed modules for which we don't have a
2099	  key.  Without this, such modules will simply taint the kernel.
2100
2101config MODULE_SIG_ALL
2102	bool "Automatically sign all modules"
2103	default y
2104	depends on MODULE_SIG
2105	help
2106	  Sign all modules during make modules_install. Without this option,
2107	  modules must be signed manually, using the scripts/sign-file tool.
2108
2109comment "Do not forget to sign required modules with scripts/sign-file"
2110	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
2111
2112choice
2113	prompt "Which hash algorithm should modules be signed with?"
2114	depends on MODULE_SIG
2115	help
2116	  This determines which sort of hashing algorithm will be used during
2117	  signature generation.  This algorithm _must_ be built into the kernel
2118	  directly so that signature verification can take place.  It is not
2119	  possible to load a signed module containing the algorithm to check
2120	  the signature on that module.
2121
2122config MODULE_SIG_SHA1
2123	bool "Sign modules with SHA-1"
2124	select CRYPTO_SHA1
2125
2126config MODULE_SIG_SHA224
2127	bool "Sign modules with SHA-224"
2128	select CRYPTO_SHA256
2129
2130config MODULE_SIG_SHA256
2131	bool "Sign modules with SHA-256"
2132	select CRYPTO_SHA256
2133
2134config MODULE_SIG_SHA384
2135	bool "Sign modules with SHA-384"
2136	select CRYPTO_SHA512
2137
2138config MODULE_SIG_SHA512
2139	bool "Sign modules with SHA-512"
2140	select CRYPTO_SHA512
2141
2142endchoice
2143
2144config MODULE_SIG_HASH
2145	string
2146	depends on MODULE_SIG
2147	default "sha1" if MODULE_SIG_SHA1
2148	default "sha224" if MODULE_SIG_SHA224
2149	default "sha256" if MODULE_SIG_SHA256
2150	default "sha384" if MODULE_SIG_SHA384
2151	default "sha512" if MODULE_SIG_SHA512
2152
2153config MODULE_COMPRESS
2154	bool "Compress modules on installation"
2155	help
2156
2157	  Compresses kernel modules when 'make modules_install' is run; gzip or
2158	  xz depending on "Compression algorithm" below.
2159
2160	  module-init-tools MAY support gzip, and kmod MAY support gzip and xz.
2161
2162	  Out-of-tree kernel modules installed using Kbuild will also be
2163	  compressed upon installation.
2164
2165	  Note: for modules inside an initrd or initramfs, it's more efficient
2166	  to compress the whole initrd or initramfs instead.
2167
2168	  Note: This is fully compatible with signed modules.
2169
2170	  If in doubt, say N.
2171
2172choice
2173	prompt "Compression algorithm"
2174	depends on MODULE_COMPRESS
2175	default MODULE_COMPRESS_GZIP
2176	help
2177	  This determines which sort of compression will be used during
2178	  'make modules_install'.
2179
2180	  GZIP (default) and XZ are supported.
2181
2182config MODULE_COMPRESS_GZIP
2183	bool "GZIP"
2184
2185config MODULE_COMPRESS_XZ
2186	bool "XZ"
2187
2188endchoice
2189
2190config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
2191	bool "Allow loading of modules with missing namespace imports"
2192	help
2193	  Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
2194	  a namespace. A module that makes use of a symbol exported with such a
2195	  namespace is required to import the namespace via MODULE_IMPORT_NS().
2196	  There is no technical reason to enforce correct namespace imports,
2197	  but it creates consistency between symbols defining namespaces and
2198	  users importing namespaces they make use of. This option relaxes this
2199	  requirement and lifts the enforcement when loading a module.
2200
2201	  If unsure, say N.
2202
2203config UNUSED_SYMBOLS
2204	bool "Enable unused/obsolete exported symbols"
2205	default y if X86
2206	help
2207	  Unused but exported symbols make the kernel needlessly bigger.  For
2208	  that reason most of these unused exports will soon be removed.  This
2209	  option is provided temporarily to provide a transition period in case
2210	  some external kernel module needs one of these symbols anyway. If you
2211	  encounter such a case in your module, consider if you are actually
2212	  using the right API.  (rationale: since nobody in the kernel is using
2213	  this in a module, there is a pretty good chance it's actually the
2214	  wrong interface to use).  If you really need the symbol, please send a
2215	  mail to the linux kernel mailing list mentioning the symbol and why
2216	  you really need it, and what the merge plan to the mainline kernel for
2217	  your module is.
2218
2219config TRIM_UNUSED_KSYMS
2220	bool "Trim unused exported kernel symbols"
2221	depends on !UNUSED_SYMBOLS
2222	help
2223	  The kernel and some modules make many symbols available for
2224	  other modules to use via EXPORT_SYMBOL() and variants. Depending
2225	  on the set of modules being selected in your kernel configuration,
2226	  many of those exported symbols might never be used.
2227
2228	  This option allows for unused exported symbols to be dropped from
2229	  the build. In turn, this provides the compiler more opportunities
2230	  (especially when using LTO) for optimizing the code and reducing
2231	  binary size.  This might have some security advantages as well.
2232
2233	  If unsure, or if you need to build out-of-tree modules, say N.
2234
2235config UNUSED_KSYMS_WHITELIST
2236	string "Whitelist of symbols to keep in ksymtab"
2237	depends on TRIM_UNUSED_KSYMS
2238	help
2239	  By default, all unused exported symbols will be un-exported from the
2240	  build when TRIM_UNUSED_KSYMS is selected.
2241
2242	  UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
2243	  exported at all times, even in absence of in-tree users. The value to
2244	  set here is the path to a text file containing the list of symbols,
2245	  one per line. The path can be absolute, or relative to the kernel
2246	  source tree.
2247
2248endif # MODULES
2249
2250config MODULES_TREE_LOOKUP
2251	def_bool y
2252	depends on PERF_EVENTS || TRACING
2253
2254config INIT_ALL_POSSIBLE
2255	bool
2256	help
2257	  Back when each arch used to define their own cpu_online_mask and
2258	  cpu_possible_mask, some of them chose to initialize cpu_possible_mask
2259	  with all 1s, and others with all 0s.  When they were centralised,
2260	  it was better to provide this option than to break all the archs
2261	  and have several arch maintainers pursuing me down dark alleys.
2262
2263source "block/Kconfig"
2264
2265config PREEMPT_NOTIFIERS
2266	bool
2267
2268config PADATA
2269	depends on SMP
2270	bool
2271
2272config ASN1
2273	tristate
2274	help
2275	  Build a simple ASN.1 grammar compiler that produces a bytecode output
2276	  that can be interpreted by the ASN.1 stream decoder and used to
2277	  inform it as to what tags are to be expected in a stream and what
2278	  functions to call on what tags.
2279
2280source "kernel/Kconfig.locks"
2281
2282config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
2283	bool
2284
2285# It may be useful for an architecture to override the definitions of the
2286# SYSCALL_DEFINE() and __SYSCALL_DEFINEx() macros in <linux/syscalls.h>
2287# and the COMPAT_ variants in <linux/compat.h>, in particular to use a
2288# different calling convention for syscalls. They can also override the
2289# macros for not-implemented syscalls in kernel/sys_ni.c and
2290# kernel/time/posix-stubs.c. All these overrides need to be available in
2291# <asm/syscall_wrapper.h>.
2292config ARCH_HAS_SYSCALL_WRAPPER
2293	def_bool n
2294