1# SPDX-License-Identifier: GPL-2.0-only 2config DEFCONFIG_LIST 3 string 4 depends on !UML 5 option defconfig_list 6 default "/lib/modules/$(shell,uname -r)/.config" 7 default "/etc/kernel-config" 8 default "/boot/config-$(shell,uname -r)" 9 default "arch/$(SRCARCH)/configs/$(KBUILD_DEFCONFIG)" 10 11config CC_VERSION_TEXT 12 string 13 default "$(CC_VERSION_TEXT)" 14 help 15 This is used in unclear ways: 16 17 - Re-run Kconfig when the compiler is updated 18 The 'default' property references the environment variable, 19 CC_VERSION_TEXT so it is recorded in include/config/auto.conf.cmd. 20 When the compiler is updated, Kconfig will be invoked. 21 22 - Ensure full rebuild when the compier is updated 23 include/linux/kconfig.h contains this option in the comment line so 24 fixdep adds include/config/cc/version/text.h into the auto-generated 25 dependency. When the compiler is updated, syncconfig will touch it 26 and then every file will be rebuilt. 27 28config CC_IS_GCC 29 def_bool $(success,echo "$(CC_VERSION_TEXT)" | grep -q gcc) 30 31config GCC_VERSION 32 int 33 default $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) if CC_IS_GCC 34 default 0 35 36config LD_VERSION 37 int 38 default $(shell,$(LD) --version | $(srctree)/scripts/ld-version.sh) 39 40config CC_IS_CLANG 41 def_bool $(success,echo "$(CC_VERSION_TEXT)" | grep -q clang) 42 43config LD_IS_LLD 44 def_bool $(success,$(LD) -v | head -n 1 | grep -q LLD) 45 46config CLANG_VERSION 47 int 48 default $(shell,$(srctree)/scripts/clang-version.sh $(CC)) 49 50config CC_CAN_LINK 51 bool 52 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m64-flag)) if 64BIT 53 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m32-flag)) 54 55config CC_CAN_LINK_STATIC 56 bool 57 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m64-flag) -static) if 64BIT 58 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m32-flag) -static) 59 60config CC_HAS_ASM_GOTO 61 def_bool $(success,$(srctree)/scripts/gcc-goto.sh $(CC)) 62 63config CC_HAS_ASM_GOTO_OUTPUT 64 depends on CC_HAS_ASM_GOTO 65 def_bool $(success,echo 'int foo(int x) { asm goto ("": "=r"(x) ::: bar); return x; bar: return 0; }' | $(CC) -x c - -c -o /dev/null) 66 67config TOOLS_SUPPORT_RELR 68 def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh) 69 70config CC_HAS_ASM_INLINE 71 def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null) 72 73config CONSTRUCTORS 74 bool 75 depends on !UML 76 77config IRQ_WORK 78 bool 79 80config BUILDTIME_TABLE_SORT 81 bool 82 83config THREAD_INFO_IN_TASK 84 bool 85 help 86 Select this to move thread_info off the stack into task_struct. To 87 make this work, an arch will need to remove all thread_info fields 88 except flags and fix any runtime bugs. 89 90 One subtle change that will be needed is to use try_get_task_stack() 91 and put_task_stack() in save_thread_stack_tsk() and get_wchan(). 92 93menu "General setup" 94 95config BROKEN 96 bool 97 98config BROKEN_ON_SMP 99 bool 100 depends on BROKEN || !SMP 101 default y 102 103config INIT_ENV_ARG_LIMIT 104 int 105 default 32 if !UML 106 default 128 if UML 107 help 108 Maximum of each of the number of arguments and environment 109 variables passed to init from the kernel command line. 110 111config COMPILE_TEST 112 bool "Compile also drivers which will not load" 113 depends on !UML 114 default n 115 help 116 Some drivers can be compiled on a different platform than they are 117 intended to be run on. Despite they cannot be loaded there (or even 118 when they load they cannot be used due to missing HW support), 119 developers still, opposing to distributors, might want to build such 120 drivers to compile-test them. 121 122 If you are a developer and want to build everything available, say Y 123 here. If you are a user/distributor, say N here to exclude useless 124 drivers to be distributed. 125 126config UAPI_HEADER_TEST 127 bool "Compile test UAPI headers" 128 depends on HEADERS_INSTALL && CC_CAN_LINK 129 help 130 Compile test headers exported to user-space to ensure they are 131 self-contained, i.e. compilable as standalone units. 132 133 If you are a developer or tester and want to ensure the exported 134 headers are self-contained, say Y here. Otherwise, choose N. 135 136config LOCALVERSION 137 string "Local version - append to kernel release" 138 help 139 Append an extra string to the end of your kernel version. 140 This will show up when you type uname, for example. 141 The string you set here will be appended after the contents of 142 any files with a filename matching localversion* in your 143 object and source tree, in that order. Your total string can 144 be a maximum of 64 characters. 145 146config LOCALVERSION_AUTO 147 bool "Automatically append version information to the version string" 148 default y 149 depends on !COMPILE_TEST 150 help 151 This will try to automatically determine if the current tree is a 152 release tree by looking for git tags that belong to the current 153 top of tree revision. 154 155 A string of the format -gxxxxxxxx will be added to the localversion 156 if a git-based tree is found. The string generated by this will be 157 appended after any matching localversion* files, and after the value 158 set in CONFIG_LOCALVERSION. 159 160 (The actual string used here is the first eight characters produced 161 by running the command: 162 163 $ git rev-parse --verify HEAD 164 165 which is done within the script "scripts/setlocalversion".) 166 167config BUILD_SALT 168 string "Build ID Salt" 169 default "" 170 help 171 The build ID is used to link binaries and their debug info. Setting 172 this option will use the value in the calculation of the build id. 173 This is mostly useful for distributions which want to ensure the 174 build is unique between builds. It's safe to leave the default. 175 176config HAVE_KERNEL_GZIP 177 bool 178 179config HAVE_KERNEL_BZIP2 180 bool 181 182config HAVE_KERNEL_LZMA 183 bool 184 185config HAVE_KERNEL_XZ 186 bool 187 188config HAVE_KERNEL_LZO 189 bool 190 191config HAVE_KERNEL_LZ4 192 bool 193 194config HAVE_KERNEL_UNCOMPRESSED 195 bool 196 197choice 198 prompt "Kernel compression mode" 199 default KERNEL_GZIP 200 depends on HAVE_KERNEL_GZIP || HAVE_KERNEL_BZIP2 || HAVE_KERNEL_LZMA || HAVE_KERNEL_XZ || HAVE_KERNEL_LZO || HAVE_KERNEL_LZ4 || HAVE_KERNEL_UNCOMPRESSED 201 help 202 The linux kernel is a kind of self-extracting executable. 203 Several compression algorithms are available, which differ 204 in efficiency, compression and decompression speed. 205 Compression speed is only relevant when building a kernel. 206 Decompression speed is relevant at each boot. 207 208 If you have any problems with bzip2 or lzma compressed 209 kernels, mail me (Alain Knaff) <alain@knaff.lu>. (An older 210 version of this functionality (bzip2 only), for 2.4, was 211 supplied by Christian Ludwig) 212 213 High compression options are mostly useful for users, who 214 are low on disk space (embedded systems), but for whom ram 215 size matters less. 216 217 If in doubt, select 'gzip' 218 219config KERNEL_GZIP 220 bool "Gzip" 221 depends on HAVE_KERNEL_GZIP 222 help 223 The old and tried gzip compression. It provides a good balance 224 between compression ratio and decompression speed. 225 226config KERNEL_BZIP2 227 bool "Bzip2" 228 depends on HAVE_KERNEL_BZIP2 229 help 230 Its compression ratio and speed is intermediate. 231 Decompression speed is slowest among the choices. The kernel 232 size is about 10% smaller with bzip2, in comparison to gzip. 233 Bzip2 uses a large amount of memory. For modern kernels you 234 will need at least 8MB RAM or more for booting. 235 236config KERNEL_LZMA 237 bool "LZMA" 238 depends on HAVE_KERNEL_LZMA 239 help 240 This compression algorithm's ratio is best. Decompression speed 241 is between gzip and bzip2. Compression is slowest. 242 The kernel size is about 33% smaller with LZMA in comparison to gzip. 243 244config KERNEL_XZ 245 bool "XZ" 246 depends on HAVE_KERNEL_XZ 247 help 248 XZ uses the LZMA2 algorithm and instruction set specific 249 BCJ filters which can improve compression ratio of executable 250 code. The size of the kernel is about 30% smaller with XZ in 251 comparison to gzip. On architectures for which there is a BCJ 252 filter (i386, x86_64, ARM, IA-64, PowerPC, and SPARC), XZ 253 will create a few percent smaller kernel than plain LZMA. 254 255 The speed is about the same as with LZMA: The decompression 256 speed of XZ is better than that of bzip2 but worse than gzip 257 and LZO. Compression is slow. 258 259config KERNEL_LZO 260 bool "LZO" 261 depends on HAVE_KERNEL_LZO 262 help 263 Its compression ratio is the poorest among the choices. The kernel 264 size is about 10% bigger than gzip; however its speed 265 (both compression and decompression) is the fastest. 266 267config KERNEL_LZ4 268 bool "LZ4" 269 depends on HAVE_KERNEL_LZ4 270 help 271 LZ4 is an LZ77-type compressor with a fixed, byte-oriented encoding. 272 A preliminary version of LZ4 de/compression tool is available at 273 <https://code.google.com/p/lz4/>. 274 275 Its compression ratio is worse than LZO. The size of the kernel 276 is about 8% bigger than LZO. But the decompression speed is 277 faster than LZO. 278 279config KERNEL_UNCOMPRESSED 280 bool "None" 281 depends on HAVE_KERNEL_UNCOMPRESSED 282 help 283 Produce uncompressed kernel image. This option is usually not what 284 you want. It is useful for debugging the kernel in slow simulation 285 environments, where decompressing and moving the kernel is awfully 286 slow. This option allows early boot code to skip the decompressor 287 and jump right at uncompressed kernel image. 288 289endchoice 290 291config DEFAULT_INIT 292 string "Default init path" 293 default "" 294 help 295 This option determines the default init for the system if no init= 296 option is passed on the kernel command line. If the requested path is 297 not present, we will still then move on to attempting further 298 locations (e.g. /sbin/init, etc). If this is empty, we will just use 299 the fallback list when init= is not passed. 300 301config DEFAULT_HOSTNAME 302 string "Default hostname" 303 default "(none)" 304 help 305 This option determines the default system hostname before userspace 306 calls sethostname(2). The kernel traditionally uses "(none)" here, 307 but you may wish to use a different default here to make a minimal 308 system more usable with less configuration. 309 310# 311# For some reason microblaze and nios2 hard code SWAP=n. Hopefully we can 312# add proper SWAP support to them, in which case this can be remove. 313# 314config ARCH_NO_SWAP 315 bool 316 317config SWAP 318 bool "Support for paging of anonymous memory (swap)" 319 depends on MMU && BLOCK && !ARCH_NO_SWAP 320 default y 321 help 322 This option allows you to choose whether you want to have support 323 for so called swap devices or swap files in your kernel that are 324 used to provide more virtual memory than the actual RAM present 325 in your computer. If unsure say Y. 326 327config SYSVIPC 328 bool "System V IPC" 329 help 330 Inter Process Communication is a suite of library functions and 331 system calls which let processes (running programs) synchronize and 332 exchange information. It is generally considered to be a good thing, 333 and some programs won't run unless you say Y here. In particular, if 334 you want to run the DOS emulator dosemu under Linux (read the 335 DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>), 336 you'll need to say Y here. 337 338 You can find documentation about IPC with "info ipc" and also in 339 section 6.4 of the Linux Programmer's Guide, available from 340 <http://www.tldp.org/guides.html>. 341 342config SYSVIPC_SYSCTL 343 bool 344 depends on SYSVIPC 345 depends on SYSCTL 346 default y 347 348config POSIX_MQUEUE 349 bool "POSIX Message Queues" 350 depends on NET 351 help 352 POSIX variant of message queues is a part of IPC. In POSIX message 353 queues every message has a priority which decides about succession 354 of receiving it by a process. If you want to compile and run 355 programs written e.g. for Solaris with use of its POSIX message 356 queues (functions mq_*) say Y here. 357 358 POSIX message queues are visible as a filesystem called 'mqueue' 359 and can be mounted somewhere if you want to do filesystem 360 operations on message queues. 361 362 If unsure, say Y. 363 364config POSIX_MQUEUE_SYSCTL 365 bool 366 depends on POSIX_MQUEUE 367 depends on SYSCTL 368 default y 369 370config WATCH_QUEUE 371 bool "General notification queue" 372 default n 373 help 374 375 This is a general notification queue for the kernel to pass events to 376 userspace by splicing them into pipes. It can be used in conjunction 377 with watches for key/keyring change notifications and device 378 notifications. 379 380 See Documentation/watch_queue.rst 381 382config CROSS_MEMORY_ATTACH 383 bool "Enable process_vm_readv/writev syscalls" 384 depends on MMU 385 default y 386 help 387 Enabling this option adds the system calls process_vm_readv and 388 process_vm_writev which allow a process with the correct privileges 389 to directly read from or write to another process' address space. 390 See the man page for more details. 391 392config USELIB 393 bool "uselib syscall" 394 def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION 395 help 396 This option enables the uselib syscall, a system call used in the 397 dynamic linker from libc5 and earlier. glibc does not use this 398 system call. If you intend to run programs built on libc5 or 399 earlier, you may need to enable this syscall. Current systems 400 running glibc can safely disable this. 401 402config AUDIT 403 bool "Auditing support" 404 depends on NET 405 help 406 Enable auditing infrastructure that can be used with another 407 kernel subsystem, such as SELinux (which requires this for 408 logging of avc messages output). System call auditing is included 409 on architectures which support it. 410 411config HAVE_ARCH_AUDITSYSCALL 412 bool 413 414config AUDITSYSCALL 415 def_bool y 416 depends on AUDIT && HAVE_ARCH_AUDITSYSCALL 417 select FSNOTIFY 418 419source "kernel/irq/Kconfig" 420source "kernel/time/Kconfig" 421source "kernel/Kconfig.preempt" 422 423menu "CPU/Task time and stats accounting" 424 425config VIRT_CPU_ACCOUNTING 426 bool 427 428choice 429 prompt "Cputime accounting" 430 default TICK_CPU_ACCOUNTING if !PPC64 431 default VIRT_CPU_ACCOUNTING_NATIVE if PPC64 432 433# Kind of a stub config for the pure tick based cputime accounting 434config TICK_CPU_ACCOUNTING 435 bool "Simple tick based cputime accounting" 436 depends on !S390 && !NO_HZ_FULL 437 help 438 This is the basic tick based cputime accounting that maintains 439 statistics about user, system and idle time spent on per jiffies 440 granularity. 441 442 If unsure, say Y. 443 444config VIRT_CPU_ACCOUNTING_NATIVE 445 bool "Deterministic task and CPU time accounting" 446 depends on HAVE_VIRT_CPU_ACCOUNTING && !NO_HZ_FULL 447 select VIRT_CPU_ACCOUNTING 448 help 449 Select this option to enable more accurate task and CPU time 450 accounting. This is done by reading a CPU counter on each 451 kernel entry and exit and on transitions within the kernel 452 between system, softirq and hardirq state, so there is a 453 small performance impact. In the case of s390 or IBM POWER > 5, 454 this also enables accounting of stolen time on logically-partitioned 455 systems. 456 457config VIRT_CPU_ACCOUNTING_GEN 458 bool "Full dynticks CPU time accounting" 459 depends on HAVE_CONTEXT_TRACKING 460 depends on HAVE_VIRT_CPU_ACCOUNTING_GEN 461 depends on GENERIC_CLOCKEVENTS 462 select VIRT_CPU_ACCOUNTING 463 select CONTEXT_TRACKING 464 help 465 Select this option to enable task and CPU time accounting on full 466 dynticks systems. This accounting is implemented by watching every 467 kernel-user boundaries using the context tracking subsystem. 468 The accounting is thus performed at the expense of some significant 469 overhead. 470 471 For now this is only useful if you are working on the full 472 dynticks subsystem development. 473 474 If unsure, say N. 475 476endchoice 477 478config IRQ_TIME_ACCOUNTING 479 bool "Fine granularity task level IRQ time accounting" 480 depends on HAVE_IRQ_TIME_ACCOUNTING && !VIRT_CPU_ACCOUNTING_NATIVE 481 help 482 Select this option to enable fine granularity task irq time 483 accounting. This is done by reading a timestamp on each 484 transitions between softirq and hardirq state, so there can be a 485 small performance impact. 486 487 If in doubt, say N here. 488 489config HAVE_SCHED_AVG_IRQ 490 def_bool y 491 depends on IRQ_TIME_ACCOUNTING || PARAVIRT_TIME_ACCOUNTING 492 depends on SMP 493 494config SCHED_THERMAL_PRESSURE 495 bool "Enable periodic averaging of thermal pressure" 496 depends on SMP 497 498config BSD_PROCESS_ACCT 499 bool "BSD Process Accounting" 500 depends on MULTIUSER 501 help 502 If you say Y here, a user level program will be able to instruct the 503 kernel (via a special system call) to write process accounting 504 information to a file: whenever a process exits, information about 505 that process will be appended to the file by the kernel. The 506 information includes things such as creation time, owning user, 507 command name, memory usage, controlling terminal etc. (the complete 508 list is in the struct acct in <file:include/linux/acct.h>). It is 509 up to the user level program to do useful things with this 510 information. This is generally a good idea, so say Y. 511 512config BSD_PROCESS_ACCT_V3 513 bool "BSD Process Accounting version 3 file format" 514 depends on BSD_PROCESS_ACCT 515 default n 516 help 517 If you say Y here, the process accounting information is written 518 in a new file format that also logs the process IDs of each 519 process and its parent. Note that this file format is incompatible 520 with previous v0/v1/v2 file formats, so you will need updated tools 521 for processing it. A preliminary version of these tools is available 522 at <http://www.gnu.org/software/acct/>. 523 524config TASKSTATS 525 bool "Export task/process statistics through netlink" 526 depends on NET 527 depends on MULTIUSER 528 default n 529 help 530 Export selected statistics for tasks/processes through the 531 generic netlink interface. Unlike BSD process accounting, the 532 statistics are available during the lifetime of tasks/processes as 533 responses to commands. Like BSD accounting, they are sent to user 534 space on task exit. 535 536 Say N if unsure. 537 538config TASK_DELAY_ACCT 539 bool "Enable per-task delay accounting" 540 depends on TASKSTATS 541 select SCHED_INFO 542 help 543 Collect information on time spent by a task waiting for system 544 resources like cpu, synchronous block I/O completion and swapping 545 in pages. Such statistics can help in setting a task's priorities 546 relative to other tasks for cpu, io, rss limits etc. 547 548 Say N if unsure. 549 550config TASK_XACCT 551 bool "Enable extended accounting over taskstats" 552 depends on TASKSTATS 553 help 554 Collect extended task accounting data and send the data 555 to userland for processing over the taskstats interface. 556 557 Say N if unsure. 558 559config TASK_IO_ACCOUNTING 560 bool "Enable per-task storage I/O accounting" 561 depends on TASK_XACCT 562 help 563 Collect information on the number of bytes of storage I/O which this 564 task has caused. 565 566 Say N if unsure. 567 568config PSI 569 bool "Pressure stall information tracking" 570 help 571 Collect metrics that indicate how overcommitted the CPU, memory, 572 and IO capacity are in the system. 573 574 If you say Y here, the kernel will create /proc/pressure/ with the 575 pressure statistics files cpu, memory, and io. These will indicate 576 the share of walltime in which some or all tasks in the system are 577 delayed due to contention of the respective resource. 578 579 In kernels with cgroup support, cgroups (cgroup2 only) will 580 have cpu.pressure, memory.pressure, and io.pressure files, 581 which aggregate pressure stalls for the grouped tasks only. 582 583 For more details see Documentation/accounting/psi.rst. 584 585 Say N if unsure. 586 587config PSI_DEFAULT_DISABLED 588 bool "Require boot parameter to enable pressure stall information tracking" 589 default n 590 depends on PSI 591 help 592 If set, pressure stall information tracking will be disabled 593 per default but can be enabled through passing psi=1 on the 594 kernel commandline during boot. 595 596 This feature adds some code to the task wakeup and sleep 597 paths of the scheduler. The overhead is too low to affect 598 common scheduling-intense workloads in practice (such as 599 webservers, memcache), but it does show up in artificial 600 scheduler stress tests, such as hackbench. 601 602 If you are paranoid and not sure what the kernel will be 603 used for, say Y. 604 605 Say N if unsure. 606 607endmenu # "CPU/Task time and stats accounting" 608 609config CPU_ISOLATION 610 bool "CPU isolation" 611 depends on SMP || COMPILE_TEST 612 default y 613 help 614 Make sure that CPUs running critical tasks are not disturbed by 615 any source of "noise" such as unbound workqueues, timers, kthreads... 616 Unbound jobs get offloaded to housekeeping CPUs. This is driven by 617 the "isolcpus=" boot parameter. 618 619 Say Y if unsure. 620 621source "kernel/rcu/Kconfig" 622 623config BUILD_BIN2C 624 bool 625 default n 626 627config IKCONFIG 628 tristate "Kernel .config support" 629 help 630 This option enables the complete Linux kernel ".config" file 631 contents to be saved in the kernel. It provides documentation 632 of which kernel options are used in a running kernel or in an 633 on-disk kernel. This information can be extracted from the kernel 634 image file with the script scripts/extract-ikconfig and used as 635 input to rebuild the current kernel or to build another kernel. 636 It can also be extracted from a running kernel by reading 637 /proc/config.gz if enabled (below). 638 639config IKCONFIG_PROC 640 bool "Enable access to .config through /proc/config.gz" 641 depends on IKCONFIG && PROC_FS 642 help 643 This option enables access to the kernel configuration file 644 through /proc/config.gz. 645 646config IKHEADERS 647 tristate "Enable kernel headers through /sys/kernel/kheaders.tar.xz" 648 depends on SYSFS 649 help 650 This option enables access to the in-kernel headers that are generated during 651 the build process. These can be used to build eBPF tracing programs, 652 or similar programs. If you build the headers as a module, a module called 653 kheaders.ko is built which can be loaded on-demand to get access to headers. 654 655config LOG_BUF_SHIFT 656 int "Kernel log buffer size (16 => 64KB, 17 => 128KB)" 657 range 12 25 658 default 17 659 depends on PRINTK 660 help 661 Select the minimal kernel log buffer size as a power of 2. 662 The final size is affected by LOG_CPU_MAX_BUF_SHIFT config 663 parameter, see below. Any higher size also might be forced 664 by "log_buf_len" boot parameter. 665 666 Examples: 667 17 => 128 KB 668 16 => 64 KB 669 15 => 32 KB 670 14 => 16 KB 671 13 => 8 KB 672 12 => 4 KB 673 674config LOG_CPU_MAX_BUF_SHIFT 675 int "CPU kernel log buffer size contribution (13 => 8 KB, 17 => 128KB)" 676 depends on SMP 677 range 0 21 678 default 12 if !BASE_SMALL 679 default 0 if BASE_SMALL 680 depends on PRINTK 681 help 682 This option allows to increase the default ring buffer size 683 according to the number of CPUs. The value defines the contribution 684 of each CPU as a power of 2. The used space is typically only few 685 lines however it might be much more when problems are reported, 686 e.g. backtraces. 687 688 The increased size means that a new buffer has to be allocated and 689 the original static one is unused. It makes sense only on systems 690 with more CPUs. Therefore this value is used only when the sum of 691 contributions is greater than the half of the default kernel ring 692 buffer as defined by LOG_BUF_SHIFT. The default values are set 693 so that more than 64 CPUs are needed to trigger the allocation. 694 695 Also this option is ignored when "log_buf_len" kernel parameter is 696 used as it forces an exact (power of two) size of the ring buffer. 697 698 The number of possible CPUs is used for this computation ignoring 699 hotplugging making the computation optimal for the worst case 700 scenario while allowing a simple algorithm to be used from bootup. 701 702 Examples shift values and their meaning: 703 17 => 128 KB for each CPU 704 16 => 64 KB for each CPU 705 15 => 32 KB for each CPU 706 14 => 16 KB for each CPU 707 13 => 8 KB for each CPU 708 12 => 4 KB for each CPU 709 710config PRINTK_SAFE_LOG_BUF_SHIFT 711 int "Temporary per-CPU printk log buffer size (12 => 4KB, 13 => 8KB)" 712 range 10 21 713 default 13 714 depends on PRINTK 715 help 716 Select the size of an alternate printk per-CPU buffer where messages 717 printed from usafe contexts are temporary stored. One example would 718 be NMI messages, another one - printk recursion. The messages are 719 copied to the main log buffer in a safe context to avoid a deadlock. 720 The value defines the size as a power of 2. 721 722 Those messages are rare and limited. The largest one is when 723 a backtrace is printed. It usually fits into 4KB. Select 724 8KB if you want to be on the safe side. 725 726 Examples: 727 17 => 128 KB for each CPU 728 16 => 64 KB for each CPU 729 15 => 32 KB for each CPU 730 14 => 16 KB for each CPU 731 13 => 8 KB for each CPU 732 12 => 4 KB for each CPU 733 734# 735# Architectures with an unreliable sched_clock() should select this: 736# 737config HAVE_UNSTABLE_SCHED_CLOCK 738 bool 739 740config GENERIC_SCHED_CLOCK 741 bool 742 743menu "Scheduler features" 744 745config UCLAMP_TASK 746 bool "Enable utilization clamping for RT/FAIR tasks" 747 depends on CPU_FREQ_GOV_SCHEDUTIL 748 help 749 This feature enables the scheduler to track the clamped utilization 750 of each CPU based on RUNNABLE tasks scheduled on that CPU. 751 752 With this option, the user can specify the min and max CPU 753 utilization allowed for RUNNABLE tasks. The max utilization defines 754 the maximum frequency a task should use while the min utilization 755 defines the minimum frequency it should use. 756 757 Both min and max utilization clamp values are hints to the scheduler, 758 aiming at improving its frequency selection policy, but they do not 759 enforce or grant any specific bandwidth for tasks. 760 761 If in doubt, say N. 762 763config UCLAMP_BUCKETS_COUNT 764 int "Number of supported utilization clamp buckets" 765 range 5 20 766 default 5 767 depends on UCLAMP_TASK 768 help 769 Defines the number of clamp buckets to use. The range of each bucket 770 will be SCHED_CAPACITY_SCALE/UCLAMP_BUCKETS_COUNT. The higher the 771 number of clamp buckets the finer their granularity and the higher 772 the precision of clamping aggregation and tracking at run-time. 773 774 For example, with the minimum configuration value we will have 5 775 clamp buckets tracking 20% utilization each. A 25% boosted tasks will 776 be refcounted in the [20..39]% bucket and will set the bucket clamp 777 effective value to 25%. 778 If a second 30% boosted task should be co-scheduled on the same CPU, 779 that task will be refcounted in the same bucket of the first task and 780 it will boost the bucket clamp effective value to 30%. 781 The clamp effective value of a bucket is reset to its nominal value 782 (20% in the example above) when there are no more tasks refcounted in 783 that bucket. 784 785 An additional boost/capping margin can be added to some tasks. In the 786 example above the 25% task will be boosted to 30% until it exits the 787 CPU. If that should be considered not acceptable on certain systems, 788 it's always possible to reduce the margin by increasing the number of 789 clamp buckets to trade off used memory for run-time tracking 790 precision. 791 792 If in doubt, use the default value. 793 794endmenu 795 796# 797# For architectures that want to enable the support for NUMA-affine scheduler 798# balancing logic: 799# 800config ARCH_SUPPORTS_NUMA_BALANCING 801 bool 802 803# 804# For architectures that prefer to flush all TLBs after a number of pages 805# are unmapped instead of sending one IPI per page to flush. The architecture 806# must provide guarantees on what happens if a clean TLB cache entry is 807# written after the unmap. Details are in mm/rmap.c near the check for 808# should_defer_flush. The architecture should also consider if the full flush 809# and the refill costs are offset by the savings of sending fewer IPIs. 810config ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH 811 bool 812 813config CC_HAS_INT128 814 def_bool !$(cc-option,$(m64-flag) -D__SIZEOF_INT128__=0) && 64BIT 815 816# 817# For architectures that know their GCC __int128 support is sound 818# 819config ARCH_SUPPORTS_INT128 820 bool 821 822# For architectures that (ab)use NUMA to represent different memory regions 823# all cpu-local but of different latencies, such as SuperH. 824# 825config ARCH_WANT_NUMA_VARIABLE_LOCALITY 826 bool 827 828config NUMA_BALANCING 829 bool "Memory placement aware NUMA scheduler" 830 depends on ARCH_SUPPORTS_NUMA_BALANCING 831 depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY 832 depends on SMP && NUMA && MIGRATION 833 help 834 This option adds support for automatic NUMA aware memory/task placement. 835 The mechanism is quite primitive and is based on migrating memory when 836 it has references to the node the task is running on. 837 838 This system will be inactive on UMA systems. 839 840config NUMA_BALANCING_DEFAULT_ENABLED 841 bool "Automatically enable NUMA aware memory/task placement" 842 default y 843 depends on NUMA_BALANCING 844 help 845 If set, automatic NUMA balancing will be enabled if running on a NUMA 846 machine. 847 848menuconfig CGROUPS 849 bool "Control Group support" 850 select KERNFS 851 help 852 This option adds support for grouping sets of processes together, for 853 use with process control subsystems such as Cpusets, CFS, memory 854 controls or device isolation. 855 See 856 - Documentation/scheduler/sched-design-CFS.rst (CFS) 857 - Documentation/admin-guide/cgroup-v1/ (features for grouping, isolation 858 and resource control) 859 860 Say N if unsure. 861 862if CGROUPS 863 864config PAGE_COUNTER 865 bool 866 867config MEMCG 868 bool "Memory controller" 869 select PAGE_COUNTER 870 select EVENTFD 871 help 872 Provides control over the memory footprint of tasks in a cgroup. 873 874config MEMCG_SWAP 875 bool 876 depends on MEMCG && SWAP 877 default y 878 879config MEMCG_KMEM 880 bool 881 depends on MEMCG && !SLOB 882 default y 883 884config BLK_CGROUP 885 bool "IO controller" 886 depends on BLOCK 887 default n 888 help 889 Generic block IO controller cgroup interface. This is the common 890 cgroup interface which should be used by various IO controlling 891 policies. 892 893 Currently, CFQ IO scheduler uses it to recognize task groups and 894 control disk bandwidth allocation (proportional time slice allocation) 895 to such task groups. It is also used by bio throttling logic in 896 block layer to implement upper limit in IO rates on a device. 897 898 This option only enables generic Block IO controller infrastructure. 899 One needs to also enable actual IO controlling logic/policy. For 900 enabling proportional weight division of disk bandwidth in CFQ, set 901 CONFIG_BFQ_GROUP_IOSCHED=y; for enabling throttling policy, set 902 CONFIG_BLK_DEV_THROTTLING=y. 903 904 See Documentation/admin-guide/cgroup-v1/blkio-controller.rst for more information. 905 906config CGROUP_WRITEBACK 907 bool 908 depends on MEMCG && BLK_CGROUP 909 default y 910 911menuconfig CGROUP_SCHED 912 bool "CPU controller" 913 default n 914 help 915 This feature lets CPU scheduler recognize task groups and control CPU 916 bandwidth allocation to such task groups. It uses cgroups to group 917 tasks. 918 919if CGROUP_SCHED 920config FAIR_GROUP_SCHED 921 bool "Group scheduling for SCHED_OTHER" 922 depends on CGROUP_SCHED 923 default CGROUP_SCHED 924 925config CFS_BANDWIDTH 926 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED" 927 depends on FAIR_GROUP_SCHED 928 default n 929 help 930 This option allows users to define CPU bandwidth rates (limits) for 931 tasks running within the fair group scheduler. Groups with no limit 932 set are considered to be unconstrained and will run with no 933 restriction. 934 See Documentation/scheduler/sched-bwc.rst for more information. 935 936config RT_GROUP_SCHED 937 bool "Group scheduling for SCHED_RR/FIFO" 938 depends on CGROUP_SCHED 939 default n 940 help 941 This feature lets you explicitly allocate real CPU bandwidth 942 to task groups. If enabled, it will also make it impossible to 943 schedule realtime tasks for non-root users until you allocate 944 realtime bandwidth for them. 945 See Documentation/scheduler/sched-rt-group.rst for more information. 946 947endif #CGROUP_SCHED 948 949config UCLAMP_TASK_GROUP 950 bool "Utilization clamping per group of tasks" 951 depends on CGROUP_SCHED 952 depends on UCLAMP_TASK 953 default n 954 help 955 This feature enables the scheduler to track the clamped utilization 956 of each CPU based on RUNNABLE tasks currently scheduled on that CPU. 957 958 When this option is enabled, the user can specify a min and max 959 CPU bandwidth which is allowed for each single task in a group. 960 The max bandwidth allows to clamp the maximum frequency a task 961 can use, while the min bandwidth allows to define a minimum 962 frequency a task will always use. 963 964 When task group based utilization clamping is enabled, an eventually 965 specified task-specific clamp value is constrained by the cgroup 966 specified clamp value. Both minimum and maximum task clamping cannot 967 be bigger than the corresponding clamping defined at task group level. 968 969 If in doubt, say N. 970 971config CGROUP_PIDS 972 bool "PIDs controller" 973 help 974 Provides enforcement of process number limits in the scope of a 975 cgroup. Any attempt to fork more processes than is allowed in the 976 cgroup will fail. PIDs are fundamentally a global resource because it 977 is fairly trivial to reach PID exhaustion before you reach even a 978 conservative kmemcg limit. As a result, it is possible to grind a 979 system to halt without being limited by other cgroup policies. The 980 PIDs controller is designed to stop this from happening. 981 982 It should be noted that organisational operations (such as attaching 983 to a cgroup hierarchy) will *not* be blocked by the PIDs controller, 984 since the PIDs limit only affects a process's ability to fork, not to 985 attach to a cgroup. 986 987config CGROUP_RDMA 988 bool "RDMA controller" 989 help 990 Provides enforcement of RDMA resources defined by IB stack. 991 It is fairly easy for consumers to exhaust RDMA resources, which 992 can result into resource unavailability to other consumers. 993 RDMA controller is designed to stop this from happening. 994 Attaching processes with active RDMA resources to the cgroup 995 hierarchy is allowed even if can cross the hierarchy's limit. 996 997config CGROUP_FREEZER 998 bool "Freezer controller" 999 help 1000 Provides a way to freeze and unfreeze all tasks in a 1001 cgroup. 1002 1003 This option affects the ORIGINAL cgroup interface. The cgroup2 memory 1004 controller includes important in-kernel memory consumers per default. 1005 1006 If you're using cgroup2, say N. 1007 1008config CGROUP_HUGETLB 1009 bool "HugeTLB controller" 1010 depends on HUGETLB_PAGE 1011 select PAGE_COUNTER 1012 default n 1013 help 1014 Provides a cgroup controller for HugeTLB pages. 1015 When you enable this, you can put a per cgroup limit on HugeTLB usage. 1016 The limit is enforced during page fault. Since HugeTLB doesn't 1017 support page reclaim, enforcing the limit at page fault time implies 1018 that, the application will get SIGBUS signal if it tries to access 1019 HugeTLB pages beyond its limit. This requires the application to know 1020 beforehand how much HugeTLB pages it would require for its use. The 1021 control group is tracked in the third page lru pointer. This means 1022 that we cannot use the controller with huge page less than 3 pages. 1023 1024config CPUSETS 1025 bool "Cpuset controller" 1026 depends on SMP 1027 help 1028 This option will let you create and manage CPUSETs which 1029 allow dynamically partitioning a system into sets of CPUs and 1030 Memory Nodes and assigning tasks to run only within those sets. 1031 This is primarily useful on large SMP or NUMA systems. 1032 1033 Say N if unsure. 1034 1035config PROC_PID_CPUSET 1036 bool "Include legacy /proc/<pid>/cpuset file" 1037 depends on CPUSETS 1038 default y 1039 1040config CGROUP_DEVICE 1041 bool "Device controller" 1042 help 1043 Provides a cgroup controller implementing whitelists for 1044 devices which a process in the cgroup can mknod or open. 1045 1046config CGROUP_CPUACCT 1047 bool "Simple CPU accounting controller" 1048 help 1049 Provides a simple controller for monitoring the 1050 total CPU consumed by the tasks in a cgroup. 1051 1052config CGROUP_PERF 1053 bool "Perf controller" 1054 depends on PERF_EVENTS 1055 help 1056 This option extends the perf per-cpu mode to restrict monitoring 1057 to threads which belong to the cgroup specified and run on the 1058 designated cpu. Or this can be used to have cgroup ID in samples 1059 so that it can monitor performance events among cgroups. 1060 1061 Say N if unsure. 1062 1063config CGROUP_BPF 1064 bool "Support for eBPF programs attached to cgroups" 1065 depends on BPF_SYSCALL 1066 select SOCK_CGROUP_DATA 1067 help 1068 Allow attaching eBPF programs to a cgroup using the bpf(2) 1069 syscall command BPF_PROG_ATTACH. 1070 1071 In which context these programs are accessed depends on the type 1072 of attachment. For instance, programs that are attached using 1073 BPF_CGROUP_INET_INGRESS will be executed on the ingress path of 1074 inet sockets. 1075 1076config CGROUP_DEBUG 1077 bool "Debug controller" 1078 default n 1079 depends on DEBUG_KERNEL 1080 help 1081 This option enables a simple controller that exports 1082 debugging information about the cgroups framework. This 1083 controller is for control cgroup debugging only. Its 1084 interfaces are not stable. 1085 1086 Say N. 1087 1088config SOCK_CGROUP_DATA 1089 bool 1090 default n 1091 1092endif # CGROUPS 1093 1094menuconfig NAMESPACES 1095 bool "Namespaces support" if EXPERT 1096 depends on MULTIUSER 1097 default !EXPERT 1098 help 1099 Provides the way to make tasks work with different objects using 1100 the same id. For example same IPC id may refer to different objects 1101 or same user id or pid may refer to different tasks when used in 1102 different namespaces. 1103 1104if NAMESPACES 1105 1106config UTS_NS 1107 bool "UTS namespace" 1108 default y 1109 help 1110 In this namespace tasks see different info provided with the 1111 uname() system call 1112 1113config TIME_NS 1114 bool "TIME namespace" 1115 depends on GENERIC_VDSO_TIME_NS 1116 default y 1117 help 1118 In this namespace boottime and monotonic clocks can be set. 1119 The time will keep going with the same pace. 1120 1121config IPC_NS 1122 bool "IPC namespace" 1123 depends on (SYSVIPC || POSIX_MQUEUE) 1124 default y 1125 help 1126 In this namespace tasks work with IPC ids which correspond to 1127 different IPC objects in different namespaces. 1128 1129config USER_NS 1130 bool "User namespace" 1131 default n 1132 help 1133 This allows containers, i.e. vservers, to use user namespaces 1134 to provide different user info for different servers. 1135 1136 When user namespaces are enabled in the kernel it is 1137 recommended that the MEMCG option also be enabled and that 1138 user-space use the memory control groups to limit the amount 1139 of memory a memory unprivileged users can use. 1140 1141 If unsure, say N. 1142 1143config PID_NS 1144 bool "PID Namespaces" 1145 default y 1146 help 1147 Support process id namespaces. This allows having multiple 1148 processes with the same pid as long as they are in different 1149 pid namespaces. This is a building block of containers. 1150 1151config NET_NS 1152 bool "Network namespace" 1153 depends on NET 1154 default y 1155 help 1156 Allow user space to create what appear to be multiple instances 1157 of the network stack. 1158 1159endif # NAMESPACES 1160 1161config CHECKPOINT_RESTORE 1162 bool "Checkpoint/restore support" 1163 select PROC_CHILDREN 1164 default n 1165 help 1166 Enables additional kernel features in a sake of checkpoint/restore. 1167 In particular it adds auxiliary prctl codes to setup process text, 1168 data and heap segment sizes, and a few additional /proc filesystem 1169 entries. 1170 1171 If unsure, say N here. 1172 1173config SCHED_AUTOGROUP 1174 bool "Automatic process group scheduling" 1175 select CGROUPS 1176 select CGROUP_SCHED 1177 select FAIR_GROUP_SCHED 1178 help 1179 This option optimizes the scheduler for common desktop workloads by 1180 automatically creating and populating task groups. This separation 1181 of workloads isolates aggressive CPU burners (like build jobs) from 1182 desktop applications. Task group autogeneration is currently based 1183 upon task session. 1184 1185config SYSFS_DEPRECATED 1186 bool "Enable deprecated sysfs features to support old userspace tools" 1187 depends on SYSFS 1188 default n 1189 help 1190 This option adds code that switches the layout of the "block" class 1191 devices, to not show up in /sys/class/block/, but only in 1192 /sys/block/. 1193 1194 This switch is only active when the sysfs.deprecated=1 boot option is 1195 passed or the SYSFS_DEPRECATED_V2 option is set. 1196 1197 This option allows new kernels to run on old distributions and tools, 1198 which might get confused by /sys/class/block/. Since 2007/2008 all 1199 major distributions and tools handle this just fine. 1200 1201 Recent distributions and userspace tools after 2009/2010 depend on 1202 the existence of /sys/class/block/, and will not work with this 1203 option enabled. 1204 1205 Only if you are using a new kernel on an old distribution, you might 1206 need to say Y here. 1207 1208config SYSFS_DEPRECATED_V2 1209 bool "Enable deprecated sysfs features by default" 1210 default n 1211 depends on SYSFS 1212 depends on SYSFS_DEPRECATED 1213 help 1214 Enable deprecated sysfs by default. 1215 1216 See the CONFIG_SYSFS_DEPRECATED option for more details about this 1217 option. 1218 1219 Only if you are using a new kernel on an old distribution, you might 1220 need to say Y here. Even then, odds are you would not need it 1221 enabled, you can always pass the boot option if absolutely necessary. 1222 1223config RELAY 1224 bool "Kernel->user space relay support (formerly relayfs)" 1225 select IRQ_WORK 1226 help 1227 This option enables support for relay interface support in 1228 certain file systems (such as debugfs). 1229 It is designed to provide an efficient mechanism for tools and 1230 facilities to relay large amounts of data from kernel space to 1231 user space. 1232 1233 If unsure, say N. 1234 1235config BLK_DEV_INITRD 1236 bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support" 1237 help 1238 The initial RAM filesystem is a ramfs which is loaded by the 1239 boot loader (loadlin or lilo) and that is mounted as root 1240 before the normal boot procedure. It is typically used to 1241 load modules needed to mount the "real" root file system, 1242 etc. See <file:Documentation/admin-guide/initrd.rst> for details. 1243 1244 If RAM disk support (BLK_DEV_RAM) is also included, this 1245 also enables initial RAM disk (initrd) support and adds 1246 15 Kbytes (more on some other architectures) to the kernel size. 1247 1248 If unsure say Y. 1249 1250if BLK_DEV_INITRD 1251 1252source "usr/Kconfig" 1253 1254endif 1255 1256config BOOT_CONFIG 1257 bool "Boot config support" 1258 select BLK_DEV_INITRD 1259 help 1260 Extra boot config allows system admin to pass a config file as 1261 complemental extension of kernel cmdline when booting. 1262 The boot config file must be attached at the end of initramfs 1263 with checksum, size and magic word. 1264 See <file:Documentation/admin-guide/bootconfig.rst> for details. 1265 1266 If unsure, say Y. 1267 1268choice 1269 prompt "Compiler optimization level" 1270 default CC_OPTIMIZE_FOR_PERFORMANCE 1271 1272config CC_OPTIMIZE_FOR_PERFORMANCE 1273 bool "Optimize for performance (-O2)" 1274 help 1275 This is the default optimization level for the kernel, building 1276 with the "-O2" compiler flag for best performance and most 1277 helpful compile-time warnings. 1278 1279config CC_OPTIMIZE_FOR_PERFORMANCE_O3 1280 bool "Optimize more for performance (-O3)" 1281 depends on ARC 1282 help 1283 Choosing this option will pass "-O3" to your compiler to optimize 1284 the kernel yet more for performance. 1285 1286config CC_OPTIMIZE_FOR_SIZE 1287 bool "Optimize for size (-Os)" 1288 help 1289 Choosing this option will pass "-Os" to your compiler resulting 1290 in a smaller kernel. 1291 1292endchoice 1293 1294config HAVE_LD_DEAD_CODE_DATA_ELIMINATION 1295 bool 1296 help 1297 This requires that the arch annotates or otherwise protects 1298 its external entry points from being discarded. Linker scripts 1299 must also merge .text.*, .data.*, and .bss.* correctly into 1300 output sections. Care must be taken not to pull in unrelated 1301 sections (e.g., '.text.init'). Typically '.' in section names 1302 is used to distinguish them from label names / C identifiers. 1303 1304config LD_DEAD_CODE_DATA_ELIMINATION 1305 bool "Dead code and data elimination (EXPERIMENTAL)" 1306 depends on HAVE_LD_DEAD_CODE_DATA_ELIMINATION 1307 depends on EXPERT 1308 depends on $(cc-option,-ffunction-sections -fdata-sections) 1309 depends on $(ld-option,--gc-sections) 1310 help 1311 Enable this if you want to do dead code and data elimination with 1312 the linker by compiling with -ffunction-sections -fdata-sections, 1313 and linking with --gc-sections. 1314 1315 This can reduce on disk and in-memory size of the kernel 1316 code and static data, particularly for small configs and 1317 on small systems. This has the possibility of introducing 1318 silently broken kernel if the required annotations are not 1319 present. This option is not well tested yet, so use at your 1320 own risk. 1321 1322config SYSCTL 1323 bool 1324 1325config HAVE_UID16 1326 bool 1327 1328config SYSCTL_EXCEPTION_TRACE 1329 bool 1330 help 1331 Enable support for /proc/sys/debug/exception-trace. 1332 1333config SYSCTL_ARCH_UNALIGN_NO_WARN 1334 bool 1335 help 1336 Enable support for /proc/sys/kernel/ignore-unaligned-usertrap 1337 Allows arch to define/use @no_unaligned_warning to possibly warn 1338 about unaligned access emulation going on under the hood. 1339 1340config SYSCTL_ARCH_UNALIGN_ALLOW 1341 bool 1342 help 1343 Enable support for /proc/sys/kernel/unaligned-trap 1344 Allows arches to define/use @unaligned_enabled to runtime toggle 1345 the unaligned access emulation. 1346 see arch/parisc/kernel/unaligned.c for reference 1347 1348config HAVE_PCSPKR_PLATFORM 1349 bool 1350 1351# interpreter that classic socket filters depend on 1352config BPF 1353 bool 1354 1355menuconfig EXPERT 1356 bool "Configure standard kernel features (expert users)" 1357 # Unhide debug options, to make the on-by-default options visible 1358 select DEBUG_KERNEL 1359 help 1360 This option allows certain base kernel options and settings 1361 to be disabled or tweaked. This is for specialized 1362 environments which can tolerate a "non-standard" kernel. 1363 Only use this if you really know what you are doing. 1364 1365config UID16 1366 bool "Enable 16-bit UID system calls" if EXPERT 1367 depends on HAVE_UID16 && MULTIUSER 1368 default y 1369 help 1370 This enables the legacy 16-bit UID syscall wrappers. 1371 1372config MULTIUSER 1373 bool "Multiple users, groups and capabilities support" if EXPERT 1374 default y 1375 help 1376 This option enables support for non-root users, groups and 1377 capabilities. 1378 1379 If you say N here, all processes will run with UID 0, GID 0, and all 1380 possible capabilities. Saying N here also compiles out support for 1381 system calls related to UIDs, GIDs, and capabilities, such as setuid, 1382 setgid, and capset. 1383 1384 If unsure, say Y here. 1385 1386config SGETMASK_SYSCALL 1387 bool "sgetmask/ssetmask syscalls support" if EXPERT 1388 def_bool PARISC || M68K || PPC || MIPS || X86 || SPARC || MICROBLAZE || SUPERH 1389 help 1390 sys_sgetmask and sys_ssetmask are obsolete system calls 1391 no longer supported in libc but still enabled by default in some 1392 architectures. 1393 1394 If unsure, leave the default option here. 1395 1396config SYSFS_SYSCALL 1397 bool "Sysfs syscall support" if EXPERT 1398 default y 1399 help 1400 sys_sysfs is an obsolete system call no longer supported in libc. 1401 Note that disabling this option is more secure but might break 1402 compatibility with some systems. 1403 1404 If unsure say Y here. 1405 1406config FHANDLE 1407 bool "open by fhandle syscalls" if EXPERT 1408 select EXPORTFS 1409 default y 1410 help 1411 If you say Y here, a user level program will be able to map 1412 file names to handle and then later use the handle for 1413 different file system operations. This is useful in implementing 1414 userspace file servers, which now track files using handles instead 1415 of names. The handle would remain the same even if file names 1416 get renamed. Enables open_by_handle_at(2) and name_to_handle_at(2) 1417 syscalls. 1418 1419config POSIX_TIMERS 1420 bool "Posix Clocks & timers" if EXPERT 1421 default y 1422 help 1423 This includes native support for POSIX timers to the kernel. 1424 Some embedded systems have no use for them and therefore they 1425 can be configured out to reduce the size of the kernel image. 1426 1427 When this option is disabled, the following syscalls won't be 1428 available: timer_create, timer_gettime: timer_getoverrun, 1429 timer_settime, timer_delete, clock_adjtime, getitimer, 1430 setitimer, alarm. Furthermore, the clock_settime, clock_gettime, 1431 clock_getres and clock_nanosleep syscalls will be limited to 1432 CLOCK_REALTIME, CLOCK_MONOTONIC and CLOCK_BOOTTIME only. 1433 1434 If unsure say y. 1435 1436config PRINTK 1437 default y 1438 bool "Enable support for printk" if EXPERT 1439 select IRQ_WORK 1440 help 1441 This option enables normal printk support. Removing it 1442 eliminates most of the message strings from the kernel image 1443 and makes the kernel more or less silent. As this makes it 1444 very difficult to diagnose system problems, saying N here is 1445 strongly discouraged. 1446 1447config PRINTK_NMI 1448 def_bool y 1449 depends on PRINTK 1450 depends on HAVE_NMI 1451 1452config BUG 1453 bool "BUG() support" if EXPERT 1454 default y 1455 help 1456 Disabling this option eliminates support for BUG and WARN, reducing 1457 the size of your kernel image and potentially quietly ignoring 1458 numerous fatal conditions. You should only consider disabling this 1459 option for embedded systems with no facilities for reporting errors. 1460 Just say Y. 1461 1462config ELF_CORE 1463 depends on COREDUMP 1464 default y 1465 bool "Enable ELF core dumps" if EXPERT 1466 help 1467 Enable support for generating core dumps. Disabling saves about 4k. 1468 1469 1470config PCSPKR_PLATFORM 1471 bool "Enable PC-Speaker support" if EXPERT 1472 depends on HAVE_PCSPKR_PLATFORM 1473 select I8253_LOCK 1474 default y 1475 help 1476 This option allows to disable the internal PC-Speaker 1477 support, saving some memory. 1478 1479config BASE_FULL 1480 default y 1481 bool "Enable full-sized data structures for core" if EXPERT 1482 help 1483 Disabling this option reduces the size of miscellaneous core 1484 kernel data structures. This saves memory on small machines, 1485 but may reduce performance. 1486 1487config FUTEX 1488 bool "Enable futex support" if EXPERT 1489 default y 1490 imply RT_MUTEXES 1491 help 1492 Disabling this option will cause the kernel to be built without 1493 support for "fast userspace mutexes". The resulting kernel may not 1494 run glibc-based applications correctly. 1495 1496config FUTEX_PI 1497 bool 1498 depends on FUTEX && RT_MUTEXES 1499 default y 1500 1501config HAVE_FUTEX_CMPXCHG 1502 bool 1503 depends on FUTEX 1504 help 1505 Architectures should select this if futex_atomic_cmpxchg_inatomic() 1506 is implemented and always working. This removes a couple of runtime 1507 checks. 1508 1509config EPOLL 1510 bool "Enable eventpoll support" if EXPERT 1511 default y 1512 help 1513 Disabling this option will cause the kernel to be built without 1514 support for epoll family of system calls. 1515 1516config SIGNALFD 1517 bool "Enable signalfd() system call" if EXPERT 1518 default y 1519 help 1520 Enable the signalfd() system call that allows to receive signals 1521 on a file descriptor. 1522 1523 If unsure, say Y. 1524 1525config TIMERFD 1526 bool "Enable timerfd() system call" if EXPERT 1527 default y 1528 help 1529 Enable the timerfd() system call that allows to receive timer 1530 events on a file descriptor. 1531 1532 If unsure, say Y. 1533 1534config EVENTFD 1535 bool "Enable eventfd() system call" if EXPERT 1536 default y 1537 help 1538 Enable the eventfd() system call that allows to receive both 1539 kernel notification (ie. KAIO) or userspace notifications. 1540 1541 If unsure, say Y. 1542 1543config SHMEM 1544 bool "Use full shmem filesystem" if EXPERT 1545 default y 1546 depends on MMU 1547 help 1548 The shmem is an internal filesystem used to manage shared memory. 1549 It is backed by swap and manages resource limits. It is also exported 1550 to userspace as tmpfs if TMPFS is enabled. Disabling this 1551 option replaces shmem and tmpfs with the much simpler ramfs code, 1552 which may be appropriate on small systems without swap. 1553 1554config AIO 1555 bool "Enable AIO support" if EXPERT 1556 default y 1557 help 1558 This option enables POSIX asynchronous I/O which may by used 1559 by some high performance threaded applications. Disabling 1560 this option saves about 7k. 1561 1562config IO_URING 1563 bool "Enable IO uring support" if EXPERT 1564 select IO_WQ 1565 default y 1566 help 1567 This option enables support for the io_uring interface, enabling 1568 applications to submit and complete IO through submission and 1569 completion rings that are shared between the kernel and application. 1570 1571config ADVISE_SYSCALLS 1572 bool "Enable madvise/fadvise syscalls" if EXPERT 1573 default y 1574 help 1575 This option enables the madvise and fadvise syscalls, used by 1576 applications to advise the kernel about their future memory or file 1577 usage, improving performance. If building an embedded system where no 1578 applications use these syscalls, you can disable this option to save 1579 space. 1580 1581config HAVE_ARCH_USERFAULTFD_WP 1582 bool 1583 help 1584 Arch has userfaultfd write protection support 1585 1586config MEMBARRIER 1587 bool "Enable membarrier() system call" if EXPERT 1588 default y 1589 help 1590 Enable the membarrier() system call that allows issuing memory 1591 barriers across all running threads, which can be used to distribute 1592 the cost of user-space memory barriers asymmetrically by transforming 1593 pairs of memory barriers into pairs consisting of membarrier() and a 1594 compiler barrier. 1595 1596 If unsure, say Y. 1597 1598config KALLSYMS 1599 bool "Load all symbols for debugging/ksymoops" if EXPERT 1600 default y 1601 help 1602 Say Y here to let the kernel print out symbolic crash information and 1603 symbolic stack backtraces. This increases the size of the kernel 1604 somewhat, as all symbols have to be loaded into the kernel image. 1605 1606config KALLSYMS_ALL 1607 bool "Include all symbols in kallsyms" 1608 depends on DEBUG_KERNEL && KALLSYMS 1609 help 1610 Normally kallsyms only contains the symbols of functions for nicer 1611 OOPS messages and backtraces (i.e., symbols from the text and inittext 1612 sections). This is sufficient for most cases. And only in very rare 1613 cases (e.g., when a debugger is used) all symbols are required (e.g., 1614 names of variables from the data sections, etc). 1615 1616 This option makes sure that all symbols are loaded into the kernel 1617 image (i.e., symbols from all sections) in cost of increased kernel 1618 size (depending on the kernel configuration, it may be 300KiB or 1619 something like this). 1620 1621 Say N unless you really need all symbols. 1622 1623config KALLSYMS_ABSOLUTE_PERCPU 1624 bool 1625 depends on KALLSYMS 1626 default X86_64 && SMP 1627 1628config KALLSYMS_BASE_RELATIVE 1629 bool 1630 depends on KALLSYMS 1631 default !IA64 1632 help 1633 Instead of emitting them as absolute values in the native word size, 1634 emit the symbol references in the kallsyms table as 32-bit entries, 1635 each containing a relative value in the range [base, base + U32_MAX] 1636 or, when KALLSYMS_ABSOLUTE_PERCPU is in effect, each containing either 1637 an absolute value in the range [0, S32_MAX] or a relative value in the 1638 range [base, base + S32_MAX], where base is the lowest relative symbol 1639 address encountered in the image. 1640 1641 On 64-bit builds, this reduces the size of the address table by 50%, 1642 but more importantly, it results in entries whose values are build 1643 time constants, and no relocation pass is required at runtime to fix 1644 up the entries based on the runtime load address of the kernel. 1645 1646# end of the "standard kernel features (expert users)" menu 1647 1648# syscall, maps, verifier 1649 1650config BPF_LSM 1651 bool "LSM Instrumentation with BPF" 1652 depends on BPF_EVENTS 1653 depends on BPF_SYSCALL 1654 depends on SECURITY 1655 depends on BPF_JIT 1656 help 1657 Enables instrumentation of the security hooks with eBPF programs for 1658 implementing dynamic MAC and Audit Policies. 1659 1660 If you are unsure how to answer this question, answer N. 1661 1662config BPF_SYSCALL 1663 bool "Enable bpf() system call" 1664 select BPF 1665 select IRQ_WORK 1666 default n 1667 help 1668 Enable the bpf() system call that allows to manipulate eBPF 1669 programs and maps via file descriptors. 1670 1671config ARCH_WANT_DEFAULT_BPF_JIT 1672 bool 1673 1674config BPF_JIT_ALWAYS_ON 1675 bool "Permanently enable BPF JIT and remove BPF interpreter" 1676 depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT 1677 help 1678 Enables BPF JIT and removes BPF interpreter to avoid 1679 speculative execution of BPF instructions by the interpreter 1680 1681config BPF_JIT_DEFAULT_ON 1682 def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON 1683 depends on HAVE_EBPF_JIT && BPF_JIT 1684 1685config USERFAULTFD 1686 bool "Enable userfaultfd() system call" 1687 depends on MMU 1688 help 1689 Enable the userfaultfd() system call that allows to intercept and 1690 handle page faults in userland. 1691 1692config ARCH_HAS_MEMBARRIER_CALLBACKS 1693 bool 1694 1695config ARCH_HAS_MEMBARRIER_SYNC_CORE 1696 bool 1697 1698config RSEQ 1699 bool "Enable rseq() system call" if EXPERT 1700 default y 1701 depends on HAVE_RSEQ 1702 select MEMBARRIER 1703 help 1704 Enable the restartable sequences system call. It provides a 1705 user-space cache for the current CPU number value, which 1706 speeds up getting the current CPU number from user-space, 1707 as well as an ABI to speed up user-space operations on 1708 per-CPU data. 1709 1710 If unsure, say Y. 1711 1712config DEBUG_RSEQ 1713 default n 1714 bool "Enabled debugging of rseq() system call" if EXPERT 1715 depends on RSEQ && DEBUG_KERNEL 1716 help 1717 Enable extra debugging checks for the rseq system call. 1718 1719 If unsure, say N. 1720 1721config EMBEDDED 1722 bool "Embedded system" 1723 option allnoconfig_y 1724 select EXPERT 1725 help 1726 This option should be enabled if compiling the kernel for 1727 an embedded system so certain expert options are available 1728 for configuration. 1729 1730config HAVE_PERF_EVENTS 1731 bool 1732 help 1733 See tools/perf/design.txt for details. 1734 1735config PERF_USE_VMALLOC 1736 bool 1737 help 1738 See tools/perf/design.txt for details 1739 1740config PC104 1741 bool "PC/104 support" if EXPERT 1742 help 1743 Expose PC/104 form factor device drivers and options available for 1744 selection and configuration. Enable this option if your target 1745 machine has a PC/104 bus. 1746 1747menu "Kernel Performance Events And Counters" 1748 1749config PERF_EVENTS 1750 bool "Kernel performance events and counters" 1751 default y if PROFILING 1752 depends on HAVE_PERF_EVENTS 1753 select IRQ_WORK 1754 select SRCU 1755 help 1756 Enable kernel support for various performance events provided 1757 by software and hardware. 1758 1759 Software events are supported either built-in or via the 1760 use of generic tracepoints. 1761 1762 Most modern CPUs support performance events via performance 1763 counter registers. These registers count the number of certain 1764 types of hw events: such as instructions executed, cachemisses 1765 suffered, or branches mis-predicted - without slowing down the 1766 kernel or applications. These registers can also trigger interrupts 1767 when a threshold number of events have passed - and can thus be 1768 used to profile the code that runs on that CPU. 1769 1770 The Linux Performance Event subsystem provides an abstraction of 1771 these software and hardware event capabilities, available via a 1772 system call and used by the "perf" utility in tools/perf/. It 1773 provides per task and per CPU counters, and it provides event 1774 capabilities on top of those. 1775 1776 Say Y if unsure. 1777 1778config DEBUG_PERF_USE_VMALLOC 1779 default n 1780 bool "Debug: use vmalloc to back perf mmap() buffers" 1781 depends on PERF_EVENTS && DEBUG_KERNEL && !PPC 1782 select PERF_USE_VMALLOC 1783 help 1784 Use vmalloc memory to back perf mmap() buffers. 1785 1786 Mostly useful for debugging the vmalloc code on platforms 1787 that don't require it. 1788 1789 Say N if unsure. 1790 1791endmenu 1792 1793config VM_EVENT_COUNTERS 1794 default y 1795 bool "Enable VM event counters for /proc/vmstat" if EXPERT 1796 help 1797 VM event counters are needed for event counts to be shown. 1798 This option allows the disabling of the VM event counters 1799 on EXPERT systems. /proc/vmstat will only show page counts 1800 if VM event counters are disabled. 1801 1802config SLUB_DEBUG 1803 default y 1804 bool "Enable SLUB debugging support" if EXPERT 1805 depends on SLUB && SYSFS 1806 help 1807 SLUB has extensive debug support features. Disabling these can 1808 result in significant savings in code size. This also disables 1809 SLUB sysfs support. /sys/slab will not exist and there will be 1810 no support for cache validation etc. 1811 1812config SLUB_MEMCG_SYSFS_ON 1813 default n 1814 bool "Enable memcg SLUB sysfs support by default" if EXPERT 1815 depends on SLUB && SYSFS && MEMCG 1816 help 1817 SLUB creates a directory under /sys/kernel/slab for each 1818 allocation cache to host info and debug files. If memory 1819 cgroup is enabled, each cache can have per memory cgroup 1820 caches. SLUB can create the same sysfs directories for these 1821 caches under /sys/kernel/slab/CACHE/cgroup but it can lead 1822 to a very high number of debug files being created. This is 1823 controlled by slub_memcg_sysfs boot parameter and this 1824 config option determines the parameter's default value. 1825 1826config COMPAT_BRK 1827 bool "Disable heap randomization" 1828 default y 1829 help 1830 Randomizing heap placement makes heap exploits harder, but it 1831 also breaks ancient binaries (including anything libc5 based). 1832 This option changes the bootup default to heap randomization 1833 disabled, and can be overridden at runtime by setting 1834 /proc/sys/kernel/randomize_va_space to 2. 1835 1836 On non-ancient distros (post-2000 ones) N is usually a safe choice. 1837 1838choice 1839 prompt "Choose SLAB allocator" 1840 default SLUB 1841 help 1842 This option allows to select a slab allocator. 1843 1844config SLAB 1845 bool "SLAB" 1846 select HAVE_HARDENED_USERCOPY_ALLOCATOR 1847 help 1848 The regular slab allocator that is established and known to work 1849 well in all environments. It organizes cache hot objects in 1850 per cpu and per node queues. 1851 1852config SLUB 1853 bool "SLUB (Unqueued Allocator)" 1854 select HAVE_HARDENED_USERCOPY_ALLOCATOR 1855 help 1856 SLUB is a slab allocator that minimizes cache line usage 1857 instead of managing queues of cached objects (SLAB approach). 1858 Per cpu caching is realized using slabs of objects instead 1859 of queues of objects. SLUB can use memory efficiently 1860 and has enhanced diagnostics. SLUB is the default choice for 1861 a slab allocator. 1862 1863config SLOB 1864 depends on EXPERT 1865 bool "SLOB (Simple Allocator)" 1866 help 1867 SLOB replaces the stock allocator with a drastically simpler 1868 allocator. SLOB is generally more space efficient but 1869 does not perform as well on large systems. 1870 1871endchoice 1872 1873config SLAB_MERGE_DEFAULT 1874 bool "Allow slab caches to be merged" 1875 default y 1876 help 1877 For reduced kernel memory fragmentation, slab caches can be 1878 merged when they share the same size and other characteristics. 1879 This carries a risk of kernel heap overflows being able to 1880 overwrite objects from merged caches (and more easily control 1881 cache layout), which makes such heap attacks easier to exploit 1882 by attackers. By keeping caches unmerged, these kinds of exploits 1883 can usually only damage objects in the same cache. To disable 1884 merging at runtime, "slab_nomerge" can be passed on the kernel 1885 command line. 1886 1887config SLAB_FREELIST_RANDOM 1888 default n 1889 depends on SLAB || SLUB 1890 bool "SLAB freelist randomization" 1891 help 1892 Randomizes the freelist order used on creating new pages. This 1893 security feature reduces the predictability of the kernel slab 1894 allocator against heap overflows. 1895 1896config SLAB_FREELIST_HARDENED 1897 bool "Harden slab freelist metadata" 1898 depends on SLUB 1899 help 1900 Many kernel heap attacks try to target slab cache metadata and 1901 other infrastructure. This options makes minor performance 1902 sacrifices to harden the kernel slab allocator against common 1903 freelist exploit methods. 1904 1905config SHUFFLE_PAGE_ALLOCATOR 1906 bool "Page allocator randomization" 1907 default SLAB_FREELIST_RANDOM && ACPI_NUMA 1908 help 1909 Randomization of the page allocator improves the average 1910 utilization of a direct-mapped memory-side-cache. See section 1911 5.2.27 Heterogeneous Memory Attribute Table (HMAT) in the ACPI 1912 6.2a specification for an example of how a platform advertises 1913 the presence of a memory-side-cache. There are also incidental 1914 security benefits as it reduces the predictability of page 1915 allocations to compliment SLAB_FREELIST_RANDOM, but the 1916 default granularity of shuffling on the "MAX_ORDER - 1" i.e, 1917 10th order of pages is selected based on cache utilization 1918 benefits on x86. 1919 1920 While the randomization improves cache utilization it may 1921 negatively impact workloads on platforms without a cache. For 1922 this reason, by default, the randomization is enabled only 1923 after runtime detection of a direct-mapped memory-side-cache. 1924 Otherwise, the randomization may be force enabled with the 1925 'page_alloc.shuffle' kernel command line parameter. 1926 1927 Say Y if unsure. 1928 1929config SLUB_CPU_PARTIAL 1930 default y 1931 depends on SLUB && SMP 1932 bool "SLUB per cpu partial cache" 1933 help 1934 Per cpu partial caches accelerate objects allocation and freeing 1935 that is local to a processor at the price of more indeterminism 1936 in the latency of the free. On overflow these caches will be cleared 1937 which requires the taking of locks that may cause latency spikes. 1938 Typically one would choose no for a realtime system. 1939 1940config MMAP_ALLOW_UNINITIALIZED 1941 bool "Allow mmapped anonymous memory to be uninitialized" 1942 depends on EXPERT && !MMU 1943 default n 1944 help 1945 Normally, and according to the Linux spec, anonymous memory obtained 1946 from mmap() has its contents cleared before it is passed to 1947 userspace. Enabling this config option allows you to request that 1948 mmap() skip that if it is given an MAP_UNINITIALIZED flag, thus 1949 providing a huge performance boost. If this option is not enabled, 1950 then the flag will be ignored. 1951 1952 This is taken advantage of by uClibc's malloc(), and also by 1953 ELF-FDPIC binfmt's brk and stack allocator. 1954 1955 Because of the obvious security issues, this option should only be 1956 enabled on embedded devices where you control what is run in 1957 userspace. Since that isn't generally a problem on no-MMU systems, 1958 it is normally safe to say Y here. 1959 1960 See Documentation/nommu-mmap.txt for more information. 1961 1962config SYSTEM_DATA_VERIFICATION 1963 def_bool n 1964 select SYSTEM_TRUSTED_KEYRING 1965 select KEYS 1966 select CRYPTO 1967 select CRYPTO_RSA 1968 select ASYMMETRIC_KEY_TYPE 1969 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 1970 select ASN1 1971 select OID_REGISTRY 1972 select X509_CERTIFICATE_PARSER 1973 select PKCS7_MESSAGE_PARSER 1974 help 1975 Provide PKCS#7 message verification using the contents of the system 1976 trusted keyring to provide public keys. This then can be used for 1977 module verification, kexec image verification and firmware blob 1978 verification. 1979 1980config PROFILING 1981 bool "Profiling support" 1982 help 1983 Say Y here to enable the extended profiling support mechanisms used 1984 by profilers such as OProfile. 1985 1986# 1987# Place an empty function call at each tracepoint site. Can be 1988# dynamically changed for a probe function. 1989# 1990config TRACEPOINTS 1991 bool 1992 1993endmenu # General setup 1994 1995source "arch/Kconfig" 1996 1997config RT_MUTEXES 1998 bool 1999 2000config BASE_SMALL 2001 int 2002 default 0 if BASE_FULL 2003 default 1 if !BASE_FULL 2004 2005config MODULE_SIG_FORMAT 2006 def_bool n 2007 select SYSTEM_DATA_VERIFICATION 2008 2009menuconfig MODULES 2010 bool "Enable loadable module support" 2011 option modules 2012 help 2013 Kernel modules are small pieces of compiled code which can 2014 be inserted in the running kernel, rather than being 2015 permanently built into the kernel. You use the "modprobe" 2016 tool to add (and sometimes remove) them. If you say Y here, 2017 many parts of the kernel can be built as modules (by 2018 answering M instead of Y where indicated): this is most 2019 useful for infrequently used options which are not required 2020 for booting. For more information, see the man pages for 2021 modprobe, lsmod, modinfo, insmod and rmmod. 2022 2023 If you say Y here, you will need to run "make 2024 modules_install" to put the modules under /lib/modules/ 2025 where modprobe can find them (you may need to be root to do 2026 this). 2027 2028 If unsure, say Y. 2029 2030if MODULES 2031 2032config MODULE_FORCE_LOAD 2033 bool "Forced module loading" 2034 default n 2035 help 2036 Allow loading of modules without version information (ie. modprobe 2037 --force). Forced module loading sets the 'F' (forced) taint flag and 2038 is usually a really bad idea. 2039 2040config MODULE_UNLOAD 2041 bool "Module unloading" 2042 help 2043 Without this option you will not be able to unload any 2044 modules (note that some modules may not be unloadable 2045 anyway), which makes your kernel smaller, faster 2046 and simpler. If unsure, say Y. 2047 2048config MODULE_FORCE_UNLOAD 2049 bool "Forced module unloading" 2050 depends on MODULE_UNLOAD 2051 help 2052 This option allows you to force a module to unload, even if the 2053 kernel believes it is unsafe: the kernel will remove the module 2054 without waiting for anyone to stop using it (using the -f option to 2055 rmmod). This is mainly for kernel developers and desperate users. 2056 If unsure, say N. 2057 2058config MODVERSIONS 2059 bool "Module versioning support" 2060 help 2061 Usually, you have to use modules compiled with your kernel. 2062 Saying Y here makes it sometimes possible to use modules 2063 compiled for different kernels, by adding enough information 2064 to the modules to (hopefully) spot any changes which would 2065 make them incompatible with the kernel you are running. If 2066 unsure, say N. 2067 2068config ASM_MODVERSIONS 2069 bool 2070 default HAVE_ASM_MODVERSIONS && MODVERSIONS 2071 help 2072 This enables module versioning for exported symbols also from 2073 assembly. This can be enabled only when the target architecture 2074 supports it. 2075 2076config MODULE_REL_CRCS 2077 bool 2078 depends on MODVERSIONS 2079 2080config MODULE_SRCVERSION_ALL 2081 bool "Source checksum for all modules" 2082 help 2083 Modules which contain a MODULE_VERSION get an extra "srcversion" 2084 field inserted into their modinfo section, which contains a 2085 sum of the source files which made it. This helps maintainers 2086 see exactly which source was used to build a module (since 2087 others sometimes change the module source without updating 2088 the version). With this option, such a "srcversion" field 2089 will be created for all modules. If unsure, say N. 2090 2091config MODULE_SIG 2092 bool "Module signature verification" 2093 select MODULE_SIG_FORMAT 2094 help 2095 Check modules for valid signatures upon load: the signature 2096 is simply appended to the module. For more information see 2097 <file:Documentation/admin-guide/module-signing.rst>. 2098 2099 Note that this option adds the OpenSSL development packages as a 2100 kernel build dependency so that the signing tool can use its crypto 2101 library. 2102 2103 You should enable this option if you wish to use either 2104 CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via 2105 another LSM - otherwise unsigned modules will be loadable regardless 2106 of the lockdown policy. 2107 2108 !!!WARNING!!! If you enable this option, you MUST make sure that the 2109 module DOES NOT get stripped after being signed. This includes the 2110 debuginfo strip done by some packagers (such as rpmbuild) and 2111 inclusion into an initramfs that wants the module size reduced. 2112 2113config MODULE_SIG_FORCE 2114 bool "Require modules to be validly signed" 2115 depends on MODULE_SIG 2116 help 2117 Reject unsigned modules or signed modules for which we don't have a 2118 key. Without this, such modules will simply taint the kernel. 2119 2120config MODULE_SIG_ALL 2121 bool "Automatically sign all modules" 2122 default y 2123 depends on MODULE_SIG 2124 help 2125 Sign all modules during make modules_install. Without this option, 2126 modules must be signed manually, using the scripts/sign-file tool. 2127 2128comment "Do not forget to sign required modules with scripts/sign-file" 2129 depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL 2130 2131choice 2132 prompt "Which hash algorithm should modules be signed with?" 2133 depends on MODULE_SIG 2134 help 2135 This determines which sort of hashing algorithm will be used during 2136 signature generation. This algorithm _must_ be built into the kernel 2137 directly so that signature verification can take place. It is not 2138 possible to load a signed module containing the algorithm to check 2139 the signature on that module. 2140 2141config MODULE_SIG_SHA1 2142 bool "Sign modules with SHA-1" 2143 select CRYPTO_SHA1 2144 2145config MODULE_SIG_SHA224 2146 bool "Sign modules with SHA-224" 2147 select CRYPTO_SHA256 2148 2149config MODULE_SIG_SHA256 2150 bool "Sign modules with SHA-256" 2151 select CRYPTO_SHA256 2152 2153config MODULE_SIG_SHA384 2154 bool "Sign modules with SHA-384" 2155 select CRYPTO_SHA512 2156 2157config MODULE_SIG_SHA512 2158 bool "Sign modules with SHA-512" 2159 select CRYPTO_SHA512 2160 2161endchoice 2162 2163config MODULE_SIG_HASH 2164 string 2165 depends on MODULE_SIG 2166 default "sha1" if MODULE_SIG_SHA1 2167 default "sha224" if MODULE_SIG_SHA224 2168 default "sha256" if MODULE_SIG_SHA256 2169 default "sha384" if MODULE_SIG_SHA384 2170 default "sha512" if MODULE_SIG_SHA512 2171 2172config MODULE_COMPRESS 2173 bool "Compress modules on installation" 2174 help 2175 2176 Compresses kernel modules when 'make modules_install' is run; gzip or 2177 xz depending on "Compression algorithm" below. 2178 2179 module-init-tools MAY support gzip, and kmod MAY support gzip and xz. 2180 2181 Out-of-tree kernel modules installed using Kbuild will also be 2182 compressed upon installation. 2183 2184 Note: for modules inside an initrd or initramfs, it's more efficient 2185 to compress the whole initrd or initramfs instead. 2186 2187 Note: This is fully compatible with signed modules. 2188 2189 If in doubt, say N. 2190 2191choice 2192 prompt "Compression algorithm" 2193 depends on MODULE_COMPRESS 2194 default MODULE_COMPRESS_GZIP 2195 help 2196 This determines which sort of compression will be used during 2197 'make modules_install'. 2198 2199 GZIP (default) and XZ are supported. 2200 2201config MODULE_COMPRESS_GZIP 2202 bool "GZIP" 2203 2204config MODULE_COMPRESS_XZ 2205 bool "XZ" 2206 2207endchoice 2208 2209config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS 2210 bool "Allow loading of modules with missing namespace imports" 2211 help 2212 Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in 2213 a namespace. A module that makes use of a symbol exported with such a 2214 namespace is required to import the namespace via MODULE_IMPORT_NS(). 2215 There is no technical reason to enforce correct namespace imports, 2216 but it creates consistency between symbols defining namespaces and 2217 users importing namespaces they make use of. This option relaxes this 2218 requirement and lifts the enforcement when loading a module. 2219 2220 If unsure, say N. 2221 2222config UNUSED_SYMBOLS 2223 bool "Enable unused/obsolete exported symbols" 2224 default y if X86 2225 help 2226 Unused but exported symbols make the kernel needlessly bigger. For 2227 that reason most of these unused exports will soon be removed. This 2228 option is provided temporarily to provide a transition period in case 2229 some external kernel module needs one of these symbols anyway. If you 2230 encounter such a case in your module, consider if you are actually 2231 using the right API. (rationale: since nobody in the kernel is using 2232 this in a module, there is a pretty good chance it's actually the 2233 wrong interface to use). If you really need the symbol, please send a 2234 mail to the linux kernel mailing list mentioning the symbol and why 2235 you really need it, and what the merge plan to the mainline kernel for 2236 your module is. 2237 2238config TRIM_UNUSED_KSYMS 2239 bool "Trim unused exported kernel symbols" 2240 depends on !UNUSED_SYMBOLS 2241 help 2242 The kernel and some modules make many symbols available for 2243 other modules to use via EXPORT_SYMBOL() and variants. Depending 2244 on the set of modules being selected in your kernel configuration, 2245 many of those exported symbols might never be used. 2246 2247 This option allows for unused exported symbols to be dropped from 2248 the build. In turn, this provides the compiler more opportunities 2249 (especially when using LTO) for optimizing the code and reducing 2250 binary size. This might have some security advantages as well. 2251 2252 If unsure, or if you need to build out-of-tree modules, say N. 2253 2254config UNUSED_KSYMS_WHITELIST 2255 string "Whitelist of symbols to keep in ksymtab" 2256 depends on TRIM_UNUSED_KSYMS 2257 help 2258 By default, all unused exported symbols will be un-exported from the 2259 build when TRIM_UNUSED_KSYMS is selected. 2260 2261 UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept 2262 exported at all times, even in absence of in-tree users. The value to 2263 set here is the path to a text file containing the list of symbols, 2264 one per line. The path can be absolute, or relative to the kernel 2265 source tree. 2266 2267endif # MODULES 2268 2269config MODULES_TREE_LOOKUP 2270 def_bool y 2271 depends on PERF_EVENTS || TRACING 2272 2273config INIT_ALL_POSSIBLE 2274 bool 2275 help 2276 Back when each arch used to define their own cpu_online_mask and 2277 cpu_possible_mask, some of them chose to initialize cpu_possible_mask 2278 with all 1s, and others with all 0s. When they were centralised, 2279 it was better to provide this option than to break all the archs 2280 and have several arch maintainers pursuing me down dark alleys. 2281 2282source "block/Kconfig" 2283 2284config PREEMPT_NOTIFIERS 2285 bool 2286 2287config PADATA 2288 depends on SMP 2289 bool 2290 2291config ASN1 2292 tristate 2293 help 2294 Build a simple ASN.1 grammar compiler that produces a bytecode output 2295 that can be interpreted by the ASN.1 stream decoder and used to 2296 inform it as to what tags are to be expected in a stream and what 2297 functions to call on what tags. 2298 2299source "kernel/Kconfig.locks" 2300 2301config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE 2302 bool 2303 2304config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE 2305 bool 2306 2307# It may be useful for an architecture to override the definitions of the 2308# SYSCALL_DEFINE() and __SYSCALL_DEFINEx() macros in <linux/syscalls.h> 2309# and the COMPAT_ variants in <linux/compat.h>, in particular to use a 2310# different calling convention for syscalls. They can also override the 2311# macros for not-implemented syscalls in kernel/sys_ni.c and 2312# kernel/time/posix-stubs.c. All these overrides need to be available in 2313# <asm/syscall_wrapper.h>. 2314config ARCH_HAS_SYSCALL_WRAPPER 2315 def_bool n 2316