xref: /openbmc/linux/init/Kconfig (revision 59b4412f)
1# SPDX-License-Identifier: GPL-2.0-only
2config DEFCONFIG_LIST
3	string
4	depends on !UML
5	option defconfig_list
6	default "/lib/modules/$(shell,uname -r)/.config"
7	default "/etc/kernel-config"
8	default "/boot/config-$(shell,uname -r)"
9	default "arch/$(SRCARCH)/configs/$(KBUILD_DEFCONFIG)"
10
11config CC_VERSION_TEXT
12	string
13	default "$(CC_VERSION_TEXT)"
14	help
15	  This is used in unclear ways:
16
17	  - Re-run Kconfig when the compiler is updated
18	    The 'default' property references the environment variable,
19	    CC_VERSION_TEXT so it is recorded in include/config/auto.conf.cmd.
20	    When the compiler is updated, Kconfig will be invoked.
21
22	  - Ensure full rebuild when the compier is updated
23	    include/linux/kconfig.h contains this option in the comment line so
24	    fixdep adds include/config/cc/version/text.h into the auto-generated
25	    dependency. When the compiler is updated, syncconfig will touch it
26	    and then every file will be rebuilt.
27
28config CC_IS_GCC
29	def_bool $(success,echo "$(CC_VERSION_TEXT)" | grep -q gcc)
30
31config GCC_VERSION
32	int
33	default $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) if CC_IS_GCC
34	default 0
35
36config LD_VERSION
37	int
38	default $(shell,$(LD) --version | $(srctree)/scripts/ld-version.sh)
39
40config CC_IS_CLANG
41	def_bool $(success,echo "$(CC_VERSION_TEXT)" | grep -q clang)
42
43config LD_IS_LLD
44	def_bool $(success,$(LD) -v | head -n 1 | grep -q LLD)
45
46config CLANG_VERSION
47	int
48	default $(shell,$(srctree)/scripts/clang-version.sh $(CC))
49
50config CC_CAN_LINK
51	bool
52	default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m64-flag)) if 64BIT
53	default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m32-flag))
54
55config CC_CAN_LINK_STATIC
56	bool
57	default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m64-flag) -static) if 64BIT
58	default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m32-flag) -static)
59
60config CC_HAS_ASM_GOTO
61	def_bool $(success,$(srctree)/scripts/gcc-goto.sh $(CC))
62
63config CC_HAS_ASM_GOTO_OUTPUT
64	depends on CC_HAS_ASM_GOTO
65	def_bool $(success,echo 'int foo(int x) { asm goto ("": "=r"(x) ::: bar); return x; bar: return 0; }' | $(CC) -x c - -c -o /dev/null)
66
67config TOOLS_SUPPORT_RELR
68	def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
69
70config CC_HAS_ASM_INLINE
71	def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
72
73config CONSTRUCTORS
74	bool
75	depends on !UML
76
77config IRQ_WORK
78	bool
79
80config BUILDTIME_TABLE_SORT
81	bool
82
83config THREAD_INFO_IN_TASK
84	bool
85	help
86	  Select this to move thread_info off the stack into task_struct.  To
87	  make this work, an arch will need to remove all thread_info fields
88	  except flags and fix any runtime bugs.
89
90	  One subtle change that will be needed is to use try_get_task_stack()
91	  and put_task_stack() in save_thread_stack_tsk() and get_wchan().
92
93menu "General setup"
94
95config BROKEN
96	bool
97
98config BROKEN_ON_SMP
99	bool
100	depends on BROKEN || !SMP
101	default y
102
103config INIT_ENV_ARG_LIMIT
104	int
105	default 32 if !UML
106	default 128 if UML
107	help
108	  Maximum of each of the number of arguments and environment
109	  variables passed to init from the kernel command line.
110
111config COMPILE_TEST
112	bool "Compile also drivers which will not load"
113	depends on !UML
114	default n
115	help
116	  Some drivers can be compiled on a different platform than they are
117	  intended to be run on. Despite they cannot be loaded there (or even
118	  when they load they cannot be used due to missing HW support),
119	  developers still, opposing to distributors, might want to build such
120	  drivers to compile-test them.
121
122	  If you are a developer and want to build everything available, say Y
123	  here. If you are a user/distributor, say N here to exclude useless
124	  drivers to be distributed.
125
126config UAPI_HEADER_TEST
127	bool "Compile test UAPI headers"
128	depends on HEADERS_INSTALL && CC_CAN_LINK
129	help
130	  Compile test headers exported to user-space to ensure they are
131	  self-contained, i.e. compilable as standalone units.
132
133	  If you are a developer or tester and want to ensure the exported
134	  headers are self-contained, say Y here. Otherwise, choose N.
135
136config LOCALVERSION
137	string "Local version - append to kernel release"
138	help
139	  Append an extra string to the end of your kernel version.
140	  This will show up when you type uname, for example.
141	  The string you set here will be appended after the contents of
142	  any files with a filename matching localversion* in your
143	  object and source tree, in that order.  Your total string can
144	  be a maximum of 64 characters.
145
146config LOCALVERSION_AUTO
147	bool "Automatically append version information to the version string"
148	default y
149	depends on !COMPILE_TEST
150	help
151	  This will try to automatically determine if the current tree is a
152	  release tree by looking for git tags that belong to the current
153	  top of tree revision.
154
155	  A string of the format -gxxxxxxxx will be added to the localversion
156	  if a git-based tree is found.  The string generated by this will be
157	  appended after any matching localversion* files, and after the value
158	  set in CONFIG_LOCALVERSION.
159
160	  (The actual string used here is the first eight characters produced
161	  by running the command:
162
163	    $ git rev-parse --verify HEAD
164
165	  which is done within the script "scripts/setlocalversion".)
166
167config BUILD_SALT
168	string "Build ID Salt"
169	default ""
170	help
171	  The build ID is used to link binaries and their debug info. Setting
172	  this option will use the value in the calculation of the build id.
173	  This is mostly useful for distributions which want to ensure the
174	  build is unique between builds. It's safe to leave the default.
175
176config HAVE_KERNEL_GZIP
177	bool
178
179config HAVE_KERNEL_BZIP2
180	bool
181
182config HAVE_KERNEL_LZMA
183	bool
184
185config HAVE_KERNEL_XZ
186	bool
187
188config HAVE_KERNEL_LZO
189	bool
190
191config HAVE_KERNEL_LZ4
192	bool
193
194config HAVE_KERNEL_UNCOMPRESSED
195	bool
196
197choice
198	prompt "Kernel compression mode"
199	default KERNEL_GZIP
200	depends on HAVE_KERNEL_GZIP || HAVE_KERNEL_BZIP2 || HAVE_KERNEL_LZMA || HAVE_KERNEL_XZ || HAVE_KERNEL_LZO || HAVE_KERNEL_LZ4 || HAVE_KERNEL_UNCOMPRESSED
201	help
202	  The linux kernel is a kind of self-extracting executable.
203	  Several compression algorithms are available, which differ
204	  in efficiency, compression and decompression speed.
205	  Compression speed is only relevant when building a kernel.
206	  Decompression speed is relevant at each boot.
207
208	  If you have any problems with bzip2 or lzma compressed
209	  kernels, mail me (Alain Knaff) <alain@knaff.lu>. (An older
210	  version of this functionality (bzip2 only), for 2.4, was
211	  supplied by Christian Ludwig)
212
213	  High compression options are mostly useful for users, who
214	  are low on disk space (embedded systems), but for whom ram
215	  size matters less.
216
217	  If in doubt, select 'gzip'
218
219config KERNEL_GZIP
220	bool "Gzip"
221	depends on HAVE_KERNEL_GZIP
222	help
223	  The old and tried gzip compression. It provides a good balance
224	  between compression ratio and decompression speed.
225
226config KERNEL_BZIP2
227	bool "Bzip2"
228	depends on HAVE_KERNEL_BZIP2
229	help
230	  Its compression ratio and speed is intermediate.
231	  Decompression speed is slowest among the choices.  The kernel
232	  size is about 10% smaller with bzip2, in comparison to gzip.
233	  Bzip2 uses a large amount of memory. For modern kernels you
234	  will need at least 8MB RAM or more for booting.
235
236config KERNEL_LZMA
237	bool "LZMA"
238	depends on HAVE_KERNEL_LZMA
239	help
240	  This compression algorithm's ratio is best.  Decompression speed
241	  is between gzip and bzip2.  Compression is slowest.
242	  The kernel size is about 33% smaller with LZMA in comparison to gzip.
243
244config KERNEL_XZ
245	bool "XZ"
246	depends on HAVE_KERNEL_XZ
247	help
248	  XZ uses the LZMA2 algorithm and instruction set specific
249	  BCJ filters which can improve compression ratio of executable
250	  code. The size of the kernel is about 30% smaller with XZ in
251	  comparison to gzip. On architectures for which there is a BCJ
252	  filter (i386, x86_64, ARM, IA-64, PowerPC, and SPARC), XZ
253	  will create a few percent smaller kernel than plain LZMA.
254
255	  The speed is about the same as with LZMA: The decompression
256	  speed of XZ is better than that of bzip2 but worse than gzip
257	  and LZO. Compression is slow.
258
259config KERNEL_LZO
260	bool "LZO"
261	depends on HAVE_KERNEL_LZO
262	help
263	  Its compression ratio is the poorest among the choices. The kernel
264	  size is about 10% bigger than gzip; however its speed
265	  (both compression and decompression) is the fastest.
266
267config KERNEL_LZ4
268	bool "LZ4"
269	depends on HAVE_KERNEL_LZ4
270	help
271	  LZ4 is an LZ77-type compressor with a fixed, byte-oriented encoding.
272	  A preliminary version of LZ4 de/compression tool is available at
273	  <https://code.google.com/p/lz4/>.
274
275	  Its compression ratio is worse than LZO. The size of the kernel
276	  is about 8% bigger than LZO. But the decompression speed is
277	  faster than LZO.
278
279config KERNEL_UNCOMPRESSED
280	bool "None"
281	depends on HAVE_KERNEL_UNCOMPRESSED
282	help
283	  Produce uncompressed kernel image. This option is usually not what
284	  you want. It is useful for debugging the kernel in slow simulation
285	  environments, where decompressing and moving the kernel is awfully
286	  slow. This option allows early boot code to skip the decompressor
287	  and jump right at uncompressed kernel image.
288
289endchoice
290
291config DEFAULT_INIT
292	string "Default init path"
293	default ""
294	help
295	  This option determines the default init for the system if no init=
296	  option is passed on the kernel command line. If the requested path is
297	  not present, we will still then move on to attempting further
298	  locations (e.g. /sbin/init, etc). If this is empty, we will just use
299	  the fallback list when init= is not passed.
300
301config DEFAULT_HOSTNAME
302	string "Default hostname"
303	default "(none)"
304	help
305	  This option determines the default system hostname before userspace
306	  calls sethostname(2). The kernel traditionally uses "(none)" here,
307	  but you may wish to use a different default here to make a minimal
308	  system more usable with less configuration.
309
310#
311# For some reason microblaze and nios2 hard code SWAP=n.  Hopefully we can
312# add proper SWAP support to them, in which case this can be remove.
313#
314config ARCH_NO_SWAP
315	bool
316
317config SWAP
318	bool "Support for paging of anonymous memory (swap)"
319	depends on MMU && BLOCK && !ARCH_NO_SWAP
320	default y
321	help
322	  This option allows you to choose whether you want to have support
323	  for so called swap devices or swap files in your kernel that are
324	  used to provide more virtual memory than the actual RAM present
325	  in your computer.  If unsure say Y.
326
327config SYSVIPC
328	bool "System V IPC"
329	help
330	  Inter Process Communication is a suite of library functions and
331	  system calls which let processes (running programs) synchronize and
332	  exchange information. It is generally considered to be a good thing,
333	  and some programs won't run unless you say Y here. In particular, if
334	  you want to run the DOS emulator dosemu under Linux (read the
335	  DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
336	  you'll need to say Y here.
337
338	  You can find documentation about IPC with "info ipc" and also in
339	  section 6.4 of the Linux Programmer's Guide, available from
340	  <http://www.tldp.org/guides.html>.
341
342config SYSVIPC_SYSCTL
343	bool
344	depends on SYSVIPC
345	depends on SYSCTL
346	default y
347
348config POSIX_MQUEUE
349	bool "POSIX Message Queues"
350	depends on NET
351	help
352	  POSIX variant of message queues is a part of IPC. In POSIX message
353	  queues every message has a priority which decides about succession
354	  of receiving it by a process. If you want to compile and run
355	  programs written e.g. for Solaris with use of its POSIX message
356	  queues (functions mq_*) say Y here.
357
358	  POSIX message queues are visible as a filesystem called 'mqueue'
359	  and can be mounted somewhere if you want to do filesystem
360	  operations on message queues.
361
362	  If unsure, say Y.
363
364config POSIX_MQUEUE_SYSCTL
365	bool
366	depends on POSIX_MQUEUE
367	depends on SYSCTL
368	default y
369
370config WATCH_QUEUE
371	bool "General notification queue"
372	default n
373	help
374
375	  This is a general notification queue for the kernel to pass events to
376	  userspace by splicing them into pipes.  It can be used in conjunction
377	  with watches for key/keyring change notifications and device
378	  notifications.
379
380	  See Documentation/watch_queue.rst
381
382config CROSS_MEMORY_ATTACH
383	bool "Enable process_vm_readv/writev syscalls"
384	depends on MMU
385	default y
386	help
387	  Enabling this option adds the system calls process_vm_readv and
388	  process_vm_writev which allow a process with the correct privileges
389	  to directly read from or write to another process' address space.
390	  See the man page for more details.
391
392config USELIB
393	bool "uselib syscall"
394	def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
395	help
396	  This option enables the uselib syscall, a system call used in the
397	  dynamic linker from libc5 and earlier.  glibc does not use this
398	  system call.  If you intend to run programs built on libc5 or
399	  earlier, you may need to enable this syscall.  Current systems
400	  running glibc can safely disable this.
401
402config AUDIT
403	bool "Auditing support"
404	depends on NET
405	help
406	  Enable auditing infrastructure that can be used with another
407	  kernel subsystem, such as SELinux (which requires this for
408	  logging of avc messages output).  System call auditing is included
409	  on architectures which support it.
410
411config HAVE_ARCH_AUDITSYSCALL
412	bool
413
414config AUDITSYSCALL
415	def_bool y
416	depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
417	select FSNOTIFY
418
419source "kernel/irq/Kconfig"
420source "kernel/time/Kconfig"
421source "kernel/Kconfig.preempt"
422
423menu "CPU/Task time and stats accounting"
424
425config VIRT_CPU_ACCOUNTING
426	bool
427
428choice
429	prompt "Cputime accounting"
430	default TICK_CPU_ACCOUNTING if !PPC64
431	default VIRT_CPU_ACCOUNTING_NATIVE if PPC64
432
433# Kind of a stub config for the pure tick based cputime accounting
434config TICK_CPU_ACCOUNTING
435	bool "Simple tick based cputime accounting"
436	depends on !S390 && !NO_HZ_FULL
437	help
438	  This is the basic tick based cputime accounting that maintains
439	  statistics about user, system and idle time spent on per jiffies
440	  granularity.
441
442	  If unsure, say Y.
443
444config VIRT_CPU_ACCOUNTING_NATIVE
445	bool "Deterministic task and CPU time accounting"
446	depends on HAVE_VIRT_CPU_ACCOUNTING && !NO_HZ_FULL
447	select VIRT_CPU_ACCOUNTING
448	help
449	  Select this option to enable more accurate task and CPU time
450	  accounting.  This is done by reading a CPU counter on each
451	  kernel entry and exit and on transitions within the kernel
452	  between system, softirq and hardirq state, so there is a
453	  small performance impact.  In the case of s390 or IBM POWER > 5,
454	  this also enables accounting of stolen time on logically-partitioned
455	  systems.
456
457config VIRT_CPU_ACCOUNTING_GEN
458	bool "Full dynticks CPU time accounting"
459	depends on HAVE_CONTEXT_TRACKING
460	depends on HAVE_VIRT_CPU_ACCOUNTING_GEN
461	depends on GENERIC_CLOCKEVENTS
462	select VIRT_CPU_ACCOUNTING
463	select CONTEXT_TRACKING
464	help
465	  Select this option to enable task and CPU time accounting on full
466	  dynticks systems. This accounting is implemented by watching every
467	  kernel-user boundaries using the context tracking subsystem.
468	  The accounting is thus performed at the expense of some significant
469	  overhead.
470
471	  For now this is only useful if you are working on the full
472	  dynticks subsystem development.
473
474	  If unsure, say N.
475
476endchoice
477
478config IRQ_TIME_ACCOUNTING
479	bool "Fine granularity task level IRQ time accounting"
480	depends on HAVE_IRQ_TIME_ACCOUNTING && !VIRT_CPU_ACCOUNTING_NATIVE
481	help
482	  Select this option to enable fine granularity task irq time
483	  accounting. This is done by reading a timestamp on each
484	  transitions between softirq and hardirq state, so there can be a
485	  small performance impact.
486
487	  If in doubt, say N here.
488
489config HAVE_SCHED_AVG_IRQ
490	def_bool y
491	depends on IRQ_TIME_ACCOUNTING || PARAVIRT_TIME_ACCOUNTING
492	depends on SMP
493
494config SCHED_THERMAL_PRESSURE
495	bool "Enable periodic averaging of thermal pressure"
496	depends on SMP
497
498config BSD_PROCESS_ACCT
499	bool "BSD Process Accounting"
500	depends on MULTIUSER
501	help
502	  If you say Y here, a user level program will be able to instruct the
503	  kernel (via a special system call) to write process accounting
504	  information to a file: whenever a process exits, information about
505	  that process will be appended to the file by the kernel.  The
506	  information includes things such as creation time, owning user,
507	  command name, memory usage, controlling terminal etc. (the complete
508	  list is in the struct acct in <file:include/linux/acct.h>).  It is
509	  up to the user level program to do useful things with this
510	  information.  This is generally a good idea, so say Y.
511
512config BSD_PROCESS_ACCT_V3
513	bool "BSD Process Accounting version 3 file format"
514	depends on BSD_PROCESS_ACCT
515	default n
516	help
517	  If you say Y here, the process accounting information is written
518	  in a new file format that also logs the process IDs of each
519	  process and its parent. Note that this file format is incompatible
520	  with previous v0/v1/v2 file formats, so you will need updated tools
521	  for processing it. A preliminary version of these tools is available
522	  at <http://www.gnu.org/software/acct/>.
523
524config TASKSTATS
525	bool "Export task/process statistics through netlink"
526	depends on NET
527	depends on MULTIUSER
528	default n
529	help
530	  Export selected statistics for tasks/processes through the
531	  generic netlink interface. Unlike BSD process accounting, the
532	  statistics are available during the lifetime of tasks/processes as
533	  responses to commands. Like BSD accounting, they are sent to user
534	  space on task exit.
535
536	  Say N if unsure.
537
538config TASK_DELAY_ACCT
539	bool "Enable per-task delay accounting"
540	depends on TASKSTATS
541	select SCHED_INFO
542	help
543	  Collect information on time spent by a task waiting for system
544	  resources like cpu, synchronous block I/O completion and swapping
545	  in pages. Such statistics can help in setting a task's priorities
546	  relative to other tasks for cpu, io, rss limits etc.
547
548	  Say N if unsure.
549
550config TASK_XACCT
551	bool "Enable extended accounting over taskstats"
552	depends on TASKSTATS
553	help
554	  Collect extended task accounting data and send the data
555	  to userland for processing over the taskstats interface.
556
557	  Say N if unsure.
558
559config TASK_IO_ACCOUNTING
560	bool "Enable per-task storage I/O accounting"
561	depends on TASK_XACCT
562	help
563	  Collect information on the number of bytes of storage I/O which this
564	  task has caused.
565
566	  Say N if unsure.
567
568config PSI
569	bool "Pressure stall information tracking"
570	help
571	  Collect metrics that indicate how overcommitted the CPU, memory,
572	  and IO capacity are in the system.
573
574	  If you say Y here, the kernel will create /proc/pressure/ with the
575	  pressure statistics files cpu, memory, and io. These will indicate
576	  the share of walltime in which some or all tasks in the system are
577	  delayed due to contention of the respective resource.
578
579	  In kernels with cgroup support, cgroups (cgroup2 only) will
580	  have cpu.pressure, memory.pressure, and io.pressure files,
581	  which aggregate pressure stalls for the grouped tasks only.
582
583	  For more details see Documentation/accounting/psi.rst.
584
585	  Say N if unsure.
586
587config PSI_DEFAULT_DISABLED
588	bool "Require boot parameter to enable pressure stall information tracking"
589	default n
590	depends on PSI
591	help
592	  If set, pressure stall information tracking will be disabled
593	  per default but can be enabled through passing psi=1 on the
594	  kernel commandline during boot.
595
596	  This feature adds some code to the task wakeup and sleep
597	  paths of the scheduler. The overhead is too low to affect
598	  common scheduling-intense workloads in practice (such as
599	  webservers, memcache), but it does show up in artificial
600	  scheduler stress tests, such as hackbench.
601
602	  If you are paranoid and not sure what the kernel will be
603	  used for, say Y.
604
605	  Say N if unsure.
606
607endmenu # "CPU/Task time and stats accounting"
608
609config CPU_ISOLATION
610	bool "CPU isolation"
611	depends on SMP || COMPILE_TEST
612	default y
613	help
614	  Make sure that CPUs running critical tasks are not disturbed by
615	  any source of "noise" such as unbound workqueues, timers, kthreads...
616	  Unbound jobs get offloaded to housekeeping CPUs. This is driven by
617	  the "isolcpus=" boot parameter.
618
619	  Say Y if unsure.
620
621source "kernel/rcu/Kconfig"
622
623config BUILD_BIN2C
624	bool
625	default n
626
627config IKCONFIG
628	tristate "Kernel .config support"
629	help
630	  This option enables the complete Linux kernel ".config" file
631	  contents to be saved in the kernel. It provides documentation
632	  of which kernel options are used in a running kernel or in an
633	  on-disk kernel.  This information can be extracted from the kernel
634	  image file with the script scripts/extract-ikconfig and used as
635	  input to rebuild the current kernel or to build another kernel.
636	  It can also be extracted from a running kernel by reading
637	  /proc/config.gz if enabled (below).
638
639config IKCONFIG_PROC
640	bool "Enable access to .config through /proc/config.gz"
641	depends on IKCONFIG && PROC_FS
642	help
643	  This option enables access to the kernel configuration file
644	  through /proc/config.gz.
645
646config IKHEADERS
647	tristate "Enable kernel headers through /sys/kernel/kheaders.tar.xz"
648	depends on SYSFS
649	help
650	  This option enables access to the in-kernel headers that are generated during
651	  the build process. These can be used to build eBPF tracing programs,
652	  or similar programs.  If you build the headers as a module, a module called
653	  kheaders.ko is built which can be loaded on-demand to get access to headers.
654
655config LOG_BUF_SHIFT
656	int "Kernel log buffer size (16 => 64KB, 17 => 128KB)"
657	range 12 25
658	default 17
659	depends on PRINTK
660	help
661	  Select the minimal kernel log buffer size as a power of 2.
662	  The final size is affected by LOG_CPU_MAX_BUF_SHIFT config
663	  parameter, see below. Any higher size also might be forced
664	  by "log_buf_len" boot parameter.
665
666	  Examples:
667		     17 => 128 KB
668		     16 => 64 KB
669		     15 => 32 KB
670		     14 => 16 KB
671		     13 =>  8 KB
672		     12 =>  4 KB
673
674config LOG_CPU_MAX_BUF_SHIFT
675	int "CPU kernel log buffer size contribution (13 => 8 KB, 17 => 128KB)"
676	depends on SMP
677	range 0 21
678	default 12 if !BASE_SMALL
679	default 0 if BASE_SMALL
680	depends on PRINTK
681	help
682	  This option allows to increase the default ring buffer size
683	  according to the number of CPUs. The value defines the contribution
684	  of each CPU as a power of 2. The used space is typically only few
685	  lines however it might be much more when problems are reported,
686	  e.g. backtraces.
687
688	  The increased size means that a new buffer has to be allocated and
689	  the original static one is unused. It makes sense only on systems
690	  with more CPUs. Therefore this value is used only when the sum of
691	  contributions is greater than the half of the default kernel ring
692	  buffer as defined by LOG_BUF_SHIFT. The default values are set
693	  so that more than 64 CPUs are needed to trigger the allocation.
694
695	  Also this option is ignored when "log_buf_len" kernel parameter is
696	  used as it forces an exact (power of two) size of the ring buffer.
697
698	  The number of possible CPUs is used for this computation ignoring
699	  hotplugging making the computation optimal for the worst case
700	  scenario while allowing a simple algorithm to be used from bootup.
701
702	  Examples shift values and their meaning:
703		     17 => 128 KB for each CPU
704		     16 =>  64 KB for each CPU
705		     15 =>  32 KB for each CPU
706		     14 =>  16 KB for each CPU
707		     13 =>   8 KB for each CPU
708		     12 =>   4 KB for each CPU
709
710config PRINTK_SAFE_LOG_BUF_SHIFT
711	int "Temporary per-CPU printk log buffer size (12 => 4KB, 13 => 8KB)"
712	range 10 21
713	default 13
714	depends on PRINTK
715	help
716	  Select the size of an alternate printk per-CPU buffer where messages
717	  printed from usafe contexts are temporary stored. One example would
718	  be NMI messages, another one - printk recursion. The messages are
719	  copied to the main log buffer in a safe context to avoid a deadlock.
720	  The value defines the size as a power of 2.
721
722	  Those messages are rare and limited. The largest one is when
723	  a backtrace is printed. It usually fits into 4KB. Select
724	  8KB if you want to be on the safe side.
725
726	  Examples:
727		     17 => 128 KB for each CPU
728		     16 =>  64 KB for each CPU
729		     15 =>  32 KB for each CPU
730		     14 =>  16 KB for each CPU
731		     13 =>   8 KB for each CPU
732		     12 =>   4 KB for each CPU
733
734#
735# Architectures with an unreliable sched_clock() should select this:
736#
737config HAVE_UNSTABLE_SCHED_CLOCK
738	bool
739
740config GENERIC_SCHED_CLOCK
741	bool
742
743menu "Scheduler features"
744
745config UCLAMP_TASK
746	bool "Enable utilization clamping for RT/FAIR tasks"
747	depends on CPU_FREQ_GOV_SCHEDUTIL
748	help
749	  This feature enables the scheduler to track the clamped utilization
750	  of each CPU based on RUNNABLE tasks scheduled on that CPU.
751
752	  With this option, the user can specify the min and max CPU
753	  utilization allowed for RUNNABLE tasks. The max utilization defines
754	  the maximum frequency a task should use while the min utilization
755	  defines the minimum frequency it should use.
756
757	  Both min and max utilization clamp values are hints to the scheduler,
758	  aiming at improving its frequency selection policy, but they do not
759	  enforce or grant any specific bandwidth for tasks.
760
761	  If in doubt, say N.
762
763config UCLAMP_BUCKETS_COUNT
764	int "Number of supported utilization clamp buckets"
765	range 5 20
766	default 5
767	depends on UCLAMP_TASK
768	help
769	  Defines the number of clamp buckets to use. The range of each bucket
770	  will be SCHED_CAPACITY_SCALE/UCLAMP_BUCKETS_COUNT. The higher the
771	  number of clamp buckets the finer their granularity and the higher
772	  the precision of clamping aggregation and tracking at run-time.
773
774	  For example, with the minimum configuration value we will have 5
775	  clamp buckets tracking 20% utilization each. A 25% boosted tasks will
776	  be refcounted in the [20..39]% bucket and will set the bucket clamp
777	  effective value to 25%.
778	  If a second 30% boosted task should be co-scheduled on the same CPU,
779	  that task will be refcounted in the same bucket of the first task and
780	  it will boost the bucket clamp effective value to 30%.
781	  The clamp effective value of a bucket is reset to its nominal value
782	  (20% in the example above) when there are no more tasks refcounted in
783	  that bucket.
784
785	  An additional boost/capping margin can be added to some tasks. In the
786	  example above the 25% task will be boosted to 30% until it exits the
787	  CPU. If that should be considered not acceptable on certain systems,
788	  it's always possible to reduce the margin by increasing the number of
789	  clamp buckets to trade off used memory for run-time tracking
790	  precision.
791
792	  If in doubt, use the default value.
793
794endmenu
795
796#
797# For architectures that want to enable the support for NUMA-affine scheduler
798# balancing logic:
799#
800config ARCH_SUPPORTS_NUMA_BALANCING
801	bool
802
803#
804# For architectures that prefer to flush all TLBs after a number of pages
805# are unmapped instead of sending one IPI per page to flush. The architecture
806# must provide guarantees on what happens if a clean TLB cache entry is
807# written after the unmap. Details are in mm/rmap.c near the check for
808# should_defer_flush. The architecture should also consider if the full flush
809# and the refill costs are offset by the savings of sending fewer IPIs.
810config ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
811	bool
812
813config CC_HAS_INT128
814	def_bool !$(cc-option,$(m64-flag) -D__SIZEOF_INT128__=0) && 64BIT
815
816#
817# For architectures that know their GCC __int128 support is sound
818#
819config ARCH_SUPPORTS_INT128
820	bool
821
822# For architectures that (ab)use NUMA to represent different memory regions
823# all cpu-local but of different latencies, such as SuperH.
824#
825config ARCH_WANT_NUMA_VARIABLE_LOCALITY
826	bool
827
828config NUMA_BALANCING
829	bool "Memory placement aware NUMA scheduler"
830	depends on ARCH_SUPPORTS_NUMA_BALANCING
831	depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY
832	depends on SMP && NUMA && MIGRATION
833	help
834	  This option adds support for automatic NUMA aware memory/task placement.
835	  The mechanism is quite primitive and is based on migrating memory when
836	  it has references to the node the task is running on.
837
838	  This system will be inactive on UMA systems.
839
840config NUMA_BALANCING_DEFAULT_ENABLED
841	bool "Automatically enable NUMA aware memory/task placement"
842	default y
843	depends on NUMA_BALANCING
844	help
845	  If set, automatic NUMA balancing will be enabled if running on a NUMA
846	  machine.
847
848menuconfig CGROUPS
849	bool "Control Group support"
850	select KERNFS
851	help
852	  This option adds support for grouping sets of processes together, for
853	  use with process control subsystems such as Cpusets, CFS, memory
854	  controls or device isolation.
855	  See
856		- Documentation/scheduler/sched-design-CFS.rst	(CFS)
857		- Documentation/admin-guide/cgroup-v1/ (features for grouping, isolation
858					  and resource control)
859
860	  Say N if unsure.
861
862if CGROUPS
863
864config PAGE_COUNTER
865	bool
866
867config MEMCG
868	bool "Memory controller"
869	select PAGE_COUNTER
870	select EVENTFD
871	help
872	  Provides control over the memory footprint of tasks in a cgroup.
873
874config MEMCG_SWAP
875	bool
876	depends on MEMCG && SWAP
877	default y
878
879config MEMCG_KMEM
880	bool
881	depends on MEMCG && !SLOB
882	default y
883
884config BLK_CGROUP
885	bool "IO controller"
886	depends on BLOCK
887	default n
888	help
889	Generic block IO controller cgroup interface. This is the common
890	cgroup interface which should be used by various IO controlling
891	policies.
892
893	Currently, CFQ IO scheduler uses it to recognize task groups and
894	control disk bandwidth allocation (proportional time slice allocation)
895	to such task groups. It is also used by bio throttling logic in
896	block layer to implement upper limit in IO rates on a device.
897
898	This option only enables generic Block IO controller infrastructure.
899	One needs to also enable actual IO controlling logic/policy. For
900	enabling proportional weight division of disk bandwidth in CFQ, set
901	CONFIG_BFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
902	CONFIG_BLK_DEV_THROTTLING=y.
903
904	See Documentation/admin-guide/cgroup-v1/blkio-controller.rst for more information.
905
906config CGROUP_WRITEBACK
907	bool
908	depends on MEMCG && BLK_CGROUP
909	default y
910
911menuconfig CGROUP_SCHED
912	bool "CPU controller"
913	default n
914	help
915	  This feature lets CPU scheduler recognize task groups and control CPU
916	  bandwidth allocation to such task groups. It uses cgroups to group
917	  tasks.
918
919if CGROUP_SCHED
920config FAIR_GROUP_SCHED
921	bool "Group scheduling for SCHED_OTHER"
922	depends on CGROUP_SCHED
923	default CGROUP_SCHED
924
925config CFS_BANDWIDTH
926	bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
927	depends on FAIR_GROUP_SCHED
928	default n
929	help
930	  This option allows users to define CPU bandwidth rates (limits) for
931	  tasks running within the fair group scheduler.  Groups with no limit
932	  set are considered to be unconstrained and will run with no
933	  restriction.
934	  See Documentation/scheduler/sched-bwc.rst for more information.
935
936config RT_GROUP_SCHED
937	bool "Group scheduling for SCHED_RR/FIFO"
938	depends on CGROUP_SCHED
939	default n
940	help
941	  This feature lets you explicitly allocate real CPU bandwidth
942	  to task groups. If enabled, it will also make it impossible to
943	  schedule realtime tasks for non-root users until you allocate
944	  realtime bandwidth for them.
945	  See Documentation/scheduler/sched-rt-group.rst for more information.
946
947endif #CGROUP_SCHED
948
949config UCLAMP_TASK_GROUP
950	bool "Utilization clamping per group of tasks"
951	depends on CGROUP_SCHED
952	depends on UCLAMP_TASK
953	default n
954	help
955	  This feature enables the scheduler to track the clamped utilization
956	  of each CPU based on RUNNABLE tasks currently scheduled on that CPU.
957
958	  When this option is enabled, the user can specify a min and max
959	  CPU bandwidth which is allowed for each single task in a group.
960	  The max bandwidth allows to clamp the maximum frequency a task
961	  can use, while the min bandwidth allows to define a minimum
962	  frequency a task will always use.
963
964	  When task group based utilization clamping is enabled, an eventually
965	  specified task-specific clamp value is constrained by the cgroup
966	  specified clamp value. Both minimum and maximum task clamping cannot
967	  be bigger than the corresponding clamping defined at task group level.
968
969	  If in doubt, say N.
970
971config CGROUP_PIDS
972	bool "PIDs controller"
973	help
974	  Provides enforcement of process number limits in the scope of a
975	  cgroup. Any attempt to fork more processes than is allowed in the
976	  cgroup will fail. PIDs are fundamentally a global resource because it
977	  is fairly trivial to reach PID exhaustion before you reach even a
978	  conservative kmemcg limit. As a result, it is possible to grind a
979	  system to halt without being limited by other cgroup policies. The
980	  PIDs controller is designed to stop this from happening.
981
982	  It should be noted that organisational operations (such as attaching
983	  to a cgroup hierarchy) will *not* be blocked by the PIDs controller,
984	  since the PIDs limit only affects a process's ability to fork, not to
985	  attach to a cgroup.
986
987config CGROUP_RDMA
988	bool "RDMA controller"
989	help
990	  Provides enforcement of RDMA resources defined by IB stack.
991	  It is fairly easy for consumers to exhaust RDMA resources, which
992	  can result into resource unavailability to other consumers.
993	  RDMA controller is designed to stop this from happening.
994	  Attaching processes with active RDMA resources to the cgroup
995	  hierarchy is allowed even if can cross the hierarchy's limit.
996
997config CGROUP_FREEZER
998	bool "Freezer controller"
999	help
1000	  Provides a way to freeze and unfreeze all tasks in a
1001	  cgroup.
1002
1003	  This option affects the ORIGINAL cgroup interface. The cgroup2 memory
1004	  controller includes important in-kernel memory consumers per default.
1005
1006	  If you're using cgroup2, say N.
1007
1008config CGROUP_HUGETLB
1009	bool "HugeTLB controller"
1010	depends on HUGETLB_PAGE
1011	select PAGE_COUNTER
1012	default n
1013	help
1014	  Provides a cgroup controller for HugeTLB pages.
1015	  When you enable this, you can put a per cgroup limit on HugeTLB usage.
1016	  The limit is enforced during page fault. Since HugeTLB doesn't
1017	  support page reclaim, enforcing the limit at page fault time implies
1018	  that, the application will get SIGBUS signal if it tries to access
1019	  HugeTLB pages beyond its limit. This requires the application to know
1020	  beforehand how much HugeTLB pages it would require for its use. The
1021	  control group is tracked in the third page lru pointer. This means
1022	  that we cannot use the controller with huge page less than 3 pages.
1023
1024config CPUSETS
1025	bool "Cpuset controller"
1026	depends on SMP
1027	help
1028	  This option will let you create and manage CPUSETs which
1029	  allow dynamically partitioning a system into sets of CPUs and
1030	  Memory Nodes and assigning tasks to run only within those sets.
1031	  This is primarily useful on large SMP or NUMA systems.
1032
1033	  Say N if unsure.
1034
1035config PROC_PID_CPUSET
1036	bool "Include legacy /proc/<pid>/cpuset file"
1037	depends on CPUSETS
1038	default y
1039
1040config CGROUP_DEVICE
1041	bool "Device controller"
1042	help
1043	  Provides a cgroup controller implementing whitelists for
1044	  devices which a process in the cgroup can mknod or open.
1045
1046config CGROUP_CPUACCT
1047	bool "Simple CPU accounting controller"
1048	help
1049	  Provides a simple controller for monitoring the
1050	  total CPU consumed by the tasks in a cgroup.
1051
1052config CGROUP_PERF
1053	bool "Perf controller"
1054	depends on PERF_EVENTS
1055	help
1056	  This option extends the perf per-cpu mode to restrict monitoring
1057	  to threads which belong to the cgroup specified and run on the
1058	  designated cpu.  Or this can be used to have cgroup ID in samples
1059	  so that it can monitor performance events among cgroups.
1060
1061	  Say N if unsure.
1062
1063config CGROUP_BPF
1064	bool "Support for eBPF programs attached to cgroups"
1065	depends on BPF_SYSCALL
1066	select SOCK_CGROUP_DATA
1067	help
1068	  Allow attaching eBPF programs to a cgroup using the bpf(2)
1069	  syscall command BPF_PROG_ATTACH.
1070
1071	  In which context these programs are accessed depends on the type
1072	  of attachment. For instance, programs that are attached using
1073	  BPF_CGROUP_INET_INGRESS will be executed on the ingress path of
1074	  inet sockets.
1075
1076config CGROUP_DEBUG
1077	bool "Debug controller"
1078	default n
1079	depends on DEBUG_KERNEL
1080	help
1081	  This option enables a simple controller that exports
1082	  debugging information about the cgroups framework. This
1083	  controller is for control cgroup debugging only. Its
1084	  interfaces are not stable.
1085
1086	  Say N.
1087
1088config SOCK_CGROUP_DATA
1089	bool
1090	default n
1091
1092endif # CGROUPS
1093
1094menuconfig NAMESPACES
1095	bool "Namespaces support" if EXPERT
1096	depends on MULTIUSER
1097	default !EXPERT
1098	help
1099	  Provides the way to make tasks work with different objects using
1100	  the same id. For example same IPC id may refer to different objects
1101	  or same user id or pid may refer to different tasks when used in
1102	  different namespaces.
1103
1104if NAMESPACES
1105
1106config UTS_NS
1107	bool "UTS namespace"
1108	default y
1109	help
1110	  In this namespace tasks see different info provided with the
1111	  uname() system call
1112
1113config TIME_NS
1114	bool "TIME namespace"
1115	depends on GENERIC_VDSO_TIME_NS
1116	default y
1117	help
1118	  In this namespace boottime and monotonic clocks can be set.
1119	  The time will keep going with the same pace.
1120
1121config IPC_NS
1122	bool "IPC namespace"
1123	depends on (SYSVIPC || POSIX_MQUEUE)
1124	default y
1125	help
1126	  In this namespace tasks work with IPC ids which correspond to
1127	  different IPC objects in different namespaces.
1128
1129config USER_NS
1130	bool "User namespace"
1131	default n
1132	help
1133	  This allows containers, i.e. vservers, to use user namespaces
1134	  to provide different user info for different servers.
1135
1136	  When user namespaces are enabled in the kernel it is
1137	  recommended that the MEMCG option also be enabled and that
1138	  user-space use the memory control groups to limit the amount
1139	  of memory a memory unprivileged users can use.
1140
1141	  If unsure, say N.
1142
1143config PID_NS
1144	bool "PID Namespaces"
1145	default y
1146	help
1147	  Support process id namespaces.  This allows having multiple
1148	  processes with the same pid as long as they are in different
1149	  pid namespaces.  This is a building block of containers.
1150
1151config NET_NS
1152	bool "Network namespace"
1153	depends on NET
1154	default y
1155	help
1156	  Allow user space to create what appear to be multiple instances
1157	  of the network stack.
1158
1159endif # NAMESPACES
1160
1161config CHECKPOINT_RESTORE
1162	bool "Checkpoint/restore support"
1163	select PROC_CHILDREN
1164	default n
1165	help
1166	  Enables additional kernel features in a sake of checkpoint/restore.
1167	  In particular it adds auxiliary prctl codes to setup process text,
1168	  data and heap segment sizes, and a few additional /proc filesystem
1169	  entries.
1170
1171	  If unsure, say N here.
1172
1173config SCHED_AUTOGROUP
1174	bool "Automatic process group scheduling"
1175	select CGROUPS
1176	select CGROUP_SCHED
1177	select FAIR_GROUP_SCHED
1178	help
1179	  This option optimizes the scheduler for common desktop workloads by
1180	  automatically creating and populating task groups.  This separation
1181	  of workloads isolates aggressive CPU burners (like build jobs) from
1182	  desktop applications.  Task group autogeneration is currently based
1183	  upon task session.
1184
1185config SYSFS_DEPRECATED
1186	bool "Enable deprecated sysfs features to support old userspace tools"
1187	depends on SYSFS
1188	default n
1189	help
1190	  This option adds code that switches the layout of the "block" class
1191	  devices, to not show up in /sys/class/block/, but only in
1192	  /sys/block/.
1193
1194	  This switch is only active when the sysfs.deprecated=1 boot option is
1195	  passed or the SYSFS_DEPRECATED_V2 option is set.
1196
1197	  This option allows new kernels to run on old distributions and tools,
1198	  which might get confused by /sys/class/block/. Since 2007/2008 all
1199	  major distributions and tools handle this just fine.
1200
1201	  Recent distributions and userspace tools after 2009/2010 depend on
1202	  the existence of /sys/class/block/, and will not work with this
1203	  option enabled.
1204
1205	  Only if you are using a new kernel on an old distribution, you might
1206	  need to say Y here.
1207
1208config SYSFS_DEPRECATED_V2
1209	bool "Enable deprecated sysfs features by default"
1210	default n
1211	depends on SYSFS
1212	depends on SYSFS_DEPRECATED
1213	help
1214	  Enable deprecated sysfs by default.
1215
1216	  See the CONFIG_SYSFS_DEPRECATED option for more details about this
1217	  option.
1218
1219	  Only if you are using a new kernel on an old distribution, you might
1220	  need to say Y here. Even then, odds are you would not need it
1221	  enabled, you can always pass the boot option if absolutely necessary.
1222
1223config RELAY
1224	bool "Kernel->user space relay support (formerly relayfs)"
1225	select IRQ_WORK
1226	help
1227	  This option enables support for relay interface support in
1228	  certain file systems (such as debugfs).
1229	  It is designed to provide an efficient mechanism for tools and
1230	  facilities to relay large amounts of data from kernel space to
1231	  user space.
1232
1233	  If unsure, say N.
1234
1235config BLK_DEV_INITRD
1236	bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
1237	help
1238	  The initial RAM filesystem is a ramfs which is loaded by the
1239	  boot loader (loadlin or lilo) and that is mounted as root
1240	  before the normal boot procedure. It is typically used to
1241	  load modules needed to mount the "real" root file system,
1242	  etc. See <file:Documentation/admin-guide/initrd.rst> for details.
1243
1244	  If RAM disk support (BLK_DEV_RAM) is also included, this
1245	  also enables initial RAM disk (initrd) support and adds
1246	  15 Kbytes (more on some other architectures) to the kernel size.
1247
1248	  If unsure say Y.
1249
1250if BLK_DEV_INITRD
1251
1252source "usr/Kconfig"
1253
1254endif
1255
1256config BOOT_CONFIG
1257	bool "Boot config support"
1258	select BLK_DEV_INITRD
1259	help
1260	  Extra boot config allows system admin to pass a config file as
1261	  complemental extension of kernel cmdline when booting.
1262	  The boot config file must be attached at the end of initramfs
1263	  with checksum, size and magic word.
1264	  See <file:Documentation/admin-guide/bootconfig.rst> for details.
1265
1266	  If unsure, say Y.
1267
1268choice
1269	prompt "Compiler optimization level"
1270	default CC_OPTIMIZE_FOR_PERFORMANCE
1271
1272config CC_OPTIMIZE_FOR_PERFORMANCE
1273	bool "Optimize for performance (-O2)"
1274	help
1275	  This is the default optimization level for the kernel, building
1276	  with the "-O2" compiler flag for best performance and most
1277	  helpful compile-time warnings.
1278
1279config CC_OPTIMIZE_FOR_PERFORMANCE_O3
1280	bool "Optimize more for performance (-O3)"
1281	depends on ARC
1282	help
1283	  Choosing this option will pass "-O3" to your compiler to optimize
1284	  the kernel yet more for performance.
1285
1286config CC_OPTIMIZE_FOR_SIZE
1287	bool "Optimize for size (-Os)"
1288	help
1289	  Choosing this option will pass "-Os" to your compiler resulting
1290	  in a smaller kernel.
1291
1292endchoice
1293
1294config HAVE_LD_DEAD_CODE_DATA_ELIMINATION
1295	bool
1296	help
1297	  This requires that the arch annotates or otherwise protects
1298	  its external entry points from being discarded. Linker scripts
1299	  must also merge .text.*, .data.*, and .bss.* correctly into
1300	  output sections. Care must be taken not to pull in unrelated
1301	  sections (e.g., '.text.init'). Typically '.' in section names
1302	  is used to distinguish them from label names / C identifiers.
1303
1304config LD_DEAD_CODE_DATA_ELIMINATION
1305	bool "Dead code and data elimination (EXPERIMENTAL)"
1306	depends on HAVE_LD_DEAD_CODE_DATA_ELIMINATION
1307	depends on EXPERT
1308	depends on $(cc-option,-ffunction-sections -fdata-sections)
1309	depends on $(ld-option,--gc-sections)
1310	help
1311	  Enable this if you want to do dead code and data elimination with
1312	  the linker by compiling with -ffunction-sections -fdata-sections,
1313	  and linking with --gc-sections.
1314
1315	  This can reduce on disk and in-memory size of the kernel
1316	  code and static data, particularly for small configs and
1317	  on small systems. This has the possibility of introducing
1318	  silently broken kernel if the required annotations are not
1319	  present. This option is not well tested yet, so use at your
1320	  own risk.
1321
1322config SYSCTL
1323	bool
1324
1325config HAVE_UID16
1326	bool
1327
1328config SYSCTL_EXCEPTION_TRACE
1329	bool
1330	help
1331	  Enable support for /proc/sys/debug/exception-trace.
1332
1333config SYSCTL_ARCH_UNALIGN_NO_WARN
1334	bool
1335	help
1336	  Enable support for /proc/sys/kernel/ignore-unaligned-usertrap
1337	  Allows arch to define/use @no_unaligned_warning to possibly warn
1338	  about unaligned access emulation going on under the hood.
1339
1340config SYSCTL_ARCH_UNALIGN_ALLOW
1341	bool
1342	help
1343	  Enable support for /proc/sys/kernel/unaligned-trap
1344	  Allows arches to define/use @unaligned_enabled to runtime toggle
1345	  the unaligned access emulation.
1346	  see arch/parisc/kernel/unaligned.c for reference
1347
1348config HAVE_PCSPKR_PLATFORM
1349	bool
1350
1351# interpreter that classic socket filters depend on
1352config BPF
1353	bool
1354
1355menuconfig EXPERT
1356	bool "Configure standard kernel features (expert users)"
1357	# Unhide debug options, to make the on-by-default options visible
1358	select DEBUG_KERNEL
1359	help
1360	  This option allows certain base kernel options and settings
1361	  to be disabled or tweaked. This is for specialized
1362	  environments which can tolerate a "non-standard" kernel.
1363	  Only use this if you really know what you are doing.
1364
1365config UID16
1366	bool "Enable 16-bit UID system calls" if EXPERT
1367	depends on HAVE_UID16 && MULTIUSER
1368	default y
1369	help
1370	  This enables the legacy 16-bit UID syscall wrappers.
1371
1372config MULTIUSER
1373	bool "Multiple users, groups and capabilities support" if EXPERT
1374	default y
1375	help
1376	  This option enables support for non-root users, groups and
1377	  capabilities.
1378
1379	  If you say N here, all processes will run with UID 0, GID 0, and all
1380	  possible capabilities.  Saying N here also compiles out support for
1381	  system calls related to UIDs, GIDs, and capabilities, such as setuid,
1382	  setgid, and capset.
1383
1384	  If unsure, say Y here.
1385
1386config SGETMASK_SYSCALL
1387	bool "sgetmask/ssetmask syscalls support" if EXPERT
1388	def_bool PARISC || M68K || PPC || MIPS || X86 || SPARC || MICROBLAZE || SUPERH
1389	help
1390	  sys_sgetmask and sys_ssetmask are obsolete system calls
1391	  no longer supported in libc but still enabled by default in some
1392	  architectures.
1393
1394	  If unsure, leave the default option here.
1395
1396config SYSFS_SYSCALL
1397	bool "Sysfs syscall support" if EXPERT
1398	default y
1399	help
1400	  sys_sysfs is an obsolete system call no longer supported in libc.
1401	  Note that disabling this option is more secure but might break
1402	  compatibility with some systems.
1403
1404	  If unsure say Y here.
1405
1406config FHANDLE
1407	bool "open by fhandle syscalls" if EXPERT
1408	select EXPORTFS
1409	default y
1410	help
1411	  If you say Y here, a user level program will be able to map
1412	  file names to handle and then later use the handle for
1413	  different file system operations. This is useful in implementing
1414	  userspace file servers, which now track files using handles instead
1415	  of names. The handle would remain the same even if file names
1416	  get renamed. Enables open_by_handle_at(2) and name_to_handle_at(2)
1417	  syscalls.
1418
1419config POSIX_TIMERS
1420	bool "Posix Clocks & timers" if EXPERT
1421	default y
1422	help
1423	  This includes native support for POSIX timers to the kernel.
1424	  Some embedded systems have no use for them and therefore they
1425	  can be configured out to reduce the size of the kernel image.
1426
1427	  When this option is disabled, the following syscalls won't be
1428	  available: timer_create, timer_gettime: timer_getoverrun,
1429	  timer_settime, timer_delete, clock_adjtime, getitimer,
1430	  setitimer, alarm. Furthermore, the clock_settime, clock_gettime,
1431	  clock_getres and clock_nanosleep syscalls will be limited to
1432	  CLOCK_REALTIME, CLOCK_MONOTONIC and CLOCK_BOOTTIME only.
1433
1434	  If unsure say y.
1435
1436config PRINTK
1437	default y
1438	bool "Enable support for printk" if EXPERT
1439	select IRQ_WORK
1440	help
1441	  This option enables normal printk support. Removing it
1442	  eliminates most of the message strings from the kernel image
1443	  and makes the kernel more or less silent. As this makes it
1444	  very difficult to diagnose system problems, saying N here is
1445	  strongly discouraged.
1446
1447config PRINTK_NMI
1448	def_bool y
1449	depends on PRINTK
1450	depends on HAVE_NMI
1451
1452config BUG
1453	bool "BUG() support" if EXPERT
1454	default y
1455	help
1456	  Disabling this option eliminates support for BUG and WARN, reducing
1457	  the size of your kernel image and potentially quietly ignoring
1458	  numerous fatal conditions. You should only consider disabling this
1459	  option for embedded systems with no facilities for reporting errors.
1460	  Just say Y.
1461
1462config ELF_CORE
1463	depends on COREDUMP
1464	default y
1465	bool "Enable ELF core dumps" if EXPERT
1466	help
1467	  Enable support for generating core dumps. Disabling saves about 4k.
1468
1469
1470config PCSPKR_PLATFORM
1471	bool "Enable PC-Speaker support" if EXPERT
1472	depends on HAVE_PCSPKR_PLATFORM
1473	select I8253_LOCK
1474	default y
1475	help
1476	  This option allows to disable the internal PC-Speaker
1477	  support, saving some memory.
1478
1479config BASE_FULL
1480	default y
1481	bool "Enable full-sized data structures for core" if EXPERT
1482	help
1483	  Disabling this option reduces the size of miscellaneous core
1484	  kernel data structures. This saves memory on small machines,
1485	  but may reduce performance.
1486
1487config FUTEX
1488	bool "Enable futex support" if EXPERT
1489	default y
1490	imply RT_MUTEXES
1491	help
1492	  Disabling this option will cause the kernel to be built without
1493	  support for "fast userspace mutexes".  The resulting kernel may not
1494	  run glibc-based applications correctly.
1495
1496config FUTEX_PI
1497	bool
1498	depends on FUTEX && RT_MUTEXES
1499	default y
1500
1501config HAVE_FUTEX_CMPXCHG
1502	bool
1503	depends on FUTEX
1504	help
1505	  Architectures should select this if futex_atomic_cmpxchg_inatomic()
1506	  is implemented and always working. This removes a couple of runtime
1507	  checks.
1508
1509config EPOLL
1510	bool "Enable eventpoll support" if EXPERT
1511	default y
1512	help
1513	  Disabling this option will cause the kernel to be built without
1514	  support for epoll family of system calls.
1515
1516config SIGNALFD
1517	bool "Enable signalfd() system call" if EXPERT
1518	default y
1519	help
1520	  Enable the signalfd() system call that allows to receive signals
1521	  on a file descriptor.
1522
1523	  If unsure, say Y.
1524
1525config TIMERFD
1526	bool "Enable timerfd() system call" if EXPERT
1527	default y
1528	help
1529	  Enable the timerfd() system call that allows to receive timer
1530	  events on a file descriptor.
1531
1532	  If unsure, say Y.
1533
1534config EVENTFD
1535	bool "Enable eventfd() system call" if EXPERT
1536	default y
1537	help
1538	  Enable the eventfd() system call that allows to receive both
1539	  kernel notification (ie. KAIO) or userspace notifications.
1540
1541	  If unsure, say Y.
1542
1543config SHMEM
1544	bool "Use full shmem filesystem" if EXPERT
1545	default y
1546	depends on MMU
1547	help
1548	  The shmem is an internal filesystem used to manage shared memory.
1549	  It is backed by swap and manages resource limits. It is also exported
1550	  to userspace as tmpfs if TMPFS is enabled. Disabling this
1551	  option replaces shmem and tmpfs with the much simpler ramfs code,
1552	  which may be appropriate on small systems without swap.
1553
1554config AIO
1555	bool "Enable AIO support" if EXPERT
1556	default y
1557	help
1558	  This option enables POSIX asynchronous I/O which may by used
1559	  by some high performance threaded applications. Disabling
1560	  this option saves about 7k.
1561
1562config IO_URING
1563	bool "Enable IO uring support" if EXPERT
1564	select IO_WQ
1565	default y
1566	help
1567	  This option enables support for the io_uring interface, enabling
1568	  applications to submit and complete IO through submission and
1569	  completion rings that are shared between the kernel and application.
1570
1571config ADVISE_SYSCALLS
1572	bool "Enable madvise/fadvise syscalls" if EXPERT
1573	default y
1574	help
1575	  This option enables the madvise and fadvise syscalls, used by
1576	  applications to advise the kernel about their future memory or file
1577	  usage, improving performance. If building an embedded system where no
1578	  applications use these syscalls, you can disable this option to save
1579	  space.
1580
1581config HAVE_ARCH_USERFAULTFD_WP
1582	bool
1583	help
1584	  Arch has userfaultfd write protection support
1585
1586config MEMBARRIER
1587	bool "Enable membarrier() system call" if EXPERT
1588	default y
1589	help
1590	  Enable the membarrier() system call that allows issuing memory
1591	  barriers across all running threads, which can be used to distribute
1592	  the cost of user-space memory barriers asymmetrically by transforming
1593	  pairs of memory barriers into pairs consisting of membarrier() and a
1594	  compiler barrier.
1595
1596	  If unsure, say Y.
1597
1598config KALLSYMS
1599	bool "Load all symbols for debugging/ksymoops" if EXPERT
1600	default y
1601	help
1602	  Say Y here to let the kernel print out symbolic crash information and
1603	  symbolic stack backtraces. This increases the size of the kernel
1604	  somewhat, as all symbols have to be loaded into the kernel image.
1605
1606config KALLSYMS_ALL
1607	bool "Include all symbols in kallsyms"
1608	depends on DEBUG_KERNEL && KALLSYMS
1609	help
1610	  Normally kallsyms only contains the symbols of functions for nicer
1611	  OOPS messages and backtraces (i.e., symbols from the text and inittext
1612	  sections). This is sufficient for most cases. And only in very rare
1613	  cases (e.g., when a debugger is used) all symbols are required (e.g.,
1614	  names of variables from the data sections, etc).
1615
1616	  This option makes sure that all symbols are loaded into the kernel
1617	  image (i.e., symbols from all sections) in cost of increased kernel
1618	  size (depending on the kernel configuration, it may be 300KiB or
1619	  something like this).
1620
1621	  Say N unless you really need all symbols.
1622
1623config KALLSYMS_ABSOLUTE_PERCPU
1624	bool
1625	depends on KALLSYMS
1626	default X86_64 && SMP
1627
1628config KALLSYMS_BASE_RELATIVE
1629	bool
1630	depends on KALLSYMS
1631	default !IA64
1632	help
1633	  Instead of emitting them as absolute values in the native word size,
1634	  emit the symbol references in the kallsyms table as 32-bit entries,
1635	  each containing a relative value in the range [base, base + U32_MAX]
1636	  or, when KALLSYMS_ABSOLUTE_PERCPU is in effect, each containing either
1637	  an absolute value in the range [0, S32_MAX] or a relative value in the
1638	  range [base, base + S32_MAX], where base is the lowest relative symbol
1639	  address encountered in the image.
1640
1641	  On 64-bit builds, this reduces the size of the address table by 50%,
1642	  but more importantly, it results in entries whose values are build
1643	  time constants, and no relocation pass is required at runtime to fix
1644	  up the entries based on the runtime load address of the kernel.
1645
1646# end of the "standard kernel features (expert users)" menu
1647
1648# syscall, maps, verifier
1649
1650config BPF_LSM
1651	bool "LSM Instrumentation with BPF"
1652	depends on BPF_EVENTS
1653	depends on BPF_SYSCALL
1654	depends on SECURITY
1655	depends on BPF_JIT
1656	help
1657	  Enables instrumentation of the security hooks with eBPF programs for
1658	  implementing dynamic MAC and Audit Policies.
1659
1660	  If you are unsure how to answer this question, answer N.
1661
1662config BPF_SYSCALL
1663	bool "Enable bpf() system call"
1664	select BPF
1665	select IRQ_WORK
1666	default n
1667	help
1668	  Enable the bpf() system call that allows to manipulate eBPF
1669	  programs and maps via file descriptors.
1670
1671config ARCH_WANT_DEFAULT_BPF_JIT
1672	bool
1673
1674config BPF_JIT_ALWAYS_ON
1675	bool "Permanently enable BPF JIT and remove BPF interpreter"
1676	depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT
1677	help
1678	  Enables BPF JIT and removes BPF interpreter to avoid
1679	  speculative execution of BPF instructions by the interpreter
1680
1681config BPF_JIT_DEFAULT_ON
1682	def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON
1683	depends on HAVE_EBPF_JIT && BPF_JIT
1684
1685config USERFAULTFD
1686	bool "Enable userfaultfd() system call"
1687	depends on MMU
1688	help
1689	  Enable the userfaultfd() system call that allows to intercept and
1690	  handle page faults in userland.
1691
1692config ARCH_HAS_MEMBARRIER_CALLBACKS
1693	bool
1694
1695config ARCH_HAS_MEMBARRIER_SYNC_CORE
1696	bool
1697
1698config RSEQ
1699	bool "Enable rseq() system call" if EXPERT
1700	default y
1701	depends on HAVE_RSEQ
1702	select MEMBARRIER
1703	help
1704	  Enable the restartable sequences system call. It provides a
1705	  user-space cache for the current CPU number value, which
1706	  speeds up getting the current CPU number from user-space,
1707	  as well as an ABI to speed up user-space operations on
1708	  per-CPU data.
1709
1710	  If unsure, say Y.
1711
1712config DEBUG_RSEQ
1713	default n
1714	bool "Enabled debugging of rseq() system call" if EXPERT
1715	depends on RSEQ && DEBUG_KERNEL
1716	help
1717	  Enable extra debugging checks for the rseq system call.
1718
1719	  If unsure, say N.
1720
1721config EMBEDDED
1722	bool "Embedded system"
1723	option allnoconfig_y
1724	select EXPERT
1725	help
1726	  This option should be enabled if compiling the kernel for
1727	  an embedded system so certain expert options are available
1728	  for configuration.
1729
1730config HAVE_PERF_EVENTS
1731	bool
1732	help
1733	  See tools/perf/design.txt for details.
1734
1735config PERF_USE_VMALLOC
1736	bool
1737	help
1738	  See tools/perf/design.txt for details
1739
1740config PC104
1741	bool "PC/104 support" if EXPERT
1742	help
1743	  Expose PC/104 form factor device drivers and options available for
1744	  selection and configuration. Enable this option if your target
1745	  machine has a PC/104 bus.
1746
1747menu "Kernel Performance Events And Counters"
1748
1749config PERF_EVENTS
1750	bool "Kernel performance events and counters"
1751	default y if PROFILING
1752	depends on HAVE_PERF_EVENTS
1753	select IRQ_WORK
1754	select SRCU
1755	help
1756	  Enable kernel support for various performance events provided
1757	  by software and hardware.
1758
1759	  Software events are supported either built-in or via the
1760	  use of generic tracepoints.
1761
1762	  Most modern CPUs support performance events via performance
1763	  counter registers. These registers count the number of certain
1764	  types of hw events: such as instructions executed, cachemisses
1765	  suffered, or branches mis-predicted - without slowing down the
1766	  kernel or applications. These registers can also trigger interrupts
1767	  when a threshold number of events have passed - and can thus be
1768	  used to profile the code that runs on that CPU.
1769
1770	  The Linux Performance Event subsystem provides an abstraction of
1771	  these software and hardware event capabilities, available via a
1772	  system call and used by the "perf" utility in tools/perf/. It
1773	  provides per task and per CPU counters, and it provides event
1774	  capabilities on top of those.
1775
1776	  Say Y if unsure.
1777
1778config DEBUG_PERF_USE_VMALLOC
1779	default n
1780	bool "Debug: use vmalloc to back perf mmap() buffers"
1781	depends on PERF_EVENTS && DEBUG_KERNEL && !PPC
1782	select PERF_USE_VMALLOC
1783	help
1784	  Use vmalloc memory to back perf mmap() buffers.
1785
1786	  Mostly useful for debugging the vmalloc code on platforms
1787	  that don't require it.
1788
1789	  Say N if unsure.
1790
1791endmenu
1792
1793config VM_EVENT_COUNTERS
1794	default y
1795	bool "Enable VM event counters for /proc/vmstat" if EXPERT
1796	help
1797	  VM event counters are needed for event counts to be shown.
1798	  This option allows the disabling of the VM event counters
1799	  on EXPERT systems.  /proc/vmstat will only show page counts
1800	  if VM event counters are disabled.
1801
1802config SLUB_DEBUG
1803	default y
1804	bool "Enable SLUB debugging support" if EXPERT
1805	depends on SLUB && SYSFS
1806	help
1807	  SLUB has extensive debug support features. Disabling these can
1808	  result in significant savings in code size. This also disables
1809	  SLUB sysfs support. /sys/slab will not exist and there will be
1810	  no support for cache validation etc.
1811
1812config SLUB_MEMCG_SYSFS_ON
1813	default n
1814	bool "Enable memcg SLUB sysfs support by default" if EXPERT
1815	depends on SLUB && SYSFS && MEMCG
1816	help
1817	  SLUB creates a directory under /sys/kernel/slab for each
1818	  allocation cache to host info and debug files. If memory
1819	  cgroup is enabled, each cache can have per memory cgroup
1820	  caches. SLUB can create the same sysfs directories for these
1821	  caches under /sys/kernel/slab/CACHE/cgroup but it can lead
1822	  to a very high number of debug files being created. This is
1823	  controlled by slub_memcg_sysfs boot parameter and this
1824	  config option determines the parameter's default value.
1825
1826config COMPAT_BRK
1827	bool "Disable heap randomization"
1828	default y
1829	help
1830	  Randomizing heap placement makes heap exploits harder, but it
1831	  also breaks ancient binaries (including anything libc5 based).
1832	  This option changes the bootup default to heap randomization
1833	  disabled, and can be overridden at runtime by setting
1834	  /proc/sys/kernel/randomize_va_space to 2.
1835
1836	  On non-ancient distros (post-2000 ones) N is usually a safe choice.
1837
1838choice
1839	prompt "Choose SLAB allocator"
1840	default SLUB
1841	help
1842	   This option allows to select a slab allocator.
1843
1844config SLAB
1845	bool "SLAB"
1846	select HAVE_HARDENED_USERCOPY_ALLOCATOR
1847	help
1848	  The regular slab allocator that is established and known to work
1849	  well in all environments. It organizes cache hot objects in
1850	  per cpu and per node queues.
1851
1852config SLUB
1853	bool "SLUB (Unqueued Allocator)"
1854	select HAVE_HARDENED_USERCOPY_ALLOCATOR
1855	help
1856	   SLUB is a slab allocator that minimizes cache line usage
1857	   instead of managing queues of cached objects (SLAB approach).
1858	   Per cpu caching is realized using slabs of objects instead
1859	   of queues of objects. SLUB can use memory efficiently
1860	   and has enhanced diagnostics. SLUB is the default choice for
1861	   a slab allocator.
1862
1863config SLOB
1864	depends on EXPERT
1865	bool "SLOB (Simple Allocator)"
1866	help
1867	   SLOB replaces the stock allocator with a drastically simpler
1868	   allocator. SLOB is generally more space efficient but
1869	   does not perform as well on large systems.
1870
1871endchoice
1872
1873config SLAB_MERGE_DEFAULT
1874	bool "Allow slab caches to be merged"
1875	default y
1876	help
1877	  For reduced kernel memory fragmentation, slab caches can be
1878	  merged when they share the same size and other characteristics.
1879	  This carries a risk of kernel heap overflows being able to
1880	  overwrite objects from merged caches (and more easily control
1881	  cache layout), which makes such heap attacks easier to exploit
1882	  by attackers. By keeping caches unmerged, these kinds of exploits
1883	  can usually only damage objects in the same cache. To disable
1884	  merging at runtime, "slab_nomerge" can be passed on the kernel
1885	  command line.
1886
1887config SLAB_FREELIST_RANDOM
1888	default n
1889	depends on SLAB || SLUB
1890	bool "SLAB freelist randomization"
1891	help
1892	  Randomizes the freelist order used on creating new pages. This
1893	  security feature reduces the predictability of the kernel slab
1894	  allocator against heap overflows.
1895
1896config SLAB_FREELIST_HARDENED
1897	bool "Harden slab freelist metadata"
1898	depends on SLUB
1899	help
1900	  Many kernel heap attacks try to target slab cache metadata and
1901	  other infrastructure. This options makes minor performance
1902	  sacrifices to harden the kernel slab allocator against common
1903	  freelist exploit methods.
1904
1905config SHUFFLE_PAGE_ALLOCATOR
1906	bool "Page allocator randomization"
1907	default SLAB_FREELIST_RANDOM && ACPI_NUMA
1908	help
1909	  Randomization of the page allocator improves the average
1910	  utilization of a direct-mapped memory-side-cache. See section
1911	  5.2.27 Heterogeneous Memory Attribute Table (HMAT) in the ACPI
1912	  6.2a specification for an example of how a platform advertises
1913	  the presence of a memory-side-cache. There are also incidental
1914	  security benefits as it reduces the predictability of page
1915	  allocations to compliment SLAB_FREELIST_RANDOM, but the
1916	  default granularity of shuffling on the "MAX_ORDER - 1" i.e,
1917	  10th order of pages is selected based on cache utilization
1918	  benefits on x86.
1919
1920	  While the randomization improves cache utilization it may
1921	  negatively impact workloads on platforms without a cache. For
1922	  this reason, by default, the randomization is enabled only
1923	  after runtime detection of a direct-mapped memory-side-cache.
1924	  Otherwise, the randomization may be force enabled with the
1925	  'page_alloc.shuffle' kernel command line parameter.
1926
1927	  Say Y if unsure.
1928
1929config SLUB_CPU_PARTIAL
1930	default y
1931	depends on SLUB && SMP
1932	bool "SLUB per cpu partial cache"
1933	help
1934	  Per cpu partial caches accelerate objects allocation and freeing
1935	  that is local to a processor at the price of more indeterminism
1936	  in the latency of the free. On overflow these caches will be cleared
1937	  which requires the taking of locks that may cause latency spikes.
1938	  Typically one would choose no for a realtime system.
1939
1940config MMAP_ALLOW_UNINITIALIZED
1941	bool "Allow mmapped anonymous memory to be uninitialized"
1942	depends on EXPERT && !MMU
1943	default n
1944	help
1945	  Normally, and according to the Linux spec, anonymous memory obtained
1946	  from mmap() has its contents cleared before it is passed to
1947	  userspace.  Enabling this config option allows you to request that
1948	  mmap() skip that if it is given an MAP_UNINITIALIZED flag, thus
1949	  providing a huge performance boost.  If this option is not enabled,
1950	  then the flag will be ignored.
1951
1952	  This is taken advantage of by uClibc's malloc(), and also by
1953	  ELF-FDPIC binfmt's brk and stack allocator.
1954
1955	  Because of the obvious security issues, this option should only be
1956	  enabled on embedded devices where you control what is run in
1957	  userspace.  Since that isn't generally a problem on no-MMU systems,
1958	  it is normally safe to say Y here.
1959
1960	  See Documentation/nommu-mmap.txt for more information.
1961
1962config SYSTEM_DATA_VERIFICATION
1963	def_bool n
1964	select SYSTEM_TRUSTED_KEYRING
1965	select KEYS
1966	select CRYPTO
1967	select CRYPTO_RSA
1968	select ASYMMETRIC_KEY_TYPE
1969	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
1970	select ASN1
1971	select OID_REGISTRY
1972	select X509_CERTIFICATE_PARSER
1973	select PKCS7_MESSAGE_PARSER
1974	help
1975	  Provide PKCS#7 message verification using the contents of the system
1976	  trusted keyring to provide public keys.  This then can be used for
1977	  module verification, kexec image verification and firmware blob
1978	  verification.
1979
1980config PROFILING
1981	bool "Profiling support"
1982	help
1983	  Say Y here to enable the extended profiling support mechanisms used
1984	  by profilers such as OProfile.
1985
1986#
1987# Place an empty function call at each tracepoint site. Can be
1988# dynamically changed for a probe function.
1989#
1990config TRACEPOINTS
1991	bool
1992
1993endmenu		# General setup
1994
1995source "arch/Kconfig"
1996
1997config RT_MUTEXES
1998	bool
1999
2000config BASE_SMALL
2001	int
2002	default 0 if BASE_FULL
2003	default 1 if !BASE_FULL
2004
2005config MODULE_SIG_FORMAT
2006	def_bool n
2007	select SYSTEM_DATA_VERIFICATION
2008
2009menuconfig MODULES
2010	bool "Enable loadable module support"
2011	option modules
2012	help
2013	  Kernel modules are small pieces of compiled code which can
2014	  be inserted in the running kernel, rather than being
2015	  permanently built into the kernel.  You use the "modprobe"
2016	  tool to add (and sometimes remove) them.  If you say Y here,
2017	  many parts of the kernel can be built as modules (by
2018	  answering M instead of Y where indicated): this is most
2019	  useful for infrequently used options which are not required
2020	  for booting.  For more information, see the man pages for
2021	  modprobe, lsmod, modinfo, insmod and rmmod.
2022
2023	  If you say Y here, you will need to run "make
2024	  modules_install" to put the modules under /lib/modules/
2025	  where modprobe can find them (you may need to be root to do
2026	  this).
2027
2028	  If unsure, say Y.
2029
2030if MODULES
2031
2032config MODULE_FORCE_LOAD
2033	bool "Forced module loading"
2034	default n
2035	help
2036	  Allow loading of modules without version information (ie. modprobe
2037	  --force).  Forced module loading sets the 'F' (forced) taint flag and
2038	  is usually a really bad idea.
2039
2040config MODULE_UNLOAD
2041	bool "Module unloading"
2042	help
2043	  Without this option you will not be able to unload any
2044	  modules (note that some modules may not be unloadable
2045	  anyway), which makes your kernel smaller, faster
2046	  and simpler.  If unsure, say Y.
2047
2048config MODULE_FORCE_UNLOAD
2049	bool "Forced module unloading"
2050	depends on MODULE_UNLOAD
2051	help
2052	  This option allows you to force a module to unload, even if the
2053	  kernel believes it is unsafe: the kernel will remove the module
2054	  without waiting for anyone to stop using it (using the -f option to
2055	  rmmod).  This is mainly for kernel developers and desperate users.
2056	  If unsure, say N.
2057
2058config MODVERSIONS
2059	bool "Module versioning support"
2060	help
2061	  Usually, you have to use modules compiled with your kernel.
2062	  Saying Y here makes it sometimes possible to use modules
2063	  compiled for different kernels, by adding enough information
2064	  to the modules to (hopefully) spot any changes which would
2065	  make them incompatible with the kernel you are running.  If
2066	  unsure, say N.
2067
2068config ASM_MODVERSIONS
2069	bool
2070	default HAVE_ASM_MODVERSIONS && MODVERSIONS
2071	help
2072	  This enables module versioning for exported symbols also from
2073	  assembly. This can be enabled only when the target architecture
2074	  supports it.
2075
2076config MODULE_REL_CRCS
2077	bool
2078	depends on MODVERSIONS
2079
2080config MODULE_SRCVERSION_ALL
2081	bool "Source checksum for all modules"
2082	help
2083	  Modules which contain a MODULE_VERSION get an extra "srcversion"
2084	  field inserted into their modinfo section, which contains a
2085    	  sum of the source files which made it.  This helps maintainers
2086	  see exactly which source was used to build a module (since
2087	  others sometimes change the module source without updating
2088	  the version).  With this option, such a "srcversion" field
2089	  will be created for all modules.  If unsure, say N.
2090
2091config MODULE_SIG
2092	bool "Module signature verification"
2093	select MODULE_SIG_FORMAT
2094	help
2095	  Check modules for valid signatures upon load: the signature
2096	  is simply appended to the module. For more information see
2097	  <file:Documentation/admin-guide/module-signing.rst>.
2098
2099	  Note that this option adds the OpenSSL development packages as a
2100	  kernel build dependency so that the signing tool can use its crypto
2101	  library.
2102
2103	  You should enable this option if you wish to use either
2104	  CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
2105	  another LSM - otherwise unsigned modules will be loadable regardless
2106	  of the lockdown policy.
2107
2108	  !!!WARNING!!!  If you enable this option, you MUST make sure that the
2109	  module DOES NOT get stripped after being signed.  This includes the
2110	  debuginfo strip done by some packagers (such as rpmbuild) and
2111	  inclusion into an initramfs that wants the module size reduced.
2112
2113config MODULE_SIG_FORCE
2114	bool "Require modules to be validly signed"
2115	depends on MODULE_SIG
2116	help
2117	  Reject unsigned modules or signed modules for which we don't have a
2118	  key.  Without this, such modules will simply taint the kernel.
2119
2120config MODULE_SIG_ALL
2121	bool "Automatically sign all modules"
2122	default y
2123	depends on MODULE_SIG
2124	help
2125	  Sign all modules during make modules_install. Without this option,
2126	  modules must be signed manually, using the scripts/sign-file tool.
2127
2128comment "Do not forget to sign required modules with scripts/sign-file"
2129	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
2130
2131choice
2132	prompt "Which hash algorithm should modules be signed with?"
2133	depends on MODULE_SIG
2134	help
2135	  This determines which sort of hashing algorithm will be used during
2136	  signature generation.  This algorithm _must_ be built into the kernel
2137	  directly so that signature verification can take place.  It is not
2138	  possible to load a signed module containing the algorithm to check
2139	  the signature on that module.
2140
2141config MODULE_SIG_SHA1
2142	bool "Sign modules with SHA-1"
2143	select CRYPTO_SHA1
2144
2145config MODULE_SIG_SHA224
2146	bool "Sign modules with SHA-224"
2147	select CRYPTO_SHA256
2148
2149config MODULE_SIG_SHA256
2150	bool "Sign modules with SHA-256"
2151	select CRYPTO_SHA256
2152
2153config MODULE_SIG_SHA384
2154	bool "Sign modules with SHA-384"
2155	select CRYPTO_SHA512
2156
2157config MODULE_SIG_SHA512
2158	bool "Sign modules with SHA-512"
2159	select CRYPTO_SHA512
2160
2161endchoice
2162
2163config MODULE_SIG_HASH
2164	string
2165	depends on MODULE_SIG
2166	default "sha1" if MODULE_SIG_SHA1
2167	default "sha224" if MODULE_SIG_SHA224
2168	default "sha256" if MODULE_SIG_SHA256
2169	default "sha384" if MODULE_SIG_SHA384
2170	default "sha512" if MODULE_SIG_SHA512
2171
2172config MODULE_COMPRESS
2173	bool "Compress modules on installation"
2174	help
2175
2176	  Compresses kernel modules when 'make modules_install' is run; gzip or
2177	  xz depending on "Compression algorithm" below.
2178
2179	  module-init-tools MAY support gzip, and kmod MAY support gzip and xz.
2180
2181	  Out-of-tree kernel modules installed using Kbuild will also be
2182	  compressed upon installation.
2183
2184	  Note: for modules inside an initrd or initramfs, it's more efficient
2185	  to compress the whole initrd or initramfs instead.
2186
2187	  Note: This is fully compatible with signed modules.
2188
2189	  If in doubt, say N.
2190
2191choice
2192	prompt "Compression algorithm"
2193	depends on MODULE_COMPRESS
2194	default MODULE_COMPRESS_GZIP
2195	help
2196	  This determines which sort of compression will be used during
2197	  'make modules_install'.
2198
2199	  GZIP (default) and XZ are supported.
2200
2201config MODULE_COMPRESS_GZIP
2202	bool "GZIP"
2203
2204config MODULE_COMPRESS_XZ
2205	bool "XZ"
2206
2207endchoice
2208
2209config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
2210	bool "Allow loading of modules with missing namespace imports"
2211	help
2212	  Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
2213	  a namespace. A module that makes use of a symbol exported with such a
2214	  namespace is required to import the namespace via MODULE_IMPORT_NS().
2215	  There is no technical reason to enforce correct namespace imports,
2216	  but it creates consistency between symbols defining namespaces and
2217	  users importing namespaces they make use of. This option relaxes this
2218	  requirement and lifts the enforcement when loading a module.
2219
2220	  If unsure, say N.
2221
2222config UNUSED_SYMBOLS
2223	bool "Enable unused/obsolete exported symbols"
2224	default y if X86
2225	help
2226	  Unused but exported symbols make the kernel needlessly bigger.  For
2227	  that reason most of these unused exports will soon be removed.  This
2228	  option is provided temporarily to provide a transition period in case
2229	  some external kernel module needs one of these symbols anyway. If you
2230	  encounter such a case in your module, consider if you are actually
2231	  using the right API.  (rationale: since nobody in the kernel is using
2232	  this in a module, there is a pretty good chance it's actually the
2233	  wrong interface to use).  If you really need the symbol, please send a
2234	  mail to the linux kernel mailing list mentioning the symbol and why
2235	  you really need it, and what the merge plan to the mainline kernel for
2236	  your module is.
2237
2238config TRIM_UNUSED_KSYMS
2239	bool "Trim unused exported kernel symbols"
2240	depends on !UNUSED_SYMBOLS
2241	help
2242	  The kernel and some modules make many symbols available for
2243	  other modules to use via EXPORT_SYMBOL() and variants. Depending
2244	  on the set of modules being selected in your kernel configuration,
2245	  many of those exported symbols might never be used.
2246
2247	  This option allows for unused exported symbols to be dropped from
2248	  the build. In turn, this provides the compiler more opportunities
2249	  (especially when using LTO) for optimizing the code and reducing
2250	  binary size.  This might have some security advantages as well.
2251
2252	  If unsure, or if you need to build out-of-tree modules, say N.
2253
2254config UNUSED_KSYMS_WHITELIST
2255	string "Whitelist of symbols to keep in ksymtab"
2256	depends on TRIM_UNUSED_KSYMS
2257	help
2258	  By default, all unused exported symbols will be un-exported from the
2259	  build when TRIM_UNUSED_KSYMS is selected.
2260
2261	  UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
2262	  exported at all times, even in absence of in-tree users. The value to
2263	  set here is the path to a text file containing the list of symbols,
2264	  one per line. The path can be absolute, or relative to the kernel
2265	  source tree.
2266
2267endif # MODULES
2268
2269config MODULES_TREE_LOOKUP
2270	def_bool y
2271	depends on PERF_EVENTS || TRACING
2272
2273config INIT_ALL_POSSIBLE
2274	bool
2275	help
2276	  Back when each arch used to define their own cpu_online_mask and
2277	  cpu_possible_mask, some of them chose to initialize cpu_possible_mask
2278	  with all 1s, and others with all 0s.  When they were centralised,
2279	  it was better to provide this option than to break all the archs
2280	  and have several arch maintainers pursuing me down dark alleys.
2281
2282source "block/Kconfig"
2283
2284config PREEMPT_NOTIFIERS
2285	bool
2286
2287config PADATA
2288	depends on SMP
2289	bool
2290
2291config ASN1
2292	tristate
2293	help
2294	  Build a simple ASN.1 grammar compiler that produces a bytecode output
2295	  that can be interpreted by the ASN.1 stream decoder and used to
2296	  inform it as to what tags are to be expected in a stream and what
2297	  functions to call on what tags.
2298
2299source "kernel/Kconfig.locks"
2300
2301config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
2302	bool
2303
2304config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
2305	bool
2306
2307# It may be useful for an architecture to override the definitions of the
2308# SYSCALL_DEFINE() and __SYSCALL_DEFINEx() macros in <linux/syscalls.h>
2309# and the COMPAT_ variants in <linux/compat.h>, in particular to use a
2310# different calling convention for syscalls. They can also override the
2311# macros for not-implemented syscalls in kernel/sys_ni.c and
2312# kernel/time/posix-stubs.c. All these overrides need to be available in
2313# <asm/syscall_wrapper.h>.
2314config ARCH_HAS_SYSCALL_WRAPPER
2315	def_bool n
2316