whiterose

linux unikernel
Log | Files | Refs | README | LICENSE | git clone https://git.ne02ptzero.me/git/whiterose

Kconfig (66639B)


      1 config DEFCONFIG_LIST
      2 	string
      3 	depends on !UML
      4 	option defconfig_list
      5 	default "/lib/modules/$(shell,uname -r)/.config"
      6 	default "/etc/kernel-config"
      7 	default "/boot/config-$(shell,uname -r)"
      8 	default ARCH_DEFCONFIG
      9 	default "arch/$(ARCH)/defconfig"
     10 
     11 config CC_IS_GCC
     12 	def_bool $(success,$(CC) --version | head -n 1 | grep -q gcc)
     13 
     14 config GCC_VERSION
     15 	int
     16 	default $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) if CC_IS_GCC
     17 	default 0
     18 
     19 config CC_IS_CLANG
     20 	def_bool $(success,$(CC) --version | head -n 1 | grep -q clang)
     21 
     22 config CLANG_VERSION
     23 	int
     24 	default $(shell,$(srctree)/scripts/clang-version.sh $(CC))
     25 
     26 config CC_HAS_ASM_GOTO
     27 	def_bool $(success,$(srctree)/scripts/gcc-goto.sh $(CC))
     28 
     29 config CC_HAS_WARN_MAYBE_UNINITIALIZED
     30 	def_bool $(cc-option,-Wmaybe-uninitialized)
     31 	help
     32 	  GCC >= 4.7 supports this option.
     33 
     34 config CC_DISABLE_WARN_MAYBE_UNINITIALIZED
     35 	bool
     36 	depends on CC_HAS_WARN_MAYBE_UNINITIALIZED
     37 	default CC_IS_GCC && GCC_VERSION < 40900  # unreliable for GCC < 4.9
     38 	help
     39 	  GCC's -Wmaybe-uninitialized is not reliable by definition.
     40 	  Lots of false positive warnings are produced in some cases.
     41 
     42 	  If this option is enabled, -Wno-maybe-uninitialzed is passed
     43 	  to the compiler to suppress maybe-uninitialized warnings.
     44 
     45 config CONSTRUCTORS
     46 	bool
     47 	depends on !UML
     48 
     49 config IRQ_WORK
     50 	bool
     51 
     52 config BUILDTIME_EXTABLE_SORT
     53 	bool
     54 
     55 config THREAD_INFO_IN_TASK
     56 	bool
     57 	help
     58 	  Select this to move thread_info off the stack into task_struct.  To
     59 	  make this work, an arch will need to remove all thread_info fields
     60 	  except flags and fix any runtime bugs.
     61 
     62 	  One subtle change that will be needed is to use try_get_task_stack()
     63 	  and put_task_stack() in save_thread_stack_tsk() and get_wchan().
     64 
     65 menu "General setup"
     66 
     67 config BROKEN
     68 	bool
     69 
     70 config BROKEN_ON_SMP
     71 	bool
     72 	depends on BROKEN || !SMP
     73 	default y
     74 
     75 config INIT_ENV_ARG_LIMIT
     76 	int
     77 	default 32 if !UML
     78 	default 128 if UML
     79 	help
     80 	  Maximum of each of the number of arguments and environment
     81 	  variables passed to init from the kernel command line.
     82 
     83 config COMPILE_TEST
     84 	bool "Compile also drivers which will not load"
     85 	depends on !UML
     86 	default n
     87 	help
     88 	  Some drivers can be compiled on a different platform than they are
     89 	  intended to be run on. Despite they cannot be loaded there (or even
     90 	  when they load they cannot be used due to missing HW support),
     91 	  developers still, opposing to distributors, might want to build such
     92 	  drivers to compile-test them.
     93 
     94 	  If you are a developer and want to build everything available, say Y
     95 	  here. If you are a user/distributor, say N here to exclude useless
     96 	  drivers to be distributed.
     97 
     98 config LOCALVERSION
     99 	string "Local version - append to kernel release"
    100 	help
    101 	  Append an extra string to the end of your kernel version.
    102 	  This will show up when you type uname, for example.
    103 	  The string you set here will be appended after the contents of
    104 	  any files with a filename matching localversion* in your
    105 	  object and source tree, in that order.  Your total string can
    106 	  be a maximum of 64 characters.
    107 
    108 config LOCALVERSION_AUTO
    109 	bool "Automatically append version information to the version string"
    110 	default y
    111 	depends on !COMPILE_TEST
    112 	help
    113 	  This will try to automatically determine if the current tree is a
    114 	  release tree by looking for git tags that belong to the current
    115 	  top of tree revision.
    116 
    117 	  A string of the format -gxxxxxxxx will be added to the localversion
    118 	  if a git-based tree is found.  The string generated by this will be
    119 	  appended after any matching localversion* files, and after the value
    120 	  set in CONFIG_LOCALVERSION.
    121 
    122 	  (The actual string used here is the first eight characters produced
    123 	  by running the command:
    124 
    125 	    $ git rev-parse --verify HEAD
    126 
    127 	  which is done within the script "scripts/setlocalversion".)
    128 
    129 config BUILD_SALT
    130        string "Build ID Salt"
    131        default ""
    132        help
    133           The build ID is used to link binaries and their debug info. Setting
    134           this option will use the value in the calculation of the build id.
    135           This is mostly useful for distributions which want to ensure the
    136           build is unique between builds. It's safe to leave the default.
    137 
    138 config HAVE_KERNEL_GZIP
    139 	bool
    140 
    141 config HAVE_KERNEL_BZIP2
    142 	bool
    143 
    144 config HAVE_KERNEL_LZMA
    145 	bool
    146 
    147 config HAVE_KERNEL_XZ
    148 	bool
    149 
    150 config HAVE_KERNEL_LZO
    151 	bool
    152 
    153 config HAVE_KERNEL_LZ4
    154 	bool
    155 
    156 config HAVE_KERNEL_UNCOMPRESSED
    157 	bool
    158 
    159 choice
    160 	prompt "Kernel compression mode"
    161 	default KERNEL_GZIP
    162 	depends on HAVE_KERNEL_GZIP || HAVE_KERNEL_BZIP2 || HAVE_KERNEL_LZMA || HAVE_KERNEL_XZ || HAVE_KERNEL_LZO || HAVE_KERNEL_LZ4 || HAVE_KERNEL_UNCOMPRESSED
    163 	help
    164 	  The linux kernel is a kind of self-extracting executable.
    165 	  Several compression algorithms are available, which differ
    166 	  in efficiency, compression and decompression speed.
    167 	  Compression speed is only relevant when building a kernel.
    168 	  Decompression speed is relevant at each boot.
    169 
    170 	  If you have any problems with bzip2 or lzma compressed
    171 	  kernels, mail me (Alain Knaff) <alain@knaff.lu>. (An older
    172 	  version of this functionality (bzip2 only), for 2.4, was
    173 	  supplied by Christian Ludwig)
    174 
    175 	  High compression options are mostly useful for users, who
    176 	  are low on disk space (embedded systems), but for whom ram
    177 	  size matters less.
    178 
    179 	  If in doubt, select 'gzip'
    180 
    181 config KERNEL_GZIP
    182 	bool "Gzip"
    183 	depends on HAVE_KERNEL_GZIP
    184 	help
    185 	  The old and tried gzip compression. It provides a good balance
    186 	  between compression ratio and decompression speed.
    187 
    188 config KERNEL_BZIP2
    189 	bool "Bzip2"
    190 	depends on HAVE_KERNEL_BZIP2
    191 	help
    192 	  Its compression ratio and speed is intermediate.
    193 	  Decompression speed is slowest among the choices.  The kernel
    194 	  size is about 10% smaller with bzip2, in comparison to gzip.
    195 	  Bzip2 uses a large amount of memory. For modern kernels you
    196 	  will need at least 8MB RAM or more for booting.
    197 
    198 config KERNEL_LZMA
    199 	bool "LZMA"
    200 	depends on HAVE_KERNEL_LZMA
    201 	help
    202 	  This compression algorithm's ratio is best.  Decompression speed
    203 	  is between gzip and bzip2.  Compression is slowest.
    204 	  The kernel size is about 33% smaller with LZMA in comparison to gzip.
    205 
    206 config KERNEL_XZ
    207 	bool "XZ"
    208 	depends on HAVE_KERNEL_XZ
    209 	help
    210 	  XZ uses the LZMA2 algorithm and instruction set specific
    211 	  BCJ filters which can improve compression ratio of executable
    212 	  code. The size of the kernel is about 30% smaller with XZ in
    213 	  comparison to gzip. On architectures for which there is a BCJ
    214 	  filter (i386, x86_64, ARM, IA-64, PowerPC, and SPARC), XZ
    215 	  will create a few percent smaller kernel than plain LZMA.
    216 
    217 	  The speed is about the same as with LZMA: The decompression
    218 	  speed of XZ is better than that of bzip2 but worse than gzip
    219 	  and LZO. Compression is slow.
    220 
    221 config KERNEL_LZO
    222 	bool "LZO"
    223 	depends on HAVE_KERNEL_LZO
    224 	help
    225 	  Its compression ratio is the poorest among the choices. The kernel
    226 	  size is about 10% bigger than gzip; however its speed
    227 	  (both compression and decompression) is the fastest.
    228 
    229 config KERNEL_LZ4
    230 	bool "LZ4"
    231 	depends on HAVE_KERNEL_LZ4
    232 	help
    233 	  LZ4 is an LZ77-type compressor with a fixed, byte-oriented encoding.
    234 	  A preliminary version of LZ4 de/compression tool is available at
    235 	  <https://code.google.com/p/lz4/>.
    236 
    237 	  Its compression ratio is worse than LZO. The size of the kernel
    238 	  is about 8% bigger than LZO. But the decompression speed is
    239 	  faster than LZO.
    240 
    241 config KERNEL_UNCOMPRESSED
    242 	bool "None"
    243 	depends on HAVE_KERNEL_UNCOMPRESSED
    244 	help
    245 	  Produce uncompressed kernel image. This option is usually not what
    246 	  you want. It is useful for debugging the kernel in slow simulation
    247 	  environments, where decompressing and moving the kernel is awfully
    248 	  slow. This option allows early boot code to skip the decompressor
    249 	  and jump right at uncompressed kernel image.
    250 
    251 endchoice
    252 
    253 config DEFAULT_HOSTNAME
    254 	string "Default hostname"
    255 	default "(none)"
    256 	help
    257 	  This option determines the default system hostname before userspace
    258 	  calls sethostname(2). The kernel traditionally uses "(none)" here,
    259 	  but you may wish to use a different default here to make a minimal
    260 	  system more usable with less configuration.
    261 
    262 #
    263 # For some reason microblaze and nios2 hard code SWAP=n.  Hopefully we can
    264 # add proper SWAP support to them, in which case this can be remove.
    265 #
    266 config ARCH_NO_SWAP
    267 	bool
    268 
    269 config SWAP
    270 	bool "Support for paging of anonymous memory (swap)"
    271 	depends on MMU && BLOCK && !ARCH_NO_SWAP
    272 	default y
    273 	help
    274 	  This option allows you to choose whether you want to have support
    275 	  for so called swap devices or swap files in your kernel that are
    276 	  used to provide more virtual memory than the actual RAM present
    277 	  in your computer.  If unsure say Y.
    278 
    279 config SYSVIPC
    280 	bool "System V IPC"
    281 	---help---
    282 	  Inter Process Communication is a suite of library functions and
    283 	  system calls which let processes (running programs) synchronize and
    284 	  exchange information. It is generally considered to be a good thing,
    285 	  and some programs won't run unless you say Y here. In particular, if
    286 	  you want to run the DOS emulator dosemu under Linux (read the
    287 	  DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
    288 	  you'll need to say Y here.
    289 
    290 	  You can find documentation about IPC with "info ipc" and also in
    291 	  section 6.4 of the Linux Programmer's Guide, available from
    292 	  <http://www.tldp.org/guides.html>.
    293 
    294 config SYSVIPC_SYSCTL
    295 	bool
    296 	depends on SYSVIPC
    297 	depends on SYSCTL
    298 	default y
    299 
    300 config POSIX_MQUEUE
    301 	bool "POSIX Message Queues"
    302 	depends on NET
    303 	---help---
    304 	  POSIX variant of message queues is a part of IPC. In POSIX message
    305 	  queues every message has a priority which decides about succession
    306 	  of receiving it by a process. If you want to compile and run
    307 	  programs written e.g. for Solaris with use of its POSIX message
    308 	  queues (functions mq_*) say Y here.
    309 
    310 	  POSIX message queues are visible as a filesystem called 'mqueue'
    311 	  and can be mounted somewhere if you want to do filesystem
    312 	  operations on message queues.
    313 
    314 	  If unsure, say Y.
    315 
    316 config POSIX_MQUEUE_SYSCTL
    317 	bool
    318 	depends on POSIX_MQUEUE
    319 	depends on SYSCTL
    320 	default y
    321 
    322 config CROSS_MEMORY_ATTACH
    323 	bool "Enable process_vm_readv/writev syscalls"
    324 	depends on MMU
    325 	default y
    326 	help
    327 	  Enabling this option adds the system calls process_vm_readv and
    328 	  process_vm_writev which allow a process with the correct privileges
    329 	  to directly read from or write to another process' address space.
    330 	  See the man page for more details.
    331 
    332 config USELIB
    333 	bool "uselib syscall"
    334 	def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
    335 	help
    336 	  This option enables the uselib syscall, a system call used in the
    337 	  dynamic linker from libc5 and earlier.  glibc does not use this
    338 	  system call.  If you intend to run programs built on libc5 or
    339 	  earlier, you may need to enable this syscall.  Current systems
    340 	  running glibc can safely disable this.
    341 
    342 config AUDIT
    343 	bool "Auditing support"
    344 	depends on NET
    345 	help
    346 	  Enable auditing infrastructure that can be used with another
    347 	  kernel subsystem, such as SELinux (which requires this for
    348 	  logging of avc messages output).  System call auditing is included
    349 	  on architectures which support it.
    350 
    351 config HAVE_ARCH_AUDITSYSCALL
    352 	bool
    353 
    354 config AUDITSYSCALL
    355 	def_bool y
    356 	depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
    357 	select FSNOTIFY
    358 
    359 source "kernel/irq/Kconfig"
    360 source "kernel/time/Kconfig"
    361 source "kernel/Kconfig.preempt"
    362 
    363 menu "CPU/Task time and stats accounting"
    364 
    365 config VIRT_CPU_ACCOUNTING
    366 	bool
    367 
    368 choice
    369 	prompt "Cputime accounting"
    370 	default TICK_CPU_ACCOUNTING if !PPC64
    371 	default VIRT_CPU_ACCOUNTING_NATIVE if PPC64
    372 
    373 # Kind of a stub config for the pure tick based cputime accounting
    374 config TICK_CPU_ACCOUNTING
    375 	bool "Simple tick based cputime accounting"
    376 	depends on !S390 && !NO_HZ_FULL
    377 	help
    378 	  This is the basic tick based cputime accounting that maintains
    379 	  statistics about user, system and idle time spent on per jiffies
    380 	  granularity.
    381 
    382 	  If unsure, say Y.
    383 
    384 config VIRT_CPU_ACCOUNTING_NATIVE
    385 	bool "Deterministic task and CPU time accounting"
    386 	depends on HAVE_VIRT_CPU_ACCOUNTING && !NO_HZ_FULL
    387 	select VIRT_CPU_ACCOUNTING
    388 	help
    389 	  Select this option to enable more accurate task and CPU time
    390 	  accounting.  This is done by reading a CPU counter on each
    391 	  kernel entry and exit and on transitions within the kernel
    392 	  between system, softirq and hardirq state, so there is a
    393 	  small performance impact.  In the case of s390 or IBM POWER > 5,
    394 	  this also enables accounting of stolen time on logically-partitioned
    395 	  systems.
    396 
    397 config VIRT_CPU_ACCOUNTING_GEN
    398 	bool "Full dynticks CPU time accounting"
    399 	depends on HAVE_CONTEXT_TRACKING
    400 	depends on HAVE_VIRT_CPU_ACCOUNTING_GEN
    401 	depends on GENERIC_CLOCKEVENTS
    402 	select VIRT_CPU_ACCOUNTING
    403 	select CONTEXT_TRACKING
    404 	help
    405 	  Select this option to enable task and CPU time accounting on full
    406 	  dynticks systems. This accounting is implemented by watching every
    407 	  kernel-user boundaries using the context tracking subsystem.
    408 	  The accounting is thus performed at the expense of some significant
    409 	  overhead.
    410 
    411 	  For now this is only useful if you are working on the full
    412 	  dynticks subsystem development.
    413 
    414 	  If unsure, say N.
    415 
    416 endchoice
    417 
    418 config IRQ_TIME_ACCOUNTING
    419 	bool "Fine granularity task level IRQ time accounting"
    420 	depends on HAVE_IRQ_TIME_ACCOUNTING && !VIRT_CPU_ACCOUNTING_NATIVE
    421 	help
    422 	  Select this option to enable fine granularity task irq time
    423 	  accounting. This is done by reading a timestamp on each
    424 	  transitions between softirq and hardirq state, so there can be a
    425 	  small performance impact.
    426 
    427 	  If in doubt, say N here.
    428 
    429 config HAVE_SCHED_AVG_IRQ
    430 	def_bool y
    431 	depends on IRQ_TIME_ACCOUNTING || PARAVIRT_TIME_ACCOUNTING
    432 	depends on SMP
    433 
    434 config BSD_PROCESS_ACCT
    435 	bool "BSD Process Accounting"
    436 	depends on MULTIUSER
    437 	help
    438 	  If you say Y here, a user level program will be able to instruct the
    439 	  kernel (via a special system call) to write process accounting
    440 	  information to a file: whenever a process exits, information about
    441 	  that process will be appended to the file by the kernel.  The
    442 	  information includes things such as creation time, owning user,
    443 	  command name, memory usage, controlling terminal etc. (the complete
    444 	  list is in the struct acct in <file:include/linux/acct.h>).  It is
    445 	  up to the user level program to do useful things with this
    446 	  information.  This is generally a good idea, so say Y.
    447 
    448 config BSD_PROCESS_ACCT_V3
    449 	bool "BSD Process Accounting version 3 file format"
    450 	depends on BSD_PROCESS_ACCT
    451 	default n
    452 	help
    453 	  If you say Y here, the process accounting information is written
    454 	  in a new file format that also logs the process IDs of each
    455 	  process and its parent. Note that this file format is incompatible
    456 	  with previous v0/v1/v2 file formats, so you will need updated tools
    457 	  for processing it. A preliminary version of these tools is available
    458 	  at <http://www.gnu.org/software/acct/>.
    459 
    460 config TASKSTATS
    461 	bool "Export task/process statistics through netlink"
    462 	depends on NET
    463 	depends on MULTIUSER
    464 	default n
    465 	help
    466 	  Export selected statistics for tasks/processes through the
    467 	  generic netlink interface. Unlike BSD process accounting, the
    468 	  statistics are available during the lifetime of tasks/processes as
    469 	  responses to commands. Like BSD accounting, they are sent to user
    470 	  space on task exit.
    471 
    472 	  Say N if unsure.
    473 
    474 config TASK_DELAY_ACCT
    475 	bool "Enable per-task delay accounting"
    476 	depends on TASKSTATS
    477 	select SCHED_INFO
    478 	help
    479 	  Collect information on time spent by a task waiting for system
    480 	  resources like cpu, synchronous block I/O completion and swapping
    481 	  in pages. Such statistics can help in setting a task's priorities
    482 	  relative to other tasks for cpu, io, rss limits etc.
    483 
    484 	  Say N if unsure.
    485 
    486 config TASK_XACCT
    487 	bool "Enable extended accounting over taskstats"
    488 	depends on TASKSTATS
    489 	help
    490 	  Collect extended task accounting data and send the data
    491 	  to userland for processing over the taskstats interface.
    492 
    493 	  Say N if unsure.
    494 
    495 config TASK_IO_ACCOUNTING
    496 	bool "Enable per-task storage I/O accounting"
    497 	depends on TASK_XACCT
    498 	help
    499 	  Collect information on the number of bytes of storage I/O which this
    500 	  task has caused.
    501 
    502 	  Say N if unsure.
    503 
    504 config PSI
    505 	bool "Pressure stall information tracking"
    506 	help
    507 	  Collect metrics that indicate how overcommitted the CPU, memory,
    508 	  and IO capacity are in the system.
    509 
    510 	  If you say Y here, the kernel will create /proc/pressure/ with the
    511 	  pressure statistics files cpu, memory, and io. These will indicate
    512 	  the share of walltime in which some or all tasks in the system are
    513 	  delayed due to contention of the respective resource.
    514 
    515 	  In kernels with cgroup support, cgroups (cgroup2 only) will
    516 	  have cpu.pressure, memory.pressure, and io.pressure files,
    517 	  which aggregate pressure stalls for the grouped tasks only.
    518 
    519 	  For more details see Documentation/accounting/psi.txt.
    520 
    521 	  Say N if unsure.
    522 
    523 config PSI_DEFAULT_DISABLED
    524 	bool "Require boot parameter to enable pressure stall information tracking"
    525 	default n
    526 	depends on PSI
    527 	help
    528 	  If set, pressure stall information tracking will be disabled
    529 	  per default but can be enabled through passing psi=1 on the
    530 	  kernel commandline during boot.
    531 
    532 	  This feature adds some code to the task wakeup and sleep
    533 	  paths of the scheduler. The overhead is too low to affect
    534 	  common scheduling-intense workloads in practice (such as
    535 	  webservers, memcache), but it does show up in artificial
    536 	  scheduler stress tests, such as hackbench.
    537 
    538 	  If you are paranoid and not sure what the kernel will be
    539 	  used for, say Y.
    540 
    541 	  Say N if unsure.
    542 
    543 endmenu # "CPU/Task time and stats accounting"
    544 
    545 config CPU_ISOLATION
    546 	bool "CPU isolation"
    547 	depends on SMP || COMPILE_TEST
    548 	default y
    549 	help
    550 	  Make sure that CPUs running critical tasks are not disturbed by
    551 	  any source of "noise" such as unbound workqueues, timers, kthreads...
    552 	  Unbound jobs get offloaded to housekeeping CPUs. This is driven by
    553 	  the "isolcpus=" boot parameter.
    554 
    555 	  Say Y if unsure.
    556 
    557 source "kernel/rcu/Kconfig"
    558 
    559 config BUILD_BIN2C
    560 	bool
    561 	default n
    562 
    563 config IKCONFIG
    564 	tristate "Kernel .config support"
    565 	select BUILD_BIN2C
    566 	---help---
    567 	  This option enables the complete Linux kernel ".config" file
    568 	  contents to be saved in the kernel. It provides documentation
    569 	  of which kernel options are used in a running kernel or in an
    570 	  on-disk kernel.  This information can be extracted from the kernel
    571 	  image file with the script scripts/extract-ikconfig and used as
    572 	  input to rebuild the current kernel or to build another kernel.
    573 	  It can also be extracted from a running kernel by reading
    574 	  /proc/config.gz if enabled (below).
    575 
    576 config IKCONFIG_PROC
    577 	bool "Enable access to .config through /proc/config.gz"
    578 	depends on IKCONFIG && PROC_FS
    579 	---help---
    580 	  This option enables access to the kernel configuration file
    581 	  through /proc/config.gz.
    582 
    583 config LOG_BUF_SHIFT
    584 	int "Kernel log buffer size (16 => 64KB, 17 => 128KB)"
    585 	range 12 25
    586 	default 17
    587 	depends on PRINTK
    588 	help
    589 	  Select the minimal kernel log buffer size as a power of 2.
    590 	  The final size is affected by LOG_CPU_MAX_BUF_SHIFT config
    591 	  parameter, see below. Any higher size also might be forced
    592 	  by "log_buf_len" boot parameter.
    593 
    594 	  Examples:
    595 		     17 => 128 KB
    596 		     16 => 64 KB
    597 		     15 => 32 KB
    598 		     14 => 16 KB
    599 		     13 =>  8 KB
    600 		     12 =>  4 KB
    601 
    602 config LOG_CPU_MAX_BUF_SHIFT
    603 	int "CPU kernel log buffer size contribution (13 => 8 KB, 17 => 128KB)"
    604 	depends on SMP
    605 	range 0 21
    606 	default 12 if !BASE_SMALL
    607 	default 0 if BASE_SMALL
    608 	depends on PRINTK
    609 	help
    610 	  This option allows to increase the default ring buffer size
    611 	  according to the number of CPUs. The value defines the contribution
    612 	  of each CPU as a power of 2. The used space is typically only few
    613 	  lines however it might be much more when problems are reported,
    614 	  e.g. backtraces.
    615 
    616 	  The increased size means that a new buffer has to be allocated and
    617 	  the original static one is unused. It makes sense only on systems
    618 	  with more CPUs. Therefore this value is used only when the sum of
    619 	  contributions is greater than the half of the default kernel ring
    620 	  buffer as defined by LOG_BUF_SHIFT. The default values are set
    621 	  so that more than 64 CPUs are needed to trigger the allocation.
    622 
    623 	  Also this option is ignored when "log_buf_len" kernel parameter is
    624 	  used as it forces an exact (power of two) size of the ring buffer.
    625 
    626 	  The number of possible CPUs is used for this computation ignoring
    627 	  hotplugging making the computation optimal for the worst case
    628 	  scenario while allowing a simple algorithm to be used from bootup.
    629 
    630 	  Examples shift values and their meaning:
    631 		     17 => 128 KB for each CPU
    632 		     16 =>  64 KB for each CPU
    633 		     15 =>  32 KB for each CPU
    634 		     14 =>  16 KB for each CPU
    635 		     13 =>   8 KB for each CPU
    636 		     12 =>   4 KB for each CPU
    637 
    638 config PRINTK_SAFE_LOG_BUF_SHIFT
    639 	int "Temporary per-CPU printk log buffer size (12 => 4KB, 13 => 8KB)"
    640 	range 10 21
    641 	default 13
    642 	depends on PRINTK
    643 	help
    644 	  Select the size of an alternate printk per-CPU buffer where messages
    645 	  printed from usafe contexts are temporary stored. One example would
    646 	  be NMI messages, another one - printk recursion. The messages are
    647 	  copied to the main log buffer in a safe context to avoid a deadlock.
    648 	  The value defines the size as a power of 2.
    649 
    650 	  Those messages are rare and limited. The largest one is when
    651 	  a backtrace is printed. It usually fits into 4KB. Select
    652 	  8KB if you want to be on the safe side.
    653 
    654 	  Examples:
    655 		     17 => 128 KB for each CPU
    656 		     16 =>  64 KB for each CPU
    657 		     15 =>  32 KB for each CPU
    658 		     14 =>  16 KB for each CPU
    659 		     13 =>   8 KB for each CPU
    660 		     12 =>   4 KB for each CPU
    661 
    662 #
    663 # Architectures with an unreliable sched_clock() should select this:
    664 #
    665 config HAVE_UNSTABLE_SCHED_CLOCK
    666 	bool
    667 
    668 config GENERIC_SCHED_CLOCK
    669 	bool
    670 
    671 #
    672 # For architectures that want to enable the support for NUMA-affine scheduler
    673 # balancing logic:
    674 #
    675 config ARCH_SUPPORTS_NUMA_BALANCING
    676 	bool
    677 
    678 #
    679 # For architectures that prefer to flush all TLBs after a number of pages
    680 # are unmapped instead of sending one IPI per page to flush. The architecture
    681 # must provide guarantees on what happens if a clean TLB cache entry is
    682 # written after the unmap. Details are in mm/rmap.c near the check for
    683 # should_defer_flush. The architecture should also consider if the full flush
    684 # and the refill costs are offset by the savings of sending fewer IPIs.
    685 config ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
    686 	bool
    687 
    688 #
    689 # For architectures that know their GCC __int128 support is sound
    690 #
    691 config ARCH_SUPPORTS_INT128
    692 	bool
    693 
    694 # For architectures that (ab)use NUMA to represent different memory regions
    695 # all cpu-local but of different latencies, such as SuperH.
    696 #
    697 config ARCH_WANT_NUMA_VARIABLE_LOCALITY
    698 	bool
    699 
    700 config NUMA_BALANCING
    701 	bool "Memory placement aware NUMA scheduler"
    702 	depends on ARCH_SUPPORTS_NUMA_BALANCING
    703 	depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY
    704 	depends on SMP && NUMA && MIGRATION
    705 	help
    706 	  This option adds support for automatic NUMA aware memory/task placement.
    707 	  The mechanism is quite primitive and is based on migrating memory when
    708 	  it has references to the node the task is running on.
    709 
    710 	  This system will be inactive on UMA systems.
    711 
    712 config NUMA_BALANCING_DEFAULT_ENABLED
    713 	bool "Automatically enable NUMA aware memory/task placement"
    714 	default y
    715 	depends on NUMA_BALANCING
    716 	help
    717 	  If set, automatic NUMA balancing will be enabled if running on a NUMA
    718 	  machine.
    719 
    720 menuconfig CGROUPS
    721 	bool "Control Group support"
    722 	select KERNFS
    723 	help
    724 	  This option adds support for grouping sets of processes together, for
    725 	  use with process control subsystems such as Cpusets, CFS, memory
    726 	  controls or device isolation.
    727 	  See
    728 		- Documentation/scheduler/sched-design-CFS.txt	(CFS)
    729 		- Documentation/cgroup-v1/ (features for grouping, isolation
    730 					  and resource control)
    731 
    732 	  Say N if unsure.
    733 
    734 if CGROUPS
    735 
    736 config PAGE_COUNTER
    737        bool
    738 
    739 config MEMCG
    740 	bool "Memory controller"
    741 	select PAGE_COUNTER
    742 	select EVENTFD
    743 	help
    744 	  Provides control over the memory footprint of tasks in a cgroup.
    745 
    746 config MEMCG_SWAP
    747 	bool "Swap controller"
    748 	depends on MEMCG && SWAP
    749 	help
    750 	  Provides control over the swap space consumed by tasks in a cgroup.
    751 
    752 config MEMCG_SWAP_ENABLED
    753 	bool "Swap controller enabled by default"
    754 	depends on MEMCG_SWAP
    755 	default y
    756 	help
    757 	  Memory Resource Controller Swap Extension comes with its price in
    758 	  a bigger memory consumption. General purpose distribution kernels
    759 	  which want to enable the feature but keep it disabled by default
    760 	  and let the user enable it by swapaccount=1 boot command line
    761 	  parameter should have this option unselected.
    762 	  For those who want to have the feature enabled by default should
    763 	  select this option (if, for some reason, they need to disable it
    764 	  then swapaccount=0 does the trick).
    765 
    766 config MEMCG_KMEM
    767 	bool
    768 	depends on MEMCG && !SLOB
    769 	default y
    770 
    771 config BLK_CGROUP
    772 	bool "IO controller"
    773 	depends on BLOCK
    774 	default n
    775 	---help---
    776 	Generic block IO controller cgroup interface. This is the common
    777 	cgroup interface which should be used by various IO controlling
    778 	policies.
    779 
    780 	Currently, CFQ IO scheduler uses it to recognize task groups and
    781 	control disk bandwidth allocation (proportional time slice allocation)
    782 	to such task groups. It is also used by bio throttling logic in
    783 	block layer to implement upper limit in IO rates on a device.
    784 
    785 	This option only enables generic Block IO controller infrastructure.
    786 	One needs to also enable actual IO controlling logic/policy. For
    787 	enabling proportional weight division of disk bandwidth in CFQ, set
    788 	CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
    789 	CONFIG_BLK_DEV_THROTTLING=y.
    790 
    791 	See Documentation/cgroup-v1/blkio-controller.txt for more information.
    792 
    793 config DEBUG_BLK_CGROUP
    794 	bool "IO controller debugging"
    795 	depends on BLK_CGROUP
    796 	default n
    797 	---help---
    798 	Enable some debugging help. Currently it exports additional stat
    799 	files in a cgroup which can be useful for debugging.
    800 
    801 config CGROUP_WRITEBACK
    802 	bool
    803 	depends on MEMCG && BLK_CGROUP
    804 	default y
    805 
    806 menuconfig CGROUP_SCHED
    807 	bool "CPU controller"
    808 	default n
    809 	help
    810 	  This feature lets CPU scheduler recognize task groups and control CPU
    811 	  bandwidth allocation to such task groups. It uses cgroups to group
    812 	  tasks.
    813 
    814 if CGROUP_SCHED
    815 config FAIR_GROUP_SCHED
    816 	bool "Group scheduling for SCHED_OTHER"
    817 	depends on CGROUP_SCHED
    818 	default CGROUP_SCHED
    819 
    820 config CFS_BANDWIDTH
    821 	bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
    822 	depends on FAIR_GROUP_SCHED
    823 	default n
    824 	help
    825 	  This option allows users to define CPU bandwidth rates (limits) for
    826 	  tasks running within the fair group scheduler.  Groups with no limit
    827 	  set are considered to be unconstrained and will run with no
    828 	  restriction.
    829 	  See Documentation/scheduler/sched-bwc.txt for more information.
    830 
    831 config RT_GROUP_SCHED
    832 	bool "Group scheduling for SCHED_RR/FIFO"
    833 	depends on CGROUP_SCHED
    834 	default n
    835 	help
    836 	  This feature lets you explicitly allocate real CPU bandwidth
    837 	  to task groups. If enabled, it will also make it impossible to
    838 	  schedule realtime tasks for non-root users until you allocate
    839 	  realtime bandwidth for them.
    840 	  See Documentation/scheduler/sched-rt-group.txt for more information.
    841 
    842 endif #CGROUP_SCHED
    843 
    844 config CGROUP_PIDS
    845 	bool "PIDs controller"
    846 	help
    847 	  Provides enforcement of process number limits in the scope of a
    848 	  cgroup. Any attempt to fork more processes than is allowed in the
    849 	  cgroup will fail. PIDs are fundamentally a global resource because it
    850 	  is fairly trivial to reach PID exhaustion before you reach even a
    851 	  conservative kmemcg limit. As a result, it is possible to grind a
    852 	  system to halt without being limited by other cgroup policies. The
    853 	  PIDs controller is designed to stop this from happening.
    854 
    855 	  It should be noted that organisational operations (such as attaching
    856 	  to a cgroup hierarchy) will *not* be blocked by the PIDs controller,
    857 	  since the PIDs limit only affects a process's ability to fork, not to
    858 	  attach to a cgroup.
    859 
    860 config CGROUP_RDMA
    861 	bool "RDMA controller"
    862 	help
    863 	  Provides enforcement of RDMA resources defined by IB stack.
    864 	  It is fairly easy for consumers to exhaust RDMA resources, which
    865 	  can result into resource unavailability to other consumers.
    866 	  RDMA controller is designed to stop this from happening.
    867 	  Attaching processes with active RDMA resources to the cgroup
    868 	  hierarchy is allowed even if can cross the hierarchy's limit.
    869 
    870 config CGROUP_FREEZER
    871 	bool "Freezer controller"
    872 	help
    873 	  Provides a way to freeze and unfreeze all tasks in a
    874 	  cgroup.
    875 
    876 	  This option affects the ORIGINAL cgroup interface. The cgroup2 memory
    877 	  controller includes important in-kernel memory consumers per default.
    878 
    879 	  If you're using cgroup2, say N.
    880 
    881 config CGROUP_HUGETLB
    882 	bool "HugeTLB controller"
    883 	depends on HUGETLB_PAGE
    884 	select PAGE_COUNTER
    885 	default n
    886 	help
    887 	  Provides a cgroup controller for HugeTLB pages.
    888 	  When you enable this, you can put a per cgroup limit on HugeTLB usage.
    889 	  The limit is enforced during page fault. Since HugeTLB doesn't
    890 	  support page reclaim, enforcing the limit at page fault time implies
    891 	  that, the application will get SIGBUS signal if it tries to access
    892 	  HugeTLB pages beyond its limit. This requires the application to know
    893 	  beforehand how much HugeTLB pages it would require for its use. The
    894 	  control group is tracked in the third page lru pointer. This means
    895 	  that we cannot use the controller with huge page less than 3 pages.
    896 
    897 config CPUSETS
    898 	bool "Cpuset controller"
    899 	depends on SMP
    900 	help
    901 	  This option will let you create and manage CPUSETs which
    902 	  allow dynamically partitioning a system into sets of CPUs and
    903 	  Memory Nodes and assigning tasks to run only within those sets.
    904 	  This is primarily useful on large SMP or NUMA systems.
    905 
    906 	  Say N if unsure.
    907 
    908 config PROC_PID_CPUSET
    909 	bool "Include legacy /proc/<pid>/cpuset file"
    910 	depends on CPUSETS
    911 	default y
    912 
    913 config CGROUP_DEVICE
    914 	bool "Device controller"
    915 	help
    916 	  Provides a cgroup controller implementing whitelists for
    917 	  devices which a process in the cgroup can mknod or open.
    918 
    919 config CGROUP_CPUACCT
    920 	bool "Simple CPU accounting controller"
    921 	help
    922 	  Provides a simple controller for monitoring the
    923 	  total CPU consumed by the tasks in a cgroup.
    924 
    925 config CGROUP_PERF
    926 	bool "Perf controller"
    927 	depends on PERF_EVENTS
    928 	help
    929 	  This option extends the perf per-cpu mode to restrict monitoring
    930 	  to threads which belong to the cgroup specified and run on the
    931 	  designated cpu.
    932 
    933 	  Say N if unsure.
    934 
    935 config CGROUP_BPF
    936 	bool "Support for eBPF programs attached to cgroups"
    937 	depends on BPF_SYSCALL
    938 	select SOCK_CGROUP_DATA
    939 	help
    940 	  Allow attaching eBPF programs to a cgroup using the bpf(2)
    941 	  syscall command BPF_PROG_ATTACH.
    942 
    943 	  In which context these programs are accessed depends on the type
    944 	  of attachment. For instance, programs that are attached using
    945 	  BPF_CGROUP_INET_INGRESS will be executed on the ingress path of
    946 	  inet sockets.
    947 
    948 config CGROUP_DEBUG
    949 	bool "Debug controller"
    950 	default n
    951 	depends on DEBUG_KERNEL
    952 	help
    953 	  This option enables a simple controller that exports
    954 	  debugging information about the cgroups framework. This
    955 	  controller is for control cgroup debugging only. Its
    956 	  interfaces are not stable.
    957 
    958 	  Say N.
    959 
    960 config SOCK_CGROUP_DATA
    961 	bool
    962 	default n
    963 
    964 endif # CGROUPS
    965 
    966 menuconfig NAMESPACES
    967 	bool "Namespaces support" if EXPERT
    968 	depends on MULTIUSER
    969 	default !EXPERT
    970 	help
    971 	  Provides the way to make tasks work with different objects using
    972 	  the same id. For example same IPC id may refer to different objects
    973 	  or same user id or pid may refer to different tasks when used in
    974 	  different namespaces.
    975 
    976 if NAMESPACES
    977 
    978 config UTS_NS
    979 	bool "UTS namespace"
    980 	default y
    981 	help
    982 	  In this namespace tasks see different info provided with the
    983 	  uname() system call
    984 
    985 config IPC_NS
    986 	bool "IPC namespace"
    987 	depends on (SYSVIPC || POSIX_MQUEUE)
    988 	default y
    989 	help
    990 	  In this namespace tasks work with IPC ids which correspond to
    991 	  different IPC objects in different namespaces.
    992 
    993 config USER_NS
    994 	bool "User namespace"
    995 	default n
    996 	help
    997 	  This allows containers, i.e. vservers, to use user namespaces
    998 	  to provide different user info for different servers.
    999 
   1000 	  When user namespaces are enabled in the kernel it is
   1001 	  recommended that the MEMCG option also be enabled and that
   1002 	  user-space use the memory control groups to limit the amount
   1003 	  of memory a memory unprivileged users can use.
   1004 
   1005 	  If unsure, say N.
   1006 
   1007 config PID_NS
   1008 	bool "PID Namespaces"
   1009 	default y
   1010 	help
   1011 	  Support process id namespaces.  This allows having multiple
   1012 	  processes with the same pid as long as they are in different
   1013 	  pid namespaces.  This is a building block of containers.
   1014 
   1015 config NET_NS
   1016 	bool "Network namespace"
   1017 	depends on NET
   1018 	default y
   1019 	help
   1020 	  Allow user space to create what appear to be multiple instances
   1021 	  of the network stack.
   1022 
   1023 endif # NAMESPACES
   1024 
   1025 config CHECKPOINT_RESTORE
   1026 	bool "Checkpoint/restore support"
   1027 	select PROC_CHILDREN
   1028 	default n
   1029 	help
   1030 	  Enables additional kernel features in a sake of checkpoint/restore.
   1031 	  In particular it adds auxiliary prctl codes to setup process text,
   1032 	  data and heap segment sizes, and a few additional /proc filesystem
   1033 	  entries.
   1034 
   1035 	  If unsure, say N here.
   1036 
   1037 config SCHED_AUTOGROUP
   1038 	bool "Automatic process group scheduling"
   1039 	select CGROUPS
   1040 	select CGROUP_SCHED
   1041 	select FAIR_GROUP_SCHED
   1042 	help
   1043 	  This option optimizes the scheduler for common desktop workloads by
   1044 	  automatically creating and populating task groups.  This separation
   1045 	  of workloads isolates aggressive CPU burners (like build jobs) from
   1046 	  desktop applications.  Task group autogeneration is currently based
   1047 	  upon task session.
   1048 
   1049 config SYSFS_DEPRECATED
   1050 	bool "Enable deprecated sysfs features to support old userspace tools"
   1051 	depends on SYSFS
   1052 	default n
   1053 	help
   1054 	  This option adds code that switches the layout of the "block" class
   1055 	  devices, to not show up in /sys/class/block/, but only in
   1056 	  /sys/block/.
   1057 
   1058 	  This switch is only active when the sysfs.deprecated=1 boot option is
   1059 	  passed or the SYSFS_DEPRECATED_V2 option is set.
   1060 
   1061 	  This option allows new kernels to run on old distributions and tools,
   1062 	  which might get confused by /sys/class/block/. Since 2007/2008 all
   1063 	  major distributions and tools handle this just fine.
   1064 
   1065 	  Recent distributions and userspace tools after 2009/2010 depend on
   1066 	  the existence of /sys/class/block/, and will not work with this
   1067 	  option enabled.
   1068 
   1069 	  Only if you are using a new kernel on an old distribution, you might
   1070 	  need to say Y here.
   1071 
   1072 config SYSFS_DEPRECATED_V2
   1073 	bool "Enable deprecated sysfs features by default"
   1074 	default n
   1075 	depends on SYSFS
   1076 	depends on SYSFS_DEPRECATED
   1077 	help
   1078 	  Enable deprecated sysfs by default.
   1079 
   1080 	  See the CONFIG_SYSFS_DEPRECATED option for more details about this
   1081 	  option.
   1082 
   1083 	  Only if you are using a new kernel on an old distribution, you might
   1084 	  need to say Y here. Even then, odds are you would not need it
   1085 	  enabled, you can always pass the boot option if absolutely necessary.
   1086 
   1087 config RELAY
   1088 	bool "Kernel->user space relay support (formerly relayfs)"
   1089 	select IRQ_WORK
   1090 	help
   1091 	  This option enables support for relay interface support in
   1092 	  certain file systems (such as debugfs).
   1093 	  It is designed to provide an efficient mechanism for tools and
   1094 	  facilities to relay large amounts of data from kernel space to
   1095 	  user space.
   1096 
   1097 	  If unsure, say N.
   1098 
   1099 config BLK_DEV_INITRD
   1100 	bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
   1101 	help
   1102 	  The initial RAM filesystem is a ramfs which is loaded by the
   1103 	  boot loader (loadlin or lilo) and that is mounted as root
   1104 	  before the normal boot procedure. It is typically used to
   1105 	  load modules needed to mount the "real" root file system,
   1106 	  etc. See <file:Documentation/admin-guide/initrd.rst> for details.
   1107 
   1108 	  If RAM disk support (BLK_DEV_RAM) is also included, this
   1109 	  also enables initial RAM disk (initrd) support and adds
   1110 	  15 Kbytes (more on some other architectures) to the kernel size.
   1111 
   1112 	  If unsure say Y.
   1113 
   1114 if BLK_DEV_INITRD
   1115 
   1116 source "usr/Kconfig"
   1117 
   1118 endif
   1119 
   1120 choice
   1121 	prompt "Compiler optimization level"
   1122 	default CC_OPTIMIZE_FOR_PERFORMANCE
   1123 
   1124 config CC_OPTIMIZE_FOR_PERFORMANCE
   1125 	bool "Optimize for performance"
   1126 	help
   1127 	  This is the default optimization level for the kernel, building
   1128 	  with the "-O2" compiler flag for best performance and most
   1129 	  helpful compile-time warnings.
   1130 
   1131 config CC_OPTIMIZE_FOR_SIZE
   1132 	bool "Optimize for size"
   1133 	imply CC_DISABLE_WARN_MAYBE_UNINITIALIZED  # avoid false positives
   1134 	help
   1135 	  Enabling this option will pass "-Os" instead of "-O2" to
   1136 	  your compiler resulting in a smaller kernel.
   1137 
   1138 	  If unsure, say N.
   1139 
   1140 endchoice
   1141 
   1142 config HAVE_LD_DEAD_CODE_DATA_ELIMINATION
   1143 	bool
   1144 	help
   1145 	  This requires that the arch annotates or otherwise protects
   1146 	  its external entry points from being discarded. Linker scripts
   1147 	  must also merge .text.*, .data.*, and .bss.* correctly into
   1148 	  output sections. Care must be taken not to pull in unrelated
   1149 	  sections (e.g., '.text.init'). Typically '.' in section names
   1150 	  is used to distinguish them from label names / C identifiers.
   1151 
   1152 config LD_DEAD_CODE_DATA_ELIMINATION
   1153 	bool "Dead code and data elimination (EXPERIMENTAL)"
   1154 	depends on HAVE_LD_DEAD_CODE_DATA_ELIMINATION
   1155 	depends on EXPERT
   1156 	depends on !(FUNCTION_TRACER && CC_IS_GCC && GCC_VERSION < 40800)
   1157 	depends on $(cc-option,-ffunction-sections -fdata-sections)
   1158 	depends on $(ld-option,--gc-sections)
   1159 	help
   1160 	  Enable this if you want to do dead code and data elimination with
   1161 	  the linker by compiling with -ffunction-sections -fdata-sections,
   1162 	  and linking with --gc-sections.
   1163 
   1164 	  This can reduce on disk and in-memory size of the kernel
   1165 	  code and static data, particularly for small configs and
   1166 	  on small systems. This has the possibility of introducing
   1167 	  silently broken kernel if the required annotations are not
   1168 	  present. This option is not well tested yet, so use at your
   1169 	  own risk.
   1170 
   1171 config SYSCTL
   1172 	bool
   1173 
   1174 config ANON_INODES
   1175 	bool
   1176 
   1177 config HAVE_UID16
   1178 	bool
   1179 
   1180 config SYSCTL_EXCEPTION_TRACE
   1181 	bool
   1182 	help
   1183 	  Enable support for /proc/sys/debug/exception-trace.
   1184 
   1185 config SYSCTL_ARCH_UNALIGN_NO_WARN
   1186 	bool
   1187 	help
   1188 	  Enable support for /proc/sys/kernel/ignore-unaligned-usertrap
   1189 	  Allows arch to define/use @no_unaligned_warning to possibly warn
   1190 	  about unaligned access emulation going on under the hood.
   1191 
   1192 config SYSCTL_ARCH_UNALIGN_ALLOW
   1193 	bool
   1194 	help
   1195 	  Enable support for /proc/sys/kernel/unaligned-trap
   1196 	  Allows arches to define/use @unaligned_enabled to runtime toggle
   1197 	  the unaligned access emulation.
   1198 	  see arch/parisc/kernel/unaligned.c for reference
   1199 
   1200 config HAVE_PCSPKR_PLATFORM
   1201 	bool
   1202 
   1203 # interpreter that classic socket filters depend on
   1204 config BPF
   1205 	bool
   1206 
   1207 menuconfig EXPERT
   1208 	bool "Configure standard kernel features (expert users)"
   1209 	# Unhide debug options, to make the on-by-default options visible
   1210 	select DEBUG_KERNEL
   1211 	help
   1212 	  This option allows certain base kernel options and settings
   1213           to be disabled or tweaked. This is for specialized
   1214           environments which can tolerate a "non-standard" kernel.
   1215           Only use this if you really know what you are doing.
   1216 
   1217 config UID16
   1218 	bool "Enable 16-bit UID system calls" if EXPERT
   1219 	depends on HAVE_UID16 && MULTIUSER
   1220 	default y
   1221 	help
   1222 	  This enables the legacy 16-bit UID syscall wrappers.
   1223 
   1224 config MULTIUSER
   1225 	bool "Multiple users, groups and capabilities support" if EXPERT
   1226 	default y
   1227 	help
   1228 	  This option enables support for non-root users, groups and
   1229 	  capabilities.
   1230 
   1231 	  If you say N here, all processes will run with UID 0, GID 0, and all
   1232 	  possible capabilities.  Saying N here also compiles out support for
   1233 	  system calls related to UIDs, GIDs, and capabilities, such as setuid,
   1234 	  setgid, and capset.
   1235 
   1236 	  If unsure, say Y here.
   1237 
   1238 config SGETMASK_SYSCALL
   1239 	bool "sgetmask/ssetmask syscalls support" if EXPERT
   1240 	def_bool PARISC || M68K || PPC || MIPS || X86 || SPARC || MICROBLAZE || SUPERH
   1241 	---help---
   1242 	  sys_sgetmask and sys_ssetmask are obsolete system calls
   1243 	  no longer supported in libc but still enabled by default in some
   1244 	  architectures.
   1245 
   1246 	  If unsure, leave the default option here.
   1247 
   1248 config SYSFS_SYSCALL
   1249 	bool "Sysfs syscall support" if EXPERT
   1250 	default y
   1251 	---help---
   1252 	  sys_sysfs is an obsolete system call no longer supported in libc.
   1253 	  Note that disabling this option is more secure but might break
   1254 	  compatibility with some systems.
   1255 
   1256 	  If unsure say Y here.
   1257 
   1258 config SYSCTL_SYSCALL
   1259 	bool "Sysctl syscall support" if EXPERT
   1260 	depends on PROC_SYSCTL
   1261 	default n
   1262 	select SYSCTL
   1263 	---help---
   1264 	  sys_sysctl uses binary paths that have been found challenging
   1265 	  to properly maintain and use.  The interface in /proc/sys
   1266 	  using paths with ascii names is now the primary path to this
   1267 	  information.
   1268 
   1269 	  Almost nothing using the binary sysctl interface so if you are
   1270 	  trying to save some space it is probably safe to disable this,
   1271 	  making your kernel marginally smaller.
   1272 
   1273 	  If unsure say N here.
   1274 
   1275 config FHANDLE
   1276 	bool "open by fhandle syscalls" if EXPERT
   1277 	select EXPORTFS
   1278 	default y
   1279 	help
   1280 	  If you say Y here, a user level program will be able to map
   1281 	  file names to handle and then later use the handle for
   1282 	  different file system operations. This is useful in implementing
   1283 	  userspace file servers, which now track files using handles instead
   1284 	  of names. The handle would remain the same even if file names
   1285 	  get renamed. Enables open_by_handle_at(2) and name_to_handle_at(2)
   1286 	  syscalls.
   1287 
   1288 config POSIX_TIMERS
   1289 	bool "Posix Clocks & timers" if EXPERT
   1290 	default y
   1291 	help
   1292 	  This includes native support for POSIX timers to the kernel.
   1293 	  Some embedded systems have no use for them and therefore they
   1294 	  can be configured out to reduce the size of the kernel image.
   1295 
   1296 	  When this option is disabled, the following syscalls won't be
   1297 	  available: timer_create, timer_gettime: timer_getoverrun,
   1298 	  timer_settime, timer_delete, clock_adjtime, getitimer,
   1299 	  setitimer, alarm. Furthermore, the clock_settime, clock_gettime,
   1300 	  clock_getres and clock_nanosleep syscalls will be limited to
   1301 	  CLOCK_REALTIME, CLOCK_MONOTONIC and CLOCK_BOOTTIME only.
   1302 
   1303 	  If unsure say y.
   1304 
   1305 config PRINTK
   1306 	default y
   1307 	bool "Enable support for printk" if EXPERT
   1308 	select IRQ_WORK
   1309 	help
   1310 	  This option enables normal printk support. Removing it
   1311 	  eliminates most of the message strings from the kernel image
   1312 	  and makes the kernel more or less silent. As this makes it
   1313 	  very difficult to diagnose system problems, saying N here is
   1314 	  strongly discouraged.
   1315 
   1316 config PRINTK_NMI
   1317 	def_bool y
   1318 	depends on PRINTK
   1319 	depends on HAVE_NMI
   1320 
   1321 config BUG
   1322 	bool "BUG() support" if EXPERT
   1323 	default y
   1324 	help
   1325           Disabling this option eliminates support for BUG and WARN, reducing
   1326           the size of your kernel image and potentially quietly ignoring
   1327           numerous fatal conditions. You should only consider disabling this
   1328           option for embedded systems with no facilities for reporting errors.
   1329           Just say Y.
   1330 
   1331 config ELF_CORE
   1332 	depends on COREDUMP
   1333 	default y
   1334 	bool "Enable ELF core dumps" if EXPERT
   1335 	help
   1336 	  Enable support for generating core dumps. Disabling saves about 4k.
   1337 
   1338 
   1339 config PCSPKR_PLATFORM
   1340 	bool "Enable PC-Speaker support" if EXPERT
   1341 	depends on HAVE_PCSPKR_PLATFORM
   1342 	select I8253_LOCK
   1343 	default y
   1344 	help
   1345           This option allows to disable the internal PC-Speaker
   1346           support, saving some memory.
   1347 
   1348 config BASE_FULL
   1349 	default y
   1350 	bool "Enable full-sized data structures for core" if EXPERT
   1351 	help
   1352 	  Disabling this option reduces the size of miscellaneous core
   1353 	  kernel data structures. This saves memory on small machines,
   1354 	  but may reduce performance.
   1355 
   1356 config FUTEX
   1357 	bool "Enable futex support" if EXPERT
   1358 	default y
   1359 	imply RT_MUTEXES
   1360 	help
   1361 	  Disabling this option will cause the kernel to be built without
   1362 	  support for "fast userspace mutexes".  The resulting kernel may not
   1363 	  run glibc-based applications correctly.
   1364 
   1365 config FUTEX_PI
   1366 	bool
   1367 	depends on FUTEX && RT_MUTEXES
   1368 	default y
   1369 
   1370 config HAVE_FUTEX_CMPXCHG
   1371 	bool
   1372 	depends on FUTEX
   1373 	help
   1374 	  Architectures should select this if futex_atomic_cmpxchg_inatomic()
   1375 	  is implemented and always working. This removes a couple of runtime
   1376 	  checks.
   1377 
   1378 config EPOLL
   1379 	bool "Enable eventpoll support" if EXPERT
   1380 	default y
   1381 	select ANON_INODES
   1382 	help
   1383 	  Disabling this option will cause the kernel to be built without
   1384 	  support for epoll family of system calls.
   1385 
   1386 config SIGNALFD
   1387 	bool "Enable signalfd() system call" if EXPERT
   1388 	select ANON_INODES
   1389 	default y
   1390 	help
   1391 	  Enable the signalfd() system call that allows to receive signals
   1392 	  on a file descriptor.
   1393 
   1394 	  If unsure, say Y.
   1395 
   1396 config TIMERFD
   1397 	bool "Enable timerfd() system call" if EXPERT
   1398 	select ANON_INODES
   1399 	default y
   1400 	help
   1401 	  Enable the timerfd() system call that allows to receive timer
   1402 	  events on a file descriptor.
   1403 
   1404 	  If unsure, say Y.
   1405 
   1406 config EVENTFD
   1407 	bool "Enable eventfd() system call" if EXPERT
   1408 	select ANON_INODES
   1409 	default y
   1410 	help
   1411 	  Enable the eventfd() system call that allows to receive both
   1412 	  kernel notification (ie. KAIO) or userspace notifications.
   1413 
   1414 	  If unsure, say Y.
   1415 
   1416 config SHMEM
   1417 	bool "Use full shmem filesystem" if EXPERT
   1418 	default y
   1419 	depends on MMU
   1420 	help
   1421 	  The shmem is an internal filesystem used to manage shared memory.
   1422 	  It is backed by swap and manages resource limits. It is also exported
   1423 	  to userspace as tmpfs if TMPFS is enabled. Disabling this
   1424 	  option replaces shmem and tmpfs with the much simpler ramfs code,
   1425 	  which may be appropriate on small systems without swap.
   1426 
   1427 config AIO
   1428 	bool "Enable AIO support" if EXPERT
   1429 	default y
   1430 	help
   1431 	  This option enables POSIX asynchronous I/O which may by used
   1432 	  by some high performance threaded applications. Disabling
   1433 	  this option saves about 7k.
   1434 
   1435 config IO_URING
   1436 	bool "Enable IO uring support" if EXPERT
   1437 	select ANON_INODES
   1438 	default y
   1439 	help
   1440 	  This option enables support for the io_uring interface, enabling
   1441 	  applications to submit and complete IO through submission and
   1442 	  completion rings that are shared between the kernel and application.
   1443 
   1444 config ADVISE_SYSCALLS
   1445 	bool "Enable madvise/fadvise syscalls" if EXPERT
   1446 	default y
   1447 	help
   1448 	  This option enables the madvise and fadvise syscalls, used by
   1449 	  applications to advise the kernel about their future memory or file
   1450 	  usage, improving performance. If building an embedded system where no
   1451 	  applications use these syscalls, you can disable this option to save
   1452 	  space.
   1453 
   1454 config MEMBARRIER
   1455 	bool "Enable membarrier() system call" if EXPERT
   1456 	default y
   1457 	help
   1458 	  Enable the membarrier() system call that allows issuing memory
   1459 	  barriers across all running threads, which can be used to distribute
   1460 	  the cost of user-space memory barriers asymmetrically by transforming
   1461 	  pairs of memory barriers into pairs consisting of membarrier() and a
   1462 	  compiler barrier.
   1463 
   1464 	  If unsure, say Y.
   1465 
   1466 config KALLSYMS
   1467 	 bool "Load all symbols for debugging/ksymoops" if EXPERT
   1468 	 default y
   1469 	 help
   1470 	   Say Y here to let the kernel print out symbolic crash information and
   1471 	   symbolic stack backtraces. This increases the size of the kernel
   1472 	   somewhat, as all symbols have to be loaded into the kernel image.
   1473 
   1474 config KALLSYMS_ALL
   1475 	bool "Include all symbols in kallsyms"
   1476 	depends on DEBUG_KERNEL && KALLSYMS
   1477 	help
   1478 	   Normally kallsyms only contains the symbols of functions for nicer
   1479 	   OOPS messages and backtraces (i.e., symbols from the text and inittext
   1480 	   sections). This is sufficient for most cases. And only in very rare
   1481 	   cases (e.g., when a debugger is used) all symbols are required (e.g.,
   1482 	   names of variables from the data sections, etc).
   1483 
   1484 	   This option makes sure that all symbols are loaded into the kernel
   1485 	   image (i.e., symbols from all sections) in cost of increased kernel
   1486 	   size (depending on the kernel configuration, it may be 300KiB or
   1487 	   something like this).
   1488 
   1489 	   Say N unless you really need all symbols.
   1490 
   1491 config KALLSYMS_ABSOLUTE_PERCPU
   1492 	bool
   1493 	depends on KALLSYMS
   1494 	default X86_64 && SMP
   1495 
   1496 config KALLSYMS_BASE_RELATIVE
   1497 	bool
   1498 	depends on KALLSYMS
   1499 	default !IA64
   1500 	help
   1501 	  Instead of emitting them as absolute values in the native word size,
   1502 	  emit the symbol references in the kallsyms table as 32-bit entries,
   1503 	  each containing a relative value in the range [base, base + U32_MAX]
   1504 	  or, when KALLSYMS_ABSOLUTE_PERCPU is in effect, each containing either
   1505 	  an absolute value in the range [0, S32_MAX] or a relative value in the
   1506 	  range [base, base + S32_MAX], where base is the lowest relative symbol
   1507 	  address encountered in the image.
   1508 
   1509 	  On 64-bit builds, this reduces the size of the address table by 50%,
   1510 	  but more importantly, it results in entries whose values are build
   1511 	  time constants, and no relocation pass is required at runtime to fix
   1512 	  up the entries based on the runtime load address of the kernel.
   1513 
   1514 # end of the "standard kernel features (expert users)" menu
   1515 
   1516 # syscall, maps, verifier
   1517 config BPF_SYSCALL
   1518 	bool "Enable bpf() system call"
   1519 	select ANON_INODES
   1520 	select BPF
   1521 	select IRQ_WORK
   1522 	default n
   1523 	help
   1524 	  Enable the bpf() system call that allows to manipulate eBPF
   1525 	  programs and maps via file descriptors.
   1526 
   1527 config BPF_JIT_ALWAYS_ON
   1528 	bool "Permanently enable BPF JIT and remove BPF interpreter"
   1529 	depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT
   1530 	help
   1531 	  Enables BPF JIT and removes BPF interpreter to avoid
   1532 	  speculative execution of BPF instructions by the interpreter
   1533 
   1534 config USERFAULTFD
   1535 	bool "Enable userfaultfd() system call"
   1536 	select ANON_INODES
   1537 	depends on MMU
   1538 	help
   1539 	  Enable the userfaultfd() system call that allows to intercept and
   1540 	  handle page faults in userland.
   1541 
   1542 config ARCH_HAS_MEMBARRIER_CALLBACKS
   1543 	bool
   1544 
   1545 config ARCH_HAS_MEMBARRIER_SYNC_CORE
   1546 	bool
   1547 
   1548 config RSEQ
   1549 	bool "Enable rseq() system call" if EXPERT
   1550 	default y
   1551 	depends on HAVE_RSEQ
   1552 	select MEMBARRIER
   1553 	help
   1554 	  Enable the restartable sequences system call. It provides a
   1555 	  user-space cache for the current CPU number value, which
   1556 	  speeds up getting the current CPU number from user-space,
   1557 	  as well as an ABI to speed up user-space operations on
   1558 	  per-CPU data.
   1559 
   1560 	  If unsure, say Y.
   1561 
   1562 config DEBUG_RSEQ
   1563 	default n
   1564 	bool "Enabled debugging of rseq() system call" if EXPERT
   1565 	depends on RSEQ && DEBUG_KERNEL
   1566 	help
   1567 	  Enable extra debugging checks for the rseq system call.
   1568 
   1569 	  If unsure, say N.
   1570 
   1571 config EMBEDDED
   1572 	bool "Embedded system"
   1573 	option allnoconfig_y
   1574 	select EXPERT
   1575 	help
   1576 	  This option should be enabled if compiling the kernel for
   1577 	  an embedded system so certain expert options are available
   1578 	  for configuration.
   1579 
   1580 config HAVE_PERF_EVENTS
   1581 	bool
   1582 	help
   1583 	  See tools/perf/design.txt for details.
   1584 
   1585 config PERF_USE_VMALLOC
   1586 	bool
   1587 	help
   1588 	  See tools/perf/design.txt for details
   1589 
   1590 config PC104
   1591 	bool "PC/104 support" if EXPERT
   1592 	help
   1593 	  Expose PC/104 form factor device drivers and options available for
   1594 	  selection and configuration. Enable this option if your target
   1595 	  machine has a PC/104 bus.
   1596 
   1597 menu "Kernel Performance Events And Counters"
   1598 
   1599 config PERF_EVENTS
   1600 	bool "Kernel performance events and counters"
   1601 	default y if PROFILING
   1602 	depends on HAVE_PERF_EVENTS
   1603 	select ANON_INODES
   1604 	select IRQ_WORK
   1605 	select SRCU
   1606 	help
   1607 	  Enable kernel support for various performance events provided
   1608 	  by software and hardware.
   1609 
   1610 	  Software events are supported either built-in or via the
   1611 	  use of generic tracepoints.
   1612 
   1613 	  Most modern CPUs support performance events via performance
   1614 	  counter registers. These registers count the number of certain
   1615 	  types of hw events: such as instructions executed, cachemisses
   1616 	  suffered, or branches mis-predicted - without slowing down the
   1617 	  kernel or applications. These registers can also trigger interrupts
   1618 	  when a threshold number of events have passed - and can thus be
   1619 	  used to profile the code that runs on that CPU.
   1620 
   1621 	  The Linux Performance Event subsystem provides an abstraction of
   1622 	  these software and hardware event capabilities, available via a
   1623 	  system call and used by the "perf" utility in tools/perf/. It
   1624 	  provides per task and per CPU counters, and it provides event
   1625 	  capabilities on top of those.
   1626 
   1627 	  Say Y if unsure.
   1628 
   1629 config DEBUG_PERF_USE_VMALLOC
   1630 	default n
   1631 	bool "Debug: use vmalloc to back perf mmap() buffers"
   1632 	depends on PERF_EVENTS && DEBUG_KERNEL && !PPC
   1633 	select PERF_USE_VMALLOC
   1634 	help
   1635 	 Use vmalloc memory to back perf mmap() buffers.
   1636 
   1637 	 Mostly useful for debugging the vmalloc code on platforms
   1638 	 that don't require it.
   1639 
   1640 	 Say N if unsure.
   1641 
   1642 endmenu
   1643 
   1644 config VM_EVENT_COUNTERS
   1645 	default y
   1646 	bool "Enable VM event counters for /proc/vmstat" if EXPERT
   1647 	help
   1648 	  VM event counters are needed for event counts to be shown.
   1649 	  This option allows the disabling of the VM event counters
   1650 	  on EXPERT systems.  /proc/vmstat will only show page counts
   1651 	  if VM event counters are disabled.
   1652 
   1653 config SLUB_DEBUG
   1654 	default y
   1655 	bool "Enable SLUB debugging support" if EXPERT
   1656 	depends on SLUB && SYSFS
   1657 	help
   1658 	  SLUB has extensive debug support features. Disabling these can
   1659 	  result in significant savings in code size. This also disables
   1660 	  SLUB sysfs support. /sys/slab will not exist and there will be
   1661 	  no support for cache validation etc.
   1662 
   1663 config SLUB_MEMCG_SYSFS_ON
   1664 	default n
   1665 	bool "Enable memcg SLUB sysfs support by default" if EXPERT
   1666 	depends on SLUB && SYSFS && MEMCG
   1667 	help
   1668 	  SLUB creates a directory under /sys/kernel/slab for each
   1669 	  allocation cache to host info and debug files. If memory
   1670 	  cgroup is enabled, each cache can have per memory cgroup
   1671 	  caches. SLUB can create the same sysfs directories for these
   1672 	  caches under /sys/kernel/slab/CACHE/cgroup but it can lead
   1673 	  to a very high number of debug files being created. This is
   1674 	  controlled by slub_memcg_sysfs boot parameter and this
   1675 	  config option determines the parameter's default value.
   1676 
   1677 config COMPAT_BRK
   1678 	bool "Disable heap randomization"
   1679 	default y
   1680 	help
   1681 	  Randomizing heap placement makes heap exploits harder, but it
   1682 	  also breaks ancient binaries (including anything libc5 based).
   1683 	  This option changes the bootup default to heap randomization
   1684 	  disabled, and can be overridden at runtime by setting
   1685 	  /proc/sys/kernel/randomize_va_space to 2.
   1686 
   1687 	  On non-ancient distros (post-2000 ones) N is usually a safe choice.
   1688 
   1689 choice
   1690 	prompt "Choose SLAB allocator"
   1691 	default SLUB
   1692 	help
   1693 	   This option allows to select a slab allocator.
   1694 
   1695 config SLAB
   1696 	bool "SLAB"
   1697 	select HAVE_HARDENED_USERCOPY_ALLOCATOR
   1698 	help
   1699 	  The regular slab allocator that is established and known to work
   1700 	  well in all environments. It organizes cache hot objects in
   1701 	  per cpu and per node queues.
   1702 
   1703 config SLUB
   1704 	bool "SLUB (Unqueued Allocator)"
   1705 	select HAVE_HARDENED_USERCOPY_ALLOCATOR
   1706 	help
   1707 	   SLUB is a slab allocator that minimizes cache line usage
   1708 	   instead of managing queues of cached objects (SLAB approach).
   1709 	   Per cpu caching is realized using slabs of objects instead
   1710 	   of queues of objects. SLUB can use memory efficiently
   1711 	   and has enhanced diagnostics. SLUB is the default choice for
   1712 	   a slab allocator.
   1713 
   1714 config SLOB
   1715 	depends on EXPERT
   1716 	bool "SLOB (Simple Allocator)"
   1717 	help
   1718 	   SLOB replaces the stock allocator with a drastically simpler
   1719 	   allocator. SLOB is generally more space efficient but
   1720 	   does not perform as well on large systems.
   1721 
   1722 endchoice
   1723 
   1724 config SLAB_MERGE_DEFAULT
   1725 	bool "Allow slab caches to be merged"
   1726 	default y
   1727 	help
   1728 	  For reduced kernel memory fragmentation, slab caches can be
   1729 	  merged when they share the same size and other characteristics.
   1730 	  This carries a risk of kernel heap overflows being able to
   1731 	  overwrite objects from merged caches (and more easily control
   1732 	  cache layout), which makes such heap attacks easier to exploit
   1733 	  by attackers. By keeping caches unmerged, these kinds of exploits
   1734 	  can usually only damage objects in the same cache. To disable
   1735 	  merging at runtime, "slab_nomerge" can be passed on the kernel
   1736 	  command line.
   1737 
   1738 config SLAB_FREELIST_RANDOM
   1739 	default n
   1740 	depends on SLAB || SLUB
   1741 	bool "SLAB freelist randomization"
   1742 	help
   1743 	  Randomizes the freelist order used on creating new pages. This
   1744 	  security feature reduces the predictability of the kernel slab
   1745 	  allocator against heap overflows.
   1746 
   1747 config SLAB_FREELIST_HARDENED
   1748 	bool "Harden slab freelist metadata"
   1749 	depends on SLUB
   1750 	help
   1751 	  Many kernel heap attacks try to target slab cache metadata and
   1752 	  other infrastructure. This options makes minor performance
   1753 	  sacrifies to harden the kernel slab allocator against common
   1754 	  freelist exploit methods.
   1755 
   1756 config SLUB_CPU_PARTIAL
   1757 	default y
   1758 	depends on SLUB && SMP
   1759 	bool "SLUB per cpu partial cache"
   1760 	help
   1761 	  Per cpu partial caches accellerate objects allocation and freeing
   1762 	  that is local to a processor at the price of more indeterminism
   1763 	  in the latency of the free. On overflow these caches will be cleared
   1764 	  which requires the taking of locks that may cause latency spikes.
   1765 	  Typically one would choose no for a realtime system.
   1766 
   1767 config MMAP_ALLOW_UNINITIALIZED
   1768 	bool "Allow mmapped anonymous memory to be uninitialized"
   1769 	depends on EXPERT && !MMU
   1770 	default n
   1771 	help
   1772 	  Normally, and according to the Linux spec, anonymous memory obtained
   1773 	  from mmap() has its contents cleared before it is passed to
   1774 	  userspace.  Enabling this config option allows you to request that
   1775 	  mmap() skip that if it is given an MAP_UNINITIALIZED flag, thus
   1776 	  providing a huge performance boost.  If this option is not enabled,
   1777 	  then the flag will be ignored.
   1778 
   1779 	  This is taken advantage of by uClibc's malloc(), and also by
   1780 	  ELF-FDPIC binfmt's brk and stack allocator.
   1781 
   1782 	  Because of the obvious security issues, this option should only be
   1783 	  enabled on embedded devices where you control what is run in
   1784 	  userspace.  Since that isn't generally a problem on no-MMU systems,
   1785 	  it is normally safe to say Y here.
   1786 
   1787 	  See Documentation/nommu-mmap.txt for more information.
   1788 
   1789 config SYSTEM_DATA_VERIFICATION
   1790 	def_bool n
   1791 	select SYSTEM_TRUSTED_KEYRING
   1792 	select KEYS
   1793 	select CRYPTO
   1794 	select CRYPTO_RSA
   1795 	select ASYMMETRIC_KEY_TYPE
   1796 	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
   1797 	select ASN1
   1798 	select OID_REGISTRY
   1799 	select X509_CERTIFICATE_PARSER
   1800 	select PKCS7_MESSAGE_PARSER
   1801 	help
   1802 	  Provide PKCS#7 message verification using the contents of the system
   1803 	  trusted keyring to provide public keys.  This then can be used for
   1804 	  module verification, kexec image verification and firmware blob
   1805 	  verification.
   1806 
   1807 config PROFILING
   1808 	bool "Profiling support"
   1809 	help
   1810 	  Say Y here to enable the extended profiling support mechanisms used
   1811 	  by profilers such as OProfile.
   1812 
   1813 #
   1814 # Place an empty function call at each tracepoint site. Can be
   1815 # dynamically changed for a probe function.
   1816 #
   1817 config TRACEPOINTS
   1818 	bool
   1819 
   1820 endmenu		# General setup
   1821 
   1822 source "arch/Kconfig"
   1823 
   1824 config RT_MUTEXES
   1825 	bool
   1826 
   1827 config BASE_SMALL
   1828 	int
   1829 	default 0 if BASE_FULL
   1830 	default 1 if !BASE_FULL
   1831 
   1832 menuconfig MODULES
   1833 	bool "Enable loadable module support"
   1834 	option modules
   1835 	help
   1836 	  Kernel modules are small pieces of compiled code which can
   1837 	  be inserted in the running kernel, rather than being
   1838 	  permanently built into the kernel.  You use the "modprobe"
   1839 	  tool to add (and sometimes remove) them.  If you say Y here,
   1840 	  many parts of the kernel can be built as modules (by
   1841 	  answering M instead of Y where indicated): this is most
   1842 	  useful for infrequently used options which are not required
   1843 	  for booting.  For more information, see the man pages for
   1844 	  modprobe, lsmod, modinfo, insmod and rmmod.
   1845 
   1846 	  If you say Y here, you will need to run "make
   1847 	  modules_install" to put the modules under /lib/modules/
   1848 	  where modprobe can find them (you may need to be root to do
   1849 	  this).
   1850 
   1851 	  If unsure, say Y.
   1852 
   1853 if MODULES
   1854 
   1855 config MODULE_FORCE_LOAD
   1856 	bool "Forced module loading"
   1857 	default n
   1858 	help
   1859 	  Allow loading of modules without version information (ie. modprobe
   1860 	  --force).  Forced module loading sets the 'F' (forced) taint flag and
   1861 	  is usually a really bad idea.
   1862 
   1863 config MODULE_UNLOAD
   1864 	bool "Module unloading"
   1865 	help
   1866 	  Without this option you will not be able to unload any
   1867 	  modules (note that some modules may not be unloadable
   1868 	  anyway), which makes your kernel smaller, faster
   1869 	  and simpler.  If unsure, say Y.
   1870 
   1871 config MODULE_FORCE_UNLOAD
   1872 	bool "Forced module unloading"
   1873 	depends on MODULE_UNLOAD
   1874 	help
   1875 	  This option allows you to force a module to unload, even if the
   1876 	  kernel believes it is unsafe: the kernel will remove the module
   1877 	  without waiting for anyone to stop using it (using the -f option to
   1878 	  rmmod).  This is mainly for kernel developers and desperate users.
   1879 	  If unsure, say N.
   1880 
   1881 config MODVERSIONS
   1882 	bool "Module versioning support"
   1883 	help
   1884 	  Usually, you have to use modules compiled with your kernel.
   1885 	  Saying Y here makes it sometimes possible to use modules
   1886 	  compiled for different kernels, by adding enough information
   1887 	  to the modules to (hopefully) spot any changes which would
   1888 	  make them incompatible with the kernel you are running.  If
   1889 	  unsure, say N.
   1890 
   1891 config MODULE_REL_CRCS
   1892 	bool
   1893 	depends on MODVERSIONS
   1894 
   1895 config MODULE_SRCVERSION_ALL
   1896 	bool "Source checksum for all modules"
   1897 	help
   1898 	  Modules which contain a MODULE_VERSION get an extra "srcversion"
   1899 	  field inserted into their modinfo section, which contains a
   1900     	  sum of the source files which made it.  This helps maintainers
   1901 	  see exactly which source was used to build a module (since
   1902 	  others sometimes change the module source without updating
   1903 	  the version).  With this option, such a "srcversion" field
   1904 	  will be created for all modules.  If unsure, say N.
   1905 
   1906 config MODULE_SIG
   1907 	bool "Module signature verification"
   1908 	depends on MODULES
   1909 	select SYSTEM_DATA_VERIFICATION
   1910 	help
   1911 	  Check modules for valid signatures upon load: the signature
   1912 	  is simply appended to the module. For more information see
   1913 	  <file:Documentation/admin-guide/module-signing.rst>.
   1914 
   1915 	  Note that this option adds the OpenSSL development packages as a
   1916 	  kernel build dependency so that the signing tool can use its crypto
   1917 	  library.
   1918 
   1919 	  !!!WARNING!!!  If you enable this option, you MUST make sure that the
   1920 	  module DOES NOT get stripped after being signed.  This includes the
   1921 	  debuginfo strip done by some packagers (such as rpmbuild) and
   1922 	  inclusion into an initramfs that wants the module size reduced.
   1923 
   1924 config MODULE_SIG_FORCE
   1925 	bool "Require modules to be validly signed"
   1926 	depends on MODULE_SIG
   1927 	help
   1928 	  Reject unsigned modules or signed modules for which we don't have a
   1929 	  key.  Without this, such modules will simply taint the kernel.
   1930 
   1931 config MODULE_SIG_ALL
   1932 	bool "Automatically sign all modules"
   1933 	default y
   1934 	depends on MODULE_SIG
   1935 	help
   1936 	  Sign all modules during make modules_install. Without this option,
   1937 	  modules must be signed manually, using the scripts/sign-file tool.
   1938 
   1939 comment "Do not forget to sign required modules with scripts/sign-file"
   1940 	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
   1941 
   1942 choice
   1943 	prompt "Which hash algorithm should modules be signed with?"
   1944 	depends on MODULE_SIG
   1945 	help
   1946 	  This determines which sort of hashing algorithm will be used during
   1947 	  signature generation.  This algorithm _must_ be built into the kernel
   1948 	  directly so that signature verification can take place.  It is not
   1949 	  possible to load a signed module containing the algorithm to check
   1950 	  the signature on that module.
   1951 
   1952 config MODULE_SIG_SHA1
   1953 	bool "Sign modules with SHA-1"
   1954 	select CRYPTO_SHA1
   1955 
   1956 config MODULE_SIG_SHA224
   1957 	bool "Sign modules with SHA-224"
   1958 	select CRYPTO_SHA256
   1959 
   1960 config MODULE_SIG_SHA256
   1961 	bool "Sign modules with SHA-256"
   1962 	select CRYPTO_SHA256
   1963 
   1964 config MODULE_SIG_SHA384
   1965 	bool "Sign modules with SHA-384"
   1966 	select CRYPTO_SHA512
   1967 
   1968 config MODULE_SIG_SHA512
   1969 	bool "Sign modules with SHA-512"
   1970 	select CRYPTO_SHA512
   1971 
   1972 endchoice
   1973 
   1974 config MODULE_SIG_HASH
   1975 	string
   1976 	depends on MODULE_SIG
   1977 	default "sha1" if MODULE_SIG_SHA1
   1978 	default "sha224" if MODULE_SIG_SHA224
   1979 	default "sha256" if MODULE_SIG_SHA256
   1980 	default "sha384" if MODULE_SIG_SHA384
   1981 	default "sha512" if MODULE_SIG_SHA512
   1982 
   1983 config MODULE_COMPRESS
   1984 	bool "Compress modules on installation"
   1985 	depends on MODULES
   1986 	help
   1987 
   1988 	  Compresses kernel modules when 'make modules_install' is run; gzip or
   1989 	  xz depending on "Compression algorithm" below.
   1990 
   1991 	  module-init-tools MAY support gzip, and kmod MAY support gzip and xz.
   1992 
   1993 	  Out-of-tree kernel modules installed using Kbuild will also be
   1994 	  compressed upon installation.
   1995 
   1996 	  Note: for modules inside an initrd or initramfs, it's more efficient
   1997 	  to compress the whole initrd or initramfs instead.
   1998 
   1999 	  Note: This is fully compatible with signed modules.
   2000 
   2001 	  If in doubt, say N.
   2002 
   2003 choice
   2004 	prompt "Compression algorithm"
   2005 	depends on MODULE_COMPRESS
   2006 	default MODULE_COMPRESS_GZIP
   2007 	help
   2008 	  This determines which sort of compression will be used during
   2009 	  'make modules_install'.
   2010 
   2011 	  GZIP (default) and XZ are supported.
   2012 
   2013 config MODULE_COMPRESS_GZIP
   2014 	bool "GZIP"
   2015 
   2016 config MODULE_COMPRESS_XZ
   2017 	bool "XZ"
   2018 
   2019 endchoice
   2020 
   2021 config TRIM_UNUSED_KSYMS
   2022 	bool "Trim unused exported kernel symbols"
   2023 	depends on MODULES && !UNUSED_SYMBOLS
   2024 	help
   2025 	  The kernel and some modules make many symbols available for
   2026 	  other modules to use via EXPORT_SYMBOL() and variants. Depending
   2027 	  on the set of modules being selected in your kernel configuration,
   2028 	  many of those exported symbols might never be used.
   2029 
   2030 	  This option allows for unused exported symbols to be dropped from
   2031 	  the build. In turn, this provides the compiler more opportunities
   2032 	  (especially when using LTO) for optimizing the code and reducing
   2033 	  binary size.  This might have some security advantages as well.
   2034 
   2035 	  If unsure, or if you need to build out-of-tree modules, say N.
   2036 
   2037 endif # MODULES
   2038 
   2039 config MODULES_TREE_LOOKUP
   2040 	def_bool y
   2041 	depends on PERF_EVENTS || TRACING
   2042 
   2043 config INIT_ALL_POSSIBLE
   2044 	bool
   2045 	help
   2046 	  Back when each arch used to define their own cpu_online_mask and
   2047 	  cpu_possible_mask, some of them chose to initialize cpu_possible_mask
   2048 	  with all 1s, and others with all 0s.  When they were centralised,
   2049 	  it was better to provide this option than to break all the archs
   2050 	  and have several arch maintainers pursuing me down dark alleys.
   2051 
   2052 source "block/Kconfig"
   2053 
   2054 config PREEMPT_NOTIFIERS
   2055 	bool
   2056 
   2057 config PADATA
   2058 	depends on SMP
   2059 	bool
   2060 
   2061 config ASN1
   2062 	tristate
   2063 	help
   2064 	  Build a simple ASN.1 grammar compiler that produces a bytecode output
   2065 	  that can be interpreted by the ASN.1 stream decoder and used to
   2066 	  inform it as to what tags are to be expected in a stream and what
   2067 	  functions to call on what tags.
   2068 
   2069 source "kernel/Kconfig.locks"
   2070 
   2071 config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
   2072 	bool
   2073 
   2074 # It may be useful for an architecture to override the definitions of the
   2075 # SYSCALL_DEFINE() and __SYSCALL_DEFINEx() macros in <linux/syscalls.h>
   2076 # and the COMPAT_ variants in <linux/compat.h>, in particular to use a
   2077 # different calling convention for syscalls. They can also override the
   2078 # macros for not-implemented syscalls in kernel/sys_ni.c and
   2079 # kernel/time/posix-stubs.c. All these overrides need to be available in
   2080 # <asm/syscall_wrapper.h>.
   2081 config ARCH_HAS_SYSCALL_WRAPPER
   2082 	def_bool n