1 # SPDX-License-Identifier: GPL-2.0-only
6 default "/lib/modules/$(shell,uname -r)/.config"
7 default "/etc/kernel-config"
8 default "/boot/config-$(shell,uname -r)"
9 default "arch/$(SRCARCH)/configs/$(KBUILD_DEFCONFIG)"
11 config CC_VERSION_TEXT
13 default "$(CC_VERSION_TEXT)"
15 This is used in unclear ways:
17 - Re-run Kconfig when the compiler is updated
18 The 'default' property references the environment variable,
19 CC_VERSION_TEXT so it is recorded in include/config/auto.conf.cmd.
20 When the compiler is updated, Kconfig will be invoked.
22 - Ensure full rebuild when the compier is updated
23 include/linux/kconfig.h contains this option in the comment line so
24 fixdep adds include/config/cc/version/text.h into the auto-generated
25 dependency. When the compiler is updated, syncconfig will touch it
26 and then every file will be rebuilt.
29 def_bool $(success,echo "$(CC_VERSION_TEXT)" | grep -q gcc)
33 default $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) if CC_IS_GCC
38 default $(shell,$(LD) --version | $(srctree)/scripts/ld-version.sh)
41 def_bool $(success,echo "$(CC_VERSION_TEXT)" | grep -q clang)
44 def_bool $(success,$(LD) -v | head -n 1 | grep -q LLD)
48 default $(shell,$(srctree)/scripts/clang-version.sh $(CC))
52 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m64-flag)) if 64BIT
53 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m32-flag))
55 config CC_CAN_LINK_STATIC
57 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m64-flag) -static) if 64BIT
58 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(m32-flag) -static)
60 config CC_HAS_ASM_GOTO
61 def_bool $(success,$(srctree)/scripts/gcc-goto.sh $(CC))
63 config CC_HAS_ASM_GOTO_OUTPUT
64 depends on CC_HAS_ASM_GOTO
65 def_bool $(success,echo 'int foo(int x) { asm goto ("": "=r"(x) ::: bar); return x; bar: return 0; }' | $(CC) -x c - -c -o /dev/null)
67 config TOOLS_SUPPORT_RELR
68 def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
70 config CC_HAS_ASM_INLINE
71 def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
80 config BUILDTIME_TABLE_SORT
83 config THREAD_INFO_IN_TASK
86 Select this to move thread_info off the stack into task_struct. To
87 make this work, an arch will need to remove all thread_info fields
88 except flags and fix any runtime bugs.
90 One subtle change that will be needed is to use try_get_task_stack()
91 and put_task_stack() in save_thread_stack_tsk() and get_wchan().
100 depends on BROKEN || !SMP
103 config INIT_ENV_ARG_LIMIT
108 Maximum of each of the number of arguments and environment
109 variables passed to init from the kernel command line.
112 bool "Compile also drivers which will not load"
116 Some drivers can be compiled on a different platform than they are
117 intended to be run on. Despite they cannot be loaded there (or even
118 when they load they cannot be used due to missing HW support),
119 developers still, opposing to distributors, might want to build such
120 drivers to compile-test them.
122 If you are a developer and want to build everything available, say Y
123 here. If you are a user/distributor, say N here to exclude useless
124 drivers to be distributed.
126 config UAPI_HEADER_TEST
127 bool "Compile test UAPI headers"
128 depends on HEADERS_INSTALL && CC_CAN_LINK
130 Compile test headers exported to user-space to ensure they are
131 self-contained, i.e. compilable as standalone units.
133 If you are a developer or tester and want to ensure the exported
134 headers are self-contained, say Y here. Otherwise, choose N.
137 string "Local version - append to kernel release"
139 Append an extra string to the end of your kernel version.
140 This will show up when you type uname, for example.
141 The string you set here will be appended after the contents of
142 any files with a filename matching localversion* in your
143 object and source tree, in that order. Your total string can
144 be a maximum of 64 characters.
146 config LOCALVERSION_AUTO
147 bool "Automatically append version information to the version string"
149 depends on !COMPILE_TEST
151 This will try to automatically determine if the current tree is a
152 release tree by looking for git tags that belong to the current
153 top of tree revision.
155 A string of the format -gxxxxxxxx will be added to the localversion
156 if a git-based tree is found. The string generated by this will be
157 appended after any matching localversion* files, and after the value
158 set in CONFIG_LOCALVERSION.
160 (The actual string used here is the first eight characters produced
161 by running the command:
163 $ git rev-parse --verify HEAD
165 which is done within the script "scripts/setlocalversion".)
168 string "Build ID Salt"
171 The build ID is used to link binaries and their debug info. Setting
172 this option will use the value in the calculation of the build id.
173 This is mostly useful for distributions which want to ensure the
174 build is unique between builds. It's safe to leave the default.
176 config HAVE_KERNEL_GZIP
179 config HAVE_KERNEL_BZIP2
182 config HAVE_KERNEL_LZMA
185 config HAVE_KERNEL_XZ
188 config HAVE_KERNEL_LZO
191 config HAVE_KERNEL_LZ4
194 config HAVE_KERNEL_ZSTD
197 config HAVE_KERNEL_UNCOMPRESSED
201 prompt "Kernel compression mode"
203 depends on HAVE_KERNEL_GZIP || HAVE_KERNEL_BZIP2 || HAVE_KERNEL_LZMA || HAVE_KERNEL_XZ || HAVE_KERNEL_LZO || HAVE_KERNEL_LZ4 || HAVE_KERNEL_ZSTD || HAVE_KERNEL_UNCOMPRESSED
205 The linux kernel is a kind of self-extracting executable.
206 Several compression algorithms are available, which differ
207 in efficiency, compression and decompression speed.
208 Compression speed is only relevant when building a kernel.
209 Decompression speed is relevant at each boot.
211 If you have any problems with bzip2 or lzma compressed
212 kernels, mail me (Alain Knaff) <alain@knaff.lu>. (An older
213 version of this functionality (bzip2 only), for 2.4, was
214 supplied by Christian Ludwig)
216 High compression options are mostly useful for users, who
217 are low on disk space (embedded systems), but for whom ram
220 If in doubt, select 'gzip'
224 depends on HAVE_KERNEL_GZIP
226 The old and tried gzip compression. It provides a good balance
227 between compression ratio and decompression speed.
231 depends on HAVE_KERNEL_BZIP2
233 Its compression ratio and speed is intermediate.
234 Decompression speed is slowest among the choices. The kernel
235 size is about 10% smaller with bzip2, in comparison to gzip.
236 Bzip2 uses a large amount of memory. For modern kernels you
237 will need at least 8MB RAM or more for booting.
241 depends on HAVE_KERNEL_LZMA
243 This compression algorithm's ratio is best. Decompression speed
244 is between gzip and bzip2. Compression is slowest.
245 The kernel size is about 33% smaller with LZMA in comparison to gzip.
249 depends on HAVE_KERNEL_XZ
251 XZ uses the LZMA2 algorithm and instruction set specific
252 BCJ filters which can improve compression ratio of executable
253 code. The size of the kernel is about 30% smaller with XZ in
254 comparison to gzip. On architectures for which there is a BCJ
255 filter (i386, x86_64, ARM, IA-64, PowerPC, and SPARC), XZ
256 will create a few percent smaller kernel than plain LZMA.
258 The speed is about the same as with LZMA: The decompression
259 speed of XZ is better than that of bzip2 but worse than gzip
260 and LZO. Compression is slow.
264 depends on HAVE_KERNEL_LZO
266 Its compression ratio is the poorest among the choices. The kernel
267 size is about 10% bigger than gzip; however its speed
268 (both compression and decompression) is the fastest.
272 depends on HAVE_KERNEL_LZ4
274 LZ4 is an LZ77-type compressor with a fixed, byte-oriented encoding.
275 A preliminary version of LZ4 de/compression tool is available at
276 <https://code.google.com/p/lz4/>.
278 Its compression ratio is worse than LZO. The size of the kernel
279 is about 8% bigger than LZO. But the decompression speed is
284 depends on HAVE_KERNEL_ZSTD
286 ZSTD is a compression algorithm targeting intermediate compression
287 with fast decompression speed. It will compress better than GZIP and
288 decompress around the same speed as LZO, but slower than LZ4. You
289 will need at least 192 KB RAM or more for booting. The zstd command
290 line tool is required for compression.
292 config KERNEL_UNCOMPRESSED
294 depends on HAVE_KERNEL_UNCOMPRESSED
296 Produce uncompressed kernel image. This option is usually not what
297 you want. It is useful for debugging the kernel in slow simulation
298 environments, where decompressing and moving the kernel is awfully
299 slow. This option allows early boot code to skip the decompressor
300 and jump right at uncompressed kernel image.
305 string "Default init path"
308 This option determines the default init for the system if no init=
309 option is passed on the kernel command line. If the requested path is
310 not present, we will still then move on to attempting further
311 locations (e.g. /sbin/init, etc). If this is empty, we will just use
312 the fallback list when init= is not passed.
314 config DEFAULT_HOSTNAME
315 string "Default hostname"
318 This option determines the default system hostname before userspace
319 calls sethostname(2). The kernel traditionally uses "(none)" here,
320 but you may wish to use a different default here to make a minimal
321 system more usable with less configuration.
324 # For some reason microblaze and nios2 hard code SWAP=n. Hopefully we can
325 # add proper SWAP support to them, in which case this can be remove.
331 bool "Support for paging of anonymous memory (swap)"
332 depends on MMU && BLOCK && !ARCH_NO_SWAP
335 This option allows you to choose whether you want to have support
336 for so called swap devices or swap files in your kernel that are
337 used to provide more virtual memory than the actual RAM present
338 in your computer. If unsure say Y.
343 Inter Process Communication is a suite of library functions and
344 system calls which let processes (running programs) synchronize and
345 exchange information. It is generally considered to be a good thing,
346 and some programs won't run unless you say Y here. In particular, if
347 you want to run the DOS emulator dosemu under Linux (read the
348 DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
349 you'll need to say Y here.
351 You can find documentation about IPC with "info ipc" and also in
352 section 6.4 of the Linux Programmer's Guide, available from
353 <http://www.tldp.org/guides.html>.
355 config SYSVIPC_SYSCTL
362 bool "POSIX Message Queues"
365 POSIX variant of message queues is a part of IPC. In POSIX message
366 queues every message has a priority which decides about succession
367 of receiving it by a process. If you want to compile and run
368 programs written e.g. for Solaris with use of its POSIX message
369 queues (functions mq_*) say Y here.
371 POSIX message queues are visible as a filesystem called 'mqueue'
372 and can be mounted somewhere if you want to do filesystem
373 operations on message queues.
377 config POSIX_MQUEUE_SYSCTL
379 depends on POSIX_MQUEUE
384 bool "General notification queue"
388 This is a general notification queue for the kernel to pass events to
389 userspace by splicing them into pipes. It can be used in conjunction
390 with watches for key/keyring change notifications and device
393 See Documentation/watch_queue.rst
395 config CROSS_MEMORY_ATTACH
396 bool "Enable process_vm_readv/writev syscalls"
400 Enabling this option adds the system calls process_vm_readv and
401 process_vm_writev which allow a process with the correct privileges
402 to directly read from or write to another process' address space.
403 See the man page for more details.
406 bool "uselib syscall"
407 def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
409 This option enables the uselib syscall, a system call used in the
410 dynamic linker from libc5 and earlier. glibc does not use this
411 system call. If you intend to run programs built on libc5 or
412 earlier, you may need to enable this syscall. Current systems
413 running glibc can safely disable this.
416 bool "Auditing support"
419 Enable auditing infrastructure that can be used with another
420 kernel subsystem, such as SELinux (which requires this for
421 logging of avc messages output). System call auditing is included
422 on architectures which support it.
424 config HAVE_ARCH_AUDITSYSCALL
429 depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
432 source "kernel/irq/Kconfig"
433 source "kernel/time/Kconfig"
434 source "kernel/Kconfig.preempt"
436 menu "CPU/Task time and stats accounting"
438 config VIRT_CPU_ACCOUNTING
442 prompt "Cputime accounting"
443 default TICK_CPU_ACCOUNTING if !PPC64
444 default VIRT_CPU_ACCOUNTING_NATIVE if PPC64
446 # Kind of a stub config for the pure tick based cputime accounting
447 config TICK_CPU_ACCOUNTING
448 bool "Simple tick based cputime accounting"
449 depends on !S390 && !NO_HZ_FULL
451 This is the basic tick based cputime accounting that maintains
452 statistics about user, system and idle time spent on per jiffies
457 config VIRT_CPU_ACCOUNTING_NATIVE
458 bool "Deterministic task and CPU time accounting"
459 depends on HAVE_VIRT_CPU_ACCOUNTING && !NO_HZ_FULL
460 select VIRT_CPU_ACCOUNTING
462 Select this option to enable more accurate task and CPU time
463 accounting. This is done by reading a CPU counter on each
464 kernel entry and exit and on transitions within the kernel
465 between system, softirq and hardirq state, so there is a
466 small performance impact. In the case of s390 or IBM POWER > 5,
467 this also enables accounting of stolen time on logically-partitioned
470 config VIRT_CPU_ACCOUNTING_GEN
471 bool "Full dynticks CPU time accounting"
472 depends on HAVE_CONTEXT_TRACKING
473 depends on HAVE_VIRT_CPU_ACCOUNTING_GEN
474 depends on GENERIC_CLOCKEVENTS
475 select VIRT_CPU_ACCOUNTING
476 select CONTEXT_TRACKING
478 Select this option to enable task and CPU time accounting on full
479 dynticks systems. This accounting is implemented by watching every
480 kernel-user boundaries using the context tracking subsystem.
481 The accounting is thus performed at the expense of some significant
484 For now this is only useful if you are working on the full
485 dynticks subsystem development.
491 config IRQ_TIME_ACCOUNTING
492 bool "Fine granularity task level IRQ time accounting"
493 depends on HAVE_IRQ_TIME_ACCOUNTING && !VIRT_CPU_ACCOUNTING_NATIVE
495 Select this option to enable fine granularity task irq time
496 accounting. This is done by reading a timestamp on each
497 transitions between softirq and hardirq state, so there can be a
498 small performance impact.
500 If in doubt, say N here.
502 config HAVE_SCHED_AVG_IRQ
504 depends on IRQ_TIME_ACCOUNTING || PARAVIRT_TIME_ACCOUNTING
507 config SCHED_THERMAL_PRESSURE
509 default y if ARM && ARM_CPU_TOPOLOGY
512 depends on CPU_FREQ_THERMAL
514 Select this option to enable thermal pressure accounting in the
515 scheduler. Thermal pressure is the value conveyed to the scheduler
516 that reflects the reduction in CPU compute capacity resulted from
517 thermal throttling. Thermal throttling occurs when the performance of
518 a CPU is capped due to high operating temperatures.
520 If selected, the scheduler will be able to balance tasks accordingly,
521 i.e. put less load on throttled CPUs than on non/less throttled ones.
523 This requires the architecture to implement
524 arch_set_thermal_pressure() and arch_get_thermal_pressure().
526 config BSD_PROCESS_ACCT
527 bool "BSD Process Accounting"
530 If you say Y here, a user level program will be able to instruct the
531 kernel (via a special system call) to write process accounting
532 information to a file: whenever a process exits, information about
533 that process will be appended to the file by the kernel. The
534 information includes things such as creation time, owning user,
535 command name, memory usage, controlling terminal etc. (the complete
536 list is in the struct acct in <file:include/linux/acct.h>). It is
537 up to the user level program to do useful things with this
538 information. This is generally a good idea, so say Y.
540 config BSD_PROCESS_ACCT_V3
541 bool "BSD Process Accounting version 3 file format"
542 depends on BSD_PROCESS_ACCT
545 If you say Y here, the process accounting information is written
546 in a new file format that also logs the process IDs of each
547 process and its parent. Note that this file format is incompatible
548 with previous v0/v1/v2 file formats, so you will need updated tools
549 for processing it. A preliminary version of these tools is available
550 at <http://www.gnu.org/software/acct/>.
553 bool "Export task/process statistics through netlink"
558 Export selected statistics for tasks/processes through the
559 generic netlink interface. Unlike BSD process accounting, the
560 statistics are available during the lifetime of tasks/processes as
561 responses to commands. Like BSD accounting, they are sent to user
566 config TASK_DELAY_ACCT
567 bool "Enable per-task delay accounting"
571 Collect information on time spent by a task waiting for system
572 resources like cpu, synchronous block I/O completion and swapping
573 in pages. Such statistics can help in setting a task's priorities
574 relative to other tasks for cpu, io, rss limits etc.
579 bool "Enable extended accounting over taskstats"
582 Collect extended task accounting data and send the data
583 to userland for processing over the taskstats interface.
587 config TASK_IO_ACCOUNTING
588 bool "Enable per-task storage I/O accounting"
589 depends on TASK_XACCT
591 Collect information on the number of bytes of storage I/O which this
597 bool "Pressure stall information tracking"
599 Collect metrics that indicate how overcommitted the CPU, memory,
600 and IO capacity are in the system.
602 If you say Y here, the kernel will create /proc/pressure/ with the
603 pressure statistics files cpu, memory, and io. These will indicate
604 the share of walltime in which some or all tasks in the system are
605 delayed due to contention of the respective resource.
607 In kernels with cgroup support, cgroups (cgroup2 only) will
608 have cpu.pressure, memory.pressure, and io.pressure files,
609 which aggregate pressure stalls for the grouped tasks only.
611 For more details see Documentation/accounting/psi.rst.
615 config PSI_DEFAULT_DISABLED
616 bool "Require boot parameter to enable pressure stall information tracking"
620 If set, pressure stall information tracking will be disabled
621 per default but can be enabled through passing psi=1 on the
622 kernel commandline during boot.
624 This feature adds some code to the task wakeup and sleep
625 paths of the scheduler. The overhead is too low to affect
626 common scheduling-intense workloads in practice (such as
627 webservers, memcache), but it does show up in artificial
628 scheduler stress tests, such as hackbench.
630 If you are paranoid and not sure what the kernel will be
635 endmenu # "CPU/Task time and stats accounting"
639 depends on SMP || COMPILE_TEST
642 Make sure that CPUs running critical tasks are not disturbed by
643 any source of "noise" such as unbound workqueues, timers, kthreads...
644 Unbound jobs get offloaded to housekeeping CPUs. This is driven by
645 the "isolcpus=" boot parameter.
649 source "kernel/rcu/Kconfig"
656 tristate "Kernel .config support"
658 This option enables the complete Linux kernel ".config" file
659 contents to be saved in the kernel. It provides documentation
660 of which kernel options are used in a running kernel or in an
661 on-disk kernel. This information can be extracted from the kernel
662 image file with the script scripts/extract-ikconfig and used as
663 input to rebuild the current kernel or to build another kernel.
664 It can also be extracted from a running kernel by reading
665 /proc/config.gz if enabled (below).
668 bool "Enable access to .config through /proc/config.gz"
669 depends on IKCONFIG && PROC_FS
671 This option enables access to the kernel configuration file
672 through /proc/config.gz.
675 tristate "Enable kernel headers through /sys/kernel/kheaders.tar.xz"
678 This option enables access to the in-kernel headers that are generated during
679 the build process. These can be used to build eBPF tracing programs,
680 or similar programs. If you build the headers as a module, a module called
681 kheaders.ko is built which can be loaded on-demand to get access to headers.
684 int "Kernel log buffer size (16 => 64KB, 17 => 128KB)"
689 Select the minimal kernel log buffer size as a power of 2.
690 The final size is affected by LOG_CPU_MAX_BUF_SHIFT config
691 parameter, see below. Any higher size also might be forced
692 by "log_buf_len" boot parameter.
702 config LOG_CPU_MAX_BUF_SHIFT
703 int "CPU kernel log buffer size contribution (13 => 8 KB, 17 => 128KB)"
706 default 12 if !BASE_SMALL
707 default 0 if BASE_SMALL
710 This option allows to increase the default ring buffer size
711 according to the number of CPUs. The value defines the contribution
712 of each CPU as a power of 2. The used space is typically only few
713 lines however it might be much more when problems are reported,
716 The increased size means that a new buffer has to be allocated and
717 the original static one is unused. It makes sense only on systems
718 with more CPUs. Therefore this value is used only when the sum of
719 contributions is greater than the half of the default kernel ring
720 buffer as defined by LOG_BUF_SHIFT. The default values are set
721 so that more than 64 CPUs are needed to trigger the allocation.
723 Also this option is ignored when "log_buf_len" kernel parameter is
724 used as it forces an exact (power of two) size of the ring buffer.
726 The number of possible CPUs is used for this computation ignoring
727 hotplugging making the computation optimal for the worst case
728 scenario while allowing a simple algorithm to be used from bootup.
730 Examples shift values and their meaning:
731 17 => 128 KB for each CPU
732 16 => 64 KB for each CPU
733 15 => 32 KB for each CPU
734 14 => 16 KB for each CPU
735 13 => 8 KB for each CPU
736 12 => 4 KB for each CPU
738 config PRINTK_SAFE_LOG_BUF_SHIFT
739 int "Temporary per-CPU printk log buffer size (12 => 4KB, 13 => 8KB)"
744 Select the size of an alternate printk per-CPU buffer where messages
745 printed from usafe contexts are temporary stored. One example would
746 be NMI messages, another one - printk recursion. The messages are
747 copied to the main log buffer in a safe context to avoid a deadlock.
748 The value defines the size as a power of 2.
750 Those messages are rare and limited. The largest one is when
751 a backtrace is printed. It usually fits into 4KB. Select
752 8KB if you want to be on the safe side.
755 17 => 128 KB for each CPU
756 16 => 64 KB for each CPU
757 15 => 32 KB for each CPU
758 14 => 16 KB for each CPU
759 13 => 8 KB for each CPU
760 12 => 4 KB for each CPU
763 # Architectures with an unreliable sched_clock() should select this:
765 config HAVE_UNSTABLE_SCHED_CLOCK
768 config GENERIC_SCHED_CLOCK
771 menu "Scheduler features"
774 bool "Enable utilization clamping for RT/FAIR tasks"
775 depends on CPU_FREQ_GOV_SCHEDUTIL
777 This feature enables the scheduler to track the clamped utilization
778 of each CPU based on RUNNABLE tasks scheduled on that CPU.
780 With this option, the user can specify the min and max CPU
781 utilization allowed for RUNNABLE tasks. The max utilization defines
782 the maximum frequency a task should use while the min utilization
783 defines the minimum frequency it should use.
785 Both min and max utilization clamp values are hints to the scheduler,
786 aiming at improving its frequency selection policy, but they do not
787 enforce or grant any specific bandwidth for tasks.
791 config UCLAMP_BUCKETS_COUNT
792 int "Number of supported utilization clamp buckets"
795 depends on UCLAMP_TASK
797 Defines the number of clamp buckets to use. The range of each bucket
798 will be SCHED_CAPACITY_SCALE/UCLAMP_BUCKETS_COUNT. The higher the
799 number of clamp buckets the finer their granularity and the higher
800 the precision of clamping aggregation and tracking at run-time.
802 For example, with the minimum configuration value we will have 5
803 clamp buckets tracking 20% utilization each. A 25% boosted tasks will
804 be refcounted in the [20..39]% bucket and will set the bucket clamp
805 effective value to 25%.
806 If a second 30% boosted task should be co-scheduled on the same CPU,
807 that task will be refcounted in the same bucket of the first task and
808 it will boost the bucket clamp effective value to 30%.
809 The clamp effective value of a bucket is reset to its nominal value
810 (20% in the example above) when there are no more tasks refcounted in
813 An additional boost/capping margin can be added to some tasks. In the
814 example above the 25% task will be boosted to 30% until it exits the
815 CPU. If that should be considered not acceptable on certain systems,
816 it's always possible to reduce the margin by increasing the number of
817 clamp buckets to trade off used memory for run-time tracking
820 If in doubt, use the default value.
825 # For architectures that want to enable the support for NUMA-affine scheduler
828 config ARCH_SUPPORTS_NUMA_BALANCING
832 # For architectures that prefer to flush all TLBs after a number of pages
833 # are unmapped instead of sending one IPI per page to flush. The architecture
834 # must provide guarantees on what happens if a clean TLB cache entry is
835 # written after the unmap. Details are in mm/rmap.c near the check for
836 # should_defer_flush. The architecture should also consider if the full flush
837 # and the refill costs are offset by the savings of sending fewer IPIs.
838 config ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
842 def_bool !$(cc-option,$(m64-flag) -D__SIZEOF_INT128__=0) && 64BIT
845 # For architectures that know their GCC __int128 support is sound
847 config ARCH_SUPPORTS_INT128
850 # For architectures that (ab)use NUMA to represent different memory regions
851 # all cpu-local but of different latencies, such as SuperH.
853 config ARCH_WANT_NUMA_VARIABLE_LOCALITY
856 config NUMA_BALANCING
857 bool "Memory placement aware NUMA scheduler"
858 depends on ARCH_SUPPORTS_NUMA_BALANCING
859 depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY
860 depends on SMP && NUMA && MIGRATION
862 This option adds support for automatic NUMA aware memory/task placement.
863 The mechanism is quite primitive and is based on migrating memory when
864 it has references to the node the task is running on.
866 This system will be inactive on UMA systems.
868 config NUMA_BALANCING_DEFAULT_ENABLED
869 bool "Automatically enable NUMA aware memory/task placement"
871 depends on NUMA_BALANCING
873 If set, automatic NUMA balancing will be enabled if running on a NUMA
877 bool "Control Group support"
880 This option adds support for grouping sets of processes together, for
881 use with process control subsystems such as Cpusets, CFS, memory
882 controls or device isolation.
884 - Documentation/scheduler/sched-design-CFS.rst (CFS)
885 - Documentation/admin-guide/cgroup-v1/ (features for grouping, isolation
886 and resource control)
896 bool "Memory controller"
900 Provides control over the memory footprint of tasks in a cgroup.
904 depends on MEMCG && SWAP
909 depends on MEMCG && !SLOB
917 Generic block IO controller cgroup interface. This is the common
918 cgroup interface which should be used by various IO controlling
921 Currently, CFQ IO scheduler uses it to recognize task groups and
922 control disk bandwidth allocation (proportional time slice allocation)
923 to such task groups. It is also used by bio throttling logic in
924 block layer to implement upper limit in IO rates on a device.
926 This option only enables generic Block IO controller infrastructure.
927 One needs to also enable actual IO controlling logic/policy. For
928 enabling proportional weight division of disk bandwidth in CFQ, set
929 CONFIG_BFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
930 CONFIG_BLK_DEV_THROTTLING=y.
932 See Documentation/admin-guide/cgroup-v1/blkio-controller.rst for more information.
934 config CGROUP_WRITEBACK
936 depends on MEMCG && BLK_CGROUP
939 menuconfig CGROUP_SCHED
940 bool "CPU controller"
943 This feature lets CPU scheduler recognize task groups and control CPU
944 bandwidth allocation to such task groups. It uses cgroups to group
948 config FAIR_GROUP_SCHED
949 bool "Group scheduling for SCHED_OTHER"
950 depends on CGROUP_SCHED
954 bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
955 depends on FAIR_GROUP_SCHED
958 This option allows users to define CPU bandwidth rates (limits) for
959 tasks running within the fair group scheduler. Groups with no limit
960 set are considered to be unconstrained and will run with no
962 See Documentation/scheduler/sched-bwc.rst for more information.
964 config RT_GROUP_SCHED
965 bool "Group scheduling for SCHED_RR/FIFO"
966 depends on CGROUP_SCHED
969 This feature lets you explicitly allocate real CPU bandwidth
970 to task groups. If enabled, it will also make it impossible to
971 schedule realtime tasks for non-root users until you allocate
972 realtime bandwidth for them.
973 See Documentation/scheduler/sched-rt-group.rst for more information.
977 config UCLAMP_TASK_GROUP
978 bool "Utilization clamping per group of tasks"
979 depends on CGROUP_SCHED
980 depends on UCLAMP_TASK
983 This feature enables the scheduler to track the clamped utilization
984 of each CPU based on RUNNABLE tasks currently scheduled on that CPU.
986 When this option is enabled, the user can specify a min and max
987 CPU bandwidth which is allowed for each single task in a group.
988 The max bandwidth allows to clamp the maximum frequency a task
989 can use, while the min bandwidth allows to define a minimum
990 frequency a task will always use.
992 When task group based utilization clamping is enabled, an eventually
993 specified task-specific clamp value is constrained by the cgroup
994 specified clamp value. Both minimum and maximum task clamping cannot
995 be bigger than the corresponding clamping defined at task group level.
1000 bool "PIDs controller"
1002 Provides enforcement of process number limits in the scope of a
1003 cgroup. Any attempt to fork more processes than is allowed in the
1004 cgroup will fail. PIDs are fundamentally a global resource because it
1005 is fairly trivial to reach PID exhaustion before you reach even a
1006 conservative kmemcg limit. As a result, it is possible to grind a
1007 system to halt without being limited by other cgroup policies. The
1008 PIDs controller is designed to stop this from happening.
1010 It should be noted that organisational operations (such as attaching
1011 to a cgroup hierarchy) will *not* be blocked by the PIDs controller,
1012 since the PIDs limit only affects a process's ability to fork, not to
1016 bool "RDMA controller"
1018 Provides enforcement of RDMA resources defined by IB stack.
1019 It is fairly easy for consumers to exhaust RDMA resources, which
1020 can result into resource unavailability to other consumers.
1021 RDMA controller is designed to stop this from happening.
1022 Attaching processes with active RDMA resources to the cgroup
1023 hierarchy is allowed even if can cross the hierarchy's limit.
1025 config CGROUP_FREEZER
1026 bool "Freezer controller"
1028 Provides a way to freeze and unfreeze all tasks in a
1031 This option affects the ORIGINAL cgroup interface. The cgroup2 memory
1032 controller includes important in-kernel memory consumers per default.
1034 If you're using cgroup2, say N.
1036 config CGROUP_HUGETLB
1037 bool "HugeTLB controller"
1038 depends on HUGETLB_PAGE
1042 Provides a cgroup controller for HugeTLB pages.
1043 When you enable this, you can put a per cgroup limit on HugeTLB usage.
1044 The limit is enforced during page fault. Since HugeTLB doesn't
1045 support page reclaim, enforcing the limit at page fault time implies
1046 that, the application will get SIGBUS signal if it tries to access
1047 HugeTLB pages beyond its limit. This requires the application to know
1048 beforehand how much HugeTLB pages it would require for its use. The
1049 control group is tracked in the third page lru pointer. This means
1050 that we cannot use the controller with huge page less than 3 pages.
1053 bool "Cpuset controller"
1056 This option will let you create and manage CPUSETs which
1057 allow dynamically partitioning a system into sets of CPUs and
1058 Memory Nodes and assigning tasks to run only within those sets.
1059 This is primarily useful on large SMP or NUMA systems.
1063 config PROC_PID_CPUSET
1064 bool "Include legacy /proc/<pid>/cpuset file"
1068 config CGROUP_DEVICE
1069 bool "Device controller"
1071 Provides a cgroup controller implementing whitelists for
1072 devices which a process in the cgroup can mknod or open.
1074 config CGROUP_CPUACCT
1075 bool "Simple CPU accounting controller"
1077 Provides a simple controller for monitoring the
1078 total CPU consumed by the tasks in a cgroup.
1081 bool "Perf controller"
1082 depends on PERF_EVENTS
1084 This option extends the perf per-cpu mode to restrict monitoring
1085 to threads which belong to the cgroup specified and run on the
1086 designated cpu. Or this can be used to have cgroup ID in samples
1087 so that it can monitor performance events among cgroups.
1092 bool "Support for eBPF programs attached to cgroups"
1093 depends on BPF_SYSCALL
1094 select SOCK_CGROUP_DATA
1096 Allow attaching eBPF programs to a cgroup using the bpf(2)
1097 syscall command BPF_PROG_ATTACH.
1099 In which context these programs are accessed depends on the type
1100 of attachment. For instance, programs that are attached using
1101 BPF_CGROUP_INET_INGRESS will be executed on the ingress path of
1105 bool "Debug controller"
1107 depends on DEBUG_KERNEL
1109 This option enables a simple controller that exports
1110 debugging information about the cgroups framework. This
1111 controller is for control cgroup debugging only. Its
1112 interfaces are not stable.
1116 config SOCK_CGROUP_DATA
1122 menuconfig NAMESPACES
1123 bool "Namespaces support" if EXPERT
1124 depends on MULTIUSER
1127 Provides the way to make tasks work with different objects using
1128 the same id. For example same IPC id may refer to different objects
1129 or same user id or pid may refer to different tasks when used in
1130 different namespaces.
1135 bool "UTS namespace"
1138 In this namespace tasks see different info provided with the
1142 bool "TIME namespace"
1143 depends on GENERIC_VDSO_TIME_NS
1146 In this namespace boottime and monotonic clocks can be set.
1147 The time will keep going with the same pace.
1150 bool "IPC namespace"
1151 depends on (SYSVIPC || POSIX_MQUEUE)
1154 In this namespace tasks work with IPC ids which correspond to
1155 different IPC objects in different namespaces.
1158 bool "User namespace"
1161 This allows containers, i.e. vservers, to use user namespaces
1162 to provide different user info for different servers.
1164 When user namespaces are enabled in the kernel it is
1165 recommended that the MEMCG option also be enabled and that
1166 user-space use the memory control groups to limit the amount
1167 of memory a memory unprivileged users can use.
1172 bool "PID Namespaces"
1175 Support process id namespaces. This allows having multiple
1176 processes with the same pid as long as they are in different
1177 pid namespaces. This is a building block of containers.
1180 bool "Network namespace"
1184 Allow user space to create what appear to be multiple instances
1185 of the network stack.
1189 config CHECKPOINT_RESTORE
1190 bool "Checkpoint/restore support"
1191 select PROC_CHILDREN
1194 Enables additional kernel features in a sake of checkpoint/restore.
1195 In particular it adds auxiliary prctl codes to setup process text,
1196 data and heap segment sizes, and a few additional /proc filesystem
1199 If unsure, say N here.
1201 config SCHED_AUTOGROUP
1202 bool "Automatic process group scheduling"
1205 select FAIR_GROUP_SCHED
1207 This option optimizes the scheduler for common desktop workloads by
1208 automatically creating and populating task groups. This separation
1209 of workloads isolates aggressive CPU burners (like build jobs) from
1210 desktop applications. Task group autogeneration is currently based
1213 config SYSFS_DEPRECATED
1214 bool "Enable deprecated sysfs features to support old userspace tools"
1218 This option adds code that switches the layout of the "block" class
1219 devices, to not show up in /sys/class/block/, but only in
1222 This switch is only active when the sysfs.deprecated=1 boot option is
1223 passed or the SYSFS_DEPRECATED_V2 option is set.
1225 This option allows new kernels to run on old distributions and tools,
1226 which might get confused by /sys/class/block/. Since 2007/2008 all
1227 major distributions and tools handle this just fine.
1229 Recent distributions and userspace tools after 2009/2010 depend on
1230 the existence of /sys/class/block/, and will not work with this
1233 Only if you are using a new kernel on an old distribution, you might
1236 config SYSFS_DEPRECATED_V2
1237 bool "Enable deprecated sysfs features by default"
1240 depends on SYSFS_DEPRECATED
1242 Enable deprecated sysfs by default.
1244 See the CONFIG_SYSFS_DEPRECATED option for more details about this
1247 Only if you are using a new kernel on an old distribution, you might
1248 need to say Y here. Even then, odds are you would not need it
1249 enabled, you can always pass the boot option if absolutely necessary.
1252 bool "Kernel->user space relay support (formerly relayfs)"
1255 This option enables support for relay interface support in
1256 certain file systems (such as debugfs).
1257 It is designed to provide an efficient mechanism for tools and
1258 facilities to relay large amounts of data from kernel space to
1263 config BLK_DEV_INITRD
1264 bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
1266 The initial RAM filesystem is a ramfs which is loaded by the
1267 boot loader (loadlin or lilo) and that is mounted as root
1268 before the normal boot procedure. It is typically used to
1269 load modules needed to mount the "real" root file system,
1270 etc. See <file:Documentation/admin-guide/initrd.rst> for details.
1272 If RAM disk support (BLK_DEV_RAM) is also included, this
1273 also enables initial RAM disk (initrd) support and adds
1274 15 Kbytes (more on some other architectures) to the kernel size.
1280 source "usr/Kconfig"
1285 bool "Boot config support"
1286 select BLK_DEV_INITRD
1288 Extra boot config allows system admin to pass a config file as
1289 complemental extension of kernel cmdline when booting.
1290 The boot config file must be attached at the end of initramfs
1291 with checksum, size and magic word.
1292 See <file:Documentation/admin-guide/bootconfig.rst> for details.
1297 prompt "Compiler optimization level"
1298 default CC_OPTIMIZE_FOR_PERFORMANCE
1300 config CC_OPTIMIZE_FOR_PERFORMANCE
1301 bool "Optimize for performance (-O2)"
1303 This is the default optimization level for the kernel, building
1304 with the "-O2" compiler flag for best performance and most
1305 helpful compile-time warnings.
1307 config CC_OPTIMIZE_FOR_PERFORMANCE_O3
1308 bool "Optimize more for performance (-O3)"
1311 Choosing this option will pass "-O3" to your compiler to optimize
1312 the kernel yet more for performance.
1314 config CC_OPTIMIZE_FOR_SIZE
1315 bool "Optimize for size (-Os)"
1317 Choosing this option will pass "-Os" to your compiler resulting
1318 in a smaller kernel.
1322 config HAVE_LD_DEAD_CODE_DATA_ELIMINATION
1325 This requires that the arch annotates or otherwise protects
1326 its external entry points from being discarded. Linker scripts
1327 must also merge .text.*, .data.*, and .bss.* correctly into
1328 output sections. Care must be taken not to pull in unrelated
1329 sections (e.g., '.text.init'). Typically '.' in section names
1330 is used to distinguish them from label names / C identifiers.
1332 config LD_DEAD_CODE_DATA_ELIMINATION
1333 bool "Dead code and data elimination (EXPERIMENTAL)"
1334 depends on HAVE_LD_DEAD_CODE_DATA_ELIMINATION
1336 depends on $(cc-option,-ffunction-sections -fdata-sections)
1337 depends on $(ld-option,--gc-sections)
1339 Enable this if you want to do dead code and data elimination with
1340 the linker by compiling with -ffunction-sections -fdata-sections,
1341 and linking with --gc-sections.
1343 This can reduce on disk and in-memory size of the kernel
1344 code and static data, particularly for small configs and
1345 on small systems. This has the possibility of introducing
1346 silently broken kernel if the required annotations are not
1347 present. This option is not well tested yet, so use at your
1356 config SYSCTL_EXCEPTION_TRACE
1359 Enable support for /proc/sys/debug/exception-trace.
1361 config SYSCTL_ARCH_UNALIGN_NO_WARN
1364 Enable support for /proc/sys/kernel/ignore-unaligned-usertrap
1365 Allows arch to define/use @no_unaligned_warning to possibly warn
1366 about unaligned access emulation going on under the hood.
1368 config SYSCTL_ARCH_UNALIGN_ALLOW
1371 Enable support for /proc/sys/kernel/unaligned-trap
1372 Allows arches to define/use @unaligned_enabled to runtime toggle
1373 the unaligned access emulation.
1374 see arch/parisc/kernel/unaligned.c for reference
1376 config HAVE_PCSPKR_PLATFORM
1379 # interpreter that classic socket filters depend on
1384 bool "Configure standard kernel features (expert users)"
1385 # Unhide debug options, to make the on-by-default options visible
1388 This option allows certain base kernel options and settings
1389 to be disabled or tweaked. This is for specialized
1390 environments which can tolerate a "non-standard" kernel.
1391 Only use this if you really know what you are doing.
1394 bool "Enable 16-bit UID system calls" if EXPERT
1395 depends on HAVE_UID16 && MULTIUSER
1398 This enables the legacy 16-bit UID syscall wrappers.
1401 bool "Multiple users, groups and capabilities support" if EXPERT
1404 This option enables support for non-root users, groups and
1407 If you say N here, all processes will run with UID 0, GID 0, and all
1408 possible capabilities. Saying N here also compiles out support for
1409 system calls related to UIDs, GIDs, and capabilities, such as setuid,
1412 If unsure, say Y here.
1414 config SGETMASK_SYSCALL
1415 bool "sgetmask/ssetmask syscalls support" if EXPERT
1416 def_bool PARISC || M68K || PPC || MIPS || X86 || SPARC || MICROBLAZE || SUPERH
1418 sys_sgetmask and sys_ssetmask are obsolete system calls
1419 no longer supported in libc but still enabled by default in some
1422 If unsure, leave the default option here.
1424 config SYSFS_SYSCALL
1425 bool "Sysfs syscall support" if EXPERT
1428 sys_sysfs is an obsolete system call no longer supported in libc.
1429 Note that disabling this option is more secure but might break
1430 compatibility with some systems.
1432 If unsure say Y here.
1435 bool "open by fhandle syscalls" if EXPERT
1439 If you say Y here, a user level program will be able to map
1440 file names to handle and then later use the handle for
1441 different file system operations. This is useful in implementing
1442 userspace file servers, which now track files using handles instead
1443 of names. The handle would remain the same even if file names
1444 get renamed. Enables open_by_handle_at(2) and name_to_handle_at(2)
1448 bool "Posix Clocks & timers" if EXPERT
1451 This includes native support for POSIX timers to the kernel.
1452 Some embedded systems have no use for them and therefore they
1453 can be configured out to reduce the size of the kernel image.
1455 When this option is disabled, the following syscalls won't be
1456 available: timer_create, timer_gettime: timer_getoverrun,
1457 timer_settime, timer_delete, clock_adjtime, getitimer,
1458 setitimer, alarm. Furthermore, the clock_settime, clock_gettime,
1459 clock_getres and clock_nanosleep syscalls will be limited to
1460 CLOCK_REALTIME, CLOCK_MONOTONIC and CLOCK_BOOTTIME only.
1466 bool "Enable support for printk" if EXPERT
1469 This option enables normal printk support. Removing it
1470 eliminates most of the message strings from the kernel image
1471 and makes the kernel more or less silent. As this makes it
1472 very difficult to diagnose system problems, saying N here is
1473 strongly discouraged.
1481 bool "BUG() support" if EXPERT
1484 Disabling this option eliminates support for BUG and WARN, reducing
1485 the size of your kernel image and potentially quietly ignoring
1486 numerous fatal conditions. You should only consider disabling this
1487 option for embedded systems with no facilities for reporting errors.
1493 bool "Enable ELF core dumps" if EXPERT
1495 Enable support for generating core dumps. Disabling saves about 4k.
1498 config PCSPKR_PLATFORM
1499 bool "Enable PC-Speaker support" if EXPERT
1500 depends on HAVE_PCSPKR_PLATFORM
1504 This option allows to disable the internal PC-Speaker
1505 support, saving some memory.
1509 bool "Enable full-sized data structures for core" if EXPERT
1511 Disabling this option reduces the size of miscellaneous core
1512 kernel data structures. This saves memory on small machines,
1513 but may reduce performance.
1516 bool "Enable futex support" if EXPERT
1520 Disabling this option will cause the kernel to be built without
1521 support for "fast userspace mutexes". The resulting kernel may not
1522 run glibc-based applications correctly.
1526 depends on FUTEX && RT_MUTEXES
1529 config HAVE_FUTEX_CMPXCHG
1533 Architectures should select this if futex_atomic_cmpxchg_inatomic()
1534 is implemented and always working. This removes a couple of runtime
1538 bool "Enable eventpoll support" if EXPERT
1541 Disabling this option will cause the kernel to be built without
1542 support for epoll family of system calls.
1545 bool "Enable signalfd() system call" if EXPERT
1548 Enable the signalfd() system call that allows to receive signals
1549 on a file descriptor.
1554 bool "Enable timerfd() system call" if EXPERT
1557 Enable the timerfd() system call that allows to receive timer
1558 events on a file descriptor.
1563 bool "Enable eventfd() system call" if EXPERT
1566 Enable the eventfd() system call that allows to receive both
1567 kernel notification (ie. KAIO) or userspace notifications.
1572 bool "Use full shmem filesystem" if EXPERT
1576 The shmem is an internal filesystem used to manage shared memory.
1577 It is backed by swap and manages resource limits. It is also exported
1578 to userspace as tmpfs if TMPFS is enabled. Disabling this
1579 option replaces shmem and tmpfs with the much simpler ramfs code,
1580 which may be appropriate on small systems without swap.
1583 bool "Enable AIO support" if EXPERT
1586 This option enables POSIX asynchronous I/O which may by used
1587 by some high performance threaded applications. Disabling
1588 this option saves about 7k.
1591 bool "Enable IO uring support" if EXPERT
1595 This option enables support for the io_uring interface, enabling
1596 applications to submit and complete IO through submission and
1597 completion rings that are shared between the kernel and application.
1599 config ADVISE_SYSCALLS
1600 bool "Enable madvise/fadvise syscalls" if EXPERT
1603 This option enables the madvise and fadvise syscalls, used by
1604 applications to advise the kernel about their future memory or file
1605 usage, improving performance. If building an embedded system where no
1606 applications use these syscalls, you can disable this option to save
1609 config HAVE_ARCH_USERFAULTFD_WP
1612 Arch has userfaultfd write protection support
1615 bool "Enable membarrier() system call" if EXPERT
1618 Enable the membarrier() system call that allows issuing memory
1619 barriers across all running threads, which can be used to distribute
1620 the cost of user-space memory barriers asymmetrically by transforming
1621 pairs of memory barriers into pairs consisting of membarrier() and a
1627 bool "Load all symbols for debugging/ksymoops" if EXPERT
1630 Say Y here to let the kernel print out symbolic crash information and
1631 symbolic stack backtraces. This increases the size of the kernel
1632 somewhat, as all symbols have to be loaded into the kernel image.
1635 bool "Include all symbols in kallsyms"
1636 depends on DEBUG_KERNEL && KALLSYMS
1638 Normally kallsyms only contains the symbols of functions for nicer
1639 OOPS messages and backtraces (i.e., symbols from the text and inittext
1640 sections). This is sufficient for most cases. And only in very rare
1641 cases (e.g., when a debugger is used) all symbols are required (e.g.,
1642 names of variables from the data sections, etc).
1644 This option makes sure that all symbols are loaded into the kernel
1645 image (i.e., symbols from all sections) in cost of increased kernel
1646 size (depending on the kernel configuration, it may be 300KiB or
1647 something like this).
1649 Say N unless you really need all symbols.
1651 config KALLSYMS_ABSOLUTE_PERCPU
1654 default X86_64 && SMP
1656 config KALLSYMS_BASE_RELATIVE
1661 Instead of emitting them as absolute values in the native word size,
1662 emit the symbol references in the kallsyms table as 32-bit entries,
1663 each containing a relative value in the range [base, base + U32_MAX]
1664 or, when KALLSYMS_ABSOLUTE_PERCPU is in effect, each containing either
1665 an absolute value in the range [0, S32_MAX] or a relative value in the
1666 range [base, base + S32_MAX], where base is the lowest relative symbol
1667 address encountered in the image.
1669 On 64-bit builds, this reduces the size of the address table by 50%,
1670 but more importantly, it results in entries whose values are build
1671 time constants, and no relocation pass is required at runtime to fix
1672 up the entries based on the runtime load address of the kernel.
1674 # end of the "standard kernel features (expert users)" menu
1676 # syscall, maps, verifier
1679 bool "LSM Instrumentation with BPF"
1680 depends on BPF_EVENTS
1681 depends on BPF_SYSCALL
1685 Enables instrumentation of the security hooks with eBPF programs for
1686 implementing dynamic MAC and Audit Policies.
1688 If you are unsure how to answer this question, answer N.
1691 bool "Enable bpf() system call"
1696 Enable the bpf() system call that allows to manipulate eBPF
1697 programs and maps via file descriptors.
1699 config ARCH_WANT_DEFAULT_BPF_JIT
1702 config BPF_JIT_ALWAYS_ON
1703 bool "Permanently enable BPF JIT and remove BPF interpreter"
1704 depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT
1706 Enables BPF JIT and removes BPF interpreter to avoid
1707 speculative execution of BPF instructions by the interpreter
1709 config BPF_JIT_DEFAULT_ON
1710 def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON
1711 depends on HAVE_EBPF_JIT && BPF_JIT
1714 bool "Enable userfaultfd() system call"
1717 Enable the userfaultfd() system call that allows to intercept and
1718 handle page faults in userland.
1720 config ARCH_HAS_MEMBARRIER_CALLBACKS
1723 config ARCH_HAS_MEMBARRIER_SYNC_CORE
1727 bool "Enable rseq() system call" if EXPERT
1729 depends on HAVE_RSEQ
1732 Enable the restartable sequences system call. It provides a
1733 user-space cache for the current CPU number value, which
1734 speeds up getting the current CPU number from user-space,
1735 as well as an ABI to speed up user-space operations on
1742 bool "Enabled debugging of rseq() system call" if EXPERT
1743 depends on RSEQ && DEBUG_KERNEL
1745 Enable extra debugging checks for the rseq system call.
1750 bool "Embedded system"
1751 option allnoconfig_y
1754 This option should be enabled if compiling the kernel for
1755 an embedded system so certain expert options are available
1758 config HAVE_PERF_EVENTS
1761 See tools/perf/design.txt for details.
1763 config PERF_USE_VMALLOC
1766 See tools/perf/design.txt for details
1769 bool "PC/104 support" if EXPERT
1771 Expose PC/104 form factor device drivers and options available for
1772 selection and configuration. Enable this option if your target
1773 machine has a PC/104 bus.
1775 menu "Kernel Performance Events And Counters"
1778 bool "Kernel performance events and counters"
1779 default y if PROFILING
1780 depends on HAVE_PERF_EVENTS
1784 Enable kernel support for various performance events provided
1785 by software and hardware.
1787 Software events are supported either built-in or via the
1788 use of generic tracepoints.
1790 Most modern CPUs support performance events via performance
1791 counter registers. These registers count the number of certain
1792 types of hw events: such as instructions executed, cachemisses
1793 suffered, or branches mis-predicted - without slowing down the
1794 kernel or applications. These registers can also trigger interrupts
1795 when a threshold number of events have passed - and can thus be
1796 used to profile the code that runs on that CPU.
1798 The Linux Performance Event subsystem provides an abstraction of
1799 these software and hardware event capabilities, available via a
1800 system call and used by the "perf" utility in tools/perf/. It
1801 provides per task and per CPU counters, and it provides event
1802 capabilities on top of those.
1806 config DEBUG_PERF_USE_VMALLOC
1808 bool "Debug: use vmalloc to back perf mmap() buffers"
1809 depends on PERF_EVENTS && DEBUG_KERNEL && !PPC
1810 select PERF_USE_VMALLOC
1812 Use vmalloc memory to back perf mmap() buffers.
1814 Mostly useful for debugging the vmalloc code on platforms
1815 that don't require it.
1821 config VM_EVENT_COUNTERS
1823 bool "Enable VM event counters for /proc/vmstat" if EXPERT
1825 VM event counters are needed for event counts to be shown.
1826 This option allows the disabling of the VM event counters
1827 on EXPERT systems. /proc/vmstat will only show page counts
1828 if VM event counters are disabled.
1832 bool "Enable SLUB debugging support" if EXPERT
1833 depends on SLUB && SYSFS
1835 SLUB has extensive debug support features. Disabling these can
1836 result in significant savings in code size. This also disables
1837 SLUB sysfs support. /sys/slab will not exist and there will be
1838 no support for cache validation etc.
1840 config SLUB_MEMCG_SYSFS_ON
1842 bool "Enable memcg SLUB sysfs support by default" if EXPERT
1843 depends on SLUB && SYSFS && MEMCG
1845 SLUB creates a directory under /sys/kernel/slab for each
1846 allocation cache to host info and debug files. If memory
1847 cgroup is enabled, each cache can have per memory cgroup
1848 caches. SLUB can create the same sysfs directories for these
1849 caches under /sys/kernel/slab/CACHE/cgroup but it can lead
1850 to a very high number of debug files being created. This is
1851 controlled by slub_memcg_sysfs boot parameter and this
1852 config option determines the parameter's default value.
1855 bool "Disable heap randomization"
1858 Randomizing heap placement makes heap exploits harder, but it
1859 also breaks ancient binaries (including anything libc5 based).
1860 This option changes the bootup default to heap randomization
1861 disabled, and can be overridden at runtime by setting
1862 /proc/sys/kernel/randomize_va_space to 2.
1864 On non-ancient distros (post-2000 ones) N is usually a safe choice.
1867 prompt "Choose SLAB allocator"
1870 This option allows to select a slab allocator.
1874 select HAVE_HARDENED_USERCOPY_ALLOCATOR
1876 The regular slab allocator that is established and known to work
1877 well in all environments. It organizes cache hot objects in
1878 per cpu and per node queues.
1881 bool "SLUB (Unqueued Allocator)"
1882 select HAVE_HARDENED_USERCOPY_ALLOCATOR
1884 SLUB is a slab allocator that minimizes cache line usage
1885 instead of managing queues of cached objects (SLAB approach).
1886 Per cpu caching is realized using slabs of objects instead
1887 of queues of objects. SLUB can use memory efficiently
1888 and has enhanced diagnostics. SLUB is the default choice for
1893 bool "SLOB (Simple Allocator)"
1895 SLOB replaces the stock allocator with a drastically simpler
1896 allocator. SLOB is generally more space efficient but
1897 does not perform as well on large systems.
1901 config SLAB_MERGE_DEFAULT
1902 bool "Allow slab caches to be merged"
1905 For reduced kernel memory fragmentation, slab caches can be
1906 merged when they share the same size and other characteristics.
1907 This carries a risk of kernel heap overflows being able to
1908 overwrite objects from merged caches (and more easily control
1909 cache layout), which makes such heap attacks easier to exploit
1910 by attackers. By keeping caches unmerged, these kinds of exploits
1911 can usually only damage objects in the same cache. To disable
1912 merging at runtime, "slab_nomerge" can be passed on the kernel
1915 config SLAB_FREELIST_RANDOM
1917 depends on SLAB || SLUB
1918 bool "SLAB freelist randomization"
1920 Randomizes the freelist order used on creating new pages. This
1921 security feature reduces the predictability of the kernel slab
1922 allocator against heap overflows.
1924 config SLAB_FREELIST_HARDENED
1925 bool "Harden slab freelist metadata"
1928 Many kernel heap attacks try to target slab cache metadata and
1929 other infrastructure. This options makes minor performance
1930 sacrifices to harden the kernel slab allocator against common
1931 freelist exploit methods.
1933 config SHUFFLE_PAGE_ALLOCATOR
1934 bool "Page allocator randomization"
1935 default SLAB_FREELIST_RANDOM && ACPI_NUMA
1937 Randomization of the page allocator improves the average
1938 utilization of a direct-mapped memory-side-cache. See section
1939 5.2.27 Heterogeneous Memory Attribute Table (HMAT) in the ACPI
1940 6.2a specification for an example of how a platform advertises
1941 the presence of a memory-side-cache. There are also incidental
1942 security benefits as it reduces the predictability of page
1943 allocations to compliment SLAB_FREELIST_RANDOM, but the
1944 default granularity of shuffling on the "MAX_ORDER - 1" i.e,
1945 10th order of pages is selected based on cache utilization
1948 While the randomization improves cache utilization it may
1949 negatively impact workloads on platforms without a cache. For
1950 this reason, by default, the randomization is enabled only
1951 after runtime detection of a direct-mapped memory-side-cache.
1952 Otherwise, the randomization may be force enabled with the
1953 'page_alloc.shuffle' kernel command line parameter.
1957 config SLUB_CPU_PARTIAL
1959 depends on SLUB && SMP
1960 bool "SLUB per cpu partial cache"
1962 Per cpu partial caches accelerate objects allocation and freeing
1963 that is local to a processor at the price of more indeterminism
1964 in the latency of the free. On overflow these caches will be cleared
1965 which requires the taking of locks that may cause latency spikes.
1966 Typically one would choose no for a realtime system.
1968 config MMAP_ALLOW_UNINITIALIZED
1969 bool "Allow mmapped anonymous memory to be uninitialized"
1970 depends on EXPERT && !MMU
1973 Normally, and according to the Linux spec, anonymous memory obtained
1974 from mmap() has its contents cleared before it is passed to
1975 userspace. Enabling this config option allows you to request that
1976 mmap() skip that if it is given an MAP_UNINITIALIZED flag, thus
1977 providing a huge performance boost. If this option is not enabled,
1978 then the flag will be ignored.
1980 This is taken advantage of by uClibc's malloc(), and also by
1981 ELF-FDPIC binfmt's brk and stack allocator.
1983 Because of the obvious security issues, this option should only be
1984 enabled on embedded devices where you control what is run in
1985 userspace. Since that isn't generally a problem on no-MMU systems,
1986 it is normally safe to say Y here.
1988 See Documentation/nommu-mmap.txt for more information.
1990 config SYSTEM_DATA_VERIFICATION
1992 select SYSTEM_TRUSTED_KEYRING
1996 select ASYMMETRIC_KEY_TYPE
1997 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
2000 select X509_CERTIFICATE_PARSER
2001 select PKCS7_MESSAGE_PARSER
2003 Provide PKCS#7 message verification using the contents of the system
2004 trusted keyring to provide public keys. This then can be used for
2005 module verification, kexec image verification and firmware blob
2009 bool "Profiling support"
2011 Say Y here to enable the extended profiling support mechanisms used
2012 by profilers such as OProfile.
2015 # Place an empty function call at each tracepoint site. Can be
2016 # dynamically changed for a probe function.
2021 endmenu # General setup
2023 source "arch/Kconfig"
2030 default 0 if BASE_FULL
2031 default 1 if !BASE_FULL
2033 config MODULE_SIG_FORMAT
2035 select SYSTEM_DATA_VERIFICATION
2038 bool "Enable loadable module support"
2041 Kernel modules are small pieces of compiled code which can
2042 be inserted in the running kernel, rather than being
2043 permanently built into the kernel. You use the "modprobe"
2044 tool to add (and sometimes remove) them. If you say Y here,
2045 many parts of the kernel can be built as modules (by
2046 answering M instead of Y where indicated): this is most
2047 useful for infrequently used options which are not required
2048 for booting. For more information, see the man pages for
2049 modprobe, lsmod, modinfo, insmod and rmmod.
2051 If you say Y here, you will need to run "make
2052 modules_install" to put the modules under /lib/modules/
2053 where modprobe can find them (you may need to be root to do
2060 config MODULE_FORCE_LOAD
2061 bool "Forced module loading"
2064 Allow loading of modules without version information (ie. modprobe
2065 --force). Forced module loading sets the 'F' (forced) taint flag and
2066 is usually a really bad idea.
2068 config MODULE_UNLOAD
2069 bool "Module unloading"
2071 Without this option you will not be able to unload any
2072 modules (note that some modules may not be unloadable
2073 anyway), which makes your kernel smaller, faster
2074 and simpler. If unsure, say Y.
2076 config MODULE_FORCE_UNLOAD
2077 bool "Forced module unloading"
2078 depends on MODULE_UNLOAD
2080 This option allows you to force a module to unload, even if the
2081 kernel believes it is unsafe: the kernel will remove the module
2082 without waiting for anyone to stop using it (using the -f option to
2083 rmmod). This is mainly for kernel developers and desperate users.
2087 bool "Module versioning support"
2089 Usually, you have to use modules compiled with your kernel.
2090 Saying Y here makes it sometimes possible to use modules
2091 compiled for different kernels, by adding enough information
2092 to the modules to (hopefully) spot any changes which would
2093 make them incompatible with the kernel you are running. If
2096 config ASM_MODVERSIONS
2098 default HAVE_ASM_MODVERSIONS && MODVERSIONS
2100 This enables module versioning for exported symbols also from
2101 assembly. This can be enabled only when the target architecture
2104 config MODULE_REL_CRCS
2106 depends on MODVERSIONS
2108 config MODULE_SRCVERSION_ALL
2109 bool "Source checksum for all modules"
2111 Modules which contain a MODULE_VERSION get an extra "srcversion"
2112 field inserted into their modinfo section, which contains a
2113 sum of the source files which made it. This helps maintainers
2114 see exactly which source was used to build a module (since
2115 others sometimes change the module source without updating
2116 the version). With this option, such a "srcversion" field
2117 will be created for all modules. If unsure, say N.
2120 bool "Module signature verification"
2121 select MODULE_SIG_FORMAT
2123 Check modules for valid signatures upon load: the signature
2124 is simply appended to the module. For more information see
2125 <file:Documentation/admin-guide/module-signing.rst>.
2127 Note that this option adds the OpenSSL development packages as a
2128 kernel build dependency so that the signing tool can use its crypto
2131 You should enable this option if you wish to use either
2132 CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
2133 another LSM - otherwise unsigned modules will be loadable regardless
2134 of the lockdown policy.
2136 !!!WARNING!!! If you enable this option, you MUST make sure that the
2137 module DOES NOT get stripped after being signed. This includes the
2138 debuginfo strip done by some packagers (such as rpmbuild) and
2139 inclusion into an initramfs that wants the module size reduced.
2141 config MODULE_SIG_FORCE
2142 bool "Require modules to be validly signed"
2143 depends on MODULE_SIG
2145 Reject unsigned modules or signed modules for which we don't have a
2146 key. Without this, such modules will simply taint the kernel.
2148 config MODULE_SIG_ALL
2149 bool "Automatically sign all modules"
2151 depends on MODULE_SIG
2153 Sign all modules during make modules_install. Without this option,
2154 modules must be signed manually, using the scripts/sign-file tool.
2156 comment "Do not forget to sign required modules with scripts/sign-file"
2157 depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
2160 prompt "Which hash algorithm should modules be signed with?"
2161 depends on MODULE_SIG
2163 This determines which sort of hashing algorithm will be used during
2164 signature generation. This algorithm _must_ be built into the kernel
2165 directly so that signature verification can take place. It is not
2166 possible to load a signed module containing the algorithm to check
2167 the signature on that module.
2169 config MODULE_SIG_SHA1
2170 bool "Sign modules with SHA-1"
2173 config MODULE_SIG_SHA224
2174 bool "Sign modules with SHA-224"
2175 select CRYPTO_SHA256
2177 config MODULE_SIG_SHA256
2178 bool "Sign modules with SHA-256"
2179 select CRYPTO_SHA256
2181 config MODULE_SIG_SHA384
2182 bool "Sign modules with SHA-384"
2183 select CRYPTO_SHA512
2185 config MODULE_SIG_SHA512
2186 bool "Sign modules with SHA-512"
2187 select CRYPTO_SHA512
2191 config MODULE_SIG_HASH
2193 depends on MODULE_SIG
2194 default "sha1" if MODULE_SIG_SHA1
2195 default "sha224" if MODULE_SIG_SHA224
2196 default "sha256" if MODULE_SIG_SHA256
2197 default "sha384" if MODULE_SIG_SHA384
2198 default "sha512" if MODULE_SIG_SHA512
2200 config MODULE_COMPRESS
2201 bool "Compress modules on installation"
2204 Compresses kernel modules when 'make modules_install' is run; gzip or
2205 xz depending on "Compression algorithm" below.
2207 module-init-tools MAY support gzip, and kmod MAY support gzip and xz.
2209 Out-of-tree kernel modules installed using Kbuild will also be
2210 compressed upon installation.
2212 Note: for modules inside an initrd or initramfs, it's more efficient
2213 to compress the whole initrd or initramfs instead.
2215 Note: This is fully compatible with signed modules.
2220 prompt "Compression algorithm"
2221 depends on MODULE_COMPRESS
2222 default MODULE_COMPRESS_GZIP
2224 This determines which sort of compression will be used during
2225 'make modules_install'.
2227 GZIP (default) and XZ are supported.
2229 config MODULE_COMPRESS_GZIP
2232 config MODULE_COMPRESS_XZ
2237 config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
2238 bool "Allow loading of modules with missing namespace imports"
2240 Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
2241 a namespace. A module that makes use of a symbol exported with such a
2242 namespace is required to import the namespace via MODULE_IMPORT_NS().
2243 There is no technical reason to enforce correct namespace imports,
2244 but it creates consistency between symbols defining namespaces and
2245 users importing namespaces they make use of. This option relaxes this
2246 requirement and lifts the enforcement when loading a module.
2250 config UNUSED_SYMBOLS
2251 bool "Enable unused/obsolete exported symbols"
2254 Unused but exported symbols make the kernel needlessly bigger. For
2255 that reason most of these unused exports will soon be removed. This
2256 option is provided temporarily to provide a transition period in case
2257 some external kernel module needs one of these symbols anyway. If you
2258 encounter such a case in your module, consider if you are actually
2259 using the right API. (rationale: since nobody in the kernel is using
2260 this in a module, there is a pretty good chance it's actually the
2261 wrong interface to use). If you really need the symbol, please send a
2262 mail to the linux kernel mailing list mentioning the symbol and why
2263 you really need it, and what the merge plan to the mainline kernel for
2266 config TRIM_UNUSED_KSYMS
2267 bool "Trim unused exported kernel symbols"
2268 depends on !UNUSED_SYMBOLS
2270 The kernel and some modules make many symbols available for
2271 other modules to use via EXPORT_SYMBOL() and variants. Depending
2272 on the set of modules being selected in your kernel configuration,
2273 many of those exported symbols might never be used.
2275 This option allows for unused exported symbols to be dropped from
2276 the build. In turn, this provides the compiler more opportunities
2277 (especially when using LTO) for optimizing the code and reducing
2278 binary size. This might have some security advantages as well.
2280 If unsure, or if you need to build out-of-tree modules, say N.
2282 config UNUSED_KSYMS_WHITELIST
2283 string "Whitelist of symbols to keep in ksymtab"
2284 depends on TRIM_UNUSED_KSYMS
2286 By default, all unused exported symbols will be un-exported from the
2287 build when TRIM_UNUSED_KSYMS is selected.
2289 UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
2290 exported at all times, even in absence of in-tree users. The value to
2291 set here is the path to a text file containing the list of symbols,
2292 one per line. The path can be absolute, or relative to the kernel
2297 config MODULES_TREE_LOOKUP
2299 depends on PERF_EVENTS || TRACING
2301 config INIT_ALL_POSSIBLE
2304 Back when each arch used to define their own cpu_online_mask and
2305 cpu_possible_mask, some of them chose to initialize cpu_possible_mask
2306 with all 1s, and others with all 0s. When they were centralised,
2307 it was better to provide this option than to break all the archs
2308 and have several arch maintainers pursuing me down dark alleys.
2310 source "block/Kconfig"
2312 config PREEMPT_NOTIFIERS
2322 Build a simple ASN.1 grammar compiler that produces a bytecode output
2323 that can be interpreted by the ASN.1 stream decoder and used to
2324 inform it as to what tags are to be expected in a stream and what
2325 functions to call on what tags.
2327 source "kernel/Kconfig.locks"
2329 config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
2332 config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
2335 # It may be useful for an architecture to override the definitions of the
2336 # SYSCALL_DEFINE() and __SYSCALL_DEFINEx() macros in <linux/syscalls.h>
2337 # and the COMPAT_ variants in <linux/compat.h>, in particular to use a
2338 # different calling convention for syscalls. They can also override the
2339 # macros for not-implemented syscalls in kernel/sys_ni.c and
2340 # kernel/time/posix-stubs.c. All these overrides need to be available in
2341 # <asm/syscall_wrapper.h>.
2342 config ARCH_HAS_SYSCALL_WRAPPER
projects / mirror_ubuntu-jammy-kernel.git / blob