1# SPDX-License-Identifier: GPL-2.0-only
2menuconfig MODULES
3	bool "Enable loadable module support"
4	modules
5	select EXECMEM
6	help
7	  Kernel modules are small pieces of compiled code which can
8	  be inserted in the running kernel, rather than being
9	  permanently built into the kernel.  You use the "modprobe"
10	  tool to add (and sometimes remove) them.  If you say Y here,
11	  many parts of the kernel can be built as modules (by
12	  answering M instead of Y where indicated): this is most
13	  useful for infrequently used options which are not required
14	  for booting.  For more information, see the man pages for
15	  modprobe, lsmod, modinfo, insmod and rmmod.
16
17	  If you say Y here, you will need to run "make
18	  modules_install" to put the modules under /lib/modules/
19	  where modprobe can find them (you may need to be root to do
20	  this).
21
22	  If unsure, say Y.
23
24if MODULES
25
26config MODULE_DEBUGFS
27	bool
28
29config MODULE_DEBUG
30	bool "Module debugging"
31	depends on DEBUG_FS
32	help
33	  Allows you to enable / disable features which can help you debug
34	  modules. You don't need these options on production systems.
35
36if MODULE_DEBUG
37
38config MODULE_STATS
39	bool "Module statistics"
40	depends on DEBUG_FS
41	select MODULE_DEBUGFS
42	help
43	  This option allows you to maintain a record of module statistics.
44	  For example, size of all modules, average size, text size, a list
45	  of failed modules and the size for each of those. For failed
46	  modules we keep track of modules which failed due to either the
47	  existing module taking too long to load or that module was already
48	  loaded.
49
50	  You should enable this if you are debugging production loads
51	  and want to see if userspace or the kernel is doing stupid things
52	  with loading modules when it shouldn't or if you want to help
53	  optimize userspace / kernel space module autoloading schemes.
54	  You might want to do this because failed modules tend to use
55	  up significant amount of memory, and so you'd be doing everyone a
56	  favor in avoiding these failures proactively.
57
58	  This functionality is also useful for those experimenting with
59	  module .text ELF section optimization.
60
61	  If unsure, say N.
62
63config MODULE_DEBUG_AUTOLOAD_DUPS
64	bool "Debug duplicate modules with auto-loading"
65	help
66	  Module autoloading allows in-kernel code to request modules through
67	  the *request_module*() API calls. This in turn just calls userspace
68	  modprobe. Although modprobe checks to see if a module is already
69	  loaded before trying to load a module there is a small time window in
70	  which multiple duplicate requests can end up in userspace and multiple
71	  modprobe calls race calling finit_module() around the same time for
72	  duplicate modules. The finit_module() system call can consume in the
73	  worst case more than twice the respective module size in virtual
74	  memory for each duplicate module requests. Although duplicate module
75	  requests are non-fatal virtual memory is a limited resource and each
76	  duplicate module request ends up just unnecessarily straining virtual
77	  memory.
78
79	  This debugging facility will create pr_warn() splats for duplicate
80	  module requests to help identify if module auto-loading may be the
81	  culprit to your early boot virtual memory pressure. Since virtual
82	  memory abuse caused by duplicate module requests could render a
83	  system unusable this functionality will also converge races in
84	  requests for the same module to a single request. You can boot with
85	  the module.enable_dups_trace=1 kernel parameter to use WARN_ON()
86	  instead of the pr_warn().
87
88	  If the first module request used request_module_nowait() we cannot
89	  use that as the anchor to wait for duplicate module requests, since
90	  users of request_module() do want a proper return value. If a call
91	  for the same module happened earlier with request_module() though,
92	  then a duplicate request_module_nowait() would be detected. The
93	  non-wait request_module() call is synchronous and waits until modprobe
94	  completes. Subsequent auto-loading requests for the same module do
95	  not trigger a new finit_module() calls and do not strain virtual
96	  memory, and so as soon as modprobe successfully completes we remove
97	  tracking for duplicates for that module.
98
99	  Enable this functionality to try to debug virtual memory abuse during
100	  boot on systems which are failing to boot or if you suspect you may be
101	  straining virtual memory during boot, and you want to identify if the
102	  abuse was due to module auto-loading. These issues are currently only
103	  known to occur on systems with many CPUs (over 400) and is likely the
104	  result of udev issuing duplicate module requests for each CPU, and so
105	  module auto-loading is not the culprit. There may very well still be
106	  many duplicate module auto-loading requests which could be optimized
107	  for and this debugging facility can be used to help identify them.
108
109	  Only enable this for debugging system functionality, never have it
110	  enabled on real systems.
111
112config MODULE_DEBUG_AUTOLOAD_DUPS_TRACE
113	bool "Force full stack trace when duplicates are found"
114	depends on MODULE_DEBUG_AUTOLOAD_DUPS
115	help
116	  Enabling this will force a full stack trace for duplicate module
117	  auto-loading requests using WARN_ON() instead of pr_warn(). You
118	  should keep this disabled at all times unless you are a developer
119	  and are doing a manual inspection and want to debug exactly why
120	  these duplicates occur.
121
122endif # MODULE_DEBUG
123
124config MODULE_FORCE_LOAD
125	bool "Forced module loading"
126	default n
127	help
128	  Allow loading of modules without version information (ie. modprobe
129	  --force).  Forced module loading sets the 'F' (forced) taint flag and
130	  is usually a really bad idea.
131
132config MODULE_UNLOAD
133	bool "Module unloading"
134	help
135	  Without this option you will not be able to unload any
136	  modules (note that some modules may not be unloadable
137	  anyway), which makes your kernel smaller, faster
138	  and simpler.  If unsure, say Y.
139
140config MODULE_FORCE_UNLOAD
141	bool "Forced module unloading"
142	depends on MODULE_UNLOAD
143	help
144	  This option allows you to force a module to unload, even if the
145	  kernel believes it is unsafe: the kernel will remove the module
146	  without waiting for anyone to stop using it (using the -f option to
147	  rmmod).  This is mainly for kernel developers and desperate users.
148	  If unsure, say N.
149
150config MODULE_UNLOAD_TAINT_TRACKING
151	bool "Tainted module unload tracking"
152	depends on MODULE_UNLOAD
153	select MODULE_DEBUGFS
154	help
155	  This option allows you to maintain a record of each unloaded
156	  module that tainted the kernel. In addition to displaying a
157	  list of linked (or loaded) modules e.g. on detection of a bad
158	  page (see bad_page()), the aforementioned details are also
159	  shown. If unsure, say N.
160
161config MODVERSIONS
162	bool "Module versioning support"
163	depends on !COMPILE_TEST
164	help
165	  Usually, you have to use modules compiled with your kernel.
166	  Saying Y here makes it sometimes possible to use modules
167	  compiled for different kernels, by adding enough information
168	  to the modules to (hopefully) spot any changes which would
169	  make them incompatible with the kernel you are running.  If
170	  unsure, say N.
171
172choice
173	prompt "Module versioning implementation"
174	depends on MODVERSIONS
175	help
176	  Select the tool used to calculate symbol versions for modules.
177
178	  If unsure, select GENKSYMS.
179
180config GENKSYMS
181	bool "genksyms (from source code)"
182	help
183	  Calculate symbol versions from pre-processed source code using
184	  genksyms.
185
186	  If unsure, say Y.
187
188config GENDWARFKSYMS
189	bool "gendwarfksyms (from debugging information)"
190	depends on DEBUG_INFO
191	# Requires full debugging information, split DWARF not supported.
192	depends on !DEBUG_INFO_REDUCED && !DEBUG_INFO_SPLIT
193	# Requires ELF object files.
194	depends on !LTO
195	# To avoid conflicts with the discarded __gendwarfksyms_ptr symbols on
196	# X86, requires pahole before commit 47dcb534e253 ("btf_encoder: Stop
197	# indexing symbols for VARs") or after commit 9810758003ce ("btf_encoder:
198	# Verify 0 address DWARF variables are in ELF section").
199	depends on !X86 || !DEBUG_INFO_BTF || PAHOLE_VERSION < 128 || PAHOLE_VERSION > 129
200	help
201	  Calculate symbol versions from DWARF debugging information using
202	  gendwarfksyms. Requires DEBUG_INFO to be enabled.
203
204	  If unsure, say N.
205endchoice
206
207config ASM_MODVERSIONS
208	bool
209	default HAVE_ASM_MODVERSIONS && MODVERSIONS
210	help
211	  This enables module versioning for exported symbols also from
212	  assembly. This can be enabled only when the target architecture
213	  supports it.
214
215config EXTENDED_MODVERSIONS
216	bool "Extended Module Versioning Support"
217	depends on MODVERSIONS
218	help
219	  This enables extended MODVERSIONs support, allowing long symbol
220	  names to be versioned.
221
222	  The most likely reason you would enable this is to enable Rust
223	  support. If unsure, say N.
224
225config BASIC_MODVERSIONS
226	bool "Basic Module Versioning Support"
227	depends on MODVERSIONS
228	default y
229	help
230	  This enables basic MODVERSIONS support, allowing older tools or
231	  kernels to potentially load modules.
232
233	  Disabling this may cause older `modprobe` or `kmod` to be unable
234	  to read MODVERSIONS information from built modules. With this
235	  disabled, older kernels may treat this module as unversioned.
236
237	  This is enabled by default when MODVERSIONS are enabled.
238	  If unsure, say Y.
239
240config MODULE_SRCVERSION_ALL
241	bool "Source checksum for all modules"
242	help
243	  Modules which contain a MODULE_VERSION get an extra "srcversion"
244	  field inserted into their modinfo section, which contains a
245	  sum of the source files which made it.  This helps maintainers
246	  see exactly which source was used to build a module (since
247	  others sometimes change the module source without updating
248	  the version).  With this option, such a "srcversion" field
249	  will be created for all modules.  If unsure, say N.
250
251config MODULE_SIG
252	bool "Module signature verification"
253	select MODULE_SIG_FORMAT
254	help
255	  Check modules for valid signatures upon load: the signature
256	  is simply appended to the module. For more information see
257	  <file:Documentation/admin-guide/module-signing.rst>.
258
259	  Note that this option adds the OpenSSL development packages as a
260	  kernel build dependency so that the signing tool can use its crypto
261	  library.
262
263	  You should enable this option if you wish to use either
264	  CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
265	  another LSM - otherwise unsigned modules will be loadable regardless
266	  of the lockdown policy.
267
268	  !!!WARNING!!!  If you enable this option, you MUST make sure that the
269	  module DOES NOT get stripped after being signed.  This includes the
270	  debuginfo strip done by some packagers (such as rpmbuild) and
271	  inclusion into an initramfs that wants the module size reduced.
272
273config MODULE_SIG_FORCE
274	bool "Require modules to be validly signed"
275	depends on MODULE_SIG
276	help
277	  Reject unsigned modules or signed modules for which we don't have a
278	  key.  Without this, such modules will simply taint the kernel.
279
280config MODULE_SIG_ALL
281	bool "Automatically sign all modules"
282	default y
283	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
284	help
285	  Sign all modules during make modules_install. Without this option,
286	  modules must be signed manually, using the scripts/sign-file tool.
287
288comment "Do not forget to sign required modules with scripts/sign-file"
289	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
290
291choice
292	prompt "Hash algorithm to sign modules"
293	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
294	default MODULE_SIG_SHA512
295	help
296	  This determines which sort of hashing algorithm will be used during
297	  signature generation.  This algorithm _must_ be built into the kernel
298	  directly so that signature verification can take place.  It is not
299	  possible to load a signed module containing the algorithm to check
300	  the signature on that module.
301
302config MODULE_SIG_SHA1
303	bool "SHA-1"
304	select CRYPTO_SHA1
305
306config MODULE_SIG_SHA256
307	bool "SHA-256"
308	select CRYPTO_SHA256
309
310config MODULE_SIG_SHA384
311	bool "SHA-384"
312	select CRYPTO_SHA512
313
314config MODULE_SIG_SHA512
315	bool "SHA-512"
316	select CRYPTO_SHA512
317
318config MODULE_SIG_SHA3_256
319	bool "SHA3-256"
320	select CRYPTO_SHA3
321
322config MODULE_SIG_SHA3_384
323	bool "SHA3-384"
324	select CRYPTO_SHA3
325
326config MODULE_SIG_SHA3_512
327	bool "SHA3-512"
328	select CRYPTO_SHA3
329
330endchoice
331
332config MODULE_SIG_HASH
333	string
334	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
335	default "sha1" if MODULE_SIG_SHA1
336	default "sha256" if MODULE_SIG_SHA256
337	default "sha384" if MODULE_SIG_SHA384
338	default "sha512" if MODULE_SIG_SHA512
339	default "sha3-256" if MODULE_SIG_SHA3_256
340	default "sha3-384" if MODULE_SIG_SHA3_384
341	default "sha3-512" if MODULE_SIG_SHA3_512
342
343config MODULE_COMPRESS
344	bool "Module compression"
345	help
346	  Enable module compression to reduce on-disk size of module binaries.
347	  This is fully compatible with signed modules.
348
349	  The tool used to work with modules needs to support the selected
350	  compression type. kmod MAY support gzip, xz and zstd. Other tools
351	  might have a limited selection of the supported types.
352
353	  Note that for modules inside an initrd or initramfs, it's more
354	  efficient to compress the whole ramdisk instead.
355
356	  If unsure, say N.
357
358choice
359	prompt "Module compression type"
360	depends on MODULE_COMPRESS
361	help
362	  Choose the supported algorithm for module compression.
363
364config MODULE_COMPRESS_GZIP
365	bool "GZIP"
366	help
367	  Support modules compressed with GZIP. The installed modules are
368	  suffixed with .ko.gz.
369
370config MODULE_COMPRESS_XZ
371	bool "XZ"
372	help
373	  Support modules compressed with XZ. The installed modules are
374	  suffixed with .ko.xz.
375
376config MODULE_COMPRESS_ZSTD
377	bool "ZSTD"
378	help
379	  Support modules compressed with ZSTD. The installed modules are
380	  suffixed with .ko.zst.
381
382endchoice
383
384config MODULE_COMPRESS_ALL
385	bool "Automatically compress all modules"
386	default y
387	depends on MODULE_COMPRESS
388	help
389	  Compress all modules during 'make modules_install'.
390
391	  Your build system needs to provide the appropriate compression tool
392	  for the selected compression type. External modules will also be
393	  compressed in the same way during the installation.
394
395config MODULE_DECOMPRESS
396	bool "Support in-kernel module decompression"
397	depends on MODULE_COMPRESS
398	select ZLIB_INFLATE if MODULE_COMPRESS_GZIP
399	select XZ_DEC if MODULE_COMPRESS_XZ
400	select ZSTD_DECOMPRESS if MODULE_COMPRESS_ZSTD
401	help
402	  Support for decompressing kernel modules by the kernel itself
403	  instead of relying on userspace to perform this task. Useful when
404	  load pinning security policy is enabled.
405
406	  If unsure, say N.
407
408config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
409	bool "Allow loading of modules with missing namespace imports"
410	help
411	  Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
412	  a namespace. A module that makes use of a symbol exported with such a
413	  namespace is required to import the namespace via MODULE_IMPORT_NS("").
414	  There is no technical reason to enforce correct namespace imports,
415	  but it creates consistency between symbols defining namespaces and
416	  users importing namespaces they make use of. This option relaxes this
417	  requirement and lifts the enforcement when loading a module.
418
419	  If unsure, say N.
420
421config MODPROBE_PATH
422	string "Path to modprobe binary"
423	default "/sbin/modprobe"
424	help
425	  When kernel code requests a module, it does so by calling
426	  the "modprobe" userspace utility. This option allows you to
427	  set the path where that binary is found. This can be changed
428	  at runtime via the sysctl file
429	  /proc/sys/kernel/modprobe. Setting this to the empty string
430	  removes the kernel's ability to request modules (but
431	  userspace can still load modules explicitly).
432
433config TRIM_UNUSED_KSYMS
434	bool "Trim unused exported kernel symbols"
435	help
436	  The kernel and some modules make many symbols available for
437	  other modules to use via EXPORT_SYMBOL() and variants. Depending
438	  on the set of modules being selected in your kernel configuration,
439	  many of those exported symbols might never be used.
440
441	  This option allows for unused exported symbols to be dropped from
442	  the build. In turn, this provides the compiler more opportunities
443	  (especially when using LTO) for optimizing the code and reducing
444	  binary size.  This might have some security advantages as well.
445
446	  If unsure, or if you need to build out-of-tree modules, say N.
447
448config UNUSED_KSYMS_WHITELIST
449	string "Whitelist of symbols to keep in ksymtab"
450	depends on TRIM_UNUSED_KSYMS
451	help
452	  By default, all unused exported symbols will be un-exported from the
453	  build when TRIM_UNUSED_KSYMS is selected.
454
455	  UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
456	  exported at all times, even in absence of in-tree users. The value to
457	  set here is the path to a text file containing the list of symbols,
458	  one per line. The path can be absolute, or relative to the kernel
459	  source or obj tree.
460
461config MODULES_TREE_LOOKUP
462	def_bool y
463	depends on PERF_EVENTS || TRACING || CFI_CLANG
464
465endif # MODULES
466