1# SPDX-License-Identifier: GPL-2.0-only 2menuconfig MODULES 3 bool "Enable loadable module support" 4 modules 5 help 6 Kernel modules are small pieces of compiled code which can 7 be inserted in the running kernel, rather than being 8 permanently built into the kernel. You use the "modprobe" 9 tool to add (and sometimes remove) them. If you say Y here, 10 many parts of the kernel can be built as modules (by 11 answering M instead of Y where indicated): this is most 12 useful for infrequently used options which are not required 13 for booting. For more information, see the man pages for 14 modprobe, lsmod, modinfo, insmod and rmmod. 15 16 If you say Y here, you will need to run "make 17 modules_install" to put the modules under /lib/modules/ 18 where modprobe can find them (you may need to be root to do 19 this). 20 21 If unsure, say Y. 22 23if MODULES 24 25config MODULE_DEBUGFS 26 bool 27 28config MODULE_DEBUG 29 bool "Module debugging" 30 depends on DEBUG_FS 31 help 32 Allows you to enable / disable features which can help you debug 33 modules. You don't need these options on production systems. 34 35if MODULE_DEBUG 36 37config MODULE_STATS 38 bool "Module statistics" 39 depends on DEBUG_FS 40 select MODULE_DEBUGFS 41 help 42 This option allows you to maintain a record of module statistics. 43 For example, size of all modules, average size, text size, a list 44 of failed modules and the size for each of those. For failed 45 modules we keep track of modules which failed due to either the 46 existing module taking too long to load or that module was already 47 loaded. 48 49 You should enable this if you are debugging production loads 50 and want to see if userspace or the kernel is doing stupid things 51 with loading modules when it shouldn't or if you want to help 52 optimize userspace / kernel space module autoloading schemes. 53 You might want to do this because failed modules tend to use 54 up significant amount of memory, and so you'd be doing everyone a 55 favor in avoiding these failures proactively. 56 57 This functionality is also useful for those experimenting with 58 module .text ELF section optimization. 59 60 If unsure, say N. 61 62config MODULE_DEBUG_AUTOLOAD_DUPS 63 bool "Debug duplicate modules with auto-loading" 64 help 65 Module autoloading allows in-kernel code to request modules through 66 the *request_module*() API calls. This in turn just calls userspace 67 modprobe. Although modprobe checks to see if a module is already 68 loaded before trying to load a module there is a small time window in 69 which multiple duplicate requests can end up in userspace and multiple 70 modprobe calls race calling finit_module() around the same time for 71 duplicate modules. The finit_module() system call can consume in the 72 worst case more than twice the respective module size in virtual 73 memory for each duplicate module requests. Although duplicate module 74 requests are non-fatal virtual memory is a limited resource and each 75 duplicate module request ends up just unnecessarily straining virtual 76 memory. 77 78 This debugging facility will create pr_warn() splats for duplicate 79 module requests to help identify if module auto-loading may be the 80 culprit to your early boot virtual memory pressure. Since virtual 81 memory abuse caused by duplicate module requests could render a 82 system unusable this functionality will also converge races in 83 requests for the same module to a single request. You can boot with 84 the module.enable_dups_trace=1 kernel parameter to use WARN_ON() 85 instead of the pr_warn(). 86 87 If the first module request used request_module_nowait() we cannot 88 use that as the anchor to wait for duplicate module requests, since 89 users of request_module() do want a proper return value. If a call 90 for the same module happened earlier with request_module() though, 91 then a duplicate request_module_nowait() would be detected. The 92 non-wait request_module() call is synchronous and waits until modprobe 93 completes. Subsequent auto-loading requests for the same module do 94 not trigger a new finit_module() calls and do not strain virtual 95 memory, and so as soon as modprobe successfully completes we remove 96 tracking for duplicates for that module. 97 98 Enable this functionality to try to debug virtual memory abuse during 99 boot on systems which are failing to boot or if you suspect you may be 100 straining virtual memory during boot, and you want to identify if the 101 abuse was due to module auto-loading. These issues are currently only 102 known to occur on systems with many CPUs (over 400) and is likely the 103 result of udev issuing duplicate module requests for each CPU, and so 104 module auto-loading is not the culprit. There may very well still be 105 many duplicate module auto-loading requests which could be optimized 106 for and this debugging facility can be used to help identify them. 107 108 Only enable this for debugging system functionality, never have it 109 enabled on real systems. 110 111config MODULE_DEBUG_AUTOLOAD_DUPS_TRACE 112 bool "Force full stack trace when duplicates are found" 113 depends on MODULE_DEBUG_AUTOLOAD_DUPS 114 help 115 Enabling this will force a full stack trace for duplicate module 116 auto-loading requests using WARN_ON() instead of pr_warn(). You 117 should keep this disabled at all times unless you are a developer 118 and are doing a manual inspection and want to debug exactly why 119 these duplicates occur. 120 121endif # MODULE_DEBUG 122 123config MODULE_FORCE_LOAD 124 bool "Forced module loading" 125 default n 126 help 127 Allow loading of modules without version information (ie. modprobe 128 --force). Forced module loading sets the 'F' (forced) taint flag and 129 is usually a really bad idea. 130 131config MODULE_UNLOAD 132 bool "Module unloading" 133 help 134 Without this option you will not be able to unload any 135 modules (note that some modules may not be unloadable 136 anyway), which makes your kernel smaller, faster 137 and simpler. If unsure, say Y. 138 139config MODULE_FORCE_UNLOAD 140 bool "Forced module unloading" 141 depends on MODULE_UNLOAD 142 help 143 This option allows you to force a module to unload, even if the 144 kernel believes it is unsafe: the kernel will remove the module 145 without waiting for anyone to stop using it (using the -f option to 146 rmmod). This is mainly for kernel developers and desperate users. 147 If unsure, say N. 148 149config MODULE_UNLOAD_TAINT_TRACKING 150 bool "Tainted module unload tracking" 151 depends on MODULE_UNLOAD 152 select MODULE_DEBUGFS 153 help 154 This option allows you to maintain a record of each unloaded 155 module that tainted the kernel. In addition to displaying a 156 list of linked (or loaded) modules e.g. on detection of a bad 157 page (see bad_page()), the aforementioned details are also 158 shown. If unsure, say N. 159 160config MODVERSIONS 161 bool "Module versioning support" 162 help 163 Usually, you have to use modules compiled with your kernel. 164 Saying Y here makes it sometimes possible to use modules 165 compiled for different kernels, by adding enough information 166 to the modules to (hopefully) spot any changes which would 167 make them incompatible with the kernel you are running. If 168 unsure, say N. 169 170config ASM_MODVERSIONS 171 bool 172 default HAVE_ASM_MODVERSIONS && MODVERSIONS 173 help 174 This enables module versioning for exported symbols also from 175 assembly. This can be enabled only when the target architecture 176 supports it. 177 178config MODULE_SRCVERSION_ALL 179 bool "Source checksum for all modules" 180 help 181 Modules which contain a MODULE_VERSION get an extra "srcversion" 182 field inserted into their modinfo section, which contains a 183 sum of the source files which made it. This helps maintainers 184 see exactly which source was used to build a module (since 185 others sometimes change the module source without updating 186 the version). With this option, such a "srcversion" field 187 will be created for all modules. If unsure, say N. 188 189config MODULE_SCMVERSION 190 bool "SCM version for modules" 191 depends on LOCALVERSION_AUTO 192 help 193 This enables the module attribute "scmversion" which can be used 194 by developers to identify the SCM version of a given module, e.g. 195 git sha1 or hg sha1. The SCM version can be queried by modinfo or 196 via the sysfs node: /sys/modules/MODULENAME/scmversion. This is 197 useful when the kernel or kernel modules are updated separately 198 since that causes the vermagic of the kernel and the module to 199 differ. 200 201 If unsure, say N. 202 203config MODULE_SIG 204 bool "Module signature verification" 205 select MODULE_SIG_FORMAT 206 help 207 Check modules for valid signatures upon load: the signature 208 is simply appended to the module. For more information see 209 <file:Documentation/admin-guide/module-signing.rst>. 210 211 Note that this option adds the OpenSSL development packages as a 212 kernel build dependency so that the signing tool can use its crypto 213 library. 214 215 You should enable this option if you wish to use either 216 CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via 217 another LSM - otherwise unsigned modules will be loadable regardless 218 of the lockdown policy. 219 220 !!!WARNING!!! If you enable this option, you MUST make sure that the 221 module DOES NOT get stripped after being signed. This includes the 222 debuginfo strip done by some packagers (such as rpmbuild) and 223 inclusion into an initramfs that wants the module size reduced. 224 225config MODULE_SIG_FORCE 226 bool "Require modules to be validly signed" 227 depends on MODULE_SIG 228 help 229 Reject unsigned modules or signed modules for which we don't have a 230 key. Without this, such modules will simply taint the kernel. 231 232config MODULE_SIG_PROTECT 233 bool "Android GKI module protection" 234 depends on MODULE_SIG && !MODULE_SIG_FORCE 235 help 236 Enables Android GKI symbol and export protection support. 237 238 This modifies the behavior of the MODULE_SIG_FORCE as follows: 239 - Allows Android GKI Modules signed using MODULE_SIG_ALL during build. 240 - Allows other modules to load if they don't violate the access to 241 Android GKI protected symbols and do not export the symbols already 242 exported by the Android GKI modules. Loading will fail and return 243 -EACCES (Permission denied) if symbol access conditions are not met. 244 245config MODULE_SIG_ALL 246 bool "Automatically sign all modules" 247 default y 248 depends on MODULE_SIG || IMA_APPRAISE_MODSIG 249 help 250 Sign all modules during make modules_install. Without this option, 251 modules must be signed manually, using the scripts/sign-file tool. 252 253comment "Do not forget to sign required modules with scripts/sign-file" 254 depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL 255 256choice 257 prompt "Which hash algorithm should modules be signed with?" 258 depends on MODULE_SIG || IMA_APPRAISE_MODSIG 259 help 260 This determines which sort of hashing algorithm will be used during 261 signature generation. This algorithm _must_ be built into the kernel 262 directly so that signature verification can take place. It is not 263 possible to load a signed module containing the algorithm to check 264 the signature on that module. 265 266config MODULE_SIG_SHA1 267 bool "Sign modules with SHA-1" 268 select CRYPTO_SHA1 269 270config MODULE_SIG_SHA224 271 bool "Sign modules with SHA-224" 272 select CRYPTO_SHA256 273 274config MODULE_SIG_SHA256 275 bool "Sign modules with SHA-256" 276 select CRYPTO_SHA256 277 278config MODULE_SIG_SHA384 279 bool "Sign modules with SHA-384" 280 select CRYPTO_SHA512 281 282config MODULE_SIG_SHA512 283 bool "Sign modules with SHA-512" 284 select CRYPTO_SHA512 285 286endchoice 287 288config MODULE_SIG_HASH 289 string 290 depends on MODULE_SIG || IMA_APPRAISE_MODSIG 291 default "sha1" if MODULE_SIG_SHA1 292 default "sha224" if MODULE_SIG_SHA224 293 default "sha256" if MODULE_SIG_SHA256 294 default "sha384" if MODULE_SIG_SHA384 295 default "sha512" if MODULE_SIG_SHA512 296 297choice 298 prompt "Module compression mode" 299 help 300 This option allows you to choose the algorithm which will be used to 301 compress modules when 'make modules_install' is run. (or, you can 302 choose to not compress modules at all.) 303 304 External modules will also be compressed in the same way during the 305 installation. 306 307 For modules inside an initrd or initramfs, it's more efficient to 308 compress the whole initrd or initramfs instead. 309 310 This is fully compatible with signed modules. 311 312 Please note that the tool used to load modules needs to support the 313 corresponding algorithm. module-init-tools MAY support gzip, and kmod 314 MAY support gzip, xz and zstd. 315 316 Your build system needs to provide the appropriate compression tool 317 to compress the modules. 318 319 If in doubt, select 'None'. 320 321config MODULE_COMPRESS_NONE 322 bool "None" 323 help 324 Do not compress modules. The installed modules are suffixed 325 with .ko. 326 327config MODULE_COMPRESS_GZIP 328 bool "GZIP" 329 help 330 Compress modules with GZIP. The installed modules are suffixed 331 with .ko.gz. 332 333config MODULE_COMPRESS_XZ 334 bool "XZ" 335 help 336 Compress modules with XZ. The installed modules are suffixed 337 with .ko.xz. 338 339config MODULE_COMPRESS_ZSTD 340 bool "ZSTD" 341 help 342 Compress modules with ZSTD. The installed modules are suffixed 343 with .ko.zst. 344 345endchoice 346 347config MODULE_DECOMPRESS 348 bool "Support in-kernel module decompression" 349 depends on MODULE_COMPRESS_GZIP || MODULE_COMPRESS_XZ || MODULE_COMPRESS_ZSTD 350 select ZLIB_INFLATE if MODULE_COMPRESS_GZIP 351 select XZ_DEC if MODULE_COMPRESS_XZ 352 select ZSTD_DECOMPRESS if MODULE_COMPRESS_ZSTD 353 help 354 355 Support for decompressing kernel modules by the kernel itself 356 instead of relying on userspace to perform this task. Useful when 357 load pinning security policy is enabled. 358 359 If unsure, say N. 360 361config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS 362 bool "Allow loading of modules with missing namespace imports" 363 help 364 Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in 365 a namespace. A module that makes use of a symbol exported with such a 366 namespace is required to import the namespace via MODULE_IMPORT_NS(). 367 There is no technical reason to enforce correct namespace imports, 368 but it creates consistency between symbols defining namespaces and 369 users importing namespaces they make use of. This option relaxes this 370 requirement and lifts the enforcement when loading a module. 371 372 If unsure, say N. 373 374config MODPROBE_PATH 375 string "Path to modprobe binary" 376 default "/sbin/modprobe" 377 help 378 When kernel code requests a module, it does so by calling 379 the "modprobe" userspace utility. This option allows you to 380 set the path where that binary is found. This can be changed 381 at runtime via the sysctl file 382 /proc/sys/kernel/modprobe. Setting this to the empty string 383 removes the kernel's ability to request modules (but 384 userspace can still load modules explicitly). 385 386config TRIM_UNUSED_KSYMS 387 bool "Trim unused exported kernel symbols" if EXPERT 388 depends on !COMPILE_TEST 389 help 390 The kernel and some modules make many symbols available for 391 other modules to use via EXPORT_SYMBOL() and variants. Depending 392 on the set of modules being selected in your kernel configuration, 393 many of those exported symbols might never be used. 394 395 This option allows for unused exported symbols to be dropped from 396 the build. In turn, this provides the compiler more opportunities 397 (especially when using LTO) for optimizing the code and reducing 398 binary size. This might have some security advantages as well. 399 400 If unsure, or if you need to build out-of-tree modules, say N. 401 402config UNUSED_KSYMS_WHITELIST 403 string "Whitelist of symbols to keep in ksymtab" 404 depends on TRIM_UNUSED_KSYMS 405 help 406 By default, all unused exported symbols will be un-exported from the 407 build when TRIM_UNUSED_KSYMS is selected. 408 409 UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept 410 exported at all times, even in absence of in-tree users. The value to 411 set here is the path to a text file containing the list of symbols, 412 one per line. The path can be absolute, or relative to the kernel 413 source or obj tree. 414 415config MODULES_TREE_LOOKUP 416 def_bool y 417 depends on PERF_EVENTS || TRACING || CFI_CLANG 418 419endif # MODULES 420