riscv: Fix P4D_SHIFT definition for 3-level page table mode

[platform/kernel/linux-rpi.git] / kernel / module / Kconfig

# SPDX-License-Identifier: GPL-2.0-only
menuconfig MODULES
        bool "Enable loadable module support"
        modules
        help
          Kernel modules are small pieces of compiled code which can
          be inserted in the running kernel, rather than being
          permanently built into the kernel.  You use the "modprobe"
          tool to add (and sometimes remove) them.  If you say Y here,
          many parts of the kernel can be built as modules (by
          answering M instead of Y where indicated): this is most
          useful for infrequently used options which are not required
          for booting.  For more information, see the man pages for
          modprobe, lsmod, modinfo, insmod and rmmod.

          If you say Y here, you will need to run "make
          modules_install" to put the modules under /lib/modules/
          where modprobe can find them (you may need to be root to do
          this).

          If unsure, say Y.

if MODULES

config MODULE_FORCE_LOAD
        bool "Forced module loading"
        default n
        help
          Allow loading of modules without version information (ie. modprobe
          --force).  Forced module loading sets the 'F' (forced) taint flag and
          is usually a really bad idea.

config MODULE_UNLOAD
        bool "Module unloading"
        help
          Without this option you will not be able to unload any
          modules (note that some modules may not be unloadable
          anyway), which makes your kernel smaller, faster
          and simpler.  If unsure, say Y.

config MODULE_FORCE_UNLOAD
        bool "Forced module unloading"
        depends on MODULE_UNLOAD
        help
          This option allows you to force a module to unload, even if the
          kernel believes it is unsafe: the kernel will remove the module
          without waiting for anyone to stop using it (using the -f option to
          rmmod).  This is mainly for kernel developers and desperate users.
          If unsure, say N.

config MODULE_UNLOAD_TAINT_TRACKING
        bool "Tainted module unload tracking"
        depends on MODULE_UNLOAD
        default n
        help
          This option allows you to maintain a record of each unloaded
          module that tainted the kernel. In addition to displaying a
          list of linked (or loaded) modules e.g. on detection of a bad
          page (see bad_page()), the aforementioned details are also
          shown. If unsure, say N.

config MODVERSIONS
        bool "Module versioning support"
        help
          Usually, you have to use modules compiled with your kernel.
          Saying Y here makes it sometimes possible to use modules
          compiled for different kernels, by adding enough information
          to the modules to (hopefully) spot any changes which would
          make them incompatible with the kernel you are running.  If
          unsure, say N.

config ASM_MODVERSIONS
        bool
        default HAVE_ASM_MODVERSIONS && MODVERSIONS
        help
          This enables module versioning for exported symbols also from
          assembly. This can be enabled only when the target architecture
          supports it.

config MODULE_SRCVERSION_ALL
        bool "Source checksum for all modules"
        help
          Modules which contain a MODULE_VERSION get an extra "srcversion"
          field inserted into their modinfo section, which contains a
          sum of the source files which made it.  This helps maintainers
          see exactly which source was used to build a module (since
          others sometimes change the module source without updating
          the version).  With this option, such a "srcversion" field
          will be created for all modules.  If unsure, say N.

config MODULE_SIG
        bool "Module signature verification"
        select MODULE_SIG_FORMAT
        help
          Check modules for valid signatures upon load: the signature
          is simply appended to the module. For more information see
          <file:Documentation/admin-guide/module-signing.rst>.

          Note that this option adds the OpenSSL development packages as a
          kernel build dependency so that the signing tool can use its crypto
          library.

          You should enable this option if you wish to use either
          CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
          another LSM - otherwise unsigned modules will be loadable regardless
          of the lockdown policy.

          !!!WARNING!!!  If you enable this option, you MUST make sure that the
          module DOES NOT get stripped after being signed.  This includes the
          debuginfo strip done by some packagers (such as rpmbuild) and
          inclusion into an initramfs that wants the module size reduced.

config MODULE_SIG_FORCE
        bool "Require modules to be validly signed"
        depends on MODULE_SIG
        help
          Reject unsigned modules or signed modules for which we don't have a
          key.  Without this, such modules will simply taint the kernel.

config MODULE_SIG_ALL
        bool "Automatically sign all modules"
        default y
        depends on MODULE_SIG || IMA_APPRAISE_MODSIG
        help
          Sign all modules during make modules_install. Without this option,
          modules must be signed manually, using the scripts/sign-file tool.

comment "Do not forget to sign required modules with scripts/sign-file"
        depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL

choice
        prompt "Which hash algorithm should modules be signed with?"
        depends on MODULE_SIG || IMA_APPRAISE_MODSIG
        help
          This determines which sort of hashing algorithm will be used during
          signature generation.  This algorithm _must_ be built into the kernel
          directly so that signature verification can take place.  It is not
          possible to load a signed module containing the algorithm to check
          the signature on that module.

config MODULE_SIG_SHA1
        bool "Sign modules with SHA-1"
        select CRYPTO_SHA1

config MODULE_SIG_SHA224
        bool "Sign modules with SHA-224"
        select CRYPTO_SHA256

config MODULE_SIG_SHA256
        bool "Sign modules with SHA-256"
        select CRYPTO_SHA256

config MODULE_SIG_SHA384
        bool "Sign modules with SHA-384"
        select CRYPTO_SHA512

config MODULE_SIG_SHA512
        bool "Sign modules with SHA-512"
        select CRYPTO_SHA512

endchoice

config MODULE_SIG_HASH
        string
        depends on MODULE_SIG || IMA_APPRAISE_MODSIG
        default "sha1" if MODULE_SIG_SHA1
        default "sha224" if MODULE_SIG_SHA224
        default "sha256" if MODULE_SIG_SHA256
        default "sha384" if MODULE_SIG_SHA384
        default "sha512" if MODULE_SIG_SHA512

choice
        prompt "Module compression mode"
        help
          This option allows you to choose the algorithm which will be used to
          compress modules when 'make modules_install' is run. (or, you can
          choose to not compress modules at all.)

          External modules will also be compressed in the same way during the
          installation.

          For modules inside an initrd or initramfs, it's more efficient to
          compress the whole initrd or initramfs instead.

          This is fully compatible with signed modules.

          Please note that the tool used to load modules needs to support the
          corresponding algorithm. module-init-tools MAY support gzip, and kmod
          MAY support gzip, xz and zstd.

          Your build system needs to provide the appropriate compression tool
          to compress the modules.

          If in doubt, select 'None'.

config MODULE_COMPRESS_NONE
        bool "None"
        help
          Do not compress modules. The installed modules are suffixed
          with .ko.

config MODULE_COMPRESS_GZIP
        bool "GZIP"
        help
          Compress modules with GZIP. The installed modules are suffixed
          with .ko.gz.

config MODULE_COMPRESS_XZ
        bool "XZ"
        help
          Compress modules with XZ. The installed modules are suffixed
          with .ko.xz.

config MODULE_COMPRESS_ZSTD
        bool "ZSTD"
        help
          Compress modules with ZSTD. The installed modules are suffixed
          with .ko.zst.

endchoice

config MODULE_DECOMPRESS
        bool "Support in-kernel module decompression"
        depends on MODULE_COMPRESS_GZIP || MODULE_COMPRESS_XZ
        select ZLIB_INFLATE if MODULE_COMPRESS_GZIP
        select XZ_DEC if MODULE_COMPRESS_XZ
        help

          Support for decompressing kernel modules by the kernel itself
          instead of relying on userspace to perform this task. Useful when
          load pinning security policy is enabled.

          If unsure, say N.

config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
        bool "Allow loading of modules with missing namespace imports"
        help
          Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
          a namespace. A module that makes use of a symbol exported with such a
          namespace is required to import the namespace via MODULE_IMPORT_NS().
          There is no technical reason to enforce correct namespace imports,
          but it creates consistency between symbols defining namespaces and
          users importing namespaces they make use of. This option relaxes this
          requirement and lifts the enforcement when loading a module.

          If unsure, say N.

config MODPROBE_PATH
        string "Path to modprobe binary"
        default "/sbin/modprobe"
        help
          When kernel code requests a module, it does so by calling
          the "modprobe" userspace utility. This option allows you to
          set the path where that binary is found. This can be changed
          at runtime via the sysctl file
          /proc/sys/kernel/modprobe. Setting this to the empty string
          removes the kernel's ability to request modules (but
          userspace can still load modules explicitly).

config TRIM_UNUSED_KSYMS
        bool "Trim unused exported kernel symbols" if EXPERT
        depends on !COMPILE_TEST
        help
          The kernel and some modules make many symbols available for
          other modules to use via EXPORT_SYMBOL() and variants. Depending
          on the set of modules being selected in your kernel configuration,
          many of those exported symbols might never be used.

          This option allows for unused exported symbols to be dropped from
          the build. In turn, this provides the compiler more opportunities
          (especially when using LTO) for optimizing the code and reducing
          binary size.  This might have some security advantages as well.

          If unsure, or if you need to build out-of-tree modules, say N.

config UNUSED_KSYMS_WHITELIST
        string "Whitelist of symbols to keep in ksymtab"
        depends on TRIM_UNUSED_KSYMS
        help
          By default, all unused exported symbols will be un-exported from the
          build when TRIM_UNUSED_KSYMS is selected.

          UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
          exported at all times, even in absence of in-tree users. The value to
          set here is the path to a text file containing the list of symbols,
          one per line. The path can be absolute, or relative to the kernel
          source tree.

config MODULES_TREE_LOOKUP
        def_bool y
        depends on PERF_EVENTS || TRACING || CFI_CLANG

endif # MODULES