1 # SPDX-License-Identifier: GPL-2.0-only
2 menuconfig MODULES
3 	bool "Enable loadable module support"
4 	modules
5 	select EXECMEM
6 	help
7 	  Kernel modules are small pieces of compiled code which can
8 	  be inserted in the running kernel, rather than being
9 	  permanently built into the kernel.  You use the "modprobe"
10 	  tool to add (and sometimes remove) them.  If you say Y here,
11 	  many parts of the kernel can be built as modules (by
12 	  answering M instead of Y where indicated): this is most
13 	  useful for infrequently used options which are not required
14 	  for booting.  For more information, see the man pages for
15 	  modprobe, lsmod, modinfo, insmod and rmmod.
16 
17 	  If you say Y here, you will need to run "make
18 	  modules_install" to put the modules under /lib/modules/
19 	  where modprobe can find them (you may need to be root to do
20 	  this).
21 
22 	  If unsure, say Y.
23 
24 if MODULES
25 
26 config MODULE_DEBUGFS
27 	bool
28 
29 config MODULE_DEBUG
30 	bool "Module debugging"
31 	depends on DEBUG_FS
32 	help
33 	  Allows you to enable / disable features which can help you debug
34 	  modules. You don't need these options on production systems.
35 
36 if MODULE_DEBUG
37 
38 config MODULE_STATS
39 	bool "Module statistics"
40 	depends on DEBUG_FS
41 	select MODULE_DEBUGFS
42 	help
43 	  This option allows you to maintain a record of module statistics.
44 	  For example, size of all modules, average size, text size, a list
45 	  of failed modules and the size for each of those. For failed
46 	  modules we keep track of modules which failed due to either the
47 	  existing module taking too long to load or that module was already
48 	  loaded.
49 
50 	  You should enable this if you are debugging production loads
51 	  and want to see if userspace or the kernel is doing stupid things
52 	  with loading modules when it shouldn't or if you want to help
53 	  optimize userspace / kernel space module autoloading schemes.
54 	  You might want to do this because failed modules tend to use
55 	  up significant amount of memory, and so you'd be doing everyone a
56 	  favor in avoiding these failures proactively.
57 
58 	  This functionality is also useful for those experimenting with
59 	  module .text ELF section optimization.
60 
61 	  If unsure, say N.
62 
63 config MODULE_DEBUG_AUTOLOAD_DUPS
64 	bool "Debug duplicate modules with auto-loading"
65 	help
66 	  Module autoloading allows in-kernel code to request modules through
67 	  the *request_module*() API calls. This in turn just calls userspace
68 	  modprobe. Although modprobe checks to see if a module is already
69 	  loaded before trying to load a module there is a small time window in
70 	  which multiple duplicate requests can end up in userspace and multiple
71 	  modprobe calls race calling finit_module() around the same time for
72 	  duplicate modules. The finit_module() system call can consume in the
73 	  worst case more than twice the respective module size in virtual
74 	  memory for each duplicate module requests. Although duplicate module
75 	  requests are non-fatal virtual memory is a limited resource and each
76 	  duplicate module request ends up just unnecessarily straining virtual
77 	  memory.
78 
79 	  This debugging facility will create pr_warn() splats for duplicate
80 	  module requests to help identify if module auto-loading may be the
81 	  culprit to your early boot virtual memory pressure. Since virtual
82 	  memory abuse caused by duplicate module requests could render a
83 	  system unusable this functionality will also converge races in
84 	  requests for the same module to a single request. You can boot with
85 	  the module.enable_dups_trace=1 kernel parameter to use WARN_ON()
86 	  instead of the pr_warn().
87 
88 	  If the first module request used request_module_nowait() we cannot
89 	  use that as the anchor to wait for duplicate module requests, since
90 	  users of request_module() do want a proper return value. If a call
91 	  for the same module happened earlier with request_module() though,
92 	  then a duplicate request_module_nowait() would be detected. The
93 	  non-wait request_module() call is synchronous and waits until modprobe
94 	  completes. Subsequent auto-loading requests for the same module do
95 	  not trigger a new finit_module() calls and do not strain virtual
96 	  memory, and so as soon as modprobe successfully completes we remove
97 	  tracking for duplicates for that module.
98 
99 	  Enable this functionality to try to debug virtual memory abuse during
100 	  boot on systems which are failing to boot or if you suspect you may be
101 	  straining virtual memory during boot, and you want to identify if the
102 	  abuse was due to module auto-loading. These issues are currently only
103 	  known to occur on systems with many CPUs (over 400) and is likely the
104 	  result of udev issuing duplicate module requests for each CPU, and so
105 	  module auto-loading is not the culprit. There may very well still be
106 	  many duplicate module auto-loading requests which could be optimized
107 	  for and this debugging facility can be used to help identify them.
108 
109 	  Only enable this for debugging system functionality, never have it
110 	  enabled on real systems.
111 
112 config MODULE_DEBUG_AUTOLOAD_DUPS_TRACE
113 	bool "Force full stack trace when duplicates are found"
114 	depends on MODULE_DEBUG_AUTOLOAD_DUPS
115 	help
116 	  Enabling this will force a full stack trace for duplicate module
117 	  auto-loading requests using WARN_ON() instead of pr_warn(). You
118 	  should keep this disabled at all times unless you are a developer
119 	  and are doing a manual inspection and want to debug exactly why
120 	  these duplicates occur.
121 
122 endif # MODULE_DEBUG
123 
124 config MODULE_FORCE_LOAD
125 	bool "Forced module loading"
126 	default n
127 	help
128 	  Allow loading of modules without version information (ie. modprobe
129 	  --force).  Forced module loading sets the 'F' (forced) taint flag and
130 	  is usually a really bad idea.
131 
132 config MODULE_UNLOAD
133 	bool "Module unloading"
134 	help
135 	  Without this option you will not be able to unload any
136 	  modules (note that some modules may not be unloadable
137 	  anyway), which makes your kernel smaller, faster
138 	  and simpler.  If unsure, say Y.
139 
140 config MODULE_FORCE_UNLOAD
141 	bool "Forced module unloading"
142 	depends on MODULE_UNLOAD
143 	help
144 	  This option allows you to force a module to unload, even if the
145 	  kernel believes it is unsafe: the kernel will remove the module
146 	  without waiting for anyone to stop using it (using the -f option to
147 	  rmmod).  This is mainly for kernel developers and desperate users.
148 	  If unsure, say N.
149 
150 config MODULE_UNLOAD_TAINT_TRACKING
151 	bool "Tainted module unload tracking"
152 	depends on MODULE_UNLOAD
153 	select MODULE_DEBUGFS
154 	help
155 	  This option allows you to maintain a record of each unloaded
156 	  module that tainted the kernel. In addition to displaying a
157 	  list of linked (or loaded) modules e.g. on detection of a bad
158 	  page (see bad_page()), the aforementioned details are also
159 	  shown. If unsure, say N.
160 
161 config MODVERSIONS
162 	bool "Module versioning support"
163 	depends on !COMPILE_TEST
164 	help
165 	  Usually, you have to use modules compiled with your kernel.
166 	  Saying Y here makes it sometimes possible to use modules
167 	  compiled for different kernels, by adding enough information
168 	  to the modules to (hopefully) spot any changes which would
169 	  make them incompatible with the kernel you are running.  If
170 	  unsure, say N.
171 
172 config ASM_MODVERSIONS
173 	bool
174 	default HAVE_ASM_MODVERSIONS && MODVERSIONS
175 	help
176 	  This enables module versioning for exported symbols also from
177 	  assembly. This can be enabled only when the target architecture
178 	  supports it.
179 
180 config MODULE_SRCVERSION_ALL
181 	bool "Source checksum for all modules"
182 	help
183 	  Modules which contain a MODULE_VERSION get an extra "srcversion"
184 	  field inserted into their modinfo section, which contains a
185 	  sum of the source files which made it.  This helps maintainers
186 	  see exactly which source was used to build a module (since
187 	  others sometimes change the module source without updating
188 	  the version).  With this option, such a "srcversion" field
189 	  will be created for all modules.  If unsure, say N.
190 
191 config MODULE_SIG
192 	bool "Module signature verification"
193 	select MODULE_SIG_FORMAT
194 	help
195 	  Check modules for valid signatures upon load: the signature
196 	  is simply appended to the module. For more information see
197 	  <file:Documentation/admin-guide/module-signing.rst>.
198 
199 	  Note that this option adds the OpenSSL development packages as a
200 	  kernel build dependency so that the signing tool can use its crypto
201 	  library.
202 
203 	  You should enable this option if you wish to use either
204 	  CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
205 	  another LSM - otherwise unsigned modules will be loadable regardless
206 	  of the lockdown policy.
207 
208 	  !!!WARNING!!!  If you enable this option, you MUST make sure that the
209 	  module DOES NOT get stripped after being signed.  This includes the
210 	  debuginfo strip done by some packagers (such as rpmbuild) and
211 	  inclusion into an initramfs that wants the module size reduced.
212 
213 config MODULE_SIG_FORCE
214 	bool "Require modules to be validly signed"
215 	depends on MODULE_SIG
216 	help
217 	  Reject unsigned modules or signed modules for which we don't have a
218 	  key.  Without this, such modules will simply taint the kernel.
219 
220 config MODULE_SIG_ALL
221 	bool "Automatically sign all modules"
222 	default y
223 	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
224 	help
225 	  Sign all modules during make modules_install. Without this option,
226 	  modules must be signed manually, using the scripts/sign-file tool.
227 
228 comment "Do not forget to sign required modules with scripts/sign-file"
229 	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
230 
231 choice
232 	prompt "Hash algorithm to sign modules"
233 	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
234 	help
235 	  This determines which sort of hashing algorithm will be used during
236 	  signature generation.  This algorithm _must_ be built into the kernel
237 	  directly so that signature verification can take place.  It is not
238 	  possible to load a signed module containing the algorithm to check
239 	  the signature on that module.
240 
241 config MODULE_SIG_SHA1
242 	bool "SHA-1"
243 	select CRYPTO_SHA1
244 
245 config MODULE_SIG_SHA256
246 	bool "SHA-256"
247 	select CRYPTO_SHA256
248 
249 config MODULE_SIG_SHA384
250 	bool "SHA-384"
251 	select CRYPTO_SHA512
252 
253 config MODULE_SIG_SHA512
254 	bool "SHA-512"
255 	select CRYPTO_SHA512
256 
257 config MODULE_SIG_SHA3_256
258 	bool "SHA3-256"
259 	select CRYPTO_SHA3
260 
261 config MODULE_SIG_SHA3_384
262 	bool "SHA3-384"
263 	select CRYPTO_SHA3
264 
265 config MODULE_SIG_SHA3_512
266 	bool "SHA3-512"
267 	select CRYPTO_SHA3
268 
269 endchoice
270 
271 config MODULE_SIG_HASH
272 	string
273 	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
274 	default "sha1" if MODULE_SIG_SHA1
275 	default "sha256" if MODULE_SIG_SHA256
276 	default "sha384" if MODULE_SIG_SHA384
277 	default "sha512" if MODULE_SIG_SHA512
278 	default "sha3-256" if MODULE_SIG_SHA3_256
279 	default "sha3-384" if MODULE_SIG_SHA3_384
280 	default "sha3-512" if MODULE_SIG_SHA3_512
281 
282 config MODULE_COMPRESS
283 	bool "Module compression"
284 	help
285 	  Enable module compression to reduce on-disk size of module binaries.
286 	  This is fully compatible with signed modules.
287 
288 	  The tool used to work with modules needs to support the selected
289 	  compression type. kmod MAY support gzip, xz and zstd. Other tools
290 	  might have a limited selection of the supported types.
291 
292 	  Note that for modules inside an initrd or initramfs, it's more
293 	  efficient to compress the whole ramdisk instead.
294 
295 	  If unsure, say N.
296 
297 choice
298 	prompt "Module compression type"
299 	depends on MODULE_COMPRESS
300 	help
301 	  Choose the supported algorithm for module compression.
302 
303 config MODULE_COMPRESS_GZIP
304 	bool "GZIP"
305 	help
306 	  Support modules compressed with GZIP. The installed modules are
307 	  suffixed with .ko.gz.
308 
309 config MODULE_COMPRESS_XZ
310 	bool "XZ"
311 	help
312 	  Support modules compressed with XZ. The installed modules are
313 	  suffixed with .ko.xz.
314 
315 config MODULE_COMPRESS_ZSTD
316 	bool "ZSTD"
317 	help
318 	  Support modules compressed with ZSTD. The installed modules are
319 	  suffixed with .ko.zst.
320 
321 endchoice
322 
323 config MODULE_COMPRESS_ALL
324 	bool "Automatically compress all modules"
325 	default y
326 	depends on MODULE_COMPRESS
327 	help
328 	  Compress all modules during 'make modules_install'.
329 
330 	  Your build system needs to provide the appropriate compression tool
331 	  for the selected compression type. External modules will also be
332 	  compressed in the same way during the installation.
333 
334 config MODULE_DECOMPRESS
335 	bool "Support in-kernel module decompression"
336 	depends on MODULE_COMPRESS
337 	select ZLIB_INFLATE if MODULE_COMPRESS_GZIP
338 	select XZ_DEC if MODULE_COMPRESS_XZ
339 	select ZSTD_DECOMPRESS if MODULE_COMPRESS_ZSTD
340 	help
341 	  Support for decompressing kernel modules by the kernel itself
342 	  instead of relying on userspace to perform this task. Useful when
343 	  load pinning security policy is enabled.
344 
345 	  If unsure, say N.
346 
347 config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
348 	bool "Allow loading of modules with missing namespace imports"
349 	help
350 	  Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
351 	  a namespace. A module that makes use of a symbol exported with such a
352 	  namespace is required to import the namespace via MODULE_IMPORT_NS().
353 	  There is no technical reason to enforce correct namespace imports,
354 	  but it creates consistency between symbols defining namespaces and
355 	  users importing namespaces they make use of. This option relaxes this
356 	  requirement and lifts the enforcement when loading a module.
357 
358 	  If unsure, say N.
359 
360 config MODPROBE_PATH
361 	string "Path to modprobe binary"
362 	default "/sbin/modprobe"
363 	help
364 	  When kernel code requests a module, it does so by calling
365 	  the "modprobe" userspace utility. This option allows you to
366 	  set the path where that binary is found. This can be changed
367 	  at runtime via the sysctl file
368 	  /proc/sys/kernel/modprobe. Setting this to the empty string
369 	  removes the kernel's ability to request modules (but
370 	  userspace can still load modules explicitly).
371 
372 config TRIM_UNUSED_KSYMS
373 	bool "Trim unused exported kernel symbols"
374 	help
375 	  The kernel and some modules make many symbols available for
376 	  other modules to use via EXPORT_SYMBOL() and variants. Depending
377 	  on the set of modules being selected in your kernel configuration,
378 	  many of those exported symbols might never be used.
379 
380 	  This option allows for unused exported symbols to be dropped from
381 	  the build. In turn, this provides the compiler more opportunities
382 	  (especially when using LTO) for optimizing the code and reducing
383 	  binary size.  This might have some security advantages as well.
384 
385 	  If unsure, or if you need to build out-of-tree modules, say N.
386 
387 config UNUSED_KSYMS_WHITELIST
388 	string "Whitelist of symbols to keep in ksymtab"
389 	depends on TRIM_UNUSED_KSYMS
390 	help
391 	  By default, all unused exported symbols will be un-exported from the
392 	  build when TRIM_UNUSED_KSYMS is selected.
393 
394 	  UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
395 	  exported at all times, even in absence of in-tree users. The value to
396 	  set here is the path to a text file containing the list of symbols,
397 	  one per line. The path can be absolute, or relative to the kernel
398 	  source or obj tree.
399 
400 config MODULES_TREE_LOOKUP
401 	def_bool y
402 	depends on PERF_EVENTS || TRACING || CFI_CLANG
403 
404 endif # MODULES
405