Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2menuconfig MODULES
3 bool "Enable loadable module support"
4 modules
5 help
6 Kernel modules are small pieces of compiled code which can
7 be inserted in the running kernel, rather than being
8 permanently built into the kernel. You use the "modprobe"
9 tool to add (and sometimes remove) them. If you say Y here,
10 many parts of the kernel can be built as modules (by
11 answering M instead of Y where indicated): this is most
12 useful for infrequently used options which are not required
13 for booting. For more information, see the man pages for
14 modprobe, lsmod, modinfo, insmod and rmmod.
15
16 If you say Y here, you will need to run "make
17 modules_install" to put the modules under /lib/modules/
18 where modprobe can find them (you may need to be root to do
19 this).
20
21 If unsure, say Y.
22
23if MODULES
24
25config MODULE_DEBUGFS
26 bool
27
28config MODULE_DEBUG
29 bool "Module debugging"
30 depends on DEBUG_FS
31 help
32 Allows you to enable / disable features which can help you debug
33 modules. You don't need these options on production systems.
34
35if MODULE_DEBUG
36
37config MODULE_STATS
38 bool "Module statistics"
39 depends on DEBUG_FS
40 select MODULE_DEBUGFS
41 help
42 This option allows you to maintain a record of module statistics.
43 For example, size of all modules, average size, text size, a list
44 of failed modules and the size for each of those. For failed
45 modules we keep track of modules which failed due to either the
46 existing module taking too long to load or that module was already
47 loaded.
48
49 You should enable this if you are debugging production loads
50 and want to see if userspace or the kernel is doing stupid things
51 with loading modules when it shouldn't or if you want to help
52 optimize userspace / kernel space module autoloading schemes.
53 You might want to do this because failed modules tend to use
54 up significant amount of memory, and so you'd be doing everyone a
55 favor in avoiding these failures proactively.
56
57 This functionality is also useful for those experimenting with
58 module .text ELF section optimization.
59
60 If unsure, say N.
61
62config MODULE_DEBUG_AUTOLOAD_DUPS
63 bool "Debug duplicate modules with auto-loading"
64 help
65 Module autoloading allows in-kernel code to request modules through
66 the *request_module*() API calls. This in turn just calls userspace
67 modprobe. Although modprobe checks to see if a module is already
68 loaded before trying to load a module there is a small time window in
69 which multiple duplicate requests can end up in userspace and multiple
70 modprobe calls race calling finit_module() around the same time for
71 duplicate modules. The finit_module() system call can consume in the
72 worst case more than twice the respective module size in virtual
73 memory for each duplicate module requests. Although duplicate module
74 requests are non-fatal virtual memory is a limited resource and each
75 duplicate module request ends up just unnecessarily straining virtual
76 memory.
77
78 This debugging facility will create pr_warn() splats for duplicate
79 module requests to help identify if module auto-loading may be the
80 culprit to your early boot virtual memory pressure. Since virtual
81 memory abuse caused by duplicate module requests could render a
82 system unusable this functionality will also converge races in
83 requests for the same module to a single request. You can boot with
84 the module.enable_dups_trace=1 kernel parameter to use WARN_ON()
85 instead of the pr_warn().
86
87 If the first module request used request_module_nowait() we cannot
88 use that as the anchor to wait for duplicate module requests, since
89 users of request_module() do want a proper return value. If a call
90 for the same module happened earlier with request_module() though,
91 then a duplicate request_module_nowait() would be detected. The
92 non-wait request_module() call is synchronous and waits until modprobe
93 completes. Subsequent auto-loading requests for the same module do
94 not trigger a new finit_module() calls and do not strain virtual
95 memory, and so as soon as modprobe successfully completes we remove
96 tracking for duplicates for that module.
97
98 Enable this functionality to try to debug virtual memory abuse during
99 boot on systems which are failing to boot or if you suspect you may be
100 straining virtual memory during boot, and you want to identify if the
101 abuse was due to module auto-loading. These issues are currently only
102 known to occur on systems with many CPUs (over 400) and is likely the
103 result of udev issuing duplicate module requests for each CPU, and so
104 module auto-loading is not the culprit. There may very well still be
105 many duplicate module auto-loading requests which could be optimized
106 for and this debugging facility can be used to help identify them.
107
108 Only enable this for debugging system functionality, never have it
109 enabled on real systems.
110
111config MODULE_DEBUG_AUTOLOAD_DUPS_TRACE
112 bool "Force full stack trace when duplicates are found"
113 depends on MODULE_DEBUG_AUTOLOAD_DUPS
114 help
115 Enabling this will force a full stack trace for duplicate module
116 auto-loading requests using WARN_ON() instead of pr_warn(). You
117 should keep this disabled at all times unless you are a developer
118 and are doing a manual inspection and want to debug exactly why
119 these duplicates occur.
120
121endif # MODULE_DEBUG
122
123config MODULE_FORCE_LOAD
124 bool "Forced module loading"
125 default n
126 help
127 Allow loading of modules without version information (ie. modprobe
128 --force). Forced module loading sets the 'F' (forced) taint flag and
129 is usually a really bad idea.
130
131config MODULE_UNLOAD
132 bool "Module unloading"
133 help
134 Without this option you will not be able to unload any
135 modules (note that some modules may not be unloadable
136 anyway), which makes your kernel smaller, faster
137 and simpler. If unsure, say Y.
138
139config MODULE_FORCE_UNLOAD
140 bool "Forced module unloading"
141 depends on MODULE_UNLOAD
142 help
143 This option allows you to force a module to unload, even if the
144 kernel believes it is unsafe: the kernel will remove the module
145 without waiting for anyone to stop using it (using the -f option to
146 rmmod). This is mainly for kernel developers and desperate users.
147 If unsure, say N.
148
149config MODULE_UNLOAD_TAINT_TRACKING
150 bool "Tainted module unload tracking"
151 depends on MODULE_UNLOAD
152 select MODULE_DEBUGFS
153 help
154 This option allows you to maintain a record of each unloaded
155 module that tainted the kernel. In addition to displaying a
156 list of linked (or loaded) modules e.g. on detection of a bad
157 page (see bad_page()), the aforementioned details are also
158 shown. If unsure, say N.
159
160config MODVERSIONS
161 bool "Module versioning support"
162 help
163 Usually, you have to use modules compiled with your kernel.
164 Saying Y here makes it sometimes possible to use modules
165 compiled for different kernels, by adding enough information
166 to the modules to (hopefully) spot any changes which would
167 make them incompatible with the kernel you are running. If
168 unsure, say N.
169
170config ASM_MODVERSIONS
171 bool
172 default HAVE_ASM_MODVERSIONS && MODVERSIONS
173 help
174 This enables module versioning for exported symbols also from
175 assembly. This can be enabled only when the target architecture
176 supports it.
177
178config MODULE_SRCVERSION_ALL
179 bool "Source checksum for all modules"
180 help
181 Modules which contain a MODULE_VERSION get an extra "srcversion"
182 field inserted into their modinfo section, which contains a
183 sum of the source files which made it. This helps maintainers
184 see exactly which source was used to build a module (since
185 others sometimes change the module source without updating
186 the version). With this option, such a "srcversion" field
187 will be created for all modules. If unsure, say N.
188
189config MODULE_SIG
190 bool "Module signature verification"
191 select MODULE_SIG_FORMAT
192 help
193 Check modules for valid signatures upon load: the signature
194 is simply appended to the module. For more information see
195 <file:Documentation/admin-guide/module-signing.rst>.
196
197 Note that this option adds the OpenSSL development packages as a
198 kernel build dependency so that the signing tool can use its crypto
199 library.
200
201 You should enable this option if you wish to use either
202 CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
203 another LSM - otherwise unsigned modules will be loadable regardless
204 of the lockdown policy.
205
206 !!!WARNING!!! If you enable this option, you MUST make sure that the
207 module DOES NOT get stripped after being signed. This includes the
208 debuginfo strip done by some packagers (such as rpmbuild) and
209 inclusion into an initramfs that wants the module size reduced.
210
211config MODULE_SIG_FORCE
212 bool "Require modules to be validly signed"
213 depends on MODULE_SIG
214 help
215 Reject unsigned modules or signed modules for which we don't have a
216 key. Without this, such modules will simply taint the kernel.
217
218config MODULE_SIG_ALL
219 bool "Automatically sign all modules"
220 default y
221 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
222 help
223 Sign all modules during make modules_install. Without this option,
224 modules must be signed manually, using the scripts/sign-file tool.
225
226comment "Do not forget to sign required modules with scripts/sign-file"
227 depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
228
229choice
230 prompt "Which hash algorithm should modules be signed with?"
231 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
232 help
233 This determines which sort of hashing algorithm will be used during
234 signature generation. This algorithm _must_ be built into the kernel
235 directly so that signature verification can take place. It is not
236 possible to load a signed module containing the algorithm to check
237 the signature on that module.
238
239config MODULE_SIG_SHA256
240 bool "Sign modules with SHA-256"
241 select CRYPTO_SHA256
242
243config MODULE_SIG_SHA384
244 bool "Sign modules with SHA-384"
245 select CRYPTO_SHA512
246
247config MODULE_SIG_SHA512
248 bool "Sign modules with SHA-512"
249 select CRYPTO_SHA512
250
251config MODULE_SIG_SHA3_256
252 bool "Sign modules with SHA3-256"
253 select CRYPTO_SHA3
254
255config MODULE_SIG_SHA3_384
256 bool "Sign modules with SHA3-384"
257 select CRYPTO_SHA3
258
259config MODULE_SIG_SHA3_512
260 bool "Sign modules with SHA3-512"
261 select CRYPTO_SHA3
262
263endchoice
264
265config MODULE_SIG_HASH
266 string
267 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
268 default "sha256" if MODULE_SIG_SHA256
269 default "sha384" if MODULE_SIG_SHA384
270 default "sha512" if MODULE_SIG_SHA512
271 default "sha3-256" if MODULE_SIG_SHA3_256
272 default "sha3-384" if MODULE_SIG_SHA3_384
273 default "sha3-512" if MODULE_SIG_SHA3_512
274
275choice
276 prompt "Module compression mode"
277 help
278 This option allows you to choose the algorithm which will be used to
279 compress modules when 'make modules_install' is run. (or, you can
280 choose to not compress modules at all.)
281
282 External modules will also be compressed in the same way during the
283 installation.
284
285 For modules inside an initrd or initramfs, it's more efficient to
286 compress the whole initrd or initramfs instead.
287
288 This is fully compatible with signed modules.
289
290 Please note that the tool used to load modules needs to support the
291 corresponding algorithm. module-init-tools MAY support gzip, and kmod
292 MAY support gzip, xz and zstd.
293
294 Your build system needs to provide the appropriate compression tool
295 to compress the modules.
296
297 If in doubt, select 'None'.
298
299config MODULE_COMPRESS_NONE
300 bool "None"
301 help
302 Do not compress modules. The installed modules are suffixed
303 with .ko.
304
305config MODULE_COMPRESS_GZIP
306 bool "GZIP"
307 help
308 Compress modules with GZIP. The installed modules are suffixed
309 with .ko.gz.
310
311config MODULE_COMPRESS_XZ
312 bool "XZ"
313 help
314 Compress modules with XZ. The installed modules are suffixed
315 with .ko.xz.
316
317config MODULE_COMPRESS_ZSTD
318 bool "ZSTD"
319 help
320 Compress modules with ZSTD. The installed modules are suffixed
321 with .ko.zst.
322
323endchoice
324
325config MODULE_DECOMPRESS
326 bool "Support in-kernel module decompression"
327 depends on MODULE_COMPRESS_GZIP || MODULE_COMPRESS_XZ || MODULE_COMPRESS_ZSTD
328 select ZLIB_INFLATE if MODULE_COMPRESS_GZIP
329 select XZ_DEC if MODULE_COMPRESS_XZ
330 select ZSTD_DECOMPRESS if MODULE_COMPRESS_ZSTD
331 help
332
333 Support for decompressing kernel modules by the kernel itself
334 instead of relying on userspace to perform this task. Useful when
335 load pinning security policy is enabled.
336
337 If unsure, say N.
338
339config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
340 bool "Allow loading of modules with missing namespace imports"
341 help
342 Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
343 a namespace. A module that makes use of a symbol exported with such a
344 namespace is required to import the namespace via MODULE_IMPORT_NS().
345 There is no technical reason to enforce correct namespace imports,
346 but it creates consistency between symbols defining namespaces and
347 users importing namespaces they make use of. This option relaxes this
348 requirement and lifts the enforcement when loading a module.
349
350 If unsure, say N.
351
352config MODPROBE_PATH
353 string "Path to modprobe binary"
354 default "/sbin/modprobe"
355 help
356 When kernel code requests a module, it does so by calling
357 the "modprobe" userspace utility. This option allows you to
358 set the path where that binary is found. This can be changed
359 at runtime via the sysctl file
360 /proc/sys/kernel/modprobe. Setting this to the empty string
361 removes the kernel's ability to request modules (but
362 userspace can still load modules explicitly).
363
364config TRIM_UNUSED_KSYMS
365 bool "Trim unused exported kernel symbols" if EXPERT
366 depends on !COMPILE_TEST
367 help
368 The kernel and some modules make many symbols available for
369 other modules to use via EXPORT_SYMBOL() and variants. Depending
370 on the set of modules being selected in your kernel configuration,
371 many of those exported symbols might never be used.
372
373 This option allows for unused exported symbols to be dropped from
374 the build. In turn, this provides the compiler more opportunities
375 (especially when using LTO) for optimizing the code and reducing
376 binary size. This might have some security advantages as well.
377
378 If unsure, or if you need to build out-of-tree modules, say N.
379
380config UNUSED_KSYMS_WHITELIST
381 string "Whitelist of symbols to keep in ksymtab"
382 depends on TRIM_UNUSED_KSYMS
383 help
384 By default, all unused exported symbols will be un-exported from the
385 build when TRIM_UNUSED_KSYMS is selected.
386
387 UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
388 exported at all times, even in absence of in-tree users. The value to
389 set here is the path to a text file containing the list of symbols,
390 one per line. The path can be absolute, or relative to the kernel
391 source tree.
392
393config MODULES_TREE_LOOKUP
394 def_bool y
395 depends on PERF_EVENTS || TRACING || CFI_CLANG
396
397endif # MODULES
1# SPDX-License-Identifier: GPL-2.0-only
2menuconfig MODULES
3 bool "Enable loadable module support"
4 modules
5 help
6 Kernel modules are small pieces of compiled code which can
7 be inserted in the running kernel, rather than being
8 permanently built into the kernel. You use the "modprobe"
9 tool to add (and sometimes remove) them. If you say Y here,
10 many parts of the kernel can be built as modules (by
11 answering M instead of Y where indicated): this is most
12 useful for infrequently used options which are not required
13 for booting. For more information, see the man pages for
14 modprobe, lsmod, modinfo, insmod and rmmod.
15
16 If you say Y here, you will need to run "make
17 modules_install" to put the modules under /lib/modules/
18 where modprobe can find them (you may need to be root to do
19 this).
20
21 If unsure, say Y.
22
23if MODULES
24
25config MODULE_FORCE_LOAD
26 bool "Forced module loading"
27 default n
28 help
29 Allow loading of modules without version information (ie. modprobe
30 --force). Forced module loading sets the 'F' (forced) taint flag and
31 is usually a really bad idea.
32
33config MODULE_UNLOAD
34 bool "Module unloading"
35 help
36 Without this option you will not be able to unload any
37 modules (note that some modules may not be unloadable
38 anyway), which makes your kernel smaller, faster
39 and simpler. If unsure, say Y.
40
41config MODULE_FORCE_UNLOAD
42 bool "Forced module unloading"
43 depends on MODULE_UNLOAD
44 help
45 This option allows you to force a module to unload, even if the
46 kernel believes it is unsafe: the kernel will remove the module
47 without waiting for anyone to stop using it (using the -f option to
48 rmmod). This is mainly for kernel developers and desperate users.
49 If unsure, say N.
50
51config MODULE_UNLOAD_TAINT_TRACKING
52 bool "Tainted module unload tracking"
53 depends on MODULE_UNLOAD
54 default n
55 help
56 This option allows you to maintain a record of each unloaded
57 module that tainted the kernel. In addition to displaying a
58 list of linked (or loaded) modules e.g. on detection of a bad
59 page (see bad_page()), the aforementioned details are also
60 shown. If unsure, say N.
61
62config MODVERSIONS
63 bool "Module versioning support"
64 help
65 Usually, you have to use modules compiled with your kernel.
66 Saying Y here makes it sometimes possible to use modules
67 compiled for different kernels, by adding enough information
68 to the modules to (hopefully) spot any changes which would
69 make them incompatible with the kernel you are running. If
70 unsure, say N.
71
72config ASM_MODVERSIONS
73 bool
74 default HAVE_ASM_MODVERSIONS && MODVERSIONS
75 help
76 This enables module versioning for exported symbols also from
77 assembly. This can be enabled only when the target architecture
78 supports it.
79
80config MODULE_SRCVERSION_ALL
81 bool "Source checksum for all modules"
82 help
83 Modules which contain a MODULE_VERSION get an extra "srcversion"
84 field inserted into their modinfo section, which contains a
85 sum of the source files which made it. This helps maintainers
86 see exactly which source was used to build a module (since
87 others sometimes change the module source without updating
88 the version). With this option, such a "srcversion" field
89 will be created for all modules. If unsure, say N.
90
91config MODULE_SIG
92 bool "Module signature verification"
93 select MODULE_SIG_FORMAT
94 help
95 Check modules for valid signatures upon load: the signature
96 is simply appended to the module. For more information see
97 <file:Documentation/admin-guide/module-signing.rst>.
98
99 Note that this option adds the OpenSSL development packages as a
100 kernel build dependency so that the signing tool can use its crypto
101 library.
102
103 You should enable this option if you wish to use either
104 CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
105 another LSM - otherwise unsigned modules will be loadable regardless
106 of the lockdown policy.
107
108 !!!WARNING!!! If you enable this option, you MUST make sure that the
109 module DOES NOT get stripped after being signed. This includes the
110 debuginfo strip done by some packagers (such as rpmbuild) and
111 inclusion into an initramfs that wants the module size reduced.
112
113config MODULE_SIG_FORCE
114 bool "Require modules to be validly signed"
115 depends on MODULE_SIG
116 help
117 Reject unsigned modules or signed modules for which we don't have a
118 key. Without this, such modules will simply taint the kernel.
119
120config MODULE_SIG_ALL
121 bool "Automatically sign all modules"
122 default y
123 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
124 help
125 Sign all modules during make modules_install. Without this option,
126 modules must be signed manually, using the scripts/sign-file tool.
127
128comment "Do not forget to sign required modules with scripts/sign-file"
129 depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
130
131choice
132 prompt "Which hash algorithm should modules be signed with?"
133 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
134 help
135 This determines which sort of hashing algorithm will be used during
136 signature generation. This algorithm _must_ be built into the kernel
137 directly so that signature verification can take place. It is not
138 possible to load a signed module containing the algorithm to check
139 the signature on that module.
140
141config MODULE_SIG_SHA1
142 bool "Sign modules with SHA-1"
143 select CRYPTO_SHA1
144
145config MODULE_SIG_SHA224
146 bool "Sign modules with SHA-224"
147 select CRYPTO_SHA256
148
149config MODULE_SIG_SHA256
150 bool "Sign modules with SHA-256"
151 select CRYPTO_SHA256
152
153config MODULE_SIG_SHA384
154 bool "Sign modules with SHA-384"
155 select CRYPTO_SHA512
156
157config MODULE_SIG_SHA512
158 bool "Sign modules with SHA-512"
159 select CRYPTO_SHA512
160
161endchoice
162
163config MODULE_SIG_HASH
164 string
165 depends on MODULE_SIG || IMA_APPRAISE_MODSIG
166 default "sha1" if MODULE_SIG_SHA1
167 default "sha224" if MODULE_SIG_SHA224
168 default "sha256" if MODULE_SIG_SHA256
169 default "sha384" if MODULE_SIG_SHA384
170 default "sha512" if MODULE_SIG_SHA512
171
172choice
173 prompt "Module compression mode"
174 help
175 This option allows you to choose the algorithm which will be used to
176 compress modules when 'make modules_install' is run. (or, you can
177 choose to not compress modules at all.)
178
179 External modules will also be compressed in the same way during the
180 installation.
181
182 For modules inside an initrd or initramfs, it's more efficient to
183 compress the whole initrd or initramfs instead.
184
185 This is fully compatible with signed modules.
186
187 Please note that the tool used to load modules needs to support the
188 corresponding algorithm. module-init-tools MAY support gzip, and kmod
189 MAY support gzip, xz and zstd.
190
191 Your build system needs to provide the appropriate compression tool
192 to compress the modules.
193
194 If in doubt, select 'None'.
195
196config MODULE_COMPRESS_NONE
197 bool "None"
198 help
199 Do not compress modules. The installed modules are suffixed
200 with .ko.
201
202config MODULE_COMPRESS_GZIP
203 bool "GZIP"
204 help
205 Compress modules with GZIP. The installed modules are suffixed
206 with .ko.gz.
207
208config MODULE_COMPRESS_XZ
209 bool "XZ"
210 help
211 Compress modules with XZ. The installed modules are suffixed
212 with .ko.xz.
213
214config MODULE_COMPRESS_ZSTD
215 bool "ZSTD"
216 help
217 Compress modules with ZSTD. The installed modules are suffixed
218 with .ko.zst.
219
220endchoice
221
222config MODULE_DECOMPRESS
223 bool "Support in-kernel module decompression"
224 depends on MODULE_COMPRESS_GZIP || MODULE_COMPRESS_XZ || MODULE_COMPRESS_ZSTD
225 select ZLIB_INFLATE if MODULE_COMPRESS_GZIP
226 select XZ_DEC if MODULE_COMPRESS_XZ
227 select ZSTD_DECOMPRESS if MODULE_COMPRESS_ZSTD
228 help
229
230 Support for decompressing kernel modules by the kernel itself
231 instead of relying on userspace to perform this task. Useful when
232 load pinning security policy is enabled.
233
234 If unsure, say N.
235
236config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
237 bool "Allow loading of modules with missing namespace imports"
238 help
239 Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
240 a namespace. A module that makes use of a symbol exported with such a
241 namespace is required to import the namespace via MODULE_IMPORT_NS().
242 There is no technical reason to enforce correct namespace imports,
243 but it creates consistency between symbols defining namespaces and
244 users importing namespaces they make use of. This option relaxes this
245 requirement and lifts the enforcement when loading a module.
246
247 If unsure, say N.
248
249config MODPROBE_PATH
250 string "Path to modprobe binary"
251 default "/sbin/modprobe"
252 help
253 When kernel code requests a module, it does so by calling
254 the "modprobe" userspace utility. This option allows you to
255 set the path where that binary is found. This can be changed
256 at runtime via the sysctl file
257 /proc/sys/kernel/modprobe. Setting this to the empty string
258 removes the kernel's ability to request modules (but
259 userspace can still load modules explicitly).
260
261config TRIM_UNUSED_KSYMS
262 bool "Trim unused exported kernel symbols" if EXPERT
263 depends on !COMPILE_TEST
264 help
265 The kernel and some modules make many symbols available for
266 other modules to use via EXPORT_SYMBOL() and variants. Depending
267 on the set of modules being selected in your kernel configuration,
268 many of those exported symbols might never be used.
269
270 This option allows for unused exported symbols to be dropped from
271 the build. In turn, this provides the compiler more opportunities
272 (especially when using LTO) for optimizing the code and reducing
273 binary size. This might have some security advantages as well.
274
275 If unsure, or if you need to build out-of-tree modules, say N.
276
277config UNUSED_KSYMS_WHITELIST
278 string "Whitelist of symbols to keep in ksymtab"
279 depends on TRIM_UNUSED_KSYMS
280 help
281 By default, all unused exported symbols will be un-exported from the
282 build when TRIM_UNUSED_KSYMS is selected.
283
284 UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
285 exported at all times, even in absence of in-tree users. The value to
286 set here is the path to a text file containing the list of symbols,
287 one per line. The path can be absolute, or relative to the kernel
288 source tree.
289
290config MODULES_TREE_LOOKUP
291 def_bool y
292 depends on PERF_EVENTS || TRACING || CFI_CLANG
293
294endif # MODULES