| # SPDX-License-Identifier: GPL-2.0 |
| # Select 32 or 64 bit |
| config 64BIT |
| bool "64-bit kernel" if "$(ARCH)" = "x86" |
| default "$(ARCH)" != "i386" |
| help |
| Say yes to build a 64-bit kernel - formerly known as x86_64 |
| Say no to build a 32-bit kernel - formerly known as i386 |
| |
| config X86_32 |
| def_bool y |
| depends on !64BIT |
| # Options that are inherently 32-bit kernel only: |
| select ARCH_WANT_IPC_PARSE_VERSION |
| select CLKSRC_I8253 |
| select CLONE_BACKWARDS |
| select GENERIC_VDSO_32 |
| select HAVE_DEBUG_STACKOVERFLOW |
| select KMAP_LOCAL |
| select MODULES_USE_ELF_REL |
| select OLD_SIGACTION |
| select ARCH_SPLIT_ARG64 |
| |
| config X86_64 |
| def_bool y |
| depends on 64BIT |
| # Options that are inherently 64-bit kernel only: |
| select ARCH_HAS_GIGANTIC_PAGE |
| select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 |
| select ARCH_SUPPORTS_PER_VMA_LOCK |
| select HAVE_ARCH_SOFT_DIRTY |
| select MODULES_USE_ELF_RELA |
| select NEED_DMA_MAP_STATE |
| select SWIOTLB |
| select ARCH_HAS_ELFCORE_COMPAT |
| select ZONE_DMA32 |
| select EXECMEM if DYNAMIC_FTRACE |
| |
| config FORCE_DYNAMIC_FTRACE |
| def_bool y |
| depends on X86_32 |
| depends on FUNCTION_TRACER |
| select DYNAMIC_FTRACE |
| help |
| We keep the static function tracing (!DYNAMIC_FTRACE) around |
| in order to test the non static function tracing in the |
| generic code, as other architectures still use it. But we |
| only need to keep it around for x86_64. No need to keep it |
| for x86_32. For x86_32, force DYNAMIC_FTRACE. |
| # |
| # Arch settings |
| # |
| # ( Note that options that are marked 'if X86_64' could in principle be |
| # ported to 32-bit as well. ) |
| # |
| config X86 |
| def_bool y |
| # |
| # Note: keep this list sorted alphabetically |
| # |
| select ACPI_LEGACY_TABLES_LOOKUP if ACPI |
| select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI |
| select ACPI_HOTPLUG_CPU if ACPI_PROCESSOR && HOTPLUG_CPU |
| select ARCH_32BIT_OFF_T if X86_32 |
| select ARCH_CLOCKSOURCE_INIT |
| select ARCH_CONFIGURES_CPU_MITIGATIONS |
| select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE |
| select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION |
| select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64 |
| select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG |
| select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE) |
| select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE |
| select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI |
| select ARCH_HAS_CACHE_LINE_SIZE |
| select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION |
| select ARCH_HAS_CPU_FINALIZE_INIT |
| select ARCH_HAS_CPU_PASID if IOMMU_SVA |
| select ARCH_HAS_CURRENT_STACK_POINTER |
| select ARCH_HAS_DEBUG_VIRTUAL |
| select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE |
| select ARCH_HAS_DEVMEM_IS_ALLOWED |
| select ARCH_HAS_EARLY_DEBUG if KGDB |
| select ARCH_HAS_ELF_RANDOMIZE |
| select ARCH_HAS_FAST_MULTIPLIER |
| select ARCH_HAS_FORTIFY_SOURCE |
| select ARCH_HAS_GCOV_PROFILE_ALL |
| select ARCH_HAS_KCOV if X86_64 |
| select ARCH_HAS_KERNEL_FPU_SUPPORT |
| select ARCH_HAS_MEM_ENCRYPT |
| select ARCH_HAS_MEMBARRIER_SYNC_CORE |
| select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS |
| select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE |
| select ARCH_HAS_PMEM_API if X86_64 |
| select ARCH_HAS_PTE_DEVMAP if X86_64 |
| select ARCH_HAS_PTE_SPECIAL |
| select ARCH_HAS_HW_PTE_YOUNG |
| select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2 |
| select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64 |
| select ARCH_HAS_COPY_MC if X86_64 |
| select ARCH_HAS_SET_MEMORY |
| select ARCH_HAS_SET_DIRECT_MAP |
| select ARCH_HAS_STRICT_KERNEL_RWX |
| select ARCH_HAS_STRICT_MODULE_RWX |
| select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE |
| select ARCH_HAS_SYSCALL_WRAPPER |
| select ARCH_HAS_UBSAN |
| select ARCH_HAS_DEBUG_WX |
| select ARCH_HAS_ZONE_DMA_SET if EXPERT |
| select ARCH_HAVE_NMI_SAFE_CMPXCHG |
| select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE |
| select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI |
| select ARCH_MIGHT_HAVE_PC_PARPORT |
| select ARCH_MIGHT_HAVE_PC_SERIO |
| select ARCH_STACKWALK |
| select ARCH_SUPPORTS_ACPI |
| select ARCH_SUPPORTS_ATOMIC_RMW |
| select ARCH_SUPPORTS_DEBUG_PAGEALLOC |
| select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64 |
| select ARCH_SUPPORTS_NUMA_BALANCING if X86_64 |
| select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096 |
| select ARCH_SUPPORTS_CFI_CLANG if X86_64 |
| select ARCH_USES_CFI_TRAPS if X86_64 && CFI_CLANG |
| select ARCH_SUPPORTS_LTO_CLANG |
| select ARCH_SUPPORTS_LTO_CLANG_THIN |
| select ARCH_USE_BUILTIN_BSWAP |
| select ARCH_USE_CMPXCHG_LOCKREF if X86_CMPXCHG64 |
| select ARCH_USE_MEMTEST |
| select ARCH_USE_QUEUED_RWLOCKS |
| select ARCH_USE_QUEUED_SPINLOCKS |
| select ARCH_USE_SYM_ANNOTATIONS |
| select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH |
| select ARCH_WANT_DEFAULT_BPF_JIT if X86_64 |
| select ARCH_WANTS_DYNAMIC_TASK_STRUCT |
| select ARCH_WANTS_NO_INSTR |
| select ARCH_WANT_GENERAL_HUGETLB |
| select ARCH_WANT_HUGE_PMD_SHARE |
| select ARCH_WANT_LD_ORPHAN_WARN |
| select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 |
| select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64 |
| select ARCH_WANTS_THP_SWAP if X86_64 |
| select ARCH_HAS_PARANOID_L1D_FLUSH |
| select BUILDTIME_TABLE_SORT |
| select CLKEVT_I8253 |
| select CLOCKSOURCE_VALIDATE_LAST_CYCLE |
| select CLOCKSOURCE_WATCHDOG |
| # Word-size accesses may read uninitialized data past the trailing \0 |
| # in strings and cause false KMSAN reports. |
| select DCACHE_WORD_ACCESS if !KMSAN |
| select DYNAMIC_SIGFRAME |
| select EDAC_ATOMIC_SCRUB |
| select EDAC_SUPPORT |
| select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC) |
| select GENERIC_CLOCKEVENTS_BROADCAST_IDLE if GENERIC_CLOCKEVENTS_BROADCAST |
| select GENERIC_CLOCKEVENTS_MIN_ADJUST |
| select GENERIC_CMOS_UPDATE |
| select GENERIC_CPU_AUTOPROBE |
| select GENERIC_CPU_DEVICES |
| select GENERIC_CPU_VULNERABILITIES |
| select GENERIC_EARLY_IOREMAP |
| select GENERIC_ENTRY |
| select GENERIC_IOMAP |
| select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP |
| select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC |
| select GENERIC_IRQ_MIGRATION if SMP |
| select GENERIC_IRQ_PROBE |
| select GENERIC_IRQ_RESERVATION_MODE |
| select GENERIC_IRQ_SHOW |
| select GENERIC_PENDING_IRQ if SMP |
| select GENERIC_PTDUMP |
| select GENERIC_SMP_IDLE_THREAD |
| select GENERIC_TIME_VSYSCALL |
| select GENERIC_GETTIMEOFDAY |
| select GENERIC_VDSO_TIME_NS |
| select GENERIC_VDSO_OVERFLOW_PROTECT |
| select GUP_GET_PXX_LOW_HIGH if X86_PAE |
| select HARDIRQS_SW_RESEND |
| select HARDLOCKUP_CHECK_TIMESTAMP if X86_64 |
| select HAS_IOPORT |
| select HAVE_ACPI_APEI if ACPI |
| select HAVE_ACPI_APEI_NMI if ACPI |
| select HAVE_ALIGNED_STRUCT_PAGE |
| select HAVE_ARCH_AUDITSYSCALL |
| select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE |
| select HAVE_ARCH_HUGE_VMALLOC if X86_64 |
| select HAVE_ARCH_JUMP_LABEL |
| select HAVE_ARCH_JUMP_LABEL_RELATIVE |
| select HAVE_ARCH_KASAN if X86_64 |
| select HAVE_ARCH_KASAN_VMALLOC if X86_64 |
| select HAVE_ARCH_KFENCE |
| select HAVE_ARCH_KMSAN if X86_64 |
| select HAVE_ARCH_KGDB |
| select HAVE_ARCH_MMAP_RND_BITS if MMU |
| select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT |
| select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT |
| select HAVE_ARCH_PREL32_RELOCATIONS |
| select HAVE_ARCH_SECCOMP_FILTER |
| select HAVE_ARCH_THREAD_STRUCT_WHITELIST |
| select HAVE_ARCH_STACKLEAK |
| select HAVE_ARCH_TRACEHOOK |
| select HAVE_ARCH_TRANSPARENT_HUGEPAGE |
| select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64 |
| select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD |
| select HAVE_ARCH_USERFAULTFD_MINOR if X86_64 && USERFAULTFD |
| select HAVE_ARCH_VMAP_STACK if X86_64 |
| select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET |
| select HAVE_ARCH_WITHIN_STACK_FRAMES |
| select HAVE_ASM_MODVERSIONS |
| select HAVE_CMPXCHG_DOUBLE |
| select HAVE_CMPXCHG_LOCAL |
| select HAVE_CONTEXT_TRACKING_USER if X86_64 |
| select HAVE_CONTEXT_TRACKING_USER_OFFSTACK if HAVE_CONTEXT_TRACKING_USER |
| select HAVE_C_RECORDMCOUNT |
| select HAVE_OBJTOOL_MCOUNT if HAVE_OBJTOOL |
| select HAVE_OBJTOOL_NOP_MCOUNT if HAVE_OBJTOOL_MCOUNT |
| select HAVE_BUILDTIME_MCOUNT_SORT |
| select HAVE_DEBUG_KMEMLEAK |
| select HAVE_DMA_CONTIGUOUS |
| select HAVE_DYNAMIC_FTRACE |
| select HAVE_DYNAMIC_FTRACE_WITH_REGS |
| select HAVE_DYNAMIC_FTRACE_WITH_ARGS if X86_64 |
| select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS |
| select HAVE_SAMPLE_FTRACE_DIRECT if X86_64 |
| select HAVE_SAMPLE_FTRACE_DIRECT_MULTI if X86_64 |
| select HAVE_EBPF_JIT |
| select HAVE_EFFICIENT_UNALIGNED_ACCESS |
| select HAVE_EISA |
| select HAVE_EXIT_THREAD |
| select HAVE_GUP_FAST |
| select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE |
| select HAVE_FTRACE_MCOUNT_RECORD |
| select HAVE_FUNCTION_GRAPH_RETVAL if HAVE_FUNCTION_GRAPH_TRACER |
| select HAVE_FUNCTION_GRAPH_TRACER if X86_32 || (X86_64 && DYNAMIC_FTRACE) |
| select HAVE_FUNCTION_TRACER |
| select HAVE_GCC_PLUGINS |
| select HAVE_HW_BREAKPOINT |
| select HAVE_IOREMAP_PROT |
| select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 |
| select HAVE_IRQ_TIME_ACCOUNTING |
| select HAVE_JUMP_LABEL_HACK if HAVE_OBJTOOL |
| select HAVE_KERNEL_BZIP2 |
| select HAVE_KERNEL_GZIP |
| select HAVE_KERNEL_LZ4 |
| select HAVE_KERNEL_LZMA |
| select HAVE_KERNEL_LZO |
| select HAVE_KERNEL_XZ |
| select HAVE_KERNEL_ZSTD |
| select HAVE_KPROBES |
| select HAVE_KPROBES_ON_FTRACE |
| select HAVE_FUNCTION_ERROR_INJECTION |
| select HAVE_KRETPROBES |
| select HAVE_RETHOOK |
| select HAVE_LIVEPATCH if X86_64 |
| select HAVE_MIXED_BREAKPOINTS_REGS |
| select HAVE_MOD_ARCH_SPECIFIC |
| select HAVE_MOVE_PMD |
| select HAVE_MOVE_PUD |
| select HAVE_NOINSTR_HACK if HAVE_OBJTOOL |
| select HAVE_NMI |
| select HAVE_NOINSTR_VALIDATION if HAVE_OBJTOOL |
| select HAVE_OBJTOOL if X86_64 |
| select HAVE_OPTPROBES |
| select HAVE_PAGE_SIZE_4KB |
| select HAVE_PCSPKR_PLATFORM |
| select HAVE_PERF_EVENTS |
| select HAVE_PERF_EVENTS_NMI |
| select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI |
| select HAVE_PCI |
| select HAVE_PERF_REGS |
| select HAVE_PERF_USER_STACK_DUMP |
| select MMU_GATHER_RCU_TABLE_FREE if PARAVIRT |
| select MMU_GATHER_MERGE_VMAS |
| select HAVE_POSIX_CPU_TIMERS_TASK_WORK |
| select HAVE_REGS_AND_STACK_ACCESS_API |
| select HAVE_RELIABLE_STACKTRACE if UNWINDER_ORC || STACK_VALIDATION |
| select HAVE_FUNCTION_ARG_ACCESS_API |
| select HAVE_SETUP_PER_CPU_AREA |
| select HAVE_SOFTIRQ_ON_OWN_STACK |
| select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR |
| select HAVE_STACK_VALIDATION if HAVE_OBJTOOL |
| select HAVE_STATIC_CALL |
| select HAVE_STATIC_CALL_INLINE if HAVE_OBJTOOL |
| select HAVE_PREEMPT_DYNAMIC_CALL |
| select HAVE_RSEQ |
| select HAVE_RUST if X86_64 |
| select HAVE_SYSCALL_TRACEPOINTS |
| select HAVE_UACCESS_VALIDATION if HAVE_OBJTOOL |
| select HAVE_UNSTABLE_SCHED_CLOCK |
| select HAVE_USER_RETURN_NOTIFIER |
| select HAVE_GENERIC_VDSO |
| select HOTPLUG_PARALLEL if SMP && X86_64 |
| select HOTPLUG_SMT if SMP |
| select HOTPLUG_SPLIT_STARTUP if SMP && X86_32 |
| select IRQ_FORCED_THREADING |
| select LOCK_MM_AND_FIND_VMA |
| select NEED_PER_CPU_EMBED_FIRST_CHUNK |
| select NEED_PER_CPU_PAGE_FIRST_CHUNK |
| select NEED_SG_DMA_LENGTH |
| select PCI_DOMAINS if PCI |
| select PCI_LOCKLESS_CONFIG if PCI |
| select PERF_EVENTS |
| select RTC_LIB |
| select RTC_MC146818_LIB |
| select SPARSE_IRQ |
| select SYSCTL_EXCEPTION_TRACE |
| select THREAD_INFO_IN_TASK |
| select TRACE_IRQFLAGS_SUPPORT |
| select TRACE_IRQFLAGS_NMI_SUPPORT |
| select USER_STACKTRACE_SUPPORT |
| select HAVE_ARCH_KCSAN if X86_64 |
| select PROC_PID_ARCH_STATUS if PROC_FS |
| select HAVE_ARCH_NODE_DEV_GROUP if X86_SGX |
| select FUNCTION_ALIGNMENT_16B if X86_64 || X86_ALIGNMENT_16 |
| select FUNCTION_ALIGNMENT_4B |
| imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI |
| select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE |
| |
| config INSTRUCTION_DECODER |
| def_bool y |
| depends on KPROBES || PERF_EVENTS || UPROBES |
| |
| config OUTPUT_FORMAT |
| string |
| default "elf32-i386" if X86_32 |
| default "elf64-x86-64" if X86_64 |
| |
| config LOCKDEP_SUPPORT |
| def_bool y |
| |
| config STACKTRACE_SUPPORT |
| def_bool y |
| |
| config MMU |
| def_bool y |
| |
| config ARCH_MMAP_RND_BITS_MIN |
| default 28 if 64BIT |
| default 8 |
| |
| config ARCH_MMAP_RND_BITS_MAX |
| default 32 if 64BIT |
| default 16 |
| |
| config ARCH_MMAP_RND_COMPAT_BITS_MIN |
| default 8 |
| |
| config ARCH_MMAP_RND_COMPAT_BITS_MAX |
| default 16 |
| |
| config SBUS |
| bool |
| |
| config GENERIC_ISA_DMA |
| def_bool y |
| depends on ISA_DMA_API |
| |
| config GENERIC_CSUM |
| bool |
| default y if KMSAN || KASAN |
| |
| config GENERIC_BUG |
| def_bool y |
| depends on BUG |
| select GENERIC_BUG_RELATIVE_POINTERS if X86_64 |
| |
| config GENERIC_BUG_RELATIVE_POINTERS |
| bool |
| |
| config ARCH_MAY_HAVE_PC_FDC |
| def_bool y |
| depends on ISA_DMA_API |
| |
| config GENERIC_CALIBRATE_DELAY |
| def_bool y |
| |
| config ARCH_HAS_CPU_RELAX |
| def_bool y |
| |
| config ARCH_HIBERNATION_POSSIBLE |
| def_bool y |
| |
| config ARCH_SUSPEND_POSSIBLE |
| def_bool y |
| |
| config AUDIT_ARCH |
| def_bool y if X86_64 |
| |
| config KASAN_SHADOW_OFFSET |
| hex |
| depends on KASAN |
| default 0xdffffc0000000000 |
| |
| config HAVE_INTEL_TXT |
| def_bool y |
| depends on INTEL_IOMMU && ACPI |
| |
| config X86_64_SMP |
| def_bool y |
| depends on X86_64 && SMP |
| |
| config ARCH_SUPPORTS_UPROBES |
| def_bool y |
| |
| config FIX_EARLYCON_MEM |
| def_bool y |
| |
| config DYNAMIC_PHYSICAL_MASK |
| bool |
| |
| config PGTABLE_LEVELS |
| int |
| default 5 if X86_5LEVEL |
| default 4 if X86_64 |
| default 3 if X86_PAE |
| default 2 |
| |
| config CC_HAS_SANE_STACKPROTECTOR |
| bool |
| default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT |
| default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) |
| help |
| We have to make sure stack protector is unconditionally disabled if |
| the compiler produces broken code or if it does not let us control |
| the segment on 32-bit kernels. |
| |
| menu "Processor type and features" |
| |
| config SMP |
| bool "Symmetric multi-processing support" |
| help |
| This enables support for systems with more than one CPU. If you have |
| a system with only one CPU, say N. If you have a system with more |
| than one CPU, say Y. |
| |
| If you say N here, the kernel will run on uni- and multiprocessor |
| machines, but will use only one CPU of a multiprocessor machine. If |
| you say Y here, the kernel will run on many, but not all, |
| uniprocessor machines. On a uniprocessor machine, the kernel |
| will run faster if you say N here. |
| |
| Note that if you say Y here and choose architecture "586" or |
| "Pentium" under "Processor family", the kernel will not work on 486 |
| architectures. Similarly, multiprocessor kernels for the "PPro" |
| architecture may not work on all Pentium based boards. |
| |
| People using multiprocessor machines who say Y here should also say |
| Y to "Enhanced Real Time Clock Support", below. The "Advanced Power |
| Management" code will be disabled if you say Y here. |
| |
| See also <file:Documentation/arch/x86/i386/IO-APIC.rst>, |
| <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at |
| <http://www.tldp.org/docs.html#howto>. |
| |
| If you don't know what to do here, say N. |
| |
| config X86_X2APIC |
| bool "Support x2apic" |
| depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST) |
| help |
| This enables x2apic support on CPUs that have this feature. |
| |
| This allows 32-bit apic IDs (so it can support very large systems), |
| and accesses the local apic via MSRs not via mmio. |
| |
| Some Intel systems circa 2022 and later are locked into x2APIC mode |
| and can not fall back to the legacy APIC modes if SGX or TDX are |
| enabled in the BIOS. They will boot with very reduced functionality |
| without enabling this option. |
| |
| If you don't know what to do here, say N. |
| |
| config X86_POSTED_MSI |
| bool "Enable MSI and MSI-x delivery by posted interrupts" |
| depends on X86_64 && IRQ_REMAP |
| help |
| This enables MSIs that are under interrupt remapping to be delivered as |
| posted interrupts to the host kernel. Interrupt throughput can |
| potentially be improved by coalescing CPU notifications during high |
| frequency bursts. |
| |
| If you don't know what to do here, say N. |
| |
| config X86_MPPARSE |
| bool "Enable MPS table" if ACPI |
| default y |
| depends on X86_LOCAL_APIC |
| help |
| For old smp systems that do not have proper acpi support. Newer systems |
| (esp with 64bit cpus) with acpi support, MADT and DSDT will override it |
| |
| config X86_CPU_RESCTRL |
| bool "x86 CPU resource control support" |
| depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD) |
| select KERNFS |
| select PROC_CPU_RESCTRL if PROC_FS |
| help |
| Enable x86 CPU resource control support. |
| |
| Provide support for the allocation and monitoring of system resources |
| usage by the CPU. |
| |
| Intel calls this Intel Resource Director Technology |
| (Intel(R) RDT). More information about RDT can be found in the |
| Intel x86 Architecture Software Developer Manual. |
| |
| AMD calls this AMD Platform Quality of Service (AMD QoS). |
| More information about AMD QoS can be found in the AMD64 Technology |
| Platform Quality of Service Extensions manual. |
| |
| Say N if unsure. |
| |
| config X86_FRED |
| bool "Flexible Return and Event Delivery" |
| depends on X86_64 |
| help |
| When enabled, try to use Flexible Return and Event Delivery |
| instead of the legacy SYSCALL/SYSENTER/IDT architecture for |
| ring transitions and exception/interrupt handling if the |
| system supports it. |
| |
| config X86_BIGSMP |
| bool "Support for big SMP systems with more than 8 CPUs" |
| depends on SMP && X86_32 |
| help |
| This option is needed for the systems that have more than 8 CPUs. |
| |
| config X86_EXTENDED_PLATFORM |
| bool "Support for extended (non-PC) x86 platforms" |
| default y |
| help |
| If you disable this option then the kernel will only support |
| standard PC platforms. (which covers the vast majority of |
| systems out there.) |
| |
| If you enable this option then you'll be able to select support |
| for the following non-PC x86 platforms, depending on the value of |
| CONFIG_64BIT. |
| |
| 32-bit platforms (CONFIG_64BIT=n): |
| Goldfish (Android emulator) |
| AMD Elan |
| RDC R-321x SoC |
| SGI 320/540 (Visual Workstation) |
| STA2X11-based (e.g. Northville) |
| Moorestown MID devices |
| |
| 64-bit platforms (CONFIG_64BIT=y): |
| Numascale NumaChip |
| ScaleMP vSMP |
| SGI Ultraviolet |
| |
| If you have one of these systems, or if you want to build a |
| generic distribution kernel, say Y here - otherwise say N. |
| |
| # This is an alphabetically sorted list of 64 bit extended platforms |
| # Please maintain the alphabetic order if and when there are additions |
| config X86_NUMACHIP |
| bool "Numascale NumaChip" |
| depends on X86_64 |
| depends on X86_EXTENDED_PLATFORM |
| depends on NUMA |
| depends on SMP |
| depends on X86_X2APIC |
| depends on PCI_MMCONFIG |
| help |
| Adds support for Numascale NumaChip large-SMP systems. Needed to |
| enable more than ~168 cores. |
| If you don't have one of these, you should say N here. |
| |
| config X86_VSMP |
| bool "ScaleMP vSMP" |
| select HYPERVISOR_GUEST |
| select PARAVIRT |
| depends on X86_64 && PCI |
| depends on X86_EXTENDED_PLATFORM |
| depends on SMP |
| help |
| Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is |
| supposed to run on these EM64T-based machines. Only choose this option |
| if you have one of these machines. |
| |
| config X86_UV |
| bool "SGI Ultraviolet" |
| depends on X86_64 |
| depends on X86_EXTENDED_PLATFORM |
| depends on NUMA |
| depends on EFI |
| depends on KEXEC_CORE |
| depends on X86_X2APIC |
| depends on PCI |
| help |
| This option is needed in order to support SGI Ultraviolet systems. |
| If you don't have one of these, you should say N here. |
| |
| # Following is an alphabetically sorted list of 32 bit extended platforms |
| # Please maintain the alphabetic order if and when there are additions |
| |
| config X86_GOLDFISH |
| bool "Goldfish (Virtual Platform)" |
| depends on X86_EXTENDED_PLATFORM |
| help |
| Enable support for the Goldfish virtual platform used primarily |
| for Android development. Unless you are building for the Android |
| Goldfish emulator say N here. |
| |
| config X86_INTEL_CE |
| bool "CE4100 TV platform" |
| depends on PCI |
| depends on PCI_GODIRECT |
| depends on X86_IO_APIC |
| depends on X86_32 |
| depends on X86_EXTENDED_PLATFORM |
| select X86_REBOOTFIXUPS |
| select OF |
| select OF_EARLY_FLATTREE |
| help |
| Select for the Intel CE media processor (CE4100) SOC. |
| This option compiles in support for the CE4100 SOC for settop |
| boxes and media devices. |
| |
| config X86_INTEL_MID |
| bool "Intel MID platform support" |
| depends on X86_EXTENDED_PLATFORM |
| depends on X86_PLATFORM_DEVICES |
| depends on PCI |
| depends on X86_64 || (PCI_GOANY && X86_32) |
| depends on X86_IO_APIC |
| select I2C |
| select DW_APB_TIMER |
| select INTEL_SCU_PCI |
| help |
| Select to build a kernel capable of supporting Intel MID (Mobile |
| Internet Device) platform systems which do not have the PCI legacy |
| interfaces. If you are building for a PC class system say N here. |
| |
| Intel MID platforms are based on an Intel processor and chipset which |
| consume less power than most of the x86 derivatives. |
| |
| config X86_INTEL_QUARK |
| bool "Intel Quark platform support" |
| depends on X86_32 |
| depends on X86_EXTENDED_PLATFORM |
| depends on X86_PLATFORM_DEVICES |
| depends on X86_TSC |
| depends on PCI |
| depends on PCI_GOANY |
| depends on X86_IO_APIC |
| select IOSF_MBI |
| select INTEL_IMR |
| select COMMON_CLK |
| help |
| Select to include support for Quark X1000 SoC. |
| Say Y here if you have a Quark based system such as the Arduino |
| compatible Intel Galileo. |
| |
| config X86_INTEL_LPSS |
| bool "Intel Low Power Subsystem Support" |
| depends on X86 && ACPI && PCI |
| select COMMON_CLK |
| select PINCTRL |
| select IOSF_MBI |
| help |
| Select to build support for Intel Low Power Subsystem such as |
| found on Intel Lynxpoint PCH. Selecting this option enables |
| things like clock tree (common clock framework) and pincontrol |
| which are needed by the LPSS peripheral drivers. |
| |
| config X86_AMD_PLATFORM_DEVICE |
| bool "AMD ACPI2Platform devices support" |
| depends on ACPI |
| select COMMON_CLK |
| select PINCTRL |
| help |
| Select to interpret AMD specific ACPI device to platform device |
| such as I2C, UART, GPIO found on AMD Carrizo and later chipsets. |
| I2C and UART depend on COMMON_CLK to set clock. GPIO driver is |
| implemented under PINCTRL subsystem. |
| |
| config IOSF_MBI |
| tristate "Intel SoC IOSF Sideband support for SoC platforms" |
| depends on PCI |
| help |
| This option enables sideband register access support for Intel SoC |
| platforms. On these platforms the IOSF sideband is used in lieu of |
| MSR's for some register accesses, mostly but not limited to thermal |
| and power. Drivers may query the availability of this device to |
| determine if they need the sideband in order to work on these |
| platforms. The sideband is available on the following SoC products. |
| This list is not meant to be exclusive. |
| - BayTrail |
| - Braswell |
| - Quark |
| |
| You should say Y if you are running a kernel on one of these SoC's. |
| |
| config IOSF_MBI_DEBUG |
| bool "Enable IOSF sideband access through debugfs" |
| depends on IOSF_MBI && DEBUG_FS |
| help |
| Select this option to expose the IOSF sideband access registers (MCR, |
| MDR, MCRX) through debugfs to write and read register information from |
| different units on the SoC. This is most useful for obtaining device |
| state information for debug and analysis. As this is a general access |
| mechanism, users of this option would have specific knowledge of the |
| device they want to access. |
| |
| If you don't require the option or are in doubt, say N. |
| |
| config X86_RDC321X |
| bool "RDC R-321x SoC" |
| depends on X86_32 |
| depends on X86_EXTENDED_PLATFORM |
| select M486 |
| select X86_REBOOTFIXUPS |
| help |
| This option is needed for RDC R-321x system-on-chip, also known |
| as R-8610-(G). |
| If you don't have one of these chips, you should say N here. |
| |
| config X86_32_NON_STANDARD |
| bool "Support non-standard 32-bit SMP architectures" |
| depends on X86_32 && SMP |
| depends on X86_EXTENDED_PLATFORM |
| help |
| This option compiles in the bigsmp and STA2X11 default |
| subarchitectures. It is intended for a generic binary |
| kernel. If you select them all, kernel will probe it one by |
| one and will fallback to default. |
| |
| # Alphabetically sorted list of Non standard 32 bit platforms |
| |
| config X86_SUPPORTS_MEMORY_FAILURE |
| def_bool y |
| # MCE code calls memory_failure(): |
| depends on X86_MCE |
| # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags: |
| # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH: |
| depends on X86_64 || !SPARSEMEM |
| select ARCH_SUPPORTS_MEMORY_FAILURE |
| |
| config STA2X11 |
| bool "STA2X11 Companion Chip Support" |
| depends on X86_32_NON_STANDARD && PCI |
| select SWIOTLB |
| select MFD_STA2X11 |
| select GPIOLIB |
| help |
| This adds support for boards based on the STA2X11 IO-Hub, |
| a.k.a. "ConneXt". The chip is used in place of the standard |
| PC chipset, so all "standard" peripherals are missing. If this |
| option is selected the kernel will still be able to boot on |
| standard PC machines. |
| |
| config X86_32_IRIS |
| tristate "Eurobraille/Iris poweroff module" |
| depends on X86_32 |
| help |
| The Iris machines from EuroBraille do not have APM or ACPI support |
| to shut themselves down properly. A special I/O sequence is |
| needed to do so, which is what this module does at |
| kernel shutdown. |
| |
| This is only for Iris machines from EuroBraille. |
| |
| If unused, say N. |
| |
| config SCHED_OMIT_FRAME_POINTER |
| def_bool y |
| prompt "Single-depth WCHAN output" |
| depends on X86 |
| help |
| Calculate simpler /proc/<PID>/wchan values. If this option |
| is disabled then wchan values will recurse back to the |
| caller function. This provides more accurate wchan values, |
| at the expense of slightly more scheduling overhead. |
| |
| If in doubt, say "Y". |
| |
| menuconfig HYPERVISOR_GUEST |
| bool "Linux guest support" |
| help |
| Say Y here to enable options for running Linux under various hyper- |
| visors. This option enables basic hypervisor detection and platform |
| setup. |
| |
| If you say N, all options in this submenu will be skipped and |
| disabled, and Linux guest support won't be built in. |
| |
| if HYPERVISOR_GUEST |
| |
| config PARAVIRT |
| bool "Enable paravirtualization code" |
| depends on HAVE_STATIC_CALL |
| help |
| This changes the kernel so it can modify itself when it is run |
| under a hypervisor, potentially improving performance significantly |
| over full virtualization. However, when run without a hypervisor |
| the kernel is theoretically slower and slightly larger. |
| |
| config PARAVIRT_XXL |
| bool |
| |
| config PARAVIRT_DEBUG |
| bool "paravirt-ops debugging" |
| depends on PARAVIRT && DEBUG_KERNEL |
| help |
| Enable to debug paravirt_ops internals. Specifically, BUG if |
| a paravirt_op is missing when it is called. |
| |
| config PARAVIRT_SPINLOCKS |
| bool "Paravirtualization layer for spinlocks" |
| depends on PARAVIRT && SMP |
| help |
| Paravirtualized spinlocks allow a pvops backend to replace the |
| spinlock implementation with something virtualization-friendly |
| (for example, block the virtual CPU rather than spinning). |
| |
| It has a minimal impact on native kernels and gives a nice performance |
| benefit on paravirtualized KVM / Xen kernels. |
| |
| If you are unsure how to answer this question, answer Y. |
| |
| config X86_HV_CALLBACK_VECTOR |
| def_bool n |
| |
| source "arch/x86/xen/Kconfig" |
| |
| config KVM_GUEST |
| bool "KVM Guest support (including kvmclock)" |
| depends on PARAVIRT |
| select PARAVIRT_CLOCK |
| select ARCH_CPUIDLE_HALTPOLL |
| select X86_HV_CALLBACK_VECTOR |
| default y |
| help |
| This option enables various optimizations for running under the KVM |
| hypervisor. It includes a paravirtualized clock, so that instead |
| of relying on a PIT (or probably other) emulation by the |
| underlying device model, the host provides the guest with |
| timing infrastructure such as time of day, and system time |
| |
| config ARCH_CPUIDLE_HALTPOLL |
| def_bool n |
| prompt "Disable host haltpoll when loading haltpoll driver" |
| help |
| If virtualized under KVM, disable host haltpoll. |
| |
| config PVH |
| bool "Support for running PVH guests" |
| help |
| This option enables the PVH entry point for guest virtual machines |
| as specified in the x86/HVM direct boot ABI. |
| |
| config PARAVIRT_TIME_ACCOUNTING |
| bool "Paravirtual steal time accounting" |
| depends on PARAVIRT |
| help |
| Select this option to enable fine granularity task steal time |
| accounting. Time spent executing other tasks in parallel with |
| the current vCPU is discounted from the vCPU power. To account for |
| that, there can be a small performance impact. |
| |
| If in doubt, say N here. |
| |
| config PARAVIRT_CLOCK |
| bool |
| |
| config JAILHOUSE_GUEST |
| bool "Jailhouse non-root cell support" |
| depends on X86_64 && PCI |
| select X86_PM_TIMER |
| help |
| This option allows to run Linux as guest in a Jailhouse non-root |
| cell. You can leave this option disabled if you only want to start |
| Jailhouse and run Linux afterwards in the root cell. |
| |
| config ACRN_GUEST |
| bool "ACRN Guest support" |
| depends on X86_64 |
| select X86_HV_CALLBACK_VECTOR |
| help |
| This option allows to run Linux as guest in the ACRN hypervisor. ACRN is |
| a flexible, lightweight reference open-source hypervisor, built with |
| real-time and safety-criticality in mind. It is built for embedded |
| IOT with small footprint and real-time features. More details can be |
| found in https://projectacrn.org/. |
| |
| config INTEL_TDX_GUEST |
| bool "Intel TDX (Trust Domain Extensions) - Guest Support" |
| depends on X86_64 && CPU_SUP_INTEL |
| depends on X86_X2APIC |
| depends on EFI_STUB |
| select ARCH_HAS_CC_PLATFORM |
| select X86_MEM_ENCRYPT |
| select X86_MCE |
| select UNACCEPTED_MEMORY |
| help |
| Support running as a guest under Intel TDX. Without this support, |
| the guest kernel can not boot or run under TDX. |
| TDX includes memory encryption and integrity capabilities |
| which protect the confidentiality and integrity of guest |
| memory contents and CPU state. TDX guests are protected from |
| some attacks from the VMM. |
| |
| endif # HYPERVISOR_GUEST |
| |
| source "arch/x86/Kconfig.cpu" |
| |
| config HPET_TIMER |
| def_bool X86_64 |
| prompt "HPET Timer Support" if X86_32 |
| help |
| Use the IA-PC HPET (High Precision Event Timer) to manage |
| time in preference to the PIT and RTC, if a HPET is |
| present. |
| HPET is the next generation timer replacing legacy 8254s. |
| The HPET provides a stable time base on SMP |
| systems, unlike the TSC, but it is more expensive to access, |
| as it is off-chip. The interface used is documented |
| in the HPET spec, revision 1. |
| |
| You can safely choose Y here. However, HPET will only be |
| activated if the platform and the BIOS support this feature. |
| Otherwise the 8254 will be used for timing services. |
| |
| Choose N to continue using the legacy 8254 timer. |
| |
| config HPET_EMULATE_RTC |
| def_bool y |
| depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y) |
| |
| # Mark as expert because too many people got it wrong. |
| # The code disables itself when not needed. |
| config DMI |
| default y |
| select DMI_SCAN_MACHINE_NON_EFI_FALLBACK |
| bool "Enable DMI scanning" if EXPERT |
| help |
| Enabled scanning of DMI to identify machine quirks. Say Y |
| here unless you have verified that your setup is not |
| affected by entries in the DMI blacklist. Required by PNP |
| BIOS code. |
| |
| config GART_IOMMU |
| bool "Old AMD GART IOMMU support" |
| select DMA_OPS |
| select IOMMU_HELPER |
| select SWIOTLB |
| depends on X86_64 && PCI && AMD_NB |
| help |
| Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron |
| GART based hardware IOMMUs. |
| |
| The GART supports full DMA access for devices with 32-bit access |
| limitations, on systems with more than 3 GB. This is usually needed |
| for USB, sound, many IDE/SATA chipsets and some other devices. |
| |
| Newer systems typically have a modern AMD IOMMU, supported via |
| the CONFIG_AMD_IOMMU=y config option. |
| |
| In normal configurations this driver is only active when needed: |
| there's more than 3 GB of memory and the system contains a |
| 32-bit limited device. |
| |
| If unsure, say Y. |
| |
| config BOOT_VESA_SUPPORT |
| bool |
| help |
| If true, at least one selected framebuffer driver can take advantage |
| of VESA video modes set at an early boot stage via the vga= parameter. |
| |
| config MAXSMP |
| bool "Enable Maximum number of SMP Processors and NUMA Nodes" |
| depends on X86_64 && SMP && DEBUG_KERNEL |
| select CPUMASK_OFFSTACK |
| help |
| Enable maximum number of CPUS and NUMA Nodes for this architecture. |
| If unsure, say N. |
| |
| # |
| # The maximum number of CPUs supported: |
| # |
| # The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT, |
| # and which can be configured interactively in the |
| # [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range. |
| # |
| # The ranges are different on 32-bit and 64-bit kernels, depending on |
| # hardware capabilities and scalability features of the kernel. |
| # |
| # ( If MAXSMP is enabled we just use the highest possible value and disable |
| # interactive configuration. ) |
| # |
| |
| config NR_CPUS_RANGE_BEGIN |
| int |
| default NR_CPUS_RANGE_END if MAXSMP |
| default 1 if !SMP |
| default 2 |
| |
| config NR_CPUS_RANGE_END |
| int |
| depends on X86_32 |
| default 64 if SMP && X86_BIGSMP |
| default 8 if SMP && !X86_BIGSMP |
| default 1 if !SMP |
| |
| config NR_CPUS_RANGE_END |
| int |
| depends on X86_64 |
| default 8192 if SMP && CPUMASK_OFFSTACK |
| default 512 if SMP && !CPUMASK_OFFSTACK |
| default 1 if !SMP |
| |
| config NR_CPUS_DEFAULT |
| int |
| depends on X86_32 |
| default 32 if X86_BIGSMP |
| default 8 if SMP |
| default 1 if !SMP |
| |
| config NR_CPUS_DEFAULT |
| int |
| depends on X86_64 |
| default 8192 if MAXSMP |
| default 64 if SMP |
| default 1 if !SMP |
| |
| config NR_CPUS |
| int "Maximum number of CPUs" if SMP && !MAXSMP |
| range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END |
| default NR_CPUS_DEFAULT |
| help |
| This allows you to specify the maximum number of CPUs which this |
| kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum |
| supported value is 8192, otherwise the maximum value is 512. The |
| minimum value which makes sense is 2. |
| |
| This is purely to save memory: each supported CPU adds about 8KB |
| to the kernel image. |
| |
| config SCHED_CLUSTER |
| bool "Cluster scheduler support" |
| depends on SMP |
| default y |
| help |
| Cluster scheduler support improves the CPU scheduler's decision |
| making when dealing with machines that have clusters of CPUs. |
| Cluster usually means a couple of CPUs which are placed closely |
| by sharing mid-level caches, last-level cache tags or internal |
| busses. |
| |
| config SCHED_SMT |
| def_bool y if SMP |
| |
| config SCHED_MC |
| def_bool y |
| prompt "Multi-core scheduler support" |
| depends on SMP |
| help |
| Multi-core scheduler support improves the CPU scheduler's decision |
| making when dealing with multi-core CPU chips at a cost of slightly |
| increased overhead in some places. If unsure say N here. |
| |
| config SCHED_MC_PRIO |
| bool "CPU core priorities scheduler support" |
| depends on SCHED_MC |
| select X86_INTEL_PSTATE if CPU_SUP_INTEL |
| select X86_AMD_PSTATE if CPU_SUP_AMD && ACPI |
| select CPU_FREQ |
| default y |
| help |
| Intel Turbo Boost Max Technology 3.0 enabled CPUs have a |
| core ordering determined at manufacturing time, which allows |
| certain cores to reach higher turbo frequencies (when running |
| single threaded workloads) than others. |
| |
| Enabling this kernel feature teaches the scheduler about |
| the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the |
| scheduler's CPU selection logic accordingly, so that higher |
| overall system performance can be achieved. |
| |
| This feature will have no effect on CPUs without this feature. |
| |
| If unsure say Y here. |
| |
| config UP_LATE_INIT |
| def_bool y |
| depends on !SMP && X86_LOCAL_APIC |
| |
| config X86_UP_APIC |
| bool "Local APIC support on uniprocessors" if !PCI_MSI |
| default PCI_MSI |
| depends on X86_32 && !SMP && !X86_32_NON_STANDARD |
| help |
| A local APIC (Advanced Programmable Interrupt Controller) is an |
| integrated interrupt controller in the CPU. If you have a single-CPU |
| system which has a processor with a local APIC, you can say Y here to |
| enable and use it. If you say Y here even though your machine doesn't |
| have a local APIC, then the kernel will still run with no slowdown at |
| all. The local APIC supports CPU-generated self-interrupts (timer, |
| performance counters), and the NMI watchdog which detects hard |
| lockups. |
| |
| config X86_UP_IOAPIC |
| bool "IO-APIC support on uniprocessors" |
| depends on X86_UP_APIC |
| help |
| An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an |
| SMP-capable replacement for PC-style interrupt controllers. Most |
| SMP systems and many recent uniprocessor systems have one. |
| |
| If you have a single-CPU system with an IO-APIC, you can say Y here |
| to use it. If you say Y here even though your machine doesn't have |
| an IO-APIC, then the kernel will still run with no slowdown at all. |
| |
| config X86_LOCAL_APIC |
| def_bool y |
| depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI |
| select IRQ_DOMAIN_HIERARCHY |
| |
| config X86_IO_APIC |
| def_bool y |
| depends on X86_LOCAL_APIC || X86_UP_IOAPIC |
| |
| config X86_REROUTE_FOR_BROKEN_BOOT_IRQS |
| bool "Reroute for broken boot IRQs" |
| depends on X86_IO_APIC |
| help |
| This option enables a workaround that fixes a source of |
| spurious interrupts. This is recommended when threaded |
| interrupt handling is used on systems where the generation of |
| superfluous "boot interrupts" cannot be disabled. |
| |
| Some chipsets generate a legacy INTx "boot IRQ" when the IRQ |
| entry in the chipset's IO-APIC is masked (as, e.g. the RT |
| kernel does during interrupt handling). On chipsets where this |
| boot IRQ generation cannot be disabled, this workaround keeps |
| the original IRQ line masked so that only the equivalent "boot |
| IRQ" is delivered to the CPUs. The workaround also tells the |
| kernel to set up the IRQ handler on the boot IRQ line. In this |
| way only one interrupt is delivered to the kernel. Otherwise |
| the spurious second interrupt may cause the kernel to bring |
| down (vital) interrupt lines. |
| |
| Only affects "broken" chipsets. Interrupt sharing may be |
| increased on these systems. |
| |
| config X86_MCE |
| bool "Machine Check / overheating reporting" |
| select GENERIC_ALLOCATOR |
| default y |
| help |
| Machine Check support allows the processor to notify the |
| kernel if it detects a problem (e.g. overheating, data corruption). |
| The action the kernel takes depends on the severity of the problem, |
| ranging from warning messages to halting the machine. |
| |
| config X86_MCELOG_LEGACY |
| bool "Support for deprecated /dev/mcelog character device" |
| depends on X86_MCE |
| help |
| Enable support for /dev/mcelog which is needed by the old mcelog |
| userspace logging daemon. Consider switching to the new generation |
| rasdaemon solution. |
| |
| config X86_MCE_INTEL |
| def_bool y |
| prompt "Intel MCE features" |
| depends on X86_MCE && X86_LOCAL_APIC |
| help |
| Additional support for intel specific MCE features such as |
| the thermal monitor. |
| |
| config X86_MCE_AMD |
| def_bool y |
| prompt "AMD MCE features" |
| depends on X86_MCE && X86_LOCAL_APIC && AMD_NB |
| help |
| Additional support for AMD specific MCE features such as |
| the DRAM Error Threshold. |
| |
| config X86_ANCIENT_MCE |
| bool "Support for old Pentium 5 / WinChip machine checks" |
| depends on X86_32 && X86_MCE |
| help |
| Include support for machine check handling on old Pentium 5 or WinChip |
| systems. These typically need to be enabled explicitly on the command |
| line. |
| |
| config X86_MCE_THRESHOLD |
| depends on X86_MCE_AMD || X86_MCE_INTEL |
| def_bool y |
| |
| config X86_MCE_INJECT |
| depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS |
| tristate "Machine check injector support" |
| help |
| Provide support for injecting machine checks for testing purposes. |
| If you don't know what a machine check is and you don't do kernel |
| QA it is safe to say n. |
| |
| source "arch/x86/events/Kconfig" |
| |
| config X86_LEGACY_VM86 |
| bool "Legacy VM86 support" |
| depends on X86_32 |
| help |
| This option allows user programs to put the CPU into V8086 |
| mode, which is an 80286-era approximation of 16-bit real mode. |
| |
| Some very old versions of X and/or vbetool require this option |
| for user mode setting. Similarly, DOSEMU will use it if |
| available to accelerate real mode DOS programs. However, any |
| recent version of DOSEMU, X, or vbetool should be fully |
| functional even without kernel VM86 support, as they will all |
| fall back to software emulation. Nevertheless, if you are using |
| a 16-bit DOS program where 16-bit performance matters, vm86 |
| mode might be faster than emulation and you might want to |
| enable this option. |
| |
| Note that any app that works on a 64-bit kernel is unlikely to |
| need this option, as 64-bit kernels don't, and can't, support |
| V8086 mode. This option is also unrelated to 16-bit protected |
| mode and is not needed to run most 16-bit programs under Wine. |
| |
| Enabling this option increases the complexity of the kernel |
| and slows down exception handling a tiny bit. |
| |
| If unsure, say N here. |
| |
| config VM86 |
| bool |
| default X86_LEGACY_VM86 |
| |
| config X86_16BIT |
| bool "Enable support for 16-bit segments" if EXPERT |
| default y |
| depends on MODIFY_LDT_SYSCALL |
| help |
| This option is required by programs like Wine to run 16-bit |
| protected mode legacy code on x86 processors. Disabling |
| this option saves about 300 bytes on i386, or around 6K text |
| plus 16K runtime memory on x86-64, |
| |
| config X86_ESPFIX32 |
| def_bool y |
| depends on X86_16BIT && X86_32 |
| |
| config X86_ESPFIX64 |
| def_bool y |
| depends on X86_16BIT && X86_64 |
| |
| config X86_VSYSCALL_EMULATION |
| bool "Enable vsyscall emulation" if EXPERT |
| default y |
| depends on X86_64 |
| help |
| This enables emulation of the legacy vsyscall page. Disabling |
| it is roughly equivalent to booting with vsyscall=none, except |
| that it will also disable the helpful warning if a program |
| tries to use a vsyscall. With this option set to N, offending |
| programs will just segfault, citing addresses of the form |
| 0xffffffffff600?00. |
| |
| This option is required by many programs built before 2013, and |
| care should be used even with newer programs if set to N. |
| |
| Disabling this option saves about 7K of kernel size and |
| possibly 4K of additional runtime pagetable memory. |
| |
| config X86_IOPL_IOPERM |
| bool "IOPERM and IOPL Emulation" |
| default y |
| help |
| This enables the ioperm() and iopl() syscalls which are necessary |
| for legacy applications. |
| |
| Legacy IOPL support is an overbroad mechanism which allows user |
| space aside of accessing all 65536 I/O ports also to disable |
| interrupts. To gain this access the caller needs CAP_SYS_RAWIO |
| capabilities and permission from potentially active security |
| modules. |
| |
| The emulation restricts the functionality of the syscall to |
| only allowing the full range I/O port access, but prevents the |
| ability to disable interrupts from user space which would be |
| granted if the hardware IOPL mechanism would be used. |
| |
| config TOSHIBA |
| tristate "Toshiba Laptop support" |
| depends on X86_32 |
| help |
| This adds a driver to safely access the System Management Mode of |
| the CPU on Toshiba portables with a genuine Toshiba BIOS. It does |
| not work on models with a Phoenix BIOS. The System Management Mode |
| is used to set the BIOS and power saving options on Toshiba portables. |
| |
| For information on utilities to make use of this driver see the |
| Toshiba Linux utilities web site at: |
| <http://www.buzzard.org.uk/toshiba/>. |
| |
| Say Y if you intend to run this kernel on a Toshiba portable. |
| Say N otherwise. |
| |
| config X86_REBOOTFIXUPS |
| bool "Enable X86 board specific fixups for reboot" |
| depends on X86_32 |
| help |
| This enables chipset and/or board specific fixups to be done |
| in order to get reboot to work correctly. This is only needed on |
| some combinations of hardware and BIOS. The symptom, for which |
| this config is intended, is when reboot ends with a stalled/hung |
| system. |
| |
| Currently, the only fixup is for the Geode machines using |
| CS5530A and CS5536 chipsets and the RDC R-321x SoC. |
| |
| Say Y if you want to enable the fixup. Currently, it's safe to |
| enable this option even if you don't need it. |
| Say N otherwise. |
| |
| config MICROCODE |
| def_bool y |
| depends on CPU_SUP_AMD || CPU_SUP_INTEL |
| |
| config MICROCODE_INITRD32 |
| def_bool y |
| depends on MICROCODE && X86_32 && BLK_DEV_INITRD |
| |
| config MICROCODE_LATE_LOADING |
| bool "Late microcode loading (DANGEROUS)" |
| default n |
| depends on MICROCODE && SMP |
| help |
| Loading microcode late, when the system is up and executing instructions |
| is a tricky business and should be avoided if possible. Just the sequence |
| of synchronizing all cores and SMT threads is one fragile dance which does |
| not guarantee that cores might not softlock after the loading. Therefore, |
| use this at your own risk. Late loading taints the kernel unless the |
| microcode header indicates that it is safe for late loading via the |
| minimal revision check. This minimal revision check can be enforced on |
| the kernel command line with "microcode.minrev=Y". |
| |
| config MICROCODE_LATE_FORCE_MINREV |
| bool "Enforce late microcode loading minimal revision check" |
| default n |
| depends on MICROCODE_LATE_LOADING |
| help |
| To prevent that users load microcode late which modifies already |
| in use features, newer microcode patches have a minimum revision field |
| in the microcode header, which tells the kernel which minimum |
| revision must be active in the CPU to safely load that new microcode |
| late into the running system. If disabled the check will not |
| be enforced but the kernel will be tainted when the minimal |
| revision check fails. |
| |
| This minimal revision check can also be controlled via the |
| "microcode.minrev" parameter on the kernel command line. |
| |
| If unsure say Y. |
| |
| config X86_MSR |
| tristate "/dev/cpu/*/msr - Model-specific register support" |
| help |
| This device gives privileged processes access to the x86 |
| Model-Specific Registers (MSRs). It is a character device with |
| major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr. |
| MSR accesses are directed to a specific CPU on multi-processor |
| systems. |
| |
| config X86_CPUID |
| tristate "/dev/cpu/*/cpuid - CPU information support" |
| help |
| This device gives processes access to the x86 CPUID instruction to |
| be executed on a specific processor. It is a character device |
| with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to |
| /dev/cpu/31/cpuid. |
| |
| choice |
| prompt "High Memory Support" |
| default HIGHMEM4G |
| depends on X86_32 |
| |
| config NOHIGHMEM |
| bool "off" |
| help |
| Linux can use up to 64 Gigabytes of physical memory on x86 systems. |
| However, the address space of 32-bit x86 processors is only 4 |
| Gigabytes large. That means that, if you have a large amount of |
| physical memory, not all of it can be "permanently mapped" by the |
| kernel. The physical memory that's not permanently mapped is called |
| "high memory". |
| |
| If you are compiling a kernel which will never run on a machine with |
| more than 1 Gigabyte total physical RAM, answer "off" here (default |
| choice and suitable for most users). This will result in a "3GB/1GB" |
| split: 3GB are mapped so that each process sees a 3GB virtual memory |
| space and the remaining part of the 4GB virtual memory space is used |
| by the kernel to permanently map as much physical memory as |
| possible. |
| |
| If the machine has between 1 and 4 Gigabytes physical RAM, then |
| answer "4GB" here. |
| |
| If more than 4 Gigabytes is used then answer "64GB" here. This |
| selection turns Intel PAE (Physical Address Extension) mode on. |
| PAE implements 3-level paging on IA32 processors. PAE is fully |
| supported by Linux, PAE mode is implemented on all recent Intel |
| processors (Pentium Pro and better). NOTE: If you say "64GB" here, |
| then the kernel will not boot on CPUs that don't support PAE! |
| |
| The actual amount of total physical memory will either be |
| auto detected or can be forced by using a kernel command line option |
| such as "mem=256M". (Try "man bootparam" or see the documentation of |
| your boot loader (lilo or loadlin) about how to pass options to the |
| kernel at boot time.) |
| |
| If unsure, say "off". |
| |
| config HIGHMEM4G |
| bool "4GB" |
| help |
| Select this if you have a 32-bit processor and between 1 and 4 |
| gigabytes of physical RAM. |
| |
| config HIGHMEM64G |
| bool "64GB" |
| depends on X86_HAVE_PAE |
| select X86_PAE |
| help |
| Select this if you have a 32-bit processor and more than 4 |
| gigabytes of physical RAM. |
| |
| endchoice |
| |
| choice |
| prompt "Memory split" if EXPERT |
| default VMSPLIT_3G |
| depends on X86_32 |
| help |
| Select the desired split between kernel and user memory. |
| |
| If the address range available to the kernel is less than the |
| physical memory installed, the remaining memory will be available |
| as "high memory". Accessing high memory is a little more costly |
| than low memory, as it needs to be mapped into the kernel first. |
| Note that increasing the kernel address space limits the range |
| available to user programs, making the address space there |
| tighter. Selecting anything other than the default 3G/1G split |
| will also likely make your kernel incompatible with binary-only |
| kernel modules. |
| |
| If you are not absolutely sure what you are doing, leave this |
| option alone! |
| |
| config VMSPLIT_3G |
| bool "3G/1G user/kernel split" |
| config VMSPLIT_3G_OPT |
| depends on !X86_PAE |
| bool "3G/1G user/kernel split (for full 1G low memory)" |
| config VMSPLIT_2G |
| bool "2G/2G user/kernel split" |
| config VMSPLIT_2G_OPT |
| depends on !X86_PAE |
| bool "2G/2G user/kernel split (for full 2G low memory)" |
| config VMSPLIT_1G |
| bool "1G/3G user/kernel split" |
| endchoice |
| |
| config PAGE_OFFSET |
| hex |
| default 0xB0000000 if VMSPLIT_3G_OPT |
| default 0x80000000 if VMSPLIT_2G |
| default 0x78000000 if VMSPLIT_2G_OPT |
| default 0x40000000 if VMSPLIT_1G |
| default 0xC0000000 |
| depends on X86_32 |
| |
| config HIGHMEM |
| def_bool y |
| depends on X86_32 && (HIGHMEM64G || HIGHMEM4G) |
| |
| config X86_PAE |
| bool "PAE (Physical Address Extension) Support" |
| depends on X86_32 && X86_HAVE_PAE |
| select PHYS_ADDR_T_64BIT |
| select SWIOTLB |
| help |
| PAE is required for NX support, and furthermore enables |
| larger swapspace support for non-overcommit purposes. It |
| has the cost of more pagetable lookup overhead, and also |
| consumes more pagetable space per process. |
| |
| config X86_5LEVEL |
| bool "Enable 5-level page tables support" |
| default y |
| select DYNAMIC_MEMORY_LAYOUT |
| select SPARSEMEM_VMEMMAP |
| depends on X86_64 |
| help |
| 5-level paging enables access to larger address space: |
| up to 128 PiB of virtual address space and 4 PiB of |
| physical address space. |
| |
| It will be supported by future Intel CPUs. |
| |
| A kernel with the option enabled can be booted on machines that |
| support 4- or 5-level paging. |
| |
| See Documentation/arch/x86/x86_64/5level-paging.rst for more |
| information. |
| |
| Say N if unsure. |
| |
| config X86_DIRECT_GBPAGES |
| def_bool y |
| depends on X86_64 |
| help |
| Certain kernel features effectively disable kernel |
| linear 1 GB mappings (even if the CPU otherwise |
| supports them), so don't confuse the user by printing |
| that we have them enabled. |
| |
| config X86_CPA_STATISTICS |
| bool "Enable statistic for Change Page Attribute" |
| depends on DEBUG_FS |
| help |
| Expose statistics about the Change Page Attribute mechanism, which |
| helps to determine the effectiveness of preserving large and huge |
| page mappings when mapping protections are changed. |
| |
| config X86_MEM_ENCRYPT |
| select ARCH_HAS_FORCE_DMA_UNENCRYPTED |
| select DYNAMIC_PHYSICAL_MASK |
| def_bool n |
| |
| config AMD_MEM_ENCRYPT |
| bool "AMD Secure Memory Encryption (SME) support" |
| depends on X86_64 && CPU_SUP_AMD |
| depends on EFI_STUB |
| select DMA_COHERENT_POOL |
| select ARCH_USE_MEMREMAP_PROT |
| select INSTRUCTION_DECODER |
| select ARCH_HAS_CC_PLATFORM |
| select X86_MEM_ENCRYPT |
| select UNACCEPTED_MEMORY |
| help |
| Say yes to enable support for the encryption of system memory. |
| This requires an AMD processor that supports Secure Memory |
| Encryption (SME). |
| |
| # Common NUMA Features |
| config NUMA |
| bool "NUMA Memory Allocation and Scheduler Support" |
| depends on SMP |
| depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP) |
| default y if X86_BIGSMP |
| select USE_PERCPU_NUMA_NODE_ID |
| select OF_NUMA if OF |
| help |
| Enable NUMA (Non-Uniform Memory Access) support. |
| |
| The kernel will try to allocate memory used by a CPU on the |
| local memory controller of the CPU and add some more |
| NUMA awareness to the kernel. |
| |
| For 64-bit this is recommended if the system is Intel Core i7 |
| (or later), AMD Opteron, or EM64T NUMA. |
| |
| For 32-bit this is only needed if you boot a 32-bit |
| kernel on a 64-bit NUMA platform. |
| |
| Otherwise, you should say N. |
| |
| config AMD_NUMA |
| def_bool y |
| prompt "Old style AMD Opteron NUMA detection" |
| depends on X86_64 && NUMA && PCI |
| help |
| Enable AMD NUMA node topology detection. You should say Y here if |
| you have a multi processor AMD system. This uses an old method to |
| read the NUMA configuration directly from the builtin Northbridge |
| of Opteron. It is recommended to use X86_64_ACPI_NUMA instead, |
| which also takes priority if both are compiled in. |
| |
| config X86_64_ACPI_NUMA |
| def_bool y |
| prompt "ACPI NUMA detection" |
| depends on X86_64 && NUMA && ACPI && PCI |
| select ACPI_NUMA |
| help |
| Enable ACPI SRAT based node topology detection. |
| |
| config NUMA_EMU |
| bool "NUMA emulation" |
| depends on NUMA |
| help |
| Enable NUMA emulation. A flat machine will be split |
| into virtual nodes when booted with "numa=fake=N", where N is the |
| number of nodes. This is only useful for debugging. |
| |
| config NODES_SHIFT |
| int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP |
| range 1 10 |
| default "10" if MAXSMP |
| default "6" if X86_64 |
| default "3" |
| depends on NUMA |
| help |
| Specify the maximum number of NUMA Nodes available on the target |
| system. Increases memory reserved to accommodate various tables. |
| |
| config ARCH_FLATMEM_ENABLE |
| def_bool y |
| depends on X86_32 && !NUMA |
| |
| config ARCH_SPARSEMEM_ENABLE |
| def_bool y |
| depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD |
| select SPARSEMEM_STATIC if X86_32 |
| select SPARSEMEM_VMEMMAP_ENABLE if X86_64 |
| |
| config ARCH_SPARSEMEM_DEFAULT |
| def_bool X86_64 || (NUMA && X86_32) |
| |
| config ARCH_SELECT_MEMORY_MODEL |
| def_bool y |
| depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE |
| |
| config ARCH_MEMORY_PROBE |
| bool "Enable sysfs memory/probe interface" |
| depends on MEMORY_HOTPLUG |
| help |
| This option enables a sysfs memory/probe interface for testing. |
| See Documentation/admin-guide/mm/memory-hotplug.rst for more information. |
| If you are unsure how to answer this question, answer N. |
| |
| config ARCH_PROC_KCORE_TEXT |
| def_bool y |
| depends on X86_64 && PROC_KCORE |
| |
| config ILLEGAL_POINTER_VALUE |
| hex |
| default 0 if X86_32 |
| default 0xdead000000000000 if X86_64 |
| |
| config X86_PMEM_LEGACY_DEVICE |
| bool |
| |
| config X86_PMEM_LEGACY |
| tristate "Support non-standard NVDIMMs and ADR protected memory" |
| depends on PHYS_ADDR_T_64BIT |
| depends on BLK_DEV |
| select X86_PMEM_LEGACY_DEVICE |
| select NUMA_KEEP_MEMINFO if NUMA |
| select LIBNVDIMM |
| help |
| Treat memory marked using the non-standard e820 type of 12 as used |
| by the Intel Sandy Bridge-EP reference BIOS as protected memory. |
| The kernel will offer these regions to the 'pmem' driver so |
| they can be used for persistent storage. |
| |
| Say Y if unsure. |
| |
| config HIGHPTE |
| bool "Allocate 3rd-level pagetables from highmem" |
| depends on HIGHMEM |
| help |
| The VM uses one page table entry for each page of physical memory. |
| For systems with a lot of RAM, this can be wasteful of precious |
| low memory. Setting this option will put user-space page table |
| entries in high memory. |
| |
| config X86_CHECK_BIOS_CORRUPTION |
| bool "Check for low memory corruption" |
| help |
| Periodically check for memory corruption in low memory, which |
| is suspected to be caused by BIOS. Even when enabled in the |
| configuration, it is disabled at runtime. Enable it by |
| setting "memory_corruption_check=1" on the kernel command |
| line. By default it scans the low 64k of memory every 60 |
| seconds; see the memory_corruption_check_size and |
| memory_corruption_check_period parameters in |
| Documentation/admin-guide/kernel-parameters.rst to adjust this. |
| |
| When enabled with the default parameters, this option has |
| almost no overhead, as it reserves a relatively small amount |
| of memory and scans it infrequently. It both detects corruption |
| and prevents it from affecting the running system. |
| |
| It is, however, intended as a diagnostic tool; if repeatable |
| BIOS-originated corruption always affects the same memory, |
| you can use memmap= to prevent the kernel from using that |
| memory. |
| |
| config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK |
| bool "Set the default setting of memory_corruption_check" |
| depends on X86_CHECK_BIOS_CORRUPTION |
| default y |
| help |
| Set whether the default state of memory_corruption_check is |
| on or off. |
| |
| config MATH_EMULATION |
| bool |
| depends on MODIFY_LDT_SYSCALL |
| prompt "Math emulation" if X86_32 && (M486SX || MELAN) |
| help |
| Linux can emulate a math coprocessor (used for floating point |
| operations) if you don't have one. 486DX and Pentium processors have |
| a math coprocessor built in, 486SX and 386 do not, unless you added |
| a 487DX or 387, respectively. (The messages during boot time can |
| give you some hints here ["man dmesg"].) Everyone needs either a |
| coprocessor or this emulation. |
| |
| If you don't have a math coprocessor, you need to say Y here; if you |
| say Y here even though you have a coprocessor, the coprocessor will |
| be used nevertheless. (This behavior can be changed with the kernel |
| command line option "no387", which comes handy if your coprocessor |
| is broken. Try "man bootparam" or see the documentation of your boot |
| loader (lilo or loadlin) about how to pass options to the kernel at |
| boot time.) This means that it is a good idea to say Y here if you |
| intend to use this kernel on different machines. |
| |
| More information about the internals of the Linux math coprocessor |
| emulation can be found in <file:arch/x86/math-emu/README>. |
| |
| If you are not sure, say Y; apart from resulting in a 66 KB bigger |
| kernel, it won't hurt. |
| |
| config MTRR |
| def_bool y |
| prompt "MTRR (Memory Type Range Register) support" if EXPERT |
| help |
| On Intel P6 family processors (Pentium Pro, Pentium II and later) |
| the Memory Type Range Registers (MTRRs) may be used to control |
| processor access to memory ranges. This is most useful if you have |
| a video (VGA) card on a PCI or AGP bus. Enabling write-combining |
| allows bus write transfers to be combined into a larger transfer |
| before bursting over the PCI/AGP bus. This can increase performance |
| of image write operations 2.5 times or more. Saying Y here creates a |
| /proc/mtrr file which may be used to manipulate your processor's |
| MTRRs. Typically the X server should use this. |
| |
| This code has a reasonably generic interface so that similar |
| control registers on other processors can be easily supported |
| as well: |
| |
| The Cyrix 6x86, 6x86MX and M II processors have Address Range |
| Registers (ARRs) which provide a similar functionality to MTRRs. For |
| these, the ARRs are used to emulate the MTRRs. |
| The AMD K6-2 (stepping 8 and above) and K6-3 processors have two |
| MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing |
| write-combining. All of these processors are supported by this code |
| and it makes sense to say Y here if you have one of them. |
| |
| Saying Y here also fixes a problem with buggy SMP BIOSes which only |
| set the MTRRs for the boot CPU and not for the secondary CPUs. This |
| can lead to all sorts of problems, so it's good to say Y here. |
| |
| You can safely say Y even if your machine doesn't have MTRRs, you'll |
| just add about 9 KB to your kernel. |
| |
| See <file:Documentation/arch/x86/mtrr.rst> for more information. |
| |
| config MTRR_SANITIZER |
| def_bool y |
| prompt "MTRR cleanup support" |
| depends on MTRR |
| help |
| Convert MTRR layout from continuous to discrete, so X drivers can |
| add writeback entries. |
| |
| Can be disabled with disable_mtrr_cleanup on the kernel command line. |
| The largest mtrr entry size for a continuous block can be set with |
| mtrr_chunk_size. |
| |
| If unsure, say Y. |
| |
| config MTRR_SANITIZER_ENABLE_DEFAULT |
| int "MTRR cleanup enable value (0-1)" |
| range 0 1 |
| default "0" |
| depends on MTRR_SANITIZER |
| help |
| Enable mtrr cleanup default value |
| |
| config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT |
| int "MTRR cleanup spare reg num (0-7)" |
| range 0 7 |
| default "1" |
| depends on MTRR_SANITIZER |
| help |
| mtrr cleanup spare entries default, it can be changed via |
| mtrr_spare_reg_nr=N on the kernel command line. |
| |
| config X86_PAT |
| def_bool y |
| prompt "x86 PAT support" if EXPERT |
| depends on MTRR |
| help |
| Use PAT attributes to setup page level cache control. |
| |
| PATs are the modern equivalents of MTRRs and are much more |
| flexible than MTRRs. |
| |
| Say N here if you see bootup problems (boot crash, boot hang, |
| spontaneous reboots) or a non-working video driver. |
| |
| If unsure, say Y. |
| |
| config ARCH_USES_PG_UNCACHED |
| def_bool y |
| depends on X86_PAT |
| |
| config X86_UMIP |
| def_bool y |
| prompt "User Mode Instruction Prevention" if EXPERT |
| help |
| User Mode Instruction Prevention (UMIP) is a security feature in |
| some x86 processors. If enabled, a general protection fault is |
| issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are |
| executed in user mode. These instructions unnecessarily expose |
| information about the hardware state. |
| |
| The vast majority of applications do not use these instructions. |
| For the very few that do, software emulation is provided in |
| specific cases in protected and virtual-8086 modes. Emulated |
| results are dummy. |
| |
| config CC_HAS_IBT |
| # GCC >= 9 and binutils >= 2.29 |
| # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 |
| # Clang/LLVM >= 14 |
| # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f |
| # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332 |
| def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \ |
| (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \ |
| $(as-instr,endbr64) |
| |
| config X86_CET |
| def_bool n |
| help |
| CET features configured (Shadow stack or IBT) |
| |
| config X86_KERNEL_IBT |
| prompt "Indirect Branch Tracking" |
| def_bool y |
| depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL |
| # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f |
| depends on !LD_IS_LLD || LLD_VERSION >= 140000 |
| select OBJTOOL |
| select X86_CET |
| help |
| Build the kernel with support for Indirect Branch Tracking, a |
| hardware support course-grain forward-edge Control Flow Integrity |
| protection. It enforces that all indirect calls must land on |
| an ENDBR instruction, as such, the compiler will instrument the |
| code with them to make this happen. |
| |
| In addition to building the kernel with IBT, seal all functions that |
| are not indirect call targets, avoiding them ever becoming one. |
| |
| This requires LTO like objtool runs and will slow down the build. It |
| does significantly reduce the number of ENDBR instructions in the |
| kernel image. |
| |
| config X86_INTEL_MEMORY_PROTECTION_KEYS |
| prompt "Memory Protection Keys" |
| def_bool y |
| # Note: only available in 64-bit mode |
| depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD) |
| select ARCH_USES_HIGH_VMA_FLAGS |
| select ARCH_HAS_PKEYS |
| help |
| Memory Protection Keys provides a mechanism for enforcing |
| page-based protections, but without requiring modification of the |
| page tables when an application changes protection domains. |
| |
| For details, see Documentation/core-api/protection-keys.rst |
| |
| If unsure, say y. |
| |
| choice |
| prompt "TSX enable mode" |
| depends on CPU_SUP_INTEL |
| default X86_INTEL_TSX_MODE_OFF |
| help |
| Intel's TSX (Transactional Synchronization Extensions) feature |
| allows to optimize locking protocols through lock elision which |
| can lead to a noticeable performance boost. |
| |
| On the other hand it has been shown that TSX can be exploited |
| to form side channel attacks (e.g. TAA) and chances are there |
| will be more of those attacks discovered in the future. |
| |
| Therefore TSX is not enabled by default (aka tsx=off). An admin |
| might override this decision by tsx=on the command line parameter. |
| Even with TSX enabled, the kernel will attempt to enable the best |
| possible TAA mitigation setting depending on the microcode available |
| for the particular machine. |
| |
| This option allows to set the default tsx mode between tsx=on, =off |
| and =auto. See Documentation/admin-guide/kernel-parameters.txt for more |
| details. |
| |
| Say off if not sure, auto if TSX is in use but it should be used on safe |
| platforms or on if TSX is in use and the security aspect of tsx is not |
| relevant. |
| |
| config X86_INTEL_TSX_MODE_OFF |
| bool "off" |
| help |
| TSX is disabled if possible - equals to tsx=off command line parameter. |
| |
| config X86_INTEL_TSX_MODE_ON |
| bool "on" |
| help |
| TSX is always enabled on TSX capable HW - equals the tsx=on command |
| line parameter. |
| |
| config X86_INTEL_TSX_MODE_AUTO |
| bool "auto" |
| help |
| TSX is enabled on TSX capable HW that is believed to be safe against |
| side channel attacks- equals the tsx=auto command line parameter. |
| endchoice |
| |
| config X86_SGX |
| bool "Software Guard eXtensions (SGX)" |
| depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC |
| depends on CRYPTO=y |
| depends on CRYPTO_SHA256=y |
| select MMU_NOTIFIER |
| select NUMA_KEEP_MEMINFO if NUMA |
| select XARRAY_MULTI |
| help |
| Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions |
| that can be used by applications to set aside private regions of code |
| and data, referred to as enclaves. An enclave's private memory can |
| only be accessed by code running within the enclave. Accesses from |
| outside the enclave, including other enclaves, are disallowed by |
| hardware. |
| |
| If unsure, say N. |
| |
| config X86_USER_SHADOW_STACK |
| bool "X86 userspace shadow stack" |
| depends on AS_WRUSS |
| depends on X86_64 |
| select ARCH_USES_HIGH_VMA_FLAGS |
| select X86_CET |
| help |
| Shadow stack protection is a hardware feature that detects function |
| return address corruption. This helps mitigate ROP attacks. |
| Applications must be enabled to use it, and old userspace does not |
| get protection "for free". |
| |
| CPUs supporting shadow stacks were first released in 2020. |
| |
| See Documentation/arch/x86/shstk.rst for more information. |
| |
| If unsure, say N. |
| |
| config INTEL_TDX_HOST |
| bool "Intel Trust Domain Extensions (TDX) host support" |
| depends on CPU_SUP_INTEL |
| depends on X86_64 |
| depends on KVM_INTEL |
| depends on X86_X2APIC |
| select ARCH_KEEP_MEMBLOCK |
| depends on CONTIG_ALLOC |
| depends on !KEXEC_CORE |
| depends on X86_MCE |
| help |
| Intel Trust Domain Extensions (TDX) protects guest VMs from malicious |
| host and certain physical attacks. This option enables necessary TDX |
| support in the host kernel to run confidential VMs. |
| |
| If unsure, say N. |
| |
| config EFI |
| bool "EFI runtime service support" |
| depends on ACPI |
| select UCS2_STRING |
| select EFI_RUNTIME_WRAPPERS |
| select ARCH_USE_MEMREMAP_PROT |
| select EFI_RUNTIME_MAP if KEXEC_CORE |
| help |
| This enables the kernel to use EFI runtime services that are |
| available (such as the EFI variable services). |
| |
| This option is only useful on systems that have EFI firmware. |
| In addition, you should use the latest ELILO loader available |
| at <http://elilo.sourceforge.net> in order to take advantage |
| of EFI runtime services. However, even with this option, the |
| resultant kernel should continue to boot on existing non-EFI |
| platforms. |
| |
| config EFI_STUB |
| bool "EFI stub support" |
| depends on EFI |
| select RELOCATABLE |
| help |
| This kernel feature allows a bzImage to be loaded directly |
| by EFI firmware without the use of a bootloader. |
| |
| See Documentation/admin-guide/efi-stub.rst for more information. |
| |
| config EFI_HANDOVER_PROTOCOL |
| bool "EFI handover protocol (DEPRECATED)" |
| depends on EFI_STUB |
| default y |
| help |
| Select this in order to include support for the deprecated EFI |
| handover protocol, which defines alternative entry points into the |
| EFI stub. This is a practice that has no basis in the UEFI |
| specification, and requires a priori knowledge on the part of the |
| bootloader about Linux/x86 specific ways of passing the command line |
| and initrd, and where in memory those assets may be loaded. |
| |
| If in doubt, say Y. Even though the corresponding support is not |
| present in upstream GRUB or other bootloaders, most distros build |
| GRUB with numerous downstream patches applied, and may rely on the |
| handover protocol as as result. |
| |
| config EFI_MIXED |
| bool "EFI mixed-mode support" |
| depends on EFI_STUB && X86_64 |
| help |
| Enabling this feature allows a 64-bit kernel to be booted |
| on a 32-bit firmware, provided that your CPU supports 64-bit |
| mode. |
| |
| Note that it is not possible to boot a mixed-mode enabled |
| kernel via the EFI boot stub - a bootloader that supports |
| the EFI handover protocol must be used. |
| |
| If unsure, say N. |
| |
| config EFI_FAKE_MEMMAP |
| bool "Enable EFI fake memory map" |
| depends on EFI |
| help |
| Saying Y here will enable "efi_fake_mem" boot option. By specifying |
| this parameter, you can add arbitrary attribute to specific memory |
| range by updating original (firmware provided) EFI memmap. This is |
| useful for debugging of EFI memmap related feature, e.g., Address |
| Range Mirroring feature. |
| |
| config EFI_MAX_FAKE_MEM |
| int "maximum allowable number of ranges in efi_fake_mem boot option" |
| depends on EFI_FAKE_MEMMAP |
| range 1 128 |
| default 8 |
| help |
| Maximum allowable number of ranges in efi_fake_mem boot option. |
| Ranges can be set up to this value using comma-separated list. |
| The default value is 8. |
| |
| config EFI_RUNTIME_MAP |
| bool "Export EFI runtime maps to sysfs" if EXPERT |
| depends on EFI |
| help |
| Export EFI runtime memory regions to /sys/firmware/efi/runtime-map. |
| That memory map is required by the 2nd kernel to set up EFI virtual |
| mappings after kexec, but can also be used for debugging purposes. |
| |
| See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map. |
| |
| source "kernel/Kconfig.hz" |
| |
| config ARCH_SUPPORTS_KEXEC |
| def_bool y |
| |
| config ARCH_SUPPORTS_KEXEC_FILE |
| def_bool X86_64 |
| |
| config ARCH_SELECTS_KEXEC_FILE |
| def_bool y |
| depends on KEXEC_FILE |
| select HAVE_IMA_KEXEC if IMA |
| |
| config ARCH_SUPPORTS_KEXEC_PURGATORY |
| def_bool y |
| |
| config ARCH_SUPPORTS_KEXEC_SIG |
| def_bool y |
| |
| config ARCH_SUPPORTS_KEXEC_SIG_FORCE |
| def_bool y |
| |
| config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG |
| def_bool y |
| |
| config ARCH_SUPPORTS_KEXEC_JUMP |
| def_bool y |
| |
| config ARCH_SUPPORTS_CRASH_DUMP |
| def_bool X86_64 || (X86_32 && HIGHMEM) |
| |
| config ARCH_SUPPORTS_CRASH_HOTPLUG |
| def_bool y |
| |
| config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION |
| def_bool CRASH_RESERVE |
| |
| config PHYSICAL_START |
| hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) |
| default "0x1000000" |
| help |
| This gives the physical address where the kernel is loaded. |
| |
| If the kernel is not relocatable (CONFIG_RELOCATABLE=n) then bzImage |
| will decompress itself to above physical address and run from there. |
| Otherwise, bzImage will run from the address where it has been loaded |
| by the boot loader. The only exception is if it is loaded below the |
| above physical address, in which case it will relocate itself there. |
| |
| In normal kdump cases one does not have to set/change this option |
| as now bzImage can be compiled as a completely relocatable image |
| (CONFIG_RELOCATABLE=y) and be used to load and run from a different |
| address. This option is mainly useful for the folks who don't want |
| to use a bzImage for capturing the crash dump and want to use a |
| vmlinux instead. vmlinux is not relocatable hence a kernel needs |
| to be specifically compiled to run from a specific memory area |
| (normally a reserved region) and this option comes handy. |
| |
| So if you are using bzImage for capturing the crash dump, |
| leave the value here unchanged to 0x1000000 and set |
| CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux |
| for capturing the crash dump change this value to start of |
| the reserved region. In other words, it can be set based on |
| the "X" value as specified in the "crashkernel=YM@XM" |
| command line boot parameter passed to the panic-ed |
| kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst |
| for more details about crash dumps. |
| |
| Usage of bzImage for capturing the crash dump is recommended as |
| one does not have to build two kernels. Same kernel can be used |
| as production kernel and capture kernel. Above option should have |
| gone away after relocatable bzImage support is introduced. But it |
| is present because there are users out there who continue to use |
| vmlinux for dump capture. This option should go away down the |
| line. |
| |
| Don't change this unless you know what you are doing. |
| |
| config RELOCATABLE |
| bool "Build a relocatable kernel" |
| default y |
| help |
| This builds a kernel image that retains relocation information |
| so it can be loaded someplace besides the default 1MB. |
| The relocations tend to make the kernel binary about 10% larger, |
| but are discarded at runtime. |
| |
| One use is for the kexec on panic case where the recovery kernel |
| must live at a different physical address than the primary |
| kernel. |
| |
| Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address |
| it has been loaded at and the compile time physical address |
| (CONFIG_PHYSICAL_START) is used as the minimum location. |
| |
| config RANDOMIZE_BASE |
| bool "Randomize the address of the kernel image (KASLR)" |
| depends on RELOCATABLE |
| default y |
| help |
| In support of Kernel Address Space Layout Randomization (KASLR), |
| this randomizes the physical address at which the kernel image |
| is decompressed and the virtual address where the kernel |
| image is mapped, as a security feature that deters exploit |
| attempts relying on knowledge of the location of kernel |
| code internals. |
| |
| On 64-bit, the kernel physical and virtual addresses are |
| randomized separately. The physical address will be anywhere |
| between 16MB and the top of physical memory (up to 64TB). The |
| virtual address will be randomized from 16MB up to 1GB (9 bits |
| of entropy). Note that this also reduces the memory space |
| available to kernel modules from 1.5GB to 1GB. |
| |
| On 32-bit, the kernel physical and virtual addresses are |
| randomized together. They will be randomized from 16MB up to |
| 512MB (8 bits of entropy). |
| |
| Entropy is generated using the RDRAND instruction if it is |
| supported. If RDTSC is supported, its value is mixed into |
| the entropy pool as well. If neither RDRAND nor RDTSC are |
| supported, then entropy is read from the i8254 timer. The |
| usable entropy is limited by the kernel being built using |
| 2GB addressing, and that PHYSICAL_ALIGN must be at a |
| minimum of 2MB. As a result, only 10 bits of entropy are |
| theoretically possible, but the implementations are further |
| limited due to memory layouts. |
| |
| If unsure, say Y. |
| |
| # Relocation on x86 needs some additional build support |
| config X86_NEED_RELOCS |
| def_bool y |
| depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE) |
| |
| config PHYSICAL_ALIGN |
| hex "Alignment value to which kernel should be aligned" |
| default "0x200000" |
| range 0x2000 0x1000000 if X86_32 |
| range 0x200000 0x1000000 if X86_64 |
| help |
| This value puts the alignment restrictions on physical address |
| where kernel is loaded and run from. Kernel is compiled for an |
| address which meets above alignment restriction. |
| |
| If bootloader loads the kernel at a non-aligned address and |
| CONFIG_RELOCATABLE is set, kernel will move itself to nearest |
| address aligned to above value and run from there. |
| |
| If bootloader loads the kernel at a non-aligned address and |
| CONFIG_RELOCATABLE is not set, kernel will ignore the run time |
| load address and decompress itself to the address it has been |
| compiled for and run from there. The address for which kernel is |
| compiled already meets above alignment restrictions. Hence the |
| end result is that kernel runs from a physical address meeting |
| above alignment restrictions. |
| |
| On 32-bit this value must be a multiple of 0x2000. On 64-bit |
| this value must be a multiple of 0x200000. |
| |
| Don't change this unless you know what you are doing. |
| |
| config DYNAMIC_MEMORY_LAYOUT |
| bool |
| help |
| This option makes base addresses of vmalloc and vmemmap as well as |
| __PAGE_OFFSET movable during boot. |
| |
| config RANDOMIZE_MEMORY |
| bool "Randomize the kernel memory sections" |
| depends on X86_64 |
| depends on RANDOMIZE_BASE |
| select DYNAMIC_MEMORY_LAYOUT |
| default RANDOMIZE_BASE |
| help |
| Randomizes the base virtual address of kernel memory sections |
| (physical memory mapping, vmalloc & vmemmap). This security feature |
| makes exploits relying on predictable memory locations less reliable. |
| |
| The order of allocations remains unchanged. Entropy is generated in |
| the same way as RANDOMIZE_BASE. Current implementation in the optimal |
| configuration have in average 30,000 different possible virtual |
| addresses for each memory section. |
| |
| If unsure, say Y. |
| |
| config RANDOMIZE_MEMORY_PHYSICAL_PADDING |
| hex "Physical memory mapping padding" if EXPERT |
| depends on RANDOMIZE_MEMORY |
| default "0xa" if MEMORY_HOTPLUG |
| default "0x0" |
| range 0x1 0x40 if MEMORY_HOTPLUG |
| range 0x0 0x40 |
| help |
| Define the padding in terabytes added to the existing physical |
| memory size during kernel memory randomization. It is useful |
| for memory hotplug support but reduces the entropy available for |
| address randomization. |
| |
| If unsure, leave at the default value. |
| |
| config ADDRESS_MASKING |
| bool "Linear Address Masking support" |
| depends on X86_64 |
| help |
| Linear Address Masking (LAM) modifies the checking that is applied |
| to 64-bit linear addresses, allowing software to use of the |
| untranslated address bits for metadata. |
| |
| The capability can be used for efficient address sanitizers (ASAN) |
| implementation and for optimizations in JITs. |
| |
| config HOTPLUG_CPU |
| def_bool y |
| depends on SMP |
| |
| config COMPAT_VDSO |
| def_bool n |
| prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" |
| depends on COMPAT_32 |
| help |
| Certain buggy versions of glibc will crash if they are |
| presented with a 32-bit vDSO that is not mapped at the address |
| indicated in its segment table. |
| |
| The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a |
| and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and |
| 49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is |
| the only released version with the bug, but OpenSUSE 9 |
| contains a buggy "glibc 2.3.2". |
| |
| The symptom of the bug is that everything crashes on startup, saying: |
| dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed! |
| |
| Saying Y here changes the default value of the vdso32 boot |
| option from 1 to 0, which turns off the 32-bit vDSO entirely. |
| This works around the glibc bug but hurts performance. |
| |
| If unsure, say N: if you are compiling your own kernel, you |
| are unlikely to be using a buggy version of glibc. |
| |
| choice |
| prompt "vsyscall table for legacy applications" |
| depends on X86_64 |
| default LEGACY_VSYSCALL_XONLY |
| help |
| Legacy user code that does not know how to find the vDSO expects |
| to be able to issue three syscalls by calling fixed addresses in |
| kernel space. Since this location is not randomized with ASLR, |
| it can be used to assist security vulnerability exploitation. |
| |
| This setting can be changed at boot time via the kernel command |
| line parameter vsyscall=[emulate|xonly|none]. Emulate mode |
| is deprecated and can only be enabled using the kernel command |
| line. |
| |
| On a system with recent enough glibc (2.14 or newer) and no |
| static binaries, you can say None without a performance penalty |
| to improve security. |
| |
| If unsure, select "Emulate execution only". |
| |
| config LEGACY_VSYSCALL_XONLY |
| bool "Emulate execution only" |
| help |
| The kernel traps and emulates calls into the fixed vsyscall |
| address mapping and does not allow reads. This |
| configuration is recommended when userspace might use the |
| legacy vsyscall area but support for legacy binary |
| instrumentation of legacy code is not needed. It mitigates |
| certain uses of the vsyscall area as an ASLR-bypassing |
| buffer. |
| |
| config LEGACY_VSYSCALL_NONE |
| bool "None" |
| help |
| There will be no vsyscall mapping at all. This will |
| eliminate any risk of ASLR bypass due to the vsyscall |
| fixed address mapping. Attempts to use the vsyscalls |
| will be reported to dmesg, so that either old or |
| malicious userspace programs can be identified. |
| |
| endchoice |
| |
| config CMDLINE_BOOL |
| bool "Built-in kernel command line" |
| help |
| Allow for specifying boot arguments to the kernel at |
| build time. On some systems (e.g. embedded ones), it is |
| necessary or convenient to provide some or all of the |
| kernel boot arguments with the kernel itself (that is, |
| to not rely on the boot loader to provide them.) |
| |
| To compile command line arguments into the kernel, |
| set this option to 'Y', then fill in the |
| boot arguments in CONFIG_CMDLINE. |
| |
| Systems with fully functional boot loaders (i.e. non-embedded) |
| should leave this option set to 'N'. |
| |
| config CMDLINE |
| string "Built-in kernel command string" |
| depends on CMDLINE_BOOL |
| default "" |
| help |
| Enter arguments here that should be compiled into the kernel |
| image and used at boot time. If the boot loader provides a |
| command line at boot time, it is appended to this string to |
| form the full kernel command line, when the system boots. |
| |
| However, you can use the CONFIG_CMDLINE_OVERRIDE option to |
| change this behavior. |
| |
| In most cases, the command line (whether built-in or provided |
| by the boot loader) should specify the device for the root |
| file system. |
| |
| config CMDLINE_OVERRIDE |
| bool "Built-in command line overrides boot loader arguments" |
| depends on CMDLINE_BOOL && CMDLINE != "" |
| help |
| Set this option to 'Y' to have the kernel ignore the boot loader |
| command line, and use ONLY the built-in command line. |
| |
| This is used to work around broken boot loaders. This should |
| be set to 'N' under normal conditions. |
| |
| config MODIFY_LDT_SYSCALL |
| bool "Enable the LDT (local descriptor table)" if EXPERT |
| default y |
| help |
| Linux can allow user programs to install a per-process x86 |
| Local Descriptor Table (LDT) using the modify_ldt(2) system |
| call. This is required to run 16-bit or segmented code such as |
| DOSEMU or some Wine programs. It is also used by some very old |
| threading libraries. |
| |
| Enabling this feature adds a small amount of overhead to |
| context switches and increases the low-level kernel attack |
| surface. Disabling it removes the modify_ldt(2) system call. |
| |
| Saying 'N' here may make sense for embedded or server kernels. |
| |
| config STRICT_SIGALTSTACK_SIZE |
| bool "Enforce strict size checking for sigaltstack" |
| depends on DYNAMIC_SIGFRAME |
| help |
| For historical reasons MINSIGSTKSZ is a constant which became |
| already too small with AVX512 support. Add a mechanism to |
| enforce strict checking of the sigaltstack size against the |
| real size of the FPU frame. This option enables the check |
| by default. It can also be controlled via the kernel command |
| line option 'strict_sas_size' independent of this config |
| switch. Enabling it might break existing applications which |
| allocate a too small sigaltstack but 'work' because they |
| never get a signal delivered. |
| |
| Say 'N' unless you want to really enforce this check. |
| |
| source "kernel/livepatch/Kconfig" |
| |
| endmenu |
| |
| config CC_HAS_NAMED_AS |
| def_bool CC_IS_GCC && GCC_VERSION >= 90100 |
| |
| config CC_HAS_NAMED_AS_FIXED_SANITIZERS |
| def_bool CC_IS_GCC && GCC_VERSION >= 130300 |
| |
| config USE_X86_SEG_SUPPORT |
| def_bool y |
| depends on CC_HAS_NAMED_AS |
| # |
| # -fsanitize=kernel-address (KASAN) and -fsanitize=thread |
| # (KCSAN) are incompatible with named address spaces with |
| # GCC < 13.3 - see GCC PR sanitizer/111736. |
| # |
| depends on !(KASAN || KCSAN) || CC_HAS_NAMED_AS_FIXED_SANITIZERS |
| |
| config CC_HAS_SLS |
| def_bool $(cc-option,-mharden-sls=all) |
| |
| config CC_HAS_RETURN_THUNK |
| def_bool $(cc-option,-mfunction-return=thunk-extern) |
| |
| config CC_HAS_ENTRY_PADDING |
| def_bool $(cc-option,-fpatchable-function-entry=16,16) |
| |
| config FUNCTION_PADDING_CFI |
| int |
| default 59 if FUNCTION_ALIGNMENT_64B |
| default 27 if FUNCTION_ALIGNMENT_32B |
| default 11 if FUNCTION_ALIGNMENT_16B |
| default 3 if FUNCTION_ALIGNMENT_8B |
| default 0 |
| |
| # Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG |
| # except Kconfig can't do arithmetic :/ |
| config FUNCTION_PADDING_BYTES |
| int |
| default FUNCTION_PADDING_CFI if CFI_CLANG |
| default FUNCTION_ALIGNMENT |
| |
| config CALL_PADDING |
| def_bool n |
| depends on CC_HAS_ENTRY_PADDING && OBJTOOL |
| select FUNCTION_ALIGNMENT_16B |
| |
| config FINEIBT |
| def_bool y |
| depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE |
| select CALL_PADDING |
| |
| config HAVE_CALL_THUNKS |
| def_bool y |
| depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL |
| |
| config CALL_THUNKS |
| def_bool n |
| select CALL_PADDING |
| |
| config PREFIX_SYMBOLS |
| def_bool y |
| depends on CALL_PADDING && !CFI_CLANG |
| |
| menuconfig CPU_MITIGATIONS |
| bool "Mitigations for CPU vulnerabilities" |
| default y |
| help |
| Say Y here to enable options which enable mitigations for hardware |
| vulnerabilities (usually related to speculative execution). |
| Mitigations can be disabled or restricted to SMT systems at runtime |
| via the "mitigations" kernel parameter. |
| |
| If you say N, all mitigations will be disabled. This CANNOT be |
| overridden at runtime. |
| |
| Say 'Y', unless you really know what you are doing. |
| |
| if CPU_MITIGATIONS |
| |
| config MITIGATION_PAGE_TABLE_ISOLATION |
| bool "Remove the kernel mapping in user mode" |
| default y |
| depends on (X86_64 || X86_PAE) |
| help |
| This feature reduces the number of hardware side channels by |
| ensuring that the majority of kernel addresses are not mapped |
| into userspace. |
| |
| See Documentation/arch/x86/pti.rst for more details. |
| |
| config MITIGATION_RETPOLINE |
| bool "Avoid speculative indirect branches in kernel" |
| select OBJTOOL if HAVE_OBJTOOL |
| default y |
| help |
| Compile kernel with the retpoline compiler options to guard against |
| kernel-to-user data leaks by avoiding speculative indirect |
| branches. Requires a compiler with -mindirect-branch=thunk-extern |
| support for full protection. The kernel may run slower. |
| |
| config MITIGATION_RETHUNK |
| bool "Enable return-thunks" |
| depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK |
| select OBJTOOL if HAVE_OBJTOOL |
| default y if X86_64 |
| help |
| Compile the kernel with the return-thunks compiler option to guard |
| against kernel-to-user data leaks by avoiding return speculation. |
| Requires a compiler with -mfunction-return=thunk-extern |
| support for full protection. The kernel may run slower. |
| |
| config MITIGATION_UNRET_ENTRY |
| bool "Enable UNRET on kernel entry" |
| depends on CPU_SUP_AMD && MITIGATION_RETHUNK && X86_64 |
| default y |
| help |
| Compile the kernel with support for the retbleed=unret mitigation. |
| |
| config MITIGATION_CALL_DEPTH_TRACKING |
| bool "Mitigate RSB underflow with call depth tracking" |
| depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS |
| select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE |
| select CALL_THUNKS |
| default y |
| help |
| Compile the kernel with call depth tracking to mitigate the Intel |
| SKL Return-Speculation-Buffer (RSB) underflow issue. The |
| mitigation is off by default and needs to be enabled on the |
| kernel command line via the retbleed=stuff option. For |
| non-affected systems the overhead of this option is marginal as |
| the call depth tracking is using run-time generated call thunks |
| in a compiler generated padding area and call patching. This |
| increases text size by ~5%. For non affected systems this space |
| is unused. On affected SKL systems this results in a significant |
| performance gain over the IBRS mitigation. |
| |
| config CALL_THUNKS_DEBUG |
| bool "Enable call thunks and call depth tracking debugging" |
| depends on MITIGATION_CALL_DEPTH_TRACKING |
| select FUNCTION_ALIGNMENT_32B |
| default n |
| help |
| Enable call/ret counters for imbalance detection and build in |
| a noisy dmesg about callthunks generation and call patching for |
| trouble shooting. The debug prints need to be enabled on the |
| kernel command line with 'debug-callthunks'. |
| Only enable this when you are debugging call thunks as this |
| creates a noticeable runtime overhead. If unsure say N. |
| |
| config MITIGATION_IBPB_ENTRY |
| bool "Enable IBPB on kernel entry" |
| depends on CPU_SUP_AMD && X86_64 |
| default y |
| help |
| Compile the kernel with support for the retbleed=ibpb mitigation. |
| |
| config MITIGATION_IBRS_ENTRY |
| bool "Enable IBRS on kernel entry" |
| depends on CPU_SUP_INTEL && X86_64 |
| default y |
| help |
| Compile the kernel with support for the spectre_v2=ibrs mitigation. |
| This mitigates both spectre_v2 and retbleed at great cost to |
| performance. |
| |
| config MITIGATION_SRSO |
| bool "Mitigate speculative RAS overflow on AMD" |
| depends on CPU_SUP_AMD && X86_64 && MITIGATION_RETHUNK |
| default y |
| help |
| Enable the SRSO mitigation needed on AMD Zen1-4 machines. |
| |
| config MITIGATION_SLS |
| bool "Mitigate Straight-Line-Speculation" |
| depends on CC_HAS_SLS && X86_64 |
| select OBJTOOL if HAVE_OBJTOOL |
| default n |
| help |
| Compile the kernel with straight-line-speculation options to guard |
| against straight line speculation. The kernel image might be slightly |
| larger. |
| |
| config MITIGATION_GDS_FORCE |
| bool "Force GDS Mitigation" |
| depends on CPU_SUP_INTEL |
| default n |
| help |
| Gather Data Sampling (GDS) is a hardware vulnerability which allows |
| unprivileged speculative access to data which was previously stored in |
| vector registers. |
| |
| This option is equivalent to setting gather_data_sampling=force on the |
| command line. The microcode mitigation is used if present, otherwise |
| AVX is disabled as a mitigation. On affected systems that are missing |
| the microcode any userspace code that unconditionally uses AVX will |
| break with this option set. |
| |
| Setting this option on systems not vulnerable to GDS has no effect. |
| |
| If in doubt, say N. |
| |
| config MITIGATION_RFDS |
| bool "RFDS Mitigation" |
| depends on CPU_SUP_INTEL |
| default y |
| help |
| Enable mitigation for Register File Data Sampling (RFDS) by default. |
| RFDS is a hardware vulnerability which affects Intel Atom CPUs. It |
| allows unprivileged speculative access to stale data previously |
| stored in floating point, vector and integer registers. |
| See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst> |
| |
| config MITIGATION_SPECTRE_BHI |
| bool "Mitigate Spectre-BHB (Branch History Injection)" |
| depends on CPU_SUP_INTEL |
| default y |
| help |
| Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks |
| where the branch history buffer is poisoned to speculatively steer |
| indirect branches. |
| See <file:Documentation/admin-guide/hw-vuln/spectre.rst> |
| |
| endif |
| |
| config ARCH_HAS_ADD_PAGES |
| def_bool y |
| depends on ARCH_ENABLE_MEMORY_HOTPLUG |
| |
| menu "Power management and ACPI options" |
| |
| config ARCH_HIBERNATION_HEADER |
| def_bool y |
| depends on HIBERNATION |
| |
| source "kernel/power/Kconfig" |
| |
| source "drivers/acpi/Kconfig" |
| |
| config X86_APM_BOOT |
| def_bool y |
| depends on APM |
| |
| menuconfig APM |
| tristate "APM (Advanced Power Management) BIOS support" |
| depends on X86_32 && PM_SLEEP |
| help |
| APM is a BIOS specification for saving power using several different |
| techniques. This is mostly useful for battery powered laptops with |
| APM compliant BIOSes. If you say Y here, the system time will be |
| reset after a RESUME operation, the /proc/apm device will provide |
| battery status information, and user-space programs will receive |
| notification of APM "events" (e.g. battery status change). |
| |
| If you select "Y" here, you can disable actual use of the APM |
| BIOS by passing the "apm=off" option to the kernel at boot time. |
| |
| Note that the APM support is almost completely disabled for |
| machines with more than one CPU. |
| |
| In order to use APM, you will need supporting software. For location |
| and more information, read <file:Documentation/power/apm-acpi.rst> |
| and the Battery Powered Linux mini-HOWTO, available from |
| <http://www.tldp.org/docs.html#howto>. |
| |
| This driver does not spin down disk drives (see the hdparm(8) |
| manpage ("man 8 hdparm") for that), and it doesn't turn off |
| VESA-compliant "green" monitors. |
| |
| This driver does not support the TI 4000M TravelMate and the ACER |
| 486/DX4/75 because they don't have compliant BIOSes. Many "green" |
| desktop machines also don't have compliant BIOSes, and this driver |
| may cause those machines to panic during the boot phase. |
| |
| Generally, if you don't have a battery in your machine, there isn't |
| much point in using this driver and you should say N. If you get |
| random kernel OOPSes or reboots that don't seem to be related to |
| anything, try disabling/enabling this option (or disabling/enabling |
| APM in your BIOS). |
| |
| Some other things you should try when experiencing seemingly random, |
| "weird" problems: |
| |
| 1) make sure that you have enough swap space and that it is |
| enabled. |
| 2) pass the "idle=poll" option to the kernel |
| 3) switch on floating point emulation in the kernel and pass |
| the "no387" option to the kernel |
| 4) pass the "floppy=nodma" option to the kernel |
| 5) pass the "mem=4M" option to the kernel (thereby disabling |
| all but the first 4 MB of RAM) |
| 6) make sure that the CPU is not over clocked. |
| 7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/> |
| 8) disable the cache from your BIOS settings |
| 9) install a fan for the video card or exchange video RAM |
| 10) install a better fan for the CPU |
| 11) exchange RAM chips |
| 12) exchange the motherboard. |
| |
| To compile this driver as a module, choose M here: the |
| module will be called apm. |
| |
| if APM |
| |
| config APM_IGNORE_USER_SUSPEND |
| bool "Ignore USER SUSPEND" |
| help |
| This option will ignore USER SUSPEND requests. On machines with a |
| compliant APM BIOS, you want to say N. However, on the NEC Versa M |
| series notebooks, it is necessary to say Y because of a BIOS bug. |
| |
| config APM_DO_ENABLE |
| bool "Enable PM at boot time" |
| help |
| Enable APM features at boot time. From page 36 of the APM BIOS |
| specification: "When disabled, the APM BIOS does not automatically |
| power manage devices, enter the Standby State, enter the Suspend |
| State, or take power saving steps in response to CPU Idle calls." |
| This driver will make CPU Idle calls when Linux is idle (unless this |
| feature is turned off -- see "Do CPU IDLE calls", below). This |
| should always save battery power, but more complicated APM features |
| will be dependent on your BIOS implementation. You may need to turn |
| this option off if your computer hangs at boot time when using APM |
| support, or if it beeps continuously instead of suspending. Turn |
| this off if you have a NEC UltraLite Versa 33/C or a Toshiba |
| T400CDT. This is off by default since most machines do fine without |
| this feature. |
| |
| config APM_CPU_IDLE |
| depends on CPU_IDLE |
| bool "Make CPU Idle calls when idle" |
| help |
| Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop. |
| On some machines, this can activate improved power savings, such as |
| a slowed CPU clock rate, when the machine is idle. These idle calls |
| are made after the idle loop has run for some length of time (e.g., |
| 333 mS). On some machines, this will cause a hang at boot time or |
| whenever the CPU becomes idle. (On machines with more than one CPU, |
| this option does nothing.) |
| |
| config APM_DISPLAY_BLANK |
| bool "Enable console blanking using APM" |
| help |
| Enable console blanking using the APM. Some laptops can use this to |
| turn off the LCD backlight when the screen blanker of the Linux |
| virtual console blanks the screen. Note that this is only used by |
| the virtual console screen blanker, and won't turn off the backlight |
| when using the X Window system. This also doesn't have anything to |
| do with your VESA-compliant power-saving monitor. Further, this |
| option doesn't work for all laptops -- it might not turn off your |
| backlight at all, or it might print a lot of errors to the console, |
| especially if you are using gpm. |
| |
| config APM_ALLOW_INTS |
| bool "Allow interrupts during APM BIOS calls" |
| help |
| Normally we disable external interrupts while we are making calls to |
| the APM BIOS as a measure to lessen the effects of a badly behaving |
| BIOS implementation. The BIOS should reenable interrupts if it |
| needs to. Unfortunately, some BIOSes do not -- especially those in |
| many of the newer IBM Thinkpads. If you experience hangs when you |
| suspend, try setting this to Y. Otherwise, say N. |
| |
| endif # APM |
| |
| source "drivers/cpufreq/Kconfig" |
| |
| source "drivers/cpuidle/Kconfig" |
| |
| source "drivers/idle/Kconfig" |
| |
| endmenu |
| |
| menu "Bus options (PCI etc.)" |
| |
| choice |
| prompt "PCI access mode" |
| depends on X86_32 && PCI |
| default PCI_GOANY |
| help |
| On PCI systems, the BIOS can be used to detect the PCI devices and |
| determine their configuration. However, some old PCI motherboards |
| have BIOS bugs and may crash if this is done. Also, some embedded |
| PCI-based systems don't have any BIOS at all. Linux can also try to |
| detect the PCI hardware directly without using the BIOS. |
| |
| With this option, you can specify how Linux should detect the |
| PCI devices. If you choose "BIOS", the BIOS will be used, |
| if you choose "Direct", the BIOS won't be used, and if you |
| choose "MMConfig", then PCI Express MMCONFIG will be used. |
| If you choose "Any", the kernel will try MMCONFIG, then the |
| direct access method and falls back to the BIOS if that doesn't |
| work. If unsure, go with the default, which is "Any". |
| |
| config PCI_GOBIOS |
| bool "BIOS" |
| |
| config PCI_GOMMCONFIG |
| bool "MMConfig" |
| |
| config PCI_GODIRECT |
| bool "Direct" |
| |
| config PCI_GOOLPC |
| bool "OLPC XO-1" |
| depends on OLPC |
| |
| config PCI_GOANY |
| bool "Any" |
| |
| endchoice |
| |
| config PCI_BIOS |
| def_bool y |
| depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY) |
| |
| # x86-64 doesn't support PCI BIOS access from long mode so always go direct. |
| config PCI_DIRECT |
| def_bool y |
| depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG)) |
| |
| config PCI_MMCONFIG |
| bool "Support mmconfig PCI config space access" if X86_64 |
| default y |
| depends on PCI && (ACPI || JAILHOUSE_GUEST) |
| depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG) |
| |
| config PCI_OLPC |
| def_bool y |
| depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY) |
| |
| config PCI_XEN |
| def_bool y |
| depends on PCI && XEN |
| |
| config MMCONF_FAM10H |
| def_bool y |
| depends on X86_64 && PCI_MMCONFIG && ACPI |
| |
| config PCI_CNB20LE_QUIRK |
| bool "Read CNB20LE Host Bridge Windows" if EXPERT |
| depends on PCI |
| help |
| Read the PCI windows out of the CNB20LE host bridge. This allows |
| PCI hotplug to work on systems with the CNB20LE chipset which do |
| not have ACPI. |
| |
| There's no public spec for this chipset, and this functionality |
| is known to be incomplete. |
| |
| You should say N unless you know you need this. |
| |
| config ISA_BUS |
| bool "ISA bus support on modern systems" if EXPERT |
| help |
| Expose ISA bus device drivers and options available for selection and |
| configuration. Enable this option if your target machine has an ISA |
| bus. ISA is an older system, displaced by PCI and newer bus |
| architectures -- if your target machine is modern, it probably does |
| not have an ISA bus. |
| |
| If unsure, say N. |
| |
| # x86_64 have no ISA slots, but can have ISA-style DMA. |
| config ISA_DMA_API |
| bool "ISA-style DMA support" if (X86_64 && EXPERT) |
| default y |
| help |
| Enables ISA-style DMA support for devices requiring such controllers. |
| If unsure, say Y. |
| |
| if X86_32 |
| |
| config ISA |
| bool "ISA support" |
| help |
| Find out whether you have ISA slots on your motherboard. ISA is the |
| name of a bus system, i.e. the way the CPU talks to the other stuff |
| inside your box. Other bus systems are PCI, EISA, MicroChannel |
| (MCA) or VESA. ISA is an older system, now being displaced by PCI; |
| newer boards don't support it. If you have ISA, say Y, otherwise N. |
| |
| config SCx200 |
| tristate "NatSemi SCx200 support" |
| help |
| This provides basic support for National Semiconductor's |
| (now AMD's) Geode processors. The driver probes for the |
| PCI-IDs of several on-chip devices, so its a good dependency |
| for other scx200_* drivers. |
| |
| If compiled as a module, the driver is named scx200. |
| |
| config SCx200HR_TIMER |
| tristate "NatSemi SCx200 27MHz High-Resolution Timer Support" |
| depends on SCx200 |
| default y |
| help |
| This driver provides a clocksource built upon the on-chip |
| 27MHz high-resolution timer. Its also a workaround for |
| NSC Geode SC-1100's buggy TSC, which loses time when the |
| processor goes idle (as is done by the scheduler). The |
| other workaround is idle=poll boot option. |
| |
| config OLPC |
| bool "One Laptop Per Child support" |
| depends on !X86_PAE |
| select GPIOLIB |
| select OF |
| select OF_PROMTREE |
| select IRQ_DOMAIN |
| select OLPC_EC |
| help |
| Add support for detecting the unique features of the OLPC |
| XO hardware. |
| |
| config OLPC_XO1_PM |
| bool "OLPC XO-1 Power Management" |
| depends on OLPC && MFD_CS5535=y && PM_SLEEP |
| help |
| Add support for poweroff and suspend of the OLPC XO-1 laptop. |
| |
| config OLPC_XO1_RTC |
| bool "OLPC XO-1 Real Time Clock" |
| depends on OLPC_XO1_PM && RTC_DRV_CMOS |
| help |
| Add support for the XO-1 real time clock, which can be used as a |
| programmable wakeup source. |
| |
| config OLPC_XO1_SCI |
| bool "OLPC XO-1 SCI extras" |
| depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y |
| depends on INPUT=y |
| select POWER_SUPPLY |
| help |
| Add support for SCI-based features of the OLPC XO-1 laptop: |
| - EC-driven system wakeups |
| - Power button |
| - Ebook switch |
| - Lid switch |
| - AC adapter status updates |
| - Battery status updates |
| |
| config OLPC_XO15_SCI |
| bool "OLPC XO-1.5 SCI extras" |
| depends on OLPC && ACPI |
| select POWER_SUPPLY |
| help |
| Add support for SCI-based features of the OLPC XO-1.5 laptop: |
| - EC-driven system wakeups |
| - AC adapter status updates |
| - Battery status updates |
| |
| config ALIX |
| bool "PCEngines ALIX System Support (LED setup)" |
| select GPIOLIB |
| help |
| This option enables system support for the PCEngines ALIX. |
| At present this just sets up LEDs for GPIO control on |
| ALIX2/3/6 boards. However, other system specific setup should |
| get added here. |
| |
| Note: You must still enable the drivers for GPIO and LED support |
| (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs |
| |
| Note: You have to set alix.force=1 for boards with Award BIOS. |
| |
| config NET5501 |
| bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)" |
| select GPIOLIB |
| help |
| This option enables system support for the Soekris Engineering net5501. |
| |
| config GEOS |
| bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)" |
| select GPIOLIB |
| depends on DMI |
| help |
| This option enables system support for the Traverse Technologies GEOS. |
| |
| config TS5500 |
| bool "Technologic Systems TS-5500 platform support" |
| depends on MELAN |
| select CHECK_SIGNATURE |
| select NEW_LEDS |
| select LEDS_CLASS |
| help |
| This option enables system support for the Technologic Systems TS-5500. |
| |
| endif # X86_32 |
| |
| config AMD_NB |
| def_bool y |
| depends on CPU_SUP_AMD && PCI |
| |
| endmenu |
| |
| menu "Binary Emulations" |
| |
| config IA32_EMULATION |
| bool "IA32 Emulation" |
| depends on X86_64 |
| select ARCH_WANT_OLD_COMPAT_IPC |
| select BINFMT_ELF |
| select COMPAT_OLD_SIGACTION |
| help |
| Include code to run legacy 32-bit programs under a |
| 64-bit kernel. You should likely turn this on, unless you're |
| 100% sure that you don't have any 32-bit programs left. |
| |
| config IA32_EMULATION_DEFAULT_DISABLED |
| bool "IA32 emulation disabled by default" |
| default n |
| depends on IA32_EMULATION |
| help |
| Make IA32 emulation disabled by default. This prevents loading 32-bit |
| processes and access to 32-bit syscalls. If unsure, leave it to its |
| default value. |
| |
| config X86_X32_ABI |
| bool "x32 ABI for 64-bit mode" |
| depends on X86_64 |
| # llvm-objcopy does not convert x86_64 .note.gnu.property or |
| # compressed debug sections to x86_x32 properly: |
| # https://github.com/ClangBuiltLinux/linux/issues/514 |
| # https://github.com/ClangBuiltLinux/linux/issues/1141 |
| depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm) |
| help |
| Include code to run binaries for the x32 native 32-bit ABI |
| for 64-bit processors. An x32 process gets access to the |
| full 64-bit register file and wide data path while leaving |
| pointers at 32 bits for smaller memory footprint. |
| |
| config COMPAT_32 |
| def_bool y |
| depends on IA32_EMULATION || X86_32 |
| select HAVE_UID16 |
| select OLD_SIGSUSPEND3 |
| |
| config COMPAT |
| def_bool y |
| depends on IA32_EMULATION || X86_X32_ABI |
| |
| config COMPAT_FOR_U64_ALIGNMENT |
| def_bool y |
| depends on COMPAT |
| |
| endmenu |
| |
| config HAVE_ATOMIC_IOMAP |
| def_bool y |
| depends on X86_32 |
| |
| source "arch/x86/kvm/Kconfig" |
| |
| source "arch/x86/Kconfig.assembler" |