mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-15 00:04:15 +08:00
c3056a7d14
Debuggers have guess the FPU buffer layout in core dumps, which is error prone. This is because AMD and Intel layouts differ. To avoid buggy heuristics add a ELF section which describes the buffer layout which can be retrieved by tools. -----BEGIN PGP SIGNATURE----- iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmbpOuwTHHRnbHhAbGlu dXRyb25peC5kZQAKCRCmGPVMDXSYoTRAEACGHPdAYFp5A396c9qUbHUE2gEKIad2 iuq15TZKLPY/LFqfTwnkp9/nqKtZ0gj4D6XCIucWZjwWJuPgvgGf/tC9Fk+H+C6X 9+rycP3GdqxU28qLxA428SN2Pg3lvqG4rryVWeHUXQ4x8A0DSMV+3pkNY5YgJ+2+ fTzNzVi2tkPRAXhKmj3EdcFcgDPiFQBMm1QNBpc+FqrXk4rjJb9Axln0oT8xemDv TtJ5BMhFpR73naaiS4IrK8Tk3oFCa8CmafCQfl1zAOor/+EemPQKwMuGeiXE7dLG eE+OTw5zuxYwlc9WoaPmM/ZiEc5JptpHQUtyHDBN7BaK87VKjsupAXXVOh6XMRCt R2coqq7fqDqMANwWpUKddky3vSwbst1GZpXGAENOy64yU4VoFutr616WSj3sJfUi knBauPqLAFeZLhMn/kKr5a0rBgm7VuQSlGPYEhqVdaM3Eb/zJEupFL/bTpqQbbz/ 8lo2hYcfDslhShcEZYBwm4eUg+ytZ96K3ciZ5YgNih9LFBxEOo0SY1CqbQJiRtpB 3DmgldYtzRdQq5/JtFGNv717uMESn5khG3qHUpXtrDhWfD8spMWiY1yO/cwWvLFJ ZS5ATp1dAt1Pbv2MC6r9jQBbW3V7xNNAOJdzUvIZPP04PKeV0ObFOplxhabOzUDj OLquyIrjpxeisg== =Vqqo -----END PGP SIGNATURE----- Merge tag 'x86-fpu-2024-09-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fpu updates from Thomas Gleixner: "Provide FPU buffer layout in core dumps: Debuggers have guess the FPU buffer layout in core dumps, which is error prone. This is because AMD and Intel layouts differ. To avoid buggy heuristics add a ELF section which describes the buffer layout which can be retrieved by tools" * tag 'x86-fpu-2024-09-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/elf: Add a new FPU buffer layout info to x86 core files
3182 lines
104 KiB
Plaintext
3182 lines
104 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
# Select 32 or 64 bit
|
|
config 64BIT
|
|
bool "64-bit kernel" if "$(ARCH)" = "x86"
|
|
default "$(ARCH)" != "i386"
|
|
help
|
|
Say yes to build a 64-bit kernel - formerly known as x86_64
|
|
Say no to build a 32-bit kernel - formerly known as i386
|
|
|
|
config X86_32
|
|
def_bool y
|
|
depends on !64BIT
|
|
# Options that are inherently 32-bit kernel only:
|
|
select ARCH_WANT_IPC_PARSE_VERSION
|
|
select CLKSRC_I8253
|
|
select CLONE_BACKWARDS
|
|
select GENERIC_VDSO_32
|
|
select HAVE_DEBUG_STACKOVERFLOW
|
|
select KMAP_LOCAL
|
|
select MODULES_USE_ELF_REL
|
|
select OLD_SIGACTION
|
|
select ARCH_SPLIT_ARG64
|
|
|
|
config X86_64
|
|
def_bool y
|
|
depends on 64BIT
|
|
# Options that are inherently 64-bit kernel only:
|
|
select ARCH_HAS_GIGANTIC_PAGE
|
|
select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
|
|
select ARCH_SUPPORTS_PER_VMA_LOCK
|
|
select HAVE_ARCH_SOFT_DIRTY
|
|
select MODULES_USE_ELF_RELA
|
|
select NEED_DMA_MAP_STATE
|
|
select SWIOTLB
|
|
select ARCH_HAS_ELFCORE_COMPAT
|
|
select ZONE_DMA32
|
|
select EXECMEM if DYNAMIC_FTRACE
|
|
|
|
config FORCE_DYNAMIC_FTRACE
|
|
def_bool y
|
|
depends on X86_32
|
|
depends on FUNCTION_TRACER
|
|
select DYNAMIC_FTRACE
|
|
help
|
|
We keep the static function tracing (!DYNAMIC_FTRACE) around
|
|
in order to test the non static function tracing in the
|
|
generic code, as other architectures still use it. But we
|
|
only need to keep it around for x86_64. No need to keep it
|
|
for x86_32. For x86_32, force DYNAMIC_FTRACE.
|
|
#
|
|
# Arch settings
|
|
#
|
|
# ( Note that options that are marked 'if X86_64' could in principle be
|
|
# ported to 32-bit as well. )
|
|
#
|
|
config X86
|
|
def_bool y
|
|
#
|
|
# Note: keep this list sorted alphabetically
|
|
#
|
|
select ACPI_LEGACY_TABLES_LOOKUP if ACPI
|
|
select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI
|
|
select ACPI_HOTPLUG_CPU if ACPI_PROCESSOR && HOTPLUG_CPU
|
|
select ARCH_32BIT_OFF_T if X86_32
|
|
select ARCH_CLOCKSOURCE_INIT
|
|
select ARCH_CONFIGURES_CPU_MITIGATIONS
|
|
select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
|
|
select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION
|
|
select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64
|
|
select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG
|
|
select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE)
|
|
select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE
|
|
select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
|
|
select ARCH_HAS_CACHE_LINE_SIZE
|
|
select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION
|
|
select ARCH_HAS_CPU_FINALIZE_INIT
|
|
select ARCH_HAS_CPU_PASID if IOMMU_SVA
|
|
select ARCH_HAS_CURRENT_STACK_POINTER
|
|
select ARCH_HAS_DEBUG_VIRTUAL
|
|
select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE
|
|
select ARCH_HAS_DEVMEM_IS_ALLOWED
|
|
select ARCH_HAS_EARLY_DEBUG if KGDB
|
|
select ARCH_HAS_ELF_RANDOMIZE
|
|
select ARCH_HAS_FAST_MULTIPLIER
|
|
select ARCH_HAS_FORTIFY_SOURCE
|
|
select ARCH_HAS_GCOV_PROFILE_ALL
|
|
select ARCH_HAS_KCOV if X86_64
|
|
select ARCH_HAS_KERNEL_FPU_SUPPORT
|
|
select ARCH_HAS_MEM_ENCRYPT
|
|
select ARCH_HAS_MEMBARRIER_SYNC_CORE
|
|
select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS
|
|
select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
|
|
select ARCH_HAS_PMEM_API if X86_64
|
|
select ARCH_HAS_PTE_DEVMAP if X86_64
|
|
select ARCH_HAS_PTE_SPECIAL
|
|
select ARCH_HAS_HW_PTE_YOUNG
|
|
select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2
|
|
select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64
|
|
select ARCH_HAS_COPY_MC if X86_64
|
|
select ARCH_HAS_SET_MEMORY
|
|
select ARCH_HAS_SET_DIRECT_MAP
|
|
select ARCH_HAS_STRICT_KERNEL_RWX
|
|
select ARCH_HAS_STRICT_MODULE_RWX
|
|
select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
|
|
select ARCH_HAS_SYSCALL_WRAPPER
|
|
select ARCH_HAS_UBSAN
|
|
select ARCH_HAS_DEBUG_WX
|
|
select ARCH_HAS_ZONE_DMA_SET if EXPERT
|
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
|
select ARCH_HAVE_EXTRA_ELF_NOTES
|
|
select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE
|
|
select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
|
|
select ARCH_MIGHT_HAVE_PC_PARPORT
|
|
select ARCH_MIGHT_HAVE_PC_SERIO
|
|
select ARCH_STACKWALK
|
|
select ARCH_SUPPORTS_ACPI
|
|
select ARCH_SUPPORTS_ATOMIC_RMW
|
|
select ARCH_SUPPORTS_DEBUG_PAGEALLOC
|
|
select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64
|
|
select ARCH_SUPPORTS_NUMA_BALANCING if X86_64
|
|
select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096
|
|
select ARCH_SUPPORTS_CFI_CLANG if X86_64
|
|
select ARCH_USES_CFI_TRAPS if X86_64 && CFI_CLANG
|
|
select ARCH_SUPPORTS_LTO_CLANG
|
|
select ARCH_SUPPORTS_LTO_CLANG_THIN
|
|
select ARCH_USE_BUILTIN_BSWAP
|
|
select ARCH_USE_CMPXCHG_LOCKREF if X86_CMPXCHG64
|
|
select ARCH_USE_MEMTEST
|
|
select ARCH_USE_QUEUED_RWLOCKS
|
|
select ARCH_USE_QUEUED_SPINLOCKS
|
|
select ARCH_USE_SYM_ANNOTATIONS
|
|
select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
|
|
select ARCH_WANT_DEFAULT_BPF_JIT if X86_64
|
|
select ARCH_WANTS_DYNAMIC_TASK_STRUCT
|
|
select ARCH_WANTS_NO_INSTR
|
|
select ARCH_WANT_GENERAL_HUGETLB
|
|
select ARCH_WANT_HUGE_PMD_SHARE
|
|
select ARCH_WANT_LD_ORPHAN_WARN
|
|
select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64
|
|
select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64
|
|
select ARCH_WANTS_THP_SWAP if X86_64
|
|
select ARCH_HAS_PARANOID_L1D_FLUSH
|
|
select BUILDTIME_TABLE_SORT
|
|
select CLKEVT_I8253
|
|
select CLOCKSOURCE_VALIDATE_LAST_CYCLE
|
|
select CLOCKSOURCE_WATCHDOG
|
|
# Word-size accesses may read uninitialized data past the trailing \0
|
|
# in strings and cause false KMSAN reports.
|
|
select DCACHE_WORD_ACCESS if !KMSAN
|
|
select DYNAMIC_SIGFRAME
|
|
select EDAC_ATOMIC_SCRUB
|
|
select EDAC_SUPPORT
|
|
select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC)
|
|
select GENERIC_CLOCKEVENTS_BROADCAST_IDLE if GENERIC_CLOCKEVENTS_BROADCAST
|
|
select GENERIC_CLOCKEVENTS_MIN_ADJUST
|
|
select GENERIC_CMOS_UPDATE
|
|
select GENERIC_CPU_AUTOPROBE
|
|
select GENERIC_CPU_DEVICES
|
|
select GENERIC_CPU_VULNERABILITIES
|
|
select GENERIC_EARLY_IOREMAP
|
|
select GENERIC_ENTRY
|
|
select GENERIC_IOMAP
|
|
select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP
|
|
select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC
|
|
select GENERIC_IRQ_MIGRATION if SMP
|
|
select GENERIC_IRQ_PROBE
|
|
select GENERIC_IRQ_RESERVATION_MODE
|
|
select GENERIC_IRQ_SHOW
|
|
select GENERIC_PENDING_IRQ if SMP
|
|
select GENERIC_PTDUMP
|
|
select GENERIC_SMP_IDLE_THREAD
|
|
select GENERIC_TIME_VSYSCALL
|
|
select GENERIC_GETTIMEOFDAY
|
|
select GENERIC_VDSO_TIME_NS
|
|
select GENERIC_VDSO_OVERFLOW_PROTECT
|
|
select GUP_GET_PXX_LOW_HIGH if X86_PAE
|
|
select HARDIRQS_SW_RESEND
|
|
select HARDLOCKUP_CHECK_TIMESTAMP if X86_64
|
|
select HAS_IOPORT
|
|
select HAVE_ACPI_APEI if ACPI
|
|
select HAVE_ACPI_APEI_NMI if ACPI
|
|
select HAVE_ALIGNED_STRUCT_PAGE
|
|
select HAVE_ARCH_AUDITSYSCALL
|
|
select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE
|
|
select HAVE_ARCH_HUGE_VMALLOC if X86_64
|
|
select HAVE_ARCH_JUMP_LABEL
|
|
select HAVE_ARCH_JUMP_LABEL_RELATIVE
|
|
select HAVE_ARCH_KASAN if X86_64
|
|
select HAVE_ARCH_KASAN_VMALLOC if X86_64
|
|
select HAVE_ARCH_KFENCE
|
|
select HAVE_ARCH_KMSAN if X86_64
|
|
select HAVE_ARCH_KGDB
|
|
select HAVE_ARCH_MMAP_RND_BITS if MMU
|
|
select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT
|
|
select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT
|
|
select HAVE_ARCH_PREL32_RELOCATIONS
|
|
select HAVE_ARCH_SECCOMP_FILTER
|
|
select HAVE_ARCH_THREAD_STRUCT_WHITELIST
|
|
select HAVE_ARCH_STACKLEAK
|
|
select HAVE_ARCH_TRACEHOOK
|
|
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
|
|
select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
|
|
select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD
|
|
select HAVE_ARCH_USERFAULTFD_MINOR if X86_64 && USERFAULTFD
|
|
select HAVE_ARCH_VMAP_STACK if X86_64
|
|
select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
|
|
select HAVE_ARCH_WITHIN_STACK_FRAMES
|
|
select HAVE_ASM_MODVERSIONS
|
|
select HAVE_CMPXCHG_DOUBLE
|
|
select HAVE_CMPXCHG_LOCAL
|
|
select HAVE_CONTEXT_TRACKING_USER if X86_64
|
|
select HAVE_CONTEXT_TRACKING_USER_OFFSTACK if HAVE_CONTEXT_TRACKING_USER
|
|
select HAVE_C_RECORDMCOUNT
|
|
select HAVE_OBJTOOL_MCOUNT if HAVE_OBJTOOL
|
|
select HAVE_OBJTOOL_NOP_MCOUNT if HAVE_OBJTOOL_MCOUNT
|
|
select HAVE_BUILDTIME_MCOUNT_SORT
|
|
select HAVE_DEBUG_KMEMLEAK
|
|
select HAVE_DMA_CONTIGUOUS
|
|
select HAVE_DYNAMIC_FTRACE
|
|
select HAVE_DYNAMIC_FTRACE_WITH_REGS
|
|
select HAVE_DYNAMIC_FTRACE_WITH_ARGS if X86_64
|
|
select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
|
|
select HAVE_SAMPLE_FTRACE_DIRECT if X86_64
|
|
select HAVE_SAMPLE_FTRACE_DIRECT_MULTI if X86_64
|
|
select HAVE_EBPF_JIT
|
|
select HAVE_EFFICIENT_UNALIGNED_ACCESS
|
|
select HAVE_EISA
|
|
select HAVE_EXIT_THREAD
|
|
select HAVE_GUP_FAST
|
|
select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE
|
|
select HAVE_FTRACE_MCOUNT_RECORD
|
|
select HAVE_FUNCTION_GRAPH_RETVAL if HAVE_FUNCTION_GRAPH_TRACER
|
|
select HAVE_FUNCTION_GRAPH_TRACER if X86_32 || (X86_64 && DYNAMIC_FTRACE)
|
|
select HAVE_FUNCTION_TRACER
|
|
select HAVE_GCC_PLUGINS
|
|
select HAVE_HW_BREAKPOINT
|
|
select HAVE_IOREMAP_PROT
|
|
select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
|
|
select HAVE_IRQ_TIME_ACCOUNTING
|
|
select HAVE_JUMP_LABEL_HACK if HAVE_OBJTOOL
|
|
select HAVE_KERNEL_BZIP2
|
|
select HAVE_KERNEL_GZIP
|
|
select HAVE_KERNEL_LZ4
|
|
select HAVE_KERNEL_LZMA
|
|
select HAVE_KERNEL_LZO
|
|
select HAVE_KERNEL_XZ
|
|
select HAVE_KERNEL_ZSTD
|
|
select HAVE_KPROBES
|
|
select HAVE_KPROBES_ON_FTRACE
|
|
select HAVE_FUNCTION_ERROR_INJECTION
|
|
select HAVE_KRETPROBES
|
|
select HAVE_RETHOOK
|
|
select HAVE_LIVEPATCH if X86_64
|
|
select HAVE_MIXED_BREAKPOINTS_REGS
|
|
select HAVE_MOD_ARCH_SPECIFIC
|
|
select HAVE_MOVE_PMD
|
|
select HAVE_MOVE_PUD
|
|
select HAVE_NOINSTR_HACK if HAVE_OBJTOOL
|
|
select HAVE_NMI
|
|
select HAVE_NOINSTR_VALIDATION if HAVE_OBJTOOL
|
|
select HAVE_OBJTOOL if X86_64
|
|
select HAVE_OPTPROBES
|
|
select HAVE_PAGE_SIZE_4KB
|
|
select HAVE_PCSPKR_PLATFORM
|
|
select HAVE_PERF_EVENTS
|
|
select HAVE_PERF_EVENTS_NMI
|
|
select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
|
|
select HAVE_PCI
|
|
select HAVE_PERF_REGS
|
|
select HAVE_PERF_USER_STACK_DUMP
|
|
select MMU_GATHER_RCU_TABLE_FREE if PARAVIRT
|
|
select MMU_GATHER_MERGE_VMAS
|
|
select HAVE_POSIX_CPU_TIMERS_TASK_WORK
|
|
select HAVE_REGS_AND_STACK_ACCESS_API
|
|
select HAVE_RELIABLE_STACKTRACE if UNWINDER_ORC || STACK_VALIDATION
|
|
select HAVE_FUNCTION_ARG_ACCESS_API
|
|
select HAVE_SETUP_PER_CPU_AREA
|
|
select HAVE_SOFTIRQ_ON_OWN_STACK
|
|
select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR
|
|
select HAVE_STACK_VALIDATION if HAVE_OBJTOOL
|
|
select HAVE_STATIC_CALL
|
|
select HAVE_STATIC_CALL_INLINE if HAVE_OBJTOOL
|
|
select HAVE_PREEMPT_DYNAMIC_CALL
|
|
select HAVE_RSEQ
|
|
select HAVE_RUST if X86_64
|
|
select HAVE_SYSCALL_TRACEPOINTS
|
|
select HAVE_UACCESS_VALIDATION if HAVE_OBJTOOL
|
|
select HAVE_UNSTABLE_SCHED_CLOCK
|
|
select HAVE_USER_RETURN_NOTIFIER
|
|
select HAVE_GENERIC_VDSO
|
|
select VDSO_GETRANDOM if X86_64
|
|
select HOTPLUG_PARALLEL if SMP && X86_64
|
|
select HOTPLUG_SMT if SMP
|
|
select HOTPLUG_SPLIT_STARTUP if SMP && X86_32
|
|
select IRQ_FORCED_THREADING
|
|
select LOCK_MM_AND_FIND_VMA
|
|
select NEED_PER_CPU_EMBED_FIRST_CHUNK
|
|
select NEED_PER_CPU_PAGE_FIRST_CHUNK
|
|
select NEED_SG_DMA_LENGTH
|
|
select PCI_DOMAINS if PCI
|
|
select PCI_LOCKLESS_CONFIG if PCI
|
|
select PERF_EVENTS
|
|
select RTC_LIB
|
|
select RTC_MC146818_LIB
|
|
select SPARSE_IRQ
|
|
select SYSCTL_EXCEPTION_TRACE
|
|
select THREAD_INFO_IN_TASK
|
|
select TRACE_IRQFLAGS_SUPPORT
|
|
select TRACE_IRQFLAGS_NMI_SUPPORT
|
|
select USER_STACKTRACE_SUPPORT
|
|
select HAVE_ARCH_KCSAN if X86_64
|
|
select PROC_PID_ARCH_STATUS if PROC_FS
|
|
select HAVE_ARCH_NODE_DEV_GROUP if X86_SGX
|
|
select FUNCTION_ALIGNMENT_16B if X86_64 || X86_ALIGNMENT_16
|
|
select FUNCTION_ALIGNMENT_4B
|
|
imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI
|
|
select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
|
|
|
|
config INSTRUCTION_DECODER
|
|
def_bool y
|
|
depends on KPROBES || PERF_EVENTS || UPROBES
|
|
|
|
config OUTPUT_FORMAT
|
|
string
|
|
default "elf32-i386" if X86_32
|
|
default "elf64-x86-64" if X86_64
|
|
|
|
config LOCKDEP_SUPPORT
|
|
def_bool y
|
|
|
|
config STACKTRACE_SUPPORT
|
|
def_bool y
|
|
|
|
config MMU
|
|
def_bool y
|
|
|
|
config ARCH_MMAP_RND_BITS_MIN
|
|
default 28 if 64BIT
|
|
default 8
|
|
|
|
config ARCH_MMAP_RND_BITS_MAX
|
|
default 32 if 64BIT
|
|
default 16
|
|
|
|
config ARCH_MMAP_RND_COMPAT_BITS_MIN
|
|
default 8
|
|
|
|
config ARCH_MMAP_RND_COMPAT_BITS_MAX
|
|
default 16
|
|
|
|
config SBUS
|
|
bool
|
|
|
|
config GENERIC_ISA_DMA
|
|
def_bool y
|
|
depends on ISA_DMA_API
|
|
|
|
config GENERIC_CSUM
|
|
bool
|
|
default y if KMSAN || KASAN
|
|
|
|
config GENERIC_BUG
|
|
def_bool y
|
|
depends on BUG
|
|
select GENERIC_BUG_RELATIVE_POINTERS if X86_64
|
|
|
|
config GENERIC_BUG_RELATIVE_POINTERS
|
|
bool
|
|
|
|
config ARCH_MAY_HAVE_PC_FDC
|
|
def_bool y
|
|
depends on ISA_DMA_API
|
|
|
|
config GENERIC_CALIBRATE_DELAY
|
|
def_bool y
|
|
|
|
config ARCH_HAS_CPU_RELAX
|
|
def_bool y
|
|
|
|
config ARCH_HIBERNATION_POSSIBLE
|
|
def_bool y
|
|
|
|
config ARCH_SUSPEND_POSSIBLE
|
|
def_bool y
|
|
|
|
config AUDIT_ARCH
|
|
def_bool y if X86_64
|
|
|
|
config KASAN_SHADOW_OFFSET
|
|
hex
|
|
depends on KASAN
|
|
default 0xdffffc0000000000
|
|
|
|
config HAVE_INTEL_TXT
|
|
def_bool y
|
|
depends on INTEL_IOMMU && ACPI
|
|
|
|
config X86_64_SMP
|
|
def_bool y
|
|
depends on X86_64 && SMP
|
|
|
|
config ARCH_SUPPORTS_UPROBES
|
|
def_bool y
|
|
|
|
config FIX_EARLYCON_MEM
|
|
def_bool y
|
|
|
|
config DYNAMIC_PHYSICAL_MASK
|
|
bool
|
|
|
|
config PGTABLE_LEVELS
|
|
int
|
|
default 5 if X86_5LEVEL
|
|
default 4 if X86_64
|
|
default 3 if X86_PAE
|
|
default 2
|
|
|
|
config CC_HAS_SANE_STACKPROTECTOR
|
|
bool
|
|
default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT
|
|
default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS))
|
|
help
|
|
We have to make sure stack protector is unconditionally disabled if
|
|
the compiler produces broken code or if it does not let us control
|
|
the segment on 32-bit kernels.
|
|
|
|
menu "Processor type and features"
|
|
|
|
config SMP
|
|
bool "Symmetric multi-processing support"
|
|
help
|
|
This enables support for systems with more than one CPU. If you have
|
|
a system with only one CPU, say N. If you have a system with more
|
|
than one CPU, say Y.
|
|
|
|
If you say N here, the kernel will run on uni- and multiprocessor
|
|
machines, but will use only one CPU of a multiprocessor machine. If
|
|
you say Y here, the kernel will run on many, but not all,
|
|
uniprocessor machines. On a uniprocessor machine, the kernel
|
|
will run faster if you say N here.
|
|
|
|
Note that if you say Y here and choose architecture "586" or
|
|
"Pentium" under "Processor family", the kernel will not work on 486
|
|
architectures. Similarly, multiprocessor kernels for the "PPro"
|
|
architecture may not work on all Pentium based boards.
|
|
|
|
People using multiprocessor machines who say Y here should also say
|
|
Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
|
|
Management" code will be disabled if you say Y here.
|
|
|
|
See also <file:Documentation/arch/x86/i386/IO-APIC.rst>,
|
|
<file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
|
|
<http://www.tldp.org/docs.html#howto>.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config X86_X2APIC
|
|
bool "Support x2apic"
|
|
depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
|
|
help
|
|
This enables x2apic support on CPUs that have this feature.
|
|
|
|
This allows 32-bit apic IDs (so it can support very large systems),
|
|
and accesses the local apic via MSRs not via mmio.
|
|
|
|
Some Intel systems circa 2022 and later are locked into x2APIC mode
|
|
and can not fall back to the legacy APIC modes if SGX or TDX are
|
|
enabled in the BIOS. They will boot with very reduced functionality
|
|
without enabling this option.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config X86_POSTED_MSI
|
|
bool "Enable MSI and MSI-x delivery by posted interrupts"
|
|
depends on X86_64 && IRQ_REMAP
|
|
help
|
|
This enables MSIs that are under interrupt remapping to be delivered as
|
|
posted interrupts to the host kernel. Interrupt throughput can
|
|
potentially be improved by coalescing CPU notifications during high
|
|
frequency bursts.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config X86_MPPARSE
|
|
bool "Enable MPS table" if ACPI
|
|
default y
|
|
depends on X86_LOCAL_APIC
|
|
help
|
|
For old smp systems that do not have proper acpi support. Newer systems
|
|
(esp with 64bit cpus) with acpi support, MADT and DSDT will override it
|
|
|
|
config X86_CPU_RESCTRL
|
|
bool "x86 CPU resource control support"
|
|
depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
|
|
select KERNFS
|
|
select PROC_CPU_RESCTRL if PROC_FS
|
|
help
|
|
Enable x86 CPU resource control support.
|
|
|
|
Provide support for the allocation and monitoring of system resources
|
|
usage by the CPU.
|
|
|
|
Intel calls this Intel Resource Director Technology
|
|
(Intel(R) RDT). More information about RDT can be found in the
|
|
Intel x86 Architecture Software Developer Manual.
|
|
|
|
AMD calls this AMD Platform Quality of Service (AMD QoS).
|
|
More information about AMD QoS can be found in the AMD64 Technology
|
|
Platform Quality of Service Extensions manual.
|
|
|
|
Say N if unsure.
|
|
|
|
config X86_FRED
|
|
bool "Flexible Return and Event Delivery"
|
|
depends on X86_64
|
|
help
|
|
When enabled, try to use Flexible Return and Event Delivery
|
|
instead of the legacy SYSCALL/SYSENTER/IDT architecture for
|
|
ring transitions and exception/interrupt handling if the
|
|
system supports it.
|
|
|
|
config X86_BIGSMP
|
|
bool "Support for big SMP systems with more than 8 CPUs"
|
|
depends on SMP && X86_32
|
|
help
|
|
This option is needed for the systems that have more than 8 CPUs.
|
|
|
|
config X86_EXTENDED_PLATFORM
|
|
bool "Support for extended (non-PC) x86 platforms"
|
|
default y
|
|
help
|
|
If you disable this option then the kernel will only support
|
|
standard PC platforms. (which covers the vast majority of
|
|
systems out there.)
|
|
|
|
If you enable this option then you'll be able to select support
|
|
for the following non-PC x86 platforms, depending on the value of
|
|
CONFIG_64BIT.
|
|
|
|
32-bit platforms (CONFIG_64BIT=n):
|
|
Goldfish (Android emulator)
|
|
AMD Elan
|
|
RDC R-321x SoC
|
|
SGI 320/540 (Visual Workstation)
|
|
STA2X11-based (e.g. Northville)
|
|
Moorestown MID devices
|
|
|
|
64-bit platforms (CONFIG_64BIT=y):
|
|
Numascale NumaChip
|
|
ScaleMP vSMP
|
|
SGI Ultraviolet
|
|
|
|
If you have one of these systems, or if you want to build a
|
|
generic distribution kernel, say Y here - otherwise say N.
|
|
|
|
# This is an alphabetically sorted list of 64 bit extended platforms
|
|
# Please maintain the alphabetic order if and when there are additions
|
|
config X86_NUMACHIP
|
|
bool "Numascale NumaChip"
|
|
depends on X86_64
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on NUMA
|
|
depends on SMP
|
|
depends on X86_X2APIC
|
|
depends on PCI_MMCONFIG
|
|
help
|
|
Adds support for Numascale NumaChip large-SMP systems. Needed to
|
|
enable more than ~168 cores.
|
|
If you don't have one of these, you should say N here.
|
|
|
|
config X86_VSMP
|
|
bool "ScaleMP vSMP"
|
|
select HYPERVISOR_GUEST
|
|
select PARAVIRT
|
|
depends on X86_64 && PCI
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on SMP
|
|
help
|
|
Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is
|
|
supposed to run on these EM64T-based machines. Only choose this option
|
|
if you have one of these machines.
|
|
|
|
config X86_UV
|
|
bool "SGI Ultraviolet"
|
|
depends on X86_64
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on NUMA
|
|
depends on EFI
|
|
depends on KEXEC_CORE
|
|
depends on X86_X2APIC
|
|
depends on PCI
|
|
help
|
|
This option is needed in order to support SGI Ultraviolet systems.
|
|
If you don't have one of these, you should say N here.
|
|
|
|
# Following is an alphabetically sorted list of 32 bit extended platforms
|
|
# Please maintain the alphabetic order if and when there are additions
|
|
|
|
config X86_GOLDFISH
|
|
bool "Goldfish (Virtual Platform)"
|
|
depends on X86_EXTENDED_PLATFORM
|
|
help
|
|
Enable support for the Goldfish virtual platform used primarily
|
|
for Android development. Unless you are building for the Android
|
|
Goldfish emulator say N here.
|
|
|
|
config X86_INTEL_CE
|
|
bool "CE4100 TV platform"
|
|
depends on PCI
|
|
depends on PCI_GODIRECT
|
|
depends on X86_IO_APIC
|
|
depends on X86_32
|
|
depends on X86_EXTENDED_PLATFORM
|
|
select X86_REBOOTFIXUPS
|
|
select OF
|
|
select OF_EARLY_FLATTREE
|
|
help
|
|
Select for the Intel CE media processor (CE4100) SOC.
|
|
This option compiles in support for the CE4100 SOC for settop
|
|
boxes and media devices.
|
|
|
|
config X86_INTEL_MID
|
|
bool "Intel MID platform support"
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on X86_PLATFORM_DEVICES
|
|
depends on PCI
|
|
depends on X86_64 || (PCI_GOANY && X86_32)
|
|
depends on X86_IO_APIC
|
|
select I2C
|
|
select DW_APB_TIMER
|
|
select INTEL_SCU_PCI
|
|
help
|
|
Select to build a kernel capable of supporting Intel MID (Mobile
|
|
Internet Device) platform systems which do not have the PCI legacy
|
|
interfaces. If you are building for a PC class system say N here.
|
|
|
|
Intel MID platforms are based on an Intel processor and chipset which
|
|
consume less power than most of the x86 derivatives.
|
|
|
|
config X86_INTEL_QUARK
|
|
bool "Intel Quark platform support"
|
|
depends on X86_32
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on X86_PLATFORM_DEVICES
|
|
depends on X86_TSC
|
|
depends on PCI
|
|
depends on PCI_GOANY
|
|
depends on X86_IO_APIC
|
|
select IOSF_MBI
|
|
select INTEL_IMR
|
|
select COMMON_CLK
|
|
help
|
|
Select to include support for Quark X1000 SoC.
|
|
Say Y here if you have a Quark based system such as the Arduino
|
|
compatible Intel Galileo.
|
|
|
|
config X86_INTEL_LPSS
|
|
bool "Intel Low Power Subsystem Support"
|
|
depends on X86 && ACPI && PCI
|
|
select COMMON_CLK
|
|
select PINCTRL
|
|
select IOSF_MBI
|
|
help
|
|
Select to build support for Intel Low Power Subsystem such as
|
|
found on Intel Lynxpoint PCH. Selecting this option enables
|
|
things like clock tree (common clock framework) and pincontrol
|
|
which are needed by the LPSS peripheral drivers.
|
|
|
|
config X86_AMD_PLATFORM_DEVICE
|
|
bool "AMD ACPI2Platform devices support"
|
|
depends on ACPI
|
|
select COMMON_CLK
|
|
select PINCTRL
|
|
help
|
|
Select to interpret AMD specific ACPI device to platform device
|
|
such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
|
|
I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
|
|
implemented under PINCTRL subsystem.
|
|
|
|
config IOSF_MBI
|
|
tristate "Intel SoC IOSF Sideband support for SoC platforms"
|
|
depends on PCI
|
|
help
|
|
This option enables sideband register access support for Intel SoC
|
|
platforms. On these platforms the IOSF sideband is used in lieu of
|
|
MSR's for some register accesses, mostly but not limited to thermal
|
|
and power. Drivers may query the availability of this device to
|
|
determine if they need the sideband in order to work on these
|
|
platforms. The sideband is available on the following SoC products.
|
|
This list is not meant to be exclusive.
|
|
- BayTrail
|
|
- Braswell
|
|
- Quark
|
|
|
|
You should say Y if you are running a kernel on one of these SoC's.
|
|
|
|
config IOSF_MBI_DEBUG
|
|
bool "Enable IOSF sideband access through debugfs"
|
|
depends on IOSF_MBI && DEBUG_FS
|
|
help
|
|
Select this option to expose the IOSF sideband access registers (MCR,
|
|
MDR, MCRX) through debugfs to write and read register information from
|
|
different units on the SoC. This is most useful for obtaining device
|
|
state information for debug and analysis. As this is a general access
|
|
mechanism, users of this option would have specific knowledge of the
|
|
device they want to access.
|
|
|
|
If you don't require the option or are in doubt, say N.
|
|
|
|
config X86_RDC321X
|
|
bool "RDC R-321x SoC"
|
|
depends on X86_32
|
|
depends on X86_EXTENDED_PLATFORM
|
|
select M486
|
|
select X86_REBOOTFIXUPS
|
|
help
|
|
This option is needed for RDC R-321x system-on-chip, also known
|
|
as R-8610-(G).
|
|
If you don't have one of these chips, you should say N here.
|
|
|
|
config X86_32_NON_STANDARD
|
|
bool "Support non-standard 32-bit SMP architectures"
|
|
depends on X86_32 && SMP
|
|
depends on X86_EXTENDED_PLATFORM
|
|
help
|
|
This option compiles in the bigsmp and STA2X11 default
|
|
subarchitectures. It is intended for a generic binary
|
|
kernel. If you select them all, kernel will probe it one by
|
|
one and will fallback to default.
|
|
|
|
# Alphabetically sorted list of Non standard 32 bit platforms
|
|
|
|
config X86_SUPPORTS_MEMORY_FAILURE
|
|
def_bool y
|
|
# MCE code calls memory_failure():
|
|
depends on X86_MCE
|
|
# On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
|
|
# On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
|
|
depends on X86_64 || !SPARSEMEM
|
|
select ARCH_SUPPORTS_MEMORY_FAILURE
|
|
|
|
config STA2X11
|
|
bool "STA2X11 Companion Chip Support"
|
|
depends on X86_32_NON_STANDARD && PCI
|
|
select SWIOTLB
|
|
select MFD_STA2X11
|
|
select GPIOLIB
|
|
help
|
|
This adds support for boards based on the STA2X11 IO-Hub,
|
|
a.k.a. "ConneXt". The chip is used in place of the standard
|
|
PC chipset, so all "standard" peripherals are missing. If this
|
|
option is selected the kernel will still be able to boot on
|
|
standard PC machines.
|
|
|
|
config X86_32_IRIS
|
|
tristate "Eurobraille/Iris poweroff module"
|
|
depends on X86_32
|
|
help
|
|
The Iris machines from EuroBraille do not have APM or ACPI support
|
|
to shut themselves down properly. A special I/O sequence is
|
|
needed to do so, which is what this module does at
|
|
kernel shutdown.
|
|
|
|
This is only for Iris machines from EuroBraille.
|
|
|
|
If unused, say N.
|
|
|
|
config SCHED_OMIT_FRAME_POINTER
|
|
def_bool y
|
|
prompt "Single-depth WCHAN output"
|
|
depends on X86
|
|
help
|
|
Calculate simpler /proc/<PID>/wchan values. If this option
|
|
is disabled then wchan values will recurse back to the
|
|
caller function. This provides more accurate wchan values,
|
|
at the expense of slightly more scheduling overhead.
|
|
|
|
If in doubt, say "Y".
|
|
|
|
menuconfig HYPERVISOR_GUEST
|
|
bool "Linux guest support"
|
|
help
|
|
Say Y here to enable options for running Linux under various hyper-
|
|
visors. This option enables basic hypervisor detection and platform
|
|
setup.
|
|
|
|
If you say N, all options in this submenu will be skipped and
|
|
disabled, and Linux guest support won't be built in.
|
|
|
|
if HYPERVISOR_GUEST
|
|
|
|
config PARAVIRT
|
|
bool "Enable paravirtualization code"
|
|
depends on HAVE_STATIC_CALL
|
|
help
|
|
This changes the kernel so it can modify itself when it is run
|
|
under a hypervisor, potentially improving performance significantly
|
|
over full virtualization. However, when run without a hypervisor
|
|
the kernel is theoretically slower and slightly larger.
|
|
|
|
config PARAVIRT_XXL
|
|
bool
|
|
|
|
config PARAVIRT_DEBUG
|
|
bool "paravirt-ops debugging"
|
|
depends on PARAVIRT && DEBUG_KERNEL
|
|
help
|
|
Enable to debug paravirt_ops internals. Specifically, BUG if
|
|
a paravirt_op is missing when it is called.
|
|
|
|
config PARAVIRT_SPINLOCKS
|
|
bool "Paravirtualization layer for spinlocks"
|
|
depends on PARAVIRT && SMP
|
|
help
|
|
Paravirtualized spinlocks allow a pvops backend to replace the
|
|
spinlock implementation with something virtualization-friendly
|
|
(for example, block the virtual CPU rather than spinning).
|
|
|
|
It has a minimal impact on native kernels and gives a nice performance
|
|
benefit on paravirtualized KVM / Xen kernels.
|
|
|
|
If you are unsure how to answer this question, answer Y.
|
|
|
|
config X86_HV_CALLBACK_VECTOR
|
|
def_bool n
|
|
|
|
source "arch/x86/xen/Kconfig"
|
|
|
|
config KVM_GUEST
|
|
bool "KVM Guest support (including kvmclock)"
|
|
depends on PARAVIRT
|
|
select PARAVIRT_CLOCK
|
|
select ARCH_CPUIDLE_HALTPOLL
|
|
select X86_HV_CALLBACK_VECTOR
|
|
default y
|
|
help
|
|
This option enables various optimizations for running under the KVM
|
|
hypervisor. It includes a paravirtualized clock, so that instead
|
|
of relying on a PIT (or probably other) emulation by the
|
|
underlying device model, the host provides the guest with
|
|
timing infrastructure such as time of day, and system time
|
|
|
|
config ARCH_CPUIDLE_HALTPOLL
|
|
def_bool n
|
|
prompt "Disable host haltpoll when loading haltpoll driver"
|
|
help
|
|
If virtualized under KVM, disable host haltpoll.
|
|
|
|
config PVH
|
|
bool "Support for running PVH guests"
|
|
help
|
|
This option enables the PVH entry point for guest virtual machines
|
|
as specified in the x86/HVM direct boot ABI.
|
|
|
|
config PARAVIRT_TIME_ACCOUNTING
|
|
bool "Paravirtual steal time accounting"
|
|
depends on PARAVIRT
|
|
help
|
|
Select this option to enable fine granularity task steal time
|
|
accounting. Time spent executing other tasks in parallel with
|
|
the current vCPU is discounted from the vCPU power. To account for
|
|
that, there can be a small performance impact.
|
|
|
|
If in doubt, say N here.
|
|
|
|
config PARAVIRT_CLOCK
|
|
bool
|
|
|
|
config JAILHOUSE_GUEST
|
|
bool "Jailhouse non-root cell support"
|
|
depends on X86_64 && PCI
|
|
select X86_PM_TIMER
|
|
help
|
|
This option allows to run Linux as guest in a Jailhouse non-root
|
|
cell. You can leave this option disabled if you only want to start
|
|
Jailhouse and run Linux afterwards in the root cell.
|
|
|
|
config ACRN_GUEST
|
|
bool "ACRN Guest support"
|
|
depends on X86_64
|
|
select X86_HV_CALLBACK_VECTOR
|
|
help
|
|
This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
|
|
a flexible, lightweight reference open-source hypervisor, built with
|
|
real-time and safety-criticality in mind. It is built for embedded
|
|
IOT with small footprint and real-time features. More details can be
|
|
found in https://projectacrn.org/.
|
|
|
|
config INTEL_TDX_GUEST
|
|
bool "Intel TDX (Trust Domain Extensions) - Guest Support"
|
|
depends on X86_64 && CPU_SUP_INTEL
|
|
depends on X86_X2APIC
|
|
depends on EFI_STUB
|
|
select ARCH_HAS_CC_PLATFORM
|
|
select X86_MEM_ENCRYPT
|
|
select X86_MCE
|
|
select UNACCEPTED_MEMORY
|
|
help
|
|
Support running as a guest under Intel TDX. Without this support,
|
|
the guest kernel can not boot or run under TDX.
|
|
TDX includes memory encryption and integrity capabilities
|
|
which protect the confidentiality and integrity of guest
|
|
memory contents and CPU state. TDX guests are protected from
|
|
some attacks from the VMM.
|
|
|
|
endif # HYPERVISOR_GUEST
|
|
|
|
source "arch/x86/Kconfig.cpu"
|
|
|
|
config HPET_TIMER
|
|
def_bool X86_64
|
|
prompt "HPET Timer Support" if X86_32
|
|
help
|
|
Use the IA-PC HPET (High Precision Event Timer) to manage
|
|
time in preference to the PIT and RTC, if a HPET is
|
|
present.
|
|
HPET is the next generation timer replacing legacy 8254s.
|
|
The HPET provides a stable time base on SMP
|
|
systems, unlike the TSC, but it is more expensive to access,
|
|
as it is off-chip. The interface used is documented
|
|
in the HPET spec, revision 1.
|
|
|
|
You can safely choose Y here. However, HPET will only be
|
|
activated if the platform and the BIOS support this feature.
|
|
Otherwise the 8254 will be used for timing services.
|
|
|
|
Choose N to continue using the legacy 8254 timer.
|
|
|
|
config HPET_EMULATE_RTC
|
|
def_bool y
|
|
depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
|
|
|
|
# Mark as expert because too many people got it wrong.
|
|
# The code disables itself when not needed.
|
|
config DMI
|
|
default y
|
|
select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
|
|
bool "Enable DMI scanning" if EXPERT
|
|
help
|
|
Enabled scanning of DMI to identify machine quirks. Say Y
|
|
here unless you have verified that your setup is not
|
|
affected by entries in the DMI blacklist. Required by PNP
|
|
BIOS code.
|
|
|
|
config GART_IOMMU
|
|
bool "Old AMD GART IOMMU support"
|
|
select DMA_OPS
|
|
select IOMMU_HELPER
|
|
select SWIOTLB
|
|
depends on X86_64 && PCI && AMD_NB
|
|
help
|
|
Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
|
|
GART based hardware IOMMUs.
|
|
|
|
The GART supports full DMA access for devices with 32-bit access
|
|
limitations, on systems with more than 3 GB. This is usually needed
|
|
for USB, sound, many IDE/SATA chipsets and some other devices.
|
|
|
|
Newer systems typically have a modern AMD IOMMU, supported via
|
|
the CONFIG_AMD_IOMMU=y config option.
|
|
|
|
In normal configurations this driver is only active when needed:
|
|
there's more than 3 GB of memory and the system contains a
|
|
32-bit limited device.
|
|
|
|
If unsure, say Y.
|
|
|
|
config BOOT_VESA_SUPPORT
|
|
bool
|
|
help
|
|
If true, at least one selected framebuffer driver can take advantage
|
|
of VESA video modes set at an early boot stage via the vga= parameter.
|
|
|
|
config MAXSMP
|
|
bool "Enable Maximum number of SMP Processors and NUMA Nodes"
|
|
depends on X86_64 && SMP && DEBUG_KERNEL
|
|
select CPUMASK_OFFSTACK
|
|
help
|
|
Enable maximum number of CPUS and NUMA Nodes for this architecture.
|
|
If unsure, say N.
|
|
|
|
#
|
|
# The maximum number of CPUs supported:
|
|
#
|
|
# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
|
|
# and which can be configured interactively in the
|
|
# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
|
|
#
|
|
# The ranges are different on 32-bit and 64-bit kernels, depending on
|
|
# hardware capabilities and scalability features of the kernel.
|
|
#
|
|
# ( If MAXSMP is enabled we just use the highest possible value and disable
|
|
# interactive configuration. )
|
|
#
|
|
|
|
config NR_CPUS_RANGE_BEGIN
|
|
int
|
|
default NR_CPUS_RANGE_END if MAXSMP
|
|
default 1 if !SMP
|
|
default 2
|
|
|
|
config NR_CPUS_RANGE_END
|
|
int
|
|
depends on X86_32
|
|
default 64 if SMP && X86_BIGSMP
|
|
default 8 if SMP && !X86_BIGSMP
|
|
default 1 if !SMP
|
|
|
|
config NR_CPUS_RANGE_END
|
|
int
|
|
depends on X86_64
|
|
default 8192 if SMP && CPUMASK_OFFSTACK
|
|
default 512 if SMP && !CPUMASK_OFFSTACK
|
|
default 1 if !SMP
|
|
|
|
config NR_CPUS_DEFAULT
|
|
int
|
|
depends on X86_32
|
|
default 32 if X86_BIGSMP
|
|
default 8 if SMP
|
|
default 1 if !SMP
|
|
|
|
config NR_CPUS_DEFAULT
|
|
int
|
|
depends on X86_64
|
|
default 8192 if MAXSMP
|
|
default 64 if SMP
|
|
default 1 if !SMP
|
|
|
|
config NR_CPUS
|
|
int "Maximum number of CPUs" if SMP && !MAXSMP
|
|
range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
|
|
default NR_CPUS_DEFAULT
|
|
help
|
|
This allows you to specify the maximum number of CPUs which this
|
|
kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum
|
|
supported value is 8192, otherwise the maximum value is 512. The
|
|
minimum value which makes sense is 2.
|
|
|
|
This is purely to save memory: each supported CPU adds about 8KB
|
|
to the kernel image.
|
|
|
|
config SCHED_CLUSTER
|
|
bool "Cluster scheduler support"
|
|
depends on SMP
|
|
default y
|
|
help
|
|
Cluster scheduler support improves the CPU scheduler's decision
|
|
making when dealing with machines that have clusters of CPUs.
|
|
Cluster usually means a couple of CPUs which are placed closely
|
|
by sharing mid-level caches, last-level cache tags or internal
|
|
busses.
|
|
|
|
config SCHED_SMT
|
|
def_bool y if SMP
|
|
|
|
config SCHED_MC
|
|
def_bool y
|
|
prompt "Multi-core scheduler support"
|
|
depends on SMP
|
|
help
|
|
Multi-core scheduler support improves the CPU scheduler's decision
|
|
making when dealing with multi-core CPU chips at a cost of slightly
|
|
increased overhead in some places. If unsure say N here.
|
|
|
|
config SCHED_MC_PRIO
|
|
bool "CPU core priorities scheduler support"
|
|
depends on SCHED_MC
|
|
select X86_INTEL_PSTATE if CPU_SUP_INTEL
|
|
select X86_AMD_PSTATE if CPU_SUP_AMD && ACPI
|
|
select CPU_FREQ
|
|
default y
|
|
help
|
|
Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
|
|
core ordering determined at manufacturing time, which allows
|
|
certain cores to reach higher turbo frequencies (when running
|
|
single threaded workloads) than others.
|
|
|
|
Enabling this kernel feature teaches the scheduler about
|
|
the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
|
|
scheduler's CPU selection logic accordingly, so that higher
|
|
overall system performance can be achieved.
|
|
|
|
This feature will have no effect on CPUs without this feature.
|
|
|
|
If unsure say Y here.
|
|
|
|
config UP_LATE_INIT
|
|
def_bool y
|
|
depends on !SMP && X86_LOCAL_APIC
|
|
|
|
config X86_UP_APIC
|
|
bool "Local APIC support on uniprocessors" if !PCI_MSI
|
|
default PCI_MSI
|
|
depends on X86_32 && !SMP && !X86_32_NON_STANDARD
|
|
help
|
|
A local APIC (Advanced Programmable Interrupt Controller) is an
|
|
integrated interrupt controller in the CPU. If you have a single-CPU
|
|
system which has a processor with a local APIC, you can say Y here to
|
|
enable and use it. If you say Y here even though your machine doesn't
|
|
have a local APIC, then the kernel will still run with no slowdown at
|
|
all. The local APIC supports CPU-generated self-interrupts (timer,
|
|
performance counters), and the NMI watchdog which detects hard
|
|
lockups.
|
|
|
|
config X86_UP_IOAPIC
|
|
bool "IO-APIC support on uniprocessors"
|
|
depends on X86_UP_APIC
|
|
help
|
|
An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
|
|
SMP-capable replacement for PC-style interrupt controllers. Most
|
|
SMP systems and many recent uniprocessor systems have one.
|
|
|
|
If you have a single-CPU system with an IO-APIC, you can say Y here
|
|
to use it. If you say Y here even though your machine doesn't have
|
|
an IO-APIC, then the kernel will still run with no slowdown at all.
|
|
|
|
config X86_LOCAL_APIC
|
|
def_bool y
|
|
depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
|
|
select IRQ_DOMAIN_HIERARCHY
|
|
|
|
config ACPI_MADT_WAKEUP
|
|
def_bool y
|
|
depends on X86_64
|
|
depends on ACPI
|
|
depends on SMP
|
|
depends on X86_LOCAL_APIC
|
|
|
|
config X86_IO_APIC
|
|
def_bool y
|
|
depends on X86_LOCAL_APIC || X86_UP_IOAPIC
|
|
|
|
config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
|
|
bool "Reroute for broken boot IRQs"
|
|
depends on X86_IO_APIC
|
|
help
|
|
This option enables a workaround that fixes a source of
|
|
spurious interrupts. This is recommended when threaded
|
|
interrupt handling is used on systems where the generation of
|
|
superfluous "boot interrupts" cannot be disabled.
|
|
|
|
Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
|
|
entry in the chipset's IO-APIC is masked (as, e.g. the RT
|
|
kernel does during interrupt handling). On chipsets where this
|
|
boot IRQ generation cannot be disabled, this workaround keeps
|
|
the original IRQ line masked so that only the equivalent "boot
|
|
IRQ" is delivered to the CPUs. The workaround also tells the
|
|
kernel to set up the IRQ handler on the boot IRQ line. In this
|
|
way only one interrupt is delivered to the kernel. Otherwise
|
|
the spurious second interrupt may cause the kernel to bring
|
|
down (vital) interrupt lines.
|
|
|
|
Only affects "broken" chipsets. Interrupt sharing may be
|
|
increased on these systems.
|
|
|
|
config X86_MCE
|
|
bool "Machine Check / overheating reporting"
|
|
select GENERIC_ALLOCATOR
|
|
default y
|
|
help
|
|
Machine Check support allows the processor to notify the
|
|
kernel if it detects a problem (e.g. overheating, data corruption).
|
|
The action the kernel takes depends on the severity of the problem,
|
|
ranging from warning messages to halting the machine.
|
|
|
|
config X86_MCELOG_LEGACY
|
|
bool "Support for deprecated /dev/mcelog character device"
|
|
depends on X86_MCE
|
|
help
|
|
Enable support for /dev/mcelog which is needed by the old mcelog
|
|
userspace logging daemon. Consider switching to the new generation
|
|
rasdaemon solution.
|
|
|
|
config X86_MCE_INTEL
|
|
def_bool y
|
|
prompt "Intel MCE features"
|
|
depends on X86_MCE && X86_LOCAL_APIC
|
|
help
|
|
Additional support for intel specific MCE features such as
|
|
the thermal monitor.
|
|
|
|
config X86_MCE_AMD
|
|
def_bool y
|
|
prompt "AMD MCE features"
|
|
depends on X86_MCE && X86_LOCAL_APIC && AMD_NB
|
|
help
|
|
Additional support for AMD specific MCE features such as
|
|
the DRAM Error Threshold.
|
|
|
|
config X86_ANCIENT_MCE
|
|
bool "Support for old Pentium 5 / WinChip machine checks"
|
|
depends on X86_32 && X86_MCE
|
|
help
|
|
Include support for machine check handling on old Pentium 5 or WinChip
|
|
systems. These typically need to be enabled explicitly on the command
|
|
line.
|
|
|
|
config X86_MCE_THRESHOLD
|
|
depends on X86_MCE_AMD || X86_MCE_INTEL
|
|
def_bool y
|
|
|
|
config X86_MCE_INJECT
|
|
depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
|
|
tristate "Machine check injector support"
|
|
help
|
|
Provide support for injecting machine checks for testing purposes.
|
|
If you don't know what a machine check is and you don't do kernel
|
|
QA it is safe to say n.
|
|
|
|
source "arch/x86/events/Kconfig"
|
|
|
|
config X86_LEGACY_VM86
|
|
bool "Legacy VM86 support"
|
|
depends on X86_32
|
|
help
|
|
This option allows user programs to put the CPU into V8086
|
|
mode, which is an 80286-era approximation of 16-bit real mode.
|
|
|
|
Some very old versions of X and/or vbetool require this option
|
|
for user mode setting. Similarly, DOSEMU will use it if
|
|
available to accelerate real mode DOS programs. However, any
|
|
recent version of DOSEMU, X, or vbetool should be fully
|
|
functional even without kernel VM86 support, as they will all
|
|
fall back to software emulation. Nevertheless, if you are using
|
|
a 16-bit DOS program where 16-bit performance matters, vm86
|
|
mode might be faster than emulation and you might want to
|
|
enable this option.
|
|
|
|
Note that any app that works on a 64-bit kernel is unlikely to
|
|
need this option, as 64-bit kernels don't, and can't, support
|
|
V8086 mode. This option is also unrelated to 16-bit protected
|
|
mode and is not needed to run most 16-bit programs under Wine.
|
|
|
|
Enabling this option increases the complexity of the kernel
|
|
and slows down exception handling a tiny bit.
|
|
|
|
If unsure, say N here.
|
|
|
|
config VM86
|
|
bool
|
|
default X86_LEGACY_VM86
|
|
|
|
config X86_16BIT
|
|
bool "Enable support for 16-bit segments" if EXPERT
|
|
default y
|
|
depends on MODIFY_LDT_SYSCALL
|
|
help
|
|
This option is required by programs like Wine to run 16-bit
|
|
protected mode legacy code on x86 processors. Disabling
|
|
this option saves about 300 bytes on i386, or around 6K text
|
|
plus 16K runtime memory on x86-64,
|
|
|
|
config X86_ESPFIX32
|
|
def_bool y
|
|
depends on X86_16BIT && X86_32
|
|
|
|
config X86_ESPFIX64
|
|
def_bool y
|
|
depends on X86_16BIT && X86_64
|
|
|
|
config X86_VSYSCALL_EMULATION
|
|
bool "Enable vsyscall emulation" if EXPERT
|
|
default y
|
|
depends on X86_64
|
|
help
|
|
This enables emulation of the legacy vsyscall page. Disabling
|
|
it is roughly equivalent to booting with vsyscall=none, except
|
|
that it will also disable the helpful warning if a program
|
|
tries to use a vsyscall. With this option set to N, offending
|
|
programs will just segfault, citing addresses of the form
|
|
0xffffffffff600?00.
|
|
|
|
This option is required by many programs built before 2013, and
|
|
care should be used even with newer programs if set to N.
|
|
|
|
Disabling this option saves about 7K of kernel size and
|
|
possibly 4K of additional runtime pagetable memory.
|
|
|
|
config X86_IOPL_IOPERM
|
|
bool "IOPERM and IOPL Emulation"
|
|
default y
|
|
help
|
|
This enables the ioperm() and iopl() syscalls which are necessary
|
|
for legacy applications.
|
|
|
|
Legacy IOPL support is an overbroad mechanism which allows user
|
|
space aside of accessing all 65536 I/O ports also to disable
|
|
interrupts. To gain this access the caller needs CAP_SYS_RAWIO
|
|
capabilities and permission from potentially active security
|
|
modules.
|
|
|
|
The emulation restricts the functionality of the syscall to
|
|
only allowing the full range I/O port access, but prevents the
|
|
ability to disable interrupts from user space which would be
|
|
granted if the hardware IOPL mechanism would be used.
|
|
|
|
config TOSHIBA
|
|
tristate "Toshiba Laptop support"
|
|
depends on X86_32
|
|
help
|
|
This adds a driver to safely access the System Management Mode of
|
|
the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
|
|
not work on models with a Phoenix BIOS. The System Management Mode
|
|
is used to set the BIOS and power saving options on Toshiba portables.
|
|
|
|
For information on utilities to make use of this driver see the
|
|
Toshiba Linux utilities web site at:
|
|
<http://www.buzzard.org.uk/toshiba/>.
|
|
|
|
Say Y if you intend to run this kernel on a Toshiba portable.
|
|
Say N otherwise.
|
|
|
|
config X86_REBOOTFIXUPS
|
|
bool "Enable X86 board specific fixups for reboot"
|
|
depends on X86_32
|
|
help
|
|
This enables chipset and/or board specific fixups to be done
|
|
in order to get reboot to work correctly. This is only needed on
|
|
some combinations of hardware and BIOS. The symptom, for which
|
|
this config is intended, is when reboot ends with a stalled/hung
|
|
system.
|
|
|
|
Currently, the only fixup is for the Geode machines using
|
|
CS5530A and CS5536 chipsets and the RDC R-321x SoC.
|
|
|
|
Say Y if you want to enable the fixup. Currently, it's safe to
|
|
enable this option even if you don't need it.
|
|
Say N otherwise.
|
|
|
|
config MICROCODE
|
|
def_bool y
|
|
depends on CPU_SUP_AMD || CPU_SUP_INTEL
|
|
|
|
config MICROCODE_INITRD32
|
|
def_bool y
|
|
depends on MICROCODE && X86_32 && BLK_DEV_INITRD
|
|
|
|
config MICROCODE_LATE_LOADING
|
|
bool "Late microcode loading (DANGEROUS)"
|
|
default n
|
|
depends on MICROCODE && SMP
|
|
help
|
|
Loading microcode late, when the system is up and executing instructions
|
|
is a tricky business and should be avoided if possible. Just the sequence
|
|
of synchronizing all cores and SMT threads is one fragile dance which does
|
|
not guarantee that cores might not softlock after the loading. Therefore,
|
|
use this at your own risk. Late loading taints the kernel unless the
|
|
microcode header indicates that it is safe for late loading via the
|
|
minimal revision check. This minimal revision check can be enforced on
|
|
the kernel command line with "microcode.minrev=Y".
|
|
|
|
config MICROCODE_LATE_FORCE_MINREV
|
|
bool "Enforce late microcode loading minimal revision check"
|
|
default n
|
|
depends on MICROCODE_LATE_LOADING
|
|
help
|
|
To prevent that users load microcode late which modifies already
|
|
in use features, newer microcode patches have a minimum revision field
|
|
in the microcode header, which tells the kernel which minimum
|
|
revision must be active in the CPU to safely load that new microcode
|
|
late into the running system. If disabled the check will not
|
|
be enforced but the kernel will be tainted when the minimal
|
|
revision check fails.
|
|
|
|
This minimal revision check can also be controlled via the
|
|
"microcode.minrev" parameter on the kernel command line.
|
|
|
|
If unsure say Y.
|
|
|
|
config X86_MSR
|
|
tristate "/dev/cpu/*/msr - Model-specific register support"
|
|
help
|
|
This device gives privileged processes access to the x86
|
|
Model-Specific Registers (MSRs). It is a character device with
|
|
major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
|
|
MSR accesses are directed to a specific CPU on multi-processor
|
|
systems.
|
|
|
|
config X86_CPUID
|
|
tristate "/dev/cpu/*/cpuid - CPU information support"
|
|
help
|
|
This device gives processes access to the x86 CPUID instruction to
|
|
be executed on a specific processor. It is a character device
|
|
with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
|
|
/dev/cpu/31/cpuid.
|
|
|
|
choice
|
|
prompt "High Memory Support"
|
|
default HIGHMEM4G
|
|
depends on X86_32
|
|
|
|
config NOHIGHMEM
|
|
bool "off"
|
|
help
|
|
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
|
|
However, the address space of 32-bit x86 processors is only 4
|
|
Gigabytes large. That means that, if you have a large amount of
|
|
physical memory, not all of it can be "permanently mapped" by the
|
|
kernel. The physical memory that's not permanently mapped is called
|
|
"high memory".
|
|
|
|
If you are compiling a kernel which will never run on a machine with
|
|
more than 1 Gigabyte total physical RAM, answer "off" here (default
|
|
choice and suitable for most users). This will result in a "3GB/1GB"
|
|
split: 3GB are mapped so that each process sees a 3GB virtual memory
|
|
space and the remaining part of the 4GB virtual memory space is used
|
|
by the kernel to permanently map as much physical memory as
|
|
possible.
|
|
|
|
If the machine has between 1 and 4 Gigabytes physical RAM, then
|
|
answer "4GB" here.
|
|
|
|
If more than 4 Gigabytes is used then answer "64GB" here. This
|
|
selection turns Intel PAE (Physical Address Extension) mode on.
|
|
PAE implements 3-level paging on IA32 processors. PAE is fully
|
|
supported by Linux, PAE mode is implemented on all recent Intel
|
|
processors (Pentium Pro and better). NOTE: If you say "64GB" here,
|
|
then the kernel will not boot on CPUs that don't support PAE!
|
|
|
|
The actual amount of total physical memory will either be
|
|
auto detected or can be forced by using a kernel command line option
|
|
such as "mem=256M". (Try "man bootparam" or see the documentation of
|
|
your boot loader (lilo or loadlin) about how to pass options to the
|
|
kernel at boot time.)
|
|
|
|
If unsure, say "off".
|
|
|
|
config HIGHMEM4G
|
|
bool "4GB"
|
|
help
|
|
Select this if you have a 32-bit processor and between 1 and 4
|
|
gigabytes of physical RAM.
|
|
|
|
config HIGHMEM64G
|
|
bool "64GB"
|
|
depends on X86_HAVE_PAE
|
|
select X86_PAE
|
|
help
|
|
Select this if you have a 32-bit processor and more than 4
|
|
gigabytes of physical RAM.
|
|
|
|
endchoice
|
|
|
|
choice
|
|
prompt "Memory split" if EXPERT
|
|
default VMSPLIT_3G
|
|
depends on X86_32
|
|
help
|
|
Select the desired split between kernel and user memory.
|
|
|
|
If the address range available to the kernel is less than the
|
|
physical memory installed, the remaining memory will be available
|
|
as "high memory". Accessing high memory is a little more costly
|
|
than low memory, as it needs to be mapped into the kernel first.
|
|
Note that increasing the kernel address space limits the range
|
|
available to user programs, making the address space there
|
|
tighter. Selecting anything other than the default 3G/1G split
|
|
will also likely make your kernel incompatible with binary-only
|
|
kernel modules.
|
|
|
|
If you are not absolutely sure what you are doing, leave this
|
|
option alone!
|
|
|
|
config VMSPLIT_3G
|
|
bool "3G/1G user/kernel split"
|
|
config VMSPLIT_3G_OPT
|
|
depends on !X86_PAE
|
|
bool "3G/1G user/kernel split (for full 1G low memory)"
|
|
config VMSPLIT_2G
|
|
bool "2G/2G user/kernel split"
|
|
config VMSPLIT_2G_OPT
|
|
depends on !X86_PAE
|
|
bool "2G/2G user/kernel split (for full 2G low memory)"
|
|
config VMSPLIT_1G
|
|
bool "1G/3G user/kernel split"
|
|
endchoice
|
|
|
|
config PAGE_OFFSET
|
|
hex
|
|
default 0xB0000000 if VMSPLIT_3G_OPT
|
|
default 0x80000000 if VMSPLIT_2G
|
|
default 0x78000000 if VMSPLIT_2G_OPT
|
|
default 0x40000000 if VMSPLIT_1G
|
|
default 0xC0000000
|
|
depends on X86_32
|
|
|
|
config HIGHMEM
|
|
def_bool y
|
|
depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
|
|
|
|
config X86_PAE
|
|
bool "PAE (Physical Address Extension) Support"
|
|
depends on X86_32 && X86_HAVE_PAE
|
|
select PHYS_ADDR_T_64BIT
|
|
select SWIOTLB
|
|
help
|
|
PAE is required for NX support, and furthermore enables
|
|
larger swapspace support for non-overcommit purposes. It
|
|
has the cost of more pagetable lookup overhead, and also
|
|
consumes more pagetable space per process.
|
|
|
|
config X86_5LEVEL
|
|
bool "Enable 5-level page tables support"
|
|
default y
|
|
select DYNAMIC_MEMORY_LAYOUT
|
|
select SPARSEMEM_VMEMMAP
|
|
depends on X86_64
|
|
help
|
|
5-level paging enables access to larger address space:
|
|
up to 128 PiB of virtual address space and 4 PiB of
|
|
physical address space.
|
|
|
|
It will be supported by future Intel CPUs.
|
|
|
|
A kernel with the option enabled can be booted on machines that
|
|
support 4- or 5-level paging.
|
|
|
|
See Documentation/arch/x86/x86_64/5level-paging.rst for more
|
|
information.
|
|
|
|
Say N if unsure.
|
|
|
|
config X86_DIRECT_GBPAGES
|
|
def_bool y
|
|
depends on X86_64
|
|
help
|
|
Certain kernel features effectively disable kernel
|
|
linear 1 GB mappings (even if the CPU otherwise
|
|
supports them), so don't confuse the user by printing
|
|
that we have them enabled.
|
|
|
|
config X86_CPA_STATISTICS
|
|
bool "Enable statistic for Change Page Attribute"
|
|
depends on DEBUG_FS
|
|
help
|
|
Expose statistics about the Change Page Attribute mechanism, which
|
|
helps to determine the effectiveness of preserving large and huge
|
|
page mappings when mapping protections are changed.
|
|
|
|
config X86_MEM_ENCRYPT
|
|
select ARCH_HAS_FORCE_DMA_UNENCRYPTED
|
|
select DYNAMIC_PHYSICAL_MASK
|
|
def_bool n
|
|
|
|
config AMD_MEM_ENCRYPT
|
|
bool "AMD Secure Memory Encryption (SME) support"
|
|
depends on X86_64 && CPU_SUP_AMD
|
|
depends on EFI_STUB
|
|
select DMA_COHERENT_POOL
|
|
select ARCH_USE_MEMREMAP_PROT
|
|
select INSTRUCTION_DECODER
|
|
select ARCH_HAS_CC_PLATFORM
|
|
select X86_MEM_ENCRYPT
|
|
select UNACCEPTED_MEMORY
|
|
help
|
|
Say yes to enable support for the encryption of system memory.
|
|
This requires an AMD processor that supports Secure Memory
|
|
Encryption (SME).
|
|
|
|
# Common NUMA Features
|
|
config NUMA
|
|
bool "NUMA Memory Allocation and Scheduler Support"
|
|
depends on SMP
|
|
depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
|
|
default y if X86_BIGSMP
|
|
select USE_PERCPU_NUMA_NODE_ID
|
|
select OF_NUMA if OF
|
|
help
|
|
Enable NUMA (Non-Uniform Memory Access) support.
|
|
|
|
The kernel will try to allocate memory used by a CPU on the
|
|
local memory controller of the CPU and add some more
|
|
NUMA awareness to the kernel.
|
|
|
|
For 64-bit this is recommended if the system is Intel Core i7
|
|
(or later), AMD Opteron, or EM64T NUMA.
|
|
|
|
For 32-bit this is only needed if you boot a 32-bit
|
|
kernel on a 64-bit NUMA platform.
|
|
|
|
Otherwise, you should say N.
|
|
|
|
config AMD_NUMA
|
|
def_bool y
|
|
prompt "Old style AMD Opteron NUMA detection"
|
|
depends on X86_64 && NUMA && PCI
|
|
help
|
|
Enable AMD NUMA node topology detection. You should say Y here if
|
|
you have a multi processor AMD system. This uses an old method to
|
|
read the NUMA configuration directly from the builtin Northbridge
|
|
of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
|
|
which also takes priority if both are compiled in.
|
|
|
|
config X86_64_ACPI_NUMA
|
|
def_bool y
|
|
prompt "ACPI NUMA detection"
|
|
depends on X86_64 && NUMA && ACPI && PCI
|
|
select ACPI_NUMA
|
|
help
|
|
Enable ACPI SRAT based node topology detection.
|
|
|
|
config NUMA_EMU
|
|
bool "NUMA emulation"
|
|
depends on NUMA
|
|
help
|
|
Enable NUMA emulation. A flat machine will be split
|
|
into virtual nodes when booted with "numa=fake=N", where N is the
|
|
number of nodes. This is only useful for debugging.
|
|
|
|
config NODES_SHIFT
|
|
int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
|
|
range 1 10
|
|
default "10" if MAXSMP
|
|
default "6" if X86_64
|
|
default "3"
|
|
depends on NUMA
|
|
help
|
|
Specify the maximum number of NUMA Nodes available on the target
|
|
system. Increases memory reserved to accommodate various tables.
|
|
|
|
config ARCH_FLATMEM_ENABLE
|
|
def_bool y
|
|
depends on X86_32 && !NUMA
|
|
|
|
config ARCH_SPARSEMEM_ENABLE
|
|
def_bool y
|
|
depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD
|
|
select SPARSEMEM_STATIC if X86_32
|
|
select SPARSEMEM_VMEMMAP_ENABLE if X86_64
|
|
|
|
config ARCH_SPARSEMEM_DEFAULT
|
|
def_bool X86_64 || (NUMA && X86_32)
|
|
|
|
config ARCH_SELECT_MEMORY_MODEL
|
|
def_bool y
|
|
depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE
|
|
|
|
config ARCH_MEMORY_PROBE
|
|
bool "Enable sysfs memory/probe interface"
|
|
depends on MEMORY_HOTPLUG
|
|
help
|
|
This option enables a sysfs memory/probe interface for testing.
|
|
See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config ARCH_PROC_KCORE_TEXT
|
|
def_bool y
|
|
depends on X86_64 && PROC_KCORE
|
|
|
|
config ILLEGAL_POINTER_VALUE
|
|
hex
|
|
default 0 if X86_32
|
|
default 0xdead000000000000 if X86_64
|
|
|
|
config X86_PMEM_LEGACY_DEVICE
|
|
bool
|
|
|
|
config X86_PMEM_LEGACY
|
|
tristate "Support non-standard NVDIMMs and ADR protected memory"
|
|
depends on PHYS_ADDR_T_64BIT
|
|
depends on BLK_DEV
|
|
select X86_PMEM_LEGACY_DEVICE
|
|
select NUMA_KEEP_MEMINFO if NUMA
|
|
select LIBNVDIMM
|
|
help
|
|
Treat memory marked using the non-standard e820 type of 12 as used
|
|
by the Intel Sandy Bridge-EP reference BIOS as protected memory.
|
|
The kernel will offer these regions to the 'pmem' driver so
|
|
they can be used for persistent storage.
|
|
|
|
Say Y if unsure.
|
|
|
|
config HIGHPTE
|
|
bool "Allocate 3rd-level pagetables from highmem"
|
|
depends on HIGHMEM
|
|
help
|
|
The VM uses one page table entry for each page of physical memory.
|
|
For systems with a lot of RAM, this can be wasteful of precious
|
|
low memory. Setting this option will put user-space page table
|
|
entries in high memory.
|
|
|
|
config X86_CHECK_BIOS_CORRUPTION
|
|
bool "Check for low memory corruption"
|
|
help
|
|
Periodically check for memory corruption in low memory, which
|
|
is suspected to be caused by BIOS. Even when enabled in the
|
|
configuration, it is disabled at runtime. Enable it by
|
|
setting "memory_corruption_check=1" on the kernel command
|
|
line. By default it scans the low 64k of memory every 60
|
|
seconds; see the memory_corruption_check_size and
|
|
memory_corruption_check_period parameters in
|
|
Documentation/admin-guide/kernel-parameters.rst to adjust this.
|
|
|
|
When enabled with the default parameters, this option has
|
|
almost no overhead, as it reserves a relatively small amount
|
|
of memory and scans it infrequently. It both detects corruption
|
|
and prevents it from affecting the running system.
|
|
|
|
It is, however, intended as a diagnostic tool; if repeatable
|
|
BIOS-originated corruption always affects the same memory,
|
|
you can use memmap= to prevent the kernel from using that
|
|
memory.
|
|
|
|
config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
|
|
bool "Set the default setting of memory_corruption_check"
|
|
depends on X86_CHECK_BIOS_CORRUPTION
|
|
default y
|
|
help
|
|
Set whether the default state of memory_corruption_check is
|
|
on or off.
|
|
|
|
config MATH_EMULATION
|
|
bool
|
|
depends on MODIFY_LDT_SYSCALL
|
|
prompt "Math emulation" if X86_32 && (M486SX || MELAN)
|
|
help
|
|
Linux can emulate a math coprocessor (used for floating point
|
|
operations) if you don't have one. 486DX and Pentium processors have
|
|
a math coprocessor built in, 486SX and 386 do not, unless you added
|
|
a 487DX or 387, respectively. (The messages during boot time can
|
|
give you some hints here ["man dmesg"].) Everyone needs either a
|
|
coprocessor or this emulation.
|
|
|
|
If you don't have a math coprocessor, you need to say Y here; if you
|
|
say Y here even though you have a coprocessor, the coprocessor will
|
|
be used nevertheless. (This behavior can be changed with the kernel
|
|
command line option "no387", which comes handy if your coprocessor
|
|
is broken. Try "man bootparam" or see the documentation of your boot
|
|
loader (lilo or loadlin) about how to pass options to the kernel at
|
|
boot time.) This means that it is a good idea to say Y here if you
|
|
intend to use this kernel on different machines.
|
|
|
|
More information about the internals of the Linux math coprocessor
|
|
emulation can be found in <file:arch/x86/math-emu/README>.
|
|
|
|
If you are not sure, say Y; apart from resulting in a 66 KB bigger
|
|
kernel, it won't hurt.
|
|
|
|
config MTRR
|
|
def_bool y
|
|
prompt "MTRR (Memory Type Range Register) support" if EXPERT
|
|
help
|
|
On Intel P6 family processors (Pentium Pro, Pentium II and later)
|
|
the Memory Type Range Registers (MTRRs) may be used to control
|
|
processor access to memory ranges. This is most useful if you have
|
|
a video (VGA) card on a PCI or AGP bus. Enabling write-combining
|
|
allows bus write transfers to be combined into a larger transfer
|
|
before bursting over the PCI/AGP bus. This can increase performance
|
|
of image write operations 2.5 times or more. Saying Y here creates a
|
|
/proc/mtrr file which may be used to manipulate your processor's
|
|
MTRRs. Typically the X server should use this.
|
|
|
|
This code has a reasonably generic interface so that similar
|
|
control registers on other processors can be easily supported
|
|
as well:
|
|
|
|
The Cyrix 6x86, 6x86MX and M II processors have Address Range
|
|
Registers (ARRs) which provide a similar functionality to MTRRs. For
|
|
these, the ARRs are used to emulate the MTRRs.
|
|
The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
|
|
MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
|
|
write-combining. All of these processors are supported by this code
|
|
and it makes sense to say Y here if you have one of them.
|
|
|
|
Saying Y here also fixes a problem with buggy SMP BIOSes which only
|
|
set the MTRRs for the boot CPU and not for the secondary CPUs. This
|
|
can lead to all sorts of problems, so it's good to say Y here.
|
|
|
|
You can safely say Y even if your machine doesn't have MTRRs, you'll
|
|
just add about 9 KB to your kernel.
|
|
|
|
See <file:Documentation/arch/x86/mtrr.rst> for more information.
|
|
|
|
config MTRR_SANITIZER
|
|
def_bool y
|
|
prompt "MTRR cleanup support"
|
|
depends on MTRR
|
|
help
|
|
Convert MTRR layout from continuous to discrete, so X drivers can
|
|
add writeback entries.
|
|
|
|
Can be disabled with disable_mtrr_cleanup on the kernel command line.
|
|
The largest mtrr entry size for a continuous block can be set with
|
|
mtrr_chunk_size.
|
|
|
|
If unsure, say Y.
|
|
|
|
config MTRR_SANITIZER_ENABLE_DEFAULT
|
|
int "MTRR cleanup enable value (0-1)"
|
|
range 0 1
|
|
default "0"
|
|
depends on MTRR_SANITIZER
|
|
help
|
|
Enable mtrr cleanup default value
|
|
|
|
config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
|
|
int "MTRR cleanup spare reg num (0-7)"
|
|
range 0 7
|
|
default "1"
|
|
depends on MTRR_SANITIZER
|
|
help
|
|
mtrr cleanup spare entries default, it can be changed via
|
|
mtrr_spare_reg_nr=N on the kernel command line.
|
|
|
|
config X86_PAT
|
|
def_bool y
|
|
prompt "x86 PAT support" if EXPERT
|
|
depends on MTRR
|
|
help
|
|
Use PAT attributes to setup page level cache control.
|
|
|
|
PATs are the modern equivalents of MTRRs and are much more
|
|
flexible than MTRRs.
|
|
|
|
Say N here if you see bootup problems (boot crash, boot hang,
|
|
spontaneous reboots) or a non-working video driver.
|
|
|
|
If unsure, say Y.
|
|
|
|
config ARCH_USES_PG_UNCACHED
|
|
def_bool y
|
|
depends on X86_PAT
|
|
|
|
config X86_UMIP
|
|
def_bool y
|
|
prompt "User Mode Instruction Prevention" if EXPERT
|
|
help
|
|
User Mode Instruction Prevention (UMIP) is a security feature in
|
|
some x86 processors. If enabled, a general protection fault is
|
|
issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are
|
|
executed in user mode. These instructions unnecessarily expose
|
|
information about the hardware state.
|
|
|
|
The vast majority of applications do not use these instructions.
|
|
For the very few that do, software emulation is provided in
|
|
specific cases in protected and virtual-8086 modes. Emulated
|
|
results are dummy.
|
|
|
|
config CC_HAS_IBT
|
|
# GCC >= 9 and binutils >= 2.29
|
|
# Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
|
|
# Clang/LLVM >= 14
|
|
# https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f
|
|
# https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
|
|
def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
|
|
(CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
|
|
$(as-instr,endbr64)
|
|
|
|
config X86_CET
|
|
def_bool n
|
|
help
|
|
CET features configured (Shadow stack or IBT)
|
|
|
|
config X86_KERNEL_IBT
|
|
prompt "Indirect Branch Tracking"
|
|
def_bool y
|
|
depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
|
|
# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
|
|
depends on !LD_IS_LLD || LLD_VERSION >= 140000
|
|
select OBJTOOL
|
|
select X86_CET
|
|
help
|
|
Build the kernel with support for Indirect Branch Tracking, a
|
|
hardware support course-grain forward-edge Control Flow Integrity
|
|
protection. It enforces that all indirect calls must land on
|
|
an ENDBR instruction, as such, the compiler will instrument the
|
|
code with them to make this happen.
|
|
|
|
In addition to building the kernel with IBT, seal all functions that
|
|
are not indirect call targets, avoiding them ever becoming one.
|
|
|
|
This requires LTO like objtool runs and will slow down the build. It
|
|
does significantly reduce the number of ENDBR instructions in the
|
|
kernel image.
|
|
|
|
config X86_INTEL_MEMORY_PROTECTION_KEYS
|
|
prompt "Memory Protection Keys"
|
|
def_bool y
|
|
# Note: only available in 64-bit mode
|
|
depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD)
|
|
select ARCH_USES_HIGH_VMA_FLAGS
|
|
select ARCH_HAS_PKEYS
|
|
help
|
|
Memory Protection Keys provides a mechanism for enforcing
|
|
page-based protections, but without requiring modification of the
|
|
page tables when an application changes protection domains.
|
|
|
|
For details, see Documentation/core-api/protection-keys.rst
|
|
|
|
If unsure, say y.
|
|
|
|
config ARCH_PKEY_BITS
|
|
int
|
|
default 4
|
|
|
|
choice
|
|
prompt "TSX enable mode"
|
|
depends on CPU_SUP_INTEL
|
|
default X86_INTEL_TSX_MODE_OFF
|
|
help
|
|
Intel's TSX (Transactional Synchronization Extensions) feature
|
|
allows to optimize locking protocols through lock elision which
|
|
can lead to a noticeable performance boost.
|
|
|
|
On the other hand it has been shown that TSX can be exploited
|
|
to form side channel attacks (e.g. TAA) and chances are there
|
|
will be more of those attacks discovered in the future.
|
|
|
|
Therefore TSX is not enabled by default (aka tsx=off). An admin
|
|
might override this decision by tsx=on the command line parameter.
|
|
Even with TSX enabled, the kernel will attempt to enable the best
|
|
possible TAA mitigation setting depending on the microcode available
|
|
for the particular machine.
|
|
|
|
This option allows to set the default tsx mode between tsx=on, =off
|
|
and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
|
|
details.
|
|
|
|
Say off if not sure, auto if TSX is in use but it should be used on safe
|
|
platforms or on if TSX is in use and the security aspect of tsx is not
|
|
relevant.
|
|
|
|
config X86_INTEL_TSX_MODE_OFF
|
|
bool "off"
|
|
help
|
|
TSX is disabled if possible - equals to tsx=off command line parameter.
|
|
|
|
config X86_INTEL_TSX_MODE_ON
|
|
bool "on"
|
|
help
|
|
TSX is always enabled on TSX capable HW - equals the tsx=on command
|
|
line parameter.
|
|
|
|
config X86_INTEL_TSX_MODE_AUTO
|
|
bool "auto"
|
|
help
|
|
TSX is enabled on TSX capable HW that is believed to be safe against
|
|
side channel attacks- equals the tsx=auto command line parameter.
|
|
endchoice
|
|
|
|
config X86_SGX
|
|
bool "Software Guard eXtensions (SGX)"
|
|
depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC
|
|
depends on CRYPTO=y
|
|
depends on CRYPTO_SHA256=y
|
|
select MMU_NOTIFIER
|
|
select NUMA_KEEP_MEMINFO if NUMA
|
|
select XARRAY_MULTI
|
|
help
|
|
Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions
|
|
that can be used by applications to set aside private regions of code
|
|
and data, referred to as enclaves. An enclave's private memory can
|
|
only be accessed by code running within the enclave. Accesses from
|
|
outside the enclave, including other enclaves, are disallowed by
|
|
hardware.
|
|
|
|
If unsure, say N.
|
|
|
|
config X86_USER_SHADOW_STACK
|
|
bool "X86 userspace shadow stack"
|
|
depends on AS_WRUSS
|
|
depends on X86_64
|
|
select ARCH_USES_HIGH_VMA_FLAGS
|
|
select X86_CET
|
|
help
|
|
Shadow stack protection is a hardware feature that detects function
|
|
return address corruption. This helps mitigate ROP attacks.
|
|
Applications must be enabled to use it, and old userspace does not
|
|
get protection "for free".
|
|
|
|
CPUs supporting shadow stacks were first released in 2020.
|
|
|
|
See Documentation/arch/x86/shstk.rst for more information.
|
|
|
|
If unsure, say N.
|
|
|
|
config INTEL_TDX_HOST
|
|
bool "Intel Trust Domain Extensions (TDX) host support"
|
|
depends on CPU_SUP_INTEL
|
|
depends on X86_64
|
|
depends on KVM_INTEL
|
|
depends on X86_X2APIC
|
|
select ARCH_KEEP_MEMBLOCK
|
|
depends on CONTIG_ALLOC
|
|
depends on !KEXEC_CORE
|
|
depends on X86_MCE
|
|
help
|
|
Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
|
|
host and certain physical attacks. This option enables necessary TDX
|
|
support in the host kernel to run confidential VMs.
|
|
|
|
If unsure, say N.
|
|
|
|
config EFI
|
|
bool "EFI runtime service support"
|
|
depends on ACPI
|
|
select UCS2_STRING
|
|
select EFI_RUNTIME_WRAPPERS
|
|
select ARCH_USE_MEMREMAP_PROT
|
|
select EFI_RUNTIME_MAP if KEXEC_CORE
|
|
help
|
|
This enables the kernel to use EFI runtime services that are
|
|
available (such as the EFI variable services).
|
|
|
|
This option is only useful on systems that have EFI firmware.
|
|
In addition, you should use the latest ELILO loader available
|
|
at <http://elilo.sourceforge.net> in order to take advantage
|
|
of EFI runtime services. However, even with this option, the
|
|
resultant kernel should continue to boot on existing non-EFI
|
|
platforms.
|
|
|
|
config EFI_STUB
|
|
bool "EFI stub support"
|
|
depends on EFI
|
|
select RELOCATABLE
|
|
help
|
|
This kernel feature allows a bzImage to be loaded directly
|
|
by EFI firmware without the use of a bootloader.
|
|
|
|
See Documentation/admin-guide/efi-stub.rst for more information.
|
|
|
|
config EFI_HANDOVER_PROTOCOL
|
|
bool "EFI handover protocol (DEPRECATED)"
|
|
depends on EFI_STUB
|
|
default y
|
|
help
|
|
Select this in order to include support for the deprecated EFI
|
|
handover protocol, which defines alternative entry points into the
|
|
EFI stub. This is a practice that has no basis in the UEFI
|
|
specification, and requires a priori knowledge on the part of the
|
|
bootloader about Linux/x86 specific ways of passing the command line
|
|
and initrd, and where in memory those assets may be loaded.
|
|
|
|
If in doubt, say Y. Even though the corresponding support is not
|
|
present in upstream GRUB or other bootloaders, most distros build
|
|
GRUB with numerous downstream patches applied, and may rely on the
|
|
handover protocol as as result.
|
|
|
|
config EFI_MIXED
|
|
bool "EFI mixed-mode support"
|
|
depends on EFI_STUB && X86_64
|
|
help
|
|
Enabling this feature allows a 64-bit kernel to be booted
|
|
on a 32-bit firmware, provided that your CPU supports 64-bit
|
|
mode.
|
|
|
|
Note that it is not possible to boot a mixed-mode enabled
|
|
kernel via the EFI boot stub - a bootloader that supports
|
|
the EFI handover protocol must be used.
|
|
|
|
If unsure, say N.
|
|
|
|
config EFI_RUNTIME_MAP
|
|
bool "Export EFI runtime maps to sysfs" if EXPERT
|
|
depends on EFI
|
|
help
|
|
Export EFI runtime memory regions to /sys/firmware/efi/runtime-map.
|
|
That memory map is required by the 2nd kernel to set up EFI virtual
|
|
mappings after kexec, but can also be used for debugging purposes.
|
|
|
|
See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
|
|
|
|
source "kernel/Kconfig.hz"
|
|
|
|
config ARCH_SUPPORTS_KEXEC
|
|
def_bool y
|
|
|
|
config ARCH_SUPPORTS_KEXEC_FILE
|
|
def_bool X86_64
|
|
|
|
config ARCH_SELECTS_KEXEC_FILE
|
|
def_bool y
|
|
depends on KEXEC_FILE
|
|
select HAVE_IMA_KEXEC if IMA
|
|
|
|
config ARCH_SUPPORTS_KEXEC_PURGATORY
|
|
def_bool y
|
|
|
|
config ARCH_SUPPORTS_KEXEC_SIG
|
|
def_bool y
|
|
|
|
config ARCH_SUPPORTS_KEXEC_SIG_FORCE
|
|
def_bool y
|
|
|
|
config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
|
|
def_bool y
|
|
|
|
config ARCH_SUPPORTS_KEXEC_JUMP
|
|
def_bool y
|
|
|
|
config ARCH_SUPPORTS_CRASH_DUMP
|
|
def_bool X86_64 || (X86_32 && HIGHMEM)
|
|
|
|
config ARCH_SUPPORTS_CRASH_HOTPLUG
|
|
def_bool y
|
|
|
|
config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION
|
|
def_bool CRASH_RESERVE
|
|
|
|
config PHYSICAL_START
|
|
hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
|
|
default "0x1000000"
|
|
help
|
|
This gives the physical address where the kernel is loaded.
|
|
|
|
If the kernel is not relocatable (CONFIG_RELOCATABLE=n) then bzImage
|
|
will decompress itself to above physical address and run from there.
|
|
Otherwise, bzImage will run from the address where it has been loaded
|
|
by the boot loader. The only exception is if it is loaded below the
|
|
above physical address, in which case it will relocate itself there.
|
|
|
|
In normal kdump cases one does not have to set/change this option
|
|
as now bzImage can be compiled as a completely relocatable image
|
|
(CONFIG_RELOCATABLE=y) and be used to load and run from a different
|
|
address. This option is mainly useful for the folks who don't want
|
|
to use a bzImage for capturing the crash dump and want to use a
|
|
vmlinux instead. vmlinux is not relocatable hence a kernel needs
|
|
to be specifically compiled to run from a specific memory area
|
|
(normally a reserved region) and this option comes handy.
|
|
|
|
So if you are using bzImage for capturing the crash dump,
|
|
leave the value here unchanged to 0x1000000 and set
|
|
CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux
|
|
for capturing the crash dump change this value to start of
|
|
the reserved region. In other words, it can be set based on
|
|
the "X" value as specified in the "crashkernel=YM@XM"
|
|
command line boot parameter passed to the panic-ed
|
|
kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
|
|
for more details about crash dumps.
|
|
|
|
Usage of bzImage for capturing the crash dump is recommended as
|
|
one does not have to build two kernels. Same kernel can be used
|
|
as production kernel and capture kernel. Above option should have
|
|
gone away after relocatable bzImage support is introduced. But it
|
|
is present because there are users out there who continue to use
|
|
vmlinux for dump capture. This option should go away down the
|
|
line.
|
|
|
|
Don't change this unless you know what you are doing.
|
|
|
|
config RELOCATABLE
|
|
bool "Build a relocatable kernel"
|
|
default y
|
|
help
|
|
This builds a kernel image that retains relocation information
|
|
so it can be loaded someplace besides the default 1MB.
|
|
The relocations tend to make the kernel binary about 10% larger,
|
|
but are discarded at runtime.
|
|
|
|
One use is for the kexec on panic case where the recovery kernel
|
|
must live at a different physical address than the primary
|
|
kernel.
|
|
|
|
Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
|
|
it has been loaded at and the compile time physical address
|
|
(CONFIG_PHYSICAL_START) is used as the minimum location.
|
|
|
|
config RANDOMIZE_BASE
|
|
bool "Randomize the address of the kernel image (KASLR)"
|
|
depends on RELOCATABLE
|
|
default y
|
|
help
|
|
In support of Kernel Address Space Layout Randomization (KASLR),
|
|
this randomizes the physical address at which the kernel image
|
|
is decompressed and the virtual address where the kernel
|
|
image is mapped, as a security feature that deters exploit
|
|
attempts relying on knowledge of the location of kernel
|
|
code internals.
|
|
|
|
On 64-bit, the kernel physical and virtual addresses are
|
|
randomized separately. The physical address will be anywhere
|
|
between 16MB and the top of physical memory (up to 64TB). The
|
|
virtual address will be randomized from 16MB up to 1GB (9 bits
|
|
of entropy). Note that this also reduces the memory space
|
|
available to kernel modules from 1.5GB to 1GB.
|
|
|
|
On 32-bit, the kernel physical and virtual addresses are
|
|
randomized together. They will be randomized from 16MB up to
|
|
512MB (8 bits of entropy).
|
|
|
|
Entropy is generated using the RDRAND instruction if it is
|
|
supported. If RDTSC is supported, its value is mixed into
|
|
the entropy pool as well. If neither RDRAND nor RDTSC are
|
|
supported, then entropy is read from the i8254 timer. The
|
|
usable entropy is limited by the kernel being built using
|
|
2GB addressing, and that PHYSICAL_ALIGN must be at a
|
|
minimum of 2MB. As a result, only 10 bits of entropy are
|
|
theoretically possible, but the implementations are further
|
|
limited due to memory layouts.
|
|
|
|
If unsure, say Y.
|
|
|
|
# Relocation on x86 needs some additional build support
|
|
config X86_NEED_RELOCS
|
|
def_bool y
|
|
depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
|
|
|
|
config PHYSICAL_ALIGN
|
|
hex "Alignment value to which kernel should be aligned"
|
|
default "0x200000"
|
|
range 0x2000 0x1000000 if X86_32
|
|
range 0x200000 0x1000000 if X86_64
|
|
help
|
|
This value puts the alignment restrictions on physical address
|
|
where kernel is loaded and run from. Kernel is compiled for an
|
|
address which meets above alignment restriction.
|
|
|
|
If bootloader loads the kernel at a non-aligned address and
|
|
CONFIG_RELOCATABLE is set, kernel will move itself to nearest
|
|
address aligned to above value and run from there.
|
|
|
|
If bootloader loads the kernel at a non-aligned address and
|
|
CONFIG_RELOCATABLE is not set, kernel will ignore the run time
|
|
load address and decompress itself to the address it has been
|
|
compiled for and run from there. The address for which kernel is
|
|
compiled already meets above alignment restrictions. Hence the
|
|
end result is that kernel runs from a physical address meeting
|
|
above alignment restrictions.
|
|
|
|
On 32-bit this value must be a multiple of 0x2000. On 64-bit
|
|
this value must be a multiple of 0x200000.
|
|
|
|
Don't change this unless you know what you are doing.
|
|
|
|
config DYNAMIC_MEMORY_LAYOUT
|
|
bool
|
|
help
|
|
This option makes base addresses of vmalloc and vmemmap as well as
|
|
__PAGE_OFFSET movable during boot.
|
|
|
|
config RANDOMIZE_MEMORY
|
|
bool "Randomize the kernel memory sections"
|
|
depends on X86_64
|
|
depends on RANDOMIZE_BASE
|
|
select DYNAMIC_MEMORY_LAYOUT
|
|
default RANDOMIZE_BASE
|
|
help
|
|
Randomizes the base virtual address of kernel memory sections
|
|
(physical memory mapping, vmalloc & vmemmap). This security feature
|
|
makes exploits relying on predictable memory locations less reliable.
|
|
|
|
The order of allocations remains unchanged. Entropy is generated in
|
|
the same way as RANDOMIZE_BASE. Current implementation in the optimal
|
|
configuration have in average 30,000 different possible virtual
|
|
addresses for each memory section.
|
|
|
|
If unsure, say Y.
|
|
|
|
config RANDOMIZE_MEMORY_PHYSICAL_PADDING
|
|
hex "Physical memory mapping padding" if EXPERT
|
|
depends on RANDOMIZE_MEMORY
|
|
default "0xa" if MEMORY_HOTPLUG
|
|
default "0x0"
|
|
range 0x1 0x40 if MEMORY_HOTPLUG
|
|
range 0x0 0x40
|
|
help
|
|
Define the padding in terabytes added to the existing physical
|
|
memory size during kernel memory randomization. It is useful
|
|
for memory hotplug support but reduces the entropy available for
|
|
address randomization.
|
|
|
|
If unsure, leave at the default value.
|
|
|
|
config ADDRESS_MASKING
|
|
bool "Linear Address Masking support"
|
|
depends on X86_64
|
|
help
|
|
Linear Address Masking (LAM) modifies the checking that is applied
|
|
to 64-bit linear addresses, allowing software to use of the
|
|
untranslated address bits for metadata.
|
|
|
|
The capability can be used for efficient address sanitizers (ASAN)
|
|
implementation and for optimizations in JITs.
|
|
|
|
config HOTPLUG_CPU
|
|
def_bool y
|
|
depends on SMP
|
|
|
|
config COMPAT_VDSO
|
|
def_bool n
|
|
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
|
|
depends on COMPAT_32
|
|
help
|
|
Certain buggy versions of glibc will crash if they are
|
|
presented with a 32-bit vDSO that is not mapped at the address
|
|
indicated in its segment table.
|
|
|
|
The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
|
|
and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
|
|
49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is
|
|
the only released version with the bug, but OpenSUSE 9
|
|
contains a buggy "glibc 2.3.2".
|
|
|
|
The symptom of the bug is that everything crashes on startup, saying:
|
|
dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
|
|
|
|
Saying Y here changes the default value of the vdso32 boot
|
|
option from 1 to 0, which turns off the 32-bit vDSO entirely.
|
|
This works around the glibc bug but hurts performance.
|
|
|
|
If unsure, say N: if you are compiling your own kernel, you
|
|
are unlikely to be using a buggy version of glibc.
|
|
|
|
choice
|
|
prompt "vsyscall table for legacy applications"
|
|
depends on X86_64
|
|
default LEGACY_VSYSCALL_XONLY
|
|
help
|
|
Legacy user code that does not know how to find the vDSO expects
|
|
to be able to issue three syscalls by calling fixed addresses in
|
|
kernel space. Since this location is not randomized with ASLR,
|
|
it can be used to assist security vulnerability exploitation.
|
|
|
|
This setting can be changed at boot time via the kernel command
|
|
line parameter vsyscall=[emulate|xonly|none]. Emulate mode
|
|
is deprecated and can only be enabled using the kernel command
|
|
line.
|
|
|
|
On a system with recent enough glibc (2.14 or newer) and no
|
|
static binaries, you can say None without a performance penalty
|
|
to improve security.
|
|
|
|
If unsure, select "Emulate execution only".
|
|
|
|
config LEGACY_VSYSCALL_XONLY
|
|
bool "Emulate execution only"
|
|
help
|
|
The kernel traps and emulates calls into the fixed vsyscall
|
|
address mapping and does not allow reads. This
|
|
configuration is recommended when userspace might use the
|
|
legacy vsyscall area but support for legacy binary
|
|
instrumentation of legacy code is not needed. It mitigates
|
|
certain uses of the vsyscall area as an ASLR-bypassing
|
|
buffer.
|
|
|
|
config LEGACY_VSYSCALL_NONE
|
|
bool "None"
|
|
help
|
|
There will be no vsyscall mapping at all. This will
|
|
eliminate any risk of ASLR bypass due to the vsyscall
|
|
fixed address mapping. Attempts to use the vsyscalls
|
|
will be reported to dmesg, so that either old or
|
|
malicious userspace programs can be identified.
|
|
|
|
endchoice
|
|
|
|
config CMDLINE_BOOL
|
|
bool "Built-in kernel command line"
|
|
help
|
|
Allow for specifying boot arguments to the kernel at
|
|
build time. On some systems (e.g. embedded ones), it is
|
|
necessary or convenient to provide some or all of the
|
|
kernel boot arguments with the kernel itself (that is,
|
|
to not rely on the boot loader to provide them.)
|
|
|
|
To compile command line arguments into the kernel,
|
|
set this option to 'Y', then fill in the
|
|
boot arguments in CONFIG_CMDLINE.
|
|
|
|
Systems with fully functional boot loaders (i.e. non-embedded)
|
|
should leave this option set to 'N'.
|
|
|
|
config CMDLINE
|
|
string "Built-in kernel command string"
|
|
depends on CMDLINE_BOOL
|
|
default ""
|
|
help
|
|
Enter arguments here that should be compiled into the kernel
|
|
image and used at boot time. If the boot loader provides a
|
|
command line at boot time, it is appended to this string to
|
|
form the full kernel command line, when the system boots.
|
|
|
|
However, you can use the CONFIG_CMDLINE_OVERRIDE option to
|
|
change this behavior.
|
|
|
|
In most cases, the command line (whether built-in or provided
|
|
by the boot loader) should specify the device for the root
|
|
file system.
|
|
|
|
config CMDLINE_OVERRIDE
|
|
bool "Built-in command line overrides boot loader arguments"
|
|
depends on CMDLINE_BOOL && CMDLINE != ""
|
|
help
|
|
Set this option to 'Y' to have the kernel ignore the boot loader
|
|
command line, and use ONLY the built-in command line.
|
|
|
|
This is used to work around broken boot loaders. This should
|
|
be set to 'N' under normal conditions.
|
|
|
|
config MODIFY_LDT_SYSCALL
|
|
bool "Enable the LDT (local descriptor table)" if EXPERT
|
|
default y
|
|
help
|
|
Linux can allow user programs to install a per-process x86
|
|
Local Descriptor Table (LDT) using the modify_ldt(2) system
|
|
call. This is required to run 16-bit or segmented code such as
|
|
DOSEMU or some Wine programs. It is also used by some very old
|
|
threading libraries.
|
|
|
|
Enabling this feature adds a small amount of overhead to
|
|
context switches and increases the low-level kernel attack
|
|
surface. Disabling it removes the modify_ldt(2) system call.
|
|
|
|
Saying 'N' here may make sense for embedded or server kernels.
|
|
|
|
config STRICT_SIGALTSTACK_SIZE
|
|
bool "Enforce strict size checking for sigaltstack"
|
|
depends on DYNAMIC_SIGFRAME
|
|
help
|
|
For historical reasons MINSIGSTKSZ is a constant which became
|
|
already too small with AVX512 support. Add a mechanism to
|
|
enforce strict checking of the sigaltstack size against the
|
|
real size of the FPU frame. This option enables the check
|
|
by default. It can also be controlled via the kernel command
|
|
line option 'strict_sas_size' independent of this config
|
|
switch. Enabling it might break existing applications which
|
|
allocate a too small sigaltstack but 'work' because they
|
|
never get a signal delivered.
|
|
|
|
Say 'N' unless you want to really enforce this check.
|
|
|
|
config CFI_AUTO_DEFAULT
|
|
bool "Attempt to use FineIBT by default at boot time"
|
|
depends on FINEIBT
|
|
default y
|
|
help
|
|
Attempt to use FineIBT by default at boot time. If enabled,
|
|
this is the same as booting with "cfi=auto". If disabled,
|
|
this is the same as booting with "cfi=kcfi".
|
|
|
|
source "kernel/livepatch/Kconfig"
|
|
|
|
endmenu
|
|
|
|
config CC_HAS_NAMED_AS
|
|
def_bool $(success,echo 'int __seg_fs fs; int __seg_gs gs;' | $(CC) -x c - -S -o /dev/null)
|
|
depends on CC_IS_GCC
|
|
|
|
config CC_HAS_NAMED_AS_FIXED_SANITIZERS
|
|
def_bool CC_IS_GCC && GCC_VERSION >= 130300
|
|
|
|
config USE_X86_SEG_SUPPORT
|
|
def_bool y
|
|
depends on CC_HAS_NAMED_AS
|
|
#
|
|
# -fsanitize=kernel-address (KASAN) and -fsanitize=thread
|
|
# (KCSAN) are incompatible with named address spaces with
|
|
# GCC < 13.3 - see GCC PR sanitizer/111736.
|
|
#
|
|
depends on !(KASAN || KCSAN) || CC_HAS_NAMED_AS_FIXED_SANITIZERS
|
|
|
|
config CC_HAS_SLS
|
|
def_bool $(cc-option,-mharden-sls=all)
|
|
|
|
config CC_HAS_RETURN_THUNK
|
|
def_bool $(cc-option,-mfunction-return=thunk-extern)
|
|
|
|
config CC_HAS_ENTRY_PADDING
|
|
def_bool $(cc-option,-fpatchable-function-entry=16,16)
|
|
|
|
config FUNCTION_PADDING_CFI
|
|
int
|
|
default 59 if FUNCTION_ALIGNMENT_64B
|
|
default 27 if FUNCTION_ALIGNMENT_32B
|
|
default 11 if FUNCTION_ALIGNMENT_16B
|
|
default 3 if FUNCTION_ALIGNMENT_8B
|
|
default 0
|
|
|
|
# Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG
|
|
# except Kconfig can't do arithmetic :/
|
|
config FUNCTION_PADDING_BYTES
|
|
int
|
|
default FUNCTION_PADDING_CFI if CFI_CLANG
|
|
default FUNCTION_ALIGNMENT
|
|
|
|
config CALL_PADDING
|
|
def_bool n
|
|
depends on CC_HAS_ENTRY_PADDING && OBJTOOL
|
|
select FUNCTION_ALIGNMENT_16B
|
|
|
|
config FINEIBT
|
|
def_bool y
|
|
depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE
|
|
select CALL_PADDING
|
|
|
|
config HAVE_CALL_THUNKS
|
|
def_bool y
|
|
depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL
|
|
|
|
config CALL_THUNKS
|
|
def_bool n
|
|
select CALL_PADDING
|
|
|
|
config PREFIX_SYMBOLS
|
|
def_bool y
|
|
depends on CALL_PADDING && !CFI_CLANG
|
|
|
|
menuconfig CPU_MITIGATIONS
|
|
bool "Mitigations for CPU vulnerabilities"
|
|
default y
|
|
help
|
|
Say Y here to enable options which enable mitigations for hardware
|
|
vulnerabilities (usually related to speculative execution).
|
|
Mitigations can be disabled or restricted to SMT systems at runtime
|
|
via the "mitigations" kernel parameter.
|
|
|
|
If you say N, all mitigations will be disabled. This CANNOT be
|
|
overridden at runtime.
|
|
|
|
Say 'Y', unless you really know what you are doing.
|
|
|
|
if CPU_MITIGATIONS
|
|
|
|
config MITIGATION_PAGE_TABLE_ISOLATION
|
|
bool "Remove the kernel mapping in user mode"
|
|
default y
|
|
depends on (X86_64 || X86_PAE)
|
|
help
|
|
This feature reduces the number of hardware side channels by
|
|
ensuring that the majority of kernel addresses are not mapped
|
|
into userspace.
|
|
|
|
See Documentation/arch/x86/pti.rst for more details.
|
|
|
|
config MITIGATION_RETPOLINE
|
|
bool "Avoid speculative indirect branches in kernel"
|
|
select OBJTOOL if HAVE_OBJTOOL
|
|
default y
|
|
help
|
|
Compile kernel with the retpoline compiler options to guard against
|
|
kernel-to-user data leaks by avoiding speculative indirect
|
|
branches. Requires a compiler with -mindirect-branch=thunk-extern
|
|
support for full protection. The kernel may run slower.
|
|
|
|
config MITIGATION_RETHUNK
|
|
bool "Enable return-thunks"
|
|
depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK
|
|
select OBJTOOL if HAVE_OBJTOOL
|
|
default y if X86_64
|
|
help
|
|
Compile the kernel with the return-thunks compiler option to guard
|
|
against kernel-to-user data leaks by avoiding return speculation.
|
|
Requires a compiler with -mfunction-return=thunk-extern
|
|
support for full protection. The kernel may run slower.
|
|
|
|
config MITIGATION_UNRET_ENTRY
|
|
bool "Enable UNRET on kernel entry"
|
|
depends on CPU_SUP_AMD && MITIGATION_RETHUNK && X86_64
|
|
default y
|
|
help
|
|
Compile the kernel with support for the retbleed=unret mitigation.
|
|
|
|
config MITIGATION_CALL_DEPTH_TRACKING
|
|
bool "Mitigate RSB underflow with call depth tracking"
|
|
depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS
|
|
select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
|
|
select CALL_THUNKS
|
|
default y
|
|
help
|
|
Compile the kernel with call depth tracking to mitigate the Intel
|
|
SKL Return-Speculation-Buffer (RSB) underflow issue. The
|
|
mitigation is off by default and needs to be enabled on the
|
|
kernel command line via the retbleed=stuff option. For
|
|
non-affected systems the overhead of this option is marginal as
|
|
the call depth tracking is using run-time generated call thunks
|
|
in a compiler generated padding area and call patching. This
|
|
increases text size by ~5%. For non affected systems this space
|
|
is unused. On affected SKL systems this results in a significant
|
|
performance gain over the IBRS mitigation.
|
|
|
|
config CALL_THUNKS_DEBUG
|
|
bool "Enable call thunks and call depth tracking debugging"
|
|
depends on MITIGATION_CALL_DEPTH_TRACKING
|
|
select FUNCTION_ALIGNMENT_32B
|
|
default n
|
|
help
|
|
Enable call/ret counters for imbalance detection and build in
|
|
a noisy dmesg about callthunks generation and call patching for
|
|
trouble shooting. The debug prints need to be enabled on the
|
|
kernel command line with 'debug-callthunks'.
|
|
Only enable this when you are debugging call thunks as this
|
|
creates a noticeable runtime overhead. If unsure say N.
|
|
|
|
config MITIGATION_IBPB_ENTRY
|
|
bool "Enable IBPB on kernel entry"
|
|
depends on CPU_SUP_AMD && X86_64
|
|
default y
|
|
help
|
|
Compile the kernel with support for the retbleed=ibpb mitigation.
|
|
|
|
config MITIGATION_IBRS_ENTRY
|
|
bool "Enable IBRS on kernel entry"
|
|
depends on CPU_SUP_INTEL && X86_64
|
|
default y
|
|
help
|
|
Compile the kernel with support for the spectre_v2=ibrs mitigation.
|
|
This mitigates both spectre_v2 and retbleed at great cost to
|
|
performance.
|
|
|
|
config MITIGATION_SRSO
|
|
bool "Mitigate speculative RAS overflow on AMD"
|
|
depends on CPU_SUP_AMD && X86_64 && MITIGATION_RETHUNK
|
|
default y
|
|
help
|
|
Enable the SRSO mitigation needed on AMD Zen1-4 machines.
|
|
|
|
config MITIGATION_SLS
|
|
bool "Mitigate Straight-Line-Speculation"
|
|
depends on CC_HAS_SLS && X86_64
|
|
select OBJTOOL if HAVE_OBJTOOL
|
|
default n
|
|
help
|
|
Compile the kernel with straight-line-speculation options to guard
|
|
against straight line speculation. The kernel image might be slightly
|
|
larger.
|
|
|
|
config MITIGATION_GDS
|
|
bool "Mitigate Gather Data Sampling"
|
|
depends on CPU_SUP_INTEL
|
|
default y
|
|
help
|
|
Enable mitigation for Gather Data Sampling (GDS). GDS is a hardware
|
|
vulnerability which allows unprivileged speculative access to data
|
|
which was previously stored in vector registers. The attacker uses gather
|
|
instructions to infer the stale vector register data.
|
|
|
|
config MITIGATION_RFDS
|
|
bool "RFDS Mitigation"
|
|
depends on CPU_SUP_INTEL
|
|
default y
|
|
help
|
|
Enable mitigation for Register File Data Sampling (RFDS) by default.
|
|
RFDS is a hardware vulnerability which affects Intel Atom CPUs. It
|
|
allows unprivileged speculative access to stale data previously
|
|
stored in floating point, vector and integer registers.
|
|
See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst>
|
|
|
|
config MITIGATION_SPECTRE_BHI
|
|
bool "Mitigate Spectre-BHB (Branch History Injection)"
|
|
depends on CPU_SUP_INTEL
|
|
default y
|
|
help
|
|
Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks
|
|
where the branch history buffer is poisoned to speculatively steer
|
|
indirect branches.
|
|
See <file:Documentation/admin-guide/hw-vuln/spectre.rst>
|
|
|
|
config MITIGATION_MDS
|
|
bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug"
|
|
depends on CPU_SUP_INTEL
|
|
default y
|
|
help
|
|
Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is
|
|
a hardware vulnerability which allows unprivileged speculative access
|
|
to data which is available in various CPU internal buffers.
|
|
See also <file:Documentation/admin-guide/hw-vuln/mds.rst>
|
|
|
|
config MITIGATION_TAA
|
|
bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug"
|
|
depends on CPU_SUP_INTEL
|
|
default y
|
|
help
|
|
Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware
|
|
vulnerability that allows unprivileged speculative access to data
|
|
which is available in various CPU internal buffers by using
|
|
asynchronous aborts within an Intel TSX transactional region.
|
|
See also <file:Documentation/admin-guide/hw-vuln/tsx_async_abort.rst>
|
|
|
|
config MITIGATION_MMIO_STALE_DATA
|
|
bool "Mitigate MMIO Stale Data hardware bug"
|
|
depends on CPU_SUP_INTEL
|
|
default y
|
|
help
|
|
Enable mitigation for MMIO Stale Data hardware bugs. Processor MMIO
|
|
Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO)
|
|
vulnerabilities that can expose data. The vulnerabilities require the
|
|
attacker to have access to MMIO.
|
|
See also
|
|
<file:Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst>
|
|
|
|
config MITIGATION_L1TF
|
|
bool "Mitigate L1 Terminal Fault (L1TF) hardware bug"
|
|
depends on CPU_SUP_INTEL
|
|
default y
|
|
help
|
|
Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a
|
|
hardware vulnerability which allows unprivileged speculative access to data
|
|
available in the Level 1 Data Cache.
|
|
See <file:Documentation/admin-guide/hw-vuln/l1tf.rst
|
|
|
|
config MITIGATION_RETBLEED
|
|
bool "Mitigate RETBleed hardware bug"
|
|
depends on (CPU_SUP_INTEL && MITIGATION_SPECTRE_V2) || MITIGATION_UNRET_ENTRY || MITIGATION_IBPB_ENTRY
|
|
default y
|
|
help
|
|
Enable mitigation for RETBleed (Arbitrary Speculative Code Execution
|
|
with Return Instructions) vulnerability. RETBleed is a speculative
|
|
execution attack which takes advantage of microarchitectural behavior
|
|
in many modern microprocessors, similar to Spectre v2. An
|
|
unprivileged attacker can use these flaws to bypass conventional
|
|
memory security restrictions to gain read access to privileged memory
|
|
that would otherwise be inaccessible.
|
|
|
|
config MITIGATION_SPECTRE_V1
|
|
bool "Mitigate SPECTRE V1 hardware bug"
|
|
default y
|
|
help
|
|
Enable mitigation for Spectre V1 (Bounds Check Bypass). Spectre V1 is a
|
|
class of side channel attacks that takes advantage of speculative
|
|
execution that bypasses conditional branch instructions used for
|
|
memory access bounds check.
|
|
See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
|
|
|
|
config MITIGATION_SPECTRE_V2
|
|
bool "Mitigate SPECTRE V2 hardware bug"
|
|
default y
|
|
help
|
|
Enable mitigation for Spectre V2 (Branch Target Injection). Spectre
|
|
V2 is a class of side channel attacks that takes advantage of
|
|
indirect branch predictors inside the processor. In Spectre variant 2
|
|
attacks, the attacker can steer speculative indirect branches in the
|
|
victim to gadget code by poisoning the branch target buffer of a CPU
|
|
used for predicting indirect branch addresses.
|
|
See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
|
|
|
|
config MITIGATION_SRBDS
|
|
bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug"
|
|
depends on CPU_SUP_INTEL
|
|
default y
|
|
help
|
|
Enable mitigation for Special Register Buffer Data Sampling (SRBDS).
|
|
SRBDS is a hardware vulnerability that allows Microarchitectural Data
|
|
Sampling (MDS) techniques to infer values returned from special
|
|
register accesses. An unprivileged user can extract values returned
|
|
from RDRAND and RDSEED executed on another core or sibling thread
|
|
using MDS techniques.
|
|
See also
|
|
<file:Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst>
|
|
|
|
config MITIGATION_SSB
|
|
bool "Mitigate Speculative Store Bypass (SSB) hardware bug"
|
|
default y
|
|
help
|
|
Enable mitigation for Speculative Store Bypass (SSB). SSB is a
|
|
hardware security vulnerability and its exploitation takes advantage
|
|
of speculative execution in a similar way to the Meltdown and Spectre
|
|
security vulnerabilities.
|
|
|
|
endif
|
|
|
|
config ARCH_HAS_ADD_PAGES
|
|
def_bool y
|
|
depends on ARCH_ENABLE_MEMORY_HOTPLUG
|
|
|
|
menu "Power management and ACPI options"
|
|
|
|
config ARCH_HIBERNATION_HEADER
|
|
def_bool y
|
|
depends on HIBERNATION
|
|
|
|
source "kernel/power/Kconfig"
|
|
|
|
source "drivers/acpi/Kconfig"
|
|
|
|
config X86_APM_BOOT
|
|
def_bool y
|
|
depends on APM
|
|
|
|
menuconfig APM
|
|
tristate "APM (Advanced Power Management) BIOS support"
|
|
depends on X86_32 && PM_SLEEP
|
|
help
|
|
APM is a BIOS specification for saving power using several different
|
|
techniques. This is mostly useful for battery powered laptops with
|
|
APM compliant BIOSes. If you say Y here, the system time will be
|
|
reset after a RESUME operation, the /proc/apm device will provide
|
|
battery status information, and user-space programs will receive
|
|
notification of APM "events" (e.g. battery status change).
|
|
|
|
If you select "Y" here, you can disable actual use of the APM
|
|
BIOS by passing the "apm=off" option to the kernel at boot time.
|
|
|
|
Note that the APM support is almost completely disabled for
|
|
machines with more than one CPU.
|
|
|
|
In order to use APM, you will need supporting software. For location
|
|
and more information, read <file:Documentation/power/apm-acpi.rst>
|
|
and the Battery Powered Linux mini-HOWTO, available from
|
|
<http://www.tldp.org/docs.html#howto>.
|
|
|
|
This driver does not spin down disk drives (see the hdparm(8)
|
|
manpage ("man 8 hdparm") for that), and it doesn't turn off
|
|
VESA-compliant "green" monitors.
|
|
|
|
This driver does not support the TI 4000M TravelMate and the ACER
|
|
486/DX4/75 because they don't have compliant BIOSes. Many "green"
|
|
desktop machines also don't have compliant BIOSes, and this driver
|
|
may cause those machines to panic during the boot phase.
|
|
|
|
Generally, if you don't have a battery in your machine, there isn't
|
|
much point in using this driver and you should say N. If you get
|
|
random kernel OOPSes or reboots that don't seem to be related to
|
|
anything, try disabling/enabling this option (or disabling/enabling
|
|
APM in your BIOS).
|
|
|
|
Some other things you should try when experiencing seemingly random,
|
|
"weird" problems:
|
|
|
|
1) make sure that you have enough swap space and that it is
|
|
enabled.
|
|
2) pass the "idle=poll" option to the kernel
|
|
3) switch on floating point emulation in the kernel and pass
|
|
the "no387" option to the kernel
|
|
4) pass the "floppy=nodma" option to the kernel
|
|
5) pass the "mem=4M" option to the kernel (thereby disabling
|
|
all but the first 4 MB of RAM)
|
|
6) make sure that the CPU is not over clocked.
|
|
7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
|
|
8) disable the cache from your BIOS settings
|
|
9) install a fan for the video card or exchange video RAM
|
|
10) install a better fan for the CPU
|
|
11) exchange RAM chips
|
|
12) exchange the motherboard.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called apm.
|
|
|
|
if APM
|
|
|
|
config APM_IGNORE_USER_SUSPEND
|
|
bool "Ignore USER SUSPEND"
|
|
help
|
|
This option will ignore USER SUSPEND requests. On machines with a
|
|
compliant APM BIOS, you want to say N. However, on the NEC Versa M
|
|
series notebooks, it is necessary to say Y because of a BIOS bug.
|
|
|
|
config APM_DO_ENABLE
|
|
bool "Enable PM at boot time"
|
|
help
|
|
Enable APM features at boot time. From page 36 of the APM BIOS
|
|
specification: "When disabled, the APM BIOS does not automatically
|
|
power manage devices, enter the Standby State, enter the Suspend
|
|
State, or take power saving steps in response to CPU Idle calls."
|
|
This driver will make CPU Idle calls when Linux is idle (unless this
|
|
feature is turned off -- see "Do CPU IDLE calls", below). This
|
|
should always save battery power, but more complicated APM features
|
|
will be dependent on your BIOS implementation. You may need to turn
|
|
this option off if your computer hangs at boot time when using APM
|
|
support, or if it beeps continuously instead of suspending. Turn
|
|
this off if you have a NEC UltraLite Versa 33/C or a Toshiba
|
|
T400CDT. This is off by default since most machines do fine without
|
|
this feature.
|
|
|
|
config APM_CPU_IDLE
|
|
depends on CPU_IDLE
|
|
bool "Make CPU Idle calls when idle"
|
|
help
|
|
Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
|
|
On some machines, this can activate improved power savings, such as
|
|
a slowed CPU clock rate, when the machine is idle. These idle calls
|
|
are made after the idle loop has run for some length of time (e.g.,
|
|
333 mS). On some machines, this will cause a hang at boot time or
|
|
whenever the CPU becomes idle. (On machines with more than one CPU,
|
|
this option does nothing.)
|
|
|
|
config APM_DISPLAY_BLANK
|
|
bool "Enable console blanking using APM"
|
|
help
|
|
Enable console blanking using the APM. Some laptops can use this to
|
|
turn off the LCD backlight when the screen blanker of the Linux
|
|
virtual console blanks the screen. Note that this is only used by
|
|
the virtual console screen blanker, and won't turn off the backlight
|
|
when using the X Window system. This also doesn't have anything to
|
|
do with your VESA-compliant power-saving monitor. Further, this
|
|
option doesn't work for all laptops -- it might not turn off your
|
|
backlight at all, or it might print a lot of errors to the console,
|
|
especially if you are using gpm.
|
|
|
|
config APM_ALLOW_INTS
|
|
bool "Allow interrupts during APM BIOS calls"
|
|
help
|
|
Normally we disable external interrupts while we are making calls to
|
|
the APM BIOS as a measure to lessen the effects of a badly behaving
|
|
BIOS implementation. The BIOS should reenable interrupts if it
|
|
needs to. Unfortunately, some BIOSes do not -- especially those in
|
|
many of the newer IBM Thinkpads. If you experience hangs when you
|
|
suspend, try setting this to Y. Otherwise, say N.
|
|
|
|
endif # APM
|
|
|
|
source "drivers/cpufreq/Kconfig"
|
|
|
|
source "drivers/cpuidle/Kconfig"
|
|
|
|
source "drivers/idle/Kconfig"
|
|
|
|
endmenu
|
|
|
|
menu "Bus options (PCI etc.)"
|
|
|
|
choice
|
|
prompt "PCI access mode"
|
|
depends on X86_32 && PCI
|
|
default PCI_GOANY
|
|
help
|
|
On PCI systems, the BIOS can be used to detect the PCI devices and
|
|
determine their configuration. However, some old PCI motherboards
|
|
have BIOS bugs and may crash if this is done. Also, some embedded
|
|
PCI-based systems don't have any BIOS at all. Linux can also try to
|
|
detect the PCI hardware directly without using the BIOS.
|
|
|
|
With this option, you can specify how Linux should detect the
|
|
PCI devices. If you choose "BIOS", the BIOS will be used,
|
|
if you choose "Direct", the BIOS won't be used, and if you
|
|
choose "MMConfig", then PCI Express MMCONFIG will be used.
|
|
If you choose "Any", the kernel will try MMCONFIG, then the
|
|
direct access method and falls back to the BIOS if that doesn't
|
|
work. If unsure, go with the default, which is "Any".
|
|
|
|
config PCI_GOBIOS
|
|
bool "BIOS"
|
|
|
|
config PCI_GOMMCONFIG
|
|
bool "MMConfig"
|
|
|
|
config PCI_GODIRECT
|
|
bool "Direct"
|
|
|
|
config PCI_GOOLPC
|
|
bool "OLPC XO-1"
|
|
depends on OLPC
|
|
|
|
config PCI_GOANY
|
|
bool "Any"
|
|
|
|
endchoice
|
|
|
|
config PCI_BIOS
|
|
def_bool y
|
|
depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
|
|
|
|
# x86-64 doesn't support PCI BIOS access from long mode so always go direct.
|
|
config PCI_DIRECT
|
|
def_bool y
|
|
depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
|
|
|
|
config PCI_MMCONFIG
|
|
bool "Support mmconfig PCI config space access" if X86_64
|
|
default y
|
|
depends on PCI && (ACPI || JAILHOUSE_GUEST)
|
|
depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
|
|
|
|
config PCI_OLPC
|
|
def_bool y
|
|
depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
|
|
|
|
config PCI_XEN
|
|
def_bool y
|
|
depends on PCI && XEN
|
|
|
|
config MMCONF_FAM10H
|
|
def_bool y
|
|
depends on X86_64 && PCI_MMCONFIG && ACPI
|
|
|
|
config PCI_CNB20LE_QUIRK
|
|
bool "Read CNB20LE Host Bridge Windows" if EXPERT
|
|
depends on PCI
|
|
help
|
|
Read the PCI windows out of the CNB20LE host bridge. This allows
|
|
PCI hotplug to work on systems with the CNB20LE chipset which do
|
|
not have ACPI.
|
|
|
|
There's no public spec for this chipset, and this functionality
|
|
is known to be incomplete.
|
|
|
|
You should say N unless you know you need this.
|
|
|
|
config ISA_BUS
|
|
bool "ISA bus support on modern systems" if EXPERT
|
|
help
|
|
Expose ISA bus device drivers and options available for selection and
|
|
configuration. Enable this option if your target machine has an ISA
|
|
bus. ISA is an older system, displaced by PCI and newer bus
|
|
architectures -- if your target machine is modern, it probably does
|
|
not have an ISA bus.
|
|
|
|
If unsure, say N.
|
|
|
|
# x86_64 have no ISA slots, but can have ISA-style DMA.
|
|
config ISA_DMA_API
|
|
bool "ISA-style DMA support" if (X86_64 && EXPERT)
|
|
default y
|
|
help
|
|
Enables ISA-style DMA support for devices requiring such controllers.
|
|
If unsure, say Y.
|
|
|
|
if X86_32
|
|
|
|
config ISA
|
|
bool "ISA support"
|
|
help
|
|
Find out whether you have ISA slots on your motherboard. ISA is the
|
|
name of a bus system, i.e. the way the CPU talks to the other stuff
|
|
inside your box. Other bus systems are PCI, EISA, MicroChannel
|
|
(MCA) or VESA. ISA is an older system, now being displaced by PCI;
|
|
newer boards don't support it. If you have ISA, say Y, otherwise N.
|
|
|
|
config SCx200
|
|
tristate "NatSemi SCx200 support"
|
|
help
|
|
This provides basic support for National Semiconductor's
|
|
(now AMD's) Geode processors. The driver probes for the
|
|
PCI-IDs of several on-chip devices, so its a good dependency
|
|
for other scx200_* drivers.
|
|
|
|
If compiled as a module, the driver is named scx200.
|
|
|
|
config SCx200HR_TIMER
|
|
tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
|
|
depends on SCx200
|
|
default y
|
|
help
|
|
This driver provides a clocksource built upon the on-chip
|
|
27MHz high-resolution timer. Its also a workaround for
|
|
NSC Geode SC-1100's buggy TSC, which loses time when the
|
|
processor goes idle (as is done by the scheduler). The
|
|
other workaround is idle=poll boot option.
|
|
|
|
config OLPC
|
|
bool "One Laptop Per Child support"
|
|
depends on !X86_PAE
|
|
select GPIOLIB
|
|
select OF
|
|
select OF_PROMTREE
|
|
select IRQ_DOMAIN
|
|
select OLPC_EC
|
|
help
|
|
Add support for detecting the unique features of the OLPC
|
|
XO hardware.
|
|
|
|
config OLPC_XO1_PM
|
|
bool "OLPC XO-1 Power Management"
|
|
depends on OLPC && MFD_CS5535=y && PM_SLEEP
|
|
help
|
|
Add support for poweroff and suspend of the OLPC XO-1 laptop.
|
|
|
|
config OLPC_XO1_RTC
|
|
bool "OLPC XO-1 Real Time Clock"
|
|
depends on OLPC_XO1_PM && RTC_DRV_CMOS
|
|
help
|
|
Add support for the XO-1 real time clock, which can be used as a
|
|
programmable wakeup source.
|
|
|
|
config OLPC_XO1_SCI
|
|
bool "OLPC XO-1 SCI extras"
|
|
depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
|
|
depends on INPUT=y
|
|
select POWER_SUPPLY
|
|
help
|
|
Add support for SCI-based features of the OLPC XO-1 laptop:
|
|
- EC-driven system wakeups
|
|
- Power button
|
|
- Ebook switch
|
|
- Lid switch
|
|
- AC adapter status updates
|
|
- Battery status updates
|
|
|
|
config OLPC_XO15_SCI
|
|
bool "OLPC XO-1.5 SCI extras"
|
|
depends on OLPC && ACPI
|
|
select POWER_SUPPLY
|
|
help
|
|
Add support for SCI-based features of the OLPC XO-1.5 laptop:
|
|
- EC-driven system wakeups
|
|
- AC adapter status updates
|
|
- Battery status updates
|
|
|
|
config ALIX
|
|
bool "PCEngines ALIX System Support (LED setup)"
|
|
select GPIOLIB
|
|
help
|
|
This option enables system support for the PCEngines ALIX.
|
|
At present this just sets up LEDs for GPIO control on
|
|
ALIX2/3/6 boards. However, other system specific setup should
|
|
get added here.
|
|
|
|
Note: You must still enable the drivers for GPIO and LED support
|
|
(GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
|
|
|
|
Note: You have to set alix.force=1 for boards with Award BIOS.
|
|
|
|
config NET5501
|
|
bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
|
|
select GPIOLIB
|
|
help
|
|
This option enables system support for the Soekris Engineering net5501.
|
|
|
|
config GEOS
|
|
bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
|
|
select GPIOLIB
|
|
depends on DMI
|
|
help
|
|
This option enables system support for the Traverse Technologies GEOS.
|
|
|
|
config TS5500
|
|
bool "Technologic Systems TS-5500 platform support"
|
|
depends on MELAN
|
|
select CHECK_SIGNATURE
|
|
select NEW_LEDS
|
|
select LEDS_CLASS
|
|
help
|
|
This option enables system support for the Technologic Systems TS-5500.
|
|
|
|
endif # X86_32
|
|
|
|
config AMD_NB
|
|
def_bool y
|
|
depends on CPU_SUP_AMD && PCI
|
|
|
|
endmenu
|
|
|
|
menu "Binary Emulations"
|
|
|
|
config IA32_EMULATION
|
|
bool "IA32 Emulation"
|
|
depends on X86_64
|
|
select ARCH_WANT_OLD_COMPAT_IPC
|
|
select BINFMT_ELF
|
|
select COMPAT_OLD_SIGACTION
|
|
help
|
|
Include code to run legacy 32-bit programs under a
|
|
64-bit kernel. You should likely turn this on, unless you're
|
|
100% sure that you don't have any 32-bit programs left.
|
|
|
|
config IA32_EMULATION_DEFAULT_DISABLED
|
|
bool "IA32 emulation disabled by default"
|
|
default n
|
|
depends on IA32_EMULATION
|
|
help
|
|
Make IA32 emulation disabled by default. This prevents loading 32-bit
|
|
processes and access to 32-bit syscalls. If unsure, leave it to its
|
|
default value.
|
|
|
|
config X86_X32_ABI
|
|
bool "x32 ABI for 64-bit mode"
|
|
depends on X86_64
|
|
# llvm-objcopy does not convert x86_64 .note.gnu.property or
|
|
# compressed debug sections to x86_x32 properly:
|
|
# https://github.com/ClangBuiltLinux/linux/issues/514
|
|
# https://github.com/ClangBuiltLinux/linux/issues/1141
|
|
depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm)
|
|
help
|
|
Include code to run binaries for the x32 native 32-bit ABI
|
|
for 64-bit processors. An x32 process gets access to the
|
|
full 64-bit register file and wide data path while leaving
|
|
pointers at 32 bits for smaller memory footprint.
|
|
|
|
config COMPAT_32
|
|
def_bool y
|
|
depends on IA32_EMULATION || X86_32
|
|
select HAVE_UID16
|
|
select OLD_SIGSUSPEND3
|
|
|
|
config COMPAT
|
|
def_bool y
|
|
depends on IA32_EMULATION || X86_X32_ABI
|
|
|
|
config COMPAT_FOR_U64_ALIGNMENT
|
|
def_bool y
|
|
depends on COMPAT
|
|
|
|
endmenu
|
|
|
|
config HAVE_ATOMIC_IOMAP
|
|
def_bool y
|
|
depends on X86_32
|
|
|
|
source "arch/x86/kvm/Kconfig"
|
|
|
|
source "arch/x86/Kconfig.assembler"
|