1# SPDX-License-Identifier: GPL-2.0 2# Select 32 or 64 bit 3config 64BIT 4 bool "64-bit kernel" if "$(ARCH)" = "x86" 5 default "$(ARCH)" != "i386" 6 help 7 Say yes to build a 64-bit kernel - formerly known as x86_64 8 Say no to build a 32-bit kernel - formerly known as i386 9 10config X86_32 11 def_bool y 12 depends on !64BIT 13 # Options that are inherently 32-bit kernel only: 14 select ARCH_WANT_IPC_PARSE_VERSION 15 select CLKSRC_I8253 16 select CLONE_BACKWARDS 17 select GENERIC_VDSO_32 18 select HAVE_DEBUG_STACKOVERFLOW 19 select KMAP_LOCAL 20 select MODULES_USE_ELF_REL 21 select OLD_SIGACTION 22 select ARCH_SPLIT_ARG64 23 24config X86_64 25 def_bool y 26 depends on 64BIT 27 # Options that are inherently 64-bit kernel only: 28 select ARCH_HAS_GIGANTIC_PAGE 29 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 30 select ARCH_USE_CMPXCHG_LOCKREF 31 select HAVE_ARCH_SOFT_DIRTY 32 select MODULES_USE_ELF_RELA 33 select NEED_DMA_MAP_STATE 34 select SWIOTLB 35 select ARCH_HAS_ELFCORE_COMPAT 36 select ZONE_DMA32 37 38config FORCE_DYNAMIC_FTRACE 39 def_bool y 40 depends on X86_32 41 depends on FUNCTION_TRACER 42 select DYNAMIC_FTRACE 43 help 44 We keep the static function tracing (!DYNAMIC_FTRACE) around 45 in order to test the non static function tracing in the 46 generic code, as other architectures still use it. But we 47 only need to keep it around for x86_64. No need to keep it 48 for x86_32. For x86_32, force DYNAMIC_FTRACE. 49# 50# Arch settings 51# 52# ( Note that options that are marked 'if X86_64' could in principle be 53# ported to 32-bit as well. ) 54# 55config X86 56 def_bool y 57 # 58 # Note: keep this list sorted alphabetically 59 # 60 select ACPI_LEGACY_TABLES_LOOKUP if ACPI 61 select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI 62 select ARCH_32BIT_OFF_T if X86_32 63 select ARCH_CLOCKSOURCE_INIT 64 select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE 65 select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION 66 select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64 67 select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG 68 select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE) 69 select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE 70 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI 71 select ARCH_HAS_CACHE_LINE_SIZE 72 select ARCH_HAS_CURRENT_STACK_POINTER 73 select ARCH_HAS_DEBUG_VIRTUAL 74 select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE 75 select ARCH_HAS_DEVMEM_IS_ALLOWED 76 select ARCH_HAS_EARLY_DEBUG if KGDB 77 select ARCH_HAS_ELF_RANDOMIZE 78 select ARCH_HAS_FAST_MULTIPLIER 79 select ARCH_HAS_FORTIFY_SOURCE 80 select ARCH_HAS_GCOV_PROFILE_ALL 81 select ARCH_HAS_KCOV if X86_64 82 select ARCH_HAS_MEM_ENCRYPT 83 select ARCH_HAS_MEMBARRIER_SYNC_CORE 84 select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE 85 select ARCH_HAS_PMEM_API if X86_64 86 select ARCH_HAS_PTE_DEVMAP if X86_64 87 select ARCH_HAS_PTE_SPECIAL 88 select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64 89 select ARCH_HAS_COPY_MC if X86_64 90 select ARCH_HAS_SET_MEMORY 91 select ARCH_HAS_SET_DIRECT_MAP 92 select ARCH_HAS_STRICT_KERNEL_RWX 93 select ARCH_HAS_STRICT_MODULE_RWX 94 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE 95 select ARCH_HAS_SYSCALL_WRAPPER 96 select ARCH_HAS_UBSAN_SANITIZE_ALL 97 select ARCH_HAS_VM_GET_PAGE_PROT 98 select ARCH_HAS_DEBUG_WX 99 select ARCH_HAS_ZONE_DMA_SET if EXPERT 100 select ARCH_HAVE_NMI_SAFE_CMPXCHG 101 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI 102 select ARCH_MIGHT_HAVE_PC_PARPORT 103 select ARCH_MIGHT_HAVE_PC_SERIO 104 select ARCH_STACKWALK 105 select ARCH_SUPPORTS_ACPI 106 select ARCH_SUPPORTS_ATOMIC_RMW 107 select ARCH_SUPPORTS_DEBUG_PAGEALLOC 108 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64 109 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64 110 select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096 111 select ARCH_SUPPORTS_LTO_CLANG 112 select ARCH_SUPPORTS_LTO_CLANG_THIN 113 select ARCH_USE_BUILTIN_BSWAP 114 select ARCH_USE_MEMTEST 115 select ARCH_USE_QUEUED_RWLOCKS 116 select ARCH_USE_QUEUED_SPINLOCKS 117 select ARCH_USE_SYM_ANNOTATIONS 118 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH 119 select ARCH_WANT_DEFAULT_BPF_JIT if X86_64 120 select ARCH_WANTS_DYNAMIC_TASK_STRUCT 121 select ARCH_WANTS_NO_INSTR 122 select ARCH_WANT_GENERAL_HUGETLB 123 select ARCH_WANT_HUGE_PMD_SHARE 124 select ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP if X86_64 125 select ARCH_WANT_LD_ORPHAN_WARN 126 select ARCH_WANTS_THP_SWAP if X86_64 127 select ARCH_HAS_PARANOID_L1D_FLUSH 128 select BUILDTIME_TABLE_SORT 129 select CLKEVT_I8253 130 select CLOCKSOURCE_VALIDATE_LAST_CYCLE 131 select CLOCKSOURCE_WATCHDOG 132 select DCACHE_WORD_ACCESS 133 select DYNAMIC_SIGFRAME 134 select EDAC_ATOMIC_SCRUB 135 select EDAC_SUPPORT 136 select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC) 137 select GENERIC_CLOCKEVENTS_MIN_ADJUST 138 select GENERIC_CMOS_UPDATE 139 select GENERIC_CPU_AUTOPROBE 140 select GENERIC_CPU_VULNERABILITIES 141 select GENERIC_EARLY_IOREMAP 142 select GENERIC_ENTRY 143 select GENERIC_IOMAP 144 select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP 145 select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC 146 select GENERIC_IRQ_MIGRATION if SMP 147 select GENERIC_IRQ_PROBE 148 select GENERIC_IRQ_RESERVATION_MODE 149 select GENERIC_IRQ_SHOW 150 select GENERIC_PENDING_IRQ if SMP 151 select GENERIC_PTDUMP 152 select GENERIC_SMP_IDLE_THREAD 153 select GENERIC_TIME_VSYSCALL 154 select GENERIC_GETTIMEOFDAY 155 select GENERIC_VDSO_TIME_NS 156 select GUP_GET_PTE_LOW_HIGH if X86_PAE 157 select HARDIRQS_SW_RESEND 158 select HARDLOCKUP_CHECK_TIMESTAMP if X86_64 159 select HAVE_ACPI_APEI if ACPI 160 select HAVE_ACPI_APEI_NMI if ACPI 161 select HAVE_ALIGNED_STRUCT_PAGE if SLUB 162 select HAVE_ARCH_AUDITSYSCALL 163 select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE 164 select HAVE_ARCH_HUGE_VMALLOC if X86_64 165 select HAVE_ARCH_JUMP_LABEL 166 select HAVE_ARCH_JUMP_LABEL_RELATIVE 167 select HAVE_ARCH_KASAN if X86_64 168 select HAVE_ARCH_KASAN_VMALLOC if X86_64 169 select HAVE_ARCH_KFENCE 170 select HAVE_ARCH_KGDB 171 select HAVE_ARCH_MMAP_RND_BITS if MMU 172 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT 173 select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT 174 select HAVE_ARCH_PREL32_RELOCATIONS 175 select HAVE_ARCH_SECCOMP_FILTER 176 select HAVE_ARCH_THREAD_STRUCT_WHITELIST 177 select HAVE_ARCH_STACKLEAK 178 select HAVE_ARCH_TRACEHOOK 179 select HAVE_ARCH_TRANSPARENT_HUGEPAGE 180 select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64 181 select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD 182 select HAVE_ARCH_USERFAULTFD_MINOR if X86_64 && USERFAULTFD 183 select HAVE_ARCH_VMAP_STACK if X86_64 184 select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET 185 select HAVE_ARCH_WITHIN_STACK_FRAMES 186 select HAVE_ASM_MODVERSIONS 187 select HAVE_CMPXCHG_DOUBLE 188 select HAVE_CMPXCHG_LOCAL 189 select HAVE_CONTEXT_TRACKING if X86_64 190 select HAVE_CONTEXT_TRACKING_OFFSTACK if HAVE_CONTEXT_TRACKING 191 select HAVE_C_RECORDMCOUNT 192 select HAVE_OBJTOOL_MCOUNT if HAVE_OBJTOOL 193 select HAVE_BUILDTIME_MCOUNT_SORT 194 select HAVE_DEBUG_KMEMLEAK 195 select HAVE_DMA_CONTIGUOUS 196 select HAVE_DYNAMIC_FTRACE 197 select HAVE_DYNAMIC_FTRACE_WITH_REGS 198 select HAVE_DYNAMIC_FTRACE_WITH_ARGS if X86_64 199 select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS 200 select HAVE_SAMPLE_FTRACE_DIRECT if X86_64 201 select HAVE_SAMPLE_FTRACE_DIRECT_MULTI if X86_64 202 select HAVE_EBPF_JIT 203 select HAVE_EFFICIENT_UNALIGNED_ACCESS 204 select HAVE_EISA 205 select HAVE_EXIT_THREAD 206 select HAVE_FAST_GUP 207 select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE 208 select HAVE_FTRACE_MCOUNT_RECORD 209 select HAVE_FUNCTION_GRAPH_TRACER if X86_32 || (X86_64 && DYNAMIC_FTRACE) 210 select HAVE_FUNCTION_TRACER 211 select HAVE_GCC_PLUGINS 212 select HAVE_HW_BREAKPOINT 213 select HAVE_IOREMAP_PROT 214 select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 215 select HAVE_IRQ_TIME_ACCOUNTING 216 select HAVE_JUMP_LABEL_HACK if HAVE_OBJTOOL 217 select HAVE_KERNEL_BZIP2 218 select HAVE_KERNEL_GZIP 219 select HAVE_KERNEL_LZ4 220 select HAVE_KERNEL_LZMA 221 select HAVE_KERNEL_LZO 222 select HAVE_KERNEL_XZ 223 select HAVE_KERNEL_ZSTD 224 select HAVE_KPROBES 225 select HAVE_KPROBES_ON_FTRACE 226 select HAVE_FUNCTION_ERROR_INJECTION 227 select HAVE_KRETPROBES 228 select HAVE_RETHOOK 229 select HAVE_KVM 230 select HAVE_LIVEPATCH if X86_64 231 select HAVE_MIXED_BREAKPOINTS_REGS 232 select HAVE_MOD_ARCH_SPECIFIC 233 select HAVE_MOVE_PMD 234 select HAVE_MOVE_PUD 235 select HAVE_NOINSTR_HACK if HAVE_OBJTOOL 236 select HAVE_NMI 237 select HAVE_NOINSTR_VALIDATION if HAVE_OBJTOOL 238 select HAVE_OBJTOOL if X86_64 239 select HAVE_OPTPROBES 240 select HAVE_PCSPKR_PLATFORM 241 select HAVE_PERF_EVENTS 242 select HAVE_PERF_EVENTS_NMI 243 select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI 244 select HAVE_PCI 245 select HAVE_PERF_REGS 246 select HAVE_PERF_USER_STACK_DUMP 247 select MMU_GATHER_RCU_TABLE_FREE if PARAVIRT 248 select MMU_GATHER_MERGE_VMAS 249 select HAVE_POSIX_CPU_TIMERS_TASK_WORK 250 select HAVE_REGS_AND_STACK_ACCESS_API 251 select HAVE_RELIABLE_STACKTRACE if UNWINDER_ORC || STACK_VALIDATION 252 select HAVE_FUNCTION_ARG_ACCESS_API 253 select HAVE_SETUP_PER_CPU_AREA 254 select HAVE_SOFTIRQ_ON_OWN_STACK 255 select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR 256 select HAVE_STACK_VALIDATION if HAVE_OBJTOOL 257 select HAVE_STATIC_CALL 258 select HAVE_STATIC_CALL_INLINE if HAVE_OBJTOOL 259 select HAVE_PREEMPT_DYNAMIC_CALL 260 select HAVE_RSEQ 261 select HAVE_SYSCALL_TRACEPOINTS 262 select HAVE_UACCESS_VALIDATION if HAVE_OBJTOOL 263 select HAVE_UNSTABLE_SCHED_CLOCK 264 select HAVE_USER_RETURN_NOTIFIER 265 select HAVE_GENERIC_VDSO 266 select HOTPLUG_SMT if SMP 267 select IRQ_FORCED_THREADING 268 select NEED_PER_CPU_EMBED_FIRST_CHUNK 269 select NEED_PER_CPU_PAGE_FIRST_CHUNK 270 select NEED_SG_DMA_LENGTH 271 select PCI_DOMAINS if PCI 272 select PCI_LOCKLESS_CONFIG if PCI 273 select PERF_EVENTS 274 select RTC_LIB 275 select RTC_MC146818_LIB 276 select SPARSE_IRQ 277 select SRCU 278 select SYSCTL_EXCEPTION_TRACE 279 select THREAD_INFO_IN_TASK 280 select TRACE_IRQFLAGS_SUPPORT 281 select TRACE_IRQFLAGS_NMI_SUPPORT 282 select USER_STACKTRACE_SUPPORT 283 select VIRT_TO_BUS 284 select HAVE_ARCH_KCSAN if X86_64 285 select X86_FEATURE_NAMES if PROC_FS 286 select PROC_PID_ARCH_STATUS if PROC_FS 287 select HAVE_ARCH_NODE_DEV_GROUP if X86_SGX 288 imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI 289 290config INSTRUCTION_DECODER 291 def_bool y 292 depends on KPROBES || PERF_EVENTS || UPROBES 293 294config OUTPUT_FORMAT 295 string 296 default "elf32-i386" if X86_32 297 default "elf64-x86-64" if X86_64 298 299config LOCKDEP_SUPPORT 300 def_bool y 301 302config STACKTRACE_SUPPORT 303 def_bool y 304 305config MMU 306 def_bool y 307 308config ARCH_MMAP_RND_BITS_MIN 309 default 28 if 64BIT 310 default 8 311 312config ARCH_MMAP_RND_BITS_MAX 313 default 32 if 64BIT 314 default 16 315 316config ARCH_MMAP_RND_COMPAT_BITS_MIN 317 default 8 318 319config ARCH_MMAP_RND_COMPAT_BITS_MAX 320 default 16 321 322config SBUS 323 bool 324 325config GENERIC_ISA_DMA 326 def_bool y 327 depends on ISA_DMA_API 328 329config GENERIC_BUG 330 def_bool y 331 depends on BUG 332 select GENERIC_BUG_RELATIVE_POINTERS if X86_64 333 334config GENERIC_BUG_RELATIVE_POINTERS 335 bool 336 337config ARCH_MAY_HAVE_PC_FDC 338 def_bool y 339 depends on ISA_DMA_API 340 341config GENERIC_CALIBRATE_DELAY 342 def_bool y 343 344config ARCH_HAS_CPU_RELAX 345 def_bool y 346 347config ARCH_HIBERNATION_POSSIBLE 348 def_bool y 349 350config ARCH_NR_GPIO 351 int 352 default 1024 if X86_64 353 default 512 354 355config ARCH_SUSPEND_POSSIBLE 356 def_bool y 357 358config AUDIT_ARCH 359 def_bool y if X86_64 360 361config KASAN_SHADOW_OFFSET 362 hex 363 depends on KASAN 364 default 0xdffffc0000000000 365 366config HAVE_INTEL_TXT 367 def_bool y 368 depends on INTEL_IOMMU && ACPI 369 370config X86_32_SMP 371 def_bool y 372 depends on X86_32 && SMP 373 374config X86_64_SMP 375 def_bool y 376 depends on X86_64 && SMP 377 378config ARCH_SUPPORTS_UPROBES 379 def_bool y 380 381config FIX_EARLYCON_MEM 382 def_bool y 383 384config DYNAMIC_PHYSICAL_MASK 385 bool 386 387config PGTABLE_LEVELS 388 int 389 default 5 if X86_5LEVEL 390 default 4 if X86_64 391 default 3 if X86_PAE 392 default 2 393 394config CC_HAS_SANE_STACKPROTECTOR 395 bool 396 default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC)) if 64BIT 397 default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC)) 398 help 399 We have to make sure stack protector is unconditionally disabled if 400 the compiler produces broken code or if it does not let us control 401 the segment on 32-bit kernels. 402 403menu "Processor type and features" 404 405config SMP 406 bool "Symmetric multi-processing support" 407 help 408 This enables support for systems with more than one CPU. If you have 409 a system with only one CPU, say N. If you have a system with more 410 than one CPU, say Y. 411 412 If you say N here, the kernel will run on uni- and multiprocessor 413 machines, but will use only one CPU of a multiprocessor machine. If 414 you say Y here, the kernel will run on many, but not all, 415 uniprocessor machines. On a uniprocessor machine, the kernel 416 will run faster if you say N here. 417 418 Note that if you say Y here and choose architecture "586" or 419 "Pentium" under "Processor family", the kernel will not work on 486 420 architectures. Similarly, multiprocessor kernels for the "PPro" 421 architecture may not work on all Pentium based boards. 422 423 People using multiprocessor machines who say Y here should also say 424 Y to "Enhanced Real Time Clock Support", below. The "Advanced Power 425 Management" code will be disabled if you say Y here. 426 427 See also <file:Documentation/x86/i386/IO-APIC.rst>, 428 <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at 429 <http://www.tldp.org/docs.html#howto>. 430 431 If you don't know what to do here, say N. 432 433config X86_FEATURE_NAMES 434 bool "Processor feature human-readable names" if EMBEDDED 435 default y 436 help 437 This option compiles in a table of x86 feature bits and corresponding 438 names. This is required to support /proc/cpuinfo and a few kernel 439 messages. You can disable this to save space, at the expense of 440 making those few kernel messages show numeric feature bits instead. 441 442 If in doubt, say Y. 443 444config X86_X2APIC 445 bool "Support x2apic" 446 depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST) 447 help 448 This enables x2apic support on CPUs that have this feature. 449 450 This allows 32-bit apic IDs (so it can support very large systems), 451 and accesses the local apic via MSRs not via mmio. 452 453 If you don't know what to do here, say N. 454 455config X86_MPPARSE 456 bool "Enable MPS table" if ACPI 457 default y 458 depends on X86_LOCAL_APIC 459 help 460 For old smp systems that do not have proper acpi support. Newer systems 461 (esp with 64bit cpus) with acpi support, MADT and DSDT will override it 462 463config GOLDFISH 464 def_bool y 465 depends on X86_GOLDFISH 466 467config X86_CPU_RESCTRL 468 bool "x86 CPU resource control support" 469 depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD) 470 select KERNFS 471 select PROC_CPU_RESCTRL if PROC_FS 472 help 473 Enable x86 CPU resource control support. 474 475 Provide support for the allocation and monitoring of system resources 476 usage by the CPU. 477 478 Intel calls this Intel Resource Director Technology 479 (Intel(R) RDT). More information about RDT can be found in the 480 Intel x86 Architecture Software Developer Manual. 481 482 AMD calls this AMD Platform Quality of Service (AMD QoS). 483 More information about AMD QoS can be found in the AMD64 Technology 484 Platform Quality of Service Extensions manual. 485 486 Say N if unsure. 487 488if X86_32 489config X86_BIGSMP 490 bool "Support for big SMP systems with more than 8 CPUs" 491 depends on SMP 492 help 493 This option is needed for the systems that have more than 8 CPUs. 494 495config X86_EXTENDED_PLATFORM 496 bool "Support for extended (non-PC) x86 platforms" 497 default y 498 help 499 If you disable this option then the kernel will only support 500 standard PC platforms. (which covers the vast majority of 501 systems out there.) 502 503 If you enable this option then you'll be able to select support 504 for the following (non-PC) 32 bit x86 platforms: 505 Goldfish (Android emulator) 506 AMD Elan 507 RDC R-321x SoC 508 SGI 320/540 (Visual Workstation) 509 STA2X11-based (e.g. Northville) 510 Moorestown MID devices 511 512 If you have one of these systems, or if you want to build a 513 generic distribution kernel, say Y here - otherwise say N. 514endif # X86_32 515 516if X86_64 517config X86_EXTENDED_PLATFORM 518 bool "Support for extended (non-PC) x86 platforms" 519 default y 520 help 521 If you disable this option then the kernel will only support 522 standard PC platforms. (which covers the vast majority of 523 systems out there.) 524 525 If you enable this option then you'll be able to select support 526 for the following (non-PC) 64 bit x86 platforms: 527 Numascale NumaChip 528 ScaleMP vSMP 529 SGI Ultraviolet 530 531 If you have one of these systems, or if you want to build a 532 generic distribution kernel, say Y here - otherwise say N. 533endif # X86_64 534# This is an alphabetically sorted list of 64 bit extended platforms 535# Please maintain the alphabetic order if and when there are additions 536config X86_NUMACHIP 537 bool "Numascale NumaChip" 538 depends on X86_64 539 depends on X86_EXTENDED_PLATFORM 540 depends on NUMA 541 depends on SMP 542 depends on X86_X2APIC 543 depends on PCI_MMCONFIG 544 help 545 Adds support for Numascale NumaChip large-SMP systems. Needed to 546 enable more than ~168 cores. 547 If you don't have one of these, you should say N here. 548 549config X86_VSMP 550 bool "ScaleMP vSMP" 551 select HYPERVISOR_GUEST 552 select PARAVIRT 553 depends on X86_64 && PCI 554 depends on X86_EXTENDED_PLATFORM 555 depends on SMP 556 help 557 Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is 558 supposed to run on these EM64T-based machines. Only choose this option 559 if you have one of these machines. 560 561config X86_UV 562 bool "SGI Ultraviolet" 563 depends on X86_64 564 depends on X86_EXTENDED_PLATFORM 565 depends on NUMA 566 depends on EFI 567 depends on KEXEC_CORE 568 depends on X86_X2APIC 569 depends on PCI 570 help 571 This option is needed in order to support SGI Ultraviolet systems. 572 If you don't have one of these, you should say N here. 573 574# Following is an alphabetically sorted list of 32 bit extended platforms 575# Please maintain the alphabetic order if and when there are additions 576 577config X86_GOLDFISH 578 bool "Goldfish (Virtual Platform)" 579 depends on X86_EXTENDED_PLATFORM 580 help 581 Enable support for the Goldfish virtual platform used primarily 582 for Android development. Unless you are building for the Android 583 Goldfish emulator say N here. 584 585config X86_INTEL_CE 586 bool "CE4100 TV platform" 587 depends on PCI 588 depends on PCI_GODIRECT 589 depends on X86_IO_APIC 590 depends on X86_32 591 depends on X86_EXTENDED_PLATFORM 592 select X86_REBOOTFIXUPS 593 select OF 594 select OF_EARLY_FLATTREE 595 help 596 Select for the Intel CE media processor (CE4100) SOC. 597 This option compiles in support for the CE4100 SOC for settop 598 boxes and media devices. 599 600config X86_INTEL_MID 601 bool "Intel MID platform support" 602 depends on X86_EXTENDED_PLATFORM 603 depends on X86_PLATFORM_DEVICES 604 depends on PCI 605 depends on X86_64 || (PCI_GOANY && X86_32) 606 depends on X86_IO_APIC 607 select I2C 608 select DW_APB_TIMER 609 select INTEL_SCU_PCI 610 help 611 Select to build a kernel capable of supporting Intel MID (Mobile 612 Internet Device) platform systems which do not have the PCI legacy 613 interfaces. If you are building for a PC class system say N here. 614 615 Intel MID platforms are based on an Intel processor and chipset which 616 consume less power than most of the x86 derivatives. 617 618config X86_INTEL_QUARK 619 bool "Intel Quark platform support" 620 depends on X86_32 621 depends on X86_EXTENDED_PLATFORM 622 depends on X86_PLATFORM_DEVICES 623 depends on X86_TSC 624 depends on PCI 625 depends on PCI_GOANY 626 depends on X86_IO_APIC 627 select IOSF_MBI 628 select INTEL_IMR 629 select COMMON_CLK 630 help 631 Select to include support for Quark X1000 SoC. 632 Say Y here if you have a Quark based system such as the Arduino 633 compatible Intel Galileo. 634 635config X86_INTEL_LPSS 636 bool "Intel Low Power Subsystem Support" 637 depends on X86 && ACPI && PCI 638 select COMMON_CLK 639 select PINCTRL 640 select IOSF_MBI 641 help 642 Select to build support for Intel Low Power Subsystem such as 643 found on Intel Lynxpoint PCH. Selecting this option enables 644 things like clock tree (common clock framework) and pincontrol 645 which are needed by the LPSS peripheral drivers. 646 647config X86_AMD_PLATFORM_DEVICE 648 bool "AMD ACPI2Platform devices support" 649 depends on ACPI 650 select COMMON_CLK 651 select PINCTRL 652 help 653 Select to interpret AMD specific ACPI device to platform device 654 such as I2C, UART, GPIO found on AMD Carrizo and later chipsets. 655 I2C and UART depend on COMMON_CLK to set clock. GPIO driver is 656 implemented under PINCTRL subsystem. 657 658config IOSF_MBI 659 tristate "Intel SoC IOSF Sideband support for SoC platforms" 660 depends on PCI 661 help 662 This option enables sideband register access support for Intel SoC 663 platforms. On these platforms the IOSF sideband is used in lieu of 664 MSR's for some register accesses, mostly but not limited to thermal 665 and power. Drivers may query the availability of this device to 666 determine if they need the sideband in order to work on these 667 platforms. The sideband is available on the following SoC products. 668 This list is not meant to be exclusive. 669 - BayTrail 670 - Braswell 671 - Quark 672 673 You should say Y if you are running a kernel on one of these SoC's. 674 675config IOSF_MBI_DEBUG 676 bool "Enable IOSF sideband access through debugfs" 677 depends on IOSF_MBI && DEBUG_FS 678 help 679 Select this option to expose the IOSF sideband access registers (MCR, 680 MDR, MCRX) through debugfs to write and read register information from 681 different units on the SoC. This is most useful for obtaining device 682 state information for debug and analysis. As this is a general access 683 mechanism, users of this option would have specific knowledge of the 684 device they want to access. 685 686 If you don't require the option or are in doubt, say N. 687 688config X86_RDC321X 689 bool "RDC R-321x SoC" 690 depends on X86_32 691 depends on X86_EXTENDED_PLATFORM 692 select M486 693 select X86_REBOOTFIXUPS 694 help 695 This option is needed for RDC R-321x system-on-chip, also known 696 as R-8610-(G). 697 If you don't have one of these chips, you should say N here. 698 699config X86_32_NON_STANDARD 700 bool "Support non-standard 32-bit SMP architectures" 701 depends on X86_32 && SMP 702 depends on X86_EXTENDED_PLATFORM 703 help 704 This option compiles in the bigsmp and STA2X11 default 705 subarchitectures. It is intended for a generic binary 706 kernel. If you select them all, kernel will probe it one by 707 one and will fallback to default. 708 709# Alphabetically sorted list of Non standard 32 bit platforms 710 711config X86_SUPPORTS_MEMORY_FAILURE 712 def_bool y 713 # MCE code calls memory_failure(): 714 depends on X86_MCE 715 # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags: 716 # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH: 717 depends on X86_64 || !SPARSEMEM 718 select ARCH_SUPPORTS_MEMORY_FAILURE 719 720config STA2X11 721 bool "STA2X11 Companion Chip Support" 722 depends on X86_32_NON_STANDARD && PCI 723 select SWIOTLB 724 select MFD_STA2X11 725 select GPIOLIB 726 help 727 This adds support for boards based on the STA2X11 IO-Hub, 728 a.k.a. "ConneXt". The chip is used in place of the standard 729 PC chipset, so all "standard" peripherals are missing. If this 730 option is selected the kernel will still be able to boot on 731 standard PC machines. 732 733config X86_32_IRIS 734 tristate "Eurobraille/Iris poweroff module" 735 depends on X86_32 736 help 737 The Iris machines from EuroBraille do not have APM or ACPI support 738 to shut themselves down properly. A special I/O sequence is 739 needed to do so, which is what this module does at 740 kernel shutdown. 741 742 This is only for Iris machines from EuroBraille. 743 744 If unused, say N. 745 746config SCHED_OMIT_FRAME_POINTER 747 def_bool y 748 prompt "Single-depth WCHAN output" 749 depends on X86 750 help 751 Calculate simpler /proc/<PID>/wchan values. If this option 752 is disabled then wchan values will recurse back to the 753 caller function. This provides more accurate wchan values, 754 at the expense of slightly more scheduling overhead. 755 756 If in doubt, say "Y". 757 758menuconfig HYPERVISOR_GUEST 759 bool "Linux guest support" 760 help 761 Say Y here to enable options for running Linux under various hyper- 762 visors. This option enables basic hypervisor detection and platform 763 setup. 764 765 If you say N, all options in this submenu will be skipped and 766 disabled, and Linux guest support won't be built in. 767 768if HYPERVISOR_GUEST 769 770config PARAVIRT 771 bool "Enable paravirtualization code" 772 depends on HAVE_STATIC_CALL 773 help 774 This changes the kernel so it can modify itself when it is run 775 under a hypervisor, potentially improving performance significantly 776 over full virtualization. However, when run without a hypervisor 777 the kernel is theoretically slower and slightly larger. 778 779config PARAVIRT_XXL 780 bool 781 782config PARAVIRT_DEBUG 783 bool "paravirt-ops debugging" 784 depends on PARAVIRT && DEBUG_KERNEL 785 help 786 Enable to debug paravirt_ops internals. Specifically, BUG if 787 a paravirt_op is missing when it is called. 788 789config PARAVIRT_SPINLOCKS 790 bool "Paravirtualization layer for spinlocks" 791 depends on PARAVIRT && SMP 792 help 793 Paravirtualized spinlocks allow a pvops backend to replace the 794 spinlock implementation with something virtualization-friendly 795 (for example, block the virtual CPU rather than spinning). 796 797 It has a minimal impact on native kernels and gives a nice performance 798 benefit on paravirtualized KVM / Xen kernels. 799 800 If you are unsure how to answer this question, answer Y. 801 802config X86_HV_CALLBACK_VECTOR 803 def_bool n 804 805source "arch/x86/xen/Kconfig" 806 807config KVM_GUEST 808 bool "KVM Guest support (including kvmclock)" 809 depends on PARAVIRT 810 select PARAVIRT_CLOCK 811 select ARCH_CPUIDLE_HALTPOLL 812 select X86_HV_CALLBACK_VECTOR 813 default y 814 help 815 This option enables various optimizations for running under the KVM 816 hypervisor. It includes a paravirtualized clock, so that instead 817 of relying on a PIT (or probably other) emulation by the 818 underlying device model, the host provides the guest with 819 timing infrastructure such as time of day, and system time 820 821config ARCH_CPUIDLE_HALTPOLL 822 def_bool n 823 prompt "Disable host haltpoll when loading haltpoll driver" 824 help 825 If virtualized under KVM, disable host haltpoll. 826 827config PVH 828 bool "Support for running PVH guests" 829 help 830 This option enables the PVH entry point for guest virtual machines 831 as specified in the x86/HVM direct boot ABI. 832 833config PARAVIRT_TIME_ACCOUNTING 834 bool "Paravirtual steal time accounting" 835 depends on PARAVIRT 836 help 837 Select this option to enable fine granularity task steal time 838 accounting. Time spent executing other tasks in parallel with 839 the current vCPU is discounted from the vCPU power. To account for 840 that, there can be a small performance impact. 841 842 If in doubt, say N here. 843 844config PARAVIRT_CLOCK 845 bool 846 847config JAILHOUSE_GUEST 848 bool "Jailhouse non-root cell support" 849 depends on X86_64 && PCI 850 select X86_PM_TIMER 851 help 852 This option allows to run Linux as guest in a Jailhouse non-root 853 cell. You can leave this option disabled if you only want to start 854 Jailhouse and run Linux afterwards in the root cell. 855 856config ACRN_GUEST 857 bool "ACRN Guest support" 858 depends on X86_64 859 select X86_HV_CALLBACK_VECTOR 860 help 861 This option allows to run Linux as guest in the ACRN hypervisor. ACRN is 862 a flexible, lightweight reference open-source hypervisor, built with 863 real-time and safety-criticality in mind. It is built for embedded 864 IOT with small footprint and real-time features. More details can be 865 found in https://projectacrn.org/. 866 867config INTEL_TDX_GUEST 868 bool "Intel TDX (Trust Domain Extensions) - Guest Support" 869 depends on X86_64 && CPU_SUP_INTEL 870 depends on X86_X2APIC 871 select ARCH_HAS_CC_PLATFORM 872 select X86_MEM_ENCRYPT 873 select X86_MCE 874 help 875 Support running as a guest under Intel TDX. Without this support, 876 the guest kernel can not boot or run under TDX. 877 TDX includes memory encryption and integrity capabilities 878 which protect the confidentiality and integrity of guest 879 memory contents and CPU state. TDX guests are protected from 880 some attacks from the VMM. 881 882endif # HYPERVISOR_GUEST 883 884source "arch/x86/Kconfig.cpu" 885 886config HPET_TIMER 887 def_bool X86_64 888 prompt "HPET Timer Support" if X86_32 889 help 890 Use the IA-PC HPET (High Precision Event Timer) to manage 891 time in preference to the PIT and RTC, if a HPET is 892 present. 893 HPET is the next generation timer replacing legacy 8254s. 894 The HPET provides a stable time base on SMP 895 systems, unlike the TSC, but it is more expensive to access, 896 as it is off-chip. The interface used is documented 897 in the HPET spec, revision 1. 898 899 You can safely choose Y here. However, HPET will only be 900 activated if the platform and the BIOS support this feature. 901 Otherwise the 8254 will be used for timing services. 902 903 Choose N to continue using the legacy 8254 timer. 904 905config HPET_EMULATE_RTC 906 def_bool y 907 depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y) 908 909# Mark as expert because too many people got it wrong. 910# The code disables itself when not needed. 911config DMI 912 default y 913 select DMI_SCAN_MACHINE_NON_EFI_FALLBACK 914 bool "Enable DMI scanning" if EXPERT 915 help 916 Enabled scanning of DMI to identify machine quirks. Say Y 917 here unless you have verified that your setup is not 918 affected by entries in the DMI blacklist. Required by PNP 919 BIOS code. 920 921config GART_IOMMU 922 bool "Old AMD GART IOMMU support" 923 select DMA_OPS 924 select IOMMU_HELPER 925 select SWIOTLB 926 depends on X86_64 && PCI && AMD_NB 927 help 928 Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron 929 GART based hardware IOMMUs. 930 931 The GART supports full DMA access for devices with 32-bit access 932 limitations, on systems with more than 3 GB. This is usually needed 933 for USB, sound, many IDE/SATA chipsets and some other devices. 934 935 Newer systems typically have a modern AMD IOMMU, supported via 936 the CONFIG_AMD_IOMMU=y config option. 937 938 In normal configurations this driver is only active when needed: 939 there's more than 3 GB of memory and the system contains a 940 32-bit limited device. 941 942 If unsure, say Y. 943 944config BOOT_VESA_SUPPORT 945 bool 946 help 947 If true, at least one selected framebuffer driver can take advantage 948 of VESA video modes set at an early boot stage via the vga= parameter. 949 950config MAXSMP 951 bool "Enable Maximum number of SMP Processors and NUMA Nodes" 952 depends on X86_64 && SMP && DEBUG_KERNEL 953 select CPUMASK_OFFSTACK 954 help 955 Enable maximum number of CPUS and NUMA Nodes for this architecture. 956 If unsure, say N. 957 958# 959# The maximum number of CPUs supported: 960# 961# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT, 962# and which can be configured interactively in the 963# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range. 964# 965# The ranges are different on 32-bit and 64-bit kernels, depending on 966# hardware capabilities and scalability features of the kernel. 967# 968# ( If MAXSMP is enabled we just use the highest possible value and disable 969# interactive configuration. ) 970# 971 972config NR_CPUS_RANGE_BEGIN 973 int 974 default NR_CPUS_RANGE_END if MAXSMP 975 default 1 if !SMP 976 default 2 977 978config NR_CPUS_RANGE_END 979 int 980 depends on X86_32 981 default 64 if SMP && X86_BIGSMP 982 default 8 if SMP && !X86_BIGSMP 983 default 1 if !SMP 984 985config NR_CPUS_RANGE_END 986 int 987 depends on X86_64 988 default 8192 if SMP && CPUMASK_OFFSTACK 989 default 512 if SMP && !CPUMASK_OFFSTACK 990 default 1 if !SMP 991 992config NR_CPUS_DEFAULT 993 int 994 depends on X86_32 995 default 32 if X86_BIGSMP 996 default 8 if SMP 997 default 1 if !SMP 998 999config NR_CPUS_DEFAULT 1000 int 1001 depends on X86_64 1002 default 8192 if MAXSMP 1003 default 64 if SMP 1004 default 1 if !SMP 1005 1006config NR_CPUS 1007 int "Maximum number of CPUs" if SMP && !MAXSMP 1008 range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END 1009 default NR_CPUS_DEFAULT 1010 help 1011 This allows you to specify the maximum number of CPUs which this 1012 kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum 1013 supported value is 8192, otherwise the maximum value is 512. The 1014 minimum value which makes sense is 2. 1015 1016 This is purely to save memory: each supported CPU adds about 8KB 1017 to the kernel image. 1018 1019config SCHED_CLUSTER 1020 bool "Cluster scheduler support" 1021 depends on SMP 1022 default y 1023 help 1024 Cluster scheduler support improves the CPU scheduler's decision 1025 making when dealing with machines that have clusters of CPUs. 1026 Cluster usually means a couple of CPUs which are placed closely 1027 by sharing mid-level caches, last-level cache tags or internal 1028 busses. 1029 1030config SCHED_SMT 1031 def_bool y if SMP 1032 1033config SCHED_MC 1034 def_bool y 1035 prompt "Multi-core scheduler support" 1036 depends on SMP 1037 help 1038 Multi-core scheduler support improves the CPU scheduler's decision 1039 making when dealing with multi-core CPU chips at a cost of slightly 1040 increased overhead in some places. If unsure say N here. 1041 1042config SCHED_MC_PRIO 1043 bool "CPU core priorities scheduler support" 1044 depends on SCHED_MC && CPU_SUP_INTEL 1045 select X86_INTEL_PSTATE 1046 select CPU_FREQ 1047 default y 1048 help 1049 Intel Turbo Boost Max Technology 3.0 enabled CPUs have a 1050 core ordering determined at manufacturing time, which allows 1051 certain cores to reach higher turbo frequencies (when running 1052 single threaded workloads) than others. 1053 1054 Enabling this kernel feature teaches the scheduler about 1055 the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the 1056 scheduler's CPU selection logic accordingly, so that higher 1057 overall system performance can be achieved. 1058 1059 This feature will have no effect on CPUs without this feature. 1060 1061 If unsure say Y here. 1062 1063config UP_LATE_INIT 1064 def_bool y 1065 depends on !SMP && X86_LOCAL_APIC 1066 1067config X86_UP_APIC 1068 bool "Local APIC support on uniprocessors" if !PCI_MSI 1069 default PCI_MSI 1070 depends on X86_32 && !SMP && !X86_32_NON_STANDARD 1071 help 1072 A local APIC (Advanced Programmable Interrupt Controller) is an 1073 integrated interrupt controller in the CPU. If you have a single-CPU 1074 system which has a processor with a local APIC, you can say Y here to 1075 enable and use it. If you say Y here even though your machine doesn't 1076 have a local APIC, then the kernel will still run with no slowdown at 1077 all. The local APIC supports CPU-generated self-interrupts (timer, 1078 performance counters), and the NMI watchdog which detects hard 1079 lockups. 1080 1081config X86_UP_IOAPIC 1082 bool "IO-APIC support on uniprocessors" 1083 depends on X86_UP_APIC 1084 help 1085 An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an 1086 SMP-capable replacement for PC-style interrupt controllers. Most 1087 SMP systems and many recent uniprocessor systems have one. 1088 1089 If you have a single-CPU system with an IO-APIC, you can say Y here 1090 to use it. If you say Y here even though your machine doesn't have 1091 an IO-APIC, then the kernel will still run with no slowdown at all. 1092 1093config X86_LOCAL_APIC 1094 def_bool y 1095 depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI 1096 select IRQ_DOMAIN_HIERARCHY 1097 select PCI_MSI_IRQ_DOMAIN if PCI_MSI 1098 1099config X86_IO_APIC 1100 def_bool y 1101 depends on X86_LOCAL_APIC || X86_UP_IOAPIC 1102 1103config X86_REROUTE_FOR_BROKEN_BOOT_IRQS 1104 bool "Reroute for broken boot IRQs" 1105 depends on X86_IO_APIC 1106 help 1107 This option enables a workaround that fixes a source of 1108 spurious interrupts. This is recommended when threaded 1109 interrupt handling is used on systems where the generation of 1110 superfluous "boot interrupts" cannot be disabled. 1111 1112 Some chipsets generate a legacy INTx "boot IRQ" when the IRQ 1113 entry in the chipset's IO-APIC is masked (as, e.g. the RT 1114 kernel does during interrupt handling). On chipsets where this 1115 boot IRQ generation cannot be disabled, this workaround keeps 1116 the original IRQ line masked so that only the equivalent "boot 1117 IRQ" is delivered to the CPUs. The workaround also tells the 1118 kernel to set up the IRQ handler on the boot IRQ line. In this 1119 way only one interrupt is delivered to the kernel. Otherwise 1120 the spurious second interrupt may cause the kernel to bring 1121 down (vital) interrupt lines. 1122 1123 Only affects "broken" chipsets. Interrupt sharing may be 1124 increased on these systems. 1125 1126config X86_MCE 1127 bool "Machine Check / overheating reporting" 1128 select GENERIC_ALLOCATOR 1129 default y 1130 help 1131 Machine Check support allows the processor to notify the 1132 kernel if it detects a problem (e.g. overheating, data corruption). 1133 The action the kernel takes depends on the severity of the problem, 1134 ranging from warning messages to halting the machine. 1135 1136config X86_MCELOG_LEGACY 1137 bool "Support for deprecated /dev/mcelog character device" 1138 depends on X86_MCE 1139 help 1140 Enable support for /dev/mcelog which is needed by the old mcelog 1141 userspace logging daemon. Consider switching to the new generation 1142 rasdaemon solution. 1143 1144config X86_MCE_INTEL 1145 def_bool y 1146 prompt "Intel MCE features" 1147 depends on X86_MCE && X86_LOCAL_APIC 1148 help 1149 Additional support for intel specific MCE features such as 1150 the thermal monitor. 1151 1152config X86_MCE_AMD 1153 def_bool y 1154 prompt "AMD MCE features" 1155 depends on X86_MCE && X86_LOCAL_APIC && AMD_NB 1156 help 1157 Additional support for AMD specific MCE features such as 1158 the DRAM Error Threshold. 1159 1160config X86_ANCIENT_MCE 1161 bool "Support for old Pentium 5 / WinChip machine checks" 1162 depends on X86_32 && X86_MCE 1163 help 1164 Include support for machine check handling on old Pentium 5 or WinChip 1165 systems. These typically need to be enabled explicitly on the command 1166 line. 1167 1168config X86_MCE_THRESHOLD 1169 depends on X86_MCE_AMD || X86_MCE_INTEL 1170 def_bool y 1171 1172config X86_MCE_INJECT 1173 depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS 1174 tristate "Machine check injector support" 1175 help 1176 Provide support for injecting machine checks for testing purposes. 1177 If you don't know what a machine check is and you don't do kernel 1178 QA it is safe to say n. 1179 1180source "arch/x86/events/Kconfig" 1181 1182config X86_LEGACY_VM86 1183 bool "Legacy VM86 support" 1184 depends on X86_32 1185 help 1186 This option allows user programs to put the CPU into V8086 1187 mode, which is an 80286-era approximation of 16-bit real mode. 1188 1189 Some very old versions of X and/or vbetool require this option 1190 for user mode setting. Similarly, DOSEMU will use it if 1191 available to accelerate real mode DOS programs. However, any 1192 recent version of DOSEMU, X, or vbetool should be fully 1193 functional even without kernel VM86 support, as they will all 1194 fall back to software emulation. Nevertheless, if you are using 1195 a 16-bit DOS program where 16-bit performance matters, vm86 1196 mode might be faster than emulation and you might want to 1197 enable this option. 1198 1199 Note that any app that works on a 64-bit kernel is unlikely to 1200 need this option, as 64-bit kernels don't, and can't, support 1201 V8086 mode. This option is also unrelated to 16-bit protected 1202 mode and is not needed to run most 16-bit programs under Wine. 1203 1204 Enabling this option increases the complexity of the kernel 1205 and slows down exception handling a tiny bit. 1206 1207 If unsure, say N here. 1208 1209config VM86 1210 bool 1211 default X86_LEGACY_VM86 1212 1213config X86_16BIT 1214 bool "Enable support for 16-bit segments" if EXPERT 1215 default y 1216 depends on MODIFY_LDT_SYSCALL 1217 help 1218 This option is required by programs like Wine to run 16-bit 1219 protected mode legacy code on x86 processors. Disabling 1220 this option saves about 300 bytes on i386, or around 6K text 1221 plus 16K runtime memory on x86-64, 1222 1223config X86_ESPFIX32 1224 def_bool y 1225 depends on X86_16BIT && X86_32 1226 1227config X86_ESPFIX64 1228 def_bool y 1229 depends on X86_16BIT && X86_64 1230 1231config X86_VSYSCALL_EMULATION 1232 bool "Enable vsyscall emulation" if EXPERT 1233 default y 1234 depends on X86_64 1235 help 1236 This enables emulation of the legacy vsyscall page. Disabling 1237 it is roughly equivalent to booting with vsyscall=none, except 1238 that it will also disable the helpful warning if a program 1239 tries to use a vsyscall. With this option set to N, offending 1240 programs will just segfault, citing addresses of the form 1241 0xffffffffff600?00. 1242 1243 This option is required by many programs built before 2013, and 1244 care should be used even with newer programs if set to N. 1245 1246 Disabling this option saves about 7K of kernel size and 1247 possibly 4K of additional runtime pagetable memory. 1248 1249config X86_IOPL_IOPERM 1250 bool "IOPERM and IOPL Emulation" 1251 default y 1252 help 1253 This enables the ioperm() and iopl() syscalls which are necessary 1254 for legacy applications. 1255 1256 Legacy IOPL support is an overbroad mechanism which allows user 1257 space aside of accessing all 65536 I/O ports also to disable 1258 interrupts. To gain this access the caller needs CAP_SYS_RAWIO 1259 capabilities and permission from potentially active security 1260 modules. 1261 1262 The emulation restricts the functionality of the syscall to 1263 only allowing the full range I/O port access, but prevents the 1264 ability to disable interrupts from user space which would be 1265 granted if the hardware IOPL mechanism would be used. 1266 1267config TOSHIBA 1268 tristate "Toshiba Laptop support" 1269 depends on X86_32 1270 help 1271 This adds a driver to safely access the System Management Mode of 1272 the CPU on Toshiba portables with a genuine Toshiba BIOS. It does 1273 not work on models with a Phoenix BIOS. The System Management Mode 1274 is used to set the BIOS and power saving options on Toshiba portables. 1275 1276 For information on utilities to make use of this driver see the 1277 Toshiba Linux utilities web site at: 1278 <http://www.buzzard.org.uk/toshiba/>. 1279 1280 Say Y if you intend to run this kernel on a Toshiba portable. 1281 Say N otherwise. 1282 1283config X86_REBOOTFIXUPS 1284 bool "Enable X86 board specific fixups for reboot" 1285 depends on X86_32 1286 help 1287 This enables chipset and/or board specific fixups to be done 1288 in order to get reboot to work correctly. This is only needed on 1289 some combinations of hardware and BIOS. The symptom, for which 1290 this config is intended, is when reboot ends with a stalled/hung 1291 system. 1292 1293 Currently, the only fixup is for the Geode machines using 1294 CS5530A and CS5536 chipsets and the RDC R-321x SoC. 1295 1296 Say Y if you want to enable the fixup. Currently, it's safe to 1297 enable this option even if you don't need it. 1298 Say N otherwise. 1299 1300config MICROCODE 1301 bool "CPU microcode loading support" 1302 default y 1303 depends on CPU_SUP_AMD || CPU_SUP_INTEL 1304 help 1305 If you say Y here, you will be able to update the microcode on 1306 Intel and AMD processors. The Intel support is for the IA32 family, 1307 e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, Xeon etc. The 1308 AMD support is for families 0x10 and later. You will obviously need 1309 the actual microcode binary data itself which is not shipped with 1310 the Linux kernel. 1311 1312 The preferred method to load microcode from a detached initrd is described 1313 in Documentation/x86/microcode.rst. For that you need to enable 1314 CONFIG_BLK_DEV_INITRD in order for the loader to be able to scan the 1315 initrd for microcode blobs. 1316 1317 In addition, you can build the microcode into the kernel. For that you 1318 need to add the vendor-supplied microcode to the CONFIG_EXTRA_FIRMWARE 1319 config option. 1320 1321config MICROCODE_INTEL 1322 bool "Intel microcode loading support" 1323 depends on CPU_SUP_INTEL && MICROCODE 1324 default MICROCODE 1325 help 1326 This options enables microcode patch loading support for Intel 1327 processors. 1328 1329 For the current Intel microcode data package go to 1330 <https://downloadcenter.intel.com> and search for 1331 'Linux Processor Microcode Data File'. 1332 1333config MICROCODE_AMD 1334 bool "AMD microcode loading support" 1335 depends on CPU_SUP_AMD && MICROCODE 1336 help 1337 If you select this option, microcode patch loading support for AMD 1338 processors will be enabled. 1339 1340config MICROCODE_LATE_LOADING 1341 bool "Late microcode loading (DANGEROUS)" 1342 default n 1343 depends on MICROCODE 1344 help 1345 Loading microcode late, when the system is up and executing instructions 1346 is a tricky business and should be avoided if possible. Just the sequence 1347 of synchronizing all cores and SMT threads is one fragile dance which does 1348 not guarantee that cores might not softlock after the loading. Therefore, 1349 use this at your own risk. Late loading taints the kernel too. 1350 1351config X86_MSR 1352 tristate "/dev/cpu/*/msr - Model-specific register support" 1353 help 1354 This device gives privileged processes access to the x86 1355 Model-Specific Registers (MSRs). It is a character device with 1356 major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr. 1357 MSR accesses are directed to a specific CPU on multi-processor 1358 systems. 1359 1360config X86_CPUID 1361 tristate "/dev/cpu/*/cpuid - CPU information support" 1362 help 1363 This device gives processes access to the x86 CPUID instruction to 1364 be executed on a specific processor. It is a character device 1365 with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to 1366 /dev/cpu/31/cpuid. 1367 1368choice 1369 prompt "High Memory Support" 1370 default HIGHMEM4G 1371 depends on X86_32 1372 1373config NOHIGHMEM 1374 bool "off" 1375 help 1376 Linux can use up to 64 Gigabytes of physical memory on x86 systems. 1377 However, the address space of 32-bit x86 processors is only 4 1378 Gigabytes large. That means that, if you have a large amount of 1379 physical memory, not all of it can be "permanently mapped" by the 1380 kernel. The physical memory that's not permanently mapped is called 1381 "high memory". 1382 1383 If you are compiling a kernel which will never run on a machine with 1384 more than 1 Gigabyte total physical RAM, answer "off" here (default 1385 choice and suitable for most users). This will result in a "3GB/1GB" 1386 split: 3GB are mapped so that each process sees a 3GB virtual memory 1387 space and the remaining part of the 4GB virtual memory space is used 1388 by the kernel to permanently map as much physical memory as 1389 possible. 1390 1391 If the machine has between 1 and 4 Gigabytes physical RAM, then 1392 answer "4GB" here. 1393 1394 If more than 4 Gigabytes is used then answer "64GB" here. This 1395 selection turns Intel PAE (Physical Address Extension) mode on. 1396 PAE implements 3-level paging on IA32 processors. PAE is fully 1397 supported by Linux, PAE mode is implemented on all recent Intel 1398 processors (Pentium Pro and better). NOTE: If you say "64GB" here, 1399 then the kernel will not boot on CPUs that don't support PAE! 1400 1401 The actual amount of total physical memory will either be 1402 auto detected or can be forced by using a kernel command line option 1403 such as "mem=256M". (Try "man bootparam" or see the documentation of 1404 your boot loader (lilo or loadlin) about how to pass options to the 1405 kernel at boot time.) 1406 1407 If unsure, say "off". 1408 1409config HIGHMEM4G 1410 bool "4GB" 1411 help 1412 Select this if you have a 32-bit processor and between 1 and 4 1413 gigabytes of physical RAM. 1414 1415config HIGHMEM64G 1416 bool "64GB" 1417 depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6 1418 select X86_PAE 1419 help 1420 Select this if you have a 32-bit processor and more than 4 1421 gigabytes of physical RAM. 1422 1423endchoice 1424 1425choice 1426 prompt "Memory split" if EXPERT 1427 default VMSPLIT_3G 1428 depends on X86_32 1429 help 1430 Select the desired split between kernel and user memory. 1431 1432 If the address range available to the kernel is less than the 1433 physical memory installed, the remaining memory will be available 1434 as "high memory". Accessing high memory is a little more costly 1435 than low memory, as it needs to be mapped into the kernel first. 1436 Note that increasing the kernel address space limits the range 1437 available to user programs, making the address space there 1438 tighter. Selecting anything other than the default 3G/1G split 1439 will also likely make your kernel incompatible with binary-only 1440 kernel modules. 1441 1442 If you are not absolutely sure what you are doing, leave this 1443 option alone! 1444 1445 config VMSPLIT_3G 1446 bool "3G/1G user/kernel split" 1447 config VMSPLIT_3G_OPT 1448 depends on !X86_PAE 1449 bool "3G/1G user/kernel split (for full 1G low memory)" 1450 config VMSPLIT_2G 1451 bool "2G/2G user/kernel split" 1452 config VMSPLIT_2G_OPT 1453 depends on !X86_PAE 1454 bool "2G/2G user/kernel split (for full 2G low memory)" 1455 config VMSPLIT_1G 1456 bool "1G/3G user/kernel split" 1457endchoice 1458 1459config PAGE_OFFSET 1460 hex 1461 default 0xB0000000 if VMSPLIT_3G_OPT 1462 default 0x80000000 if VMSPLIT_2G 1463 default 0x78000000 if VMSPLIT_2G_OPT 1464 default 0x40000000 if VMSPLIT_1G 1465 default 0xC0000000 1466 depends on X86_32 1467 1468config HIGHMEM 1469 def_bool y 1470 depends on X86_32 && (HIGHMEM64G || HIGHMEM4G) 1471 1472config X86_PAE 1473 bool "PAE (Physical Address Extension) Support" 1474 depends on X86_32 && !HIGHMEM4G 1475 select PHYS_ADDR_T_64BIT 1476 select SWIOTLB 1477 help 1478 PAE is required for NX support, and furthermore enables 1479 larger swapspace support for non-overcommit purposes. It 1480 has the cost of more pagetable lookup overhead, and also 1481 consumes more pagetable space per process. 1482 1483config X86_5LEVEL 1484 bool "Enable 5-level page tables support" 1485 default y 1486 select DYNAMIC_MEMORY_LAYOUT 1487 select SPARSEMEM_VMEMMAP 1488 depends on X86_64 1489 help 1490 5-level paging enables access to larger address space: 1491 upto 128 PiB of virtual address space and 4 PiB of 1492 physical address space. 1493 1494 It will be supported by future Intel CPUs. 1495 1496 A kernel with the option enabled can be booted on machines that 1497 support 4- or 5-level paging. 1498 1499 See Documentation/x86/x86_64/5level-paging.rst for more 1500 information. 1501 1502 Say N if unsure. 1503 1504config X86_DIRECT_GBPAGES 1505 def_bool y 1506 depends on X86_64 1507 help 1508 Certain kernel features effectively disable kernel 1509 linear 1 GB mappings (even if the CPU otherwise 1510 supports them), so don't confuse the user by printing 1511 that we have them enabled. 1512 1513config X86_CPA_STATISTICS 1514 bool "Enable statistic for Change Page Attribute" 1515 depends on DEBUG_FS 1516 help 1517 Expose statistics about the Change Page Attribute mechanism, which 1518 helps to determine the effectiveness of preserving large and huge 1519 page mappings when mapping protections are changed. 1520 1521config X86_MEM_ENCRYPT 1522 select ARCH_HAS_FORCE_DMA_UNENCRYPTED 1523 select DYNAMIC_PHYSICAL_MASK 1524 def_bool n 1525 1526config AMD_MEM_ENCRYPT 1527 bool "AMD Secure Memory Encryption (SME) support" 1528 depends on X86_64 && CPU_SUP_AMD 1529 select DMA_COHERENT_POOL 1530 select ARCH_USE_MEMREMAP_PROT 1531 select INSTRUCTION_DECODER 1532 select ARCH_HAS_CC_PLATFORM 1533 select X86_MEM_ENCRYPT 1534 help 1535 Say yes to enable support for the encryption of system memory. 1536 This requires an AMD processor that supports Secure Memory 1537 Encryption (SME). 1538 1539config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT 1540 bool "Activate AMD Secure Memory Encryption (SME) by default" 1541 depends on AMD_MEM_ENCRYPT 1542 help 1543 Say yes to have system memory encrypted by default if running on 1544 an AMD processor that supports Secure Memory Encryption (SME). 1545 1546 If set to Y, then the encryption of system memory can be 1547 deactivated with the mem_encrypt=off command line option. 1548 1549 If set to N, then the encryption of system memory can be 1550 activated with the mem_encrypt=on command line option. 1551 1552# Common NUMA Features 1553config NUMA 1554 bool "NUMA Memory Allocation and Scheduler Support" 1555 depends on SMP 1556 depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP) 1557 default y if X86_BIGSMP 1558 select USE_PERCPU_NUMA_NODE_ID 1559 help 1560 Enable NUMA (Non-Uniform Memory Access) support. 1561 1562 The kernel will try to allocate memory used by a CPU on the 1563 local memory controller of the CPU and add some more 1564 NUMA awareness to the kernel. 1565 1566 For 64-bit this is recommended if the system is Intel Core i7 1567 (or later), AMD Opteron, or EM64T NUMA. 1568 1569 For 32-bit this is only needed if you boot a 32-bit 1570 kernel on a 64-bit NUMA platform. 1571 1572 Otherwise, you should say N. 1573 1574config AMD_NUMA 1575 def_bool y 1576 prompt "Old style AMD Opteron NUMA detection" 1577 depends on X86_64 && NUMA && PCI 1578 help 1579 Enable AMD NUMA node topology detection. You should say Y here if 1580 you have a multi processor AMD system. This uses an old method to 1581 read the NUMA configuration directly from the builtin Northbridge 1582 of Opteron. It is recommended to use X86_64_ACPI_NUMA instead, 1583 which also takes priority if both are compiled in. 1584 1585config X86_64_ACPI_NUMA 1586 def_bool y 1587 prompt "ACPI NUMA detection" 1588 depends on X86_64 && NUMA && ACPI && PCI 1589 select ACPI_NUMA 1590 help 1591 Enable ACPI SRAT based node topology detection. 1592 1593config NUMA_EMU 1594 bool "NUMA emulation" 1595 depends on NUMA 1596 help 1597 Enable NUMA emulation. A flat machine will be split 1598 into virtual nodes when booted with "numa=fake=N", where N is the 1599 number of nodes. This is only useful for debugging. 1600 1601config NODES_SHIFT 1602 int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP 1603 range 1 10 1604 default "10" if MAXSMP 1605 default "6" if X86_64 1606 default "3" 1607 depends on NUMA 1608 help 1609 Specify the maximum number of NUMA Nodes available on the target 1610 system. Increases memory reserved to accommodate various tables. 1611 1612config ARCH_FLATMEM_ENABLE 1613 def_bool y 1614 depends on X86_32 && !NUMA 1615 1616config ARCH_SPARSEMEM_ENABLE 1617 def_bool y 1618 depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD 1619 select SPARSEMEM_STATIC if X86_32 1620 select SPARSEMEM_VMEMMAP_ENABLE if X86_64 1621 1622config ARCH_SPARSEMEM_DEFAULT 1623 def_bool X86_64 || (NUMA && X86_32) 1624 1625config ARCH_SELECT_MEMORY_MODEL 1626 def_bool y 1627 depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE 1628 1629config ARCH_MEMORY_PROBE 1630 bool "Enable sysfs memory/probe interface" 1631 depends on MEMORY_HOTPLUG 1632 help 1633 This option enables a sysfs memory/probe interface for testing. 1634 See Documentation/admin-guide/mm/memory-hotplug.rst for more information. 1635 If you are unsure how to answer this question, answer N. 1636 1637config ARCH_PROC_KCORE_TEXT 1638 def_bool y 1639 depends on X86_64 && PROC_KCORE 1640 1641config ILLEGAL_POINTER_VALUE 1642 hex 1643 default 0 if X86_32 1644 default 0xdead000000000000 if X86_64 1645 1646config X86_PMEM_LEGACY_DEVICE 1647 bool 1648 1649config X86_PMEM_LEGACY 1650 tristate "Support non-standard NVDIMMs and ADR protected memory" 1651 depends on PHYS_ADDR_T_64BIT 1652 depends on BLK_DEV 1653 select X86_PMEM_LEGACY_DEVICE 1654 select NUMA_KEEP_MEMINFO if NUMA 1655 select LIBNVDIMM 1656 help 1657 Treat memory marked using the non-standard e820 type of 12 as used 1658 by the Intel Sandy Bridge-EP reference BIOS as protected memory. 1659 The kernel will offer these regions to the 'pmem' driver so 1660 they can be used for persistent storage. 1661 1662 Say Y if unsure. 1663 1664config HIGHPTE 1665 bool "Allocate 3rd-level pagetables from highmem" 1666 depends on HIGHMEM 1667 help 1668 The VM uses one page table entry for each page of physical memory. 1669 For systems with a lot of RAM, this can be wasteful of precious 1670 low memory. Setting this option will put user-space page table 1671 entries in high memory. 1672 1673config X86_CHECK_BIOS_CORRUPTION 1674 bool "Check for low memory corruption" 1675 help 1676 Periodically check for memory corruption in low memory, which 1677 is suspected to be caused by BIOS. Even when enabled in the 1678 configuration, it is disabled at runtime. Enable it by 1679 setting "memory_corruption_check=1" on the kernel command 1680 line. By default it scans the low 64k of memory every 60 1681 seconds; see the memory_corruption_check_size and 1682 memory_corruption_check_period parameters in 1683 Documentation/admin-guide/kernel-parameters.rst to adjust this. 1684 1685 When enabled with the default parameters, this option has 1686 almost no overhead, as it reserves a relatively small amount 1687 of memory and scans it infrequently. It both detects corruption 1688 and prevents it from affecting the running system. 1689 1690 It is, however, intended as a diagnostic tool; if repeatable 1691 BIOS-originated corruption always affects the same memory, 1692 you can use memmap= to prevent the kernel from using that 1693 memory. 1694 1695config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK 1696 bool "Set the default setting of memory_corruption_check" 1697 depends on X86_CHECK_BIOS_CORRUPTION 1698 default y 1699 help 1700 Set whether the default state of memory_corruption_check is 1701 on or off. 1702 1703config MATH_EMULATION 1704 bool 1705 depends on MODIFY_LDT_SYSCALL 1706 prompt "Math emulation" if X86_32 && (M486SX || MELAN) 1707 help 1708 Linux can emulate a math coprocessor (used for floating point 1709 operations) if you don't have one. 486DX and Pentium processors have 1710 a math coprocessor built in, 486SX and 386 do not, unless you added 1711 a 487DX or 387, respectively. (The messages during boot time can 1712 give you some hints here ["man dmesg"].) Everyone needs either a 1713 coprocessor or this emulation. 1714 1715 If you don't have a math coprocessor, you need to say Y here; if you 1716 say Y here even though you have a coprocessor, the coprocessor will 1717 be used nevertheless. (This behavior can be changed with the kernel 1718 command line option "no387", which comes handy if your coprocessor 1719 is broken. Try "man bootparam" or see the documentation of your boot 1720 loader (lilo or loadlin) about how to pass options to the kernel at 1721 boot time.) This means that it is a good idea to say Y here if you 1722 intend to use this kernel on different machines. 1723 1724 More information about the internals of the Linux math coprocessor 1725 emulation can be found in <file:arch/x86/math-emu/README>. 1726 1727 If you are not sure, say Y; apart from resulting in a 66 KB bigger 1728 kernel, it won't hurt. 1729 1730config MTRR 1731 def_bool y 1732 prompt "MTRR (Memory Type Range Register) support" if EXPERT 1733 help 1734 On Intel P6 family processors (Pentium Pro, Pentium II and later) 1735 the Memory Type Range Registers (MTRRs) may be used to control 1736 processor access to memory ranges. This is most useful if you have 1737 a video (VGA) card on a PCI or AGP bus. Enabling write-combining 1738 allows bus write transfers to be combined into a larger transfer 1739 before bursting over the PCI/AGP bus. This can increase performance 1740 of image write operations 2.5 times or more. Saying Y here creates a 1741 /proc/mtrr file which may be used to manipulate your processor's 1742 MTRRs. Typically the X server should use this. 1743 1744 This code has a reasonably generic interface so that similar 1745 control registers on other processors can be easily supported 1746 as well: 1747 1748 The Cyrix 6x86, 6x86MX and M II processors have Address Range 1749 Registers (ARRs) which provide a similar functionality to MTRRs. For 1750 these, the ARRs are used to emulate the MTRRs. 1751 The AMD K6-2 (stepping 8 and above) and K6-3 processors have two 1752 MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing 1753 write-combining. All of these processors are supported by this code 1754 and it makes sense to say Y here if you have one of them. 1755 1756 Saying Y here also fixes a problem with buggy SMP BIOSes which only 1757 set the MTRRs for the boot CPU and not for the secondary CPUs. This 1758 can lead to all sorts of problems, so it's good to say Y here. 1759 1760 You can safely say Y even if your machine doesn't have MTRRs, you'll 1761 just add about 9 KB to your kernel. 1762 1763 See <file:Documentation/x86/mtrr.rst> for more information. 1764 1765config MTRR_SANITIZER 1766 def_bool y 1767 prompt "MTRR cleanup support" 1768 depends on MTRR 1769 help 1770 Convert MTRR layout from continuous to discrete, so X drivers can 1771 add writeback entries. 1772 1773 Can be disabled with disable_mtrr_cleanup on the kernel command line. 1774 The largest mtrr entry size for a continuous block can be set with 1775 mtrr_chunk_size. 1776 1777 If unsure, say Y. 1778 1779config MTRR_SANITIZER_ENABLE_DEFAULT 1780 int "MTRR cleanup enable value (0-1)" 1781 range 0 1 1782 default "0" 1783 depends on MTRR_SANITIZER 1784 help 1785 Enable mtrr cleanup default value 1786 1787config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT 1788 int "MTRR cleanup spare reg num (0-7)" 1789 range 0 7 1790 default "1" 1791 depends on MTRR_SANITIZER 1792 help 1793 mtrr cleanup spare entries default, it can be changed via 1794 mtrr_spare_reg_nr=N on the kernel command line. 1795 1796config X86_PAT 1797 def_bool y 1798 prompt "x86 PAT support" if EXPERT 1799 depends on MTRR 1800 help 1801 Use PAT attributes to setup page level cache control. 1802 1803 PATs are the modern equivalents of MTRRs and are much more 1804 flexible than MTRRs. 1805 1806 Say N here if you see bootup problems (boot crash, boot hang, 1807 spontaneous reboots) or a non-working video driver. 1808 1809 If unsure, say Y. 1810 1811config ARCH_USES_PG_UNCACHED 1812 def_bool y 1813 depends on X86_PAT 1814 1815config ARCH_RANDOM 1816 def_bool y 1817 prompt "x86 architectural random number generator" if EXPERT 1818 help 1819 Enable the x86 architectural RDRAND instruction 1820 (Intel Bull Mountain technology) to generate random numbers. 1821 If supported, this is a high bandwidth, cryptographically 1822 secure hardware random number generator. 1823 1824config X86_UMIP 1825 def_bool y 1826 prompt "User Mode Instruction Prevention" if EXPERT 1827 help 1828 User Mode Instruction Prevention (UMIP) is a security feature in 1829 some x86 processors. If enabled, a general protection fault is 1830 issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are 1831 executed in user mode. These instructions unnecessarily expose 1832 information about the hardware state. 1833 1834 The vast majority of applications do not use these instructions. 1835 For the very few that do, software emulation is provided in 1836 specific cases in protected and virtual-8086 modes. Emulated 1837 results are dummy. 1838 1839config CC_HAS_IBT 1840 # GCC >= 9 and binutils >= 2.29 1841 # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 1842 # Clang/LLVM >= 14 1843 # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f 1844 # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332 1845 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \ 1846 (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \ 1847 $(as-instr,endbr64) 1848 1849config X86_KERNEL_IBT 1850 prompt "Indirect Branch Tracking" 1851 bool 1852 depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL 1853 # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f 1854 depends on !LD_IS_LLD || LLD_VERSION >= 140000 1855 select OBJTOOL 1856 help 1857 Build the kernel with support for Indirect Branch Tracking, a 1858 hardware support course-grain forward-edge Control Flow Integrity 1859 protection. It enforces that all indirect calls must land on 1860 an ENDBR instruction, as such, the compiler will instrument the 1861 code with them to make this happen. 1862 1863 In addition to building the kernel with IBT, seal all functions that 1864 are not indirect call targets, avoiding them ever becoming one. 1865 1866 This requires LTO like objtool runs and will slow down the build. It 1867 does significantly reduce the number of ENDBR instructions in the 1868 kernel image. 1869 1870config X86_INTEL_MEMORY_PROTECTION_KEYS 1871 prompt "Memory Protection Keys" 1872 def_bool y 1873 # Note: only available in 64-bit mode 1874 depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD) 1875 select ARCH_USES_HIGH_VMA_FLAGS 1876 select ARCH_HAS_PKEYS 1877 help 1878 Memory Protection Keys provides a mechanism for enforcing 1879 page-based protections, but without requiring modification of the 1880 page tables when an application changes protection domains. 1881 1882 For details, see Documentation/core-api/protection-keys.rst 1883 1884 If unsure, say y. 1885 1886choice 1887 prompt "TSX enable mode" 1888 depends on CPU_SUP_INTEL 1889 default X86_INTEL_TSX_MODE_OFF 1890 help 1891 Intel's TSX (Transactional Synchronization Extensions) feature 1892 allows to optimize locking protocols through lock elision which 1893 can lead to a noticeable performance boost. 1894 1895 On the other hand it has been shown that TSX can be exploited 1896 to form side channel attacks (e.g. TAA) and chances are there 1897 will be more of those attacks discovered in the future. 1898 1899 Therefore TSX is not enabled by default (aka tsx=off). An admin 1900 might override this decision by tsx=on the command line parameter. 1901 Even with TSX enabled, the kernel will attempt to enable the best 1902 possible TAA mitigation setting depending on the microcode available 1903 for the particular machine. 1904 1905 This option allows to set the default tsx mode between tsx=on, =off 1906 and =auto. See Documentation/admin-guide/kernel-parameters.txt for more 1907 details. 1908 1909 Say off if not sure, auto if TSX is in use but it should be used on safe 1910 platforms or on if TSX is in use and the security aspect of tsx is not 1911 relevant. 1912 1913config X86_INTEL_TSX_MODE_OFF 1914 bool "off" 1915 help 1916 TSX is disabled if possible - equals to tsx=off command line parameter. 1917 1918config X86_INTEL_TSX_MODE_ON 1919 bool "on" 1920 help 1921 TSX is always enabled on TSX capable HW - equals the tsx=on command 1922 line parameter. 1923 1924config X86_INTEL_TSX_MODE_AUTO 1925 bool "auto" 1926 help 1927 TSX is enabled on TSX capable HW that is believed to be safe against 1928 side channel attacks- equals the tsx=auto command line parameter. 1929endchoice 1930 1931config X86_SGX 1932 bool "Software Guard eXtensions (SGX)" 1933 depends on X86_64 && CPU_SUP_INTEL 1934 depends on CRYPTO=y 1935 depends on CRYPTO_SHA256=y 1936 select SRCU 1937 select MMU_NOTIFIER 1938 select NUMA_KEEP_MEMINFO if NUMA 1939 select XARRAY_MULTI 1940 help 1941 Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions 1942 that can be used by applications to set aside private regions of code 1943 and data, referred to as enclaves. An enclave's private memory can 1944 only be accessed by code running within the enclave. Accesses from 1945 outside the enclave, including other enclaves, are disallowed by 1946 hardware. 1947 1948 If unsure, say N. 1949 1950config EFI 1951 bool "EFI runtime service support" 1952 depends on ACPI 1953 select UCS2_STRING 1954 select EFI_RUNTIME_WRAPPERS 1955 select ARCH_USE_MEMREMAP_PROT 1956 help 1957 This enables the kernel to use EFI runtime services that are 1958 available (such as the EFI variable services). 1959 1960 This option is only useful on systems that have EFI firmware. 1961 In addition, you should use the latest ELILO loader available 1962 at <http://elilo.sourceforge.net> in order to take advantage 1963 of EFI runtime services. However, even with this option, the 1964 resultant kernel should continue to boot on existing non-EFI 1965 platforms. 1966 1967config EFI_STUB 1968 bool "EFI stub support" 1969 depends on EFI 1970 depends on $(cc-option,-mabi=ms) || X86_32 1971 select RELOCATABLE 1972 help 1973 This kernel feature allows a bzImage to be loaded directly 1974 by EFI firmware without the use of a bootloader. 1975 1976 See Documentation/admin-guide/efi-stub.rst for more information. 1977 1978config EFI_MIXED 1979 bool "EFI mixed-mode support" 1980 depends on EFI_STUB && X86_64 1981 help 1982 Enabling this feature allows a 64-bit kernel to be booted 1983 on a 32-bit firmware, provided that your CPU supports 64-bit 1984 mode. 1985 1986 Note that it is not possible to boot a mixed-mode enabled 1987 kernel via the EFI boot stub - a bootloader that supports 1988 the EFI handover protocol must be used. 1989 1990 If unsure, say N. 1991 1992source "kernel/Kconfig.hz" 1993 1994config KEXEC 1995 bool "kexec system call" 1996 select KEXEC_CORE 1997 help 1998 kexec is a system call that implements the ability to shutdown your 1999 current kernel, and to start another kernel. It is like a reboot 2000 but it is independent of the system firmware. And like a reboot 2001 you can start any kernel with it, not just Linux. 2002 2003 The name comes from the similarity to the exec system call. 2004 2005 It is an ongoing process to be certain the hardware in a machine 2006 is properly shutdown, so do not be surprised if this code does not 2007 initially work for you. As of this writing the exact hardware 2008 interface is strongly in flux, so no good recommendation can be 2009 made. 2010 2011config KEXEC_FILE 2012 bool "kexec file based system call" 2013 select KEXEC_CORE 2014 select BUILD_BIN2C 2015 depends on X86_64 2016 depends on CRYPTO=y 2017 depends on CRYPTO_SHA256=y 2018 help 2019 This is new version of kexec system call. This system call is 2020 file based and takes file descriptors as system call argument 2021 for kernel and initramfs as opposed to list of segments as 2022 accepted by previous system call. 2023 2024config ARCH_HAS_KEXEC_PURGATORY 2025 def_bool KEXEC_FILE 2026 2027config KEXEC_SIG 2028 bool "Verify kernel signature during kexec_file_load() syscall" 2029 depends on KEXEC_FILE 2030 help 2031 2032 This option makes the kexec_file_load() syscall check for a valid 2033 signature of the kernel image. The image can still be loaded without 2034 a valid signature unless you also enable KEXEC_SIG_FORCE, though if 2035 there's a signature that we can check, then it must be valid. 2036 2037 In addition to this option, you need to enable signature 2038 verification for the corresponding kernel image type being 2039 loaded in order for this to work. 2040 2041config KEXEC_SIG_FORCE 2042 bool "Require a valid signature in kexec_file_load() syscall" 2043 depends on KEXEC_SIG 2044 help 2045 This option makes kernel signature verification mandatory for 2046 the kexec_file_load() syscall. 2047 2048config KEXEC_BZIMAGE_VERIFY_SIG 2049 bool "Enable bzImage signature verification support" 2050 depends on KEXEC_SIG 2051 depends on SIGNED_PE_FILE_VERIFICATION 2052 select SYSTEM_TRUSTED_KEYRING 2053 help 2054 Enable bzImage signature verification support. 2055 2056config CRASH_DUMP 2057 bool "kernel crash dumps" 2058 depends on X86_64 || (X86_32 && HIGHMEM) 2059 help 2060 Generate crash dump after being started by kexec. 2061 This should be normally only set in special crash dump kernels 2062 which are loaded in the main kernel with kexec-tools into 2063 a specially reserved region and then later executed after 2064 a crash by kdump/kexec. The crash dump kernel must be compiled 2065 to a memory address not used by the main kernel or BIOS using 2066 PHYSICAL_START, or it must be built as a relocatable image 2067 (CONFIG_RELOCATABLE=y). 2068 For more details see Documentation/admin-guide/kdump/kdump.rst 2069 2070config KEXEC_JUMP 2071 bool "kexec jump" 2072 depends on KEXEC && HIBERNATION 2073 help 2074 Jump between original kernel and kexeced kernel and invoke 2075 code in physical address mode via KEXEC 2076 2077config PHYSICAL_START 2078 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) 2079 default "0x1000000" 2080 help 2081 This gives the physical address where the kernel is loaded. 2082 2083 If kernel is a not relocatable (CONFIG_RELOCATABLE=n) then 2084 bzImage will decompress itself to above physical address and 2085 run from there. Otherwise, bzImage will run from the address where 2086 it has been loaded by the boot loader and will ignore above physical 2087 address. 2088 2089 In normal kdump cases one does not have to set/change this option 2090 as now bzImage can be compiled as a completely relocatable image 2091 (CONFIG_RELOCATABLE=y) and be used to load and run from a different 2092 address. This option is mainly useful for the folks who don't want 2093 to use a bzImage for capturing the crash dump and want to use a 2094 vmlinux instead. vmlinux is not relocatable hence a kernel needs 2095 to be specifically compiled to run from a specific memory area 2096 (normally a reserved region) and this option comes handy. 2097 2098 So if you are using bzImage for capturing the crash dump, 2099 leave the value here unchanged to 0x1000000 and set 2100 CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux 2101 for capturing the crash dump change this value to start of 2102 the reserved region. In other words, it can be set based on 2103 the "X" value as specified in the "crashkernel=YM@XM" 2104 command line boot parameter passed to the panic-ed 2105 kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst 2106 for more details about crash dumps. 2107 2108 Usage of bzImage for capturing the crash dump is recommended as 2109 one does not have to build two kernels. Same kernel can be used 2110 as production kernel and capture kernel. Above option should have 2111 gone away after relocatable bzImage support is introduced. But it 2112 is present because there are users out there who continue to use 2113 vmlinux for dump capture. This option should go away down the 2114 line. 2115 2116 Don't change this unless you know what you are doing. 2117 2118config RELOCATABLE 2119 bool "Build a relocatable kernel" 2120 default y 2121 help 2122 This builds a kernel image that retains relocation information 2123 so it can be loaded someplace besides the default 1MB. 2124 The relocations tend to make the kernel binary about 10% larger, 2125 but are discarded at runtime. 2126 2127 One use is for the kexec on panic case where the recovery kernel 2128 must live at a different physical address than the primary 2129 kernel. 2130 2131 Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address 2132 it has been loaded at and the compile time physical address 2133 (CONFIG_PHYSICAL_START) is used as the minimum location. 2134 2135config RANDOMIZE_BASE 2136 bool "Randomize the address of the kernel image (KASLR)" 2137 depends on RELOCATABLE 2138 default y 2139 help 2140 In support of Kernel Address Space Layout Randomization (KASLR), 2141 this randomizes the physical address at which the kernel image 2142 is decompressed and the virtual address where the kernel 2143 image is mapped, as a security feature that deters exploit 2144 attempts relying on knowledge of the location of kernel 2145 code internals. 2146 2147 On 64-bit, the kernel physical and virtual addresses are 2148 randomized separately. The physical address will be anywhere 2149 between 16MB and the top of physical memory (up to 64TB). The 2150 virtual address will be randomized from 16MB up to 1GB (9 bits 2151 of entropy). Note that this also reduces the memory space 2152 available to kernel modules from 1.5GB to 1GB. 2153 2154 On 32-bit, the kernel physical and virtual addresses are 2155 randomized together. They will be randomized from 16MB up to 2156 512MB (8 bits of entropy). 2157 2158 Entropy is generated using the RDRAND instruction if it is 2159 supported. If RDTSC is supported, its value is mixed into 2160 the entropy pool as well. If neither RDRAND nor RDTSC are 2161 supported, then entropy is read from the i8254 timer. The 2162 usable entropy is limited by the kernel being built using 2163 2GB addressing, and that PHYSICAL_ALIGN must be at a 2164 minimum of 2MB. As a result, only 10 bits of entropy are 2165 theoretically possible, but the implementations are further 2166 limited due to memory layouts. 2167 2168 If unsure, say Y. 2169 2170# Relocation on x86 needs some additional build support 2171config X86_NEED_RELOCS 2172 def_bool y 2173 depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE) 2174 2175config PHYSICAL_ALIGN 2176 hex "Alignment value to which kernel should be aligned" 2177 default "0x200000" 2178 range 0x2000 0x1000000 if X86_32 2179 range 0x200000 0x1000000 if X86_64 2180 help 2181 This value puts the alignment restrictions on physical address 2182 where kernel is loaded and run from. Kernel is compiled for an 2183 address which meets above alignment restriction. 2184 2185 If bootloader loads the kernel at a non-aligned address and 2186 CONFIG_RELOCATABLE is set, kernel will move itself to nearest 2187 address aligned to above value and run from there. 2188 2189 If bootloader loads the kernel at a non-aligned address and 2190 CONFIG_RELOCATABLE is not set, kernel will ignore the run time 2191 load address and decompress itself to the address it has been 2192 compiled for and run from there. The address for which kernel is 2193 compiled already meets above alignment restrictions. Hence the 2194 end result is that kernel runs from a physical address meeting 2195 above alignment restrictions. 2196 2197 On 32-bit this value must be a multiple of 0x2000. On 64-bit 2198 this value must be a multiple of 0x200000. 2199 2200 Don't change this unless you know what you are doing. 2201 2202config DYNAMIC_MEMORY_LAYOUT 2203 bool 2204 help 2205 This option makes base addresses of vmalloc and vmemmap as well as 2206 __PAGE_OFFSET movable during boot. 2207 2208config RANDOMIZE_MEMORY 2209 bool "Randomize the kernel memory sections" 2210 depends on X86_64 2211 depends on RANDOMIZE_BASE 2212 select DYNAMIC_MEMORY_LAYOUT 2213 default RANDOMIZE_BASE 2214 help 2215 Randomizes the base virtual address of kernel memory sections 2216 (physical memory mapping, vmalloc & vmemmap). This security feature 2217 makes exploits relying on predictable memory locations less reliable. 2218 2219 The order of allocations remains unchanged. Entropy is generated in 2220 the same way as RANDOMIZE_BASE. Current implementation in the optimal 2221 configuration have in average 30,000 different possible virtual 2222 addresses for each memory section. 2223 2224 If unsure, say Y. 2225 2226config RANDOMIZE_MEMORY_PHYSICAL_PADDING 2227 hex "Physical memory mapping padding" if EXPERT 2228 depends on RANDOMIZE_MEMORY 2229 default "0xa" if MEMORY_HOTPLUG 2230 default "0x0" 2231 range 0x1 0x40 if MEMORY_HOTPLUG 2232 range 0x0 0x40 2233 help 2234 Define the padding in terabytes added to the existing physical 2235 memory size during kernel memory randomization. It is useful 2236 for memory hotplug support but reduces the entropy available for 2237 address randomization. 2238 2239 If unsure, leave at the default value. 2240 2241config HOTPLUG_CPU 2242 def_bool y 2243 depends on SMP 2244 2245config BOOTPARAM_HOTPLUG_CPU0 2246 bool "Set default setting of cpu0_hotpluggable" 2247 depends on HOTPLUG_CPU 2248 help 2249 Set whether default state of cpu0_hotpluggable is on or off. 2250 2251 Say Y here to enable CPU0 hotplug by default. If this switch 2252 is turned on, there is no need to give cpu0_hotplug kernel 2253 parameter and the CPU0 hotplug feature is enabled by default. 2254 2255 Please note: there are two known CPU0 dependencies if you want 2256 to enable the CPU0 hotplug feature either by this switch or by 2257 cpu0_hotplug kernel parameter. 2258 2259 First, resume from hibernate or suspend always starts from CPU0. 2260 So hibernate and suspend are prevented if CPU0 is offline. 2261 2262 Second dependency is PIC interrupts always go to CPU0. CPU0 can not 2263 offline if any interrupt can not migrate out of CPU0. There may 2264 be other CPU0 dependencies. 2265 2266 Please make sure the dependencies are under your control before 2267 you enable this feature. 2268 2269 Say N if you don't want to enable CPU0 hotplug feature by default. 2270 You still can enable the CPU0 hotplug feature at boot by kernel 2271 parameter cpu0_hotplug. 2272 2273config DEBUG_HOTPLUG_CPU0 2274 def_bool n 2275 prompt "Debug CPU0 hotplug" 2276 depends on HOTPLUG_CPU 2277 help 2278 Enabling this option offlines CPU0 (if CPU0 can be offlined) as 2279 soon as possible and boots up userspace with CPU0 offlined. User 2280 can online CPU0 back after boot time. 2281 2282 To debug CPU0 hotplug, you need to enable CPU0 offline/online 2283 feature by either turning on CONFIG_BOOTPARAM_HOTPLUG_CPU0 during 2284 compilation or giving cpu0_hotplug kernel parameter at boot. 2285 2286 If unsure, say N. 2287 2288config COMPAT_VDSO 2289 def_bool n 2290 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" 2291 depends on COMPAT_32 2292 help 2293 Certain buggy versions of glibc will crash if they are 2294 presented with a 32-bit vDSO that is not mapped at the address 2295 indicated in its segment table. 2296 2297 The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a 2298 and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and 2299 49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is 2300 the only released version with the bug, but OpenSUSE 9 2301 contains a buggy "glibc 2.3.2". 2302 2303 The symptom of the bug is that everything crashes on startup, saying: 2304 dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed! 2305 2306 Saying Y here changes the default value of the vdso32 boot 2307 option from 1 to 0, which turns off the 32-bit vDSO entirely. 2308 This works around the glibc bug but hurts performance. 2309 2310 If unsure, say N: if you are compiling your own kernel, you 2311 are unlikely to be using a buggy version of glibc. 2312 2313choice 2314 prompt "vsyscall table for legacy applications" 2315 depends on X86_64 2316 default LEGACY_VSYSCALL_XONLY 2317 help 2318 Legacy user code that does not know how to find the vDSO expects 2319 to be able to issue three syscalls by calling fixed addresses in 2320 kernel space. Since this location is not randomized with ASLR, 2321 it can be used to assist security vulnerability exploitation. 2322 2323 This setting can be changed at boot time via the kernel command 2324 line parameter vsyscall=[emulate|xonly|none]. Emulate mode 2325 is deprecated and can only be enabled using the kernel command 2326 line. 2327 2328 On a system with recent enough glibc (2.14 or newer) and no 2329 static binaries, you can say None without a performance penalty 2330 to improve security. 2331 2332 If unsure, select "Emulate execution only". 2333 2334 config LEGACY_VSYSCALL_XONLY 2335 bool "Emulate execution only" 2336 help 2337 The kernel traps and emulates calls into the fixed vsyscall 2338 address mapping and does not allow reads. This 2339 configuration is recommended when userspace might use the 2340 legacy vsyscall area but support for legacy binary 2341 instrumentation of legacy code is not needed. It mitigates 2342 certain uses of the vsyscall area as an ASLR-bypassing 2343 buffer. 2344 2345 config LEGACY_VSYSCALL_NONE 2346 bool "None" 2347 help 2348 There will be no vsyscall mapping at all. This will 2349 eliminate any risk of ASLR bypass due to the vsyscall 2350 fixed address mapping. Attempts to use the vsyscalls 2351 will be reported to dmesg, so that either old or 2352 malicious userspace programs can be identified. 2353 2354endchoice 2355 2356config CMDLINE_BOOL 2357 bool "Built-in kernel command line" 2358 help 2359 Allow for specifying boot arguments to the kernel at 2360 build time. On some systems (e.g. embedded ones), it is 2361 necessary or convenient to provide some or all of the 2362 kernel boot arguments with the kernel itself (that is, 2363 to not rely on the boot loader to provide them.) 2364 2365 To compile command line arguments into the kernel, 2366 set this option to 'Y', then fill in the 2367 boot arguments in CONFIG_CMDLINE. 2368 2369 Systems with fully functional boot loaders (i.e. non-embedded) 2370 should leave this option set to 'N'. 2371 2372config CMDLINE 2373 string "Built-in kernel command string" 2374 depends on CMDLINE_BOOL 2375 default "" 2376 help 2377 Enter arguments here that should be compiled into the kernel 2378 image and used at boot time. If the boot loader provides a 2379 command line at boot time, it is appended to this string to 2380 form the full kernel command line, when the system boots. 2381 2382 However, you can use the CONFIG_CMDLINE_OVERRIDE option to 2383 change this behavior. 2384 2385 In most cases, the command line (whether built-in or provided 2386 by the boot loader) should specify the device for the root 2387 file system. 2388 2389config CMDLINE_OVERRIDE 2390 bool "Built-in command line overrides boot loader arguments" 2391 depends on CMDLINE_BOOL && CMDLINE != "" 2392 help 2393 Set this option to 'Y' to have the kernel ignore the boot loader 2394 command line, and use ONLY the built-in command line. 2395 2396 This is used to work around broken boot loaders. This should 2397 be set to 'N' under normal conditions. 2398 2399config MODIFY_LDT_SYSCALL 2400 bool "Enable the LDT (local descriptor table)" if EXPERT 2401 default y 2402 help 2403 Linux can allow user programs to install a per-process x86 2404 Local Descriptor Table (LDT) using the modify_ldt(2) system 2405 call. This is required to run 16-bit or segmented code such as 2406 DOSEMU or some Wine programs. It is also used by some very old 2407 threading libraries. 2408 2409 Enabling this feature adds a small amount of overhead to 2410 context switches and increases the low-level kernel attack 2411 surface. Disabling it removes the modify_ldt(2) system call. 2412 2413 Saying 'N' here may make sense for embedded or server kernels. 2414 2415config STRICT_SIGALTSTACK_SIZE 2416 bool "Enforce strict size checking for sigaltstack" 2417 depends on DYNAMIC_SIGFRAME 2418 help 2419 For historical reasons MINSIGSTKSZ is a constant which became 2420 already too small with AVX512 support. Add a mechanism to 2421 enforce strict checking of the sigaltstack size against the 2422 real size of the FPU frame. This option enables the check 2423 by default. It can also be controlled via the kernel command 2424 line option 'strict_sas_size' independent of this config 2425 switch. Enabling it might break existing applications which 2426 allocate a too small sigaltstack but 'work' because they 2427 never get a signal delivered. 2428 2429 Say 'N' unless you want to really enforce this check. 2430 2431source "kernel/livepatch/Kconfig" 2432 2433endmenu 2434 2435config CC_HAS_SLS 2436 def_bool $(cc-option,-mharden-sls=all) 2437 2438config CC_HAS_RETURN_THUNK 2439 def_bool $(cc-option,-mfunction-return=thunk-extern) 2440 2441menuconfig SPECULATION_MITIGATIONS 2442 bool "Mitigations for speculative execution vulnerabilities" 2443 default y 2444 help 2445 Say Y here to enable options which enable mitigations for 2446 speculative execution hardware vulnerabilities. 2447 2448 If you say N, all mitigations will be disabled. You really 2449 should know what you are doing to say so. 2450 2451if SPECULATION_MITIGATIONS 2452 2453config PAGE_TABLE_ISOLATION 2454 bool "Remove the kernel mapping in user mode" 2455 default y 2456 depends on (X86_64 || X86_PAE) 2457 help 2458 This feature reduces the number of hardware side channels by 2459 ensuring that the majority of kernel addresses are not mapped 2460 into userspace. 2461 2462 See Documentation/x86/pti.rst for more details. 2463 2464config RETPOLINE 2465 bool "Avoid speculative indirect branches in kernel" 2466 select OBJTOOL if HAVE_OBJTOOL 2467 default y 2468 help 2469 Compile kernel with the retpoline compiler options to guard against 2470 kernel-to-user data leaks by avoiding speculative indirect 2471 branches. Requires a compiler with -mindirect-branch=thunk-extern 2472 support for full protection. The kernel may run slower. 2473 2474config RETHUNK 2475 bool "Enable return-thunks" 2476 depends on RETPOLINE && CC_HAS_RETURN_THUNK 2477 select OBJTOOL if HAVE_OBJTOOL 2478 default y if X86_64 2479 help 2480 Compile the kernel with the return-thunks compiler option to guard 2481 against kernel-to-user data leaks by avoiding return speculation. 2482 Requires a compiler with -mfunction-return=thunk-extern 2483 support for full protection. The kernel may run slower. 2484 2485config CPU_UNRET_ENTRY 2486 bool "Enable UNRET on kernel entry" 2487 depends on CPU_SUP_AMD && RETHUNK && X86_64 2488 default y 2489 help 2490 Compile the kernel with support for the retbleed=unret mitigation. 2491 2492config CPU_IBPB_ENTRY 2493 bool "Enable IBPB on kernel entry" 2494 depends on CPU_SUP_AMD && X86_64 2495 default y 2496 help 2497 Compile the kernel with support for the retbleed=ibpb mitigation. 2498 2499config CPU_IBRS_ENTRY 2500 bool "Enable IBRS on kernel entry" 2501 depends on CPU_SUP_INTEL && X86_64 2502 default y 2503 help 2504 Compile the kernel with support for the spectre_v2=ibrs mitigation. 2505 This mitigates both spectre_v2 and retbleed at great cost to 2506 performance. 2507 2508config SLS 2509 bool "Mitigate Straight-Line-Speculation" 2510 depends on CC_HAS_SLS && X86_64 2511 select OBJTOOL if HAVE_OBJTOOL 2512 default n 2513 help 2514 Compile the kernel with straight-line-speculation options to guard 2515 against straight line speculation. The kernel image might be slightly 2516 larger. 2517 2518endif 2519 2520config ARCH_HAS_ADD_PAGES 2521 def_bool y 2522 depends on ARCH_ENABLE_MEMORY_HOTPLUG 2523 2524config ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE 2525 def_bool y 2526 2527menu "Power management and ACPI options" 2528 2529config ARCH_HIBERNATION_HEADER 2530 def_bool y 2531 depends on HIBERNATION 2532 2533source "kernel/power/Kconfig" 2534 2535source "drivers/acpi/Kconfig" 2536 2537config X86_APM_BOOT 2538 def_bool y 2539 depends on APM 2540 2541menuconfig APM 2542 tristate "APM (Advanced Power Management) BIOS support" 2543 depends on X86_32 && PM_SLEEP 2544 help 2545 APM is a BIOS specification for saving power using several different 2546 techniques. This is mostly useful for battery powered laptops with 2547 APM compliant BIOSes. If you say Y here, the system time will be 2548 reset after a RESUME operation, the /proc/apm device will provide 2549 battery status information, and user-space programs will receive 2550 notification of APM "events" (e.g. battery status change). 2551 2552 If you select "Y" here, you can disable actual use of the APM 2553 BIOS by passing the "apm=off" option to the kernel at boot time. 2554 2555 Note that the APM support is almost completely disabled for 2556 machines with more than one CPU. 2557 2558 In order to use APM, you will need supporting software. For location 2559 and more information, read <file:Documentation/power/apm-acpi.rst> 2560 and the Battery Powered Linux mini-HOWTO, available from 2561 <http://www.tldp.org/docs.html#howto>. 2562 2563 This driver does not spin down disk drives (see the hdparm(8) 2564 manpage ("man 8 hdparm") for that), and it doesn't turn off 2565 VESA-compliant "green" monitors. 2566 2567 This driver does not support the TI 4000M TravelMate and the ACER 2568 486/DX4/75 because they don't have compliant BIOSes. Many "green" 2569 desktop machines also don't have compliant BIOSes, and this driver 2570 may cause those machines to panic during the boot phase. 2571 2572 Generally, if you don't have a battery in your machine, there isn't 2573 much point in using this driver and you should say N. If you get 2574 random kernel OOPSes or reboots that don't seem to be related to 2575 anything, try disabling/enabling this option (or disabling/enabling 2576 APM in your BIOS). 2577 2578 Some other things you should try when experiencing seemingly random, 2579 "weird" problems: 2580 2581 1) make sure that you have enough swap space and that it is 2582 enabled. 2583 2) pass the "no-hlt" option to the kernel 2584 3) switch on floating point emulation in the kernel and pass 2585 the "no387" option to the kernel 2586 4) pass the "floppy=nodma" option to the kernel 2587 5) pass the "mem=4M" option to the kernel (thereby disabling 2588 all but the first 4 MB of RAM) 2589 6) make sure that the CPU is not over clocked. 2590 7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/> 2591 8) disable the cache from your BIOS settings 2592 9) install a fan for the video card or exchange video RAM 2593 10) install a better fan for the CPU 2594 11) exchange RAM chips 2595 12) exchange the motherboard. 2596 2597 To compile this driver as a module, choose M here: the 2598 module will be called apm. 2599 2600if APM 2601 2602config APM_IGNORE_USER_SUSPEND 2603 bool "Ignore USER SUSPEND" 2604 help 2605 This option will ignore USER SUSPEND requests. On machines with a 2606 compliant APM BIOS, you want to say N. However, on the NEC Versa M 2607 series notebooks, it is necessary to say Y because of a BIOS bug. 2608 2609config APM_DO_ENABLE 2610 bool "Enable PM at boot time" 2611 help 2612 Enable APM features at boot time. From page 36 of the APM BIOS 2613 specification: "When disabled, the APM BIOS does not automatically 2614 power manage devices, enter the Standby State, enter the Suspend 2615 State, or take power saving steps in response to CPU Idle calls." 2616 This driver will make CPU Idle calls when Linux is idle (unless this 2617 feature is turned off -- see "Do CPU IDLE calls", below). This 2618 should always save battery power, but more complicated APM features 2619 will be dependent on your BIOS implementation. You may need to turn 2620 this option off if your computer hangs at boot time when using APM 2621 support, or if it beeps continuously instead of suspending. Turn 2622 this off if you have a NEC UltraLite Versa 33/C or a Toshiba 2623 T400CDT. This is off by default since most machines do fine without 2624 this feature. 2625 2626config APM_CPU_IDLE 2627 depends on CPU_IDLE 2628 bool "Make CPU Idle calls when idle" 2629 help 2630 Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop. 2631 On some machines, this can activate improved power savings, such as 2632 a slowed CPU clock rate, when the machine is idle. These idle calls 2633 are made after the idle loop has run for some length of time (e.g., 2634 333 mS). On some machines, this will cause a hang at boot time or 2635 whenever the CPU becomes idle. (On machines with more than one CPU, 2636 this option does nothing.) 2637 2638config APM_DISPLAY_BLANK 2639 bool "Enable console blanking using APM" 2640 help 2641 Enable console blanking using the APM. Some laptops can use this to 2642 turn off the LCD backlight when the screen blanker of the Linux 2643 virtual console blanks the screen. Note that this is only used by 2644 the virtual console screen blanker, and won't turn off the backlight 2645 when using the X Window system. This also doesn't have anything to 2646 do with your VESA-compliant power-saving monitor. Further, this 2647 option doesn't work for all laptops -- it might not turn off your 2648 backlight at all, or it might print a lot of errors to the console, 2649 especially if you are using gpm. 2650 2651config APM_ALLOW_INTS 2652 bool "Allow interrupts during APM BIOS calls" 2653 help 2654 Normally we disable external interrupts while we are making calls to 2655 the APM BIOS as a measure to lessen the effects of a badly behaving 2656 BIOS implementation. The BIOS should reenable interrupts if it 2657 needs to. Unfortunately, some BIOSes do not -- especially those in 2658 many of the newer IBM Thinkpads. If you experience hangs when you 2659 suspend, try setting this to Y. Otherwise, say N. 2660 2661endif # APM 2662 2663source "drivers/cpufreq/Kconfig" 2664 2665source "drivers/cpuidle/Kconfig" 2666 2667source "drivers/idle/Kconfig" 2668 2669endmenu 2670 2671menu "Bus options (PCI etc.)" 2672 2673choice 2674 prompt "PCI access mode" 2675 depends on X86_32 && PCI 2676 default PCI_GOANY 2677 help 2678 On PCI systems, the BIOS can be used to detect the PCI devices and 2679 determine their configuration. However, some old PCI motherboards 2680 have BIOS bugs and may crash if this is done. Also, some embedded 2681 PCI-based systems don't have any BIOS at all. Linux can also try to 2682 detect the PCI hardware directly without using the BIOS. 2683 2684 With this option, you can specify how Linux should detect the 2685 PCI devices. If you choose "BIOS", the BIOS will be used, 2686 if you choose "Direct", the BIOS won't be used, and if you 2687 choose "MMConfig", then PCI Express MMCONFIG will be used. 2688 If you choose "Any", the kernel will try MMCONFIG, then the 2689 direct access method and falls back to the BIOS if that doesn't 2690 work. If unsure, go with the default, which is "Any". 2691 2692config PCI_GOBIOS 2693 bool "BIOS" 2694 2695config PCI_GOMMCONFIG 2696 bool "MMConfig" 2697 2698config PCI_GODIRECT 2699 bool "Direct" 2700 2701config PCI_GOOLPC 2702 bool "OLPC XO-1" 2703 depends on OLPC 2704 2705config PCI_GOANY 2706 bool "Any" 2707 2708endchoice 2709 2710config PCI_BIOS 2711 def_bool y 2712 depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY) 2713 2714# x86-64 doesn't support PCI BIOS access from long mode so always go direct. 2715config PCI_DIRECT 2716 def_bool y 2717 depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG)) 2718 2719config PCI_MMCONFIG 2720 bool "Support mmconfig PCI config space access" if X86_64 2721 default y 2722 depends on PCI && (ACPI || JAILHOUSE_GUEST) 2723 depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG) 2724 2725config PCI_OLPC 2726 def_bool y 2727 depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY) 2728 2729config PCI_XEN 2730 def_bool y 2731 depends on PCI && XEN 2732 2733config MMCONF_FAM10H 2734 def_bool y 2735 depends on X86_64 && PCI_MMCONFIG && ACPI 2736 2737config PCI_CNB20LE_QUIRK 2738 bool "Read CNB20LE Host Bridge Windows" if EXPERT 2739 depends on PCI 2740 help 2741 Read the PCI windows out of the CNB20LE host bridge. This allows 2742 PCI hotplug to work on systems with the CNB20LE chipset which do 2743 not have ACPI. 2744 2745 There's no public spec for this chipset, and this functionality 2746 is known to be incomplete. 2747 2748 You should say N unless you know you need this. 2749 2750config ISA_BUS 2751 bool "ISA bus support on modern systems" if EXPERT 2752 help 2753 Expose ISA bus device drivers and options available for selection and 2754 configuration. Enable this option if your target machine has an ISA 2755 bus. ISA is an older system, displaced by PCI and newer bus 2756 architectures -- if your target machine is modern, it probably does 2757 not have an ISA bus. 2758 2759 If unsure, say N. 2760 2761# x86_64 have no ISA slots, but can have ISA-style DMA. 2762config ISA_DMA_API 2763 bool "ISA-style DMA support" if (X86_64 && EXPERT) 2764 default y 2765 help 2766 Enables ISA-style DMA support for devices requiring such controllers. 2767 If unsure, say Y. 2768 2769if X86_32 2770 2771config ISA 2772 bool "ISA support" 2773 help 2774 Find out whether you have ISA slots on your motherboard. ISA is the 2775 name of a bus system, i.e. the way the CPU talks to the other stuff 2776 inside your box. Other bus systems are PCI, EISA, MicroChannel 2777 (MCA) or VESA. ISA is an older system, now being displaced by PCI; 2778 newer boards don't support it. If you have ISA, say Y, otherwise N. 2779 2780config SCx200 2781 tristate "NatSemi SCx200 support" 2782 help 2783 This provides basic support for National Semiconductor's 2784 (now AMD's) Geode processors. The driver probes for the 2785 PCI-IDs of several on-chip devices, so its a good dependency 2786 for other scx200_* drivers. 2787 2788 If compiled as a module, the driver is named scx200. 2789 2790config SCx200HR_TIMER 2791 tristate "NatSemi SCx200 27MHz High-Resolution Timer Support" 2792 depends on SCx200 2793 default y 2794 help 2795 This driver provides a clocksource built upon the on-chip 2796 27MHz high-resolution timer. Its also a workaround for 2797 NSC Geode SC-1100's buggy TSC, which loses time when the 2798 processor goes idle (as is done by the scheduler). The 2799 other workaround is idle=poll boot option. 2800 2801config OLPC 2802 bool "One Laptop Per Child support" 2803 depends on !X86_PAE 2804 select GPIOLIB 2805 select OF 2806 select OF_PROMTREE 2807 select IRQ_DOMAIN 2808 select OLPC_EC 2809 help 2810 Add support for detecting the unique features of the OLPC 2811 XO hardware. 2812 2813config OLPC_XO1_PM 2814 bool "OLPC XO-1 Power Management" 2815 depends on OLPC && MFD_CS5535=y && PM_SLEEP 2816 help 2817 Add support for poweroff and suspend of the OLPC XO-1 laptop. 2818 2819config OLPC_XO1_RTC 2820 bool "OLPC XO-1 Real Time Clock" 2821 depends on OLPC_XO1_PM && RTC_DRV_CMOS 2822 help 2823 Add support for the XO-1 real time clock, which can be used as a 2824 programmable wakeup source. 2825 2826config OLPC_XO1_SCI 2827 bool "OLPC XO-1 SCI extras" 2828 depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y 2829 depends on INPUT=y 2830 select POWER_SUPPLY 2831 help 2832 Add support for SCI-based features of the OLPC XO-1 laptop: 2833 - EC-driven system wakeups 2834 - Power button 2835 - Ebook switch 2836 - Lid switch 2837 - AC adapter status updates 2838 - Battery status updates 2839 2840config OLPC_XO15_SCI 2841 bool "OLPC XO-1.5 SCI extras" 2842 depends on OLPC && ACPI 2843 select POWER_SUPPLY 2844 help 2845 Add support for SCI-based features of the OLPC XO-1.5 laptop: 2846 - EC-driven system wakeups 2847 - AC adapter status updates 2848 - Battery status updates 2849 2850config ALIX 2851 bool "PCEngines ALIX System Support (LED setup)" 2852 select GPIOLIB 2853 help 2854 This option enables system support for the PCEngines ALIX. 2855 At present this just sets up LEDs for GPIO control on 2856 ALIX2/3/6 boards. However, other system specific setup should 2857 get added here. 2858 2859 Note: You must still enable the drivers for GPIO and LED support 2860 (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs 2861 2862 Note: You have to set alix.force=1 for boards with Award BIOS. 2863 2864config NET5501 2865 bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)" 2866 select GPIOLIB 2867 help 2868 This option enables system support for the Soekris Engineering net5501. 2869 2870config GEOS 2871 bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)" 2872 select GPIOLIB 2873 depends on DMI 2874 help 2875 This option enables system support for the Traverse Technologies GEOS. 2876 2877config TS5500 2878 bool "Technologic Systems TS-5500 platform support" 2879 depends on MELAN 2880 select CHECK_SIGNATURE 2881 select NEW_LEDS 2882 select LEDS_CLASS 2883 help 2884 This option enables system support for the Technologic Systems TS-5500. 2885 2886endif # X86_32 2887 2888config AMD_NB 2889 def_bool y 2890 depends on CPU_SUP_AMD && PCI 2891 2892endmenu 2893 2894menu "Binary Emulations" 2895 2896config IA32_EMULATION 2897 bool "IA32 Emulation" 2898 depends on X86_64 2899 select ARCH_WANT_OLD_COMPAT_IPC 2900 select BINFMT_ELF 2901 select COMPAT_OLD_SIGACTION 2902 help 2903 Include code to run legacy 32-bit programs under a 2904 64-bit kernel. You should likely turn this on, unless you're 2905 100% sure that you don't have any 32-bit programs left. 2906 2907config X86_X32_ABI 2908 bool "x32 ABI for 64-bit mode" 2909 depends on X86_64 2910 # llvm-objcopy does not convert x86_64 .note.gnu.property or 2911 # compressed debug sections to x86_x32 properly: 2912 # https://github.com/ClangBuiltLinux/linux/issues/514 2913 # https://github.com/ClangBuiltLinux/linux/issues/1141 2914 depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm) 2915 help 2916 Include code to run binaries for the x32 native 32-bit ABI 2917 for 64-bit processors. An x32 process gets access to the 2918 full 64-bit register file and wide data path while leaving 2919 pointers at 32 bits for smaller memory footprint. 2920 2921config COMPAT_32 2922 def_bool y 2923 depends on IA32_EMULATION || X86_32 2924 select HAVE_UID16 2925 select OLD_SIGSUSPEND3 2926 2927config COMPAT 2928 def_bool y 2929 depends on IA32_EMULATION || X86_X32_ABI 2930 2931config COMPAT_FOR_U64_ALIGNMENT 2932 def_bool y 2933 depends on COMPAT 2934 2935endmenu 2936 2937config HAVE_ATOMIC_IOMAP 2938 def_bool y 2939 depends on X86_32 2940 2941source "arch/x86/kvm/Kconfig" 2942 2943source "arch/x86/Kconfig.assembler" 2944