1# SPDX-License-Identifier: GPL-2.0 2# Select 32 or 64 bit 3config 64BIT 4 bool "64-bit kernel" if "$(ARCH)" = "x86" 5 default "$(ARCH)" != "i386" 6 help 7 Say yes to build a 64-bit kernel - formerly known as x86_64 8 Say no to build a 32-bit kernel - formerly known as i386 9 10config X86_32 11 def_bool y 12 depends on !64BIT 13 # Options that are inherently 32-bit kernel only: 14 select ARCH_WANT_IPC_PARSE_VERSION 15 select CLKSRC_I8253 16 select CLONE_BACKWARDS 17 select GENERIC_VDSO_32 18 select HAVE_DEBUG_STACKOVERFLOW 19 select KMAP_LOCAL 20 select MODULES_USE_ELF_REL 21 select OLD_SIGACTION 22 select ARCH_SPLIT_ARG64 23 24config X86_64 25 def_bool y 26 depends on 64BIT 27 # Options that are inherently 64-bit kernel only: 28 select ARCH_HAS_GIGANTIC_PAGE 29 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 30 select ARCH_SUPPORTS_PER_VMA_LOCK 31 select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE 32 select HAVE_ARCH_SOFT_DIRTY 33 select MODULES_USE_ELF_RELA 34 select NEED_DMA_MAP_STATE 35 select SWIOTLB 36 select ARCH_HAS_ELFCORE_COMPAT 37 select ZONE_DMA32 38 select EXECMEM if DYNAMIC_FTRACE 39 40config FORCE_DYNAMIC_FTRACE 41 def_bool y 42 depends on X86_32 43 depends on FUNCTION_TRACER 44 select DYNAMIC_FTRACE 45 help 46 We keep the static function tracing (!DYNAMIC_FTRACE) around 47 in order to test the non static function tracing in the 48 generic code, as other architectures still use it. But we 49 only need to keep it around for x86_64. No need to keep it 50 for x86_32. For x86_32, force DYNAMIC_FTRACE. 51# 52# Arch settings 53# 54# ( Note that options that are marked 'if X86_64' could in principle be 55# ported to 32-bit as well. ) 56# 57config X86 58 def_bool y 59 # 60 # Note: keep this list sorted alphabetically 61 # 62 select ACPI_LEGACY_TABLES_LOOKUP if ACPI 63 select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI 64 select ACPI_HOTPLUG_CPU if ACPI_PROCESSOR && HOTPLUG_CPU 65 select ARCH_32BIT_OFF_T if X86_32 66 select ARCH_CLOCKSOURCE_INIT 67 select ARCH_CONFIGURES_CPU_MITIGATIONS 68 select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE 69 select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION 70 select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64 71 select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG 72 select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE) 73 select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE 74 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI 75 select ARCH_HAS_CACHE_LINE_SIZE 76 select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION 77 select ARCH_HAS_CPU_FINALIZE_INIT 78 select ARCH_HAS_CPU_PASID if IOMMU_SVA 79 select ARCH_HAS_CRC32 80 select ARCH_HAS_CRC_T10DIF if X86_64 81 select ARCH_HAS_CURRENT_STACK_POINTER 82 select ARCH_HAS_DEBUG_VIRTUAL 83 select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE 84 select ARCH_HAS_DEVMEM_IS_ALLOWED 85 select ARCH_HAS_DMA_OPS if GART_IOMMU || XEN 86 select ARCH_HAS_EARLY_DEBUG if KGDB 87 select ARCH_HAS_ELF_RANDOMIZE 88 select ARCH_HAS_FAST_MULTIPLIER 89 select ARCH_HAS_FORTIFY_SOURCE 90 select ARCH_HAS_GCOV_PROFILE_ALL 91 select ARCH_HAS_KCOV if X86_64 92 select ARCH_HAS_KERNEL_FPU_SUPPORT 93 select ARCH_HAS_MEM_ENCRYPT 94 select ARCH_HAS_MEMBARRIER_SYNC_CORE 95 select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS 96 select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE 97 select ARCH_HAS_PMEM_API if X86_64 98 select ARCH_HAS_PREEMPT_LAZY 99 select ARCH_HAS_PTE_DEVMAP if X86_64 100 select ARCH_HAS_PTE_SPECIAL 101 select ARCH_HAS_HW_PTE_YOUNG 102 select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2 103 select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64 104 select ARCH_HAS_COPY_MC if X86_64 105 select ARCH_HAS_SET_MEMORY 106 select ARCH_HAS_SET_DIRECT_MAP 107 select ARCH_HAS_STRICT_KERNEL_RWX 108 select ARCH_HAS_STRICT_MODULE_RWX 109 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE 110 select ARCH_HAS_SYSCALL_WRAPPER 111 select ARCH_HAS_UBSAN 112 select ARCH_HAS_DEBUG_WX 113 select ARCH_HAS_ZONE_DMA_SET if EXPERT 114 select ARCH_HAVE_NMI_SAFE_CMPXCHG 115 select ARCH_HAVE_EXTRA_ELF_NOTES 116 select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE 117 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI 118 select ARCH_MIGHT_HAVE_PC_PARPORT 119 select ARCH_MIGHT_HAVE_PC_SERIO 120 select ARCH_STACKWALK 121 select ARCH_SUPPORTS_ACPI 122 select ARCH_SUPPORTS_ATOMIC_RMW 123 select ARCH_SUPPORTS_DEBUG_PAGEALLOC 124 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64 125 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64 126 select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096 127 select ARCH_SUPPORTS_CFI_CLANG if X86_64 128 select ARCH_USES_CFI_TRAPS if X86_64 && CFI_CLANG 129 select ARCH_SUPPORTS_LTO_CLANG 130 select ARCH_SUPPORTS_LTO_CLANG_THIN 131 select ARCH_SUPPORTS_RT 132 select ARCH_SUPPORTS_AUTOFDO_CLANG 133 select ARCH_SUPPORTS_PROPELLER_CLANG if X86_64 134 select ARCH_USE_BUILTIN_BSWAP 135 select ARCH_USE_CMPXCHG_LOCKREF if X86_CMPXCHG64 136 select ARCH_USE_MEMTEST 137 select ARCH_USE_QUEUED_RWLOCKS 138 select ARCH_USE_QUEUED_SPINLOCKS 139 select ARCH_USE_SYM_ANNOTATIONS 140 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH 141 select ARCH_WANT_DEFAULT_BPF_JIT if X86_64 142 select ARCH_WANTS_DYNAMIC_TASK_STRUCT 143 select ARCH_WANTS_NO_INSTR 144 select ARCH_WANT_GENERAL_HUGETLB 145 select ARCH_WANT_HUGE_PMD_SHARE 146 select ARCH_WANT_LD_ORPHAN_WARN 147 select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 148 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64 149 select ARCH_WANTS_THP_SWAP if X86_64 150 select ARCH_HAS_PARANOID_L1D_FLUSH 151 select BUILDTIME_TABLE_SORT 152 select CLKEVT_I8253 153 select CLOCKSOURCE_WATCHDOG 154 # Word-size accesses may read uninitialized data past the trailing \0 155 # in strings and cause false KMSAN reports. 156 select DCACHE_WORD_ACCESS if !KMSAN 157 select DYNAMIC_SIGFRAME 158 select EDAC_ATOMIC_SCRUB 159 select EDAC_SUPPORT 160 select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC) 161 select GENERIC_CLOCKEVENTS_BROADCAST_IDLE if GENERIC_CLOCKEVENTS_BROADCAST 162 select GENERIC_CLOCKEVENTS_MIN_ADJUST 163 select GENERIC_CMOS_UPDATE 164 select GENERIC_CPU_AUTOPROBE 165 select GENERIC_CPU_DEVICES 166 select GENERIC_CPU_VULNERABILITIES 167 select GENERIC_EARLY_IOREMAP 168 select GENERIC_ENTRY 169 select GENERIC_IOMAP 170 select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP 171 select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC 172 select GENERIC_IRQ_MIGRATION if SMP 173 select GENERIC_IRQ_PROBE 174 select GENERIC_IRQ_RESERVATION_MODE 175 select GENERIC_IRQ_SHOW 176 select GENERIC_PENDING_IRQ if SMP 177 select GENERIC_PTDUMP 178 select GENERIC_SMP_IDLE_THREAD 179 select GENERIC_TIME_VSYSCALL 180 select GENERIC_GETTIMEOFDAY 181 select GENERIC_VDSO_TIME_NS 182 select GENERIC_VDSO_OVERFLOW_PROTECT 183 select GUP_GET_PXX_LOW_HIGH if X86_PAE 184 select HARDIRQS_SW_RESEND 185 select HARDLOCKUP_CHECK_TIMESTAMP if X86_64 186 select HAS_IOPORT 187 select HAVE_ACPI_APEI if ACPI 188 select HAVE_ACPI_APEI_NMI if ACPI 189 select HAVE_ALIGNED_STRUCT_PAGE 190 select HAVE_ARCH_AUDITSYSCALL 191 select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE 192 select HAVE_ARCH_HUGE_VMALLOC if X86_64 193 select HAVE_ARCH_JUMP_LABEL 194 select HAVE_ARCH_JUMP_LABEL_RELATIVE 195 select HAVE_ARCH_KASAN if X86_64 196 select HAVE_ARCH_KASAN_VMALLOC if X86_64 197 select HAVE_ARCH_KFENCE 198 select HAVE_ARCH_KMSAN if X86_64 199 select HAVE_ARCH_KGDB 200 select HAVE_ARCH_MMAP_RND_BITS if MMU 201 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT 202 select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT 203 select HAVE_ARCH_PREL32_RELOCATIONS 204 select HAVE_ARCH_SECCOMP_FILTER 205 select HAVE_ARCH_THREAD_STRUCT_WHITELIST 206 select HAVE_ARCH_STACKLEAK 207 select HAVE_ARCH_TRACEHOOK 208 select HAVE_ARCH_TRANSPARENT_HUGEPAGE 209 select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64 210 select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD 211 select HAVE_ARCH_USERFAULTFD_MINOR if X86_64 && USERFAULTFD 212 select HAVE_ARCH_VMAP_STACK if X86_64 213 select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET 214 select HAVE_ARCH_WITHIN_STACK_FRAMES 215 select HAVE_ASM_MODVERSIONS 216 select HAVE_CMPXCHG_DOUBLE 217 select HAVE_CMPXCHG_LOCAL 218 select HAVE_CONTEXT_TRACKING_USER if X86_64 219 select HAVE_CONTEXT_TRACKING_USER_OFFSTACK if HAVE_CONTEXT_TRACKING_USER 220 select HAVE_C_RECORDMCOUNT 221 select HAVE_OBJTOOL_MCOUNT if HAVE_OBJTOOL 222 select HAVE_OBJTOOL_NOP_MCOUNT if HAVE_OBJTOOL_MCOUNT 223 select HAVE_BUILDTIME_MCOUNT_SORT 224 select HAVE_DEBUG_KMEMLEAK 225 select HAVE_DMA_CONTIGUOUS 226 select HAVE_DYNAMIC_FTRACE 227 select HAVE_DYNAMIC_FTRACE_WITH_REGS 228 select HAVE_DYNAMIC_FTRACE_WITH_ARGS if X86_64 229 select HAVE_FTRACE_REGS_HAVING_PT_REGS if X86_64 230 select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS 231 select HAVE_SAMPLE_FTRACE_DIRECT if X86_64 232 select HAVE_SAMPLE_FTRACE_DIRECT_MULTI if X86_64 233 select HAVE_EBPF_JIT 234 select HAVE_EFFICIENT_UNALIGNED_ACCESS 235 select HAVE_EISA 236 select HAVE_EXIT_THREAD 237 select HAVE_GUP_FAST 238 select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE 239 select HAVE_FTRACE_GRAPH_FUNC if HAVE_FUNCTION_GRAPH_TRACER 240 select HAVE_FTRACE_MCOUNT_RECORD 241 select HAVE_FUNCTION_GRAPH_FREGS if HAVE_FUNCTION_GRAPH_TRACER 242 select HAVE_FUNCTION_GRAPH_TRACER if X86_32 || (X86_64 && DYNAMIC_FTRACE) 243 select HAVE_FUNCTION_TRACER 244 select HAVE_GCC_PLUGINS 245 select HAVE_HW_BREAKPOINT 246 select HAVE_IOREMAP_PROT 247 select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 248 select HAVE_IRQ_TIME_ACCOUNTING 249 select HAVE_JUMP_LABEL_HACK if HAVE_OBJTOOL 250 select HAVE_KERNEL_BZIP2 251 select HAVE_KERNEL_GZIP 252 select HAVE_KERNEL_LZ4 253 select HAVE_KERNEL_LZMA 254 select HAVE_KERNEL_LZO 255 select HAVE_KERNEL_XZ 256 select HAVE_KERNEL_ZSTD 257 select HAVE_KPROBES 258 select HAVE_KPROBES_ON_FTRACE 259 select HAVE_FUNCTION_ERROR_INJECTION 260 select HAVE_KRETPROBES 261 select HAVE_RETHOOK 262 select HAVE_LIVEPATCH if X86_64 263 select HAVE_MIXED_BREAKPOINTS_REGS 264 select HAVE_MOD_ARCH_SPECIFIC 265 select HAVE_MOVE_PMD 266 select HAVE_MOVE_PUD 267 select HAVE_NOINSTR_HACK if HAVE_OBJTOOL 268 select HAVE_NMI 269 select HAVE_NOINSTR_VALIDATION if HAVE_OBJTOOL 270 select HAVE_OBJTOOL if X86_64 271 select HAVE_OPTPROBES 272 select HAVE_PAGE_SIZE_4KB 273 select HAVE_PCSPKR_PLATFORM 274 select HAVE_PERF_EVENTS 275 select HAVE_PERF_EVENTS_NMI 276 select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI 277 select HAVE_PCI 278 select HAVE_PERF_REGS 279 select HAVE_PERF_USER_STACK_DUMP 280 select MMU_GATHER_RCU_TABLE_FREE if PARAVIRT 281 select MMU_GATHER_MERGE_VMAS 282 select HAVE_POSIX_CPU_TIMERS_TASK_WORK 283 select HAVE_REGS_AND_STACK_ACCESS_API 284 select HAVE_RELIABLE_STACKTRACE if UNWINDER_ORC || STACK_VALIDATION 285 select HAVE_FUNCTION_ARG_ACCESS_API 286 select HAVE_SETUP_PER_CPU_AREA 287 select HAVE_SOFTIRQ_ON_OWN_STACK 288 select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR 289 select HAVE_STACK_VALIDATION if HAVE_OBJTOOL 290 select HAVE_STATIC_CALL 291 select HAVE_STATIC_CALL_INLINE if HAVE_OBJTOOL 292 select HAVE_PREEMPT_DYNAMIC_CALL 293 select HAVE_RSEQ 294 select HAVE_RUST if X86_64 295 select HAVE_SYSCALL_TRACEPOINTS 296 select HAVE_UACCESS_VALIDATION if HAVE_OBJTOOL 297 select HAVE_UNSTABLE_SCHED_CLOCK 298 select HAVE_USER_RETURN_NOTIFIER 299 select HAVE_GENERIC_VDSO 300 select VDSO_GETRANDOM if X86_64 301 select HOTPLUG_PARALLEL if SMP && X86_64 302 select HOTPLUG_SMT if SMP 303 select HOTPLUG_SPLIT_STARTUP if SMP && X86_32 304 select IRQ_FORCED_THREADING 305 select LOCK_MM_AND_FIND_VMA 306 select NEED_PER_CPU_EMBED_FIRST_CHUNK 307 select NEED_PER_CPU_PAGE_FIRST_CHUNK 308 select NEED_SG_DMA_LENGTH 309 select NUMA_MEMBLKS if NUMA 310 select PCI_DOMAINS if PCI 311 select PCI_LOCKLESS_CONFIG if PCI 312 select PERF_EVENTS 313 select RTC_LIB 314 select RTC_MC146818_LIB 315 select SPARSE_IRQ 316 select SYSCTL_EXCEPTION_TRACE 317 select THREAD_INFO_IN_TASK 318 select TRACE_IRQFLAGS_SUPPORT 319 select TRACE_IRQFLAGS_NMI_SUPPORT 320 select USER_STACKTRACE_SUPPORT 321 select HAVE_ARCH_KCSAN if X86_64 322 select PROC_PID_ARCH_STATUS if PROC_FS 323 select HAVE_ARCH_NODE_DEV_GROUP if X86_SGX 324 select FUNCTION_ALIGNMENT_16B if X86_64 || X86_ALIGNMENT_16 325 select FUNCTION_ALIGNMENT_4B 326 imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI 327 select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE 328 select ARCH_SUPPORTS_PT_RECLAIM if X86_64 329 330config INSTRUCTION_DECODER 331 def_bool y 332 depends on KPROBES || PERF_EVENTS || UPROBES 333 334config OUTPUT_FORMAT 335 string 336 default "elf32-i386" if X86_32 337 default "elf64-x86-64" if X86_64 338 339config LOCKDEP_SUPPORT 340 def_bool y 341 342config STACKTRACE_SUPPORT 343 def_bool y 344 345config MMU 346 def_bool y 347 348config ARCH_MMAP_RND_BITS_MIN 349 default 28 if 64BIT 350 default 8 351 352config ARCH_MMAP_RND_BITS_MAX 353 default 32 if 64BIT 354 default 16 355 356config ARCH_MMAP_RND_COMPAT_BITS_MIN 357 default 8 358 359config ARCH_MMAP_RND_COMPAT_BITS_MAX 360 default 16 361 362config SBUS 363 bool 364 365config GENERIC_ISA_DMA 366 def_bool y 367 depends on ISA_DMA_API 368 369config GENERIC_CSUM 370 bool 371 default y if KMSAN || KASAN 372 373config GENERIC_BUG 374 def_bool y 375 depends on BUG 376 select GENERIC_BUG_RELATIVE_POINTERS if X86_64 377 378config GENERIC_BUG_RELATIVE_POINTERS 379 bool 380 381config ARCH_MAY_HAVE_PC_FDC 382 def_bool y 383 depends on ISA_DMA_API 384 385config GENERIC_CALIBRATE_DELAY 386 def_bool y 387 388config ARCH_HAS_CPU_RELAX 389 def_bool y 390 391config ARCH_HIBERNATION_POSSIBLE 392 def_bool y 393 394config ARCH_SUSPEND_POSSIBLE 395 def_bool y 396 397config AUDIT_ARCH 398 def_bool y if X86_64 399 400config KASAN_SHADOW_OFFSET 401 hex 402 depends on KASAN 403 default 0xdffffc0000000000 404 405config HAVE_INTEL_TXT 406 def_bool y 407 depends on INTEL_IOMMU && ACPI 408 409config X86_64_SMP 410 def_bool y 411 depends on X86_64 && SMP 412 413config ARCH_SUPPORTS_UPROBES 414 def_bool y 415 416config FIX_EARLYCON_MEM 417 def_bool y 418 419config DYNAMIC_PHYSICAL_MASK 420 bool 421 422config PGTABLE_LEVELS 423 int 424 default 5 if X86_5LEVEL 425 default 4 if X86_64 426 default 3 if X86_PAE 427 default 2 428 429config CC_HAS_SANE_STACKPROTECTOR 430 bool 431 default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT 432 default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) 433 help 434 We have to make sure stack protector is unconditionally disabled if 435 the compiler produces broken code or if it does not let us control 436 the segment on 32-bit kernels. 437 438menu "Processor type and features" 439 440config SMP 441 bool "Symmetric multi-processing support" 442 help 443 This enables support for systems with more than one CPU. If you have 444 a system with only one CPU, say N. If you have a system with more 445 than one CPU, say Y. 446 447 If you say N here, the kernel will run on uni- and multiprocessor 448 machines, but will use only one CPU of a multiprocessor machine. If 449 you say Y here, the kernel will run on many, but not all, 450 uniprocessor machines. On a uniprocessor machine, the kernel 451 will run faster if you say N here. 452 453 Note that if you say Y here and choose architecture "586" or 454 "Pentium" under "Processor family", the kernel will not work on 486 455 architectures. Similarly, multiprocessor kernels for the "PPro" 456 architecture may not work on all Pentium based boards. 457 458 People using multiprocessor machines who say Y here should also say 459 Y to "Enhanced Real Time Clock Support", below. The "Advanced Power 460 Management" code will be disabled if you say Y here. 461 462 See also <file:Documentation/arch/x86/i386/IO-APIC.rst>, 463 <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at 464 <http://www.tldp.org/docs.html#howto>. 465 466 If you don't know what to do here, say N. 467 468config X86_X2APIC 469 bool "Support x2apic" 470 depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST) 471 help 472 This enables x2apic support on CPUs that have this feature. 473 474 This allows 32-bit apic IDs (so it can support very large systems), 475 and accesses the local apic via MSRs not via mmio. 476 477 Some Intel systems circa 2022 and later are locked into x2APIC mode 478 and can not fall back to the legacy APIC modes if SGX or TDX are 479 enabled in the BIOS. They will boot with very reduced functionality 480 without enabling this option. 481 482 If you don't know what to do here, say N. 483 484config X86_POSTED_MSI 485 bool "Enable MSI and MSI-x delivery by posted interrupts" 486 depends on X86_64 && IRQ_REMAP 487 help 488 This enables MSIs that are under interrupt remapping to be delivered as 489 posted interrupts to the host kernel. Interrupt throughput can 490 potentially be improved by coalescing CPU notifications during high 491 frequency bursts. 492 493 If you don't know what to do here, say N. 494 495config X86_MPPARSE 496 bool "Enable MPS table" if ACPI 497 default y 498 depends on X86_LOCAL_APIC 499 help 500 For old smp systems that do not have proper acpi support. Newer systems 501 (esp with 64bit cpus) with acpi support, MADT and DSDT will override it 502 503config X86_CPU_RESCTRL 504 bool "x86 CPU resource control support" 505 depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD) 506 select KERNFS 507 select PROC_CPU_RESCTRL if PROC_FS 508 help 509 Enable x86 CPU resource control support. 510 511 Provide support for the allocation and monitoring of system resources 512 usage by the CPU. 513 514 Intel calls this Intel Resource Director Technology 515 (Intel(R) RDT). More information about RDT can be found in the 516 Intel x86 Architecture Software Developer Manual. 517 518 AMD calls this AMD Platform Quality of Service (AMD QoS). 519 More information about AMD QoS can be found in the AMD64 Technology 520 Platform Quality of Service Extensions manual. 521 522 Say N if unsure. 523 524config X86_FRED 525 bool "Flexible Return and Event Delivery" 526 depends on X86_64 527 help 528 When enabled, try to use Flexible Return and Event Delivery 529 instead of the legacy SYSCALL/SYSENTER/IDT architecture for 530 ring transitions and exception/interrupt handling if the 531 system supports it. 532 533config X86_BIGSMP 534 bool "Support for big SMP systems with more than 8 CPUs" 535 depends on SMP && X86_32 536 help 537 This option is needed for the systems that have more than 8 CPUs. 538 539config X86_EXTENDED_PLATFORM 540 bool "Support for extended (non-PC) x86 platforms" 541 default y 542 help 543 If you disable this option then the kernel will only support 544 standard PC platforms. (which covers the vast majority of 545 systems out there.) 546 547 If you enable this option then you'll be able to select support 548 for the following non-PC x86 platforms, depending on the value of 549 CONFIG_64BIT. 550 551 32-bit platforms (CONFIG_64BIT=n): 552 Goldfish (Android emulator) 553 AMD Elan 554 RDC R-321x SoC 555 SGI 320/540 (Visual Workstation) 556 STA2X11-based (e.g. Northville) 557 Moorestown MID devices 558 559 64-bit platforms (CONFIG_64BIT=y): 560 Numascale NumaChip 561 ScaleMP vSMP 562 SGI Ultraviolet 563 564 If you have one of these systems, or if you want to build a 565 generic distribution kernel, say Y here - otherwise say N. 566 567# This is an alphabetically sorted list of 64 bit extended platforms 568# Please maintain the alphabetic order if and when there are additions 569config X86_NUMACHIP 570 bool "Numascale NumaChip" 571 depends on X86_64 572 depends on X86_EXTENDED_PLATFORM 573 depends on NUMA 574 depends on SMP 575 depends on X86_X2APIC 576 depends on PCI_MMCONFIG 577 help 578 Adds support for Numascale NumaChip large-SMP systems. Needed to 579 enable more than ~168 cores. 580 If you don't have one of these, you should say N here. 581 582config X86_VSMP 583 bool "ScaleMP vSMP" 584 select HYPERVISOR_GUEST 585 select PARAVIRT 586 depends on X86_64 && PCI 587 depends on X86_EXTENDED_PLATFORM 588 depends on SMP 589 help 590 Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is 591 supposed to run on these EM64T-based machines. Only choose this option 592 if you have one of these machines. 593 594config X86_UV 595 bool "SGI Ultraviolet" 596 depends on X86_64 597 depends on X86_EXTENDED_PLATFORM 598 depends on NUMA 599 depends on EFI 600 depends on KEXEC_CORE 601 depends on X86_X2APIC 602 depends on PCI 603 help 604 This option is needed in order to support SGI Ultraviolet systems. 605 If you don't have one of these, you should say N here. 606 607# Following is an alphabetically sorted list of 32 bit extended platforms 608# Please maintain the alphabetic order if and when there are additions 609 610config X86_GOLDFISH 611 bool "Goldfish (Virtual Platform)" 612 depends on X86_EXTENDED_PLATFORM 613 help 614 Enable support for the Goldfish virtual platform used primarily 615 for Android development. Unless you are building for the Android 616 Goldfish emulator say N here. 617 618config X86_INTEL_CE 619 bool "CE4100 TV platform" 620 depends on PCI 621 depends on PCI_GODIRECT 622 depends on X86_IO_APIC 623 depends on X86_32 624 depends on X86_EXTENDED_PLATFORM 625 select X86_REBOOTFIXUPS 626 select OF 627 select OF_EARLY_FLATTREE 628 help 629 Select for the Intel CE media processor (CE4100) SOC. 630 This option compiles in support for the CE4100 SOC for settop 631 boxes and media devices. 632 633config X86_INTEL_MID 634 bool "Intel MID platform support" 635 depends on X86_EXTENDED_PLATFORM 636 depends on X86_PLATFORM_DEVICES 637 depends on PCI 638 depends on X86_64 || (PCI_GOANY && X86_32) 639 depends on X86_IO_APIC 640 select I2C 641 select DW_APB_TIMER 642 select INTEL_SCU_PCI 643 help 644 Select to build a kernel capable of supporting Intel MID (Mobile 645 Internet Device) platform systems which do not have the PCI legacy 646 interfaces. If you are building for a PC class system say N here. 647 648 Intel MID platforms are based on an Intel processor and chipset which 649 consume less power than most of the x86 derivatives. 650 651config X86_INTEL_QUARK 652 bool "Intel Quark platform support" 653 depends on X86_32 654 depends on X86_EXTENDED_PLATFORM 655 depends on X86_PLATFORM_DEVICES 656 depends on X86_TSC 657 depends on PCI 658 depends on PCI_GOANY 659 depends on X86_IO_APIC 660 select IOSF_MBI 661 select INTEL_IMR 662 select COMMON_CLK 663 help 664 Select to include support for Quark X1000 SoC. 665 Say Y here if you have a Quark based system such as the Arduino 666 compatible Intel Galileo. 667 668config X86_INTEL_LPSS 669 bool "Intel Low Power Subsystem Support" 670 depends on X86 && ACPI && PCI 671 select COMMON_CLK 672 select PINCTRL 673 select IOSF_MBI 674 help 675 Select to build support for Intel Low Power Subsystem such as 676 found on Intel Lynxpoint PCH. Selecting this option enables 677 things like clock tree (common clock framework) and pincontrol 678 which are needed by the LPSS peripheral drivers. 679 680config X86_AMD_PLATFORM_DEVICE 681 bool "AMD ACPI2Platform devices support" 682 depends on ACPI 683 select COMMON_CLK 684 select PINCTRL 685 help 686 Select to interpret AMD specific ACPI device to platform device 687 such as I2C, UART, GPIO found on AMD Carrizo and later chipsets. 688 I2C and UART depend on COMMON_CLK to set clock. GPIO driver is 689 implemented under PINCTRL subsystem. 690 691config IOSF_MBI 692 tristate "Intel SoC IOSF Sideband support for SoC platforms" 693 depends on PCI 694 help 695 This option enables sideband register access support for Intel SoC 696 platforms. On these platforms the IOSF sideband is used in lieu of 697 MSR's for some register accesses, mostly but not limited to thermal 698 and power. Drivers may query the availability of this device to 699 determine if they need the sideband in order to work on these 700 platforms. The sideband is available on the following SoC products. 701 This list is not meant to be exclusive. 702 - BayTrail 703 - Braswell 704 - Quark 705 706 You should say Y if you are running a kernel on one of these SoC's. 707 708config IOSF_MBI_DEBUG 709 bool "Enable IOSF sideband access through debugfs" 710 depends on IOSF_MBI && DEBUG_FS 711 help 712 Select this option to expose the IOSF sideband access registers (MCR, 713 MDR, MCRX) through debugfs to write and read register information from 714 different units on the SoC. This is most useful for obtaining device 715 state information for debug and analysis. As this is a general access 716 mechanism, users of this option would have specific knowledge of the 717 device they want to access. 718 719 If you don't require the option or are in doubt, say N. 720 721config X86_RDC321X 722 bool "RDC R-321x SoC" 723 depends on X86_32 724 depends on X86_EXTENDED_PLATFORM 725 select M486 726 select X86_REBOOTFIXUPS 727 help 728 This option is needed for RDC R-321x system-on-chip, also known 729 as R-8610-(G). 730 If you don't have one of these chips, you should say N here. 731 732config X86_32_NON_STANDARD 733 bool "Support non-standard 32-bit SMP architectures" 734 depends on X86_32 && SMP 735 depends on X86_EXTENDED_PLATFORM 736 help 737 This option compiles in the bigsmp and STA2X11 default 738 subarchitectures. It is intended for a generic binary 739 kernel. If you select them all, kernel will probe it one by 740 one and will fallback to default. 741 742# Alphabetically sorted list of Non standard 32 bit platforms 743 744config X86_SUPPORTS_MEMORY_FAILURE 745 def_bool y 746 # MCE code calls memory_failure(): 747 depends on X86_MCE 748 # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags: 749 # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH: 750 depends on X86_64 || !SPARSEMEM 751 select ARCH_SUPPORTS_MEMORY_FAILURE 752 753config STA2X11 754 bool "STA2X11 Companion Chip Support" 755 depends on X86_32_NON_STANDARD && PCI 756 select SWIOTLB 757 select MFD_STA2X11 758 select GPIOLIB 759 help 760 This adds support for boards based on the STA2X11 IO-Hub, 761 a.k.a. "ConneXt". The chip is used in place of the standard 762 PC chipset, so all "standard" peripherals are missing. If this 763 option is selected the kernel will still be able to boot on 764 standard PC machines. 765 766config X86_32_IRIS 767 tristate "Eurobraille/Iris poweroff module" 768 depends on X86_32 769 help 770 The Iris machines from EuroBraille do not have APM or ACPI support 771 to shut themselves down properly. A special I/O sequence is 772 needed to do so, which is what this module does at 773 kernel shutdown. 774 775 This is only for Iris machines from EuroBraille. 776 777 If unused, say N. 778 779config SCHED_OMIT_FRAME_POINTER 780 def_bool y 781 prompt "Single-depth WCHAN output" 782 depends on X86 783 help 784 Calculate simpler /proc/<PID>/wchan values. If this option 785 is disabled then wchan values will recurse back to the 786 caller function. This provides more accurate wchan values, 787 at the expense of slightly more scheduling overhead. 788 789 If in doubt, say "Y". 790 791menuconfig HYPERVISOR_GUEST 792 bool "Linux guest support" 793 help 794 Say Y here to enable options for running Linux under various hyper- 795 visors. This option enables basic hypervisor detection and platform 796 setup. 797 798 If you say N, all options in this submenu will be skipped and 799 disabled, and Linux guest support won't be built in. 800 801if HYPERVISOR_GUEST 802 803config PARAVIRT 804 bool "Enable paravirtualization code" 805 depends on HAVE_STATIC_CALL 806 help 807 This changes the kernel so it can modify itself when it is run 808 under a hypervisor, potentially improving performance significantly 809 over full virtualization. However, when run without a hypervisor 810 the kernel is theoretically slower and slightly larger. 811 812config PARAVIRT_XXL 813 bool 814 815config PARAVIRT_DEBUG 816 bool "paravirt-ops debugging" 817 depends on PARAVIRT && DEBUG_KERNEL 818 help 819 Enable to debug paravirt_ops internals. Specifically, BUG if 820 a paravirt_op is missing when it is called. 821 822config PARAVIRT_SPINLOCKS 823 bool "Paravirtualization layer for spinlocks" 824 depends on PARAVIRT && SMP 825 help 826 Paravirtualized spinlocks allow a pvops backend to replace the 827 spinlock implementation with something virtualization-friendly 828 (for example, block the virtual CPU rather than spinning). 829 830 It has a minimal impact on native kernels and gives a nice performance 831 benefit on paravirtualized KVM / Xen kernels. 832 833 If you are unsure how to answer this question, answer Y. 834 835config X86_HV_CALLBACK_VECTOR 836 def_bool n 837 838source "arch/x86/xen/Kconfig" 839 840config KVM_GUEST 841 bool "KVM Guest support (including kvmclock)" 842 depends on PARAVIRT 843 select PARAVIRT_CLOCK 844 select ARCH_CPUIDLE_HALTPOLL 845 select X86_HV_CALLBACK_VECTOR 846 default y 847 help 848 This option enables various optimizations for running under the KVM 849 hypervisor. It includes a paravirtualized clock, so that instead 850 of relying on a PIT (or probably other) emulation by the 851 underlying device model, the host provides the guest with 852 timing infrastructure such as time of day, and system time 853 854config ARCH_CPUIDLE_HALTPOLL 855 def_bool n 856 prompt "Disable host haltpoll when loading haltpoll driver" 857 help 858 If virtualized under KVM, disable host haltpoll. 859 860config PVH 861 bool "Support for running PVH guests" 862 help 863 This option enables the PVH entry point for guest virtual machines 864 as specified in the x86/HVM direct boot ABI. 865 866config PARAVIRT_TIME_ACCOUNTING 867 bool "Paravirtual steal time accounting" 868 depends on PARAVIRT 869 help 870 Select this option to enable fine granularity task steal time 871 accounting. Time spent executing other tasks in parallel with 872 the current vCPU is discounted from the vCPU power. To account for 873 that, there can be a small performance impact. 874 875 If in doubt, say N here. 876 877config PARAVIRT_CLOCK 878 bool 879 880config JAILHOUSE_GUEST 881 bool "Jailhouse non-root cell support" 882 depends on X86_64 && PCI 883 select X86_PM_TIMER 884 help 885 This option allows to run Linux as guest in a Jailhouse non-root 886 cell. You can leave this option disabled if you only want to start 887 Jailhouse and run Linux afterwards in the root cell. 888 889config ACRN_GUEST 890 bool "ACRN Guest support" 891 depends on X86_64 892 select X86_HV_CALLBACK_VECTOR 893 help 894 This option allows to run Linux as guest in the ACRN hypervisor. ACRN is 895 a flexible, lightweight reference open-source hypervisor, built with 896 real-time and safety-criticality in mind. It is built for embedded 897 IOT with small footprint and real-time features. More details can be 898 found in https://projectacrn.org/. 899 900config INTEL_TDX_GUEST 901 bool "Intel TDX (Trust Domain Extensions) - Guest Support" 902 depends on X86_64 && CPU_SUP_INTEL 903 depends on X86_X2APIC 904 depends on EFI_STUB 905 select ARCH_HAS_CC_PLATFORM 906 select X86_MEM_ENCRYPT 907 select X86_MCE 908 select UNACCEPTED_MEMORY 909 help 910 Support running as a guest under Intel TDX. Without this support, 911 the guest kernel can not boot or run under TDX. 912 TDX includes memory encryption and integrity capabilities 913 which protect the confidentiality and integrity of guest 914 memory contents and CPU state. TDX guests are protected from 915 some attacks from the VMM. 916 917endif # HYPERVISOR_GUEST 918 919source "arch/x86/Kconfig.cpu" 920 921config HPET_TIMER 922 def_bool X86_64 923 prompt "HPET Timer Support" if X86_32 924 help 925 Use the IA-PC HPET (High Precision Event Timer) to manage 926 time in preference to the PIT and RTC, if a HPET is 927 present. 928 HPET is the next generation timer replacing legacy 8254s. 929 The HPET provides a stable time base on SMP 930 systems, unlike the TSC, but it is more expensive to access, 931 as it is off-chip. The interface used is documented 932 in the HPET spec, revision 1. 933 934 You can safely choose Y here. However, HPET will only be 935 activated if the platform and the BIOS support this feature. 936 Otherwise the 8254 will be used for timing services. 937 938 Choose N to continue using the legacy 8254 timer. 939 940config HPET_EMULATE_RTC 941 def_bool y 942 depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y) 943 944# Mark as expert because too many people got it wrong. 945# The code disables itself when not needed. 946config DMI 947 default y 948 select DMI_SCAN_MACHINE_NON_EFI_FALLBACK 949 bool "Enable DMI scanning" if EXPERT 950 help 951 Enabled scanning of DMI to identify machine quirks. Say Y 952 here unless you have verified that your setup is not 953 affected by entries in the DMI blacklist. Required by PNP 954 BIOS code. 955 956config GART_IOMMU 957 bool "Old AMD GART IOMMU support" 958 select IOMMU_HELPER 959 select SWIOTLB 960 depends on X86_64 && PCI && AMD_NB 961 help 962 Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron 963 GART based hardware IOMMUs. 964 965 The GART supports full DMA access for devices with 32-bit access 966 limitations, on systems with more than 3 GB. This is usually needed 967 for USB, sound, many IDE/SATA chipsets and some other devices. 968 969 Newer systems typically have a modern AMD IOMMU, supported via 970 the CONFIG_AMD_IOMMU=y config option. 971 972 In normal configurations this driver is only active when needed: 973 there's more than 3 GB of memory and the system contains a 974 32-bit limited device. 975 976 If unsure, say Y. 977 978config BOOT_VESA_SUPPORT 979 bool 980 help 981 If true, at least one selected framebuffer driver can take advantage 982 of VESA video modes set at an early boot stage via the vga= parameter. 983 984config MAXSMP 985 bool "Enable Maximum number of SMP Processors and NUMA Nodes" 986 depends on X86_64 && SMP && DEBUG_KERNEL 987 select CPUMASK_OFFSTACK 988 help 989 Enable maximum number of CPUS and NUMA Nodes for this architecture. 990 If unsure, say N. 991 992# 993# The maximum number of CPUs supported: 994# 995# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT, 996# and which can be configured interactively in the 997# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range. 998# 999# The ranges are different on 32-bit and 64-bit kernels, depending on 1000# hardware capabilities and scalability features of the kernel. 1001# 1002# ( If MAXSMP is enabled we just use the highest possible value and disable 1003# interactive configuration. ) 1004# 1005 1006config NR_CPUS_RANGE_BEGIN 1007 int 1008 default NR_CPUS_RANGE_END if MAXSMP 1009 default 1 if !SMP 1010 default 2 1011 1012config NR_CPUS_RANGE_END 1013 int 1014 depends on X86_32 1015 default 64 if SMP && X86_BIGSMP 1016 default 8 if SMP && !X86_BIGSMP 1017 default 1 if !SMP 1018 1019config NR_CPUS_RANGE_END 1020 int 1021 depends on X86_64 1022 default 8192 if SMP && CPUMASK_OFFSTACK 1023 default 512 if SMP && !CPUMASK_OFFSTACK 1024 default 1 if !SMP 1025 1026config NR_CPUS_DEFAULT 1027 int 1028 depends on X86_32 1029 default 32 if X86_BIGSMP 1030 default 8 if SMP 1031 default 1 if !SMP 1032 1033config NR_CPUS_DEFAULT 1034 int 1035 depends on X86_64 1036 default 8192 if MAXSMP 1037 default 64 if SMP 1038 default 1 if !SMP 1039 1040config NR_CPUS 1041 int "Maximum number of CPUs" if SMP && !MAXSMP 1042 range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END 1043 default NR_CPUS_DEFAULT 1044 help 1045 This allows you to specify the maximum number of CPUs which this 1046 kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum 1047 supported value is 8192, otherwise the maximum value is 512. The 1048 minimum value which makes sense is 2. 1049 1050 This is purely to save memory: each supported CPU adds about 8KB 1051 to the kernel image. 1052 1053config SCHED_CLUSTER 1054 bool "Cluster scheduler support" 1055 depends on SMP 1056 default y 1057 help 1058 Cluster scheduler support improves the CPU scheduler's decision 1059 making when dealing with machines that have clusters of CPUs. 1060 Cluster usually means a couple of CPUs which are placed closely 1061 by sharing mid-level caches, last-level cache tags or internal 1062 busses. 1063 1064config SCHED_SMT 1065 def_bool y if SMP 1066 1067config SCHED_MC 1068 def_bool y 1069 prompt "Multi-core scheduler support" 1070 depends on SMP 1071 help 1072 Multi-core scheduler support improves the CPU scheduler's decision 1073 making when dealing with multi-core CPU chips at a cost of slightly 1074 increased overhead in some places. If unsure say N here. 1075 1076config SCHED_MC_PRIO 1077 bool "CPU core priorities scheduler support" 1078 depends on SCHED_MC 1079 select X86_INTEL_PSTATE if CPU_SUP_INTEL 1080 select X86_AMD_PSTATE if CPU_SUP_AMD && ACPI 1081 select CPU_FREQ 1082 default y 1083 help 1084 Intel Turbo Boost Max Technology 3.0 enabled CPUs have a 1085 core ordering determined at manufacturing time, which allows 1086 certain cores to reach higher turbo frequencies (when running 1087 single threaded workloads) than others. 1088 1089 Enabling this kernel feature teaches the scheduler about 1090 the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the 1091 scheduler's CPU selection logic accordingly, so that higher 1092 overall system performance can be achieved. 1093 1094 This feature will have no effect on CPUs without this feature. 1095 1096 If unsure say Y here. 1097 1098config UP_LATE_INIT 1099 def_bool y 1100 depends on !SMP && X86_LOCAL_APIC 1101 1102config X86_UP_APIC 1103 bool "Local APIC support on uniprocessors" if !PCI_MSI 1104 default PCI_MSI 1105 depends on X86_32 && !SMP && !X86_32_NON_STANDARD 1106 help 1107 A local APIC (Advanced Programmable Interrupt Controller) is an 1108 integrated interrupt controller in the CPU. If you have a single-CPU 1109 system which has a processor with a local APIC, you can say Y here to 1110 enable and use it. If you say Y here even though your machine doesn't 1111 have a local APIC, then the kernel will still run with no slowdown at 1112 all. The local APIC supports CPU-generated self-interrupts (timer, 1113 performance counters), and the NMI watchdog which detects hard 1114 lockups. 1115 1116config X86_UP_IOAPIC 1117 bool "IO-APIC support on uniprocessors" 1118 depends on X86_UP_APIC 1119 help 1120 An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an 1121 SMP-capable replacement for PC-style interrupt controllers. Most 1122 SMP systems and many recent uniprocessor systems have one. 1123 1124 If you have a single-CPU system with an IO-APIC, you can say Y here 1125 to use it. If you say Y here even though your machine doesn't have 1126 an IO-APIC, then the kernel will still run with no slowdown at all. 1127 1128config X86_LOCAL_APIC 1129 def_bool y 1130 depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI 1131 select IRQ_DOMAIN_HIERARCHY 1132 1133config ACPI_MADT_WAKEUP 1134 def_bool y 1135 depends on X86_64 1136 depends on ACPI 1137 depends on SMP 1138 depends on X86_LOCAL_APIC 1139 1140config X86_IO_APIC 1141 def_bool y 1142 depends on X86_LOCAL_APIC || X86_UP_IOAPIC 1143 1144config X86_REROUTE_FOR_BROKEN_BOOT_IRQS 1145 bool "Reroute for broken boot IRQs" 1146 depends on X86_IO_APIC 1147 help 1148 This option enables a workaround that fixes a source of 1149 spurious interrupts. This is recommended when threaded 1150 interrupt handling is used on systems where the generation of 1151 superfluous "boot interrupts" cannot be disabled. 1152 1153 Some chipsets generate a legacy INTx "boot IRQ" when the IRQ 1154 entry in the chipset's IO-APIC is masked (as, e.g. the RT 1155 kernel does during interrupt handling). On chipsets where this 1156 boot IRQ generation cannot be disabled, this workaround keeps 1157 the original IRQ line masked so that only the equivalent "boot 1158 IRQ" is delivered to the CPUs. The workaround also tells the 1159 kernel to set up the IRQ handler on the boot IRQ line. In this 1160 way only one interrupt is delivered to the kernel. Otherwise 1161 the spurious second interrupt may cause the kernel to bring 1162 down (vital) interrupt lines. 1163 1164 Only affects "broken" chipsets. Interrupt sharing may be 1165 increased on these systems. 1166 1167config X86_MCE 1168 bool "Machine Check / overheating reporting" 1169 select GENERIC_ALLOCATOR 1170 default y 1171 help 1172 Machine Check support allows the processor to notify the 1173 kernel if it detects a problem (e.g. overheating, data corruption). 1174 The action the kernel takes depends on the severity of the problem, 1175 ranging from warning messages to halting the machine. 1176 1177config X86_MCELOG_LEGACY 1178 bool "Support for deprecated /dev/mcelog character device" 1179 depends on X86_MCE 1180 help 1181 Enable support for /dev/mcelog which is needed by the old mcelog 1182 userspace logging daemon. Consider switching to the new generation 1183 rasdaemon solution. 1184 1185config X86_MCE_INTEL 1186 def_bool y 1187 prompt "Intel MCE features" 1188 depends on X86_MCE && X86_LOCAL_APIC 1189 help 1190 Additional support for intel specific MCE features such as 1191 the thermal monitor. 1192 1193config X86_MCE_AMD 1194 def_bool y 1195 prompt "AMD MCE features" 1196 depends on X86_MCE && X86_LOCAL_APIC 1197 help 1198 Additional support for AMD specific MCE features such as 1199 the DRAM Error Threshold. 1200 1201config X86_ANCIENT_MCE 1202 bool "Support for old Pentium 5 / WinChip machine checks" 1203 depends on X86_32 && X86_MCE 1204 help 1205 Include support for machine check handling on old Pentium 5 or WinChip 1206 systems. These typically need to be enabled explicitly on the command 1207 line. 1208 1209config X86_MCE_THRESHOLD 1210 depends on X86_MCE_AMD || X86_MCE_INTEL 1211 def_bool y 1212 1213config X86_MCE_INJECT 1214 depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS 1215 tristate "Machine check injector support" 1216 help 1217 Provide support for injecting machine checks for testing purposes. 1218 If you don't know what a machine check is and you don't do kernel 1219 QA it is safe to say n. 1220 1221source "arch/x86/events/Kconfig" 1222 1223config X86_LEGACY_VM86 1224 bool "Legacy VM86 support" 1225 depends on X86_32 1226 help 1227 This option allows user programs to put the CPU into V8086 1228 mode, which is an 80286-era approximation of 16-bit real mode. 1229 1230 Some very old versions of X and/or vbetool require this option 1231 for user mode setting. Similarly, DOSEMU will use it if 1232 available to accelerate real mode DOS programs. However, any 1233 recent version of DOSEMU, X, or vbetool should be fully 1234 functional even without kernel VM86 support, as they will all 1235 fall back to software emulation. Nevertheless, if you are using 1236 a 16-bit DOS program where 16-bit performance matters, vm86 1237 mode might be faster than emulation and you might want to 1238 enable this option. 1239 1240 Note that any app that works on a 64-bit kernel is unlikely to 1241 need this option, as 64-bit kernels don't, and can't, support 1242 V8086 mode. This option is also unrelated to 16-bit protected 1243 mode and is not needed to run most 16-bit programs under Wine. 1244 1245 Enabling this option increases the complexity of the kernel 1246 and slows down exception handling a tiny bit. 1247 1248 If unsure, say N here. 1249 1250config VM86 1251 bool 1252 default X86_LEGACY_VM86 1253 1254config X86_16BIT 1255 bool "Enable support for 16-bit segments" if EXPERT 1256 default y 1257 depends on MODIFY_LDT_SYSCALL 1258 help 1259 This option is required by programs like Wine to run 16-bit 1260 protected mode legacy code on x86 processors. Disabling 1261 this option saves about 300 bytes on i386, or around 6K text 1262 plus 16K runtime memory on x86-64, 1263 1264config X86_ESPFIX32 1265 def_bool y 1266 depends on X86_16BIT && X86_32 1267 1268config X86_ESPFIX64 1269 def_bool y 1270 depends on X86_16BIT && X86_64 1271 1272config X86_VSYSCALL_EMULATION 1273 bool "Enable vsyscall emulation" if EXPERT 1274 default y 1275 depends on X86_64 1276 help 1277 This enables emulation of the legacy vsyscall page. Disabling 1278 it is roughly equivalent to booting with vsyscall=none, except 1279 that it will also disable the helpful warning if a program 1280 tries to use a vsyscall. With this option set to N, offending 1281 programs will just segfault, citing addresses of the form 1282 0xffffffffff600?00. 1283 1284 This option is required by many programs built before 2013, and 1285 care should be used even with newer programs if set to N. 1286 1287 Disabling this option saves about 7K of kernel size and 1288 possibly 4K of additional runtime pagetable memory. 1289 1290config X86_IOPL_IOPERM 1291 bool "IOPERM and IOPL Emulation" 1292 default y 1293 help 1294 This enables the ioperm() and iopl() syscalls which are necessary 1295 for legacy applications. 1296 1297 Legacy IOPL support is an overbroad mechanism which allows user 1298 space aside of accessing all 65536 I/O ports also to disable 1299 interrupts. To gain this access the caller needs CAP_SYS_RAWIO 1300 capabilities and permission from potentially active security 1301 modules. 1302 1303 The emulation restricts the functionality of the syscall to 1304 only allowing the full range I/O port access, but prevents the 1305 ability to disable interrupts from user space which would be 1306 granted if the hardware IOPL mechanism would be used. 1307 1308config TOSHIBA 1309 tristate "Toshiba Laptop support" 1310 depends on X86_32 1311 help 1312 This adds a driver to safely access the System Management Mode of 1313 the CPU on Toshiba portables with a genuine Toshiba BIOS. It does 1314 not work on models with a Phoenix BIOS. The System Management Mode 1315 is used to set the BIOS and power saving options on Toshiba portables. 1316 1317 For information on utilities to make use of this driver see the 1318 Toshiba Linux utilities web site at: 1319 <http://www.buzzard.org.uk/toshiba/>. 1320 1321 Say Y if you intend to run this kernel on a Toshiba portable. 1322 Say N otherwise. 1323 1324config X86_REBOOTFIXUPS 1325 bool "Enable X86 board specific fixups for reboot" 1326 depends on X86_32 1327 help 1328 This enables chipset and/or board specific fixups to be done 1329 in order to get reboot to work correctly. This is only needed on 1330 some combinations of hardware and BIOS. The symptom, for which 1331 this config is intended, is when reboot ends with a stalled/hung 1332 system. 1333 1334 Currently, the only fixup is for the Geode machines using 1335 CS5530A and CS5536 chipsets and the RDC R-321x SoC. 1336 1337 Say Y if you want to enable the fixup. Currently, it's safe to 1338 enable this option even if you don't need it. 1339 Say N otherwise. 1340 1341config MICROCODE 1342 def_bool y 1343 depends on CPU_SUP_AMD || CPU_SUP_INTEL 1344 select CRYPTO_LIB_SHA256 if CPU_SUP_AMD 1345 1346config MICROCODE_INITRD32 1347 def_bool y 1348 depends on MICROCODE && X86_32 && BLK_DEV_INITRD 1349 1350config MICROCODE_LATE_LOADING 1351 bool "Late microcode loading (DANGEROUS)" 1352 default n 1353 depends on MICROCODE && SMP 1354 help 1355 Loading microcode late, when the system is up and executing instructions 1356 is a tricky business and should be avoided if possible. Just the sequence 1357 of synchronizing all cores and SMT threads is one fragile dance which does 1358 not guarantee that cores might not softlock after the loading. Therefore, 1359 use this at your own risk. Late loading taints the kernel unless the 1360 microcode header indicates that it is safe for late loading via the 1361 minimal revision check. This minimal revision check can be enforced on 1362 the kernel command line with "microcode.minrev=Y". 1363 1364config MICROCODE_LATE_FORCE_MINREV 1365 bool "Enforce late microcode loading minimal revision check" 1366 default n 1367 depends on MICROCODE_LATE_LOADING 1368 help 1369 To prevent that users load microcode late which modifies already 1370 in use features, newer microcode patches have a minimum revision field 1371 in the microcode header, which tells the kernel which minimum 1372 revision must be active in the CPU to safely load that new microcode 1373 late into the running system. If disabled the check will not 1374 be enforced but the kernel will be tainted when the minimal 1375 revision check fails. 1376 1377 This minimal revision check can also be controlled via the 1378 "microcode.minrev" parameter on the kernel command line. 1379 1380 If unsure say Y. 1381 1382config X86_MSR 1383 tristate "/dev/cpu/*/msr - Model-specific register support" 1384 help 1385 This device gives privileged processes access to the x86 1386 Model-Specific Registers (MSRs). It is a character device with 1387 major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr. 1388 MSR accesses are directed to a specific CPU on multi-processor 1389 systems. 1390 1391config X86_CPUID 1392 tristate "/dev/cpu/*/cpuid - CPU information support" 1393 help 1394 This device gives processes access to the x86 CPUID instruction to 1395 be executed on a specific processor. It is a character device 1396 with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to 1397 /dev/cpu/31/cpuid. 1398 1399choice 1400 prompt "High Memory Support" 1401 default HIGHMEM4G 1402 depends on X86_32 1403 1404config NOHIGHMEM 1405 bool "off" 1406 help 1407 Linux can use up to 64 Gigabytes of physical memory on x86 systems. 1408 However, the address space of 32-bit x86 processors is only 4 1409 Gigabytes large. That means that, if you have a large amount of 1410 physical memory, not all of it can be "permanently mapped" by the 1411 kernel. The physical memory that's not permanently mapped is called 1412 "high memory". 1413 1414 If you are compiling a kernel which will never run on a machine with 1415 more than 1 Gigabyte total physical RAM, answer "off" here (default 1416 choice and suitable for most users). This will result in a "3GB/1GB" 1417 split: 3GB are mapped so that each process sees a 3GB virtual memory 1418 space and the remaining part of the 4GB virtual memory space is used 1419 by the kernel to permanently map as much physical memory as 1420 possible. 1421 1422 If the machine has between 1 and 4 Gigabytes physical RAM, then 1423 answer "4GB" here. 1424 1425 If more than 4 Gigabytes is used then answer "64GB" here. This 1426 selection turns Intel PAE (Physical Address Extension) mode on. 1427 PAE implements 3-level paging on IA32 processors. PAE is fully 1428 supported by Linux, PAE mode is implemented on all recent Intel 1429 processors (Pentium Pro and better). NOTE: If you say "64GB" here, 1430 then the kernel will not boot on CPUs that don't support PAE! 1431 1432 The actual amount of total physical memory will either be 1433 auto detected or can be forced by using a kernel command line option 1434 such as "mem=256M". (Try "man bootparam" or see the documentation of 1435 your boot loader (lilo or loadlin) about how to pass options to the 1436 kernel at boot time.) 1437 1438 If unsure, say "off". 1439 1440config HIGHMEM4G 1441 bool "4GB" 1442 help 1443 Select this if you have a 32-bit processor and between 1 and 4 1444 gigabytes of physical RAM. 1445 1446config HIGHMEM64G 1447 bool "64GB" 1448 depends on X86_HAVE_PAE 1449 select X86_PAE 1450 help 1451 Select this if you have a 32-bit processor and more than 4 1452 gigabytes of physical RAM. 1453 1454endchoice 1455 1456choice 1457 prompt "Memory split" if EXPERT 1458 default VMSPLIT_3G 1459 depends on X86_32 1460 help 1461 Select the desired split between kernel and user memory. 1462 1463 If the address range available to the kernel is less than the 1464 physical memory installed, the remaining memory will be available 1465 as "high memory". Accessing high memory is a little more costly 1466 than low memory, as it needs to be mapped into the kernel first. 1467 Note that increasing the kernel address space limits the range 1468 available to user programs, making the address space there 1469 tighter. Selecting anything other than the default 3G/1G split 1470 will also likely make your kernel incompatible with binary-only 1471 kernel modules. 1472 1473 If you are not absolutely sure what you are doing, leave this 1474 option alone! 1475 1476 config VMSPLIT_3G 1477 bool "3G/1G user/kernel split" 1478 config VMSPLIT_3G_OPT 1479 depends on !X86_PAE 1480 bool "3G/1G user/kernel split (for full 1G low memory)" 1481 config VMSPLIT_2G 1482 bool "2G/2G user/kernel split" 1483 config VMSPLIT_2G_OPT 1484 depends on !X86_PAE 1485 bool "2G/2G user/kernel split (for full 2G low memory)" 1486 config VMSPLIT_1G 1487 bool "1G/3G user/kernel split" 1488endchoice 1489 1490config PAGE_OFFSET 1491 hex 1492 default 0xB0000000 if VMSPLIT_3G_OPT 1493 default 0x80000000 if VMSPLIT_2G 1494 default 0x78000000 if VMSPLIT_2G_OPT 1495 default 0x40000000 if VMSPLIT_1G 1496 default 0xC0000000 1497 depends on X86_32 1498 1499config HIGHMEM 1500 def_bool y 1501 depends on X86_32 && (HIGHMEM64G || HIGHMEM4G) 1502 1503config X86_PAE 1504 bool "PAE (Physical Address Extension) Support" 1505 depends on X86_32 && X86_HAVE_PAE 1506 select PHYS_ADDR_T_64BIT 1507 select SWIOTLB 1508 help 1509 PAE is required for NX support, and furthermore enables 1510 larger swapspace support for non-overcommit purposes. It 1511 has the cost of more pagetable lookup overhead, and also 1512 consumes more pagetable space per process. 1513 1514config X86_5LEVEL 1515 bool "Enable 5-level page tables support" 1516 default y 1517 select DYNAMIC_MEMORY_LAYOUT 1518 select SPARSEMEM_VMEMMAP 1519 depends on X86_64 1520 help 1521 5-level paging enables access to larger address space: 1522 up to 128 PiB of virtual address space and 4 PiB of 1523 physical address space. 1524 1525 It will be supported by future Intel CPUs. 1526 1527 A kernel with the option enabled can be booted on machines that 1528 support 4- or 5-level paging. 1529 1530 See Documentation/arch/x86/x86_64/5level-paging.rst for more 1531 information. 1532 1533 Say N if unsure. 1534 1535config X86_DIRECT_GBPAGES 1536 def_bool y 1537 depends on X86_64 1538 help 1539 Certain kernel features effectively disable kernel 1540 linear 1 GB mappings (even if the CPU otherwise 1541 supports them), so don't confuse the user by printing 1542 that we have them enabled. 1543 1544config X86_CPA_STATISTICS 1545 bool "Enable statistic for Change Page Attribute" 1546 depends on DEBUG_FS 1547 help 1548 Expose statistics about the Change Page Attribute mechanism, which 1549 helps to determine the effectiveness of preserving large and huge 1550 page mappings when mapping protections are changed. 1551 1552config X86_MEM_ENCRYPT 1553 select ARCH_HAS_FORCE_DMA_UNENCRYPTED 1554 select DYNAMIC_PHYSICAL_MASK 1555 def_bool n 1556 1557config AMD_MEM_ENCRYPT 1558 bool "AMD Secure Memory Encryption (SME) support" 1559 depends on X86_64 && CPU_SUP_AMD 1560 depends on EFI_STUB 1561 select DMA_COHERENT_POOL 1562 select ARCH_USE_MEMREMAP_PROT 1563 select INSTRUCTION_DECODER 1564 select ARCH_HAS_CC_PLATFORM 1565 select X86_MEM_ENCRYPT 1566 select UNACCEPTED_MEMORY 1567 select CRYPTO_LIB_AESGCM 1568 help 1569 Say yes to enable support for the encryption of system memory. 1570 This requires an AMD processor that supports Secure Memory 1571 Encryption (SME). 1572 1573# Common NUMA Features 1574config NUMA 1575 bool "NUMA Memory Allocation and Scheduler Support" 1576 depends on SMP 1577 depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP) 1578 default y if X86_BIGSMP 1579 select USE_PERCPU_NUMA_NODE_ID 1580 select OF_NUMA if OF 1581 help 1582 Enable NUMA (Non-Uniform Memory Access) support. 1583 1584 The kernel will try to allocate memory used by a CPU on the 1585 local memory controller of the CPU and add some more 1586 NUMA awareness to the kernel. 1587 1588 For 64-bit this is recommended if the system is Intel Core i7 1589 (or later), AMD Opteron, or EM64T NUMA. 1590 1591 For 32-bit this is only needed if you boot a 32-bit 1592 kernel on a 64-bit NUMA platform. 1593 1594 Otherwise, you should say N. 1595 1596config AMD_NUMA 1597 def_bool y 1598 prompt "Old style AMD Opteron NUMA detection" 1599 depends on X86_64 && NUMA && PCI 1600 help 1601 Enable AMD NUMA node topology detection. You should say Y here if 1602 you have a multi processor AMD system. This uses an old method to 1603 read the NUMA configuration directly from the builtin Northbridge 1604 of Opteron. It is recommended to use X86_64_ACPI_NUMA instead, 1605 which also takes priority if both are compiled in. 1606 1607config X86_64_ACPI_NUMA 1608 def_bool y 1609 prompt "ACPI NUMA detection" 1610 depends on X86_64 && NUMA && ACPI && PCI 1611 select ACPI_NUMA 1612 help 1613 Enable ACPI SRAT based node topology detection. 1614 1615config NODES_SHIFT 1616 int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP 1617 range 1 10 1618 default "10" if MAXSMP 1619 default "6" if X86_64 1620 default "3" 1621 depends on NUMA 1622 help 1623 Specify the maximum number of NUMA Nodes available on the target 1624 system. Increases memory reserved to accommodate various tables. 1625 1626config ARCH_FLATMEM_ENABLE 1627 def_bool y 1628 depends on X86_32 && !NUMA 1629 1630config ARCH_SPARSEMEM_ENABLE 1631 def_bool y 1632 depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD 1633 select SPARSEMEM_STATIC if X86_32 1634 select SPARSEMEM_VMEMMAP_ENABLE if X86_64 1635 1636config ARCH_SPARSEMEM_DEFAULT 1637 def_bool X86_64 || (NUMA && X86_32) 1638 1639config ARCH_SELECT_MEMORY_MODEL 1640 def_bool y 1641 depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE 1642 1643config ARCH_MEMORY_PROBE 1644 bool "Enable sysfs memory/probe interface" 1645 depends on MEMORY_HOTPLUG 1646 help 1647 This option enables a sysfs memory/probe interface for testing. 1648 See Documentation/admin-guide/mm/memory-hotplug.rst for more information. 1649 If you are unsure how to answer this question, answer N. 1650 1651config ARCH_PROC_KCORE_TEXT 1652 def_bool y 1653 depends on X86_64 && PROC_KCORE 1654 1655config ILLEGAL_POINTER_VALUE 1656 hex 1657 default 0 if X86_32 1658 default 0xdead000000000000 if X86_64 1659 1660config X86_PMEM_LEGACY_DEVICE 1661 bool 1662 1663config X86_PMEM_LEGACY 1664 tristate "Support non-standard NVDIMMs and ADR protected memory" 1665 depends on PHYS_ADDR_T_64BIT 1666 depends on BLK_DEV 1667 select X86_PMEM_LEGACY_DEVICE 1668 select NUMA_KEEP_MEMINFO if NUMA 1669 select LIBNVDIMM 1670 help 1671 Treat memory marked using the non-standard e820 type of 12 as used 1672 by the Intel Sandy Bridge-EP reference BIOS as protected memory. 1673 The kernel will offer these regions to the 'pmem' driver so 1674 they can be used for persistent storage. 1675 1676 Say Y if unsure. 1677 1678config HIGHPTE 1679 bool "Allocate 3rd-level pagetables from highmem" 1680 depends on HIGHMEM 1681 help 1682 The VM uses one page table entry for each page of physical memory. 1683 For systems with a lot of RAM, this can be wasteful of precious 1684 low memory. Setting this option will put user-space page table 1685 entries in high memory. 1686 1687config X86_CHECK_BIOS_CORRUPTION 1688 bool "Check for low memory corruption" 1689 help 1690 Periodically check for memory corruption in low memory, which 1691 is suspected to be caused by BIOS. Even when enabled in the 1692 configuration, it is disabled at runtime. Enable it by 1693 setting "memory_corruption_check=1" on the kernel command 1694 line. By default it scans the low 64k of memory every 60 1695 seconds; see the memory_corruption_check_size and 1696 memory_corruption_check_period parameters in 1697 Documentation/admin-guide/kernel-parameters.rst to adjust this. 1698 1699 When enabled with the default parameters, this option has 1700 almost no overhead, as it reserves a relatively small amount 1701 of memory and scans it infrequently. It both detects corruption 1702 and prevents it from affecting the running system. 1703 1704 It is, however, intended as a diagnostic tool; if repeatable 1705 BIOS-originated corruption always affects the same memory, 1706 you can use memmap= to prevent the kernel from using that 1707 memory. 1708 1709config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK 1710 bool "Set the default setting of memory_corruption_check" 1711 depends on X86_CHECK_BIOS_CORRUPTION 1712 default y 1713 help 1714 Set whether the default state of memory_corruption_check is 1715 on or off. 1716 1717config MATH_EMULATION 1718 bool 1719 depends on MODIFY_LDT_SYSCALL 1720 prompt "Math emulation" if X86_32 && (M486SX || MELAN) 1721 help 1722 Linux can emulate a math coprocessor (used for floating point 1723 operations) if you don't have one. 486DX and Pentium processors have 1724 a math coprocessor built in, 486SX and 386 do not, unless you added 1725 a 487DX or 387, respectively. (The messages during boot time can 1726 give you some hints here ["man dmesg"].) Everyone needs either a 1727 coprocessor or this emulation. 1728 1729 If you don't have a math coprocessor, you need to say Y here; if you 1730 say Y here even though you have a coprocessor, the coprocessor will 1731 be used nevertheless. (This behavior can be changed with the kernel 1732 command line option "no387", which comes handy if your coprocessor 1733 is broken. Try "man bootparam" or see the documentation of your boot 1734 loader (lilo or loadlin) about how to pass options to the kernel at 1735 boot time.) This means that it is a good idea to say Y here if you 1736 intend to use this kernel on different machines. 1737 1738 More information about the internals of the Linux math coprocessor 1739 emulation can be found in <file:arch/x86/math-emu/README>. 1740 1741 If you are not sure, say Y; apart from resulting in a 66 KB bigger 1742 kernel, it won't hurt. 1743 1744config MTRR 1745 def_bool y 1746 prompt "MTRR (Memory Type Range Register) support" if EXPERT 1747 help 1748 On Intel P6 family processors (Pentium Pro, Pentium II and later) 1749 the Memory Type Range Registers (MTRRs) may be used to control 1750 processor access to memory ranges. This is most useful if you have 1751 a video (VGA) card on a PCI or AGP bus. Enabling write-combining 1752 allows bus write transfers to be combined into a larger transfer 1753 before bursting over the PCI/AGP bus. This can increase performance 1754 of image write operations 2.5 times or more. Saying Y here creates a 1755 /proc/mtrr file which may be used to manipulate your processor's 1756 MTRRs. Typically the X server should use this. 1757 1758 This code has a reasonably generic interface so that similar 1759 control registers on other processors can be easily supported 1760 as well: 1761 1762 The Cyrix 6x86, 6x86MX and M II processors have Address Range 1763 Registers (ARRs) which provide a similar functionality to MTRRs. For 1764 these, the ARRs are used to emulate the MTRRs. 1765 The AMD K6-2 (stepping 8 and above) and K6-3 processors have two 1766 MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing 1767 write-combining. All of these processors are supported by this code 1768 and it makes sense to say Y here if you have one of them. 1769 1770 Saying Y here also fixes a problem with buggy SMP BIOSes which only 1771 set the MTRRs for the boot CPU and not for the secondary CPUs. This 1772 can lead to all sorts of problems, so it's good to say Y here. 1773 1774 You can safely say Y even if your machine doesn't have MTRRs, you'll 1775 just add about 9 KB to your kernel. 1776 1777 See <file:Documentation/arch/x86/mtrr.rst> for more information. 1778 1779config MTRR_SANITIZER 1780 def_bool y 1781 prompt "MTRR cleanup support" 1782 depends on MTRR 1783 help 1784 Convert MTRR layout from continuous to discrete, so X drivers can 1785 add writeback entries. 1786 1787 Can be disabled with disable_mtrr_cleanup on the kernel command line. 1788 The largest mtrr entry size for a continuous block can be set with 1789 mtrr_chunk_size. 1790 1791 If unsure, say Y. 1792 1793config MTRR_SANITIZER_ENABLE_DEFAULT 1794 int "MTRR cleanup enable value (0-1)" 1795 range 0 1 1796 default "0" 1797 depends on MTRR_SANITIZER 1798 help 1799 Enable mtrr cleanup default value 1800 1801config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT 1802 int "MTRR cleanup spare reg num (0-7)" 1803 range 0 7 1804 default "1" 1805 depends on MTRR_SANITIZER 1806 help 1807 mtrr cleanup spare entries default, it can be changed via 1808 mtrr_spare_reg_nr=N on the kernel command line. 1809 1810config X86_PAT 1811 def_bool y 1812 prompt "x86 PAT support" if EXPERT 1813 depends on MTRR 1814 select ARCH_USES_PG_ARCH_2 1815 help 1816 Use PAT attributes to setup page level cache control. 1817 1818 PATs are the modern equivalents of MTRRs and are much more 1819 flexible than MTRRs. 1820 1821 Say N here if you see bootup problems (boot crash, boot hang, 1822 spontaneous reboots) or a non-working video driver. 1823 1824 If unsure, say Y. 1825 1826config X86_UMIP 1827 def_bool y 1828 prompt "User Mode Instruction Prevention" if EXPERT 1829 help 1830 User Mode Instruction Prevention (UMIP) is a security feature in 1831 some x86 processors. If enabled, a general protection fault is 1832 issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are 1833 executed in user mode. These instructions unnecessarily expose 1834 information about the hardware state. 1835 1836 The vast majority of applications do not use these instructions. 1837 For the very few that do, software emulation is provided in 1838 specific cases in protected and virtual-8086 modes. Emulated 1839 results are dummy. 1840 1841config CC_HAS_IBT 1842 # GCC >= 9 and binutils >= 2.29 1843 # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 1844 # Clang/LLVM >= 14 1845 # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f 1846 # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332 1847 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \ 1848 (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \ 1849 $(as-instr,endbr64) 1850 1851config X86_CET 1852 def_bool n 1853 help 1854 CET features configured (Shadow stack or IBT) 1855 1856config X86_KERNEL_IBT 1857 prompt "Indirect Branch Tracking" 1858 def_bool y 1859 depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL 1860 # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f 1861 depends on !LD_IS_LLD || LLD_VERSION >= 140000 1862 select OBJTOOL 1863 select X86_CET 1864 help 1865 Build the kernel with support for Indirect Branch Tracking, a 1866 hardware support course-grain forward-edge Control Flow Integrity 1867 protection. It enforces that all indirect calls must land on 1868 an ENDBR instruction, as such, the compiler will instrument the 1869 code with them to make this happen. 1870 1871 In addition to building the kernel with IBT, seal all functions that 1872 are not indirect call targets, avoiding them ever becoming one. 1873 1874 This requires LTO like objtool runs and will slow down the build. It 1875 does significantly reduce the number of ENDBR instructions in the 1876 kernel image. 1877 1878config X86_INTEL_MEMORY_PROTECTION_KEYS 1879 prompt "Memory Protection Keys" 1880 def_bool y 1881 # Note: only available in 64-bit mode 1882 depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD) 1883 select ARCH_USES_HIGH_VMA_FLAGS 1884 select ARCH_HAS_PKEYS 1885 help 1886 Memory Protection Keys provides a mechanism for enforcing 1887 page-based protections, but without requiring modification of the 1888 page tables when an application changes protection domains. 1889 1890 For details, see Documentation/core-api/protection-keys.rst 1891 1892 If unsure, say y. 1893 1894config ARCH_PKEY_BITS 1895 int 1896 default 4 1897 1898choice 1899 prompt "TSX enable mode" 1900 depends on CPU_SUP_INTEL 1901 default X86_INTEL_TSX_MODE_OFF 1902 help 1903 Intel's TSX (Transactional Synchronization Extensions) feature 1904 allows to optimize locking protocols through lock elision which 1905 can lead to a noticeable performance boost. 1906 1907 On the other hand it has been shown that TSX can be exploited 1908 to form side channel attacks (e.g. TAA) and chances are there 1909 will be more of those attacks discovered in the future. 1910 1911 Therefore TSX is not enabled by default (aka tsx=off). An admin 1912 might override this decision by tsx=on the command line parameter. 1913 Even with TSX enabled, the kernel will attempt to enable the best 1914 possible TAA mitigation setting depending on the microcode available 1915 for the particular machine. 1916 1917 This option allows to set the default tsx mode between tsx=on, =off 1918 and =auto. See Documentation/admin-guide/kernel-parameters.txt for more 1919 details. 1920 1921 Say off if not sure, auto if TSX is in use but it should be used on safe 1922 platforms or on if TSX is in use and the security aspect of tsx is not 1923 relevant. 1924 1925config X86_INTEL_TSX_MODE_OFF 1926 bool "off" 1927 help 1928 TSX is disabled if possible - equals to tsx=off command line parameter. 1929 1930config X86_INTEL_TSX_MODE_ON 1931 bool "on" 1932 help 1933 TSX is always enabled on TSX capable HW - equals the tsx=on command 1934 line parameter. 1935 1936config X86_INTEL_TSX_MODE_AUTO 1937 bool "auto" 1938 help 1939 TSX is enabled on TSX capable HW that is believed to be safe against 1940 side channel attacks- equals the tsx=auto command line parameter. 1941endchoice 1942 1943config X86_SGX 1944 bool "Software Guard eXtensions (SGX)" 1945 depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC 1946 depends on CRYPTO=y 1947 depends on CRYPTO_SHA256=y 1948 select MMU_NOTIFIER 1949 select NUMA_KEEP_MEMINFO if NUMA 1950 select XARRAY_MULTI 1951 help 1952 Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions 1953 that can be used by applications to set aside private regions of code 1954 and data, referred to as enclaves. An enclave's private memory can 1955 only be accessed by code running within the enclave. Accesses from 1956 outside the enclave, including other enclaves, are disallowed by 1957 hardware. 1958 1959 If unsure, say N. 1960 1961config X86_USER_SHADOW_STACK 1962 bool "X86 userspace shadow stack" 1963 depends on AS_WRUSS 1964 depends on X86_64 1965 select ARCH_USES_HIGH_VMA_FLAGS 1966 select ARCH_HAS_USER_SHADOW_STACK 1967 select X86_CET 1968 help 1969 Shadow stack protection is a hardware feature that detects function 1970 return address corruption. This helps mitigate ROP attacks. 1971 Applications must be enabled to use it, and old userspace does not 1972 get protection "for free". 1973 1974 CPUs supporting shadow stacks were first released in 2020. 1975 1976 See Documentation/arch/x86/shstk.rst for more information. 1977 1978 If unsure, say N. 1979 1980config INTEL_TDX_HOST 1981 bool "Intel Trust Domain Extensions (TDX) host support" 1982 depends on CPU_SUP_INTEL 1983 depends on X86_64 1984 depends on KVM_INTEL 1985 depends on X86_X2APIC 1986 select ARCH_KEEP_MEMBLOCK 1987 depends on CONTIG_ALLOC 1988 depends on !KEXEC_CORE 1989 depends on X86_MCE 1990 help 1991 Intel Trust Domain Extensions (TDX) protects guest VMs from malicious 1992 host and certain physical attacks. This option enables necessary TDX 1993 support in the host kernel to run confidential VMs. 1994 1995 If unsure, say N. 1996 1997config EFI 1998 bool "EFI runtime service support" 1999 depends on ACPI 2000 select UCS2_STRING 2001 select EFI_RUNTIME_WRAPPERS 2002 select ARCH_USE_MEMREMAP_PROT 2003 select EFI_RUNTIME_MAP if KEXEC_CORE 2004 help 2005 This enables the kernel to use EFI runtime services that are 2006 available (such as the EFI variable services). 2007 2008 This option is only useful on systems that have EFI firmware. 2009 In addition, you should use the latest ELILO loader available 2010 at <http://elilo.sourceforge.net> in order to take advantage 2011 of EFI runtime services. However, even with this option, the 2012 resultant kernel should continue to boot on existing non-EFI 2013 platforms. 2014 2015config EFI_STUB 2016 bool "EFI stub support" 2017 depends on EFI 2018 select RELOCATABLE 2019 help 2020 This kernel feature allows a bzImage to be loaded directly 2021 by EFI firmware without the use of a bootloader. 2022 2023 See Documentation/admin-guide/efi-stub.rst for more information. 2024 2025config EFI_HANDOVER_PROTOCOL 2026 bool "EFI handover protocol (DEPRECATED)" 2027 depends on EFI_STUB 2028 default y 2029 help 2030 Select this in order to include support for the deprecated EFI 2031 handover protocol, which defines alternative entry points into the 2032 EFI stub. This is a practice that has no basis in the UEFI 2033 specification, and requires a priori knowledge on the part of the 2034 bootloader about Linux/x86 specific ways of passing the command line 2035 and initrd, and where in memory those assets may be loaded. 2036 2037 If in doubt, say Y. Even though the corresponding support is not 2038 present in upstream GRUB or other bootloaders, most distros build 2039 GRUB with numerous downstream patches applied, and may rely on the 2040 handover protocol as as result. 2041 2042config EFI_MIXED 2043 bool "EFI mixed-mode support" 2044 depends on EFI_STUB && X86_64 2045 help 2046 Enabling this feature allows a 64-bit kernel to be booted 2047 on a 32-bit firmware, provided that your CPU supports 64-bit 2048 mode. 2049 2050 Note that it is not possible to boot a mixed-mode enabled 2051 kernel via the EFI boot stub - a bootloader that supports 2052 the EFI handover protocol must be used. 2053 2054 If unsure, say N. 2055 2056config EFI_RUNTIME_MAP 2057 bool "Export EFI runtime maps to sysfs" if EXPERT 2058 depends on EFI 2059 help 2060 Export EFI runtime memory regions to /sys/firmware/efi/runtime-map. 2061 That memory map is required by the 2nd kernel to set up EFI virtual 2062 mappings after kexec, but can also be used for debugging purposes. 2063 2064 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map. 2065 2066source "kernel/Kconfig.hz" 2067 2068config ARCH_SUPPORTS_KEXEC 2069 def_bool y 2070 2071config ARCH_SUPPORTS_KEXEC_FILE 2072 def_bool X86_64 2073 2074config ARCH_SELECTS_KEXEC_FILE 2075 def_bool y 2076 depends on KEXEC_FILE 2077 select HAVE_IMA_KEXEC if IMA 2078 2079config ARCH_SUPPORTS_KEXEC_PURGATORY 2080 def_bool y 2081 2082config ARCH_SUPPORTS_KEXEC_SIG 2083 def_bool y 2084 2085config ARCH_SUPPORTS_KEXEC_SIG_FORCE 2086 def_bool y 2087 2088config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG 2089 def_bool y 2090 2091config ARCH_SUPPORTS_KEXEC_JUMP 2092 def_bool y 2093 2094config ARCH_SUPPORTS_CRASH_DUMP 2095 def_bool X86_64 || (X86_32 && HIGHMEM) 2096 2097config ARCH_DEFAULT_CRASH_DUMP 2098 def_bool y 2099 2100config ARCH_SUPPORTS_CRASH_HOTPLUG 2101 def_bool y 2102 2103config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION 2104 def_bool CRASH_RESERVE 2105 2106config PHYSICAL_START 2107 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) 2108 default "0x1000000" 2109 help 2110 This gives the physical address where the kernel is loaded. 2111 2112 If the kernel is not relocatable (CONFIG_RELOCATABLE=n) then bzImage 2113 will decompress itself to above physical address and run from there. 2114 Otherwise, bzImage will run from the address where it has been loaded 2115 by the boot loader. The only exception is if it is loaded below the 2116 above physical address, in which case it will relocate itself there. 2117 2118 In normal kdump cases one does not have to set/change this option 2119 as now bzImage can be compiled as a completely relocatable image 2120 (CONFIG_RELOCATABLE=y) and be used to load and run from a different 2121 address. This option is mainly useful for the folks who don't want 2122 to use a bzImage for capturing the crash dump and want to use a 2123 vmlinux instead. vmlinux is not relocatable hence a kernel needs 2124 to be specifically compiled to run from a specific memory area 2125 (normally a reserved region) and this option comes handy. 2126 2127 So if you are using bzImage for capturing the crash dump, 2128 leave the value here unchanged to 0x1000000 and set 2129 CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux 2130 for capturing the crash dump change this value to start of 2131 the reserved region. In other words, it can be set based on 2132 the "X" value as specified in the "crashkernel=YM@XM" 2133 command line boot parameter passed to the panic-ed 2134 kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst 2135 for more details about crash dumps. 2136 2137 Usage of bzImage for capturing the crash dump is recommended as 2138 one does not have to build two kernels. Same kernel can be used 2139 as production kernel and capture kernel. Above option should have 2140 gone away after relocatable bzImage support is introduced. But it 2141 is present because there are users out there who continue to use 2142 vmlinux for dump capture. This option should go away down the 2143 line. 2144 2145 Don't change this unless you know what you are doing. 2146 2147config RELOCATABLE 2148 bool "Build a relocatable kernel" 2149 default y 2150 help 2151 This builds a kernel image that retains relocation information 2152 so it can be loaded someplace besides the default 1MB. 2153 The relocations tend to make the kernel binary about 10% larger, 2154 but are discarded at runtime. 2155 2156 One use is for the kexec on panic case where the recovery kernel 2157 must live at a different physical address than the primary 2158 kernel. 2159 2160 Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address 2161 it has been loaded at and the compile time physical address 2162 (CONFIG_PHYSICAL_START) is used as the minimum location. 2163 2164config RANDOMIZE_BASE 2165 bool "Randomize the address of the kernel image (KASLR)" 2166 depends on RELOCATABLE 2167 default y 2168 help 2169 In support of Kernel Address Space Layout Randomization (KASLR), 2170 this randomizes the physical address at which the kernel image 2171 is decompressed and the virtual address where the kernel 2172 image is mapped, as a security feature that deters exploit 2173 attempts relying on knowledge of the location of kernel 2174 code internals. 2175 2176 On 64-bit, the kernel physical and virtual addresses are 2177 randomized separately. The physical address will be anywhere 2178 between 16MB and the top of physical memory (up to 64TB). The 2179 virtual address will be randomized from 16MB up to 1GB (9 bits 2180 of entropy). Note that this also reduces the memory space 2181 available to kernel modules from 1.5GB to 1GB. 2182 2183 On 32-bit, the kernel physical and virtual addresses are 2184 randomized together. They will be randomized from 16MB up to 2185 512MB (8 bits of entropy). 2186 2187 Entropy is generated using the RDRAND instruction if it is 2188 supported. If RDTSC is supported, its value is mixed into 2189 the entropy pool as well. If neither RDRAND nor RDTSC are 2190 supported, then entropy is read from the i8254 timer. The 2191 usable entropy is limited by the kernel being built using 2192 2GB addressing, and that PHYSICAL_ALIGN must be at a 2193 minimum of 2MB. As a result, only 10 bits of entropy are 2194 theoretically possible, but the implementations are further 2195 limited due to memory layouts. 2196 2197 If unsure, say Y. 2198 2199# Relocation on x86 needs some additional build support 2200config X86_NEED_RELOCS 2201 def_bool y 2202 depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE) 2203 2204config PHYSICAL_ALIGN 2205 hex "Alignment value to which kernel should be aligned" 2206 default "0x200000" 2207 range 0x2000 0x1000000 if X86_32 2208 range 0x200000 0x1000000 if X86_64 2209 help 2210 This value puts the alignment restrictions on physical address 2211 where kernel is loaded and run from. Kernel is compiled for an 2212 address which meets above alignment restriction. 2213 2214 If bootloader loads the kernel at a non-aligned address and 2215 CONFIG_RELOCATABLE is set, kernel will move itself to nearest 2216 address aligned to above value and run from there. 2217 2218 If bootloader loads the kernel at a non-aligned address and 2219 CONFIG_RELOCATABLE is not set, kernel will ignore the run time 2220 load address and decompress itself to the address it has been 2221 compiled for and run from there. The address for which kernel is 2222 compiled already meets above alignment restrictions. Hence the 2223 end result is that kernel runs from a physical address meeting 2224 above alignment restrictions. 2225 2226 On 32-bit this value must be a multiple of 0x2000. On 64-bit 2227 this value must be a multiple of 0x200000. 2228 2229 Don't change this unless you know what you are doing. 2230 2231config DYNAMIC_MEMORY_LAYOUT 2232 bool 2233 help 2234 This option makes base addresses of vmalloc and vmemmap as well as 2235 __PAGE_OFFSET movable during boot. 2236 2237config RANDOMIZE_MEMORY 2238 bool "Randomize the kernel memory sections" 2239 depends on X86_64 2240 depends on RANDOMIZE_BASE 2241 select DYNAMIC_MEMORY_LAYOUT 2242 default RANDOMIZE_BASE 2243 help 2244 Randomizes the base virtual address of kernel memory sections 2245 (physical memory mapping, vmalloc & vmemmap). This security feature 2246 makes exploits relying on predictable memory locations less reliable. 2247 2248 The order of allocations remains unchanged. Entropy is generated in 2249 the same way as RANDOMIZE_BASE. Current implementation in the optimal 2250 configuration have in average 30,000 different possible virtual 2251 addresses for each memory section. 2252 2253 If unsure, say Y. 2254 2255config RANDOMIZE_MEMORY_PHYSICAL_PADDING 2256 hex "Physical memory mapping padding" if EXPERT 2257 depends on RANDOMIZE_MEMORY 2258 default "0xa" if MEMORY_HOTPLUG 2259 default "0x0" 2260 range 0x1 0x40 if MEMORY_HOTPLUG 2261 range 0x0 0x40 2262 help 2263 Define the padding in terabytes added to the existing physical 2264 memory size during kernel memory randomization. It is useful 2265 for memory hotplug support but reduces the entropy available for 2266 address randomization. 2267 2268 If unsure, leave at the default value. 2269 2270config ADDRESS_MASKING 2271 bool "Linear Address Masking support" 2272 depends on X86_64 2273 depends on COMPILE_TEST || !CPU_MITIGATIONS # wait for LASS 2274 help 2275 Linear Address Masking (LAM) modifies the checking that is applied 2276 to 64-bit linear addresses, allowing software to use of the 2277 untranslated address bits for metadata. 2278 2279 The capability can be used for efficient address sanitizers (ASAN) 2280 implementation and for optimizations in JITs. 2281 2282config HOTPLUG_CPU 2283 def_bool y 2284 depends on SMP 2285 2286config COMPAT_VDSO 2287 def_bool n 2288 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" 2289 depends on COMPAT_32 2290 help 2291 Certain buggy versions of glibc will crash if they are 2292 presented with a 32-bit vDSO that is not mapped at the address 2293 indicated in its segment table. 2294 2295 The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a 2296 and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and 2297 49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is 2298 the only released version with the bug, but OpenSUSE 9 2299 contains a buggy "glibc 2.3.2". 2300 2301 The symptom of the bug is that everything crashes on startup, saying: 2302 dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed! 2303 2304 Saying Y here changes the default value of the vdso32 boot 2305 option from 1 to 0, which turns off the 32-bit vDSO entirely. 2306 This works around the glibc bug but hurts performance. 2307 2308 If unsure, say N: if you are compiling your own kernel, you 2309 are unlikely to be using a buggy version of glibc. 2310 2311choice 2312 prompt "vsyscall table for legacy applications" 2313 depends on X86_64 2314 default LEGACY_VSYSCALL_XONLY 2315 help 2316 Legacy user code that does not know how to find the vDSO expects 2317 to be able to issue three syscalls by calling fixed addresses in 2318 kernel space. Since this location is not randomized with ASLR, 2319 it can be used to assist security vulnerability exploitation. 2320 2321 This setting can be changed at boot time via the kernel command 2322 line parameter vsyscall=[emulate|xonly|none]. Emulate mode 2323 is deprecated and can only be enabled using the kernel command 2324 line. 2325 2326 On a system with recent enough glibc (2.14 or newer) and no 2327 static binaries, you can say None without a performance penalty 2328 to improve security. 2329 2330 If unsure, select "Emulate execution only". 2331 2332 config LEGACY_VSYSCALL_XONLY 2333 bool "Emulate execution only" 2334 help 2335 The kernel traps and emulates calls into the fixed vsyscall 2336 address mapping and does not allow reads. This 2337 configuration is recommended when userspace might use the 2338 legacy vsyscall area but support for legacy binary 2339 instrumentation of legacy code is not needed. It mitigates 2340 certain uses of the vsyscall area as an ASLR-bypassing 2341 buffer. 2342 2343 config LEGACY_VSYSCALL_NONE 2344 bool "None" 2345 help 2346 There will be no vsyscall mapping at all. This will 2347 eliminate any risk of ASLR bypass due to the vsyscall 2348 fixed address mapping. Attempts to use the vsyscalls 2349 will be reported to dmesg, so that either old or 2350 malicious userspace programs can be identified. 2351 2352endchoice 2353 2354config CMDLINE_BOOL 2355 bool "Built-in kernel command line" 2356 help 2357 Allow for specifying boot arguments to the kernel at 2358 build time. On some systems (e.g. embedded ones), it is 2359 necessary or convenient to provide some or all of the 2360 kernel boot arguments with the kernel itself (that is, 2361 to not rely on the boot loader to provide them.) 2362 2363 To compile command line arguments into the kernel, 2364 set this option to 'Y', then fill in the 2365 boot arguments in CONFIG_CMDLINE. 2366 2367 Systems with fully functional boot loaders (i.e. non-embedded) 2368 should leave this option set to 'N'. 2369 2370config CMDLINE 2371 string "Built-in kernel command string" 2372 depends on CMDLINE_BOOL 2373 default "" 2374 help 2375 Enter arguments here that should be compiled into the kernel 2376 image and used at boot time. If the boot loader provides a 2377 command line at boot time, it is appended to this string to 2378 form the full kernel command line, when the system boots. 2379 2380 However, you can use the CONFIG_CMDLINE_OVERRIDE option to 2381 change this behavior. 2382 2383 In most cases, the command line (whether built-in or provided 2384 by the boot loader) should specify the device for the root 2385 file system. 2386 2387config CMDLINE_OVERRIDE 2388 bool "Built-in command line overrides boot loader arguments" 2389 depends on CMDLINE_BOOL && CMDLINE != "" 2390 help 2391 Set this option to 'Y' to have the kernel ignore the boot loader 2392 command line, and use ONLY the built-in command line. 2393 2394 This is used to work around broken boot loaders. This should 2395 be set to 'N' under normal conditions. 2396 2397config MODIFY_LDT_SYSCALL 2398 bool "Enable the LDT (local descriptor table)" if EXPERT 2399 default y 2400 help 2401 Linux can allow user programs to install a per-process x86 2402 Local Descriptor Table (LDT) using the modify_ldt(2) system 2403 call. This is required to run 16-bit or segmented code such as 2404 DOSEMU or some Wine programs. It is also used by some very old 2405 threading libraries. 2406 2407 Enabling this feature adds a small amount of overhead to 2408 context switches and increases the low-level kernel attack 2409 surface. Disabling it removes the modify_ldt(2) system call. 2410 2411 Saying 'N' here may make sense for embedded or server kernels. 2412 2413config STRICT_SIGALTSTACK_SIZE 2414 bool "Enforce strict size checking for sigaltstack" 2415 depends on DYNAMIC_SIGFRAME 2416 help 2417 For historical reasons MINSIGSTKSZ is a constant which became 2418 already too small with AVX512 support. Add a mechanism to 2419 enforce strict checking of the sigaltstack size against the 2420 real size of the FPU frame. This option enables the check 2421 by default. It can also be controlled via the kernel command 2422 line option 'strict_sas_size' independent of this config 2423 switch. Enabling it might break existing applications which 2424 allocate a too small sigaltstack but 'work' because they 2425 never get a signal delivered. 2426 2427 Say 'N' unless you want to really enforce this check. 2428 2429config CFI_AUTO_DEFAULT 2430 bool "Attempt to use FineIBT by default at boot time" 2431 depends on FINEIBT 2432 default y 2433 help 2434 Attempt to use FineIBT by default at boot time. If enabled, 2435 this is the same as booting with "cfi=auto". If disabled, 2436 this is the same as booting with "cfi=kcfi". 2437 2438source "kernel/livepatch/Kconfig" 2439 2440config X86_BUS_LOCK_DETECT 2441 bool "Split Lock Detect and Bus Lock Detect support" 2442 depends on CPU_SUP_INTEL || CPU_SUP_AMD 2443 default y 2444 help 2445 Enable Split Lock Detect and Bus Lock Detect functionalities. 2446 See <file:Documentation/arch/x86/buslock.rst> for more information. 2447 2448endmenu 2449 2450config CC_HAS_NAMED_AS 2451 def_bool $(success,echo 'int __seg_fs fs; int __seg_gs gs;' | $(CC) -x c - -S -o /dev/null) 2452 depends on CC_IS_GCC 2453 2454config CC_HAS_NAMED_AS_FIXED_SANITIZERS 2455 def_bool CC_IS_GCC && GCC_VERSION >= 130300 2456 2457config USE_X86_SEG_SUPPORT 2458 def_bool y 2459 depends on CC_HAS_NAMED_AS 2460 # 2461 # -fsanitize=kernel-address (KASAN) and -fsanitize=thread 2462 # (KCSAN) are incompatible with named address spaces with 2463 # GCC < 13.3 - see GCC PR sanitizer/111736. 2464 # 2465 depends on !(KASAN || KCSAN) || CC_HAS_NAMED_AS_FIXED_SANITIZERS 2466 2467config CC_HAS_SLS 2468 def_bool $(cc-option,-mharden-sls=all) 2469 2470config CC_HAS_RETURN_THUNK 2471 def_bool $(cc-option,-mfunction-return=thunk-extern) 2472 2473config CC_HAS_ENTRY_PADDING 2474 def_bool $(cc-option,-fpatchable-function-entry=16,16) 2475 2476config FUNCTION_PADDING_CFI 2477 int 2478 default 59 if FUNCTION_ALIGNMENT_64B 2479 default 27 if FUNCTION_ALIGNMENT_32B 2480 default 11 if FUNCTION_ALIGNMENT_16B 2481 default 3 if FUNCTION_ALIGNMENT_8B 2482 default 0 2483 2484# Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG 2485# except Kconfig can't do arithmetic :/ 2486config FUNCTION_PADDING_BYTES 2487 int 2488 default FUNCTION_PADDING_CFI if CFI_CLANG 2489 default FUNCTION_ALIGNMENT 2490 2491config CALL_PADDING 2492 def_bool n 2493 depends on CC_HAS_ENTRY_PADDING && OBJTOOL 2494 select FUNCTION_ALIGNMENT_16B 2495 2496config FINEIBT 2497 def_bool y 2498 depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE 2499 select CALL_PADDING 2500 2501config HAVE_CALL_THUNKS 2502 def_bool y 2503 depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL 2504 2505config CALL_THUNKS 2506 def_bool n 2507 select CALL_PADDING 2508 2509config PREFIX_SYMBOLS 2510 def_bool y 2511 depends on CALL_PADDING && !CFI_CLANG 2512 2513menuconfig CPU_MITIGATIONS 2514 bool "Mitigations for CPU vulnerabilities" 2515 default y 2516 help 2517 Say Y here to enable options which enable mitigations for hardware 2518 vulnerabilities (usually related to speculative execution). 2519 Mitigations can be disabled or restricted to SMT systems at runtime 2520 via the "mitigations" kernel parameter. 2521 2522 If you say N, all mitigations will be disabled. This CANNOT be 2523 overridden at runtime. 2524 2525 Say 'Y', unless you really know what you are doing. 2526 2527if CPU_MITIGATIONS 2528 2529config MITIGATION_PAGE_TABLE_ISOLATION 2530 bool "Remove the kernel mapping in user mode" 2531 default y 2532 depends on (X86_64 || X86_PAE) 2533 help 2534 This feature reduces the number of hardware side channels by 2535 ensuring that the majority of kernel addresses are not mapped 2536 into userspace. 2537 2538 See Documentation/arch/x86/pti.rst for more details. 2539 2540config MITIGATION_RETPOLINE 2541 bool "Avoid speculative indirect branches in kernel" 2542 select OBJTOOL if HAVE_OBJTOOL 2543 default y 2544 help 2545 Compile kernel with the retpoline compiler options to guard against 2546 kernel-to-user data leaks by avoiding speculative indirect 2547 branches. Requires a compiler with -mindirect-branch=thunk-extern 2548 support for full protection. The kernel may run slower. 2549 2550config MITIGATION_RETHUNK 2551 bool "Enable return-thunks" 2552 depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK 2553 select OBJTOOL if HAVE_OBJTOOL 2554 default y if X86_64 2555 help 2556 Compile the kernel with the return-thunks compiler option to guard 2557 against kernel-to-user data leaks by avoiding return speculation. 2558 Requires a compiler with -mfunction-return=thunk-extern 2559 support for full protection. The kernel may run slower. 2560 2561config MITIGATION_UNRET_ENTRY 2562 bool "Enable UNRET on kernel entry" 2563 depends on CPU_SUP_AMD && MITIGATION_RETHUNK && X86_64 2564 default y 2565 help 2566 Compile the kernel with support for the retbleed=unret mitigation. 2567 2568config MITIGATION_CALL_DEPTH_TRACKING 2569 bool "Mitigate RSB underflow with call depth tracking" 2570 depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS 2571 select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE 2572 select CALL_THUNKS 2573 default y 2574 help 2575 Compile the kernel with call depth tracking to mitigate the Intel 2576 SKL Return-Stack-Buffer (RSB) underflow issue. The mitigation is off 2577 by default and needs to be enabled on the kernel command line via the 2578 retbleed=stuff option. For non-affected systems the overhead of this 2579 option is marginal as the call depth tracking is using run-time 2580 generated call thunks in a compiler generated padding area and call 2581 patching. This increases text size by ~5%. For non affected systems 2582 this space is unused. On affected SKL systems this results in a 2583 significant performance gain over the IBRS mitigation. 2584 2585config CALL_THUNKS_DEBUG 2586 bool "Enable call thunks and call depth tracking debugging" 2587 depends on MITIGATION_CALL_DEPTH_TRACKING 2588 select FUNCTION_ALIGNMENT_32B 2589 default n 2590 help 2591 Enable call/ret counters for imbalance detection and build in 2592 a noisy dmesg about callthunks generation and call patching for 2593 trouble shooting. The debug prints need to be enabled on the 2594 kernel command line with 'debug-callthunks'. 2595 Only enable this when you are debugging call thunks as this 2596 creates a noticeable runtime overhead. If unsure say N. 2597 2598config MITIGATION_IBPB_ENTRY 2599 bool "Enable IBPB on kernel entry" 2600 depends on CPU_SUP_AMD && X86_64 2601 default y 2602 help 2603 Compile the kernel with support for the retbleed=ibpb and 2604 spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. 2605 2606config MITIGATION_IBRS_ENTRY 2607 bool "Enable IBRS on kernel entry" 2608 depends on CPU_SUP_INTEL && X86_64 2609 default y 2610 help 2611 Compile the kernel with support for the spectre_v2=ibrs mitigation. 2612 This mitigates both spectre_v2 and retbleed at great cost to 2613 performance. 2614 2615config MITIGATION_SRSO 2616 bool "Mitigate speculative RAS overflow on AMD" 2617 depends on CPU_SUP_AMD && X86_64 && MITIGATION_RETHUNK 2618 default y 2619 help 2620 Enable the SRSO mitigation needed on AMD Zen1-4 machines. 2621 2622config MITIGATION_SLS 2623 bool "Mitigate Straight-Line-Speculation" 2624 depends on CC_HAS_SLS && X86_64 2625 select OBJTOOL if HAVE_OBJTOOL 2626 default n 2627 help 2628 Compile the kernel with straight-line-speculation options to guard 2629 against straight line speculation. The kernel image might be slightly 2630 larger. 2631 2632config MITIGATION_GDS 2633 bool "Mitigate Gather Data Sampling" 2634 depends on CPU_SUP_INTEL 2635 default y 2636 help 2637 Enable mitigation for Gather Data Sampling (GDS). GDS is a hardware 2638 vulnerability which allows unprivileged speculative access to data 2639 which was previously stored in vector registers. The attacker uses gather 2640 instructions to infer the stale vector register data. 2641 2642config MITIGATION_RFDS 2643 bool "RFDS Mitigation" 2644 depends on CPU_SUP_INTEL 2645 default y 2646 help 2647 Enable mitigation for Register File Data Sampling (RFDS) by default. 2648 RFDS is a hardware vulnerability which affects Intel Atom CPUs. It 2649 allows unprivileged speculative access to stale data previously 2650 stored in floating point, vector and integer registers. 2651 See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst> 2652 2653config MITIGATION_SPECTRE_BHI 2654 bool "Mitigate Spectre-BHB (Branch History Injection)" 2655 depends on CPU_SUP_INTEL 2656 default y 2657 help 2658 Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks 2659 where the branch history buffer is poisoned to speculatively steer 2660 indirect branches. 2661 See <file:Documentation/admin-guide/hw-vuln/spectre.rst> 2662 2663config MITIGATION_MDS 2664 bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug" 2665 depends on CPU_SUP_INTEL 2666 default y 2667 help 2668 Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is 2669 a hardware vulnerability which allows unprivileged speculative access 2670 to data which is available in various CPU internal buffers. 2671 See also <file:Documentation/admin-guide/hw-vuln/mds.rst> 2672 2673config MITIGATION_TAA 2674 bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug" 2675 depends on CPU_SUP_INTEL 2676 default y 2677 help 2678 Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware 2679 vulnerability that allows unprivileged speculative access to data 2680 which is available in various CPU internal buffers by using 2681 asynchronous aborts within an Intel TSX transactional region. 2682 See also <file:Documentation/admin-guide/hw-vuln/tsx_async_abort.rst> 2683 2684config MITIGATION_MMIO_STALE_DATA 2685 bool "Mitigate MMIO Stale Data hardware bug" 2686 depends on CPU_SUP_INTEL 2687 default y 2688 help 2689 Enable mitigation for MMIO Stale Data hardware bugs. Processor MMIO 2690 Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) 2691 vulnerabilities that can expose data. The vulnerabilities require the 2692 attacker to have access to MMIO. 2693 See also 2694 <file:Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst> 2695 2696config MITIGATION_L1TF 2697 bool "Mitigate L1 Terminal Fault (L1TF) hardware bug" 2698 depends on CPU_SUP_INTEL 2699 default y 2700 help 2701 Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a 2702 hardware vulnerability which allows unprivileged speculative access to data 2703 available in the Level 1 Data Cache. 2704 See <file:Documentation/admin-guide/hw-vuln/l1tf.rst 2705 2706config MITIGATION_RETBLEED 2707 bool "Mitigate RETBleed hardware bug" 2708 depends on (CPU_SUP_INTEL && MITIGATION_SPECTRE_V2) || MITIGATION_UNRET_ENTRY || MITIGATION_IBPB_ENTRY 2709 default y 2710 help 2711 Enable mitigation for RETBleed (Arbitrary Speculative Code Execution 2712 with Return Instructions) vulnerability. RETBleed is a speculative 2713 execution attack which takes advantage of microarchitectural behavior 2714 in many modern microprocessors, similar to Spectre v2. An 2715 unprivileged attacker can use these flaws to bypass conventional 2716 memory security restrictions to gain read access to privileged memory 2717 that would otherwise be inaccessible. 2718 2719config MITIGATION_SPECTRE_V1 2720 bool "Mitigate SPECTRE V1 hardware bug" 2721 default y 2722 help 2723 Enable mitigation for Spectre V1 (Bounds Check Bypass). Spectre V1 is a 2724 class of side channel attacks that takes advantage of speculative 2725 execution that bypasses conditional branch instructions used for 2726 memory access bounds check. 2727 See also <file:Documentation/admin-guide/hw-vuln/spectre.rst> 2728 2729config MITIGATION_SPECTRE_V2 2730 bool "Mitigate SPECTRE V2 hardware bug" 2731 default y 2732 help 2733 Enable mitigation for Spectre V2 (Branch Target Injection). Spectre 2734 V2 is a class of side channel attacks that takes advantage of 2735 indirect branch predictors inside the processor. In Spectre variant 2 2736 attacks, the attacker can steer speculative indirect branches in the 2737 victim to gadget code by poisoning the branch target buffer of a CPU 2738 used for predicting indirect branch addresses. 2739 See also <file:Documentation/admin-guide/hw-vuln/spectre.rst> 2740 2741config MITIGATION_SRBDS 2742 bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug" 2743 depends on CPU_SUP_INTEL 2744 default y 2745 help 2746 Enable mitigation for Special Register Buffer Data Sampling (SRBDS). 2747 SRBDS is a hardware vulnerability that allows Microarchitectural Data 2748 Sampling (MDS) techniques to infer values returned from special 2749 register accesses. An unprivileged user can extract values returned 2750 from RDRAND and RDSEED executed on another core or sibling thread 2751 using MDS techniques. 2752 See also 2753 <file:Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst> 2754 2755config MITIGATION_SSB 2756 bool "Mitigate Speculative Store Bypass (SSB) hardware bug" 2757 default y 2758 help 2759 Enable mitigation for Speculative Store Bypass (SSB). SSB is a 2760 hardware security vulnerability and its exploitation takes advantage 2761 of speculative execution in a similar way to the Meltdown and Spectre 2762 security vulnerabilities. 2763 2764endif 2765 2766config ARCH_HAS_ADD_PAGES 2767 def_bool y 2768 depends on ARCH_ENABLE_MEMORY_HOTPLUG 2769 2770menu "Power management and ACPI options" 2771 2772config ARCH_HIBERNATION_HEADER 2773 def_bool y 2774 depends on HIBERNATION 2775 2776source "kernel/power/Kconfig" 2777 2778source "drivers/acpi/Kconfig" 2779 2780config X86_APM_BOOT 2781 def_bool y 2782 depends on APM 2783 2784menuconfig APM 2785 tristate "APM (Advanced Power Management) BIOS support" 2786 depends on X86_32 && PM_SLEEP 2787 help 2788 APM is a BIOS specification for saving power using several different 2789 techniques. This is mostly useful for battery powered laptops with 2790 APM compliant BIOSes. If you say Y here, the system time will be 2791 reset after a RESUME operation, the /proc/apm device will provide 2792 battery status information, and user-space programs will receive 2793 notification of APM "events" (e.g. battery status change). 2794 2795 If you select "Y" here, you can disable actual use of the APM 2796 BIOS by passing the "apm=off" option to the kernel at boot time. 2797 2798 Note that the APM support is almost completely disabled for 2799 machines with more than one CPU. 2800 2801 In order to use APM, you will need supporting software. For location 2802 and more information, read <file:Documentation/power/apm-acpi.rst> 2803 and the Battery Powered Linux mini-HOWTO, available from 2804 <http://www.tldp.org/docs.html#howto>. 2805 2806 This driver does not spin down disk drives (see the hdparm(8) 2807 manpage ("man 8 hdparm") for that), and it doesn't turn off 2808 VESA-compliant "green" monitors. 2809 2810 This driver does not support the TI 4000M TravelMate and the ACER 2811 486/DX4/75 because they don't have compliant BIOSes. Many "green" 2812 desktop machines also don't have compliant BIOSes, and this driver 2813 may cause those machines to panic during the boot phase. 2814 2815 Generally, if you don't have a battery in your machine, there isn't 2816 much point in using this driver and you should say N. If you get 2817 random kernel OOPSes or reboots that don't seem to be related to 2818 anything, try disabling/enabling this option (or disabling/enabling 2819 APM in your BIOS). 2820 2821 Some other things you should try when experiencing seemingly random, 2822 "weird" problems: 2823 2824 1) make sure that you have enough swap space and that it is 2825 enabled. 2826 2) pass the "idle=poll" option to the kernel 2827 3) switch on floating point emulation in the kernel and pass 2828 the "no387" option to the kernel 2829 4) pass the "floppy=nodma" option to the kernel 2830 5) pass the "mem=4M" option to the kernel (thereby disabling 2831 all but the first 4 MB of RAM) 2832 6) make sure that the CPU is not over clocked. 2833 7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/> 2834 8) disable the cache from your BIOS settings 2835 9) install a fan for the video card or exchange video RAM 2836 10) install a better fan for the CPU 2837 11) exchange RAM chips 2838 12) exchange the motherboard. 2839 2840 To compile this driver as a module, choose M here: the 2841 module will be called apm. 2842 2843if APM 2844 2845config APM_IGNORE_USER_SUSPEND 2846 bool "Ignore USER SUSPEND" 2847 help 2848 This option will ignore USER SUSPEND requests. On machines with a 2849 compliant APM BIOS, you want to say N. However, on the NEC Versa M 2850 series notebooks, it is necessary to say Y because of a BIOS bug. 2851 2852config APM_DO_ENABLE 2853 bool "Enable PM at boot time" 2854 help 2855 Enable APM features at boot time. From page 36 of the APM BIOS 2856 specification: "When disabled, the APM BIOS does not automatically 2857 power manage devices, enter the Standby State, enter the Suspend 2858 State, or take power saving steps in response to CPU Idle calls." 2859 This driver will make CPU Idle calls when Linux is idle (unless this 2860 feature is turned off -- see "Do CPU IDLE calls", below). This 2861 should always save battery power, but more complicated APM features 2862 will be dependent on your BIOS implementation. You may need to turn 2863 this option off if your computer hangs at boot time when using APM 2864 support, or if it beeps continuously instead of suspending. Turn 2865 this off if you have a NEC UltraLite Versa 33/C or a Toshiba 2866 T400CDT. This is off by default since most machines do fine without 2867 this feature. 2868 2869config APM_CPU_IDLE 2870 depends on CPU_IDLE 2871 bool "Make CPU Idle calls when idle" 2872 help 2873 Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop. 2874 On some machines, this can activate improved power savings, such as 2875 a slowed CPU clock rate, when the machine is idle. These idle calls 2876 are made after the idle loop has run for some length of time (e.g., 2877 333 mS). On some machines, this will cause a hang at boot time or 2878 whenever the CPU becomes idle. (On machines with more than one CPU, 2879 this option does nothing.) 2880 2881config APM_DISPLAY_BLANK 2882 bool "Enable console blanking using APM" 2883 help 2884 Enable console blanking using the APM. Some laptops can use this to 2885 turn off the LCD backlight when the screen blanker of the Linux 2886 virtual console blanks the screen. Note that this is only used by 2887 the virtual console screen blanker, and won't turn off the backlight 2888 when using the X Window system. This also doesn't have anything to 2889 do with your VESA-compliant power-saving monitor. Further, this 2890 option doesn't work for all laptops -- it might not turn off your 2891 backlight at all, or it might print a lot of errors to the console, 2892 especially if you are using gpm. 2893 2894config APM_ALLOW_INTS 2895 bool "Allow interrupts during APM BIOS calls" 2896 help 2897 Normally we disable external interrupts while we are making calls to 2898 the APM BIOS as a measure to lessen the effects of a badly behaving 2899 BIOS implementation. The BIOS should reenable interrupts if it 2900 needs to. Unfortunately, some BIOSes do not -- especially those in 2901 many of the newer IBM Thinkpads. If you experience hangs when you 2902 suspend, try setting this to Y. Otherwise, say N. 2903 2904endif # APM 2905 2906source "drivers/cpufreq/Kconfig" 2907 2908source "drivers/cpuidle/Kconfig" 2909 2910source "drivers/idle/Kconfig" 2911 2912endmenu 2913 2914menu "Bus options (PCI etc.)" 2915 2916choice 2917 prompt "PCI access mode" 2918 depends on X86_32 && PCI 2919 default PCI_GOANY 2920 help 2921 On PCI systems, the BIOS can be used to detect the PCI devices and 2922 determine their configuration. However, some old PCI motherboards 2923 have BIOS bugs and may crash if this is done. Also, some embedded 2924 PCI-based systems don't have any BIOS at all. Linux can also try to 2925 detect the PCI hardware directly without using the BIOS. 2926 2927 With this option, you can specify how Linux should detect the 2928 PCI devices. If you choose "BIOS", the BIOS will be used, 2929 if you choose "Direct", the BIOS won't be used, and if you 2930 choose "MMConfig", then PCI Express MMCONFIG will be used. 2931 If you choose "Any", the kernel will try MMCONFIG, then the 2932 direct access method and falls back to the BIOS if that doesn't 2933 work. If unsure, go with the default, which is "Any". 2934 2935config PCI_GOBIOS 2936 bool "BIOS" 2937 2938config PCI_GOMMCONFIG 2939 bool "MMConfig" 2940 2941config PCI_GODIRECT 2942 bool "Direct" 2943 2944config PCI_GOOLPC 2945 bool "OLPC XO-1" 2946 depends on OLPC 2947 2948config PCI_GOANY 2949 bool "Any" 2950 2951endchoice 2952 2953config PCI_BIOS 2954 def_bool y 2955 depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY) 2956 2957# x86-64 doesn't support PCI BIOS access from long mode so always go direct. 2958config PCI_DIRECT 2959 def_bool y 2960 depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG)) 2961 2962config PCI_MMCONFIG 2963 bool "Support mmconfig PCI config space access" if X86_64 2964 default y 2965 depends on PCI && (ACPI || JAILHOUSE_GUEST) 2966 depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG) 2967 2968config PCI_OLPC 2969 def_bool y 2970 depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY) 2971 2972config PCI_XEN 2973 def_bool y 2974 depends on PCI && XEN 2975 2976config MMCONF_FAM10H 2977 def_bool y 2978 depends on X86_64 && PCI_MMCONFIG && ACPI 2979 2980config PCI_CNB20LE_QUIRK 2981 bool "Read CNB20LE Host Bridge Windows" if EXPERT 2982 depends on PCI 2983 help 2984 Read the PCI windows out of the CNB20LE host bridge. This allows 2985 PCI hotplug to work on systems with the CNB20LE chipset which do 2986 not have ACPI. 2987 2988 There's no public spec for this chipset, and this functionality 2989 is known to be incomplete. 2990 2991 You should say N unless you know you need this. 2992 2993config ISA_BUS 2994 bool "ISA bus support on modern systems" if EXPERT 2995 help 2996 Expose ISA bus device drivers and options available for selection and 2997 configuration. Enable this option if your target machine has an ISA 2998 bus. ISA is an older system, displaced by PCI and newer bus 2999 architectures -- if your target machine is modern, it probably does 3000 not have an ISA bus. 3001 3002 If unsure, say N. 3003 3004# x86_64 have no ISA slots, but can have ISA-style DMA. 3005config ISA_DMA_API 3006 bool "ISA-style DMA support" if (X86_64 && EXPERT) 3007 default y 3008 help 3009 Enables ISA-style DMA support for devices requiring such controllers. 3010 If unsure, say Y. 3011 3012if X86_32 3013 3014config ISA 3015 bool "ISA support" 3016 help 3017 Find out whether you have ISA slots on your motherboard. ISA is the 3018 name of a bus system, i.e. the way the CPU talks to the other stuff 3019 inside your box. Other bus systems are PCI, EISA, MicroChannel 3020 (MCA) or VESA. ISA is an older system, now being displaced by PCI; 3021 newer boards don't support it. If you have ISA, say Y, otherwise N. 3022 3023config SCx200 3024 tristate "NatSemi SCx200 support" 3025 help 3026 This provides basic support for National Semiconductor's 3027 (now AMD's) Geode processors. The driver probes for the 3028 PCI-IDs of several on-chip devices, so its a good dependency 3029 for other scx200_* drivers. 3030 3031 If compiled as a module, the driver is named scx200. 3032 3033config SCx200HR_TIMER 3034 tristate "NatSemi SCx200 27MHz High-Resolution Timer Support" 3035 depends on SCx200 3036 default y 3037 help 3038 This driver provides a clocksource built upon the on-chip 3039 27MHz high-resolution timer. Its also a workaround for 3040 NSC Geode SC-1100's buggy TSC, which loses time when the 3041 processor goes idle (as is done by the scheduler). The 3042 other workaround is idle=poll boot option. 3043 3044config OLPC 3045 bool "One Laptop Per Child support" 3046 depends on !X86_PAE 3047 select GPIOLIB 3048 select OF 3049 select OF_PROMTREE 3050 select IRQ_DOMAIN 3051 select OLPC_EC 3052 help 3053 Add support for detecting the unique features of the OLPC 3054 XO hardware. 3055 3056config OLPC_XO1_PM 3057 bool "OLPC XO-1 Power Management" 3058 depends on OLPC && MFD_CS5535=y && PM_SLEEP 3059 help 3060 Add support for poweroff and suspend of the OLPC XO-1 laptop. 3061 3062config OLPC_XO1_RTC 3063 bool "OLPC XO-1 Real Time Clock" 3064 depends on OLPC_XO1_PM && RTC_DRV_CMOS 3065 help 3066 Add support for the XO-1 real time clock, which can be used as a 3067 programmable wakeup source. 3068 3069config OLPC_XO1_SCI 3070 bool "OLPC XO-1 SCI extras" 3071 depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y 3072 depends on INPUT=y 3073 select POWER_SUPPLY 3074 help 3075 Add support for SCI-based features of the OLPC XO-1 laptop: 3076 - EC-driven system wakeups 3077 - Power button 3078 - Ebook switch 3079 - Lid switch 3080 - AC adapter status updates 3081 - Battery status updates 3082 3083config OLPC_XO15_SCI 3084 bool "OLPC XO-1.5 SCI extras" 3085 depends on OLPC && ACPI 3086 select POWER_SUPPLY 3087 help 3088 Add support for SCI-based features of the OLPC XO-1.5 laptop: 3089 - EC-driven system wakeups 3090 - AC adapter status updates 3091 - Battery status updates 3092 3093config GEODE_COMMON 3094 bool 3095 3096config ALIX 3097 bool "PCEngines ALIX System Support (LED setup)" 3098 select GPIOLIB 3099 select GEODE_COMMON 3100 help 3101 This option enables system support for the PCEngines ALIX. 3102 At present this just sets up LEDs for GPIO control on 3103 ALIX2/3/6 boards. However, other system specific setup should 3104 get added here. 3105 3106 Note: You must still enable the drivers for GPIO and LED support 3107 (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs 3108 3109 Note: You have to set alix.force=1 for boards with Award BIOS. 3110 3111config NET5501 3112 bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)" 3113 select GPIOLIB 3114 select GEODE_COMMON 3115 help 3116 This option enables system support for the Soekris Engineering net5501. 3117 3118config GEOS 3119 bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)" 3120 select GPIOLIB 3121 select GEODE_COMMON 3122 depends on DMI 3123 help 3124 This option enables system support for the Traverse Technologies GEOS. 3125 3126config TS5500 3127 bool "Technologic Systems TS-5500 platform support" 3128 depends on MELAN 3129 select CHECK_SIGNATURE 3130 select NEW_LEDS 3131 select LEDS_CLASS 3132 help 3133 This option enables system support for the Technologic Systems TS-5500. 3134 3135endif # X86_32 3136 3137config AMD_NB 3138 def_bool y 3139 depends on AMD_NODE 3140 3141config AMD_NODE 3142 def_bool y 3143 depends on CPU_SUP_AMD && PCI 3144 3145endmenu 3146 3147menu "Binary Emulations" 3148 3149config IA32_EMULATION 3150 bool "IA32 Emulation" 3151 depends on X86_64 3152 select ARCH_WANT_OLD_COMPAT_IPC 3153 select BINFMT_ELF 3154 select COMPAT_OLD_SIGACTION 3155 help 3156 Include code to run legacy 32-bit programs under a 3157 64-bit kernel. You should likely turn this on, unless you're 3158 100% sure that you don't have any 32-bit programs left. 3159 3160config IA32_EMULATION_DEFAULT_DISABLED 3161 bool "IA32 emulation disabled by default" 3162 default n 3163 depends on IA32_EMULATION 3164 help 3165 Make IA32 emulation disabled by default. This prevents loading 32-bit 3166 processes and access to 32-bit syscalls. If unsure, leave it to its 3167 default value. 3168 3169config X86_X32_ABI 3170 bool "x32 ABI for 64-bit mode" 3171 depends on X86_64 3172 # llvm-objcopy does not convert x86_64 .note.gnu.property or 3173 # compressed debug sections to x86_x32 properly: 3174 # https://github.com/ClangBuiltLinux/linux/issues/514 3175 # https://github.com/ClangBuiltLinux/linux/issues/1141 3176 depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm) 3177 help 3178 Include code to run binaries for the x32 native 32-bit ABI 3179 for 64-bit processors. An x32 process gets access to the 3180 full 64-bit register file and wide data path while leaving 3181 pointers at 32 bits for smaller memory footprint. 3182 3183config COMPAT_32 3184 def_bool y 3185 depends on IA32_EMULATION || X86_32 3186 select HAVE_UID16 3187 select OLD_SIGSUSPEND3 3188 3189config COMPAT 3190 def_bool y 3191 depends on IA32_EMULATION || X86_X32_ABI 3192 3193config COMPAT_FOR_U64_ALIGNMENT 3194 def_bool y 3195 depends on COMPAT 3196 3197endmenu 3198 3199config HAVE_ATOMIC_IOMAP 3200 def_bool y 3201 depends on X86_32 3202 3203source "arch/x86/kvm/Kconfig" 3204 3205source "arch/x86/Kconfig.assembler" 3206