1# SPDX-License-Identifier: GPL-2.0 2# 3# General architecture dependent options 4# 5 6# 7# Note: arch/$(SRCARCH)/Kconfig needs to be included first so that it can 8# override the default values in this file. 9# 10source "arch/$(SRCARCH)/Kconfig" 11 12menu "General architecture-dependent options" 13 14config ARCH_HAS_SUBPAGE_FAULTS 15 bool 16 help 17 Select if the architecture can check permissions at sub-page 18 granularity (e.g. arm64 MTE). The probe_user_*() functions 19 must be implemented. 20 21config HOTPLUG_SMT 22 bool 23 24config SMT_NUM_THREADS_DYNAMIC 25 bool 26 27# Selected by HOTPLUG_CORE_SYNC_DEAD or HOTPLUG_CORE_SYNC_FULL 28config HOTPLUG_CORE_SYNC 29 bool 30 31# Basic CPU dead synchronization selected by architecture 32config HOTPLUG_CORE_SYNC_DEAD 33 bool 34 select HOTPLUG_CORE_SYNC 35 36# Full CPU synchronization with alive state selected by architecture 37config HOTPLUG_CORE_SYNC_FULL 38 bool 39 select HOTPLUG_CORE_SYNC_DEAD if HOTPLUG_CPU 40 select HOTPLUG_CORE_SYNC 41 42config HOTPLUG_SPLIT_STARTUP 43 bool 44 select HOTPLUG_CORE_SYNC_FULL 45 46config HOTPLUG_PARALLEL 47 bool 48 select HOTPLUG_SPLIT_STARTUP 49 50config GENERIC_ENTRY 51 bool 52 53config KPROBES 54 bool "Kprobes" 55 depends on MODULES 56 depends on HAVE_KPROBES 57 select KALLSYMS 58 select TASKS_RCU if PREEMPTION 59 help 60 Kprobes allows you to trap at almost any kernel address and 61 execute a callback function. register_kprobe() establishes 62 a probepoint and specifies the callback. Kprobes is useful 63 for kernel debugging, non-intrusive instrumentation and testing. 64 If in doubt, say "N". 65 66config JUMP_LABEL 67 bool "Optimize very unlikely/likely branches" 68 depends on HAVE_ARCH_JUMP_LABEL 69 select OBJTOOL if HAVE_JUMP_LABEL_HACK 70 help 71 This option enables a transparent branch optimization that 72 makes certain almost-always-true or almost-always-false branch 73 conditions even cheaper to execute within the kernel. 74 75 Certain performance-sensitive kernel code, such as trace points, 76 scheduler functionality, networking code and KVM have such 77 branches and include support for this optimization technique. 78 79 If it is detected that the compiler has support for "asm goto", 80 the kernel will compile such branches with just a nop 81 instruction. When the condition flag is toggled to true, the 82 nop will be converted to a jump instruction to execute the 83 conditional block of instructions. 84 85 This technique lowers overhead and stress on the branch prediction 86 of the processor and generally makes the kernel faster. The update 87 of the condition is slower, but those are always very rare. 88 89 ( On 32-bit x86, the necessary options added to the compiler 90 flags may increase the size of the kernel slightly. ) 91 92config STATIC_KEYS_SELFTEST 93 bool "Static key selftest" 94 depends on JUMP_LABEL 95 help 96 Boot time self-test of the branch patching code. 97 98config STATIC_CALL_SELFTEST 99 bool "Static call selftest" 100 depends on HAVE_STATIC_CALL 101 help 102 Boot time self-test of the call patching code. 103 104config OPTPROBES 105 def_bool y 106 depends on KPROBES && HAVE_OPTPROBES 107 select TASKS_RCU if PREEMPTION 108 109config KPROBES_ON_FTRACE 110 def_bool y 111 depends on KPROBES && HAVE_KPROBES_ON_FTRACE 112 depends on DYNAMIC_FTRACE_WITH_REGS 113 help 114 If function tracer is enabled and the arch supports full 115 passing of pt_regs to function tracing, then kprobes can 116 optimize on top of function tracing. 117 118config UPROBES 119 def_bool n 120 depends on ARCH_SUPPORTS_UPROBES 121 help 122 Uprobes is the user-space counterpart to kprobes: they 123 enable instrumentation applications (such as 'perf probe') 124 to establish unintrusive probes in user-space binaries and 125 libraries, by executing handler functions when the probes 126 are hit by user-space applications. 127 128 ( These probes come in the form of single-byte breakpoints, 129 managed by the kernel and kept transparent to the probed 130 application. ) 131 132config HAVE_64BIT_ALIGNED_ACCESS 133 def_bool 64BIT && !HAVE_EFFICIENT_UNALIGNED_ACCESS 134 help 135 Some architectures require 64 bit accesses to be 64 bit 136 aligned, which also requires structs containing 64 bit values 137 to be 64 bit aligned too. This includes some 32 bit 138 architectures which can do 64 bit accesses, as well as 64 bit 139 architectures without unaligned access. 140 141 This symbol should be selected by an architecture if 64 bit 142 accesses are required to be 64 bit aligned in this way even 143 though it is not a 64 bit architecture. 144 145 See Documentation/core-api/unaligned-memory-access.rst for 146 more information on the topic of unaligned memory accesses. 147 148config HAVE_EFFICIENT_UNALIGNED_ACCESS 149 bool 150 help 151 Some architectures are unable to perform unaligned accesses 152 without the use of get_unaligned/put_unaligned. Others are 153 unable to perform such accesses efficiently (e.g. trap on 154 unaligned access and require fixing it up in the exception 155 handler.) 156 157 This symbol should be selected by an architecture if it can 158 perform unaligned accesses efficiently to allow different 159 code paths to be selected for these cases. Some network 160 drivers, for example, could opt to not fix up alignment 161 problems with received packets if doing so would not help 162 much. 163 164 See Documentation/core-api/unaligned-memory-access.rst for more 165 information on the topic of unaligned memory accesses. 166 167config ARCH_USE_BUILTIN_BSWAP 168 bool 169 help 170 Modern versions of GCC (since 4.4) have builtin functions 171 for handling byte-swapping. Using these, instead of the old 172 inline assembler that the architecture code provides in the 173 __arch_bswapXX() macros, allows the compiler to see what's 174 happening and offers more opportunity for optimisation. In 175 particular, the compiler will be able to combine the byteswap 176 with a nearby load or store and use load-and-swap or 177 store-and-swap instructions if the architecture has them. It 178 should almost *never* result in code which is worse than the 179 hand-coded assembler in <asm/swab.h>. But just in case it 180 does, the use of the builtins is optional. 181 182 Any architecture with load-and-swap or store-and-swap 183 instructions should set this. And it shouldn't hurt to set it 184 on architectures that don't have such instructions. 185 186config KRETPROBES 187 def_bool y 188 depends on KPROBES && (HAVE_KRETPROBES || HAVE_RETHOOK) 189 190config KRETPROBE_ON_RETHOOK 191 def_bool y 192 depends on HAVE_RETHOOK 193 depends on KRETPROBES 194 select RETHOOK 195 196config USER_RETURN_NOTIFIER 197 bool 198 depends on HAVE_USER_RETURN_NOTIFIER 199 help 200 Provide a kernel-internal notification when a cpu is about to 201 switch to user mode. 202 203config HAVE_IOREMAP_PROT 204 bool 205 206config HAVE_KPROBES 207 bool 208 209config HAVE_KRETPROBES 210 bool 211 212config HAVE_OPTPROBES 213 bool 214 215config HAVE_KPROBES_ON_FTRACE 216 bool 217 218config ARCH_CORRECT_STACKTRACE_ON_KRETPROBE 219 bool 220 help 221 Since kretprobes modifies return address on the stack, the 222 stacktrace may see the kretprobe trampoline address instead 223 of correct one. If the architecture stacktrace code and 224 unwinder can adjust such entries, select this configuration. 225 226config HAVE_FUNCTION_ERROR_INJECTION 227 bool 228 229config HAVE_NMI 230 bool 231 232config HAVE_FUNCTION_DESCRIPTORS 233 bool 234 235config TRACE_IRQFLAGS_SUPPORT 236 bool 237 238config TRACE_IRQFLAGS_NMI_SUPPORT 239 bool 240 241# 242# An arch should select this if it provides all these things: 243# 244# task_pt_regs() in asm/processor.h or asm/ptrace.h 245# arch_has_single_step() if there is hardware single-step support 246# arch_has_block_step() if there is hardware block-step support 247# asm/syscall.h supplying asm-generic/syscall.h interface 248# linux/regset.h user_regset interfaces 249# CORE_DUMP_USE_REGSET #define'd in linux/elf.h 250# TIF_SYSCALL_TRACE calls ptrace_report_syscall_{entry,exit} 251# TIF_NOTIFY_RESUME calls resume_user_mode_work() 252# 253config HAVE_ARCH_TRACEHOOK 254 bool 255 256config HAVE_DMA_CONTIGUOUS 257 bool 258 259config GENERIC_SMP_IDLE_THREAD 260 bool 261 262config GENERIC_IDLE_POLL_SETUP 263 bool 264 265config ARCH_HAS_FORTIFY_SOURCE 266 bool 267 help 268 An architecture should select this when it can successfully 269 build and run with CONFIG_FORTIFY_SOURCE. 270 271# 272# Select if the arch provides a historic keepinit alias for the retain_initrd 273# command line option 274# 275config ARCH_HAS_KEEPINITRD 276 bool 277 278# Select if arch has all set_memory_ro/rw/x/nx() functions in asm/cacheflush.h 279config ARCH_HAS_SET_MEMORY 280 bool 281 282# Select if arch has all set_direct_map_invalid/default() functions 283config ARCH_HAS_SET_DIRECT_MAP 284 bool 285 286# 287# Select if the architecture provides the arch_dma_set_uncached symbol to 288# either provide an uncached segment alias for a DMA allocation, or 289# to remap the page tables in place. 290# 291config ARCH_HAS_DMA_SET_UNCACHED 292 bool 293 294# 295# Select if the architectures provides the arch_dma_clear_uncached symbol 296# to undo an in-place page table remap for uncached access. 297# 298config ARCH_HAS_DMA_CLEAR_UNCACHED 299 bool 300 301config ARCH_HAS_CPU_FINALIZE_INIT 302 bool 303 304# The architecture has a per-task state that includes the mm's PASID 305config ARCH_HAS_CPU_PASID 306 bool 307 select IOMMU_MM_DATA 308 309config HAVE_ARCH_THREAD_STRUCT_WHITELIST 310 bool 311 help 312 An architecture should select this to provide hardened usercopy 313 knowledge about what region of the thread_struct should be 314 whitelisted for copying to userspace. Normally this is only the 315 FPU registers. Specifically, arch_thread_struct_whitelist() 316 should be implemented. Without this, the entire thread_struct 317 field in task_struct will be left whitelisted. 318 319# Select if arch wants to size task_struct dynamically via arch_task_struct_size: 320config ARCH_WANTS_DYNAMIC_TASK_STRUCT 321 bool 322 323config ARCH_WANTS_NO_INSTR 324 bool 325 help 326 An architecture should select this if the noinstr macro is being used on 327 functions to denote that the toolchain should avoid instrumenting such 328 functions and is required for correctness. 329 330config ARCH_32BIT_OFF_T 331 bool 332 depends on !64BIT 333 help 334 All new 32-bit architectures should have 64-bit off_t type on 335 userspace side which corresponds to the loff_t kernel type. This 336 is the requirement for modern ABIs. Some existing architectures 337 still support 32-bit off_t. This option is enabled for all such 338 architectures explicitly. 339 340# Selected by 64 bit architectures which have a 32 bit f_tinode in struct ustat 341config ARCH_32BIT_USTAT_F_TINODE 342 bool 343 344config HAVE_ASM_MODVERSIONS 345 bool 346 help 347 This symbol should be selected by an architecture if it provides 348 <asm/asm-prototypes.h> to support the module versioning for symbols 349 exported from assembly code. 350 351config HAVE_REGS_AND_STACK_ACCESS_API 352 bool 353 help 354 This symbol should be selected by an architecture if it supports 355 the API needed to access registers and stack entries from pt_regs, 356 declared in asm/ptrace.h 357 For example the kprobes-based event tracer needs this API. 358 359config HAVE_RSEQ 360 bool 361 depends on HAVE_REGS_AND_STACK_ACCESS_API 362 help 363 This symbol should be selected by an architecture if it 364 supports an implementation of restartable sequences. 365 366config HAVE_RUST 367 bool 368 help 369 This symbol should be selected by an architecture if it 370 supports Rust. 371 372config HAVE_FUNCTION_ARG_ACCESS_API 373 bool 374 help 375 This symbol should be selected by an architecture if it supports 376 the API needed to access function arguments from pt_regs, 377 declared in asm/ptrace.h 378 379config HAVE_HW_BREAKPOINT 380 bool 381 depends on PERF_EVENTS 382 383config HAVE_MIXED_BREAKPOINTS_REGS 384 bool 385 depends on HAVE_HW_BREAKPOINT 386 help 387 Depending on the arch implementation of hardware breakpoints, 388 some of them have separate registers for data and instruction 389 breakpoints addresses, others have mixed registers to store 390 them but define the access type in a control register. 391 Select this option if your arch implements breakpoints under the 392 latter fashion. 393 394config HAVE_USER_RETURN_NOTIFIER 395 bool 396 397config HAVE_PERF_EVENTS_NMI 398 bool 399 help 400 System hardware can generate an NMI using the perf event 401 subsystem. Also has support for calculating CPU cycle events 402 to determine how many clock cycles in a given period. 403 404config HAVE_HARDLOCKUP_DETECTOR_PERF 405 bool 406 depends on HAVE_PERF_EVENTS_NMI 407 help 408 The arch chooses to use the generic perf-NMI-based hardlockup 409 detector. Must define HAVE_PERF_EVENTS_NMI. 410 411config HAVE_HARDLOCKUP_DETECTOR_ARCH 412 bool 413 help 414 The arch provides its own hardlockup detector implementation instead 415 of the generic ones. 416 417 It uses the same command line parameters, and sysctl interface, 418 as the generic hardlockup detectors. 419 420config HAVE_PERF_REGS 421 bool 422 help 423 Support selective register dumps for perf events. This includes 424 bit-mapping of each registers and a unique architecture id. 425 426config HAVE_PERF_USER_STACK_DUMP 427 bool 428 help 429 Support user stack dumps for perf event samples. This needs 430 access to the user stack pointer which is not unified across 431 architectures. 432 433config HAVE_ARCH_JUMP_LABEL 434 bool 435 436config HAVE_ARCH_JUMP_LABEL_RELATIVE 437 bool 438 439config MMU_GATHER_TABLE_FREE 440 bool 441 442config MMU_GATHER_RCU_TABLE_FREE 443 bool 444 select MMU_GATHER_TABLE_FREE 445 446config MMU_GATHER_PAGE_SIZE 447 bool 448 449config MMU_GATHER_NO_RANGE 450 bool 451 select MMU_GATHER_MERGE_VMAS 452 453config MMU_GATHER_NO_FLUSH_CACHE 454 bool 455 456config MMU_GATHER_MERGE_VMAS 457 bool 458 459config MMU_GATHER_NO_GATHER 460 bool 461 depends on MMU_GATHER_TABLE_FREE 462 463config ARCH_WANT_IRQS_OFF_ACTIVATE_MM 464 bool 465 help 466 Temporary select until all architectures can be converted to have 467 irqs disabled over activate_mm. Architectures that do IPI based TLB 468 shootdowns should enable this. 469 470# Use normal mm refcounting for MMU_LAZY_TLB kernel thread references. 471# MMU_LAZY_TLB_REFCOUNT=n can improve the scalability of context switching 472# to/from kernel threads when the same mm is running on a lot of CPUs (a large 473# multi-threaded application), by reducing contention on the mm refcount. 474# 475# This can be disabled if the architecture ensures no CPUs are using an mm as a 476# "lazy tlb" beyond its final refcount (i.e., by the time __mmdrop frees the mm 477# or its kernel page tables). This could be arranged by arch_exit_mmap(), or 478# final exit(2) TLB flush, for example. 479# 480# To implement this, an arch *must*: 481# Ensure the _lazy_tlb variants of mmgrab/mmdrop are used when manipulating 482# the lazy tlb reference of a kthread's ->active_mm (non-arch code has been 483# converted already). 484config MMU_LAZY_TLB_REFCOUNT 485 def_bool y 486 depends on !MMU_LAZY_TLB_SHOOTDOWN 487 488# This option allows MMU_LAZY_TLB_REFCOUNT=n. It ensures no CPUs are using an 489# mm as a lazy tlb beyond its last reference count, by shooting down these 490# users before the mm is deallocated. __mmdrop() first IPIs all CPUs that may 491# be using the mm as a lazy tlb, so that they may switch themselves to using 492# init_mm for their active mm. mm_cpumask(mm) is used to determine which CPUs 493# may be using mm as a lazy tlb mm. 494# 495# To implement this, an arch *must*: 496# - At the time of the final mmdrop of the mm, ensure mm_cpumask(mm) contains 497# at least all possible CPUs in which the mm is lazy. 498# - It must meet the requirements for MMU_LAZY_TLB_REFCOUNT=n (see above). 499config MMU_LAZY_TLB_SHOOTDOWN 500 bool 501 502config ARCH_HAVE_NMI_SAFE_CMPXCHG 503 bool 504 505config ARCH_HAS_NMI_SAFE_THIS_CPU_OPS 506 bool 507 508config HAVE_ALIGNED_STRUCT_PAGE 509 bool 510 help 511 This makes sure that struct pages are double word aligned and that 512 e.g. the SLUB allocator can perform double word atomic operations 513 on a struct page for better performance. However selecting this 514 might increase the size of a struct page by a word. 515 516config HAVE_CMPXCHG_LOCAL 517 bool 518 519config HAVE_CMPXCHG_DOUBLE 520 bool 521 522config ARCH_WEAK_RELEASE_ACQUIRE 523 bool 524 525config ARCH_WANT_IPC_PARSE_VERSION 526 bool 527 528config ARCH_WANT_COMPAT_IPC_PARSE_VERSION 529 bool 530 531config ARCH_WANT_OLD_COMPAT_IPC 532 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION 533 bool 534 535config HAVE_ARCH_SECCOMP 536 bool 537 help 538 An arch should select this symbol to support seccomp mode 1 (the fixed 539 syscall policy), and must provide an overrides for __NR_seccomp_sigreturn, 540 and compat syscalls if the asm-generic/seccomp.h defaults need adjustment: 541 - __NR_seccomp_read_32 542 - __NR_seccomp_write_32 543 - __NR_seccomp_exit_32 544 - __NR_seccomp_sigreturn_32 545 546config HAVE_ARCH_SECCOMP_FILTER 547 bool 548 select HAVE_ARCH_SECCOMP 549 help 550 An arch should select this symbol if it provides all of these things: 551 - all the requirements for HAVE_ARCH_SECCOMP 552 - syscall_get_arch() 553 - syscall_get_arguments() 554 - syscall_rollback() 555 - syscall_set_return_value() 556 - SIGSYS siginfo_t support 557 - secure_computing is called from a ptrace_event()-safe context 558 - secure_computing return value is checked and a return value of -1 559 results in the system call being skipped immediately. 560 - seccomp syscall wired up 561 - if !HAVE_SPARSE_SYSCALL_NR, have SECCOMP_ARCH_NATIVE, 562 SECCOMP_ARCH_NATIVE_NR, SECCOMP_ARCH_NATIVE_NAME defined. If 563 COMPAT is supported, have the SECCOMP_ARCH_COMPAT* defines too. 564 565config SECCOMP 566 prompt "Enable seccomp to safely execute untrusted bytecode" 567 def_bool y 568 depends on HAVE_ARCH_SECCOMP 569 help 570 This kernel feature is useful for number crunching applications 571 that may need to handle untrusted bytecode during their 572 execution. By using pipes or other transports made available 573 to the process as file descriptors supporting the read/write 574 syscalls, it's possible to isolate those applications in their 575 own address space using seccomp. Once seccomp is enabled via 576 prctl(PR_SET_SECCOMP) or the seccomp() syscall, it cannot be 577 disabled and the task is only allowed to execute a few safe 578 syscalls defined by each seccomp mode. 579 580 If unsure, say Y. 581 582config SECCOMP_FILTER 583 def_bool y 584 depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET 585 help 586 Enable tasks to build secure computing environments defined 587 in terms of Berkeley Packet Filter programs which implement 588 task-defined system call filtering polices. 589 590 See Documentation/userspace-api/seccomp_filter.rst for details. 591 592config SECCOMP_CACHE_DEBUG 593 bool "Show seccomp filter cache status in /proc/pid/seccomp_cache" 594 depends on SECCOMP_FILTER && !HAVE_SPARSE_SYSCALL_NR 595 depends on PROC_FS 596 help 597 This enables the /proc/pid/seccomp_cache interface to monitor 598 seccomp cache data. The file format is subject to change. Reading 599 the file requires CAP_SYS_ADMIN. 600 601 This option is for debugging only. Enabling presents the risk that 602 an adversary may be able to infer the seccomp filter logic. 603 604 If unsure, say N. 605 606config HAVE_ARCH_STACKLEAK 607 bool 608 help 609 An architecture should select this if it has the code which 610 fills the used part of the kernel stack with the STACKLEAK_POISON 611 value before returning from system calls. 612 613config HAVE_STACKPROTECTOR 614 bool 615 help 616 An arch should select this symbol if: 617 - it has implemented a stack canary (e.g. __stack_chk_guard) 618 619config STACKPROTECTOR 620 bool "Stack Protector buffer overflow detection" 621 depends on HAVE_STACKPROTECTOR 622 depends on $(cc-option,-fstack-protector) 623 default y 624 help 625 This option turns on the "stack-protector" GCC feature. This 626 feature puts, at the beginning of functions, a canary value on 627 the stack just before the return address, and validates 628 the value just before actually returning. Stack based buffer 629 overflows (that need to overwrite this return address) now also 630 overwrite the canary, which gets detected and the attack is then 631 neutralized via a kernel panic. 632 633 Functions will have the stack-protector canary logic added if they 634 have an 8-byte or larger character array on the stack. 635 636 This feature requires gcc version 4.2 or above, or a distribution 637 gcc with the feature backported ("-fstack-protector"). 638 639 On an x86 "defconfig" build, this feature adds canary checks to 640 about 3% of all kernel functions, which increases kernel code size 641 by about 0.3%. 642 643config STACKPROTECTOR_STRONG 644 bool "Strong Stack Protector" 645 depends on STACKPROTECTOR 646 depends on $(cc-option,-fstack-protector-strong) 647 default y 648 help 649 Functions will have the stack-protector canary logic added in any 650 of the following conditions: 651 652 - local variable's address used as part of the right hand side of an 653 assignment or function argument 654 - local variable is an array (or union containing an array), 655 regardless of array type or length 656 - uses register local variables 657 658 This feature requires gcc version 4.9 or above, or a distribution 659 gcc with the feature backported ("-fstack-protector-strong"). 660 661 On an x86 "defconfig" build, this feature adds canary checks to 662 about 20% of all kernel functions, which increases the kernel code 663 size by about 2%. 664 665config ARCH_SUPPORTS_SHADOW_CALL_STACK 666 bool 667 help 668 An architecture should select this if it supports the compiler's 669 Shadow Call Stack and implements runtime support for shadow stack 670 switching. 671 672config SHADOW_CALL_STACK 673 bool "Shadow Call Stack" 674 depends on ARCH_SUPPORTS_SHADOW_CALL_STACK 675 depends on DYNAMIC_FTRACE_WITH_ARGS || DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER 676 depends on MMU 677 help 678 This option enables the compiler's Shadow Call Stack, which 679 uses a shadow stack to protect function return addresses from 680 being overwritten by an attacker. More information can be found 681 in the compiler's documentation: 682 683 - Clang: https://clang.llvm.org/docs/ShadowCallStack.html 684 - GCC: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options 685 686 Note that security guarantees in the kernel differ from the 687 ones documented for user space. The kernel must store addresses 688 of shadow stacks in memory, which means an attacker capable of 689 reading and writing arbitrary memory may be able to locate them 690 and hijack control flow by modifying the stacks. 691 692config DYNAMIC_SCS 693 bool 694 help 695 Set by the arch code if it relies on code patching to insert the 696 shadow call stack push and pop instructions rather than on the 697 compiler. 698 699config LTO 700 bool 701 help 702 Selected if the kernel will be built using the compiler's LTO feature. 703 704config LTO_CLANG 705 bool 706 select LTO 707 help 708 Selected if the kernel will be built using Clang's LTO feature. 709 710config ARCH_SUPPORTS_LTO_CLANG 711 bool 712 help 713 An architecture should select this option if it supports: 714 - compiling with Clang, 715 - compiling inline assembly with Clang's integrated assembler, 716 - and linking with LLD. 717 718config ARCH_SUPPORTS_LTO_CLANG_THIN 719 bool 720 help 721 An architecture should select this option if it can support Clang's 722 ThinLTO mode. 723 724config HAS_LTO_CLANG 725 def_bool y 726 depends on CC_IS_CLANG && LD_IS_LLD && AS_IS_LLVM 727 depends on $(success,$(NM) --help | head -n 1 | grep -qi llvm) 728 depends on $(success,$(AR) --help | head -n 1 | grep -qi llvm) 729 depends on ARCH_SUPPORTS_LTO_CLANG 730 depends on !FTRACE_MCOUNT_USE_RECORDMCOUNT 731 # https://github.com/ClangBuiltLinux/linux/issues/1721 732 depends on (!KASAN || KASAN_HW_TAGS || CLANG_VERSION >= 170000) || !DEBUG_INFO 733 depends on (!KCOV || CLANG_VERSION >= 170000) || !DEBUG_INFO 734 depends on !GCOV_KERNEL 735 help 736 The compiler and Kconfig options support building with Clang's 737 LTO. 738 739choice 740 prompt "Link Time Optimization (LTO)" 741 default LTO_NONE 742 help 743 This option enables Link Time Optimization (LTO), which allows the 744 compiler to optimize binaries globally. 745 746 If unsure, select LTO_NONE. Note that LTO is very resource-intensive 747 so it's disabled by default. 748 749config LTO_NONE 750 bool "None" 751 help 752 Build the kernel normally, without Link Time Optimization (LTO). 753 754config LTO_CLANG_FULL 755 bool "Clang Full LTO (EXPERIMENTAL)" 756 depends on HAS_LTO_CLANG 757 depends on !COMPILE_TEST 758 select LTO_CLANG 759 help 760 This option enables Clang's full Link Time Optimization (LTO), which 761 allows the compiler to optimize the kernel globally. If you enable 762 this option, the compiler generates LLVM bitcode instead of ELF 763 object files, and the actual compilation from bitcode happens at 764 the LTO link step, which may take several minutes depending on the 765 kernel configuration. More information can be found from LLVM's 766 documentation: 767 768 https://llvm.org/docs/LinkTimeOptimization.html 769 770 During link time, this option can use a large amount of RAM, and 771 may take much longer than the ThinLTO option. 772 773config LTO_CLANG_THIN 774 bool "Clang ThinLTO (EXPERIMENTAL)" 775 depends on HAS_LTO_CLANG && ARCH_SUPPORTS_LTO_CLANG_THIN 776 select LTO_CLANG 777 help 778 This option enables Clang's ThinLTO, which allows for parallel 779 optimization and faster incremental compiles compared to the 780 CONFIG_LTO_CLANG_FULL option. More information can be found 781 from Clang's documentation: 782 783 https://clang.llvm.org/docs/ThinLTO.html 784 785 If unsure, say Y. 786endchoice 787 788config ARCH_SUPPORTS_CFI_CLANG 789 bool 790 help 791 An architecture should select this option if it can support Clang's 792 Control-Flow Integrity (CFI) checking. 793 794config ARCH_USES_CFI_TRAPS 795 bool 796 797config CFI_CLANG 798 bool "Use Clang's Control Flow Integrity (CFI)" 799 depends on ARCH_SUPPORTS_CFI_CLANG 800 depends on $(cc-option,-fsanitize=kcfi) 801 help 802 This option enables Clang's forward-edge Control Flow Integrity 803 (CFI) checking, where the compiler injects a runtime check to each 804 indirect function call to ensure the target is a valid function with 805 the correct static type. This restricts possible call targets and 806 makes it more difficult for an attacker to exploit bugs that allow 807 the modification of stored function pointers. More information can be 808 found from Clang's documentation: 809 810 https://clang.llvm.org/docs/ControlFlowIntegrity.html 811 812config CFI_PERMISSIVE 813 bool "Use CFI in permissive mode" 814 depends on CFI_CLANG 815 help 816 When selected, Control Flow Integrity (CFI) violations result in a 817 warning instead of a kernel panic. This option should only be used 818 for finding indirect call type mismatches during development. 819 820 If unsure, say N. 821 822config HAVE_ARCH_WITHIN_STACK_FRAMES 823 bool 824 help 825 An architecture should select this if it can walk the kernel stack 826 frames to determine if an object is part of either the arguments 827 or local variables (i.e. that it excludes saved return addresses, 828 and similar) by implementing an inline arch_within_stack_frames(), 829 which is used by CONFIG_HARDENED_USERCOPY. 830 831config HAVE_CONTEXT_TRACKING_USER 832 bool 833 help 834 Provide kernel/user boundaries probes necessary for subsystems 835 that need it, such as userspace RCU extended quiescent state. 836 Syscalls need to be wrapped inside user_exit()-user_enter(), either 837 optimized behind static key or through the slow path using TIF_NOHZ 838 flag. Exceptions handlers must be wrapped as well. Irqs are already 839 protected inside ct_irq_enter/ct_irq_exit() but preemption or signal 840 handling on irq exit still need to be protected. 841 842config HAVE_CONTEXT_TRACKING_USER_OFFSTACK 843 bool 844 help 845 Architecture neither relies on exception_enter()/exception_exit() 846 nor on schedule_user(). Also preempt_schedule_notrace() and 847 preempt_schedule_irq() can't be called in a preemptible section 848 while context tracking is CONTEXT_USER. This feature reflects a sane 849 entry implementation where the following requirements are met on 850 critical entry code, ie: before user_exit() or after user_enter(): 851 852 - Critical entry code isn't preemptible (or better yet: 853 not interruptible). 854 - No use of RCU read side critical sections, unless ct_nmi_enter() 855 got called. 856 - No use of instrumentation, unless instrumentation_begin() got 857 called. 858 859config HAVE_TIF_NOHZ 860 bool 861 help 862 Arch relies on TIF_NOHZ and syscall slow path to implement context 863 tracking calls to user_enter()/user_exit(). 864 865config HAVE_VIRT_CPU_ACCOUNTING 866 bool 867 868config HAVE_VIRT_CPU_ACCOUNTING_IDLE 869 bool 870 help 871 Architecture has its own way to account idle CPU time and therefore 872 doesn't implement vtime_account_idle(). 873 874config ARCH_HAS_SCALED_CPUTIME 875 bool 876 877config HAVE_VIRT_CPU_ACCOUNTING_GEN 878 bool 879 default y if 64BIT 880 help 881 With VIRT_CPU_ACCOUNTING_GEN, cputime_t becomes 64-bit. 882 Before enabling this option, arch code must be audited 883 to ensure there are no races in concurrent read/write of 884 cputime_t. For example, reading/writing 64-bit cputime_t on 885 some 32-bit arches may require multiple accesses, so proper 886 locking is needed to protect against concurrent accesses. 887 888config HAVE_IRQ_TIME_ACCOUNTING 889 bool 890 help 891 Archs need to ensure they use a high enough resolution clock to 892 support irq time accounting and then call enable_sched_clock_irqtime(). 893 894config HAVE_MOVE_PUD 895 bool 896 help 897 Architectures that select this are able to move page tables at the 898 PUD level. If there are only 3 page table levels, the move effectively 899 happens at the PGD level. 900 901config HAVE_MOVE_PMD 902 bool 903 help 904 Archs that select this are able to move page tables at the PMD level. 905 906config HAVE_ARCH_TRANSPARENT_HUGEPAGE 907 bool 908 909config HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD 910 bool 911 912config HAVE_ARCH_HUGE_VMAP 913 bool 914 915# 916# Archs that select this would be capable of PMD-sized vmaps (i.e., 917# arch_vmap_pmd_supported() returns true). The VM_ALLOW_HUGE_VMAP flag 918# must be used to enable allocations to use hugepages. 919# 920config HAVE_ARCH_HUGE_VMALLOC 921 depends on HAVE_ARCH_HUGE_VMAP 922 bool 923 924config ARCH_WANT_HUGE_PMD_SHARE 925 bool 926 927# Archs that want to use pmd_mkwrite on kernel memory need it defined even 928# if there are no userspace memory management features that use it 929config ARCH_WANT_KERNEL_PMD_MKWRITE 930 bool 931 932config ARCH_WANT_PMD_MKWRITE 933 def_bool TRANSPARENT_HUGEPAGE || ARCH_WANT_KERNEL_PMD_MKWRITE 934 935config HAVE_ARCH_SOFT_DIRTY 936 bool 937 938config HAVE_MOD_ARCH_SPECIFIC 939 bool 940 help 941 The arch uses struct mod_arch_specific to store data. Many arches 942 just need a simple module loader without arch specific data - those 943 should not enable this. 944 945config MODULES_USE_ELF_RELA 946 bool 947 help 948 Modules only use ELF RELA relocations. Modules with ELF REL 949 relocations will give an error. 950 951config MODULES_USE_ELF_REL 952 bool 953 help 954 Modules only use ELF REL relocations. Modules with ELF RELA 955 relocations will give an error. 956 957config ARCH_WANTS_MODULES_DATA_IN_VMALLOC 958 bool 959 help 960 For architectures like powerpc/32 which have constraints on module 961 allocation and need to allocate module data outside of module area. 962 963config HAVE_IRQ_EXIT_ON_IRQ_STACK 964 bool 965 help 966 Architecture doesn't only execute the irq handler on the irq stack 967 but also irq_exit(). This way we can process softirqs on this irq 968 stack instead of switching to a new one when we call __do_softirq() 969 in the end of an hardirq. 970 This spares a stack switch and improves cache usage on softirq 971 processing. 972 973config HAVE_SOFTIRQ_ON_OWN_STACK 974 bool 975 help 976 Architecture provides a function to run __do_softirq() on a 977 separate stack. 978 979config SOFTIRQ_ON_OWN_STACK 980 def_bool HAVE_SOFTIRQ_ON_OWN_STACK && !PREEMPT_RT 981 982config ALTERNATE_USER_ADDRESS_SPACE 983 bool 984 help 985 Architectures set this when the CPU uses separate address 986 spaces for kernel and user space pointers. In this case, the 987 access_ok() check on a __user pointer is skipped. 988 989config PGTABLE_LEVELS 990 int 991 default 2 992 993config ARCH_HAS_ELF_RANDOMIZE 994 bool 995 help 996 An architecture supports choosing randomized locations for 997 stack, mmap, brk, and ET_DYN. Defined functions: 998 - arch_mmap_rnd() 999 - arch_randomize_brk() 1000 1001config HAVE_ARCH_MMAP_RND_BITS 1002 bool 1003 help 1004 An arch should select this symbol if it supports setting a variable 1005 number of bits for use in establishing the base address for mmap 1006 allocations, has MMU enabled and provides values for both: 1007 - ARCH_MMAP_RND_BITS_MIN 1008 - ARCH_MMAP_RND_BITS_MAX 1009 1010config HAVE_EXIT_THREAD 1011 bool 1012 help 1013 An architecture implements exit_thread. 1014 1015config ARCH_MMAP_RND_BITS_MIN 1016 int 1017 1018config ARCH_MMAP_RND_BITS_MAX 1019 int 1020 1021config ARCH_MMAP_RND_BITS_DEFAULT 1022 int 1023 1024config ARCH_MMAP_RND_BITS 1025 int "Number of bits to use for ASLR of mmap base address" if EXPERT 1026 range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX 1027 default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT 1028 default ARCH_MMAP_RND_BITS_MIN 1029 depends on HAVE_ARCH_MMAP_RND_BITS 1030 help 1031 This value can be used to select the number of bits to use to 1032 determine the random offset to the base address of vma regions 1033 resulting from mmap allocations. This value will be bounded 1034 by the architecture's minimum and maximum supported values. 1035 1036 This value can be changed after boot using the 1037 /proc/sys/vm/mmap_rnd_bits tunable 1038 1039config HAVE_ARCH_MMAP_RND_COMPAT_BITS 1040 bool 1041 help 1042 An arch should select this symbol if it supports running applications 1043 in compatibility mode, supports setting a variable number of bits for 1044 use in establishing the base address for mmap allocations, has MMU 1045 enabled and provides values for both: 1046 - ARCH_MMAP_RND_COMPAT_BITS_MIN 1047 - ARCH_MMAP_RND_COMPAT_BITS_MAX 1048 1049config ARCH_MMAP_RND_COMPAT_BITS_MIN 1050 int 1051 1052config ARCH_MMAP_RND_COMPAT_BITS_MAX 1053 int 1054 1055config ARCH_MMAP_RND_COMPAT_BITS_DEFAULT 1056 int 1057 1058config ARCH_MMAP_RND_COMPAT_BITS 1059 int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT 1060 range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX 1061 default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT 1062 default ARCH_MMAP_RND_COMPAT_BITS_MIN 1063 depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS 1064 help 1065 This value can be used to select the number of bits to use to 1066 determine the random offset to the base address of vma regions 1067 resulting from mmap allocations for compatible applications This 1068 value will be bounded by the architecture's minimum and maximum 1069 supported values. 1070 1071 This value can be changed after boot using the 1072 /proc/sys/vm/mmap_rnd_compat_bits tunable 1073 1074config HAVE_ARCH_COMPAT_MMAP_BASES 1075 bool 1076 help 1077 This allows 64bit applications to invoke 32-bit mmap() syscall 1078 and vice-versa 32-bit applications to call 64-bit mmap(). 1079 Required for applications doing different bitness syscalls. 1080 1081config HAVE_PAGE_SIZE_4KB 1082 bool 1083 1084config HAVE_PAGE_SIZE_8KB 1085 bool 1086 1087config HAVE_PAGE_SIZE_16KB 1088 bool 1089 1090config HAVE_PAGE_SIZE_32KB 1091 bool 1092 1093config HAVE_PAGE_SIZE_64KB 1094 bool 1095 1096config HAVE_PAGE_SIZE_256KB 1097 bool 1098 1099choice 1100 prompt "MMU page size" 1101 1102config PAGE_SIZE_4KB 1103 bool "4KiB pages" 1104 depends on HAVE_PAGE_SIZE_4KB 1105 help 1106 This option select the standard 4KiB Linux page size and the only 1107 available option on many architectures. Using 4KiB page size will 1108 minimize memory consumption and is therefore recommended for low 1109 memory systems. 1110 Some software that is written for x86 systems makes incorrect 1111 assumptions about the page size and only runs on 4KiB pages. 1112 1113config PAGE_SIZE_8KB 1114 bool "8KiB pages" 1115 depends on HAVE_PAGE_SIZE_8KB 1116 help 1117 This option is the only supported page size on a few older 1118 processors, and can be slightly faster than 4KiB pages. 1119 1120config PAGE_SIZE_16KB 1121 bool "16KiB pages" 1122 depends on HAVE_PAGE_SIZE_16KB 1123 help 1124 This option is usually a good compromise between memory 1125 consumption and performance for typical desktop and server 1126 workloads, often saving a level of page table lookups compared 1127 to 4KB pages as well as reducing TLB pressure and overhead of 1128 per-page operations in the kernel at the expense of a larger 1129 page cache. 1130 1131config PAGE_SIZE_32KB 1132 bool "32KiB pages" 1133 depends on HAVE_PAGE_SIZE_32KB 1134 help 1135 Using 32KiB page size will result in slightly higher performance 1136 kernel at the price of higher memory consumption compared to 1137 16KiB pages. This option is available only on cnMIPS cores. 1138 Note that you will need a suitable Linux distribution to 1139 support this. 1140 1141config PAGE_SIZE_64KB 1142 bool "64KiB pages" 1143 depends on HAVE_PAGE_SIZE_64KB 1144 help 1145 Using 64KiB page size will result in slightly higher performance 1146 kernel at the price of much higher memory consumption compared to 1147 4KiB or 16KiB pages. 1148 This is not suitable for general-purpose workloads but the 1149 better performance may be worth the cost for certain types of 1150 supercomputing or database applications that work mostly with 1151 large in-memory data rather than small files. 1152 1153config PAGE_SIZE_256KB 1154 bool "256KiB pages" 1155 depends on HAVE_PAGE_SIZE_256KB 1156 help 1157 256KiB pages have little practical value due to their extreme 1158 memory usage. The kernel will only be able to run applications 1159 that have been compiled with '-zmax-page-size' set to 256KiB 1160 (the default is 64KiB or 4KiB on most architectures). 1161 1162endchoice 1163 1164config PAGE_SIZE_LESS_THAN_64KB 1165 def_bool y 1166 depends on !PAGE_SIZE_64KB 1167 depends on PAGE_SIZE_LESS_THAN_256KB 1168 1169config PAGE_SIZE_LESS_THAN_256KB 1170 def_bool y 1171 depends on !PAGE_SIZE_256KB 1172 1173config PAGE_SHIFT 1174 int 1175 default 12 if PAGE_SIZE_4KB 1176 default 13 if PAGE_SIZE_8KB 1177 default 14 if PAGE_SIZE_16KB 1178 default 15 if PAGE_SIZE_32KB 1179 default 16 if PAGE_SIZE_64KB 1180 default 18 if PAGE_SIZE_256KB 1181 1182# This allows to use a set of generic functions to determine mmap base 1183# address by giving priority to top-down scheme only if the process 1184# is not in legacy mode (compat task, unlimited stack size or 1185# sysctl_legacy_va_layout). 1186# Architecture that selects this option can provide its own version of: 1187# - STACK_RND_MASK 1188config ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT 1189 bool 1190 depends on MMU 1191 select ARCH_HAS_ELF_RANDOMIZE 1192 1193config HAVE_OBJTOOL 1194 bool 1195 1196config HAVE_JUMP_LABEL_HACK 1197 bool 1198 1199config HAVE_NOINSTR_HACK 1200 bool 1201 1202config HAVE_NOINSTR_VALIDATION 1203 bool 1204 1205config HAVE_UACCESS_VALIDATION 1206 bool 1207 select OBJTOOL 1208 1209config HAVE_STACK_VALIDATION 1210 bool 1211 help 1212 Architecture supports objtool compile-time frame pointer rule 1213 validation. 1214 1215config HAVE_RELIABLE_STACKTRACE 1216 bool 1217 help 1218 Architecture has either save_stack_trace_tsk_reliable() or 1219 arch_stack_walk_reliable() function which only returns a stack trace 1220 if it can guarantee the trace is reliable. 1221 1222config HAVE_ARCH_HASH 1223 bool 1224 default n 1225 help 1226 If this is set, the architecture provides an <asm/hash.h> 1227 file which provides platform-specific implementations of some 1228 functions in <linux/hash.h> or fs/namei.c. 1229 1230config HAVE_ARCH_NVRAM_OPS 1231 bool 1232 1233config ISA_BUS_API 1234 def_bool ISA 1235 1236# 1237# ABI hall of shame 1238# 1239config CLONE_BACKWARDS 1240 bool 1241 help 1242 Architecture has tls passed as the 4th argument of clone(2), 1243 not the 5th one. 1244 1245config CLONE_BACKWARDS2 1246 bool 1247 help 1248 Architecture has the first two arguments of clone(2) swapped. 1249 1250config CLONE_BACKWARDS3 1251 bool 1252 help 1253 Architecture has tls passed as the 3rd argument of clone(2), 1254 not the 5th one. 1255 1256config ODD_RT_SIGACTION 1257 bool 1258 help 1259 Architecture has unusual rt_sigaction(2) arguments 1260 1261config OLD_SIGSUSPEND 1262 bool 1263 help 1264 Architecture has old sigsuspend(2) syscall, of one-argument variety 1265 1266config OLD_SIGSUSPEND3 1267 bool 1268 help 1269 Even weirder antique ABI - three-argument sigsuspend(2) 1270 1271config OLD_SIGACTION 1272 bool 1273 help 1274 Architecture has old sigaction(2) syscall. Nope, not the same 1275 as OLD_SIGSUSPEND | OLD_SIGSUSPEND3 - alpha has sigsuspend(2), 1276 but fairly different variant of sigaction(2), thanks to OSF/1 1277 compatibility... 1278 1279config COMPAT_OLD_SIGACTION 1280 bool 1281 1282config COMPAT_32BIT_TIME 1283 bool "Provide system calls for 32-bit time_t" 1284 default !64BIT || COMPAT 1285 help 1286 This enables 32 bit time_t support in addition to 64 bit time_t support. 1287 This is relevant on all 32-bit architectures, and 64-bit architectures 1288 as part of compat syscall handling. 1289 1290config ARCH_NO_PREEMPT 1291 bool 1292 1293config ARCH_SUPPORTS_RT 1294 bool 1295 1296config CPU_NO_EFFICIENT_FFS 1297 def_bool n 1298 1299config HAVE_ARCH_VMAP_STACK 1300 def_bool n 1301 help 1302 An arch should select this symbol if it can support kernel stacks 1303 in vmalloc space. This means: 1304 1305 - vmalloc space must be large enough to hold many kernel stacks. 1306 This may rule out many 32-bit architectures. 1307 1308 - Stacks in vmalloc space need to work reliably. For example, if 1309 vmap page tables are created on demand, either this mechanism 1310 needs to work while the stack points to a virtual address with 1311 unpopulated page tables or arch code (switch_to() and switch_mm(), 1312 most likely) needs to ensure that the stack's page table entries 1313 are populated before running on a possibly unpopulated stack. 1314 1315 - If the stack overflows into a guard page, something reasonable 1316 should happen. The definition of "reasonable" is flexible, but 1317 instantly rebooting without logging anything would be unfriendly. 1318 1319config VMAP_STACK 1320 default y 1321 bool "Use a virtually-mapped stack" 1322 depends on HAVE_ARCH_VMAP_STACK 1323 depends on !KASAN || KASAN_HW_TAGS || KASAN_VMALLOC 1324 help 1325 Enable this if you want the use virtually-mapped kernel stacks 1326 with guard pages. This causes kernel stack overflows to be 1327 caught immediately rather than causing difficult-to-diagnose 1328 corruption. 1329 1330 To use this with software KASAN modes, the architecture must support 1331 backing virtual mappings with real shadow memory, and KASAN_VMALLOC 1332 must be enabled. 1333 1334config HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET 1335 def_bool n 1336 help 1337 An arch should select this symbol if it can support kernel stack 1338 offset randomization with calls to add_random_kstack_offset() 1339 during syscall entry and choose_random_kstack_offset() during 1340 syscall exit. Careful removal of -fstack-protector-strong and 1341 -fstack-protector should also be applied to the entry code and 1342 closely examined, as the artificial stack bump looks like an array 1343 to the compiler, so it will attempt to add canary checks regardless 1344 of the static branch state. 1345 1346config RANDOMIZE_KSTACK_OFFSET 1347 bool "Support for randomizing kernel stack offset on syscall entry" if EXPERT 1348 default y 1349 depends on HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET 1350 depends on INIT_STACK_NONE || !CC_IS_CLANG || CLANG_VERSION >= 140000 1351 help 1352 The kernel stack offset can be randomized (after pt_regs) by 1353 roughly 5 bits of entropy, frustrating memory corruption 1354 attacks that depend on stack address determinism or 1355 cross-syscall address exposures. 1356 1357 The feature is controlled via the "randomize_kstack_offset=on/off" 1358 kernel boot param, and if turned off has zero overhead due to its use 1359 of static branches (see JUMP_LABEL). 1360 1361 If unsure, say Y. 1362 1363config RANDOMIZE_KSTACK_OFFSET_DEFAULT 1364 bool "Default state of kernel stack offset randomization" 1365 depends on RANDOMIZE_KSTACK_OFFSET 1366 help 1367 Kernel stack offset randomization is controlled by kernel boot param 1368 "randomize_kstack_offset=on/off", and this config chooses the default 1369 boot state. 1370 1371config ARCH_OPTIONAL_KERNEL_RWX 1372 def_bool n 1373 1374config ARCH_OPTIONAL_KERNEL_RWX_DEFAULT 1375 def_bool n 1376 1377config ARCH_HAS_STRICT_KERNEL_RWX 1378 def_bool n 1379 1380config STRICT_KERNEL_RWX 1381 bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX 1382 depends on ARCH_HAS_STRICT_KERNEL_RWX 1383 default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT 1384 help 1385 If this is set, kernel text and rodata memory will be made read-only, 1386 and non-text memory will be made non-executable. This provides 1387 protection against certain security exploits (e.g. executing the heap 1388 or modifying text) 1389 1390 These features are considered standard security practice these days. 1391 You should say Y here in almost all cases. 1392 1393config ARCH_HAS_STRICT_MODULE_RWX 1394 def_bool n 1395 1396config STRICT_MODULE_RWX 1397 bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX 1398 depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES 1399 default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT 1400 help 1401 If this is set, module text and rodata memory will be made read-only, 1402 and non-text memory will be made non-executable. This provides 1403 protection against certain security exploits (e.g. writing to text) 1404 1405# select if the architecture provides an asm/dma-direct.h header 1406config ARCH_HAS_PHYS_TO_DMA 1407 bool 1408 1409config HAVE_ARCH_COMPILER_H 1410 bool 1411 help 1412 An architecture can select this if it provides an 1413 asm/compiler.h header that should be included after 1414 linux/compiler-*.h in order to override macro definitions that those 1415 headers generally provide. 1416 1417config HAVE_ARCH_PREL32_RELOCATIONS 1418 bool 1419 help 1420 May be selected by an architecture if it supports place-relative 1421 32-bit relocations, both in the toolchain and in the module loader, 1422 in which case relative references can be used in special sections 1423 for PCI fixup, initcalls etc which are only half the size on 64 bit 1424 architectures, and don't require runtime relocation on relocatable 1425 kernels. 1426 1427config ARCH_USE_MEMREMAP_PROT 1428 bool 1429 1430config LOCK_EVENT_COUNTS 1431 bool "Locking event counts collection" 1432 depends on DEBUG_FS 1433 help 1434 Enable light-weight counting of various locking related events 1435 in the system with minimal performance impact. This reduces 1436 the chance of application behavior change because of timing 1437 differences. The counts are reported via debugfs. 1438 1439# Select if the architecture has support for applying RELR relocations. 1440config ARCH_HAS_RELR 1441 bool 1442 1443config RELR 1444 bool "Use RELR relocation packing" 1445 depends on ARCH_HAS_RELR && TOOLS_SUPPORT_RELR 1446 default y 1447 help 1448 Store the kernel's dynamic relocations in the RELR relocation packing 1449 format. Requires a compatible linker (LLD supports this feature), as 1450 well as compatible NM and OBJCOPY utilities (llvm-nm and llvm-objcopy 1451 are compatible). 1452 1453config ARCH_HAS_MEM_ENCRYPT 1454 bool 1455 1456config ARCH_HAS_CC_PLATFORM 1457 bool 1458 1459config HAVE_SPARSE_SYSCALL_NR 1460 bool 1461 help 1462 An architecture should select this if its syscall numbering is sparse 1463 to save space. For example, MIPS architecture has a syscall array with 1464 entries at 4000, 5000 and 6000 locations. This option turns on syscall 1465 related optimizations for a given architecture. 1466 1467config ARCH_HAS_VDSO_DATA 1468 bool 1469 1470config HAVE_STATIC_CALL 1471 bool 1472 1473config HAVE_STATIC_CALL_INLINE 1474 bool 1475 depends on HAVE_STATIC_CALL 1476 select OBJTOOL 1477 1478config HAVE_PREEMPT_DYNAMIC 1479 bool 1480 1481config HAVE_PREEMPT_DYNAMIC_CALL 1482 bool 1483 depends on HAVE_STATIC_CALL 1484 select HAVE_PREEMPT_DYNAMIC 1485 help 1486 An architecture should select this if it can handle the preemption 1487 model being selected at boot time using static calls. 1488 1489 Where an architecture selects HAVE_STATIC_CALL_INLINE, any call to a 1490 preemption function will be patched directly. 1491 1492 Where an architecture does not select HAVE_STATIC_CALL_INLINE, any 1493 call to a preemption function will go through a trampoline, and the 1494 trampoline will be patched. 1495 1496 It is strongly advised to support inline static call to avoid any 1497 overhead. 1498 1499config HAVE_PREEMPT_DYNAMIC_KEY 1500 bool 1501 depends on HAVE_ARCH_JUMP_LABEL 1502 select HAVE_PREEMPT_DYNAMIC 1503 help 1504 An architecture should select this if it can handle the preemption 1505 model being selected at boot time using static keys. 1506 1507 Each preemption function will be given an early return based on a 1508 static key. This should have slightly lower overhead than non-inline 1509 static calls, as this effectively inlines each trampoline into the 1510 start of its callee. This may avoid redundant work, and may 1511 integrate better with CFI schemes. 1512 1513 This will have greater overhead than using inline static calls as 1514 the call to the preemption function cannot be entirely elided. 1515 1516config ARCH_WANT_LD_ORPHAN_WARN 1517 bool 1518 help 1519 An arch should select this symbol once all linker sections are explicitly 1520 included, size-asserted, or discarded in the linker scripts. This is 1521 important because we never want expected sections to be placed heuristically 1522 by the linker, since the locations of such sections can change between linker 1523 versions. 1524 1525config HAVE_ARCH_PFN_VALID 1526 bool 1527 1528config ARCH_SUPPORTS_DEBUG_PAGEALLOC 1529 bool 1530 1531config ARCH_SUPPORTS_PAGE_TABLE_CHECK 1532 bool 1533 1534config ARCH_SPLIT_ARG64 1535 bool 1536 help 1537 If a 32-bit architecture requires 64-bit arguments to be split into 1538 pairs of 32-bit arguments, select this option. 1539 1540config ARCH_HAS_ELFCORE_COMPAT 1541 bool 1542 1543config ARCH_HAS_PARANOID_L1D_FLUSH 1544 bool 1545 1546config ARCH_HAVE_TRACE_MMIO_ACCESS 1547 bool 1548 1549config DYNAMIC_SIGFRAME 1550 bool 1551 1552# Select, if arch has a named attribute group bound to NUMA device nodes. 1553config HAVE_ARCH_NODE_DEV_GROUP 1554 bool 1555 1556config ARCH_HAS_HW_PTE_YOUNG 1557 bool 1558 help 1559 Architectures that select this option are capable of setting the 1560 accessed bit in PTE entries when using them as part of linear address 1561 translations. Architectures that require runtime check should select 1562 this option and override arch_has_hw_pte_young(). 1563 1564config ARCH_HAS_NONLEAF_PMD_YOUNG 1565 bool 1566 help 1567 Architectures that select this option are capable of setting the 1568 accessed bit in non-leaf PMD entries when using them as part of linear 1569 address translations. Page table walkers that clear the accessed bit 1570 may use this capability to reduce their search space. 1571 1572source "kernel/gcov/Kconfig" 1573 1574source "scripts/gcc-plugins/Kconfig" 1575 1576config FUNCTION_ALIGNMENT_4B 1577 bool 1578 1579config FUNCTION_ALIGNMENT_8B 1580 bool 1581 1582config FUNCTION_ALIGNMENT_16B 1583 bool 1584 1585config FUNCTION_ALIGNMENT_32B 1586 bool 1587 1588config FUNCTION_ALIGNMENT_64B 1589 bool 1590 1591config FUNCTION_ALIGNMENT 1592 int 1593 default 64 if FUNCTION_ALIGNMENT_64B 1594 default 32 if FUNCTION_ALIGNMENT_32B 1595 default 16 if FUNCTION_ALIGNMENT_16B 1596 default 8 if FUNCTION_ALIGNMENT_8B 1597 default 4 if FUNCTION_ALIGNMENT_4B 1598 default 0 1599 1600config CC_HAS_MIN_FUNCTION_ALIGNMENT 1601 # Detect availability of the GCC option -fmin-function-alignment which 1602 # guarantees minimal alignment for all functions, unlike 1603 # -falign-functions which the compiler ignores for cold functions. 1604 def_bool $(cc-option, -fmin-function-alignment=8) 1605 1606config CC_HAS_SANE_FUNCTION_ALIGNMENT 1607 # Set if the guaranteed alignment with -fmin-function-alignment is 1608 # available or extra care is required in the kernel. Clang provides 1609 # strict alignment always, even with -falign-functions. 1610 def_bool CC_HAS_MIN_FUNCTION_ALIGNMENT || CC_IS_CLANG 1611 1612endmenu 1613