1# SPDX-License-Identifier: GPL-2.0 2# Select 32 or 64 bit 3config 64BIT 4 bool "64-bit kernel" if "$(ARCH)" = "x86" 5 default "$(ARCH)" != "i386" 6 help 7 Say yes to build a 64-bit kernel - formerly known as x86_64 8 Say no to build a 32-bit kernel - formerly known as i386 9 10config X86_32 11 def_bool y 12 depends on !64BIT 13 # Options that are inherently 32-bit kernel only: 14 select ARCH_WANT_IPC_PARSE_VERSION 15 select CLKSRC_I8253 16 select CLONE_BACKWARDS 17 select HAVE_DEBUG_STACKOVERFLOW 18 select KMAP_LOCAL 19 select MODULES_USE_ELF_REL 20 select OLD_SIGACTION 21 select ARCH_SPLIT_ARG64 22 23config X86_64 24 def_bool y 25 depends on 64BIT 26 # Options that are inherently 64-bit kernel only: 27 select ARCH_HAS_GIGANTIC_PAGE 28 select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS 29 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 30 select ARCH_SUPPORTS_PER_VMA_LOCK 31 select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE 32 select HAVE_ARCH_SOFT_DIRTY 33 select MODULES_USE_ELF_RELA 34 select NEED_DMA_MAP_STATE 35 select SWIOTLB 36 select ARCH_HAS_ELFCORE_COMPAT 37 select ZONE_DMA32 38 select EXECMEM if DYNAMIC_FTRACE 39 select ACPI_MRRM if ACPI 40 41config FORCE_DYNAMIC_FTRACE 42 def_bool y 43 depends on X86_32 44 depends on FUNCTION_TRACER 45 select DYNAMIC_FTRACE 46 help 47 We keep the static function tracing (!DYNAMIC_FTRACE) around 48 in order to test the non static function tracing in the 49 generic code, as other architectures still use it. But we 50 only need to keep it around for x86_64. No need to keep it 51 for x86_32. For x86_32, force DYNAMIC_FTRACE. 52# 53# Arch settings 54# 55# ( Note that options that are marked 'if X86_64' could in principle be 56# ported to 32-bit as well. ) 57# 58config X86 59 def_bool y 60 # 61 # Note: keep this list sorted alphabetically 62 # 63 select ACPI_LEGACY_TABLES_LOOKUP if ACPI 64 select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI 65 select ACPI_HOTPLUG_CPU if ACPI_PROCESSOR && HOTPLUG_CPU 66 select ARCH_32BIT_OFF_T if X86_32 67 select ARCH_CLOCKSOURCE_INIT 68 select ARCH_CONFIGURES_CPU_MITIGATIONS 69 select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE 70 select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION 71 select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64 72 select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG 73 select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE) 74 select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE 75 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI 76 select ARCH_HAS_CPU_ATTACK_VECTORS if CPU_MITIGATIONS 77 select ARCH_HAS_CACHE_LINE_SIZE 78 select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION 79 select ARCH_HAS_CPU_FINALIZE_INIT 80 select ARCH_HAS_CPU_PASID if IOMMU_SVA 81 select ARCH_HAS_CURRENT_STACK_POINTER 82 select ARCH_HAS_DEBUG_VIRTUAL 83 select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE 84 select ARCH_HAS_DEVMEM_IS_ALLOWED 85 select ARCH_HAS_DMA_OPS if GART_IOMMU || XEN 86 select ARCH_HAS_EARLY_DEBUG if KGDB 87 select ARCH_HAS_ELF_RANDOMIZE 88 select ARCH_HAS_EXECMEM_ROX if X86_64 && STRICT_MODULE_RWX 89 select ARCH_HAS_FAST_MULTIPLIER 90 select ARCH_HAS_FORTIFY_SOURCE 91 select ARCH_HAS_GCOV_PROFILE_ALL 92 select ARCH_HAS_KCOV if X86_64 93 select ARCH_HAS_KERNEL_FPU_SUPPORT 94 select ARCH_HAS_MEM_ENCRYPT 95 select ARCH_HAS_MEMBARRIER_SYNC_CORE 96 select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS 97 select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE 98 select ARCH_HAS_PMEM_API if X86_64 99 select ARCH_HAS_PREEMPT_LAZY 100 select ARCH_HAS_PTDUMP 101 select ARCH_HAS_PTE_SPECIAL 102 select ARCH_HAS_HW_PTE_YOUNG 103 select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2 104 select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64 105 select ARCH_HAS_COPY_MC if X86_64 106 select ARCH_HAS_SET_MEMORY 107 select ARCH_HAS_SET_DIRECT_MAP 108 select ARCH_HAS_STRICT_KERNEL_RWX 109 select ARCH_HAS_STRICT_MODULE_RWX 110 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE 111 select ARCH_HAS_SYSCALL_WRAPPER 112 select ARCH_HAS_UBSAN 113 select ARCH_HAS_DEBUG_WX 114 select ARCH_HAS_ZONE_DMA_SET if EXPERT 115 select ARCH_HAVE_NMI_SAFE_CMPXCHG 116 select ARCH_HAVE_EXTRA_ELF_NOTES 117 select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE 118 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI 119 select ARCH_MIGHT_HAVE_PC_PARPORT 120 select ARCH_MIGHT_HAVE_PC_SERIO 121 select ARCH_STACKWALK 122 select ARCH_SUPPORTS_ACPI 123 select ARCH_SUPPORTS_ATOMIC_RMW 124 select ARCH_SUPPORTS_DEBUG_PAGEALLOC 125 select ARCH_SUPPORTS_HUGETLBFS 126 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64 127 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64 128 select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096 129 select ARCH_SUPPORTS_CFI if X86_64 130 select ARCH_USES_CFI_TRAPS if X86_64 && CFI 131 select ARCH_SUPPORTS_LTO_CLANG 132 select ARCH_SUPPORTS_LTO_CLANG_THIN 133 select ARCH_SUPPORTS_RT 134 select ARCH_SUPPORTS_AUTOFDO_CLANG 135 select ARCH_SUPPORTS_PROPELLER_CLANG if X86_64 136 select ARCH_USE_BUILTIN_BSWAP 137 select ARCH_USE_CMPXCHG_LOCKREF if X86_CX8 138 select ARCH_USE_MEMTEST 139 select ARCH_USE_QUEUED_RWLOCKS 140 select ARCH_USE_QUEUED_SPINLOCKS 141 select ARCH_USE_SYM_ANNOTATIONS 142 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH 143 select ARCH_WANT_DEFAULT_BPF_JIT if X86_64 144 select ARCH_WANTS_DYNAMIC_TASK_STRUCT 145 select ARCH_WANTS_NO_INSTR 146 select ARCH_WANT_GENERAL_HUGETLB 147 select ARCH_WANT_HUGE_PMD_SHARE if X86_64 148 select ARCH_WANT_LD_ORPHAN_WARN 149 select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 150 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64 151 select ARCH_WANT_HUGETLB_VMEMMAP_PREINIT if X86_64 152 select ARCH_WANTS_THP_SWAP if X86_64 153 select ARCH_HAS_PARANOID_L1D_FLUSH 154 select ARCH_WANT_IRQS_OFF_ACTIVATE_MM 155 select BUILDTIME_TABLE_SORT 156 select CLKEVT_I8253 157 select CLOCKSOURCE_WATCHDOG 158 # Word-size accesses may read uninitialized data past the trailing \0 159 # in strings and cause false KMSAN reports. 160 select DCACHE_WORD_ACCESS if !KMSAN 161 select DYNAMIC_SIGFRAME 162 select EDAC_ATOMIC_SCRUB 163 select EDAC_SUPPORT 164 select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC) 165 select GENERIC_CLOCKEVENTS_BROADCAST_IDLE if GENERIC_CLOCKEVENTS_BROADCAST 166 select GENERIC_CLOCKEVENTS_MIN_ADJUST 167 select GENERIC_CMOS_UPDATE 168 select GENERIC_CPU_AUTOPROBE 169 select GENERIC_CPU_DEVICES 170 select GENERIC_CPU_VULNERABILITIES 171 select GENERIC_EARLY_IOREMAP 172 select GENERIC_ENTRY 173 select GENERIC_IOMAP 174 select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP 175 select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC 176 select GENERIC_IRQ_MIGRATION if SMP 177 select GENERIC_IRQ_PROBE 178 select GENERIC_IRQ_RESERVATION_MODE 179 select GENERIC_IRQ_SHOW 180 select GENERIC_PENDING_IRQ if SMP 181 select GENERIC_SMP_IDLE_THREAD 182 select GENERIC_TIME_VSYSCALL 183 select GENERIC_GETTIMEOFDAY 184 select GENERIC_VDSO_OVERFLOW_PROTECT 185 select GUP_GET_PXX_LOW_HIGH if X86_PAE 186 select HARDIRQS_SW_RESEND 187 select HARDLOCKUP_CHECK_TIMESTAMP if X86_64 188 select HAS_IOPORT 189 select HAVE_ACPI_APEI if ACPI 190 select HAVE_ACPI_APEI_NMI if ACPI 191 select HAVE_ALIGNED_STRUCT_PAGE 192 select HAVE_ARCH_AUDITSYSCALL 193 select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE 194 select HAVE_ARCH_HUGE_VMALLOC if X86_64 195 select HAVE_ARCH_JUMP_LABEL 196 select HAVE_ARCH_JUMP_LABEL_RELATIVE 197 select HAVE_ARCH_KASAN if X86_64 198 select HAVE_ARCH_KASAN_VMALLOC if X86_64 199 select HAVE_ARCH_KFENCE 200 select HAVE_ARCH_KMSAN if X86_64 201 select HAVE_ARCH_KGDB 202 select HAVE_ARCH_KSTACK_ERASE 203 select HAVE_ARCH_MMAP_RND_BITS if MMU 204 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT 205 select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT 206 select HAVE_ARCH_PREL32_RELOCATIONS 207 select HAVE_ARCH_SECCOMP_FILTER 208 select HAVE_ARCH_THREAD_STRUCT_WHITELIST 209 select HAVE_ARCH_TRACEHOOK 210 select HAVE_ARCH_TRANSPARENT_HUGEPAGE 211 select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64 212 select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD 213 select HAVE_ARCH_USERFAULTFD_MINOR if X86_64 && USERFAULTFD 214 select HAVE_ARCH_VMAP_STACK if X86_64 215 select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET 216 select HAVE_ARCH_WITHIN_STACK_FRAMES 217 select HAVE_ASM_MODVERSIONS 218 select HAVE_CMPXCHG_DOUBLE 219 select HAVE_CMPXCHG_LOCAL 220 select HAVE_CONTEXT_TRACKING_USER if X86_64 221 select HAVE_CONTEXT_TRACKING_USER_OFFSTACK if HAVE_CONTEXT_TRACKING_USER 222 select HAVE_C_RECORDMCOUNT 223 select HAVE_OBJTOOL_MCOUNT if HAVE_OBJTOOL 224 select HAVE_OBJTOOL_NOP_MCOUNT if HAVE_OBJTOOL_MCOUNT 225 select HAVE_BUILDTIME_MCOUNT_SORT 226 select HAVE_DEBUG_KMEMLEAK 227 select HAVE_DMA_CONTIGUOUS 228 select HAVE_DYNAMIC_FTRACE 229 select HAVE_DYNAMIC_FTRACE_WITH_REGS 230 select HAVE_DYNAMIC_FTRACE_WITH_ARGS if X86_64 231 select HAVE_FTRACE_REGS_HAVING_PT_REGS if X86_64 232 select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS 233 select HAVE_SAMPLE_FTRACE_DIRECT if X86_64 234 select HAVE_SAMPLE_FTRACE_DIRECT_MULTI if X86_64 235 select HAVE_EBPF_JIT 236 select HAVE_EFFICIENT_UNALIGNED_ACCESS 237 select HAVE_EISA if X86_32 238 select HAVE_EXIT_THREAD 239 select HAVE_GENERIC_TIF_BITS 240 select HAVE_GUP_FAST 241 select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE 242 select HAVE_FTRACE_GRAPH_FUNC if HAVE_FUNCTION_GRAPH_TRACER 243 select HAVE_FUNCTION_GRAPH_FREGS if HAVE_FUNCTION_GRAPH_TRACER 244 select HAVE_FUNCTION_GRAPH_TRACER if X86_32 || (X86_64 && DYNAMIC_FTRACE) 245 select HAVE_FUNCTION_TRACER 246 select HAVE_GCC_PLUGINS 247 select HAVE_HW_BREAKPOINT 248 select HAVE_IOREMAP_PROT 249 select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 250 select HAVE_IRQ_TIME_ACCOUNTING 251 select HAVE_JUMP_LABEL_HACK if HAVE_OBJTOOL 252 select HAVE_KERNEL_BZIP2 253 select HAVE_KERNEL_GZIP 254 select HAVE_KERNEL_LZ4 255 select HAVE_KERNEL_LZMA 256 select HAVE_KERNEL_LZO 257 select HAVE_KERNEL_XZ 258 select HAVE_KERNEL_ZSTD 259 select HAVE_KPROBES 260 select HAVE_KPROBES_ON_FTRACE 261 select HAVE_FUNCTION_ERROR_INJECTION 262 select HAVE_KRETPROBES 263 select HAVE_RETHOOK 264 select HAVE_LIVEPATCH if X86_64 265 select HAVE_MIXED_BREAKPOINTS_REGS 266 select HAVE_MOD_ARCH_SPECIFIC 267 select HAVE_MOVE_PMD 268 select HAVE_MOVE_PUD 269 select HAVE_NOINSTR_HACK if HAVE_OBJTOOL 270 select HAVE_NMI 271 select HAVE_NOINSTR_VALIDATION if HAVE_OBJTOOL 272 select HAVE_OBJTOOL if X86_64 273 select HAVE_OPTPROBES 274 select HAVE_PAGE_SIZE_4KB 275 select HAVE_PCSPKR_PLATFORM 276 select HAVE_PERF_EVENTS 277 select HAVE_PERF_EVENTS_NMI 278 select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI 279 select HAVE_PCI 280 select HAVE_PERF_REGS 281 select HAVE_PERF_USER_STACK_DUMP 282 select MMU_GATHER_RCU_TABLE_FREE 283 select MMU_GATHER_MERGE_VMAS 284 select HAVE_POSIX_CPU_TIMERS_TASK_WORK 285 select HAVE_REGS_AND_STACK_ACCESS_API 286 select HAVE_RELIABLE_STACKTRACE if UNWINDER_ORC || STACK_VALIDATION 287 select HAVE_FUNCTION_ARG_ACCESS_API 288 select HAVE_SETUP_PER_CPU_AREA 289 select HAVE_SOFTIRQ_ON_OWN_STACK 290 select HAVE_STACKPROTECTOR 291 select HAVE_STACK_VALIDATION if HAVE_OBJTOOL 292 select HAVE_STATIC_CALL 293 select HAVE_STATIC_CALL_INLINE if HAVE_OBJTOOL 294 select HAVE_PREEMPT_DYNAMIC_CALL 295 select HAVE_RSEQ 296 select HAVE_RUST if X86_64 297 select HAVE_SYSCALL_TRACEPOINTS 298 select HAVE_UACCESS_VALIDATION if HAVE_OBJTOOL 299 select HAVE_UNSTABLE_SCHED_CLOCK 300 select HAVE_USER_RETURN_NOTIFIER 301 select HAVE_GENERIC_VDSO 302 select VDSO_GETRANDOM if X86_64 303 select HOTPLUG_PARALLEL if SMP && X86_64 304 select HOTPLUG_SMT if SMP 305 select HOTPLUG_SPLIT_STARTUP if SMP && X86_32 306 select IRQ_FORCED_THREADING 307 select LOCK_MM_AND_FIND_VMA 308 select NEED_PER_CPU_EMBED_FIRST_CHUNK 309 select NEED_PER_CPU_PAGE_FIRST_CHUNK 310 select NEED_SG_DMA_LENGTH 311 select NUMA_MEMBLKS if NUMA 312 select PCI_DOMAINS if PCI 313 select PCI_LOCKLESS_CONFIG if PCI 314 select PERF_EVENTS 315 select RTC_LIB 316 select RTC_MC146818_LIB 317 select SPARSE_IRQ 318 select SYSCTL_EXCEPTION_TRACE 319 select THREAD_INFO_IN_TASK 320 select TRACE_IRQFLAGS_SUPPORT 321 select TRACE_IRQFLAGS_NMI_SUPPORT 322 select USER_STACKTRACE_SUPPORT 323 select HAVE_ARCH_KCSAN if X86_64 324 select PROC_PID_ARCH_STATUS if PROC_FS 325 select HAVE_ARCH_NODE_DEV_GROUP if X86_SGX 326 select FUNCTION_ALIGNMENT_16B if X86_64 || X86_ALIGNMENT_16 327 select FUNCTION_ALIGNMENT_4B 328 imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI 329 select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE 330 select ARCH_SUPPORTS_PT_RECLAIM if X86_64 331 select ARCH_SUPPORTS_SCHED_SMT if SMP 332 select SCHED_SMT if SMP 333 select ARCH_SUPPORTS_SCHED_CLUSTER if SMP 334 select ARCH_SUPPORTS_SCHED_MC if SMP 335 336config INSTRUCTION_DECODER 337 def_bool y 338 depends on KPROBES || PERF_EVENTS || UPROBES 339 340config OUTPUT_FORMAT 341 string 342 default "elf32-i386" if X86_32 343 default "elf64-x86-64" if X86_64 344 345config LOCKDEP_SUPPORT 346 def_bool y 347 348config STACKTRACE_SUPPORT 349 def_bool y 350 351config MMU 352 def_bool y 353 354config ARCH_MMAP_RND_BITS_MIN 355 default 28 if 64BIT 356 default 8 357 358config ARCH_MMAP_RND_BITS_MAX 359 default 32 if 64BIT 360 default 16 361 362config ARCH_MMAP_RND_COMPAT_BITS_MIN 363 default 8 364 365config ARCH_MMAP_RND_COMPAT_BITS_MAX 366 default 16 367 368config SBUS 369 bool 370 371config GENERIC_ISA_DMA 372 def_bool y 373 depends on ISA_DMA_API 374 375config GENERIC_CSUM 376 bool 377 default y if KMSAN || KASAN 378 379config GENERIC_BUG 380 def_bool y 381 depends on BUG 382 select GENERIC_BUG_RELATIVE_POINTERS if X86_64 383 384config GENERIC_BUG_RELATIVE_POINTERS 385 bool 386 387config ARCH_MAY_HAVE_PC_FDC 388 def_bool y 389 depends on ISA_DMA_API 390 391config GENERIC_CALIBRATE_DELAY 392 def_bool y 393 394config ARCH_HAS_CPU_RELAX 395 def_bool y 396 397config ARCH_HIBERNATION_POSSIBLE 398 def_bool y 399 400config ARCH_SUSPEND_POSSIBLE 401 def_bool y 402 403config AUDIT_ARCH 404 def_bool y if X86_64 405 406config KASAN_SHADOW_OFFSET 407 hex 408 depends on KASAN 409 default 0xdffffc0000000000 410 411config HAVE_INTEL_TXT 412 def_bool y 413 depends on INTEL_IOMMU && ACPI 414 415config X86_64_SMP 416 def_bool y 417 depends on X86_64 && SMP 418 419config ARCH_SUPPORTS_UPROBES 420 def_bool y 421 422config FIX_EARLYCON_MEM 423 def_bool y 424 425config DYNAMIC_PHYSICAL_MASK 426 bool 427 428config PGTABLE_LEVELS 429 int 430 default 5 if X86_64 431 default 3 if X86_PAE 432 default 2 433 434menu "Processor type and features" 435 436config SMP 437 bool "Symmetric multi-processing support" 438 help 439 This enables support for systems with more than one CPU. If you have 440 a system with only one CPU, say N. If you have a system with more 441 than one CPU, say Y. 442 443 If you say N here, the kernel will run on uni- and multiprocessor 444 machines, but will use only one CPU of a multiprocessor machine. If 445 you say Y here, the kernel will run on many, but not all, 446 uniprocessor machines. On a uniprocessor machine, the kernel 447 will run faster if you say N here. 448 449 Note that if you say Y here and choose architecture "586" or 450 "Pentium" under "Processor family", the kernel will not work on 486 451 architectures. Similarly, multiprocessor kernels for the "PPro" 452 architecture may not work on all Pentium based boards. 453 454 People using multiprocessor machines who say Y here should also say 455 Y to "Enhanced Real Time Clock Support", below. The "Advanced Power 456 Management" code will be disabled if you say Y here. 457 458 See also <file:Documentation/arch/x86/i386/IO-APIC.rst>, 459 <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at 460 <http://www.tldp.org/docs.html#howto>. 461 462 If you don't know what to do here, say N. 463 464config X86_X2APIC 465 bool "x2APIC interrupt controller architecture support" 466 depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST) 467 default y 468 help 469 x2APIC is an interrupt controller architecture, a component of which 470 (the local APIC) is present in the CPU. It allows faster access to 471 the local APIC and supports a larger number of CPUs in the system 472 than the predecessors. 473 474 x2APIC was introduced in Intel CPUs around 2008 and in AMD EPYC CPUs 475 in 2019, but it can be disabled by the BIOS. It is also frequently 476 emulated in virtual machines, even when the host CPU does not support 477 it. Support in the CPU can be checked by executing 478 grep x2apic /proc/cpuinfo 479 480 If this configuration option is disabled, the kernel will boot with 481 very reduced functionality and performance on some platforms that 482 have x2APIC enabled. On the other hand, on hardware that does not 483 support x2APIC, a kernel with this option enabled will just fallback 484 to older APIC implementations. 485 486 If in doubt, say Y. 487 488config AMD_SECURE_AVIC 489 bool "AMD Secure AVIC" 490 depends on AMD_MEM_ENCRYPT && X86_X2APIC 491 help 492 Enable this to get AMD Secure AVIC support on guests that have this feature. 493 494 AMD Secure AVIC provides hardware acceleration for performance sensitive 495 APIC accesses and support for managing guest owned APIC state for SEV-SNP 496 guests. Secure AVIC does not support xAPIC mode. It has functional 497 dependency on x2apic being enabled in the guest. 498 499 If you don't know what to do here, say N. 500 501config X86_POSTED_MSI 502 bool "Enable MSI and MSI-x delivery by posted interrupts" 503 depends on X86_64 && IRQ_REMAP 504 help 505 This enables MSIs that are under interrupt remapping to be delivered as 506 posted interrupts to the host kernel. Interrupt throughput can 507 potentially be improved by coalescing CPU notifications during high 508 frequency bursts. 509 510 If you don't know what to do here, say N. 511 512config X86_MPPARSE 513 bool "Enable MPS table" if ACPI 514 default y 515 depends on X86_LOCAL_APIC 516 help 517 For old smp systems that do not have proper acpi support. Newer systems 518 (esp with 64bit cpus) with acpi support, MADT and DSDT will override it 519 520config X86_CPU_RESCTRL 521 bool "x86 CPU resource control support" 522 depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD) 523 depends on MISC_FILESYSTEMS 524 select ARCH_HAS_CPU_RESCTRL 525 select RESCTRL_FS 526 select RESCTRL_FS_PSEUDO_LOCK 527 help 528 Enable x86 CPU resource control support. 529 530 Provide support for the allocation and monitoring of system resources 531 usage by the CPU. 532 533 Intel calls this Intel Resource Director Technology 534 (Intel(R) RDT). More information about RDT can be found in the 535 Intel x86 Architecture Software Developer Manual. 536 537 AMD calls this AMD Platform Quality of Service (AMD QoS). 538 More information about AMD QoS can be found in the AMD64 Technology 539 Platform Quality of Service Extensions manual. 540 541 Say N if unsure. 542 543config X86_FRED 544 bool "Flexible Return and Event Delivery" 545 depends on X86_64 546 help 547 When enabled, try to use Flexible Return and Event Delivery 548 instead of the legacy SYSCALL/SYSENTER/IDT architecture for 549 ring transitions and exception/interrupt handling if the 550 system supports it. 551 552config X86_EXTENDED_PLATFORM 553 bool "Support for extended (non-PC) x86 platforms" 554 default y 555 help 556 If you disable this option then the kernel will only support 557 standard PC platforms. (which covers the vast majority of 558 systems out there.) 559 560 If you enable this option then you'll be able to select support 561 for the following non-PC x86 platforms, depending on the value of 562 CONFIG_64BIT. 563 564 32-bit platforms (CONFIG_64BIT=n): 565 Goldfish (mostly Android emulator) 566 Intel CE media processor (CE4100) SoC 567 Intel Quark 568 RDC R-321x SoC 569 570 64-bit platforms (CONFIG_64BIT=y): 571 Numascale NumaChip 572 ScaleMP vSMP 573 SGI Ultraviolet 574 Merrifield/Moorefield MID devices 575 Goldfish (mostly Android emulator) 576 577 If you have one of these systems, or if you want to build a 578 generic distribution kernel, say Y here - otherwise say N. 579 580# This is an alphabetically sorted list of 64 bit extended platforms 581# Please maintain the alphabetic order if and when there are additions 582config X86_NUMACHIP 583 bool "Numascale NumaChip" 584 depends on X86_64 585 depends on X86_EXTENDED_PLATFORM 586 depends on NUMA 587 depends on SMP 588 depends on X86_X2APIC 589 depends on PCI_MMCONFIG 590 help 591 Adds support for Numascale NumaChip large-SMP systems. Needed to 592 enable more than ~168 cores. 593 If you don't have one of these, you should say N here. 594 595config X86_VSMP 596 bool "ScaleMP vSMP" 597 select HYPERVISOR_GUEST 598 select PARAVIRT 599 depends on X86_64 && PCI 600 depends on X86_EXTENDED_PLATFORM 601 depends on SMP 602 help 603 Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is 604 supposed to run on these EM64T-based machines. Only choose this option 605 if you have one of these machines. 606 607config X86_UV 608 bool "SGI Ultraviolet" 609 depends on X86_64 610 depends on X86_EXTENDED_PLATFORM 611 depends on NUMA 612 depends on EFI 613 depends on KEXEC_CORE 614 depends on X86_X2APIC 615 depends on PCI 616 help 617 This option is needed in order to support SGI Ultraviolet systems. 618 If you don't have one of these, you should say N here. 619 620config X86_INTEL_MID 621 bool "Intel Z34xx/Z35xx MID platform support" 622 depends on X86_EXTENDED_PLATFORM 623 depends on X86_PLATFORM_DEVICES 624 depends on PCI 625 depends on X86_64 || (EXPERT && PCI_GOANY) 626 depends on X86_IO_APIC 627 select I2C 628 select DW_APB_TIMER 629 select INTEL_SCU_PCI 630 help 631 Select to build a kernel capable of supporting 64-bit Intel MID 632 (Mobile Internet Device) platform systems which do not have 633 the PCI legacy interfaces. 634 635 The only supported devices are the 22nm Merrified (Z34xx) 636 and Moorefield (Z35xx) SoC used in the Intel Edison board and 637 a small number of Android devices such as the Asus Zenfone 2, 638 Asus FonePad 8 and Dell Venue 7. 639 640 If you are building for a PC class system or non-MID tablet 641 SoCs like Bay Trail (Z36xx/Z37xx), say N here. 642 643 Intel MID platforms are based on an Intel processor and chipset which 644 consume less power than most of the x86 derivatives. 645 646config X86_GOLDFISH 647 bool "Goldfish (Virtual Platform)" 648 depends on X86_EXTENDED_PLATFORM 649 help 650 Enable support for the Goldfish virtual platform used primarily 651 for Android development. Unless you are building for the Android 652 Goldfish emulator say N here. 653 654# Following is an alphabetically sorted list of 32 bit extended platforms 655# Please maintain the alphabetic order if and when there are additions 656 657config X86_INTEL_CE 658 bool "CE4100 TV platform" 659 depends on PCI 660 depends on PCI_GODIRECT 661 depends on X86_IO_APIC 662 depends on X86_32 663 depends on X86_EXTENDED_PLATFORM 664 select X86_REBOOTFIXUPS 665 select OF 666 select OF_EARLY_FLATTREE 667 help 668 Select for the Intel CE media processor (CE4100) SOC. 669 This option compiles in support for the CE4100 SOC for settop 670 boxes and media devices. 671 672config X86_INTEL_QUARK 673 bool "Intel Quark platform support" 674 depends on X86_32 675 depends on X86_EXTENDED_PLATFORM 676 depends on X86_PLATFORM_DEVICES 677 depends on X86_TSC 678 depends on PCI 679 depends on PCI_GOANY 680 depends on X86_IO_APIC 681 select IOSF_MBI 682 select INTEL_IMR 683 select COMMON_CLK 684 help 685 Select to include support for Quark X1000 SoC. 686 Say Y here if you have a Quark based system such as the Arduino 687 compatible Intel Galileo. 688 689config X86_RDC321X 690 bool "RDC R-321x SoC" 691 depends on X86_32 692 depends on X86_EXTENDED_PLATFORM 693 select M486 694 select X86_REBOOTFIXUPS 695 help 696 This option is needed for RDC R-321x system-on-chip, also known 697 as R-8610-(G). 698 If you don't have one of these chips, you should say N here. 699 700config X86_INTEL_LPSS 701 bool "Intel Low Power Subsystem Support" 702 depends on X86 && ACPI && PCI 703 select COMMON_CLK 704 select PINCTRL 705 select IOSF_MBI 706 help 707 Select to build support for Intel Low Power Subsystem such as 708 found on Intel Lynxpoint PCH. Selecting this option enables 709 things like clock tree (common clock framework) and pincontrol 710 which are needed by the LPSS peripheral drivers. 711 712config X86_AMD_PLATFORM_DEVICE 713 bool "AMD ACPI2Platform devices support" 714 depends on ACPI 715 select COMMON_CLK 716 select PINCTRL 717 help 718 Select to interpret AMD specific ACPI device to platform device 719 such as I2C, UART, GPIO found on AMD Carrizo and later chipsets. 720 I2C and UART depend on COMMON_CLK to set clock. GPIO driver is 721 implemented under PINCTRL subsystem. 722 723config IOSF_MBI 724 tristate "Intel SoC IOSF Sideband support for SoC platforms" 725 depends on PCI 726 help 727 This option enables sideband register access support for Intel SoC 728 platforms. On these platforms the IOSF sideband is used in lieu of 729 MSR's for some register accesses, mostly but not limited to thermal 730 and power. Drivers may query the availability of this device to 731 determine if they need the sideband in order to work on these 732 platforms. The sideband is available on the following SoC products. 733 This list is not meant to be exclusive. 734 - BayTrail 735 - Braswell 736 - Quark 737 738 You should say Y if you are running a kernel on one of these SoC's. 739 740config IOSF_MBI_DEBUG 741 bool "Enable IOSF sideband access through debugfs" 742 depends on IOSF_MBI && DEBUG_FS 743 help 744 Select this option to expose the IOSF sideband access registers (MCR, 745 MDR, MCRX) through debugfs to write and read register information from 746 different units on the SoC. This is most useful for obtaining device 747 state information for debug and analysis. As this is a general access 748 mechanism, users of this option would have specific knowledge of the 749 device they want to access. 750 751 If you don't require the option or are in doubt, say N. 752 753config X86_SUPPORTS_MEMORY_FAILURE 754 def_bool y 755 # MCE code calls memory_failure(): 756 depends on X86_MCE 757 # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags: 758 # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH: 759 depends on X86_64 || !SPARSEMEM 760 select ARCH_SUPPORTS_MEMORY_FAILURE 761 762config X86_32_IRIS 763 tristate "Eurobraille/Iris poweroff module" 764 depends on X86_32 765 help 766 The Iris machines from EuroBraille do not have APM or ACPI support 767 to shut themselves down properly. A special I/O sequence is 768 needed to do so, which is what this module does at 769 kernel shutdown. 770 771 This is only for Iris machines from EuroBraille. 772 773 If unused, say N. 774 775config SCHED_OMIT_FRAME_POINTER 776 def_bool y 777 prompt "Single-depth WCHAN output" 778 depends on X86 779 help 780 Calculate simpler /proc/<PID>/wchan values. If this option 781 is disabled then wchan values will recurse back to the 782 caller function. This provides more accurate wchan values, 783 at the expense of slightly more scheduling overhead. 784 785 If in doubt, say "Y". 786 787menuconfig HYPERVISOR_GUEST 788 bool "Linux guest support" 789 help 790 Say Y here to enable options for running Linux under various hyper- 791 visors. This option enables basic hypervisor detection and platform 792 setup. 793 794 If you say N, all options in this submenu will be skipped and 795 disabled, and Linux guest support won't be built in. 796 797if HYPERVISOR_GUEST 798 799config PARAVIRT 800 bool "Enable paravirtualization code" 801 depends on HAVE_STATIC_CALL 802 help 803 This changes the kernel so it can modify itself when it is run 804 under a hypervisor, potentially improving performance significantly 805 over full virtualization. However, when run without a hypervisor 806 the kernel is theoretically slower and slightly larger. 807 808config PARAVIRT_XXL 809 bool 810 depends on X86_64 811 812config PARAVIRT_DEBUG 813 bool "paravirt-ops debugging" 814 depends on PARAVIRT && DEBUG_KERNEL 815 help 816 Enable to debug paravirt_ops internals. Specifically, BUG if 817 a paravirt_op is missing when it is called. 818 819config PARAVIRT_SPINLOCKS 820 bool "Paravirtualization layer for spinlocks" 821 depends on PARAVIRT && SMP 822 help 823 Paravirtualized spinlocks allow a pvops backend to replace the 824 spinlock implementation with something virtualization-friendly 825 (for example, block the virtual CPU rather than spinning). 826 827 It has a minimal impact on native kernels and gives a nice performance 828 benefit on paravirtualized KVM / Xen kernels. 829 830 If you are unsure how to answer this question, answer Y. 831 832config X86_HV_CALLBACK_VECTOR 833 def_bool n 834 835source "arch/x86/xen/Kconfig" 836 837config KVM_GUEST 838 bool "KVM Guest support (including kvmclock)" 839 depends on PARAVIRT 840 select PARAVIRT_CLOCK 841 select ARCH_CPUIDLE_HALTPOLL 842 select X86_HV_CALLBACK_VECTOR 843 default y 844 help 845 This option enables various optimizations for running under the KVM 846 hypervisor. It includes a paravirtualized clock, so that instead 847 of relying on a PIT (or probably other) emulation by the 848 underlying device model, the host provides the guest with 849 timing infrastructure such as time of day, and system time 850 851config ARCH_CPUIDLE_HALTPOLL 852 def_bool n 853 prompt "Disable host haltpoll when loading haltpoll driver" 854 help 855 If virtualized under KVM, disable host haltpoll. 856 857config PVH 858 bool "Support for running PVH guests" 859 help 860 This option enables the PVH entry point for guest virtual machines 861 as specified in the x86/HVM direct boot ABI. 862 863config PARAVIRT_TIME_ACCOUNTING 864 bool "Paravirtual steal time accounting" 865 depends on PARAVIRT 866 help 867 Select this option to enable fine granularity task steal time 868 accounting. Time spent executing other tasks in parallel with 869 the current vCPU is discounted from the vCPU power. To account for 870 that, there can be a small performance impact. 871 872 If in doubt, say N here. 873 874config PARAVIRT_CLOCK 875 bool 876 877config JAILHOUSE_GUEST 878 bool "Jailhouse non-root cell support" 879 depends on X86_64 && PCI 880 select X86_PM_TIMER 881 help 882 This option allows to run Linux as guest in a Jailhouse non-root 883 cell. You can leave this option disabled if you only want to start 884 Jailhouse and run Linux afterwards in the root cell. 885 886config ACRN_GUEST 887 bool "ACRN Guest support" 888 depends on X86_64 889 select X86_HV_CALLBACK_VECTOR 890 help 891 This option allows to run Linux as guest in the ACRN hypervisor. ACRN is 892 a flexible, lightweight reference open-source hypervisor, built with 893 real-time and safety-criticality in mind. It is built for embedded 894 IOT with small footprint and real-time features. More details can be 895 found in https://projectacrn.org/. 896 897config BHYVE_GUEST 898 bool "Bhyve (BSD Hypervisor) Guest support" 899 depends on X86_64 900 help 901 This option allows to run Linux to recognise when it is running as a 902 guest in the Bhyve hypervisor, and to support more than 255 vCPUs when 903 when doing so. More details about Bhyve can be found at https://bhyve.org 904 and https://wiki.freebsd.org/bhyve/. 905 906config INTEL_TDX_GUEST 907 bool "Intel TDX (Trust Domain Extensions) - Guest Support" 908 depends on X86_64 && CPU_SUP_INTEL 909 depends on X86_X2APIC 910 depends on EFI_STUB 911 depends on PARAVIRT 912 select ARCH_HAS_CC_PLATFORM 913 select X86_MEM_ENCRYPT 914 select X86_MCE 915 select UNACCEPTED_MEMORY 916 help 917 Support running as a guest under Intel TDX. Without this support, 918 the guest kernel can not boot or run under TDX. 919 TDX includes memory encryption and integrity capabilities 920 which protect the confidentiality and integrity of guest 921 memory contents and CPU state. TDX guests are protected from 922 some attacks from the VMM. 923 924endif # HYPERVISOR_GUEST 925 926source "arch/x86/Kconfig.cpu" 927 928config HPET_TIMER 929 def_bool X86_64 930 prompt "HPET Timer Support" if X86_32 931 help 932 Use the IA-PC HPET (High Precision Event Timer) to manage 933 time in preference to the PIT and RTC, if a HPET is 934 present. 935 HPET is the next generation timer replacing legacy 8254s. 936 The HPET provides a stable time base on SMP 937 systems, unlike the TSC, but it is more expensive to access, 938 as it is off-chip. The interface used is documented 939 in the HPET spec, revision 1. 940 941 You can safely choose Y here. However, HPET will only be 942 activated if the platform and the BIOS support this feature. 943 Otherwise the 8254 will be used for timing services. 944 945 Choose N to continue using the legacy 8254 timer. 946 947config HPET_EMULATE_RTC 948 def_bool y 949 depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y) 950 951# Mark as expert because too many people got it wrong. 952# The code disables itself when not needed. 953config DMI 954 default y 955 select DMI_SCAN_MACHINE_NON_EFI_FALLBACK 956 bool "Enable DMI scanning" if EXPERT 957 help 958 Enabled scanning of DMI to identify machine quirks. Say Y 959 here unless you have verified that your setup is not 960 affected by entries in the DMI blacklist. Required by PNP 961 BIOS code. 962 963config GART_IOMMU 964 bool "Old AMD GART IOMMU support" 965 select IOMMU_HELPER 966 select SWIOTLB 967 depends on X86_64 && PCI && AMD_NB 968 help 969 Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron 970 GART based hardware IOMMUs. 971 972 The GART supports full DMA access for devices with 32-bit access 973 limitations, on systems with more than 3 GB. This is usually needed 974 for USB, sound, many IDE/SATA chipsets and some other devices. 975 976 Newer systems typically have a modern AMD IOMMU, supported via 977 the CONFIG_AMD_IOMMU=y config option. 978 979 In normal configurations this driver is only active when needed: 980 there's more than 3 GB of memory and the system contains a 981 32-bit limited device. 982 983 If unsure, say Y. 984 985config BOOT_VESA_SUPPORT 986 bool 987 help 988 If true, at least one selected framebuffer driver can take advantage 989 of VESA video modes set at an early boot stage via the vga= parameter. 990 991config MAXSMP 992 bool "Enable Maximum number of SMP Processors and NUMA Nodes" 993 depends on X86_64 && SMP && DEBUG_KERNEL 994 select CPUMASK_OFFSTACK 995 help 996 Enable maximum number of CPUS and NUMA Nodes for this architecture. 997 If unsure, say N. 998 999# 1000# The maximum number of CPUs supported: 1001# 1002# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT, 1003# and which can be configured interactively in the 1004# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range. 1005# 1006# The ranges are different on 32-bit and 64-bit kernels, depending on 1007# hardware capabilities and scalability features of the kernel. 1008# 1009# ( If MAXSMP is enabled we just use the highest possible value and disable 1010# interactive configuration. ) 1011# 1012 1013config NR_CPUS_RANGE_BEGIN 1014 int 1015 default NR_CPUS_RANGE_END if MAXSMP 1016 default 1 if !SMP 1017 default 2 1018 1019config NR_CPUS_RANGE_END 1020 int 1021 depends on X86_32 1022 default 8 if SMP 1023 default 1 if !SMP 1024 1025config NR_CPUS_RANGE_END 1026 int 1027 depends on X86_64 1028 default 8192 if SMP && CPUMASK_OFFSTACK 1029 default 512 if SMP && !CPUMASK_OFFSTACK 1030 default 1 if !SMP 1031 1032config NR_CPUS_DEFAULT 1033 int 1034 depends on X86_32 1035 default 8 if SMP 1036 default 1 if !SMP 1037 1038config NR_CPUS_DEFAULT 1039 int 1040 depends on X86_64 1041 default 8192 if MAXSMP 1042 default 64 if SMP 1043 default 1 if !SMP 1044 1045config NR_CPUS 1046 int "Maximum number of CPUs" if SMP && !MAXSMP 1047 range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END 1048 default NR_CPUS_DEFAULT 1049 help 1050 This allows you to specify the maximum number of CPUs which this 1051 kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum 1052 supported value is 8192, otherwise the maximum value is 512. The 1053 minimum value which makes sense is 2. 1054 1055 This is purely to save memory: each supported CPU adds about 8KB 1056 to the kernel image. 1057 1058config SCHED_MC_PRIO 1059 bool "CPU core priorities scheduler support" 1060 depends on SCHED_MC 1061 select X86_INTEL_PSTATE if CPU_SUP_INTEL 1062 select X86_AMD_PSTATE if CPU_SUP_AMD && ACPI 1063 select CPU_FREQ 1064 default y 1065 help 1066 Intel Turbo Boost Max Technology 3.0 enabled CPUs have a 1067 core ordering determined at manufacturing time, which allows 1068 certain cores to reach higher turbo frequencies (when running 1069 single threaded workloads) than others. 1070 1071 Enabling this kernel feature teaches the scheduler about 1072 the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the 1073 scheduler's CPU selection logic accordingly, so that higher 1074 overall system performance can be achieved. 1075 1076 This feature will have no effect on CPUs without this feature. 1077 1078 If unsure say Y here. 1079 1080config UP_LATE_INIT 1081 def_bool y 1082 depends on !SMP && X86_LOCAL_APIC 1083 1084config X86_UP_APIC 1085 bool "Local APIC support on uniprocessors" if !PCI_MSI 1086 default PCI_MSI 1087 depends on X86_32 && !SMP 1088 help 1089 A local APIC (Advanced Programmable Interrupt Controller) is an 1090 integrated interrupt controller in the CPU. If you have a single-CPU 1091 system which has a processor with a local APIC, you can say Y here to 1092 enable and use it. If you say Y here even though your machine doesn't 1093 have a local APIC, then the kernel will still run with no slowdown at 1094 all. The local APIC supports CPU-generated self-interrupts (timer, 1095 performance counters), and the NMI watchdog which detects hard 1096 lockups. 1097 1098config X86_UP_IOAPIC 1099 bool "IO-APIC support on uniprocessors" 1100 depends on X86_UP_APIC 1101 help 1102 An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an 1103 SMP-capable replacement for PC-style interrupt controllers. Most 1104 SMP systems and many recent uniprocessor systems have one. 1105 1106 If you have a single-CPU system with an IO-APIC, you can say Y here 1107 to use it. If you say Y here even though your machine doesn't have 1108 an IO-APIC, then the kernel will still run with no slowdown at all. 1109 1110config X86_LOCAL_APIC 1111 def_bool y 1112 depends on X86_64 || SMP || X86_UP_APIC || PCI_MSI 1113 select IRQ_DOMAIN_HIERARCHY 1114 1115config ACPI_MADT_WAKEUP 1116 def_bool y 1117 depends on X86_64 1118 depends on ACPI 1119 depends on SMP 1120 depends on X86_LOCAL_APIC 1121 1122config X86_IO_APIC 1123 def_bool y 1124 depends on X86_LOCAL_APIC || X86_UP_IOAPIC 1125 1126config X86_REROUTE_FOR_BROKEN_BOOT_IRQS 1127 bool "Reroute for broken boot IRQs" 1128 depends on X86_IO_APIC 1129 help 1130 This option enables a workaround that fixes a source of 1131 spurious interrupts. This is recommended when threaded 1132 interrupt handling is used on systems where the generation of 1133 superfluous "boot interrupts" cannot be disabled. 1134 1135 Some chipsets generate a legacy INTx "boot IRQ" when the IRQ 1136 entry in the chipset's IO-APIC is masked (as, e.g. the RT 1137 kernel does during interrupt handling). On chipsets where this 1138 boot IRQ generation cannot be disabled, this workaround keeps 1139 the original IRQ line masked so that only the equivalent "boot 1140 IRQ" is delivered to the CPUs. The workaround also tells the 1141 kernel to set up the IRQ handler on the boot IRQ line. In this 1142 way only one interrupt is delivered to the kernel. Otherwise 1143 the spurious second interrupt may cause the kernel to bring 1144 down (vital) interrupt lines. 1145 1146 Only affects "broken" chipsets. Interrupt sharing may be 1147 increased on these systems. 1148 1149config X86_MCE 1150 bool "Machine Check / overheating reporting" 1151 select GENERIC_ALLOCATOR 1152 default y 1153 help 1154 Machine Check support allows the processor to notify the 1155 kernel if it detects a problem (e.g. overheating, data corruption). 1156 The action the kernel takes depends on the severity of the problem, 1157 ranging from warning messages to halting the machine. 1158 1159config X86_MCELOG_LEGACY 1160 bool "Support for deprecated /dev/mcelog character device" 1161 depends on X86_MCE 1162 help 1163 Enable support for /dev/mcelog which is needed by the old mcelog 1164 userspace logging daemon. Consider switching to the new generation 1165 rasdaemon solution. 1166 1167config X86_MCE_INTEL 1168 def_bool y 1169 prompt "Intel MCE features" 1170 depends on X86_MCE && X86_LOCAL_APIC 1171 help 1172 Additional support for intel specific MCE features such as 1173 the thermal monitor. 1174 1175config X86_MCE_AMD 1176 def_bool y 1177 prompt "AMD MCE features" 1178 depends on X86_MCE && X86_LOCAL_APIC 1179 help 1180 Additional support for AMD specific MCE features such as 1181 the DRAM Error Threshold. 1182 1183config X86_ANCIENT_MCE 1184 bool "Support for old Pentium 5 / WinChip machine checks" 1185 depends on X86_32 && X86_MCE 1186 help 1187 Include support for machine check handling on old Pentium 5 or WinChip 1188 systems. These typically need to be enabled explicitly on the command 1189 line. 1190 1191config X86_MCE_THRESHOLD 1192 depends on X86_MCE_AMD || X86_MCE_INTEL 1193 def_bool y 1194 1195config X86_MCE_INJECT 1196 depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS 1197 tristate "Machine check injector support" 1198 help 1199 Provide support for injecting machine checks for testing purposes. 1200 If you don't know what a machine check is and you don't do kernel 1201 QA it is safe to say n. 1202 1203source "arch/x86/events/Kconfig" 1204 1205config X86_LEGACY_VM86 1206 bool "Legacy VM86 support" 1207 depends on X86_32 1208 help 1209 This option allows user programs to put the CPU into V8086 1210 mode, which is an 80286-era approximation of 16-bit real mode. 1211 1212 Some very old versions of X and/or vbetool require this option 1213 for user mode setting. Similarly, DOSEMU will use it if 1214 available to accelerate real mode DOS programs. However, any 1215 recent version of DOSEMU, X, or vbetool should be fully 1216 functional even without kernel VM86 support, as they will all 1217 fall back to software emulation. Nevertheless, if you are using 1218 a 16-bit DOS program where 16-bit performance matters, vm86 1219 mode might be faster than emulation and you might want to 1220 enable this option. 1221 1222 Note that any app that works on a 64-bit kernel is unlikely to 1223 need this option, as 64-bit kernels don't, and can't, support 1224 V8086 mode. This option is also unrelated to 16-bit protected 1225 mode and is not needed to run most 16-bit programs under Wine. 1226 1227 Enabling this option increases the complexity of the kernel 1228 and slows down exception handling a tiny bit. 1229 1230 If unsure, say N here. 1231 1232config VM86 1233 bool 1234 default X86_LEGACY_VM86 1235 1236config X86_16BIT 1237 bool "Enable support for 16-bit segments" if EXPERT 1238 default y 1239 depends on MODIFY_LDT_SYSCALL 1240 help 1241 This option is required by programs like Wine to run 16-bit 1242 protected mode legacy code on x86 processors. Disabling 1243 this option saves about 300 bytes on i386, or around 6K text 1244 plus 16K runtime memory on x86-64, 1245 1246config X86_ESPFIX32 1247 def_bool y 1248 depends on X86_16BIT && X86_32 1249 1250config X86_ESPFIX64 1251 def_bool y 1252 depends on X86_16BIT && X86_64 1253 1254config X86_VSYSCALL_EMULATION 1255 bool "Enable vsyscall emulation" if EXPERT 1256 default y 1257 depends on X86_64 1258 help 1259 This enables emulation of the legacy vsyscall page. Disabling 1260 it is roughly equivalent to booting with vsyscall=none, except 1261 that it will also disable the helpful warning if a program 1262 tries to use a vsyscall. With this option set to N, offending 1263 programs will just segfault, citing addresses of the form 1264 0xffffffffff600?00. 1265 1266 This option is required by many programs built before 2013, and 1267 care should be used even with newer programs if set to N. 1268 1269 Disabling this option saves about 7K of kernel size and 1270 possibly 4K of additional runtime pagetable memory. 1271 1272config X86_IOPL_IOPERM 1273 bool "IOPERM and IOPL Emulation" 1274 default y 1275 help 1276 This enables the ioperm() and iopl() syscalls which are necessary 1277 for legacy applications. 1278 1279 Legacy IOPL support is an overbroad mechanism which allows user 1280 space aside of accessing all 65536 I/O ports also to disable 1281 interrupts. To gain this access the caller needs CAP_SYS_RAWIO 1282 capabilities and permission from potentially active security 1283 modules. 1284 1285 The emulation restricts the functionality of the syscall to 1286 only allowing the full range I/O port access, but prevents the 1287 ability to disable interrupts from user space which would be 1288 granted if the hardware IOPL mechanism would be used. 1289 1290config TOSHIBA 1291 tristate "Toshiba Laptop support" 1292 depends on X86_32 1293 help 1294 This adds a driver to safely access the System Management Mode of 1295 the CPU on Toshiba portables with a genuine Toshiba BIOS. It does 1296 not work on models with a Phoenix BIOS. The System Management Mode 1297 is used to set the BIOS and power saving options on Toshiba portables. 1298 1299 For information on utilities to make use of this driver see the 1300 Toshiba Linux utilities web site at: 1301 <http://www.buzzard.org.uk/toshiba/>. 1302 1303 Say Y if you intend to run this kernel on a Toshiba portable. 1304 Say N otherwise. 1305 1306config X86_REBOOTFIXUPS 1307 bool "Enable X86 board specific fixups for reboot" 1308 depends on X86_32 1309 help 1310 This enables chipset and/or board specific fixups to be done 1311 in order to get reboot to work correctly. This is only needed on 1312 some combinations of hardware and BIOS. The symptom, for which 1313 this config is intended, is when reboot ends with a stalled/hung 1314 system. 1315 1316 Currently, the only fixup is for the Geode machines using 1317 CS5530A and CS5536 chipsets and the RDC R-321x SoC. 1318 1319 Say Y if you want to enable the fixup. Currently, it's safe to 1320 enable this option even if you don't need it. 1321 Say N otherwise. 1322 1323config MICROCODE 1324 def_bool y 1325 depends on CPU_SUP_AMD || CPU_SUP_INTEL 1326 select CRYPTO_LIB_SHA256 if CPU_SUP_AMD 1327 1328config MICROCODE_INITRD32 1329 def_bool y 1330 depends on MICROCODE && X86_32 && BLK_DEV_INITRD 1331 1332config MICROCODE_LATE_LOADING 1333 bool "Late microcode loading (DANGEROUS)" 1334 default n 1335 depends on MICROCODE && SMP 1336 help 1337 Loading microcode late, when the system is up and executing instructions 1338 is a tricky business and should be avoided if possible. Just the sequence 1339 of synchronizing all cores and SMT threads is one fragile dance which does 1340 not guarantee that cores might not softlock after the loading. Therefore, 1341 use this at your own risk. Late loading taints the kernel unless the 1342 microcode header indicates that it is safe for late loading via the 1343 minimal revision check. This minimal revision check can be enforced on 1344 the kernel command line with "microcode=force_minrev". 1345 1346config MICROCODE_LATE_FORCE_MINREV 1347 bool "Enforce late microcode loading minimal revision check" 1348 default n 1349 depends on MICROCODE_LATE_LOADING 1350 help 1351 To prevent that users load microcode late which modifies already 1352 in use features, newer microcode patches have a minimum revision field 1353 in the microcode header, which tells the kernel which minimum 1354 revision must be active in the CPU to safely load that new microcode 1355 late into the running system. If disabled the check will not 1356 be enforced but the kernel will be tainted when the minimal 1357 revision check fails. 1358 1359 This minimal revision check can also be controlled via the 1360 "microcode=force_minrev" parameter on the kernel command line. 1361 1362 If unsure say Y. 1363 1364config MICROCODE_DBG 1365 bool "Enable microcode loader debugging" 1366 default n 1367 depends on MICROCODE 1368 help 1369 Enable code which allows for debugging the microcode loader in 1370 a guest. Meaning the patch loading is simulated but everything else 1371 related to patch parsing and handling is done as on baremetal with 1372 the purpose of debugging solely the software side of things. 1373 1374 You almost certainly want to say n here. 1375 1376config X86_MSR 1377 tristate "/dev/cpu/*/msr - Model-specific register support" 1378 help 1379 This device gives privileged processes access to the x86 1380 Model-Specific Registers (MSRs). It is a character device with 1381 major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr. 1382 MSR accesses are directed to a specific CPU on multi-processor 1383 systems. 1384 1385config X86_CPUID 1386 tristate "/dev/cpu/*/cpuid - CPU information support" 1387 help 1388 This device gives processes access to the x86 CPUID instruction to 1389 be executed on a specific processor. It is a character device 1390 with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to 1391 /dev/cpu/31/cpuid. 1392 1393config HIGHMEM4G 1394 bool "High Memory Support" 1395 depends on X86_32 1396 help 1397 Linux can use up to 4 Gigabytes of physical memory on x86 systems. 1398 However, the address space of 32-bit x86 processors is only 4 1399 Gigabytes large. That means that, if you have a large amount of 1400 physical memory, not all of it can be "permanently mapped" by the 1401 kernel. The physical memory that's not permanently mapped is called 1402 "high memory". 1403 1404 If you are compiling a kernel which will never run on a machine with 1405 more than 1 Gigabyte total physical RAM, answer "off" here (default 1406 choice and suitable for most users). This will result in a "3GB/1GB" 1407 split: 3GB are mapped so that each process sees a 3GB virtual memory 1408 space and the remaining part of the 4GB virtual memory space is used 1409 by the kernel to permanently map as much physical memory as 1410 possible. 1411 1412 If the machine has between 1 and 4 Gigabytes physical RAM, then 1413 answer "Y" here. 1414 1415 If unsure, say N. 1416 1417choice 1418 prompt "Memory split" if EXPERT 1419 default VMSPLIT_3G 1420 depends on X86_32 1421 help 1422 Select the desired split between kernel and user memory. 1423 1424 If the address range available to the kernel is less than the 1425 physical memory installed, the remaining memory will be available 1426 as "high memory". Accessing high memory is a little more costly 1427 than low memory, as it needs to be mapped into the kernel first. 1428 Note that increasing the kernel address space limits the range 1429 available to user programs, making the address space there 1430 tighter. Selecting anything other than the default 3G/1G split 1431 will also likely make your kernel incompatible with binary-only 1432 kernel modules. 1433 1434 If you are not absolutely sure what you are doing, leave this 1435 option alone! 1436 1437 config VMSPLIT_3G 1438 bool "3G/1G user/kernel split" 1439 config VMSPLIT_3G_OPT 1440 depends on !X86_PAE 1441 bool "3G/1G user/kernel split (for full 1G low memory)" 1442 config VMSPLIT_2G 1443 bool "2G/2G user/kernel split" 1444 config VMSPLIT_2G_OPT 1445 depends on !X86_PAE 1446 bool "2G/2G user/kernel split (for full 2G low memory)" 1447 config VMSPLIT_1G 1448 bool "1G/3G user/kernel split" 1449endchoice 1450 1451config PAGE_OFFSET 1452 hex 1453 default 0xB0000000 if VMSPLIT_3G_OPT 1454 default 0x80000000 if VMSPLIT_2G 1455 default 0x78000000 if VMSPLIT_2G_OPT 1456 default 0x40000000 if VMSPLIT_1G 1457 default 0xC0000000 1458 depends on X86_32 1459 1460config HIGHMEM 1461 def_bool HIGHMEM4G 1462 1463config X86_PAE 1464 bool "PAE (Physical Address Extension) Support" 1465 depends on X86_32 && X86_HAVE_PAE 1466 select PHYS_ADDR_T_64BIT 1467 help 1468 PAE is required for NX support, and furthermore enables 1469 larger swapspace support for non-overcommit purposes. It 1470 has the cost of more pagetable lookup overhead, and also 1471 consumes more pagetable space per process. 1472 1473config X86_DIRECT_GBPAGES 1474 def_bool y 1475 depends on X86_64 1476 help 1477 Certain kernel features effectively disable kernel 1478 linear 1 GB mappings (even if the CPU otherwise 1479 supports them), so don't confuse the user by printing 1480 that we have them enabled. 1481 1482config X86_CPA_STATISTICS 1483 bool "Enable statistic for Change Page Attribute" 1484 depends on DEBUG_FS 1485 help 1486 Expose statistics about the Change Page Attribute mechanism, which 1487 helps to determine the effectiveness of preserving large and huge 1488 page mappings when mapping protections are changed. 1489 1490config X86_MEM_ENCRYPT 1491 select ARCH_HAS_FORCE_DMA_UNENCRYPTED 1492 select DYNAMIC_PHYSICAL_MASK 1493 def_bool n 1494 1495config AMD_MEM_ENCRYPT 1496 bool "AMD Secure Memory Encryption (SME) support" 1497 depends on X86_64 && CPU_SUP_AMD 1498 depends on EFI_STUB 1499 select DMA_COHERENT_POOL 1500 select ARCH_USE_MEMREMAP_PROT 1501 select INSTRUCTION_DECODER 1502 select ARCH_HAS_CC_PLATFORM 1503 select X86_MEM_ENCRYPT 1504 select UNACCEPTED_MEMORY 1505 select CRYPTO_LIB_AESGCM 1506 help 1507 Say yes to enable support for the encryption of system memory. 1508 This requires an AMD processor that supports Secure Memory 1509 Encryption (SME). 1510 1511# Common NUMA Features 1512config NUMA 1513 bool "NUMA Memory Allocation and Scheduler Support" 1514 depends on SMP 1515 depends on X86_64 1516 select USE_PERCPU_NUMA_NODE_ID 1517 select OF_NUMA if OF 1518 help 1519 Enable NUMA (Non-Uniform Memory Access) support. 1520 1521 The kernel will try to allocate memory used by a CPU on the 1522 local memory controller of the CPU and add some more 1523 NUMA awareness to the kernel. 1524 1525 For 64-bit this is recommended if the system is Intel Core i7 1526 (or later), AMD Opteron, or EM64T NUMA. 1527 1528 Otherwise, you should say N. 1529 1530config AMD_NUMA 1531 def_bool y 1532 prompt "Old style AMD Opteron NUMA detection" 1533 depends on X86_64 && NUMA && PCI 1534 help 1535 Enable AMD NUMA node topology detection. You should say Y here if 1536 you have a multi processor AMD system. This uses an old method to 1537 read the NUMA configuration directly from the builtin Northbridge 1538 of Opteron. It is recommended to use X86_64_ACPI_NUMA instead, 1539 which also takes priority if both are compiled in. 1540 1541config X86_64_ACPI_NUMA 1542 def_bool y 1543 prompt "ACPI NUMA detection" 1544 depends on X86_64 && NUMA && ACPI && PCI 1545 select ACPI_NUMA 1546 help 1547 Enable ACPI SRAT based node topology detection. 1548 1549config NODES_SHIFT 1550 int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP 1551 range 1 10 1552 default "10" if MAXSMP 1553 default "6" if X86_64 1554 default "3" 1555 depends on NUMA 1556 help 1557 Specify the maximum number of NUMA Nodes available on the target 1558 system. Increases memory reserved to accommodate various tables. 1559 1560config ARCH_FLATMEM_ENABLE 1561 def_bool y 1562 depends on X86_32 && !NUMA 1563 1564config ARCH_SPARSEMEM_ENABLE 1565 def_bool y 1566 select SPARSEMEM_STATIC if X86_32 1567 select SPARSEMEM_VMEMMAP_ENABLE if X86_64 1568 select SPARSEMEM_VMEMMAP if X86_64 1569 1570config ARCH_SPARSEMEM_DEFAULT 1571 def_bool X86_64 || (NUMA && X86_32) 1572 1573config ARCH_SELECT_MEMORY_MODEL 1574 def_bool y 1575 depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE 1576 1577config ARCH_MEMORY_PROBE 1578 bool "Enable sysfs memory/probe interface" 1579 depends on MEMORY_HOTPLUG 1580 help 1581 This option enables a sysfs memory/probe interface for testing. 1582 See Documentation/admin-guide/mm/memory-hotplug.rst for more information. 1583 If you are unsure how to answer this question, answer N. 1584 1585config ARCH_PROC_KCORE_TEXT 1586 def_bool y 1587 depends on X86_64 && PROC_KCORE 1588 1589config ILLEGAL_POINTER_VALUE 1590 hex 1591 default 0 if X86_32 1592 default 0xdead000000000000 if X86_64 1593 1594config X86_PMEM_LEGACY_DEVICE 1595 bool 1596 1597config X86_PMEM_LEGACY 1598 tristate "Support non-standard NVDIMMs and ADR protected memory" 1599 depends on PHYS_ADDR_T_64BIT 1600 depends on BLK_DEV 1601 select X86_PMEM_LEGACY_DEVICE 1602 select NUMA_KEEP_MEMINFO if NUMA 1603 select LIBNVDIMM 1604 help 1605 Treat memory marked using the non-standard e820 type of 12 as used 1606 by the Intel Sandy Bridge-EP reference BIOS as protected memory. 1607 The kernel will offer these regions to the 'pmem' driver so 1608 they can be used for persistent storage. 1609 1610 Say Y if unsure. 1611 1612config X86_CHECK_BIOS_CORRUPTION 1613 bool "Check for low memory corruption" 1614 help 1615 Periodically check for memory corruption in low memory, which 1616 is suspected to be caused by BIOS. Even when enabled in the 1617 configuration, it is disabled at runtime. Enable it by 1618 setting "memory_corruption_check=1" on the kernel command 1619 line. By default it scans the low 64k of memory every 60 1620 seconds; see the memory_corruption_check_size and 1621 memory_corruption_check_period parameters in 1622 Documentation/admin-guide/kernel-parameters.rst to adjust this. 1623 1624 When enabled with the default parameters, this option has 1625 almost no overhead, as it reserves a relatively small amount 1626 of memory and scans it infrequently. It both detects corruption 1627 and prevents it from affecting the running system. 1628 1629 It is, however, intended as a diagnostic tool; if repeatable 1630 BIOS-originated corruption always affects the same memory, 1631 you can use memmap= to prevent the kernel from using that 1632 memory. 1633 1634config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK 1635 bool "Set the default setting of memory_corruption_check" 1636 depends on X86_CHECK_BIOS_CORRUPTION 1637 default y 1638 help 1639 Set whether the default state of memory_corruption_check is 1640 on or off. 1641 1642config MATH_EMULATION 1643 bool 1644 depends on MODIFY_LDT_SYSCALL 1645 prompt "Math emulation" if X86_32 && (M486SX || MELAN) 1646 help 1647 Linux can emulate a math coprocessor (used for floating point 1648 operations) if you don't have one. 486DX and Pentium processors have 1649 a math coprocessor built in, 486SX and 386 do not, unless you added 1650 a 487DX or 387, respectively. (The messages during boot time can 1651 give you some hints here ["man dmesg"].) Everyone needs either a 1652 coprocessor or this emulation. 1653 1654 If you don't have a math coprocessor, you need to say Y here; if you 1655 say Y here even though you have a coprocessor, the coprocessor will 1656 be used nevertheless. (This behavior can be changed with the kernel 1657 command line option "no387", which comes handy if your coprocessor 1658 is broken. Try "man bootparam" or see the documentation of your boot 1659 loader (lilo or loadlin) about how to pass options to the kernel at 1660 boot time.) This means that it is a good idea to say Y here if you 1661 intend to use this kernel on different machines. 1662 1663 More information about the internals of the Linux math coprocessor 1664 emulation can be found in <file:arch/x86/math-emu/README>. 1665 1666 If you are not sure, say Y; apart from resulting in a 66 KB bigger 1667 kernel, it won't hurt. 1668 1669config MTRR 1670 def_bool y 1671 prompt "MTRR (Memory Type Range Register) support" if EXPERT 1672 help 1673 On Intel P6 family processors (Pentium Pro, Pentium II and later) 1674 the Memory Type Range Registers (MTRRs) may be used to control 1675 processor access to memory ranges. This is most useful if you have 1676 a video (VGA) card on a PCI or AGP bus. Enabling write-combining 1677 allows bus write transfers to be combined into a larger transfer 1678 before bursting over the PCI/AGP bus. This can increase performance 1679 of image write operations 2.5 times or more. Saying Y here creates a 1680 /proc/mtrr file which may be used to manipulate your processor's 1681 MTRRs. Typically the X server should use this. 1682 1683 This code has a reasonably generic interface so that similar 1684 control registers on other processors can be easily supported 1685 as well: 1686 1687 The Cyrix 6x86, 6x86MX and M II processors have Address Range 1688 Registers (ARRs) which provide a similar functionality to MTRRs. For 1689 these, the ARRs are used to emulate the MTRRs. 1690 The AMD K6-2 (stepping 8 and above) and K6-3 processors have two 1691 MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing 1692 write-combining. All of these processors are supported by this code 1693 and it makes sense to say Y here if you have one of them. 1694 1695 Saying Y here also fixes a problem with buggy SMP BIOSes which only 1696 set the MTRRs for the boot CPU and not for the secondary CPUs. This 1697 can lead to all sorts of problems, so it's good to say Y here. 1698 1699 You can safely say Y even if your machine doesn't have MTRRs, you'll 1700 just add about 9 KB to your kernel. 1701 1702 See <file:Documentation/arch/x86/mtrr.rst> for more information. 1703 1704config MTRR_SANITIZER 1705 def_bool y 1706 prompt "MTRR cleanup support" 1707 depends on MTRR 1708 help 1709 Convert MTRR layout from continuous to discrete, so X drivers can 1710 add writeback entries. 1711 1712 Can be disabled with disable_mtrr_cleanup on the kernel command line. 1713 The largest mtrr entry size for a continuous block can be set with 1714 mtrr_chunk_size. 1715 1716 If unsure, say Y. 1717 1718config MTRR_SANITIZER_ENABLE_DEFAULT 1719 int "MTRR cleanup enable value (0-1)" 1720 range 0 1 1721 default "0" 1722 depends on MTRR_SANITIZER 1723 help 1724 Enable mtrr cleanup default value 1725 1726config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT 1727 int "MTRR cleanup spare reg num (0-7)" 1728 range 0 7 1729 default "1" 1730 depends on MTRR_SANITIZER 1731 help 1732 mtrr cleanup spare entries default, it can be changed via 1733 mtrr_spare_reg_nr=N on the kernel command line. 1734 1735config X86_PAT 1736 def_bool y 1737 prompt "x86 PAT support" if EXPERT 1738 depends on MTRR 1739 select ARCH_USES_PG_ARCH_2 1740 help 1741 Use PAT attributes to setup page level cache control. 1742 1743 PATs are the modern equivalents of MTRRs and are much more 1744 flexible than MTRRs. 1745 1746 Say N here if you see bootup problems (boot crash, boot hang, 1747 spontaneous reboots) or a non-working video driver. 1748 1749 If unsure, say Y. 1750 1751config X86_UMIP 1752 def_bool y 1753 prompt "User Mode Instruction Prevention" if EXPERT 1754 help 1755 User Mode Instruction Prevention (UMIP) is a security feature in 1756 some x86 processors. If enabled, a general protection fault is 1757 issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are 1758 executed in user mode. These instructions unnecessarily expose 1759 information about the hardware state. 1760 1761 The vast majority of applications do not use these instructions. 1762 For the very few that do, software emulation is provided in 1763 specific cases in protected and virtual-8086 modes. Emulated 1764 results are dummy. 1765 1766config CC_HAS_IBT 1767 # GCC >= 9 and binutils >= 2.29 1768 # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 1769 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || CC_IS_CLANG) && \ 1770 $(as-instr,endbr64) 1771 1772config X86_CET 1773 def_bool n 1774 help 1775 CET features configured (Shadow stack or IBT) 1776 1777config X86_KERNEL_IBT 1778 prompt "Indirect Branch Tracking" 1779 def_bool y 1780 depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL 1781 select OBJTOOL 1782 select X86_CET 1783 help 1784 Build the kernel with support for Indirect Branch Tracking, a 1785 hardware support course-grain forward-edge Control Flow Integrity 1786 protection. It enforces that all indirect calls must land on 1787 an ENDBR instruction, as such, the compiler will instrument the 1788 code with them to make this happen. 1789 1790 In addition to building the kernel with IBT, seal all functions that 1791 are not indirect call targets, avoiding them ever becoming one. 1792 1793 This requires LTO like objtool runs and will slow down the build. It 1794 does significantly reduce the number of ENDBR instructions in the 1795 kernel image. 1796 1797config X86_INTEL_MEMORY_PROTECTION_KEYS 1798 prompt "Memory Protection Keys" 1799 def_bool y 1800 # Note: only available in 64-bit mode 1801 depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD) 1802 select ARCH_USES_HIGH_VMA_FLAGS 1803 select ARCH_HAS_PKEYS 1804 help 1805 Memory Protection Keys provides a mechanism for enforcing 1806 page-based protections, but without requiring modification of the 1807 page tables when an application changes protection domains. 1808 1809 For details, see Documentation/core-api/protection-keys.rst 1810 1811 If unsure, say y. 1812 1813config ARCH_PKEY_BITS 1814 int 1815 default 4 1816 1817choice 1818 prompt "TSX enable mode" 1819 depends on CPU_SUP_INTEL 1820 default X86_INTEL_TSX_MODE_OFF 1821 help 1822 Intel's TSX (Transactional Synchronization Extensions) feature 1823 allows to optimize locking protocols through lock elision which 1824 can lead to a noticeable performance boost. 1825 1826 On the other hand it has been shown that TSX can be exploited 1827 to form side channel attacks (e.g. TAA) and chances are there 1828 will be more of those attacks discovered in the future. 1829 1830 Therefore TSX is not enabled by default (aka tsx=off). An admin 1831 might override this decision by tsx=on the command line parameter. 1832 Even with TSX enabled, the kernel will attempt to enable the best 1833 possible TAA mitigation setting depending on the microcode available 1834 for the particular machine. 1835 1836 This option allows to set the default tsx mode between tsx=on, =off 1837 and =auto. See Documentation/admin-guide/kernel-parameters.txt for more 1838 details. 1839 1840 Say off if not sure, auto if TSX is in use but it should be used on safe 1841 platforms or on if TSX is in use and the security aspect of tsx is not 1842 relevant. 1843 1844config X86_INTEL_TSX_MODE_OFF 1845 bool "off" 1846 help 1847 TSX is disabled if possible - equals to tsx=off command line parameter. 1848 1849config X86_INTEL_TSX_MODE_ON 1850 bool "on" 1851 help 1852 TSX is always enabled on TSX capable HW - equals the tsx=on command 1853 line parameter. 1854 1855config X86_INTEL_TSX_MODE_AUTO 1856 bool "auto" 1857 help 1858 TSX is enabled on TSX capable HW that is believed to be safe against 1859 side channel attacks- equals the tsx=auto command line parameter. 1860endchoice 1861 1862config X86_SGX 1863 bool "Software Guard eXtensions (SGX)" 1864 depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC 1865 select CRYPTO_LIB_SHA256 1866 select MMU_NOTIFIER 1867 select NUMA_KEEP_MEMINFO if NUMA 1868 select XARRAY_MULTI 1869 help 1870 Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions 1871 that can be used by applications to set aside private regions of code 1872 and data, referred to as enclaves. An enclave's private memory can 1873 only be accessed by code running within the enclave. Accesses from 1874 outside the enclave, including other enclaves, are disallowed by 1875 hardware. 1876 1877 If unsure, say N. 1878 1879config X86_USER_SHADOW_STACK 1880 bool "X86 userspace shadow stack" 1881 depends on AS_WRUSS 1882 depends on X86_64 1883 select ARCH_USES_HIGH_VMA_FLAGS 1884 select ARCH_HAS_USER_SHADOW_STACK 1885 select X86_CET 1886 help 1887 Shadow stack protection is a hardware feature that detects function 1888 return address corruption. This helps mitigate ROP attacks. 1889 Applications must be enabled to use it, and old userspace does not 1890 get protection "for free". 1891 1892 CPUs supporting shadow stacks were first released in 2020. 1893 1894 See Documentation/arch/x86/shstk.rst for more information. 1895 1896 If unsure, say N. 1897 1898config INTEL_TDX_HOST 1899 bool "Intel Trust Domain Extensions (TDX) host support" 1900 depends on CPU_SUP_INTEL 1901 depends on X86_64 1902 depends on KVM_INTEL 1903 depends on X86_X2APIC 1904 select ARCH_KEEP_MEMBLOCK 1905 depends on CONTIG_ALLOC 1906 depends on !KEXEC_CORE 1907 depends on X86_MCE 1908 help 1909 Intel Trust Domain Extensions (TDX) protects guest VMs from malicious 1910 host and certain physical attacks. This option enables necessary TDX 1911 support in the host kernel to run confidential VMs. 1912 1913 If unsure, say N. 1914 1915config EFI 1916 bool "EFI runtime service support" 1917 depends on ACPI 1918 select UCS2_STRING 1919 select EFI_RUNTIME_WRAPPERS 1920 select ARCH_USE_MEMREMAP_PROT 1921 select EFI_RUNTIME_MAP if KEXEC_CORE 1922 help 1923 This enables the kernel to use EFI runtime services that are 1924 available (such as the EFI variable services). 1925 1926 This option is only useful on systems that have EFI firmware. 1927 In addition, you should use the latest ELILO loader available 1928 at <http://elilo.sourceforge.net> in order to take advantage 1929 of EFI runtime services. However, even with this option, the 1930 resultant kernel should continue to boot on existing non-EFI 1931 platforms. 1932 1933config EFI_STUB 1934 bool "EFI stub support" 1935 depends on EFI 1936 select RELOCATABLE 1937 help 1938 This kernel feature allows a bzImage to be loaded directly 1939 by EFI firmware without the use of a bootloader. 1940 1941 See Documentation/admin-guide/efi-stub.rst for more information. 1942 1943config EFI_HANDOVER_PROTOCOL 1944 bool "EFI handover protocol (DEPRECATED)" 1945 depends on EFI_STUB 1946 default y 1947 help 1948 Select this in order to include support for the deprecated EFI 1949 handover protocol, which defines alternative entry points into the 1950 EFI stub. This is a practice that has no basis in the UEFI 1951 specification, and requires a priori knowledge on the part of the 1952 bootloader about Linux/x86 specific ways of passing the command line 1953 and initrd, and where in memory those assets may be loaded. 1954 1955 If in doubt, say Y. Even though the corresponding support is not 1956 present in upstream GRUB or other bootloaders, most distros build 1957 GRUB with numerous downstream patches applied, and may rely on the 1958 handover protocol as as result. 1959 1960config EFI_MIXED 1961 bool "EFI mixed-mode support" 1962 depends on EFI_STUB && X86_64 1963 help 1964 Enabling this feature allows a 64-bit kernel to be booted 1965 on a 32-bit firmware, provided that your CPU supports 64-bit 1966 mode. 1967 1968 Note that it is not possible to boot a mixed-mode enabled 1969 kernel via the EFI boot stub - a bootloader that supports 1970 the EFI handover protocol must be used. 1971 1972 If unsure, say N. 1973 1974config EFI_RUNTIME_MAP 1975 bool "Export EFI runtime maps to sysfs" if EXPERT 1976 depends on EFI 1977 help 1978 Export EFI runtime memory regions to /sys/firmware/efi/runtime-map. 1979 That memory map is required by the 2nd kernel to set up EFI virtual 1980 mappings after kexec, but can also be used for debugging purposes. 1981 1982 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map. 1983 1984source "kernel/Kconfig.hz" 1985 1986config ARCH_SUPPORTS_KEXEC 1987 def_bool y 1988 1989config ARCH_SUPPORTS_KEXEC_FILE 1990 def_bool X86_64 1991 1992config ARCH_SELECTS_KEXEC_FILE 1993 def_bool y 1994 depends on KEXEC_FILE 1995 select HAVE_IMA_KEXEC if IMA 1996 1997config ARCH_SUPPORTS_KEXEC_PURGATORY 1998 def_bool y 1999 2000config ARCH_SUPPORTS_KEXEC_SIG 2001 def_bool y 2002 2003config ARCH_SUPPORTS_KEXEC_SIG_FORCE 2004 def_bool y 2005 2006config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG 2007 def_bool y 2008 2009config ARCH_SUPPORTS_KEXEC_JUMP 2010 def_bool y 2011 2012config ARCH_SUPPORTS_KEXEC_HANDOVER 2013 def_bool X86_64 2014 2015config ARCH_SUPPORTS_CRASH_DUMP 2016 def_bool X86_64 || (X86_32 && HIGHMEM) 2017 2018config ARCH_DEFAULT_CRASH_DUMP 2019 def_bool y 2020 2021config ARCH_SUPPORTS_CRASH_HOTPLUG 2022 def_bool y 2023 2024config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION 2025 def_bool CRASH_RESERVE 2026 2027config PHYSICAL_START 2028 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) 2029 default "0x1000000" 2030 help 2031 This gives the physical address where the kernel is loaded. 2032 2033 If the kernel is not relocatable (CONFIG_RELOCATABLE=n) then bzImage 2034 will decompress itself to above physical address and run from there. 2035 Otherwise, bzImage will run from the address where it has been loaded 2036 by the boot loader. The only exception is if it is loaded below the 2037 above physical address, in which case it will relocate itself there. 2038 2039 In normal kdump cases one does not have to set/change this option 2040 as now bzImage can be compiled as a completely relocatable image 2041 (CONFIG_RELOCATABLE=y) and be used to load and run from a different 2042 address. This option is mainly useful for the folks who don't want 2043 to use a bzImage for capturing the crash dump and want to use a 2044 vmlinux instead. vmlinux is not relocatable hence a kernel needs 2045 to be specifically compiled to run from a specific memory area 2046 (normally a reserved region) and this option comes handy. 2047 2048 So if you are using bzImage for capturing the crash dump, 2049 leave the value here unchanged to 0x1000000 and set 2050 CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux 2051 for capturing the crash dump change this value to start of 2052 the reserved region. In other words, it can be set based on 2053 the "X" value as specified in the "crashkernel=YM@XM" 2054 command line boot parameter passed to the panic-ed 2055 kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst 2056 for more details about crash dumps. 2057 2058 Usage of bzImage for capturing the crash dump is recommended as 2059 one does not have to build two kernels. Same kernel can be used 2060 as production kernel and capture kernel. Above option should have 2061 gone away after relocatable bzImage support is introduced. But it 2062 is present because there are users out there who continue to use 2063 vmlinux for dump capture. This option should go away down the 2064 line. 2065 2066 Don't change this unless you know what you are doing. 2067 2068config RELOCATABLE 2069 bool "Build a relocatable kernel" 2070 default y 2071 help 2072 This builds a kernel image that retains relocation information 2073 so it can be loaded someplace besides the default 1MB. 2074 The relocations tend to make the kernel binary about 10% larger, 2075 but are discarded at runtime. 2076 2077 One use is for the kexec on panic case where the recovery kernel 2078 must live at a different physical address than the primary 2079 kernel. 2080 2081 Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address 2082 it has been loaded at and the compile time physical address 2083 (CONFIG_PHYSICAL_START) is used as the minimum location. 2084 2085config RANDOMIZE_BASE 2086 bool "Randomize the address of the kernel image (KASLR)" 2087 depends on RELOCATABLE 2088 default y 2089 help 2090 In support of Kernel Address Space Layout Randomization (KASLR), 2091 this randomizes the physical address at which the kernel image 2092 is decompressed and the virtual address where the kernel 2093 image is mapped, as a security feature that deters exploit 2094 attempts relying on knowledge of the location of kernel 2095 code internals. 2096 2097 On 64-bit, the kernel physical and virtual addresses are 2098 randomized separately. The physical address will be anywhere 2099 between 16MB and the top of physical memory (up to 64TB). The 2100 virtual address will be randomized from 16MB up to 1GB (9 bits 2101 of entropy). Note that this also reduces the memory space 2102 available to kernel modules from 1.5GB to 1GB. 2103 2104 On 32-bit, the kernel physical and virtual addresses are 2105 randomized together. They will be randomized from 16MB up to 2106 512MB (8 bits of entropy). 2107 2108 Entropy is generated using the RDRAND instruction if it is 2109 supported. If RDTSC is supported, its value is mixed into 2110 the entropy pool as well. If neither RDRAND nor RDTSC are 2111 supported, then entropy is read from the i8254 timer. The 2112 usable entropy is limited by the kernel being built using 2113 2GB addressing, and that PHYSICAL_ALIGN must be at a 2114 minimum of 2MB. As a result, only 10 bits of entropy are 2115 theoretically possible, but the implementations are further 2116 limited due to memory layouts. 2117 2118 If unsure, say Y. 2119 2120# Relocation on x86 needs some additional build support 2121config X86_NEED_RELOCS 2122 def_bool y 2123 depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE) 2124 select ARCH_VMLINUX_NEEDS_RELOCS 2125 2126config PHYSICAL_ALIGN 2127 hex "Alignment value to which kernel should be aligned" 2128 default "0x200000" 2129 range 0x2000 0x1000000 if X86_32 2130 range 0x200000 0x1000000 if X86_64 2131 help 2132 This value puts the alignment restrictions on physical address 2133 where kernel is loaded and run from. Kernel is compiled for an 2134 address which meets above alignment restriction. 2135 2136 If bootloader loads the kernel at a non-aligned address and 2137 CONFIG_RELOCATABLE is set, kernel will move itself to nearest 2138 address aligned to above value and run from there. 2139 2140 If bootloader loads the kernel at a non-aligned address and 2141 CONFIG_RELOCATABLE is not set, kernel will ignore the run time 2142 load address and decompress itself to the address it has been 2143 compiled for and run from there. The address for which kernel is 2144 compiled already meets above alignment restrictions. Hence the 2145 end result is that kernel runs from a physical address meeting 2146 above alignment restrictions. 2147 2148 On 32-bit this value must be a multiple of 0x2000. On 64-bit 2149 this value must be a multiple of 0x200000. 2150 2151 Don't change this unless you know what you are doing. 2152 2153config RANDOMIZE_MEMORY 2154 bool "Randomize the kernel memory sections" 2155 depends on X86_64 2156 depends on RANDOMIZE_BASE 2157 default RANDOMIZE_BASE 2158 help 2159 Randomizes the base virtual address of kernel memory sections 2160 (physical memory mapping, vmalloc & vmemmap). This security feature 2161 makes exploits relying on predictable memory locations less reliable. 2162 2163 The order of allocations remains unchanged. Entropy is generated in 2164 the same way as RANDOMIZE_BASE. Current implementation in the optimal 2165 configuration have in average 30,000 different possible virtual 2166 addresses for each memory section. 2167 2168 If unsure, say Y. 2169 2170config RANDOMIZE_MEMORY_PHYSICAL_PADDING 2171 hex "Physical memory mapping padding" if EXPERT 2172 depends on RANDOMIZE_MEMORY 2173 default "0xa" if MEMORY_HOTPLUG 2174 default "0x0" 2175 range 0x1 0x40 if MEMORY_HOTPLUG 2176 range 0x0 0x40 2177 help 2178 Define the padding in terabytes added to the existing physical 2179 memory size during kernel memory randomization. It is useful 2180 for memory hotplug support but reduces the entropy available for 2181 address randomization. 2182 2183 If unsure, leave at the default value. 2184 2185config ADDRESS_MASKING 2186 bool "Linear Address Masking support" 2187 depends on X86_64 2188 depends on COMPILE_TEST || !CPU_MITIGATIONS # wait for LASS 2189 help 2190 Linear Address Masking (LAM) modifies the checking that is applied 2191 to 64-bit linear addresses, allowing software to use of the 2192 untranslated address bits for metadata. 2193 2194 The capability can be used for efficient address sanitizers (ASAN) 2195 implementation and for optimizations in JITs. 2196 2197config HOTPLUG_CPU 2198 def_bool y 2199 depends on SMP 2200 2201config COMPAT_VDSO 2202 def_bool n 2203 prompt "Workaround for glibc 2.3.2 / 2.3.3 (released in year 2003/2004)" 2204 depends on COMPAT_32 2205 help 2206 Certain buggy versions of glibc will crash if they are 2207 presented with a 32-bit vDSO that is not mapped at the address 2208 indicated in its segment table. 2209 2210 The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a 2211 and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and 2212 49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is 2213 the only released version with the bug, but OpenSUSE 9 2214 contains a buggy "glibc 2.3.2". 2215 2216 The symptom of the bug is that everything crashes on startup, saying: 2217 dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed! 2218 2219 Saying Y here changes the default value of the vdso32 boot 2220 option from 1 to 0, which turns off the 32-bit vDSO entirely. 2221 This works around the glibc bug but hurts performance. 2222 2223 If unsure, say N: if you are compiling your own kernel, you 2224 are unlikely to be using a buggy version of glibc. 2225 2226choice 2227 prompt "vsyscall table for legacy applications" 2228 depends on X86_64 2229 default LEGACY_VSYSCALL_XONLY 2230 help 2231 Legacy user code that does not know how to find the vDSO expects 2232 to be able to issue three syscalls by calling fixed addresses in 2233 kernel space. Since this location is not randomized with ASLR, 2234 it can be used to assist security vulnerability exploitation. 2235 2236 This setting can be changed at boot time via the kernel command 2237 line parameter vsyscall=[emulate|xonly|none]. Emulate mode 2238 is deprecated and can only be enabled using the kernel command 2239 line. 2240 2241 On a system with recent enough glibc (2.14 or newer) and no 2242 static binaries, you can say None without a performance penalty 2243 to improve security. 2244 2245 If unsure, select "Emulate execution only". 2246 2247 config LEGACY_VSYSCALL_XONLY 2248 bool "Emulate execution only" 2249 help 2250 The kernel traps and emulates calls into the fixed vsyscall 2251 address mapping and does not allow reads. This 2252 configuration is recommended when userspace might use the 2253 legacy vsyscall area but support for legacy binary 2254 instrumentation of legacy code is not needed. It mitigates 2255 certain uses of the vsyscall area as an ASLR-bypassing 2256 buffer. 2257 2258 config LEGACY_VSYSCALL_NONE 2259 bool "None" 2260 help 2261 There will be no vsyscall mapping at all. This will 2262 eliminate any risk of ASLR bypass due to the vsyscall 2263 fixed address mapping. Attempts to use the vsyscalls 2264 will be reported to dmesg, so that either old or 2265 malicious userspace programs can be identified. 2266 2267endchoice 2268 2269config CMDLINE_BOOL 2270 bool "Built-in kernel command line" 2271 help 2272 Allow for specifying boot arguments to the kernel at 2273 build time. On some systems (e.g. embedded ones), it is 2274 necessary or convenient to provide some or all of the 2275 kernel boot arguments with the kernel itself (that is, 2276 to not rely on the boot loader to provide them.) 2277 2278 To compile command line arguments into the kernel, 2279 set this option to 'Y', then fill in the 2280 boot arguments in CONFIG_CMDLINE. 2281 2282 Systems with fully functional boot loaders (i.e. non-embedded) 2283 should leave this option set to 'N'. 2284 2285config CMDLINE 2286 string "Built-in kernel command string" 2287 depends on CMDLINE_BOOL 2288 default "" 2289 help 2290 Enter arguments here that should be compiled into the kernel 2291 image and used at boot time. If the boot loader provides a 2292 command line at boot time, it is appended to this string to 2293 form the full kernel command line, when the system boots. 2294 2295 However, you can use the CONFIG_CMDLINE_OVERRIDE option to 2296 change this behavior. 2297 2298 In most cases, the command line (whether built-in or provided 2299 by the boot loader) should specify the device for the root 2300 file system. 2301 2302config CMDLINE_OVERRIDE 2303 bool "Built-in command line overrides boot loader arguments" 2304 depends on CMDLINE_BOOL && CMDLINE != "" 2305 help 2306 Set this option to 'Y' to have the kernel ignore the boot loader 2307 command line, and use ONLY the built-in command line. 2308 2309 This is used to work around broken boot loaders. This should 2310 be set to 'N' under normal conditions. 2311 2312config MODIFY_LDT_SYSCALL 2313 bool "Enable the LDT (local descriptor table)" if EXPERT 2314 default y 2315 help 2316 Linux can allow user programs to install a per-process x86 2317 Local Descriptor Table (LDT) using the modify_ldt(2) system 2318 call. This is required to run 16-bit or segmented code such as 2319 DOSEMU or some Wine programs. It is also used by some very old 2320 threading libraries. 2321 2322 Enabling this feature adds a small amount of overhead to 2323 context switches and increases the low-level kernel attack 2324 surface. Disabling it removes the modify_ldt(2) system call. 2325 2326 Saying 'N' here may make sense for embedded or server kernels. 2327 2328config STRICT_SIGALTSTACK_SIZE 2329 bool "Enforce strict size checking for sigaltstack" 2330 depends on DYNAMIC_SIGFRAME 2331 help 2332 For historical reasons MINSIGSTKSZ is a constant which became 2333 already too small with AVX512 support. Add a mechanism to 2334 enforce strict checking of the sigaltstack size against the 2335 real size of the FPU frame. This option enables the check 2336 by default. It can also be controlled via the kernel command 2337 line option 'strict_sas_size' independent of this config 2338 switch. Enabling it might break existing applications which 2339 allocate a too small sigaltstack but 'work' because they 2340 never get a signal delivered. 2341 2342 Say 'N' unless you want to really enforce this check. 2343 2344config CFI_AUTO_DEFAULT 2345 bool "Attempt to use FineIBT by default at boot time" 2346 depends on FINEIBT 2347 depends on !RUST || RUSTC_VERSION >= 108800 2348 default y 2349 help 2350 Attempt to use FineIBT by default at boot time. If enabled, 2351 this is the same as booting with "cfi=auto". If disabled, 2352 this is the same as booting with "cfi=kcfi". 2353 2354source "kernel/livepatch/Kconfig" 2355 2356config X86_BUS_LOCK_DETECT 2357 bool "Split Lock Detect and Bus Lock Detect support" 2358 depends on CPU_SUP_INTEL || CPU_SUP_AMD 2359 default y 2360 help 2361 Enable Split Lock Detect and Bus Lock Detect functionalities. 2362 See <file:Documentation/arch/x86/buslock.rst> for more information. 2363 2364endmenu 2365 2366config CC_HAS_NAMED_AS 2367 def_bool $(success,echo 'int __seg_fs fs; int __seg_gs gs;' | $(CC) -x c - -S -o /dev/null) 2368 depends on CC_IS_GCC 2369 2370# 2371# -fsanitize=kernel-address (KASAN) and -fsanitize=thread (KCSAN) 2372# are incompatible with named address spaces with GCC < 13.3 2373# (see GCC PR sanitizer/111736 and also PR sanitizer/115172). 2374# 2375 2376config CC_HAS_NAMED_AS_FIXED_SANITIZERS 2377 def_bool y 2378 depends on !(KASAN || KCSAN) || GCC_VERSION >= 130300 2379 depends on !(UBSAN_BOOL && KASAN) || GCC_VERSION >= 140200 2380 2381config USE_X86_SEG_SUPPORT 2382 def_bool CC_HAS_NAMED_AS 2383 depends on CC_HAS_NAMED_AS_FIXED_SANITIZERS 2384 2385config CC_HAS_SLS 2386 def_bool $(cc-option,-mharden-sls=all) 2387 2388config CC_HAS_RETURN_THUNK 2389 def_bool $(cc-option,-mfunction-return=thunk-extern) 2390 2391config CC_HAS_ENTRY_PADDING 2392 def_bool $(cc-option,-fpatchable-function-entry=16,16) 2393 2394config CC_HAS_KCFI_ARITY 2395 def_bool $(cc-option,-fsanitize=kcfi -fsanitize-kcfi-arity) 2396 depends on CC_IS_CLANG && !RUST 2397 2398config FUNCTION_PADDING_CFI 2399 int 2400 default 59 if FUNCTION_ALIGNMENT_64B 2401 default 27 if FUNCTION_ALIGNMENT_32B 2402 default 11 if FUNCTION_ALIGNMENT_16B 2403 default 3 if FUNCTION_ALIGNMENT_8B 2404 default 0 2405 2406# Basically: FUNCTION_ALIGNMENT - 5*CFI 2407# except Kconfig can't do arithmetic :/ 2408config FUNCTION_PADDING_BYTES 2409 int 2410 default FUNCTION_PADDING_CFI if CFI 2411 default FUNCTION_ALIGNMENT 2412 2413config CALL_PADDING 2414 def_bool n 2415 depends on CC_HAS_ENTRY_PADDING && OBJTOOL 2416 select FUNCTION_ALIGNMENT_16B 2417 2418config FINEIBT 2419 def_bool y 2420 depends on X86_KERNEL_IBT && CFI && MITIGATION_RETPOLINE 2421 select CALL_PADDING 2422 2423config FINEIBT_BHI 2424 def_bool y 2425 depends on FINEIBT && CC_HAS_KCFI_ARITY 2426 2427config HAVE_CALL_THUNKS 2428 def_bool y 2429 depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL 2430 2431config CALL_THUNKS 2432 def_bool n 2433 select CALL_PADDING 2434 2435config PREFIX_SYMBOLS 2436 def_bool y 2437 depends on CALL_PADDING && !CFI 2438 2439menuconfig CPU_MITIGATIONS 2440 bool "Mitigations for CPU vulnerabilities" 2441 default y 2442 help 2443 Say Y here to enable options which enable mitigations for hardware 2444 vulnerabilities (usually related to speculative execution). 2445 Mitigations can be disabled or restricted to SMT systems at runtime 2446 via the "mitigations" kernel parameter. 2447 2448 If you say N, all mitigations will be disabled. This CANNOT be 2449 overridden at runtime. 2450 2451 Say 'Y', unless you really know what you are doing. 2452 2453if CPU_MITIGATIONS 2454 2455config MITIGATION_PAGE_TABLE_ISOLATION 2456 bool "Remove the kernel mapping in user mode" 2457 default y 2458 depends on (X86_64 || X86_PAE) 2459 help 2460 This feature reduces the number of hardware side channels by 2461 ensuring that the majority of kernel addresses are not mapped 2462 into userspace. 2463 2464 See Documentation/arch/x86/pti.rst for more details. 2465 2466config MITIGATION_RETPOLINE 2467 bool "Avoid speculative indirect branches in kernel" 2468 select OBJTOOL if HAVE_OBJTOOL 2469 default y 2470 help 2471 Compile kernel with the retpoline compiler options to guard against 2472 kernel-to-user data leaks by avoiding speculative indirect 2473 branches. Requires a compiler with -mindirect-branch=thunk-extern 2474 support for full protection. The kernel may run slower. 2475 2476config MITIGATION_RETHUNK 2477 bool "Enable return-thunks" 2478 depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK 2479 select OBJTOOL if HAVE_OBJTOOL 2480 default y if X86_64 2481 help 2482 Compile the kernel with the return-thunks compiler option to guard 2483 against kernel-to-user data leaks by avoiding return speculation. 2484 Requires a compiler with -mfunction-return=thunk-extern 2485 support for full protection. The kernel may run slower. 2486 2487config MITIGATION_UNRET_ENTRY 2488 bool "Enable UNRET on kernel entry" 2489 depends on CPU_SUP_AMD && MITIGATION_RETHUNK && X86_64 2490 default y 2491 help 2492 Compile the kernel with support for the retbleed=unret mitigation. 2493 2494config MITIGATION_CALL_DEPTH_TRACKING 2495 bool "Mitigate RSB underflow with call depth tracking" 2496 depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS 2497 select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE 2498 select CALL_THUNKS 2499 default y 2500 help 2501 Compile the kernel with call depth tracking to mitigate the Intel 2502 SKL Return-Stack-Buffer (RSB) underflow issue. The mitigation is off 2503 by default and needs to be enabled on the kernel command line via the 2504 retbleed=stuff option. For non-affected systems the overhead of this 2505 option is marginal as the call depth tracking is using run-time 2506 generated call thunks in a compiler generated padding area and call 2507 patching. This increases text size by ~5%. For non affected systems 2508 this space is unused. On affected SKL systems this results in a 2509 significant performance gain over the IBRS mitigation. 2510 2511config CALL_THUNKS_DEBUG 2512 bool "Enable call thunks and call depth tracking debugging" 2513 depends on MITIGATION_CALL_DEPTH_TRACKING 2514 select FUNCTION_ALIGNMENT_32B 2515 default n 2516 help 2517 Enable call/ret counters for imbalance detection and build in 2518 a noisy dmesg about callthunks generation and call patching for 2519 trouble shooting. The debug prints need to be enabled on the 2520 kernel command line with 'debug-callthunks'. 2521 Only enable this when you are debugging call thunks as this 2522 creates a noticeable runtime overhead. If unsure say N. 2523 2524config MITIGATION_IBPB_ENTRY 2525 bool "Enable IBPB on kernel entry" 2526 depends on CPU_SUP_AMD && X86_64 2527 default y 2528 help 2529 Compile the kernel with support for the retbleed=ibpb and 2530 spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations. 2531 2532config MITIGATION_IBRS_ENTRY 2533 bool "Enable IBRS on kernel entry" 2534 depends on CPU_SUP_INTEL && X86_64 2535 default y 2536 help 2537 Compile the kernel with support for the spectre_v2=ibrs mitigation. 2538 This mitigates both spectre_v2 and retbleed at great cost to 2539 performance. 2540 2541config MITIGATION_SRSO 2542 bool "Mitigate speculative RAS overflow on AMD" 2543 depends on CPU_SUP_AMD && X86_64 && MITIGATION_RETHUNK 2544 default y 2545 help 2546 Enable the SRSO mitigation needed on AMD Zen1-4 machines. 2547 2548config MITIGATION_SLS 2549 bool "Mitigate Straight-Line-Speculation" 2550 depends on CC_HAS_SLS && X86_64 2551 select OBJTOOL if HAVE_OBJTOOL 2552 default n 2553 help 2554 Compile the kernel with straight-line-speculation options to guard 2555 against straight line speculation. The kernel image might be slightly 2556 larger. 2557 2558config MITIGATION_GDS 2559 bool "Mitigate Gather Data Sampling" 2560 depends on CPU_SUP_INTEL 2561 default y 2562 help 2563 Enable mitigation for Gather Data Sampling (GDS). GDS is a hardware 2564 vulnerability which allows unprivileged speculative access to data 2565 which was previously stored in vector registers. The attacker uses gather 2566 instructions to infer the stale vector register data. 2567 2568config MITIGATION_RFDS 2569 bool "RFDS Mitigation" 2570 depends on CPU_SUP_INTEL 2571 default y 2572 help 2573 Enable mitigation for Register File Data Sampling (RFDS) by default. 2574 RFDS is a hardware vulnerability which affects Intel Atom CPUs. It 2575 allows unprivileged speculative access to stale data previously 2576 stored in floating point, vector and integer registers. 2577 See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst> 2578 2579config MITIGATION_SPECTRE_BHI 2580 bool "Mitigate Spectre-BHB (Branch History Injection)" 2581 depends on CPU_SUP_INTEL 2582 default y 2583 help 2584 Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks 2585 where the branch history buffer is poisoned to speculatively steer 2586 indirect branches. 2587 See <file:Documentation/admin-guide/hw-vuln/spectre.rst> 2588 2589config MITIGATION_MDS 2590 bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug" 2591 depends on CPU_SUP_INTEL 2592 default y 2593 help 2594 Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is 2595 a hardware vulnerability which allows unprivileged speculative access 2596 to data which is available in various CPU internal buffers. 2597 See also <file:Documentation/admin-guide/hw-vuln/mds.rst> 2598 2599config MITIGATION_TAA 2600 bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug" 2601 depends on CPU_SUP_INTEL 2602 default y 2603 help 2604 Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware 2605 vulnerability that allows unprivileged speculative access to data 2606 which is available in various CPU internal buffers by using 2607 asynchronous aborts within an Intel TSX transactional region. 2608 See also <file:Documentation/admin-guide/hw-vuln/tsx_async_abort.rst> 2609 2610config MITIGATION_MMIO_STALE_DATA 2611 bool "Mitigate MMIO Stale Data hardware bug" 2612 depends on CPU_SUP_INTEL 2613 default y 2614 help 2615 Enable mitigation for MMIO Stale Data hardware bugs. Processor MMIO 2616 Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) 2617 vulnerabilities that can expose data. The vulnerabilities require the 2618 attacker to have access to MMIO. 2619 See also 2620 <file:Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst> 2621 2622config MITIGATION_L1TF 2623 bool "Mitigate L1 Terminal Fault (L1TF) hardware bug" 2624 depends on CPU_SUP_INTEL 2625 default y 2626 help 2627 Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a 2628 hardware vulnerability which allows unprivileged speculative access to data 2629 available in the Level 1 Data Cache. 2630 See <file:Documentation/admin-guide/hw-vuln/l1tf.rst 2631 2632config MITIGATION_RETBLEED 2633 bool "Mitigate RETBleed hardware bug" 2634 depends on (CPU_SUP_INTEL && MITIGATION_SPECTRE_V2) || MITIGATION_UNRET_ENTRY || MITIGATION_IBPB_ENTRY 2635 default y 2636 help 2637 Enable mitigation for RETBleed (Arbitrary Speculative Code Execution 2638 with Return Instructions) vulnerability. RETBleed is a speculative 2639 execution attack which takes advantage of microarchitectural behavior 2640 in many modern microprocessors, similar to Spectre v2. An 2641 unprivileged attacker can use these flaws to bypass conventional 2642 memory security restrictions to gain read access to privileged memory 2643 that would otherwise be inaccessible. 2644 2645config MITIGATION_SPECTRE_V1 2646 bool "Mitigate SPECTRE V1 hardware bug" 2647 default y 2648 help 2649 Enable mitigation for Spectre V1 (Bounds Check Bypass). Spectre V1 is a 2650 class of side channel attacks that takes advantage of speculative 2651 execution that bypasses conditional branch instructions used for 2652 memory access bounds check. 2653 See also <file:Documentation/admin-guide/hw-vuln/spectre.rst> 2654 2655config MITIGATION_SPECTRE_V2 2656 bool "Mitigate SPECTRE V2 hardware bug" 2657 default y 2658 help 2659 Enable mitigation for Spectre V2 (Branch Target Injection). Spectre 2660 V2 is a class of side channel attacks that takes advantage of 2661 indirect branch predictors inside the processor. In Spectre variant 2 2662 attacks, the attacker can steer speculative indirect branches in the 2663 victim to gadget code by poisoning the branch target buffer of a CPU 2664 used for predicting indirect branch addresses. 2665 See also <file:Documentation/admin-guide/hw-vuln/spectre.rst> 2666 2667config MITIGATION_SRBDS 2668 bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug" 2669 depends on CPU_SUP_INTEL 2670 default y 2671 help 2672 Enable mitigation for Special Register Buffer Data Sampling (SRBDS). 2673 SRBDS is a hardware vulnerability that allows Microarchitectural Data 2674 Sampling (MDS) techniques to infer values returned from special 2675 register accesses. An unprivileged user can extract values returned 2676 from RDRAND and RDSEED executed on another core or sibling thread 2677 using MDS techniques. 2678 See also 2679 <file:Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst> 2680 2681config MITIGATION_SSB 2682 bool "Mitigate Speculative Store Bypass (SSB) hardware bug" 2683 default y 2684 help 2685 Enable mitigation for Speculative Store Bypass (SSB). SSB is a 2686 hardware security vulnerability and its exploitation takes advantage 2687 of speculative execution in a similar way to the Meltdown and Spectre 2688 security vulnerabilities. 2689 2690config MITIGATION_ITS 2691 bool "Enable Indirect Target Selection mitigation" 2692 depends on CPU_SUP_INTEL && X86_64 2693 depends on MITIGATION_RETPOLINE && MITIGATION_RETHUNK 2694 select EXECMEM 2695 default y 2696 help 2697 Enable Indirect Target Selection (ITS) mitigation. ITS is a bug in 2698 BPU on some Intel CPUs that may allow Spectre V2 style attacks. If 2699 disabled, mitigation cannot be enabled via cmdline. 2700 See <file:Documentation/admin-guide/hw-vuln/indirect-target-selection.rst> 2701 2702config MITIGATION_TSA 2703 bool "Mitigate Transient Scheduler Attacks" 2704 depends on CPU_SUP_AMD 2705 default y 2706 help 2707 Enable mitigation for Transient Scheduler Attacks. TSA is a hardware 2708 security vulnerability on AMD CPUs which can lead to forwarding of 2709 invalid info to subsequent instructions and thus can affect their 2710 timing and thereby cause a leakage. 2711 2712config MITIGATION_VMSCAPE 2713 bool "Mitigate VMSCAPE" 2714 depends on KVM 2715 default y 2716 help 2717 Enable mitigation for VMSCAPE attacks. VMSCAPE is a hardware security 2718 vulnerability on Intel and AMD CPUs that may allow a guest to do 2719 Spectre v2 style attacks on userspace hypervisor. 2720endif 2721 2722config ARCH_HAS_ADD_PAGES 2723 def_bool y 2724 depends on ARCH_ENABLE_MEMORY_HOTPLUG 2725 2726menu "Power management and ACPI options" 2727 2728config ARCH_HIBERNATION_HEADER 2729 def_bool y 2730 depends on HIBERNATION 2731 2732source "kernel/power/Kconfig" 2733 2734source "drivers/acpi/Kconfig" 2735 2736config X86_APM_BOOT 2737 def_bool y 2738 depends on APM 2739 2740menuconfig APM 2741 tristate "APM (Advanced Power Management) BIOS support" 2742 depends on X86_32 && PM_SLEEP 2743 help 2744 APM is a BIOS specification for saving power using several different 2745 techniques. This is mostly useful for battery powered laptops with 2746 APM compliant BIOSes. If you say Y here, the system time will be 2747 reset after a RESUME operation, the /proc/apm device will provide 2748 battery status information, and user-space programs will receive 2749 notification of APM "events" (e.g. battery status change). 2750 2751 If you select "Y" here, you can disable actual use of the APM 2752 BIOS by passing the "apm=off" option to the kernel at boot time. 2753 2754 Note that the APM support is almost completely disabled for 2755 machines with more than one CPU. 2756 2757 In order to use APM, you will need supporting software. For location 2758 and more information, read <file:Documentation/power/apm-acpi.rst> 2759 and the Battery Powered Linux mini-HOWTO, available from 2760 <http://www.tldp.org/docs.html#howto>. 2761 2762 This driver does not spin down disk drives (see the hdparm(8) 2763 manpage ("man 8 hdparm") for that), and it doesn't turn off 2764 VESA-compliant "green" monitors. 2765 2766 This driver does not support the TI 4000M TravelMate and the ACER 2767 486/DX4/75 because they don't have compliant BIOSes. Many "green" 2768 desktop machines also don't have compliant BIOSes, and this driver 2769 may cause those machines to panic during the boot phase. 2770 2771 Generally, if you don't have a battery in your machine, there isn't 2772 much point in using this driver and you should say N. If you get 2773 random kernel OOPSes or reboots that don't seem to be related to 2774 anything, try disabling/enabling this option (or disabling/enabling 2775 APM in your BIOS). 2776 2777 Some other things you should try when experiencing seemingly random, 2778 "weird" problems: 2779 2780 1) make sure that you have enough swap space and that it is 2781 enabled. 2782 2) pass the "idle=poll" option to the kernel 2783 3) switch on floating point emulation in the kernel and pass 2784 the "no387" option to the kernel 2785 4) pass the "floppy=nodma" option to the kernel 2786 5) pass the "mem=4M" option to the kernel (thereby disabling 2787 all but the first 4 MB of RAM) 2788 6) make sure that the CPU is not over clocked. 2789 7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/> 2790 8) disable the cache from your BIOS settings 2791 9) install a fan for the video card or exchange video RAM 2792 10) install a better fan for the CPU 2793 11) exchange RAM chips 2794 12) exchange the motherboard. 2795 2796 To compile this driver as a module, choose M here: the 2797 module will be called apm. 2798 2799if APM 2800 2801config APM_IGNORE_USER_SUSPEND 2802 bool "Ignore USER SUSPEND" 2803 help 2804 This option will ignore USER SUSPEND requests. On machines with a 2805 compliant APM BIOS, you want to say N. However, on the NEC Versa M 2806 series notebooks, it is necessary to say Y because of a BIOS bug. 2807 2808config APM_DO_ENABLE 2809 bool "Enable PM at boot time" 2810 help 2811 Enable APM features at boot time. From page 36 of the APM BIOS 2812 specification: "When disabled, the APM BIOS does not automatically 2813 power manage devices, enter the Standby State, enter the Suspend 2814 State, or take power saving steps in response to CPU Idle calls." 2815 This driver will make CPU Idle calls when Linux is idle (unless this 2816 feature is turned off -- see "Do CPU IDLE calls", below). This 2817 should always save battery power, but more complicated APM features 2818 will be dependent on your BIOS implementation. You may need to turn 2819 this option off if your computer hangs at boot time when using APM 2820 support, or if it beeps continuously instead of suspending. Turn 2821 this off if you have a NEC UltraLite Versa 33/C or a Toshiba 2822 T400CDT. This is off by default since most machines do fine without 2823 this feature. 2824 2825config APM_CPU_IDLE 2826 depends on CPU_IDLE 2827 bool "Make CPU Idle calls when idle" 2828 help 2829 Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop. 2830 On some machines, this can activate improved power savings, such as 2831 a slowed CPU clock rate, when the machine is idle. These idle calls 2832 are made after the idle loop has run for some length of time (e.g., 2833 333 mS). On some machines, this will cause a hang at boot time or 2834 whenever the CPU becomes idle. (On machines with more than one CPU, 2835 this option does nothing.) 2836 2837config APM_DISPLAY_BLANK 2838 bool "Enable console blanking using APM" 2839 help 2840 Enable console blanking using the APM. Some laptops can use this to 2841 turn off the LCD backlight when the screen blanker of the Linux 2842 virtual console blanks the screen. Note that this is only used by 2843 the virtual console screen blanker, and won't turn off the backlight 2844 when using the X Window system. This also doesn't have anything to 2845 do with your VESA-compliant power-saving monitor. Further, this 2846 option doesn't work for all laptops -- it might not turn off your 2847 backlight at all, or it might print a lot of errors to the console, 2848 especially if you are using gpm. 2849 2850config APM_ALLOW_INTS 2851 bool "Allow interrupts during APM BIOS calls" 2852 help 2853 Normally we disable external interrupts while we are making calls to 2854 the APM BIOS as a measure to lessen the effects of a badly behaving 2855 BIOS implementation. The BIOS should reenable interrupts if it 2856 needs to. Unfortunately, some BIOSes do not -- especially those in 2857 many of the newer IBM Thinkpads. If you experience hangs when you 2858 suspend, try setting this to Y. Otherwise, say N. 2859 2860endif # APM 2861 2862source "drivers/cpufreq/Kconfig" 2863 2864source "drivers/cpuidle/Kconfig" 2865 2866source "drivers/idle/Kconfig" 2867 2868endmenu 2869 2870menu "Bus options (PCI etc.)" 2871 2872choice 2873 prompt "PCI access mode" 2874 depends on X86_32 && PCI 2875 default PCI_GOANY 2876 help 2877 On PCI systems, the BIOS can be used to detect the PCI devices and 2878 determine their configuration. However, some old PCI motherboards 2879 have BIOS bugs and may crash if this is done. Also, some embedded 2880 PCI-based systems don't have any BIOS at all. Linux can also try to 2881 detect the PCI hardware directly without using the BIOS. 2882 2883 With this option, you can specify how Linux should detect the 2884 PCI devices. If you choose "BIOS", the BIOS will be used, 2885 if you choose "Direct", the BIOS won't be used, and if you 2886 choose "MMConfig", then PCI Express MMCONFIG will be used. 2887 If you choose "Any", the kernel will try MMCONFIG, then the 2888 direct access method and falls back to the BIOS if that doesn't 2889 work. If unsure, go with the default, which is "Any". 2890 2891config PCI_GOBIOS 2892 bool "BIOS" 2893 2894config PCI_GOMMCONFIG 2895 bool "MMConfig" 2896 2897config PCI_GODIRECT 2898 bool "Direct" 2899 2900config PCI_GOOLPC 2901 bool "OLPC XO-1" 2902 depends on OLPC 2903 2904config PCI_GOANY 2905 bool "Any" 2906 2907endchoice 2908 2909config PCI_BIOS 2910 def_bool y 2911 depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY) 2912 2913# x86-64 doesn't support PCI BIOS access from long mode so always go direct. 2914config PCI_DIRECT 2915 def_bool y 2916 depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG)) 2917 2918config PCI_MMCONFIG 2919 bool "Support mmconfig PCI config space access" if X86_64 2920 default y 2921 depends on PCI && (ACPI || JAILHOUSE_GUEST) 2922 depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG) 2923 help 2924 Add support for accessing the PCI configuration space as a memory 2925 mapped area. It is the recommended method if the system supports 2926 this (it must have PCI Express and ACPI for it to be available). 2927 2928 In the unlikely case that enabling this configuration option causes 2929 problems, the mechanism can be switched off with the 'pci=nommconf' 2930 command line parameter. 2931 2932 Say N only if you are sure that your platform does not support this 2933 access method or you have problems caused by it. 2934 2935 Say Y otherwise. 2936 2937config PCI_OLPC 2938 def_bool y 2939 depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY) 2940 2941config PCI_XEN 2942 def_bool y 2943 depends on PCI && XEN 2944 2945config MMCONF_FAM10H 2946 def_bool y 2947 depends on X86_64 && PCI_MMCONFIG && ACPI 2948 2949config PCI_CNB20LE_QUIRK 2950 bool "Read PCI host bridge windows from the CNB20LE chipset" if EXPERT 2951 depends on X86_32 && PCI 2952 help 2953 Read the PCI windows out of the CNB20LE host bridge. This allows 2954 PCI hotplug to work on systems with the CNB20LE chipset which do 2955 not have ACPI. 2956 2957 The ServerWorks (later Broadcom) CNB20LE was a chipset designed 2958 most probably only for Pentium III. 2959 2960 To find out if you have such a chipset, search for a PCI device with 2961 1166:0009 PCI IDs, for example by executing 2962 lspci -nn | grep '1166:0009' 2963 The code is inactive if there is none. 2964 2965 There's no public spec for this chipset, and this functionality 2966 is known to be incomplete. 2967 2968 You should say N unless you know you need this. 2969 2970config ISA_BUS 2971 bool "ISA bus support on modern systems" if EXPERT 2972 help 2973 Expose ISA bus device drivers and options available for selection and 2974 configuration. Enable this option if your target machine has an ISA 2975 bus. ISA is an older system, displaced by PCI and newer bus 2976 architectures -- if your target machine is modern, it probably does 2977 not have an ISA bus. 2978 2979 If unsure, say N. 2980 2981# x86_64 have no ISA slots, but can have ISA-style DMA. 2982config ISA_DMA_API 2983 bool "ISA-style DMA support" if (X86_64 && EXPERT) 2984 default y 2985 help 2986 Enables ISA-style DMA support for devices requiring such controllers. 2987 If unsure, say Y. 2988 2989if X86_32 2990 2991config ISA 2992 bool "ISA support" 2993 help 2994 Find out whether you have ISA slots on your motherboard. ISA is the 2995 name of a bus system, i.e. the way the CPU talks to the other stuff 2996 inside your box. Other bus systems are PCI, EISA, MicroChannel 2997 (MCA) or VESA. ISA is an older system, now being displaced by PCI; 2998 newer boards don't support it. If you have ISA, say Y, otherwise N. 2999 3000config SCx200 3001 tristate "NatSemi SCx200 support" 3002 help 3003 This provides basic support for National Semiconductor's 3004 (now AMD's) Geode processors. The driver probes for the 3005 PCI-IDs of several on-chip devices, so its a good dependency 3006 for other scx200_* drivers. 3007 3008 If compiled as a module, the driver is named scx200. 3009 3010config SCx200HR_TIMER 3011 tristate "NatSemi SCx200 27MHz High-Resolution Timer Support" 3012 depends on SCx200 3013 default y 3014 help 3015 This driver provides a clocksource built upon the on-chip 3016 27MHz high-resolution timer. Its also a workaround for 3017 NSC Geode SC-1100's buggy TSC, which loses time when the 3018 processor goes idle (as is done by the scheduler). The 3019 other workaround is idle=poll boot option. 3020 3021config OLPC 3022 bool "One Laptop Per Child support" 3023 depends on !X86_PAE 3024 select GPIOLIB 3025 select OF 3026 select OF_PROMTREE 3027 select IRQ_DOMAIN 3028 select OLPC_EC 3029 help 3030 Add support for detecting the unique features of the OLPC 3031 XO hardware. 3032 3033config OLPC_XO1_PM 3034 bool "OLPC XO-1 Power Management" 3035 depends on OLPC && MFD_CS5535=y && PM_SLEEP 3036 help 3037 Add support for poweroff and suspend of the OLPC XO-1 laptop. 3038 3039config OLPC_XO1_RTC 3040 bool "OLPC XO-1 Real Time Clock" 3041 depends on OLPC_XO1_PM && RTC_DRV_CMOS 3042 help 3043 Add support for the XO-1 real time clock, which can be used as a 3044 programmable wakeup source. 3045 3046config OLPC_XO1_SCI 3047 bool "OLPC XO-1 SCI extras" 3048 depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y 3049 depends on INPUT=y 3050 select POWER_SUPPLY 3051 help 3052 Add support for SCI-based features of the OLPC XO-1 laptop: 3053 - EC-driven system wakeups 3054 - Power button 3055 - Ebook switch 3056 - Lid switch 3057 - AC adapter status updates 3058 - Battery status updates 3059 3060config OLPC_XO15_SCI 3061 bool "OLPC XO-1.5 SCI extras" 3062 depends on OLPC && ACPI 3063 select POWER_SUPPLY 3064 help 3065 Add support for SCI-based features of the OLPC XO-1.5 laptop: 3066 - EC-driven system wakeups 3067 - AC adapter status updates 3068 - Battery status updates 3069 3070config GEODE_COMMON 3071 bool 3072 3073config ALIX 3074 bool "PCEngines ALIX System Support (LED setup)" 3075 select GPIOLIB 3076 select GEODE_COMMON 3077 help 3078 This option enables system support for the PCEngines ALIX. 3079 At present this just sets up LEDs for GPIO control on 3080 ALIX2/3/6 boards. However, other system specific setup should 3081 get added here. 3082 3083 Note: You must still enable the drivers for GPIO and LED support 3084 (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs 3085 3086 Note: You have to set alix.force=1 for boards with Award BIOS. 3087 3088config NET5501 3089 bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)" 3090 select GPIOLIB 3091 select GEODE_COMMON 3092 help 3093 This option enables system support for the Soekris Engineering net5501. 3094 3095config GEOS 3096 bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)" 3097 select GPIOLIB 3098 select GEODE_COMMON 3099 depends on DMI 3100 help 3101 This option enables system support for the Traverse Technologies GEOS. 3102 3103config TS5500 3104 bool "Technologic Systems TS-5500 platform support" 3105 depends on MELAN 3106 select CHECK_SIGNATURE 3107 select NEW_LEDS 3108 select LEDS_CLASS 3109 help 3110 This option enables system support for the Technologic Systems TS-5500. 3111 3112endif # X86_32 3113 3114config AMD_NB 3115 def_bool y 3116 depends on AMD_NODE 3117 3118config AMD_NODE 3119 def_bool y 3120 depends on CPU_SUP_AMD && PCI 3121 3122endmenu 3123 3124menu "Binary Emulations" 3125 3126config IA32_EMULATION 3127 bool "IA32 Emulation" 3128 depends on X86_64 3129 select ARCH_WANT_OLD_COMPAT_IPC 3130 select BINFMT_ELF 3131 select COMPAT_OLD_SIGACTION 3132 help 3133 Include code to run legacy 32-bit programs under a 3134 64-bit kernel. You should likely turn this on, unless you're 3135 100% sure that you don't have any 32-bit programs left. 3136 3137config IA32_EMULATION_DEFAULT_DISABLED 3138 bool "IA32 emulation disabled by default" 3139 default n 3140 depends on IA32_EMULATION 3141 help 3142 Make IA32 emulation disabled by default. This prevents loading 32-bit 3143 processes and access to 32-bit syscalls. If unsure, leave it to its 3144 default value. 3145 3146config X86_X32_ABI 3147 bool "x32 ABI for 64-bit mode" 3148 depends on X86_64 3149 # llvm-objcopy does not convert x86_64 .note.gnu.property or 3150 # compressed debug sections to x86_x32 properly: 3151 # https://github.com/ClangBuiltLinux/linux/issues/514 3152 # https://github.com/ClangBuiltLinux/linux/issues/1141 3153 depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm) 3154 help 3155 Include code to run binaries for the x32 native 32-bit ABI 3156 for 64-bit processors. An x32 process gets access to the 3157 full 64-bit register file and wide data path while leaving 3158 pointers at 32 bits for smaller memory footprint. 3159 3160config COMPAT_32 3161 def_bool y 3162 depends on IA32_EMULATION || X86_32 3163 select HAVE_UID16 3164 select OLD_SIGSUSPEND3 3165 3166config COMPAT 3167 def_bool y 3168 depends on IA32_EMULATION || X86_X32_ABI 3169 3170config COMPAT_FOR_U64_ALIGNMENT 3171 def_bool y 3172 depends on COMPAT 3173 3174endmenu 3175 3176config HAVE_ATOMIC_IOMAP 3177 def_bool y 3178 depends on X86_32 3179 3180source "arch/x86/kvm/Kconfig" 3181 3182source "arch/x86/Kconfig.cpufeatures" 3183 3184source "arch/x86/Kconfig.assembler" 3185