xref: /linux/arch/x86/Kconfig (revision 4b81e2eb9e4db8f6094c077d0c8b27c264901c1b)
1# SPDX-License-Identifier: GPL-2.0
2# Select 32 or 64 bit
3config 64BIT
4	bool "64-bit kernel" if "$(ARCH)" = "x86"
5	default "$(ARCH)" != "i386"
6	help
7	  Say yes to build a 64-bit kernel - formerly known as x86_64
8	  Say no to build a 32-bit kernel - formerly known as i386
9
10config X86_32
11	def_bool y
12	depends on !64BIT
13	# Options that are inherently 32-bit kernel only:
14	select ARCH_WANT_IPC_PARSE_VERSION
15	select CLKSRC_I8253
16	select CLONE_BACKWARDS
17	select HAVE_DEBUG_STACKOVERFLOW
18	select KMAP_LOCAL
19	select MODULES_USE_ELF_REL
20	select OLD_SIGACTION
21	select ARCH_SPLIT_ARG64
22
23config X86_64
24	def_bool y
25	depends on 64BIT
26	# Options that are inherently 64-bit kernel only:
27	select ARCH_HAS_GIGANTIC_PAGE
28	select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS
29	select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
30	select ARCH_SUPPORTS_PER_VMA_LOCK
31	select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE
32	select HAVE_ARCH_SOFT_DIRTY
33	select MODULES_USE_ELF_RELA
34	select NEED_DMA_MAP_STATE
35	select SWIOTLB
36	select ARCH_HAS_ELFCORE_COMPAT
37	select ZONE_DMA32
38	select EXECMEM if DYNAMIC_FTRACE
39	select ACPI_MRRM if ACPI
40
41config FORCE_DYNAMIC_FTRACE
42	def_bool y
43	depends on X86_32
44	depends on FUNCTION_TRACER
45	select DYNAMIC_FTRACE
46	help
47	  We keep the static function tracing (!DYNAMIC_FTRACE) around
48	  in order to test the non static function tracing in the
49	  generic code, as other architectures still use it. But we
50	  only need to keep it around for x86_64. No need to keep it
51	  for x86_32. For x86_32, force DYNAMIC_FTRACE.
52#
53# Arch settings
54#
55# ( Note that options that are marked 'if X86_64' could in principle be
56#   ported to 32-bit as well. )
57#
58config X86
59	def_bool y
60	#
61	# Note: keep this list sorted alphabetically
62	#
63	select ACPI_LEGACY_TABLES_LOOKUP	if ACPI
64	select ACPI_SYSTEM_POWER_STATES_SUPPORT	if ACPI
65	select ACPI_HOTPLUG_CPU			if ACPI_PROCESSOR && HOTPLUG_CPU
66	select ARCH_32BIT_OFF_T			if X86_32
67	select ARCH_CLOCKSOURCE_INIT
68	select ARCH_CONFIGURES_CPU_MITIGATIONS
69	select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
70	select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION
71	select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64
72	select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG
73	select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE)
74	select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE
75	select ARCH_HAS_ACPI_TABLE_UPGRADE	if ACPI
76	select ARCH_HAS_CPU_ATTACK_VECTORS	if CPU_MITIGATIONS
77	select ARCH_HAS_CACHE_LINE_SIZE
78	select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION
79	select ARCH_HAS_CPU_FINALIZE_INIT
80	select ARCH_HAS_CPU_PASID		if IOMMU_SVA
81	select ARCH_HAS_CURRENT_STACK_POINTER
82	select ARCH_HAS_DEBUG_VIRTUAL
83	select ARCH_HAS_DEBUG_VM_PGTABLE	if !X86_PAE
84	select ARCH_HAS_DEVMEM_IS_ALLOWED
85	select ARCH_HAS_DMA_OPS			if GART_IOMMU || XEN
86	select ARCH_HAS_EARLY_DEBUG		if KGDB
87	select ARCH_HAS_ELF_RANDOMIZE
88	select ARCH_HAS_EXECMEM_ROX		if X86_64 && STRICT_MODULE_RWX
89	select ARCH_HAS_FAST_MULTIPLIER
90	select ARCH_HAS_FORTIFY_SOURCE
91	select ARCH_HAS_GCOV_PROFILE_ALL
92	select ARCH_HAS_KCOV			if X86_64
93	select ARCH_HAS_KERNEL_FPU_SUPPORT
94	select ARCH_HAS_MEM_ENCRYPT
95	select ARCH_HAS_MEMBARRIER_SYNC_CORE
96	select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS
97	select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
98	select ARCH_HAS_PMEM_API		if X86_64
99	select ARCH_HAS_PREEMPT_LAZY
100	select ARCH_HAS_PTDUMP
101	select ARCH_HAS_PTE_SPECIAL
102	select ARCH_HAS_HW_PTE_YOUNG
103	select ARCH_HAS_NONLEAF_PMD_YOUNG	if PGTABLE_LEVELS > 2
104	select ARCH_HAS_UACCESS_FLUSHCACHE	if X86_64
105	select ARCH_HAS_COPY_MC			if X86_64
106	select ARCH_HAS_SET_MEMORY
107	select ARCH_HAS_SET_DIRECT_MAP
108	select ARCH_HAS_STRICT_KERNEL_RWX
109	select ARCH_HAS_STRICT_MODULE_RWX
110	select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
111	select ARCH_HAS_SYSCALL_WRAPPER
112	select ARCH_HAS_UBSAN
113	select ARCH_HAS_DEBUG_WX
114	select ARCH_HAS_ZONE_DMA_SET if EXPERT
115	select ARCH_HAVE_NMI_SAFE_CMPXCHG
116	select ARCH_HAVE_EXTRA_ELF_NOTES
117	select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE
118	select ARCH_MIGHT_HAVE_ACPI_PDC		if ACPI
119	select ARCH_MIGHT_HAVE_PC_PARPORT
120	select ARCH_MIGHT_HAVE_PC_SERIO
121	select ARCH_STACKWALK
122	select ARCH_SUPPORTS_ACPI
123	select ARCH_SUPPORTS_ATOMIC_RMW
124	select ARCH_SUPPORTS_DEBUG_PAGEALLOC
125	select ARCH_SUPPORTS_HUGETLBFS
126	select ARCH_SUPPORTS_PAGE_TABLE_CHECK	if X86_64
127	select ARCH_SUPPORTS_NUMA_BALANCING	if X86_64
128	select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP	if NR_CPUS <= 4096
129	select ARCH_SUPPORTS_CFI		if X86_64
130	select ARCH_USES_CFI_TRAPS		if X86_64 && CFI
131	select ARCH_SUPPORTS_LTO_CLANG
132	select ARCH_SUPPORTS_LTO_CLANG_THIN
133	select ARCH_SUPPORTS_RT
134	select ARCH_SUPPORTS_AUTOFDO_CLANG
135	select ARCH_SUPPORTS_PROPELLER_CLANG    if X86_64
136	select ARCH_USE_BUILTIN_BSWAP
137	select ARCH_USE_CMPXCHG_LOCKREF		if X86_CX8
138	select ARCH_USE_MEMTEST
139	select ARCH_USE_QUEUED_RWLOCKS
140	select ARCH_USE_QUEUED_SPINLOCKS
141	select ARCH_USE_SYM_ANNOTATIONS
142	select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
143	select ARCH_WANT_DEFAULT_BPF_JIT	if X86_64
144	select ARCH_WANTS_DYNAMIC_TASK_STRUCT
145	select ARCH_WANTS_NO_INSTR
146	select ARCH_WANT_GENERAL_HUGETLB
147	select ARCH_WANT_HUGE_PMD_SHARE		if X86_64
148	select ARCH_WANT_LD_ORPHAN_WARN
149	select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP	if X86_64
150	select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP	if X86_64
151	select ARCH_WANT_HUGETLB_VMEMMAP_PREINIT if X86_64
152	select ARCH_WANTS_THP_SWAP		if X86_64
153	select ARCH_HAS_PARANOID_L1D_FLUSH
154	select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
155	select BUILDTIME_TABLE_SORT
156	select CLKEVT_I8253
157	select CLOCKSOURCE_WATCHDOG
158	# Word-size accesses may read uninitialized data past the trailing \0
159	# in strings and cause false KMSAN reports.
160	select DCACHE_WORD_ACCESS		if !KMSAN
161	select DYNAMIC_SIGFRAME
162	select EDAC_ATOMIC_SCRUB
163	select EDAC_SUPPORT
164	select GENERIC_CLOCKEVENTS_BROADCAST	if X86_64 || (X86_32 && X86_LOCAL_APIC)
165	select GENERIC_CLOCKEVENTS_BROADCAST_IDLE	if GENERIC_CLOCKEVENTS_BROADCAST
166	select GENERIC_CLOCKEVENTS_MIN_ADJUST
167	select GENERIC_CMOS_UPDATE
168	select GENERIC_CPU_AUTOPROBE
169	select GENERIC_CPU_DEVICES
170	select GENERIC_CPU_VULNERABILITIES
171	select GENERIC_EARLY_IOREMAP
172	select GENERIC_ENTRY
173	select GENERIC_IOMAP
174	select GENERIC_IRQ_EFFECTIVE_AFF_MASK	if SMP
175	select GENERIC_IRQ_MATRIX_ALLOCATOR	if X86_LOCAL_APIC
176	select GENERIC_IRQ_MIGRATION		if SMP
177	select GENERIC_IRQ_PROBE
178	select GENERIC_IRQ_RESERVATION_MODE
179	select GENERIC_IRQ_SHOW
180	select GENERIC_PENDING_IRQ		if SMP
181	select GENERIC_SMP_IDLE_THREAD
182	select GENERIC_TIME_VSYSCALL
183	select GENERIC_GETTIMEOFDAY
184	select GENERIC_VDSO_OVERFLOW_PROTECT
185	select GUP_GET_PXX_LOW_HIGH		if X86_PAE
186	select HARDIRQS_SW_RESEND
187	select HARDLOCKUP_CHECK_TIMESTAMP	if X86_64
188	select HAS_IOPORT
189	select HAVE_ACPI_APEI			if ACPI
190	select HAVE_ACPI_APEI_NMI		if ACPI
191	select HAVE_ALIGNED_STRUCT_PAGE
192	select HAVE_ARCH_AUDITSYSCALL
193	select HAVE_ARCH_HUGE_VMAP		if X86_64 || X86_PAE
194	select HAVE_ARCH_HUGE_VMALLOC		if X86_64
195	select HAVE_ARCH_JUMP_LABEL
196	select HAVE_ARCH_JUMP_LABEL_RELATIVE
197	select HAVE_ARCH_KASAN			if X86_64
198	select HAVE_ARCH_KASAN_VMALLOC		if X86_64
199	select HAVE_ARCH_KFENCE
200	select HAVE_ARCH_KMSAN			if X86_64
201	select HAVE_ARCH_KGDB
202	select HAVE_ARCH_KSTACK_ERASE
203	select HAVE_ARCH_MMAP_RND_BITS		if MMU
204	select HAVE_ARCH_MMAP_RND_COMPAT_BITS	if MMU && COMPAT
205	select HAVE_ARCH_COMPAT_MMAP_BASES	if MMU && COMPAT
206	select HAVE_ARCH_PREL32_RELOCATIONS
207	select HAVE_ARCH_SECCOMP_FILTER
208	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
209	select HAVE_ARCH_TRACEHOOK
210	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
211	select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
212	select HAVE_ARCH_USERFAULTFD_WP         if X86_64 && USERFAULTFD
213	select HAVE_ARCH_USERFAULTFD_MINOR	if X86_64 && USERFAULTFD
214	select HAVE_ARCH_VMAP_STACK		if X86_64
215	select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
216	select HAVE_ARCH_WITHIN_STACK_FRAMES
217	select HAVE_ASM_MODVERSIONS
218	select HAVE_CMPXCHG_DOUBLE
219	select HAVE_CMPXCHG_LOCAL
220	select HAVE_CONTEXT_TRACKING_USER		if X86_64
221	select HAVE_CONTEXT_TRACKING_USER_OFFSTACK	if HAVE_CONTEXT_TRACKING_USER
222	select HAVE_C_RECORDMCOUNT
223	select HAVE_OBJTOOL_MCOUNT		if HAVE_OBJTOOL
224	select HAVE_OBJTOOL_NOP_MCOUNT		if HAVE_OBJTOOL_MCOUNT
225	select HAVE_BUILDTIME_MCOUNT_SORT
226	select HAVE_DEBUG_KMEMLEAK
227	select HAVE_DMA_CONTIGUOUS
228	select HAVE_DYNAMIC_FTRACE
229	select HAVE_DYNAMIC_FTRACE_WITH_REGS
230	select HAVE_DYNAMIC_FTRACE_WITH_ARGS	if X86_64
231	select HAVE_FTRACE_REGS_HAVING_PT_REGS	if X86_64
232	select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
233	select HAVE_SAMPLE_FTRACE_DIRECT	if X86_64
234	select HAVE_SAMPLE_FTRACE_DIRECT_MULTI	if X86_64
235	select HAVE_EBPF_JIT
236	select HAVE_EFFICIENT_UNALIGNED_ACCESS
237	select HAVE_EISA			if X86_32
238	select HAVE_EXIT_THREAD
239	select HAVE_GENERIC_TIF_BITS
240	select HAVE_GUP_FAST
241	select HAVE_FENTRY			if X86_64 || DYNAMIC_FTRACE
242	select HAVE_FTRACE_GRAPH_FUNC		if HAVE_FUNCTION_GRAPH_TRACER
243	select HAVE_FUNCTION_GRAPH_FREGS	if HAVE_FUNCTION_GRAPH_TRACER
244	select HAVE_FUNCTION_GRAPH_TRACER	if X86_32 || (X86_64 && DYNAMIC_FTRACE)
245	select HAVE_FUNCTION_TRACER
246	select HAVE_GCC_PLUGINS
247	select HAVE_HW_BREAKPOINT
248	select HAVE_IOREMAP_PROT
249	select HAVE_IRQ_EXIT_ON_IRQ_STACK	if X86_64
250	select HAVE_IRQ_TIME_ACCOUNTING
251	select HAVE_JUMP_LABEL_HACK		if HAVE_OBJTOOL
252	select HAVE_KERNEL_BZIP2
253	select HAVE_KERNEL_GZIP
254	select HAVE_KERNEL_LZ4
255	select HAVE_KERNEL_LZMA
256	select HAVE_KERNEL_LZO
257	select HAVE_KERNEL_XZ
258	select HAVE_KERNEL_ZSTD
259	select HAVE_KPROBES
260	select HAVE_KPROBES_ON_FTRACE
261	select HAVE_FUNCTION_ERROR_INJECTION
262	select HAVE_KRETPROBES
263	select HAVE_RETHOOK
264	select HAVE_LIVEPATCH			if X86_64
265	select HAVE_MIXED_BREAKPOINTS_REGS
266	select HAVE_MOD_ARCH_SPECIFIC
267	select HAVE_MOVE_PMD
268	select HAVE_MOVE_PUD
269	select HAVE_NOINSTR_HACK		if HAVE_OBJTOOL
270	select HAVE_NMI
271	select HAVE_NOINSTR_VALIDATION		if HAVE_OBJTOOL
272	select HAVE_OBJTOOL			if X86_64
273	select HAVE_OPTPROBES
274	select HAVE_PAGE_SIZE_4KB
275	select HAVE_PCSPKR_PLATFORM
276	select HAVE_PERF_EVENTS
277	select HAVE_PERF_EVENTS_NMI
278	select HAVE_HARDLOCKUP_DETECTOR_PERF	if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
279	select HAVE_PCI
280	select HAVE_PERF_REGS
281	select HAVE_PERF_USER_STACK_DUMP
282	select MMU_GATHER_RCU_TABLE_FREE
283	select MMU_GATHER_MERGE_VMAS
284	select HAVE_POSIX_CPU_TIMERS_TASK_WORK
285	select HAVE_REGS_AND_STACK_ACCESS_API
286	select HAVE_RELIABLE_STACKTRACE		if UNWINDER_ORC || STACK_VALIDATION
287	select HAVE_FUNCTION_ARG_ACCESS_API
288	select HAVE_SETUP_PER_CPU_AREA
289	select HAVE_SOFTIRQ_ON_OWN_STACK
290	select HAVE_STACKPROTECTOR
291	select HAVE_STACK_VALIDATION		if HAVE_OBJTOOL
292	select HAVE_STATIC_CALL
293	select HAVE_STATIC_CALL_INLINE		if HAVE_OBJTOOL
294	select HAVE_PREEMPT_DYNAMIC_CALL
295	select HAVE_RSEQ
296	select HAVE_RUST			if X86_64
297	select HAVE_SYSCALL_TRACEPOINTS
298	select HAVE_UACCESS_VALIDATION		if HAVE_OBJTOOL
299	select HAVE_UNSTABLE_SCHED_CLOCK
300	select HAVE_USER_RETURN_NOTIFIER
301	select HAVE_GENERIC_VDSO
302	select VDSO_GETRANDOM			if X86_64
303	select HOTPLUG_PARALLEL			if SMP && X86_64
304	select HOTPLUG_SMT			if SMP
305	select HOTPLUG_SPLIT_STARTUP		if SMP && X86_32
306	select IRQ_FORCED_THREADING
307	select LOCK_MM_AND_FIND_VMA
308	select NEED_PER_CPU_EMBED_FIRST_CHUNK
309	select NEED_PER_CPU_PAGE_FIRST_CHUNK
310	select NEED_SG_DMA_LENGTH
311	select NUMA_MEMBLKS			if NUMA
312	select PCI_DOMAINS			if PCI
313	select PCI_LOCKLESS_CONFIG		if PCI
314	select PERF_EVENTS
315	select RTC_LIB
316	select RTC_MC146818_LIB
317	select SPARSE_IRQ
318	select SYSCTL_EXCEPTION_TRACE
319	select THREAD_INFO_IN_TASK
320	select TRACE_IRQFLAGS_SUPPORT
321	select TRACE_IRQFLAGS_NMI_SUPPORT
322	select USER_STACKTRACE_SUPPORT
323	select HAVE_ARCH_KCSAN			if X86_64
324	select PROC_PID_ARCH_STATUS		if PROC_FS
325	select HAVE_ARCH_NODE_DEV_GROUP		if X86_SGX
326	select FUNCTION_ALIGNMENT_16B		if X86_64 || X86_ALIGNMENT_16
327	select FUNCTION_ALIGNMENT_4B
328	imply IMA_SECURE_AND_OR_TRUSTED_BOOT    if EFI
329	select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
330	select ARCH_SUPPORTS_PT_RECLAIM		if X86_64
331	select ARCH_SUPPORTS_SCHED_SMT		if SMP
332	select SCHED_SMT			if SMP
333	select ARCH_SUPPORTS_SCHED_CLUSTER	if SMP
334	select ARCH_SUPPORTS_SCHED_MC		if SMP
335
336config INSTRUCTION_DECODER
337	def_bool y
338	depends on KPROBES || PERF_EVENTS || UPROBES
339
340config OUTPUT_FORMAT
341	string
342	default "elf32-i386" if X86_32
343	default "elf64-x86-64" if X86_64
344
345config LOCKDEP_SUPPORT
346	def_bool y
347
348config STACKTRACE_SUPPORT
349	def_bool y
350
351config MMU
352	def_bool y
353
354config ARCH_MMAP_RND_BITS_MIN
355	default 28 if 64BIT
356	default 8
357
358config ARCH_MMAP_RND_BITS_MAX
359	default 32 if 64BIT
360	default 16
361
362config ARCH_MMAP_RND_COMPAT_BITS_MIN
363	default 8
364
365config ARCH_MMAP_RND_COMPAT_BITS_MAX
366	default 16
367
368config SBUS
369	bool
370
371config GENERIC_ISA_DMA
372	def_bool y
373	depends on ISA_DMA_API
374
375config GENERIC_CSUM
376	bool
377	default y if KMSAN || KASAN
378
379config GENERIC_BUG
380	def_bool y
381	depends on BUG
382	select GENERIC_BUG_RELATIVE_POINTERS if X86_64
383
384config GENERIC_BUG_RELATIVE_POINTERS
385	bool
386
387config ARCH_MAY_HAVE_PC_FDC
388	def_bool y
389	depends on ISA_DMA_API
390
391config GENERIC_CALIBRATE_DELAY
392	def_bool y
393
394config ARCH_HAS_CPU_RELAX
395	def_bool y
396
397config ARCH_HIBERNATION_POSSIBLE
398	def_bool y
399
400config ARCH_SUSPEND_POSSIBLE
401	def_bool y
402
403config AUDIT_ARCH
404	def_bool y if X86_64
405
406config KASAN_SHADOW_OFFSET
407	hex
408	depends on KASAN
409	default 0xdffffc0000000000
410
411config HAVE_INTEL_TXT
412	def_bool y
413	depends on INTEL_IOMMU && ACPI
414
415config X86_64_SMP
416	def_bool y
417	depends on X86_64 && SMP
418
419config ARCH_SUPPORTS_UPROBES
420	def_bool y
421
422config FIX_EARLYCON_MEM
423	def_bool y
424
425config DYNAMIC_PHYSICAL_MASK
426	bool
427
428config PGTABLE_LEVELS
429	int
430	default 5 if X86_64
431	default 3 if X86_PAE
432	default 2
433
434menu "Processor type and features"
435
436config SMP
437	bool "Symmetric multi-processing support"
438	help
439	  This enables support for systems with more than one CPU. If you have
440	  a system with only one CPU, say N. If you have a system with more
441	  than one CPU, say Y.
442
443	  If you say N here, the kernel will run on uni- and multiprocessor
444	  machines, but will use only one CPU of a multiprocessor machine. If
445	  you say Y here, the kernel will run on many, but not all,
446	  uniprocessor machines. On a uniprocessor machine, the kernel
447	  will run faster if you say N here.
448
449	  Note that if you say Y here and choose architecture "586" or
450	  "Pentium" under "Processor family", the kernel will not work on 486
451	  architectures. Similarly, multiprocessor kernels for the "PPro"
452	  architecture may not work on all Pentium based boards.
453
454	  People using multiprocessor machines who say Y here should also say
455	  Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
456	  Management" code will be disabled if you say Y here.
457
458	  See also <file:Documentation/arch/x86/i386/IO-APIC.rst>,
459	  <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
460	  <http://www.tldp.org/docs.html#howto>.
461
462	  If you don't know what to do here, say N.
463
464config X86_X2APIC
465	bool "x2APIC interrupt controller architecture support"
466	depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
467	default y
468	help
469	  x2APIC is an interrupt controller architecture, a component of which
470	  (the local APIC) is present in the CPU. It allows faster access to
471	  the local APIC and supports a larger number of CPUs in the system
472	  than the predecessors.
473
474	  x2APIC was introduced in Intel CPUs around 2008 and in AMD EPYC CPUs
475	  in 2019, but it can be disabled by the BIOS. It is also frequently
476	  emulated in virtual machines, even when the host CPU does not support
477	  it. Support in the CPU can be checked by executing
478		grep x2apic /proc/cpuinfo
479
480	  If this configuration option is disabled, the kernel will boot with
481	  very reduced functionality and performance on some platforms that
482	  have x2APIC enabled. On the other hand, on hardware that does not
483	  support x2APIC, a kernel with this option enabled will just fallback
484	  to older APIC implementations.
485
486	  If in doubt, say Y.
487
488config AMD_SECURE_AVIC
489	bool "AMD Secure AVIC"
490	depends on AMD_MEM_ENCRYPT && X86_X2APIC
491	help
492	  Enable this to get AMD Secure AVIC support on guests that have this feature.
493
494	  AMD Secure AVIC provides hardware acceleration for performance sensitive
495	  APIC accesses and support for managing guest owned APIC state for SEV-SNP
496	  guests. Secure AVIC does not support xAPIC mode. It has functional
497	  dependency on x2apic being enabled in the guest.
498
499	  If you don't know what to do here, say N.
500
501config X86_POSTED_MSI
502	bool "Enable MSI and MSI-x delivery by posted interrupts"
503	depends on X86_64 && IRQ_REMAP
504	help
505	  This enables MSIs that are under interrupt remapping to be delivered as
506	  posted interrupts to the host kernel. Interrupt throughput can
507	  potentially be improved by coalescing CPU notifications during high
508	  frequency bursts.
509
510	  If you don't know what to do here, say N.
511
512config X86_MPPARSE
513	bool "Enable MPS table" if ACPI
514	default y
515	depends on X86_LOCAL_APIC
516	help
517	  For old smp systems that do not have proper acpi support. Newer systems
518	  (esp with 64bit cpus) with acpi support, MADT and DSDT will override it
519
520config X86_CPU_RESCTRL
521	bool "x86 CPU resource control support"
522	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
523	depends on MISC_FILESYSTEMS
524	select ARCH_HAS_CPU_RESCTRL
525	select RESCTRL_FS
526	select RESCTRL_FS_PSEUDO_LOCK
527	help
528	  Enable x86 CPU resource control support.
529
530	  Provide support for the allocation and monitoring of system resources
531	  usage by the CPU.
532
533	  Intel calls this Intel Resource Director Technology
534	  (Intel(R) RDT). More information about RDT can be found in the
535	  Intel x86 Architecture Software Developer Manual.
536
537	  AMD calls this AMD Platform Quality of Service (AMD QoS).
538	  More information about AMD QoS can be found in the AMD64 Technology
539	  Platform Quality of Service Extensions manual.
540
541	  Say N if unsure.
542
543config X86_FRED
544	bool "Flexible Return and Event Delivery"
545	depends on X86_64
546	help
547	  When enabled, try to use Flexible Return and Event Delivery
548	  instead of the legacy SYSCALL/SYSENTER/IDT architecture for
549	  ring transitions and exception/interrupt handling if the
550	  system supports it.
551
552config X86_EXTENDED_PLATFORM
553	bool "Support for extended (non-PC) x86 platforms"
554	default y
555	help
556	  If you disable this option then the kernel will only support
557	  standard PC platforms. (which covers the vast majority of
558	  systems out there.)
559
560	  If you enable this option then you'll be able to select support
561	  for the following non-PC x86 platforms, depending on the value of
562	  CONFIG_64BIT.
563
564	  32-bit platforms (CONFIG_64BIT=n):
565		Goldfish (mostly Android emulator)
566		Intel CE media processor (CE4100) SoC
567		Intel Quark
568		RDC R-321x SoC
569
570	  64-bit platforms (CONFIG_64BIT=y):
571		Numascale NumaChip
572		ScaleMP vSMP
573		SGI Ultraviolet
574		Merrifield/Moorefield MID devices
575		Goldfish (mostly Android emulator)
576
577	  If you have one of these systems, or if you want to build a
578	  generic distribution kernel, say Y here - otherwise say N.
579
580# This is an alphabetically sorted list of 64 bit extended platforms
581# Please maintain the alphabetic order if and when there are additions
582config X86_NUMACHIP
583	bool "Numascale NumaChip"
584	depends on X86_64
585	depends on X86_EXTENDED_PLATFORM
586	depends on NUMA
587	depends on SMP
588	depends on X86_X2APIC
589	depends on PCI_MMCONFIG
590	help
591	  Adds support for Numascale NumaChip large-SMP systems. Needed to
592	  enable more than ~168 cores.
593	  If you don't have one of these, you should say N here.
594
595config X86_VSMP
596	bool "ScaleMP vSMP"
597	select HYPERVISOR_GUEST
598	select PARAVIRT
599	depends on X86_64 && PCI
600	depends on X86_EXTENDED_PLATFORM
601	depends on SMP
602	help
603	  Support for ScaleMP vSMP systems.  Say 'Y' here if this kernel is
604	  supposed to run on these EM64T-based machines.  Only choose this option
605	  if you have one of these machines.
606
607config X86_UV
608	bool "SGI Ultraviolet"
609	depends on X86_64
610	depends on X86_EXTENDED_PLATFORM
611	depends on NUMA
612	depends on EFI
613	depends on KEXEC_CORE
614	depends on X86_X2APIC
615	depends on PCI
616	help
617	  This option is needed in order to support SGI Ultraviolet systems.
618	  If you don't have one of these, you should say N here.
619
620config X86_INTEL_MID
621	bool "Intel Z34xx/Z35xx MID platform support"
622	depends on X86_EXTENDED_PLATFORM
623	depends on X86_PLATFORM_DEVICES
624	depends on PCI
625	depends on X86_64 || (EXPERT && PCI_GOANY)
626	depends on X86_IO_APIC
627	select I2C
628	select DW_APB_TIMER
629	select INTEL_SCU_PCI
630	help
631	  Select to build a kernel capable of supporting 64-bit Intel MID
632	  (Mobile Internet Device) platform systems which do not have
633	  the PCI legacy interfaces.
634
635	  The only supported devices are the 22nm Merrified (Z34xx)
636	  and Moorefield (Z35xx) SoC used in the Intel Edison board and
637	  a small number of Android devices such as the Asus Zenfone 2,
638	  Asus FonePad 8 and Dell Venue 7.
639
640	  If you are building for a PC class system or non-MID tablet
641	  SoCs like Bay Trail (Z36xx/Z37xx), say N here.
642
643	  Intel MID platforms are based on an Intel processor and chipset which
644	  consume less power than most of the x86 derivatives.
645
646config X86_GOLDFISH
647	bool "Goldfish (Virtual Platform)"
648	depends on X86_EXTENDED_PLATFORM
649	help
650	  Enable support for the Goldfish virtual platform used primarily
651	  for Android development. Unless you are building for the Android
652	  Goldfish emulator say N here.
653
654# Following is an alphabetically sorted list of 32 bit extended platforms
655# Please maintain the alphabetic order if and when there are additions
656
657config X86_INTEL_CE
658	bool "CE4100 TV platform"
659	depends on PCI
660	depends on PCI_GODIRECT
661	depends on X86_IO_APIC
662	depends on X86_32
663	depends on X86_EXTENDED_PLATFORM
664	select X86_REBOOTFIXUPS
665	select OF
666	select OF_EARLY_FLATTREE
667	help
668	  Select for the Intel CE media processor (CE4100) SOC.
669	  This option compiles in support for the CE4100 SOC for settop
670	  boxes and media devices.
671
672config X86_INTEL_QUARK
673	bool "Intel Quark platform support"
674	depends on X86_32
675	depends on X86_EXTENDED_PLATFORM
676	depends on X86_PLATFORM_DEVICES
677	depends on X86_TSC
678	depends on PCI
679	depends on PCI_GOANY
680	depends on X86_IO_APIC
681	select IOSF_MBI
682	select INTEL_IMR
683	select COMMON_CLK
684	help
685	  Select to include support for Quark X1000 SoC.
686	  Say Y here if you have a Quark based system such as the Arduino
687	  compatible Intel Galileo.
688
689config X86_RDC321X
690	bool "RDC R-321x SoC"
691	depends on X86_32
692	depends on X86_EXTENDED_PLATFORM
693	select M486
694	select X86_REBOOTFIXUPS
695	help
696	  This option is needed for RDC R-321x system-on-chip, also known
697	  as R-8610-(G).
698	  If you don't have one of these chips, you should say N here.
699
700config X86_INTEL_LPSS
701	bool "Intel Low Power Subsystem Support"
702	depends on X86 && ACPI && PCI
703	select COMMON_CLK
704	select PINCTRL
705	select IOSF_MBI
706	help
707	  Select to build support for Intel Low Power Subsystem such as
708	  found on Intel Lynxpoint PCH. Selecting this option enables
709	  things like clock tree (common clock framework) and pincontrol
710	  which are needed by the LPSS peripheral drivers.
711
712config X86_AMD_PLATFORM_DEVICE
713	bool "AMD ACPI2Platform devices support"
714	depends on ACPI
715	select COMMON_CLK
716	select PINCTRL
717	help
718	  Select to interpret AMD specific ACPI device to platform device
719	  such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
720	  I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
721	  implemented under PINCTRL subsystem.
722
723config IOSF_MBI
724	tristate "Intel SoC IOSF Sideband support for SoC platforms"
725	depends on PCI
726	help
727	  This option enables sideband register access support for Intel SoC
728	  platforms. On these platforms the IOSF sideband is used in lieu of
729	  MSR's for some register accesses, mostly but not limited to thermal
730	  and power. Drivers may query the availability of this device to
731	  determine if they need the sideband in order to work on these
732	  platforms. The sideband is available on the following SoC products.
733	  This list is not meant to be exclusive.
734	   - BayTrail
735	   - Braswell
736	   - Quark
737
738	  You should say Y if you are running a kernel on one of these SoC's.
739
740config IOSF_MBI_DEBUG
741	bool "Enable IOSF sideband access through debugfs"
742	depends on IOSF_MBI && DEBUG_FS
743	help
744	  Select this option to expose the IOSF sideband access registers (MCR,
745	  MDR, MCRX) through debugfs to write and read register information from
746	  different units on the SoC. This is most useful for obtaining device
747	  state information for debug and analysis. As this is a general access
748	  mechanism, users of this option would have specific knowledge of the
749	  device they want to access.
750
751	  If you don't require the option or are in doubt, say N.
752
753config X86_SUPPORTS_MEMORY_FAILURE
754	def_bool y
755	# MCE code calls memory_failure():
756	depends on X86_MCE
757	# On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
758	# On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
759	depends on X86_64 || !SPARSEMEM
760	select ARCH_SUPPORTS_MEMORY_FAILURE
761
762config X86_32_IRIS
763	tristate "Eurobraille/Iris poweroff module"
764	depends on X86_32
765	help
766	  The Iris machines from EuroBraille do not have APM or ACPI support
767	  to shut themselves down properly.  A special I/O sequence is
768	  needed to do so, which is what this module does at
769	  kernel shutdown.
770
771	  This is only for Iris machines from EuroBraille.
772
773	  If unused, say N.
774
775config SCHED_OMIT_FRAME_POINTER
776	def_bool y
777	prompt "Single-depth WCHAN output"
778	depends on X86
779	help
780	  Calculate simpler /proc/<PID>/wchan values. If this option
781	  is disabled then wchan values will recurse back to the
782	  caller function. This provides more accurate wchan values,
783	  at the expense of slightly more scheduling overhead.
784
785	  If in doubt, say "Y".
786
787menuconfig HYPERVISOR_GUEST
788	bool "Linux guest support"
789	help
790	  Say Y here to enable options for running Linux under various hyper-
791	  visors. This option enables basic hypervisor detection and platform
792	  setup.
793
794	  If you say N, all options in this submenu will be skipped and
795	  disabled, and Linux guest support won't be built in.
796
797if HYPERVISOR_GUEST
798
799config PARAVIRT
800	bool "Enable paravirtualization code"
801	depends on HAVE_STATIC_CALL
802	help
803	  This changes the kernel so it can modify itself when it is run
804	  under a hypervisor, potentially improving performance significantly
805	  over full virtualization.  However, when run without a hypervisor
806	  the kernel is theoretically slower and slightly larger.
807
808config PARAVIRT_XXL
809	bool
810	depends on X86_64
811
812config PARAVIRT_DEBUG
813	bool "paravirt-ops debugging"
814	depends on PARAVIRT && DEBUG_KERNEL
815	help
816	  Enable to debug paravirt_ops internals.  Specifically, BUG if
817	  a paravirt_op is missing when it is called.
818
819config PARAVIRT_SPINLOCKS
820	bool "Paravirtualization layer for spinlocks"
821	depends on PARAVIRT && SMP
822	help
823	  Paravirtualized spinlocks allow a pvops backend to replace the
824	  spinlock implementation with something virtualization-friendly
825	  (for example, block the virtual CPU rather than spinning).
826
827	  It has a minimal impact on native kernels and gives a nice performance
828	  benefit on paravirtualized KVM / Xen kernels.
829
830	  If you are unsure how to answer this question, answer Y.
831
832config X86_HV_CALLBACK_VECTOR
833	def_bool n
834
835source "arch/x86/xen/Kconfig"
836
837config KVM_GUEST
838	bool "KVM Guest support (including kvmclock)"
839	depends on PARAVIRT
840	select PARAVIRT_CLOCK
841	select ARCH_CPUIDLE_HALTPOLL
842	select X86_HV_CALLBACK_VECTOR
843	default y
844	help
845	  This option enables various optimizations for running under the KVM
846	  hypervisor. It includes a paravirtualized clock, so that instead
847	  of relying on a PIT (or probably other) emulation by the
848	  underlying device model, the host provides the guest with
849	  timing infrastructure such as time of day, and system time
850
851config ARCH_CPUIDLE_HALTPOLL
852	def_bool n
853	prompt "Disable host haltpoll when loading haltpoll driver"
854	help
855	  If virtualized under KVM, disable host haltpoll.
856
857config PVH
858	bool "Support for running PVH guests"
859	help
860	  This option enables the PVH entry point for guest virtual machines
861	  as specified in the x86/HVM direct boot ABI.
862
863config PARAVIRT_TIME_ACCOUNTING
864	bool "Paravirtual steal time accounting"
865	depends on PARAVIRT
866	help
867	  Select this option to enable fine granularity task steal time
868	  accounting. Time spent executing other tasks in parallel with
869	  the current vCPU is discounted from the vCPU power. To account for
870	  that, there can be a small performance impact.
871
872	  If in doubt, say N here.
873
874config PARAVIRT_CLOCK
875	bool
876
877config JAILHOUSE_GUEST
878	bool "Jailhouse non-root cell support"
879	depends on X86_64 && PCI
880	select X86_PM_TIMER
881	help
882	  This option allows to run Linux as guest in a Jailhouse non-root
883	  cell. You can leave this option disabled if you only want to start
884	  Jailhouse and run Linux afterwards in the root cell.
885
886config ACRN_GUEST
887	bool "ACRN Guest support"
888	depends on X86_64
889	select X86_HV_CALLBACK_VECTOR
890	help
891	  This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
892	  a flexible, lightweight reference open-source hypervisor, built with
893	  real-time and safety-criticality in mind. It is built for embedded
894	  IOT with small footprint and real-time features. More details can be
895	  found in https://projectacrn.org/.
896
897config BHYVE_GUEST
898	bool "Bhyve (BSD Hypervisor) Guest support"
899	depends on X86_64
900	help
901	  This option allows to run Linux to recognise when it is running as a
902	  guest in the Bhyve hypervisor, and to support more than 255 vCPUs when
903	  when doing so. More details about Bhyve can be found at https://bhyve.org
904	  and https://wiki.freebsd.org/bhyve/.
905
906config INTEL_TDX_GUEST
907	bool "Intel TDX (Trust Domain Extensions) - Guest Support"
908	depends on X86_64 && CPU_SUP_INTEL
909	depends on X86_X2APIC
910	depends on EFI_STUB
911	depends on PARAVIRT
912	select ARCH_HAS_CC_PLATFORM
913	select X86_MEM_ENCRYPT
914	select X86_MCE
915	select UNACCEPTED_MEMORY
916	help
917	  Support running as a guest under Intel TDX.  Without this support,
918	  the guest kernel can not boot or run under TDX.
919	  TDX includes memory encryption and integrity capabilities
920	  which protect the confidentiality and integrity of guest
921	  memory contents and CPU state. TDX guests are protected from
922	  some attacks from the VMM.
923
924endif # HYPERVISOR_GUEST
925
926source "arch/x86/Kconfig.cpu"
927
928config HPET_TIMER
929	def_bool X86_64
930	prompt "HPET Timer Support" if X86_32
931	help
932	  Use the IA-PC HPET (High Precision Event Timer) to manage
933	  time in preference to the PIT and RTC, if a HPET is
934	  present.
935	  HPET is the next generation timer replacing legacy 8254s.
936	  The HPET provides a stable time base on SMP
937	  systems, unlike the TSC, but it is more expensive to access,
938	  as it is off-chip.  The interface used is documented
939	  in the HPET spec, revision 1.
940
941	  You can safely choose Y here.  However, HPET will only be
942	  activated if the platform and the BIOS support this feature.
943	  Otherwise the 8254 will be used for timing services.
944
945	  Choose N to continue using the legacy 8254 timer.
946
947config HPET_EMULATE_RTC
948	def_bool y
949	depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
950
951# Mark as expert because too many people got it wrong.
952# The code disables itself when not needed.
953config DMI
954	default y
955	select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
956	bool "Enable DMI scanning" if EXPERT
957	help
958	  Enabled scanning of DMI to identify machine quirks. Say Y
959	  here unless you have verified that your setup is not
960	  affected by entries in the DMI blacklist. Required by PNP
961	  BIOS code.
962
963config GART_IOMMU
964	bool "Old AMD GART IOMMU support"
965	select IOMMU_HELPER
966	select SWIOTLB
967	depends on X86_64 && PCI && AMD_NB
968	help
969	  Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
970	  GART based hardware IOMMUs.
971
972	  The GART supports full DMA access for devices with 32-bit access
973	  limitations, on systems with more than 3 GB. This is usually needed
974	  for USB, sound, many IDE/SATA chipsets and some other devices.
975
976	  Newer systems typically have a modern AMD IOMMU, supported via
977	  the CONFIG_AMD_IOMMU=y config option.
978
979	  In normal configurations this driver is only active when needed:
980	  there's more than 3 GB of memory and the system contains a
981	  32-bit limited device.
982
983	  If unsure, say Y.
984
985config BOOT_VESA_SUPPORT
986	bool
987	help
988	  If true, at least one selected framebuffer driver can take advantage
989	  of VESA video modes set at an early boot stage via the vga= parameter.
990
991config MAXSMP
992	bool "Enable Maximum number of SMP Processors and NUMA Nodes"
993	depends on X86_64 && SMP && DEBUG_KERNEL
994	select CPUMASK_OFFSTACK
995	help
996	  Enable maximum number of CPUS and NUMA Nodes for this architecture.
997	  If unsure, say N.
998
999#
1000# The maximum number of CPUs supported:
1001#
1002# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
1003# and which can be configured interactively in the
1004# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
1005#
1006# The ranges are different on 32-bit and 64-bit kernels, depending on
1007# hardware capabilities and scalability features of the kernel.
1008#
1009# ( If MAXSMP is enabled we just use the highest possible value and disable
1010#   interactive configuration. )
1011#
1012
1013config NR_CPUS_RANGE_BEGIN
1014	int
1015	default NR_CPUS_RANGE_END if MAXSMP
1016	default    1 if !SMP
1017	default    2
1018
1019config NR_CPUS_RANGE_END
1020	int
1021	depends on X86_32
1022	default    8 if  SMP
1023	default    1 if !SMP
1024
1025config NR_CPUS_RANGE_END
1026	int
1027	depends on X86_64
1028	default 8192 if  SMP && CPUMASK_OFFSTACK
1029	default  512 if  SMP && !CPUMASK_OFFSTACK
1030	default    1 if !SMP
1031
1032config NR_CPUS_DEFAULT
1033	int
1034	depends on X86_32
1035	default    8 if  SMP
1036	default    1 if !SMP
1037
1038config NR_CPUS_DEFAULT
1039	int
1040	depends on X86_64
1041	default 8192 if  MAXSMP
1042	default   64 if  SMP
1043	default    1 if !SMP
1044
1045config NR_CPUS
1046	int "Maximum number of CPUs" if SMP && !MAXSMP
1047	range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
1048	default NR_CPUS_DEFAULT
1049	help
1050	  This allows you to specify the maximum number of CPUs which this
1051	  kernel will support.  If CPUMASK_OFFSTACK is enabled, the maximum
1052	  supported value is 8192, otherwise the maximum value is 512.  The
1053	  minimum value which makes sense is 2.
1054
1055	  This is purely to save memory: each supported CPU adds about 8KB
1056	  to the kernel image.
1057
1058config SCHED_MC_PRIO
1059	bool "CPU core priorities scheduler support"
1060	depends on SCHED_MC
1061	select X86_INTEL_PSTATE if CPU_SUP_INTEL
1062	select X86_AMD_PSTATE if CPU_SUP_AMD && ACPI
1063	select CPU_FREQ
1064	default y
1065	help
1066	  Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
1067	  core ordering determined at manufacturing time, which allows
1068	  certain cores to reach higher turbo frequencies (when running
1069	  single threaded workloads) than others.
1070
1071	  Enabling this kernel feature teaches the scheduler about
1072	  the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
1073	  scheduler's CPU selection logic accordingly, so that higher
1074	  overall system performance can be achieved.
1075
1076	  This feature will have no effect on CPUs without this feature.
1077
1078	  If unsure say Y here.
1079
1080config UP_LATE_INIT
1081	def_bool y
1082	depends on !SMP && X86_LOCAL_APIC
1083
1084config X86_UP_APIC
1085	bool "Local APIC support on uniprocessors" if !PCI_MSI
1086	default PCI_MSI
1087	depends on X86_32 && !SMP
1088	help
1089	  A local APIC (Advanced Programmable Interrupt Controller) is an
1090	  integrated interrupt controller in the CPU. If you have a single-CPU
1091	  system which has a processor with a local APIC, you can say Y here to
1092	  enable and use it. If you say Y here even though your machine doesn't
1093	  have a local APIC, then the kernel will still run with no slowdown at
1094	  all. The local APIC supports CPU-generated self-interrupts (timer,
1095	  performance counters), and the NMI watchdog which detects hard
1096	  lockups.
1097
1098config X86_UP_IOAPIC
1099	bool "IO-APIC support on uniprocessors"
1100	depends on X86_UP_APIC
1101	help
1102	  An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
1103	  SMP-capable replacement for PC-style interrupt controllers. Most
1104	  SMP systems and many recent uniprocessor systems have one.
1105
1106	  If you have a single-CPU system with an IO-APIC, you can say Y here
1107	  to use it. If you say Y here even though your machine doesn't have
1108	  an IO-APIC, then the kernel will still run with no slowdown at all.
1109
1110config X86_LOCAL_APIC
1111	def_bool y
1112	depends on X86_64 || SMP || X86_UP_APIC || PCI_MSI
1113	select IRQ_DOMAIN_HIERARCHY
1114
1115config ACPI_MADT_WAKEUP
1116	def_bool y
1117	depends on X86_64
1118	depends on ACPI
1119	depends on SMP
1120	depends on X86_LOCAL_APIC
1121
1122config X86_IO_APIC
1123	def_bool y
1124	depends on X86_LOCAL_APIC || X86_UP_IOAPIC
1125
1126config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
1127	bool "Reroute for broken boot IRQs"
1128	depends on X86_IO_APIC
1129	help
1130	  This option enables a workaround that fixes a source of
1131	  spurious interrupts. This is recommended when threaded
1132	  interrupt handling is used on systems where the generation of
1133	  superfluous "boot interrupts" cannot be disabled.
1134
1135	  Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
1136	  entry in the chipset's IO-APIC is masked (as, e.g. the RT
1137	  kernel does during interrupt handling). On chipsets where this
1138	  boot IRQ generation cannot be disabled, this workaround keeps
1139	  the original IRQ line masked so that only the equivalent "boot
1140	  IRQ" is delivered to the CPUs. The workaround also tells the
1141	  kernel to set up the IRQ handler on the boot IRQ line. In this
1142	  way only one interrupt is delivered to the kernel. Otherwise
1143	  the spurious second interrupt may cause the kernel to bring
1144	  down (vital) interrupt lines.
1145
1146	  Only affects "broken" chipsets. Interrupt sharing may be
1147	  increased on these systems.
1148
1149config X86_MCE
1150	bool "Machine Check / overheating reporting"
1151	select GENERIC_ALLOCATOR
1152	default y
1153	help
1154	  Machine Check support allows the processor to notify the
1155	  kernel if it detects a problem (e.g. overheating, data corruption).
1156	  The action the kernel takes depends on the severity of the problem,
1157	  ranging from warning messages to halting the machine.
1158
1159config X86_MCELOG_LEGACY
1160	bool "Support for deprecated /dev/mcelog character device"
1161	depends on X86_MCE
1162	help
1163	  Enable support for /dev/mcelog which is needed by the old mcelog
1164	  userspace logging daemon. Consider switching to the new generation
1165	  rasdaemon solution.
1166
1167config X86_MCE_INTEL
1168	def_bool y
1169	prompt "Intel MCE features"
1170	depends on X86_MCE && X86_LOCAL_APIC
1171	help
1172	  Additional support for intel specific MCE features such as
1173	  the thermal monitor.
1174
1175config X86_MCE_AMD
1176	def_bool y
1177	prompt "AMD MCE features"
1178	depends on X86_MCE && X86_LOCAL_APIC
1179	help
1180	  Additional support for AMD specific MCE features such as
1181	  the DRAM Error Threshold.
1182
1183config X86_ANCIENT_MCE
1184	bool "Support for old Pentium 5 / WinChip machine checks"
1185	depends on X86_32 && X86_MCE
1186	help
1187	  Include support for machine check handling on old Pentium 5 or WinChip
1188	  systems. These typically need to be enabled explicitly on the command
1189	  line.
1190
1191config X86_MCE_THRESHOLD
1192	depends on X86_MCE_AMD || X86_MCE_INTEL
1193	def_bool y
1194
1195config X86_MCE_INJECT
1196	depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
1197	tristate "Machine check injector support"
1198	help
1199	  Provide support for injecting machine checks for testing purposes.
1200	  If you don't know what a machine check is and you don't do kernel
1201	  QA it is safe to say n.
1202
1203source "arch/x86/events/Kconfig"
1204
1205config X86_LEGACY_VM86
1206	bool "Legacy VM86 support"
1207	depends on X86_32
1208	help
1209	  This option allows user programs to put the CPU into V8086
1210	  mode, which is an 80286-era approximation of 16-bit real mode.
1211
1212	  Some very old versions of X and/or vbetool require this option
1213	  for user mode setting.  Similarly, DOSEMU will use it if
1214	  available to accelerate real mode DOS programs.  However, any
1215	  recent version of DOSEMU, X, or vbetool should be fully
1216	  functional even without kernel VM86 support, as they will all
1217	  fall back to software emulation. Nevertheless, if you are using
1218	  a 16-bit DOS program where 16-bit performance matters, vm86
1219	  mode might be faster than emulation and you might want to
1220	  enable this option.
1221
1222	  Note that any app that works on a 64-bit kernel is unlikely to
1223	  need this option, as 64-bit kernels don't, and can't, support
1224	  V8086 mode. This option is also unrelated to 16-bit protected
1225	  mode and is not needed to run most 16-bit programs under Wine.
1226
1227	  Enabling this option increases the complexity of the kernel
1228	  and slows down exception handling a tiny bit.
1229
1230	  If unsure, say N here.
1231
1232config VM86
1233	bool
1234	default X86_LEGACY_VM86
1235
1236config X86_16BIT
1237	bool "Enable support for 16-bit segments" if EXPERT
1238	default y
1239	depends on MODIFY_LDT_SYSCALL
1240	help
1241	  This option is required by programs like Wine to run 16-bit
1242	  protected mode legacy code on x86 processors.  Disabling
1243	  this option saves about 300 bytes on i386, or around 6K text
1244	  plus 16K runtime memory on x86-64,
1245
1246config X86_ESPFIX32
1247	def_bool y
1248	depends on X86_16BIT && X86_32
1249
1250config X86_ESPFIX64
1251	def_bool y
1252	depends on X86_16BIT && X86_64
1253
1254config X86_VSYSCALL_EMULATION
1255	bool "Enable vsyscall emulation" if EXPERT
1256	default y
1257	depends on X86_64
1258	help
1259	  This enables emulation of the legacy vsyscall page.  Disabling
1260	  it is roughly equivalent to booting with vsyscall=none, except
1261	  that it will also disable the helpful warning if a program
1262	  tries to use a vsyscall.  With this option set to N, offending
1263	  programs will just segfault, citing addresses of the form
1264	  0xffffffffff600?00.
1265
1266	  This option is required by many programs built before 2013, and
1267	  care should be used even with newer programs if set to N.
1268
1269	  Disabling this option saves about 7K of kernel size and
1270	  possibly 4K of additional runtime pagetable memory.
1271
1272config X86_IOPL_IOPERM
1273	bool "IOPERM and IOPL Emulation"
1274	default y
1275	help
1276	  This enables the ioperm() and iopl() syscalls which are necessary
1277	  for legacy applications.
1278
1279	  Legacy IOPL support is an overbroad mechanism which allows user
1280	  space aside of accessing all 65536 I/O ports also to disable
1281	  interrupts. To gain this access the caller needs CAP_SYS_RAWIO
1282	  capabilities and permission from potentially active security
1283	  modules.
1284
1285	  The emulation restricts the functionality of the syscall to
1286	  only allowing the full range I/O port access, but prevents the
1287	  ability to disable interrupts from user space which would be
1288	  granted if the hardware IOPL mechanism would be used.
1289
1290config TOSHIBA
1291	tristate "Toshiba Laptop support"
1292	depends on X86_32
1293	help
1294	  This adds a driver to safely access the System Management Mode of
1295	  the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
1296	  not work on models with a Phoenix BIOS. The System Management Mode
1297	  is used to set the BIOS and power saving options on Toshiba portables.
1298
1299	  For information on utilities to make use of this driver see the
1300	  Toshiba Linux utilities web site at:
1301	  <http://www.buzzard.org.uk/toshiba/>.
1302
1303	  Say Y if you intend to run this kernel on a Toshiba portable.
1304	  Say N otherwise.
1305
1306config X86_REBOOTFIXUPS
1307	bool "Enable X86 board specific fixups for reboot"
1308	depends on X86_32
1309	help
1310	  This enables chipset and/or board specific fixups to be done
1311	  in order to get reboot to work correctly. This is only needed on
1312	  some combinations of hardware and BIOS. The symptom, for which
1313	  this config is intended, is when reboot ends with a stalled/hung
1314	  system.
1315
1316	  Currently, the only fixup is for the Geode machines using
1317	  CS5530A and CS5536 chipsets and the RDC R-321x SoC.
1318
1319	  Say Y if you want to enable the fixup. Currently, it's safe to
1320	  enable this option even if you don't need it.
1321	  Say N otherwise.
1322
1323config MICROCODE
1324	def_bool y
1325	depends on CPU_SUP_AMD || CPU_SUP_INTEL
1326	select CRYPTO_LIB_SHA256 if CPU_SUP_AMD
1327
1328config MICROCODE_INITRD32
1329	def_bool y
1330	depends on MICROCODE && X86_32 && BLK_DEV_INITRD
1331
1332config MICROCODE_LATE_LOADING
1333	bool "Late microcode loading (DANGEROUS)"
1334	default n
1335	depends on MICROCODE && SMP
1336	help
1337	  Loading microcode late, when the system is up and executing instructions
1338	  is a tricky business and should be avoided if possible. Just the sequence
1339	  of synchronizing all cores and SMT threads is one fragile dance which does
1340	  not guarantee that cores might not softlock after the loading. Therefore,
1341	  use this at your own risk. Late loading taints the kernel unless the
1342	  microcode header indicates that it is safe for late loading via the
1343	  minimal revision check. This minimal revision check can be enforced on
1344	  the kernel command line with "microcode=force_minrev".
1345
1346config MICROCODE_LATE_FORCE_MINREV
1347	bool "Enforce late microcode loading minimal revision check"
1348	default n
1349	depends on MICROCODE_LATE_LOADING
1350	help
1351	  To prevent that users load microcode late which modifies already
1352	  in use features, newer microcode patches have a minimum revision field
1353	  in the microcode header, which tells the kernel which minimum
1354	  revision must be active in the CPU to safely load that new microcode
1355	  late into the running system. If disabled the check will not
1356	  be enforced but the kernel will be tainted when the minimal
1357	  revision check fails.
1358
1359	  This minimal revision check can also be controlled via the
1360	  "microcode=force_minrev" parameter on the kernel command line.
1361
1362	  If unsure say Y.
1363
1364config MICROCODE_DBG
1365	bool "Enable microcode loader debugging"
1366	default n
1367	depends on MICROCODE
1368	help
1369	  Enable code which allows for debugging the microcode loader in
1370	  a guest. Meaning the patch loading is simulated but everything else
1371	  related to patch parsing and handling is done as on baremetal with
1372	  the purpose of debugging solely the software side of things.
1373
1374	  You almost certainly want to say n here.
1375
1376config X86_MSR
1377	tristate "/dev/cpu/*/msr - Model-specific register support"
1378	help
1379	  This device gives privileged processes access to the x86
1380	  Model-Specific Registers (MSRs).  It is a character device with
1381	  major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
1382	  MSR accesses are directed to a specific CPU on multi-processor
1383	  systems.
1384
1385config X86_CPUID
1386	tristate "/dev/cpu/*/cpuid - CPU information support"
1387	help
1388	  This device gives processes access to the x86 CPUID instruction to
1389	  be executed on a specific processor.  It is a character device
1390	  with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
1391	  /dev/cpu/31/cpuid.
1392
1393config HIGHMEM4G
1394	bool "High Memory Support"
1395	depends on X86_32
1396	help
1397	  Linux can use up to 4 Gigabytes of physical memory on x86 systems.
1398	  However, the address space of 32-bit x86 processors is only 4
1399	  Gigabytes large. That means that, if you have a large amount of
1400	  physical memory, not all of it can be "permanently mapped" by the
1401	  kernel. The physical memory that's not permanently mapped is called
1402	  "high memory".
1403
1404	  If you are compiling a kernel which will never run on a machine with
1405	  more than 1 Gigabyte total physical RAM, answer "off" here (default
1406	  choice and suitable for most users). This will result in a "3GB/1GB"
1407	  split: 3GB are mapped so that each process sees a 3GB virtual memory
1408	  space and the remaining part of the 4GB virtual memory space is used
1409	  by the kernel to permanently map as much physical memory as
1410	  possible.
1411
1412	  If the machine has between 1 and 4 Gigabytes physical RAM, then
1413	  answer "Y" here.
1414
1415	  If unsure, say N.
1416
1417choice
1418	prompt "Memory split" if EXPERT
1419	default VMSPLIT_3G
1420	depends on X86_32
1421	help
1422	  Select the desired split between kernel and user memory.
1423
1424	  If the address range available to the kernel is less than the
1425	  physical memory installed, the remaining memory will be available
1426	  as "high memory". Accessing high memory is a little more costly
1427	  than low memory, as it needs to be mapped into the kernel first.
1428	  Note that increasing the kernel address space limits the range
1429	  available to user programs, making the address space there
1430	  tighter.  Selecting anything other than the default 3G/1G split
1431	  will also likely make your kernel incompatible with binary-only
1432	  kernel modules.
1433
1434	  If you are not absolutely sure what you are doing, leave this
1435	  option alone!
1436
1437	config VMSPLIT_3G
1438		bool "3G/1G user/kernel split"
1439	config VMSPLIT_3G_OPT
1440		depends on !X86_PAE
1441		bool "3G/1G user/kernel split (for full 1G low memory)"
1442	config VMSPLIT_2G
1443		bool "2G/2G user/kernel split"
1444	config VMSPLIT_2G_OPT
1445		depends on !X86_PAE
1446		bool "2G/2G user/kernel split (for full 2G low memory)"
1447	config VMSPLIT_1G
1448		bool "1G/3G user/kernel split"
1449endchoice
1450
1451config PAGE_OFFSET
1452	hex
1453	default 0xB0000000 if VMSPLIT_3G_OPT
1454	default 0x80000000 if VMSPLIT_2G
1455	default 0x78000000 if VMSPLIT_2G_OPT
1456	default 0x40000000 if VMSPLIT_1G
1457	default 0xC0000000
1458	depends on X86_32
1459
1460config HIGHMEM
1461	def_bool HIGHMEM4G
1462
1463config X86_PAE
1464	bool "PAE (Physical Address Extension) Support"
1465	depends on X86_32 && X86_HAVE_PAE
1466	select PHYS_ADDR_T_64BIT
1467	help
1468	  PAE is required for NX support, and furthermore enables
1469	  larger swapspace support for non-overcommit purposes. It
1470	  has the cost of more pagetable lookup overhead, and also
1471	  consumes more pagetable space per process.
1472
1473config X86_DIRECT_GBPAGES
1474	def_bool y
1475	depends on X86_64
1476	help
1477	  Certain kernel features effectively disable kernel
1478	  linear 1 GB mappings (even if the CPU otherwise
1479	  supports them), so don't confuse the user by printing
1480	  that we have them enabled.
1481
1482config X86_CPA_STATISTICS
1483	bool "Enable statistic for Change Page Attribute"
1484	depends on DEBUG_FS
1485	help
1486	  Expose statistics about the Change Page Attribute mechanism, which
1487	  helps to determine the effectiveness of preserving large and huge
1488	  page mappings when mapping protections are changed.
1489
1490config X86_MEM_ENCRYPT
1491	select ARCH_HAS_FORCE_DMA_UNENCRYPTED
1492	select DYNAMIC_PHYSICAL_MASK
1493	def_bool n
1494
1495config AMD_MEM_ENCRYPT
1496	bool "AMD Secure Memory Encryption (SME) support"
1497	depends on X86_64 && CPU_SUP_AMD
1498	depends on EFI_STUB
1499	select DMA_COHERENT_POOL
1500	select ARCH_USE_MEMREMAP_PROT
1501	select INSTRUCTION_DECODER
1502	select ARCH_HAS_CC_PLATFORM
1503	select X86_MEM_ENCRYPT
1504	select UNACCEPTED_MEMORY
1505	select CRYPTO_LIB_AESGCM
1506	help
1507	  Say yes to enable support for the encryption of system memory.
1508	  This requires an AMD processor that supports Secure Memory
1509	  Encryption (SME).
1510
1511# Common NUMA Features
1512config NUMA
1513	bool "NUMA Memory Allocation and Scheduler Support"
1514	depends on SMP
1515	depends on X86_64
1516	select USE_PERCPU_NUMA_NODE_ID
1517	select OF_NUMA if OF
1518	help
1519	  Enable NUMA (Non-Uniform Memory Access) support.
1520
1521	  The kernel will try to allocate memory used by a CPU on the
1522	  local memory controller of the CPU and add some more
1523	  NUMA awareness to the kernel.
1524
1525	  For 64-bit this is recommended if the system is Intel Core i7
1526	  (or later), AMD Opteron, or EM64T NUMA.
1527
1528	  Otherwise, you should say N.
1529
1530config AMD_NUMA
1531	def_bool y
1532	prompt "Old style AMD Opteron NUMA detection"
1533	depends on X86_64 && NUMA && PCI
1534	help
1535	  Enable AMD NUMA node topology detection.  You should say Y here if
1536	  you have a multi processor AMD system. This uses an old method to
1537	  read the NUMA configuration directly from the builtin Northbridge
1538	  of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
1539	  which also takes priority if both are compiled in.
1540
1541config X86_64_ACPI_NUMA
1542	def_bool y
1543	prompt "ACPI NUMA detection"
1544	depends on X86_64 && NUMA && ACPI && PCI
1545	select ACPI_NUMA
1546	help
1547	  Enable ACPI SRAT based node topology detection.
1548
1549config NODES_SHIFT
1550	int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
1551	range 1 10
1552	default "10" if MAXSMP
1553	default "6" if X86_64
1554	default "3"
1555	depends on NUMA
1556	help
1557	  Specify the maximum number of NUMA Nodes available on the target
1558	  system.  Increases memory reserved to accommodate various tables.
1559
1560config ARCH_FLATMEM_ENABLE
1561	def_bool y
1562	depends on X86_32 && !NUMA
1563
1564config ARCH_SPARSEMEM_ENABLE
1565	def_bool y
1566	select SPARSEMEM_STATIC if X86_32
1567	select SPARSEMEM_VMEMMAP_ENABLE if X86_64
1568	select SPARSEMEM_VMEMMAP if X86_64
1569
1570config ARCH_SPARSEMEM_DEFAULT
1571	def_bool X86_64 || (NUMA && X86_32)
1572
1573config ARCH_SELECT_MEMORY_MODEL
1574	def_bool y
1575	depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE
1576
1577config ARCH_MEMORY_PROBE
1578	bool "Enable sysfs memory/probe interface"
1579	depends on MEMORY_HOTPLUG
1580	help
1581	  This option enables a sysfs memory/probe interface for testing.
1582	  See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
1583	  If you are unsure how to answer this question, answer N.
1584
1585config ARCH_PROC_KCORE_TEXT
1586	def_bool y
1587	depends on X86_64 && PROC_KCORE
1588
1589config ILLEGAL_POINTER_VALUE
1590	hex
1591	default 0 if X86_32
1592	default 0xdead000000000000 if X86_64
1593
1594config X86_PMEM_LEGACY_DEVICE
1595	bool
1596
1597config X86_PMEM_LEGACY
1598	tristate "Support non-standard NVDIMMs and ADR protected memory"
1599	depends on PHYS_ADDR_T_64BIT
1600	depends on BLK_DEV
1601	select X86_PMEM_LEGACY_DEVICE
1602	select NUMA_KEEP_MEMINFO if NUMA
1603	select LIBNVDIMM
1604	help
1605	  Treat memory marked using the non-standard e820 type of 12 as used
1606	  by the Intel Sandy Bridge-EP reference BIOS as protected memory.
1607	  The kernel will offer these regions to the 'pmem' driver so
1608	  they can be used for persistent storage.
1609
1610	  Say Y if unsure.
1611
1612config X86_CHECK_BIOS_CORRUPTION
1613	bool "Check for low memory corruption"
1614	help
1615	  Periodically check for memory corruption in low memory, which
1616	  is suspected to be caused by BIOS.  Even when enabled in the
1617	  configuration, it is disabled at runtime.  Enable it by
1618	  setting "memory_corruption_check=1" on the kernel command
1619	  line.  By default it scans the low 64k of memory every 60
1620	  seconds; see the memory_corruption_check_size and
1621	  memory_corruption_check_period parameters in
1622	  Documentation/admin-guide/kernel-parameters.rst to adjust this.
1623
1624	  When enabled with the default parameters, this option has
1625	  almost no overhead, as it reserves a relatively small amount
1626	  of memory and scans it infrequently.  It both detects corruption
1627	  and prevents it from affecting the running system.
1628
1629	  It is, however, intended as a diagnostic tool; if repeatable
1630	  BIOS-originated corruption always affects the same memory,
1631	  you can use memmap= to prevent the kernel from using that
1632	  memory.
1633
1634config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
1635	bool "Set the default setting of memory_corruption_check"
1636	depends on X86_CHECK_BIOS_CORRUPTION
1637	default y
1638	help
1639	  Set whether the default state of memory_corruption_check is
1640	  on or off.
1641
1642config MATH_EMULATION
1643	bool
1644	depends on MODIFY_LDT_SYSCALL
1645	prompt "Math emulation" if X86_32 && (M486SX || MELAN)
1646	help
1647	  Linux can emulate a math coprocessor (used for floating point
1648	  operations) if you don't have one. 486DX and Pentium processors have
1649	  a math coprocessor built in, 486SX and 386 do not, unless you added
1650	  a 487DX or 387, respectively. (The messages during boot time can
1651	  give you some hints here ["man dmesg"].) Everyone needs either a
1652	  coprocessor or this emulation.
1653
1654	  If you don't have a math coprocessor, you need to say Y here; if you
1655	  say Y here even though you have a coprocessor, the coprocessor will
1656	  be used nevertheless. (This behavior can be changed with the kernel
1657	  command line option "no387", which comes handy if your coprocessor
1658	  is broken. Try "man bootparam" or see the documentation of your boot
1659	  loader (lilo or loadlin) about how to pass options to the kernel at
1660	  boot time.) This means that it is a good idea to say Y here if you
1661	  intend to use this kernel on different machines.
1662
1663	  More information about the internals of the Linux math coprocessor
1664	  emulation can be found in <file:arch/x86/math-emu/README>.
1665
1666	  If you are not sure, say Y; apart from resulting in a 66 KB bigger
1667	  kernel, it won't hurt.
1668
1669config MTRR
1670	def_bool y
1671	prompt "MTRR (Memory Type Range Register) support" if EXPERT
1672	help
1673	  On Intel P6 family processors (Pentium Pro, Pentium II and later)
1674	  the Memory Type Range Registers (MTRRs) may be used to control
1675	  processor access to memory ranges. This is most useful if you have
1676	  a video (VGA) card on a PCI or AGP bus. Enabling write-combining
1677	  allows bus write transfers to be combined into a larger transfer
1678	  before bursting over the PCI/AGP bus. This can increase performance
1679	  of image write operations 2.5 times or more. Saying Y here creates a
1680	  /proc/mtrr file which may be used to manipulate your processor's
1681	  MTRRs. Typically the X server should use this.
1682
1683	  This code has a reasonably generic interface so that similar
1684	  control registers on other processors can be easily supported
1685	  as well:
1686
1687	  The Cyrix 6x86, 6x86MX and M II processors have Address Range
1688	  Registers (ARRs) which provide a similar functionality to MTRRs. For
1689	  these, the ARRs are used to emulate the MTRRs.
1690	  The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
1691	  MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
1692	  write-combining. All of these processors are supported by this code
1693	  and it makes sense to say Y here if you have one of them.
1694
1695	  Saying Y here also fixes a problem with buggy SMP BIOSes which only
1696	  set the MTRRs for the boot CPU and not for the secondary CPUs. This
1697	  can lead to all sorts of problems, so it's good to say Y here.
1698
1699	  You can safely say Y even if your machine doesn't have MTRRs, you'll
1700	  just add about 9 KB to your kernel.
1701
1702	  See <file:Documentation/arch/x86/mtrr.rst> for more information.
1703
1704config MTRR_SANITIZER
1705	def_bool y
1706	prompt "MTRR cleanup support"
1707	depends on MTRR
1708	help
1709	  Convert MTRR layout from continuous to discrete, so X drivers can
1710	  add writeback entries.
1711
1712	  Can be disabled with disable_mtrr_cleanup on the kernel command line.
1713	  The largest mtrr entry size for a continuous block can be set with
1714	  mtrr_chunk_size.
1715
1716	  If unsure, say Y.
1717
1718config MTRR_SANITIZER_ENABLE_DEFAULT
1719	int "MTRR cleanup enable value (0-1)"
1720	range 0 1
1721	default "0"
1722	depends on MTRR_SANITIZER
1723	help
1724	  Enable mtrr cleanup default value
1725
1726config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
1727	int "MTRR cleanup spare reg num (0-7)"
1728	range 0 7
1729	default "1"
1730	depends on MTRR_SANITIZER
1731	help
1732	  mtrr cleanup spare entries default, it can be changed via
1733	  mtrr_spare_reg_nr=N on the kernel command line.
1734
1735config X86_PAT
1736	def_bool y
1737	prompt "x86 PAT support" if EXPERT
1738	depends on MTRR
1739	select ARCH_USES_PG_ARCH_2
1740	help
1741	  Use PAT attributes to setup page level cache control.
1742
1743	  PATs are the modern equivalents of MTRRs and are much more
1744	  flexible than MTRRs.
1745
1746	  Say N here if you see bootup problems (boot crash, boot hang,
1747	  spontaneous reboots) or a non-working video driver.
1748
1749	  If unsure, say Y.
1750
1751config X86_UMIP
1752	def_bool y
1753	prompt "User Mode Instruction Prevention" if EXPERT
1754	help
1755	  User Mode Instruction Prevention (UMIP) is a security feature in
1756	  some x86 processors. If enabled, a general protection fault is
1757	  issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are
1758	  executed in user mode. These instructions unnecessarily expose
1759	  information about the hardware state.
1760
1761	  The vast majority of applications do not use these instructions.
1762	  For the very few that do, software emulation is provided in
1763	  specific cases in protected and virtual-8086 modes. Emulated
1764	  results are dummy.
1765
1766config CC_HAS_IBT
1767	# GCC >= 9 and binutils >= 2.29
1768	# Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
1769	def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || CC_IS_CLANG) && \
1770		  $(as-instr,endbr64)
1771
1772config X86_CET
1773	def_bool n
1774	help
1775	  CET features configured (Shadow stack or IBT)
1776
1777config X86_KERNEL_IBT
1778	prompt "Indirect Branch Tracking"
1779	def_bool y
1780	depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
1781	select OBJTOOL
1782	select X86_CET
1783	help
1784	  Build the kernel with support for Indirect Branch Tracking, a
1785	  hardware support course-grain forward-edge Control Flow Integrity
1786	  protection. It enforces that all indirect calls must land on
1787	  an ENDBR instruction, as such, the compiler will instrument the
1788	  code with them to make this happen.
1789
1790	  In addition to building the kernel with IBT, seal all functions that
1791	  are not indirect call targets, avoiding them ever becoming one.
1792
1793	  This requires LTO like objtool runs and will slow down the build. It
1794	  does significantly reduce the number of ENDBR instructions in the
1795	  kernel image.
1796
1797config X86_INTEL_MEMORY_PROTECTION_KEYS
1798	prompt "Memory Protection Keys"
1799	def_bool y
1800	# Note: only available in 64-bit mode
1801	depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD)
1802	select ARCH_USES_HIGH_VMA_FLAGS
1803	select ARCH_HAS_PKEYS
1804	help
1805	  Memory Protection Keys provides a mechanism for enforcing
1806	  page-based protections, but without requiring modification of the
1807	  page tables when an application changes protection domains.
1808
1809	  For details, see Documentation/core-api/protection-keys.rst
1810
1811	  If unsure, say y.
1812
1813config ARCH_PKEY_BITS
1814	int
1815	default 4
1816
1817choice
1818	prompt "TSX enable mode"
1819	depends on CPU_SUP_INTEL
1820	default X86_INTEL_TSX_MODE_OFF
1821	help
1822	  Intel's TSX (Transactional Synchronization Extensions) feature
1823	  allows to optimize locking protocols through lock elision which
1824	  can lead to a noticeable performance boost.
1825
1826	  On the other hand it has been shown that TSX can be exploited
1827	  to form side channel attacks (e.g. TAA) and chances are there
1828	  will be more of those attacks discovered in the future.
1829
1830	  Therefore TSX is not enabled by default (aka tsx=off). An admin
1831	  might override this decision by tsx=on the command line parameter.
1832	  Even with TSX enabled, the kernel will attempt to enable the best
1833	  possible TAA mitigation setting depending on the microcode available
1834	  for the particular machine.
1835
1836	  This option allows to set the default tsx mode between tsx=on, =off
1837	  and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
1838	  details.
1839
1840	  Say off if not sure, auto if TSX is in use but it should be used on safe
1841	  platforms or on if TSX is in use and the security aspect of tsx is not
1842	  relevant.
1843
1844config X86_INTEL_TSX_MODE_OFF
1845	bool "off"
1846	help
1847	  TSX is disabled if possible - equals to tsx=off command line parameter.
1848
1849config X86_INTEL_TSX_MODE_ON
1850	bool "on"
1851	help
1852	  TSX is always enabled on TSX capable HW - equals the tsx=on command
1853	  line parameter.
1854
1855config X86_INTEL_TSX_MODE_AUTO
1856	bool "auto"
1857	help
1858	  TSX is enabled on TSX capable HW that is believed to be safe against
1859	  side channel attacks- equals the tsx=auto command line parameter.
1860endchoice
1861
1862config X86_SGX
1863	bool "Software Guard eXtensions (SGX)"
1864	depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC
1865	select CRYPTO_LIB_SHA256
1866	select MMU_NOTIFIER
1867	select NUMA_KEEP_MEMINFO if NUMA
1868	select XARRAY_MULTI
1869	help
1870	  Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions
1871	  that can be used by applications to set aside private regions of code
1872	  and data, referred to as enclaves. An enclave's private memory can
1873	  only be accessed by code running within the enclave. Accesses from
1874	  outside the enclave, including other enclaves, are disallowed by
1875	  hardware.
1876
1877	  If unsure, say N.
1878
1879config X86_USER_SHADOW_STACK
1880	bool "X86 userspace shadow stack"
1881	depends on AS_WRUSS
1882	depends on X86_64
1883	select ARCH_USES_HIGH_VMA_FLAGS
1884	select ARCH_HAS_USER_SHADOW_STACK
1885	select X86_CET
1886	help
1887	  Shadow stack protection is a hardware feature that detects function
1888	  return address corruption.  This helps mitigate ROP attacks.
1889	  Applications must be enabled to use it, and old userspace does not
1890	  get protection "for free".
1891
1892	  CPUs supporting shadow stacks were first released in 2020.
1893
1894	  See Documentation/arch/x86/shstk.rst for more information.
1895
1896	  If unsure, say N.
1897
1898config INTEL_TDX_HOST
1899	bool "Intel Trust Domain Extensions (TDX) host support"
1900	depends on CPU_SUP_INTEL
1901	depends on X86_64
1902	depends on KVM_INTEL
1903	depends on X86_X2APIC
1904	select ARCH_KEEP_MEMBLOCK
1905	depends on CONTIG_ALLOC
1906	depends on !KEXEC_CORE
1907	depends on X86_MCE
1908	help
1909	  Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
1910	  host and certain physical attacks.  This option enables necessary TDX
1911	  support in the host kernel to run confidential VMs.
1912
1913	  If unsure, say N.
1914
1915config EFI
1916	bool "EFI runtime service support"
1917	depends on ACPI
1918	select UCS2_STRING
1919	select EFI_RUNTIME_WRAPPERS
1920	select ARCH_USE_MEMREMAP_PROT
1921	select EFI_RUNTIME_MAP if KEXEC_CORE
1922	help
1923	  This enables the kernel to use EFI runtime services that are
1924	  available (such as the EFI variable services).
1925
1926	  This option is only useful on systems that have EFI firmware.
1927	  In addition, you should use the latest ELILO loader available
1928	  at <http://elilo.sourceforge.net> in order to take advantage
1929	  of EFI runtime services. However, even with this option, the
1930	  resultant kernel should continue to boot on existing non-EFI
1931	  platforms.
1932
1933config EFI_STUB
1934	bool "EFI stub support"
1935	depends on EFI
1936	select RELOCATABLE
1937	help
1938	  This kernel feature allows a bzImage to be loaded directly
1939	  by EFI firmware without the use of a bootloader.
1940
1941	  See Documentation/admin-guide/efi-stub.rst for more information.
1942
1943config EFI_HANDOVER_PROTOCOL
1944	bool "EFI handover protocol (DEPRECATED)"
1945	depends on EFI_STUB
1946	default y
1947	help
1948	  Select this in order to include support for the deprecated EFI
1949	  handover protocol, which defines alternative entry points into the
1950	  EFI stub.  This is a practice that has no basis in the UEFI
1951	  specification, and requires a priori knowledge on the part of the
1952	  bootloader about Linux/x86 specific ways of passing the command line
1953	  and initrd, and where in memory those assets may be loaded.
1954
1955	  If in doubt, say Y. Even though the corresponding support is not
1956	  present in upstream GRUB or other bootloaders, most distros build
1957	  GRUB with numerous downstream patches applied, and may rely on the
1958	  handover protocol as as result.
1959
1960config EFI_MIXED
1961	bool "EFI mixed-mode support"
1962	depends on EFI_STUB && X86_64
1963	help
1964	  Enabling this feature allows a 64-bit kernel to be booted
1965	  on a 32-bit firmware, provided that your CPU supports 64-bit
1966	  mode.
1967
1968	  Note that it is not possible to boot a mixed-mode enabled
1969	  kernel via the EFI boot stub - a bootloader that supports
1970	  the EFI handover protocol must be used.
1971
1972	  If unsure, say N.
1973
1974config EFI_RUNTIME_MAP
1975	bool "Export EFI runtime maps to sysfs" if EXPERT
1976	depends on EFI
1977	help
1978	  Export EFI runtime memory regions to /sys/firmware/efi/runtime-map.
1979	  That memory map is required by the 2nd kernel to set up EFI virtual
1980	  mappings after kexec, but can also be used for debugging purposes.
1981
1982	  See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
1983
1984source "kernel/Kconfig.hz"
1985
1986config ARCH_SUPPORTS_KEXEC
1987	def_bool y
1988
1989config ARCH_SUPPORTS_KEXEC_FILE
1990	def_bool X86_64
1991
1992config ARCH_SELECTS_KEXEC_FILE
1993	def_bool y
1994	depends on KEXEC_FILE
1995	select HAVE_IMA_KEXEC if IMA
1996
1997config ARCH_SUPPORTS_KEXEC_PURGATORY
1998	def_bool y
1999
2000config ARCH_SUPPORTS_KEXEC_SIG
2001	def_bool y
2002
2003config ARCH_SUPPORTS_KEXEC_SIG_FORCE
2004	def_bool y
2005
2006config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
2007	def_bool y
2008
2009config ARCH_SUPPORTS_KEXEC_JUMP
2010	def_bool y
2011
2012config ARCH_SUPPORTS_KEXEC_HANDOVER
2013	def_bool X86_64
2014
2015config ARCH_SUPPORTS_CRASH_DUMP
2016	def_bool X86_64 || (X86_32 && HIGHMEM)
2017
2018config ARCH_DEFAULT_CRASH_DUMP
2019	def_bool y
2020
2021config ARCH_SUPPORTS_CRASH_HOTPLUG
2022	def_bool y
2023
2024config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION
2025	def_bool CRASH_RESERVE
2026
2027config PHYSICAL_START
2028	hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
2029	default "0x1000000"
2030	help
2031	  This gives the physical address where the kernel is loaded.
2032
2033	  If the kernel is not relocatable (CONFIG_RELOCATABLE=n) then bzImage
2034	  will decompress itself to above physical address and run from there.
2035	  Otherwise, bzImage will run from the address where it has been loaded
2036	  by the boot loader. The only exception is if it is loaded below the
2037	  above physical address, in which case it will relocate itself there.
2038
2039	  In normal kdump cases one does not have to set/change this option
2040	  as now bzImage can be compiled as a completely relocatable image
2041	  (CONFIG_RELOCATABLE=y) and be used to load and run from a different
2042	  address. This option is mainly useful for the folks who don't want
2043	  to use a bzImage for capturing the crash dump and want to use a
2044	  vmlinux instead. vmlinux is not relocatable hence a kernel needs
2045	  to be specifically compiled to run from a specific memory area
2046	  (normally a reserved region) and this option comes handy.
2047
2048	  So if you are using bzImage for capturing the crash dump,
2049	  leave the value here unchanged to 0x1000000 and set
2050	  CONFIG_RELOCATABLE=y.  Otherwise if you plan to use vmlinux
2051	  for capturing the crash dump change this value to start of
2052	  the reserved region.  In other words, it can be set based on
2053	  the "X" value as specified in the "crashkernel=YM@XM"
2054	  command line boot parameter passed to the panic-ed
2055	  kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
2056	  for more details about crash dumps.
2057
2058	  Usage of bzImage for capturing the crash dump is recommended as
2059	  one does not have to build two kernels. Same kernel can be used
2060	  as production kernel and capture kernel. Above option should have
2061	  gone away after relocatable bzImage support is introduced. But it
2062	  is present because there are users out there who continue to use
2063	  vmlinux for dump capture. This option should go away down the
2064	  line.
2065
2066	  Don't change this unless you know what you are doing.
2067
2068config RELOCATABLE
2069	bool "Build a relocatable kernel"
2070	default y
2071	help
2072	  This builds a kernel image that retains relocation information
2073	  so it can be loaded someplace besides the default 1MB.
2074	  The relocations tend to make the kernel binary about 10% larger,
2075	  but are discarded at runtime.
2076
2077	  One use is for the kexec on panic case where the recovery kernel
2078	  must live at a different physical address than the primary
2079	  kernel.
2080
2081	  Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
2082	  it has been loaded at and the compile time physical address
2083	  (CONFIG_PHYSICAL_START) is used as the minimum location.
2084
2085config RANDOMIZE_BASE
2086	bool "Randomize the address of the kernel image (KASLR)"
2087	depends on RELOCATABLE
2088	default y
2089	help
2090	  In support of Kernel Address Space Layout Randomization (KASLR),
2091	  this randomizes the physical address at which the kernel image
2092	  is decompressed and the virtual address where the kernel
2093	  image is mapped, as a security feature that deters exploit
2094	  attempts relying on knowledge of the location of kernel
2095	  code internals.
2096
2097	  On 64-bit, the kernel physical and virtual addresses are
2098	  randomized separately. The physical address will be anywhere
2099	  between 16MB and the top of physical memory (up to 64TB). The
2100	  virtual address will be randomized from 16MB up to 1GB (9 bits
2101	  of entropy). Note that this also reduces the memory space
2102	  available to kernel modules from 1.5GB to 1GB.
2103
2104	  On 32-bit, the kernel physical and virtual addresses are
2105	  randomized together. They will be randomized from 16MB up to
2106	  512MB (8 bits of entropy).
2107
2108	  Entropy is generated using the RDRAND instruction if it is
2109	  supported. If RDTSC is supported, its value is mixed into
2110	  the entropy pool as well. If neither RDRAND nor RDTSC are
2111	  supported, then entropy is read from the i8254 timer. The
2112	  usable entropy is limited by the kernel being built using
2113	  2GB addressing, and that PHYSICAL_ALIGN must be at a
2114	  minimum of 2MB. As a result, only 10 bits of entropy are
2115	  theoretically possible, but the implementations are further
2116	  limited due to memory layouts.
2117
2118	  If unsure, say Y.
2119
2120# Relocation on x86 needs some additional build support
2121config X86_NEED_RELOCS
2122	def_bool y
2123	depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
2124	select ARCH_VMLINUX_NEEDS_RELOCS
2125
2126config PHYSICAL_ALIGN
2127	hex "Alignment value to which kernel should be aligned"
2128	default "0x200000"
2129	range 0x2000 0x1000000 if X86_32
2130	range 0x200000 0x1000000 if X86_64
2131	help
2132	  This value puts the alignment restrictions on physical address
2133	  where kernel is loaded and run from. Kernel is compiled for an
2134	  address which meets above alignment restriction.
2135
2136	  If bootloader loads the kernel at a non-aligned address and
2137	  CONFIG_RELOCATABLE is set, kernel will move itself to nearest
2138	  address aligned to above value and run from there.
2139
2140	  If bootloader loads the kernel at a non-aligned address and
2141	  CONFIG_RELOCATABLE is not set, kernel will ignore the run time
2142	  load address and decompress itself to the address it has been
2143	  compiled for and run from there. The address for which kernel is
2144	  compiled already meets above alignment restrictions. Hence the
2145	  end result is that kernel runs from a physical address meeting
2146	  above alignment restrictions.
2147
2148	  On 32-bit this value must be a multiple of 0x2000. On 64-bit
2149	  this value must be a multiple of 0x200000.
2150
2151	  Don't change this unless you know what you are doing.
2152
2153config RANDOMIZE_MEMORY
2154	bool "Randomize the kernel memory sections"
2155	depends on X86_64
2156	depends on RANDOMIZE_BASE
2157	default RANDOMIZE_BASE
2158	help
2159	  Randomizes the base virtual address of kernel memory sections
2160	  (physical memory mapping, vmalloc & vmemmap). This security feature
2161	  makes exploits relying on predictable memory locations less reliable.
2162
2163	  The order of allocations remains unchanged. Entropy is generated in
2164	  the same way as RANDOMIZE_BASE. Current implementation in the optimal
2165	  configuration have in average 30,000 different possible virtual
2166	  addresses for each memory section.
2167
2168	  If unsure, say Y.
2169
2170config RANDOMIZE_MEMORY_PHYSICAL_PADDING
2171	hex "Physical memory mapping padding" if EXPERT
2172	depends on RANDOMIZE_MEMORY
2173	default "0xa" if MEMORY_HOTPLUG
2174	default "0x0"
2175	range 0x1 0x40 if MEMORY_HOTPLUG
2176	range 0x0 0x40
2177	help
2178	  Define the padding in terabytes added to the existing physical
2179	  memory size during kernel memory randomization. It is useful
2180	  for memory hotplug support but reduces the entropy available for
2181	  address randomization.
2182
2183	  If unsure, leave at the default value.
2184
2185config ADDRESS_MASKING
2186	bool "Linear Address Masking support"
2187	depends on X86_64
2188	depends on COMPILE_TEST || !CPU_MITIGATIONS # wait for LASS
2189	help
2190	  Linear Address Masking (LAM) modifies the checking that is applied
2191	  to 64-bit linear addresses, allowing software to use of the
2192	  untranslated address bits for metadata.
2193
2194	  The capability can be used for efficient address sanitizers (ASAN)
2195	  implementation and for optimizations in JITs.
2196
2197config HOTPLUG_CPU
2198	def_bool y
2199	depends on SMP
2200
2201config COMPAT_VDSO
2202	def_bool n
2203	prompt "Workaround for glibc 2.3.2 / 2.3.3 (released in year 2003/2004)"
2204	depends on COMPAT_32
2205	help
2206	  Certain buggy versions of glibc will crash if they are
2207	  presented with a 32-bit vDSO that is not mapped at the address
2208	  indicated in its segment table.
2209
2210	  The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
2211	  and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
2212	  49ad572a70b8aeb91e57483a11dd1b77e31c4468.  Glibc 2.3.3 is
2213	  the only released version with the bug, but OpenSUSE 9
2214	  contains a buggy "glibc 2.3.2".
2215
2216	  The symptom of the bug is that everything crashes on startup, saying:
2217	  dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
2218
2219	  Saying Y here changes the default value of the vdso32 boot
2220	  option from 1 to 0, which turns off the 32-bit vDSO entirely.
2221	  This works around the glibc bug but hurts performance.
2222
2223	  If unsure, say N: if you are compiling your own kernel, you
2224	  are unlikely to be using a buggy version of glibc.
2225
2226choice
2227	prompt "vsyscall table for legacy applications"
2228	depends on X86_64
2229	default LEGACY_VSYSCALL_XONLY
2230	help
2231	  Legacy user code that does not know how to find the vDSO expects
2232	  to be able to issue three syscalls by calling fixed addresses in
2233	  kernel space. Since this location is not randomized with ASLR,
2234	  it can be used to assist security vulnerability exploitation.
2235
2236	  This setting can be changed at boot time via the kernel command
2237	  line parameter vsyscall=[emulate|xonly|none].  Emulate mode
2238	  is deprecated and can only be enabled using the kernel command
2239	  line.
2240
2241	  On a system with recent enough glibc (2.14 or newer) and no
2242	  static binaries, you can say None without a performance penalty
2243	  to improve security.
2244
2245	  If unsure, select "Emulate execution only".
2246
2247	config LEGACY_VSYSCALL_XONLY
2248		bool "Emulate execution only"
2249		help
2250		  The kernel traps and emulates calls into the fixed vsyscall
2251		  address mapping and does not allow reads.  This
2252		  configuration is recommended when userspace might use the
2253		  legacy vsyscall area but support for legacy binary
2254		  instrumentation of legacy code is not needed.  It mitigates
2255		  certain uses of the vsyscall area as an ASLR-bypassing
2256		  buffer.
2257
2258	config LEGACY_VSYSCALL_NONE
2259		bool "None"
2260		help
2261		  There will be no vsyscall mapping at all. This will
2262		  eliminate any risk of ASLR bypass due to the vsyscall
2263		  fixed address mapping. Attempts to use the vsyscalls
2264		  will be reported to dmesg, so that either old or
2265		  malicious userspace programs can be identified.
2266
2267endchoice
2268
2269config CMDLINE_BOOL
2270	bool "Built-in kernel command line"
2271	help
2272	  Allow for specifying boot arguments to the kernel at
2273	  build time.  On some systems (e.g. embedded ones), it is
2274	  necessary or convenient to provide some or all of the
2275	  kernel boot arguments with the kernel itself (that is,
2276	  to not rely on the boot loader to provide them.)
2277
2278	  To compile command line arguments into the kernel,
2279	  set this option to 'Y', then fill in the
2280	  boot arguments in CONFIG_CMDLINE.
2281
2282	  Systems with fully functional boot loaders (i.e. non-embedded)
2283	  should leave this option set to 'N'.
2284
2285config CMDLINE
2286	string "Built-in kernel command string"
2287	depends on CMDLINE_BOOL
2288	default ""
2289	help
2290	  Enter arguments here that should be compiled into the kernel
2291	  image and used at boot time.  If the boot loader provides a
2292	  command line at boot time, it is appended to this string to
2293	  form the full kernel command line, when the system boots.
2294
2295	  However, you can use the CONFIG_CMDLINE_OVERRIDE option to
2296	  change this behavior.
2297
2298	  In most cases, the command line (whether built-in or provided
2299	  by the boot loader) should specify the device for the root
2300	  file system.
2301
2302config CMDLINE_OVERRIDE
2303	bool "Built-in command line overrides boot loader arguments"
2304	depends on CMDLINE_BOOL && CMDLINE != ""
2305	help
2306	  Set this option to 'Y' to have the kernel ignore the boot loader
2307	  command line, and use ONLY the built-in command line.
2308
2309	  This is used to work around broken boot loaders.  This should
2310	  be set to 'N' under normal conditions.
2311
2312config MODIFY_LDT_SYSCALL
2313	bool "Enable the LDT (local descriptor table)" if EXPERT
2314	default y
2315	help
2316	  Linux can allow user programs to install a per-process x86
2317	  Local Descriptor Table (LDT) using the modify_ldt(2) system
2318	  call.  This is required to run 16-bit or segmented code such as
2319	  DOSEMU or some Wine programs.  It is also used by some very old
2320	  threading libraries.
2321
2322	  Enabling this feature adds a small amount of overhead to
2323	  context switches and increases the low-level kernel attack
2324	  surface.  Disabling it removes the modify_ldt(2) system call.
2325
2326	  Saying 'N' here may make sense for embedded or server kernels.
2327
2328config STRICT_SIGALTSTACK_SIZE
2329	bool "Enforce strict size checking for sigaltstack"
2330	depends on DYNAMIC_SIGFRAME
2331	help
2332	  For historical reasons MINSIGSTKSZ is a constant which became
2333	  already too small with AVX512 support. Add a mechanism to
2334	  enforce strict checking of the sigaltstack size against the
2335	  real size of the FPU frame. This option enables the check
2336	  by default. It can also be controlled via the kernel command
2337	  line option 'strict_sas_size' independent of this config
2338	  switch. Enabling it might break existing applications which
2339	  allocate a too small sigaltstack but 'work' because they
2340	  never get a signal delivered.
2341
2342	  Say 'N' unless you want to really enforce this check.
2343
2344config CFI_AUTO_DEFAULT
2345	bool "Attempt to use FineIBT by default at boot time"
2346	depends on FINEIBT
2347	depends on !RUST || RUSTC_VERSION >= 108800
2348	default y
2349	help
2350	  Attempt to use FineIBT by default at boot time. If enabled,
2351	  this is the same as booting with "cfi=auto". If disabled,
2352	  this is the same as booting with "cfi=kcfi".
2353
2354source "kernel/livepatch/Kconfig"
2355
2356config X86_BUS_LOCK_DETECT
2357	bool "Split Lock Detect and Bus Lock Detect support"
2358	depends on CPU_SUP_INTEL || CPU_SUP_AMD
2359	default y
2360	help
2361	  Enable Split Lock Detect and Bus Lock Detect functionalities.
2362	  See <file:Documentation/arch/x86/buslock.rst> for more information.
2363
2364endmenu
2365
2366config CC_HAS_NAMED_AS
2367	def_bool $(success,echo 'int __seg_fs fs; int __seg_gs gs;' | $(CC) -x c - -S -o /dev/null)
2368	depends on CC_IS_GCC
2369
2370#
2371# -fsanitize=kernel-address (KASAN) and -fsanitize=thread (KCSAN)
2372# are incompatible with named address spaces with GCC < 13.3
2373# (see GCC PR sanitizer/111736 and also PR sanitizer/115172).
2374#
2375
2376config CC_HAS_NAMED_AS_FIXED_SANITIZERS
2377	def_bool y
2378	depends on !(KASAN || KCSAN) || GCC_VERSION >= 130300
2379	depends on !(UBSAN_BOOL && KASAN) || GCC_VERSION >= 140200
2380
2381config USE_X86_SEG_SUPPORT
2382	def_bool CC_HAS_NAMED_AS
2383	depends on CC_HAS_NAMED_AS_FIXED_SANITIZERS
2384
2385config CC_HAS_SLS
2386	def_bool $(cc-option,-mharden-sls=all)
2387
2388config CC_HAS_RETURN_THUNK
2389	def_bool $(cc-option,-mfunction-return=thunk-extern)
2390
2391config CC_HAS_ENTRY_PADDING
2392	def_bool $(cc-option,-fpatchable-function-entry=16,16)
2393
2394config CC_HAS_KCFI_ARITY
2395	def_bool $(cc-option,-fsanitize=kcfi -fsanitize-kcfi-arity)
2396	depends on CC_IS_CLANG && !RUST
2397
2398config FUNCTION_PADDING_CFI
2399	int
2400	default 59 if FUNCTION_ALIGNMENT_64B
2401	default 27 if FUNCTION_ALIGNMENT_32B
2402	default 11 if FUNCTION_ALIGNMENT_16B
2403	default  3 if FUNCTION_ALIGNMENT_8B
2404	default  0
2405
2406# Basically: FUNCTION_ALIGNMENT - 5*CFI
2407# except Kconfig can't do arithmetic :/
2408config FUNCTION_PADDING_BYTES
2409	int
2410	default FUNCTION_PADDING_CFI if CFI
2411	default FUNCTION_ALIGNMENT
2412
2413config CALL_PADDING
2414	def_bool n
2415	depends on CC_HAS_ENTRY_PADDING && OBJTOOL
2416	select FUNCTION_ALIGNMENT_16B
2417
2418config FINEIBT
2419	def_bool y
2420	depends on X86_KERNEL_IBT && CFI && MITIGATION_RETPOLINE
2421	select CALL_PADDING
2422
2423config FINEIBT_BHI
2424	def_bool y
2425	depends on FINEIBT && CC_HAS_KCFI_ARITY
2426
2427config HAVE_CALL_THUNKS
2428	def_bool y
2429	depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL
2430
2431config CALL_THUNKS
2432	def_bool n
2433	select CALL_PADDING
2434
2435config PREFIX_SYMBOLS
2436	def_bool y
2437	depends on CALL_PADDING && !CFI
2438
2439menuconfig CPU_MITIGATIONS
2440	bool "Mitigations for CPU vulnerabilities"
2441	default y
2442	help
2443	  Say Y here to enable options which enable mitigations for hardware
2444	  vulnerabilities (usually related to speculative execution).
2445	  Mitigations can be disabled or restricted to SMT systems at runtime
2446	  via the "mitigations" kernel parameter.
2447
2448	  If you say N, all mitigations will be disabled.  This CANNOT be
2449	  overridden at runtime.
2450
2451	  Say 'Y', unless you really know what you are doing.
2452
2453if CPU_MITIGATIONS
2454
2455config MITIGATION_PAGE_TABLE_ISOLATION
2456	bool "Remove the kernel mapping in user mode"
2457	default y
2458	depends on (X86_64 || X86_PAE)
2459	help
2460	  This feature reduces the number of hardware side channels by
2461	  ensuring that the majority of kernel addresses are not mapped
2462	  into userspace.
2463
2464	  See Documentation/arch/x86/pti.rst for more details.
2465
2466config MITIGATION_RETPOLINE
2467	bool "Avoid speculative indirect branches in kernel"
2468	select OBJTOOL if HAVE_OBJTOOL
2469	default y
2470	help
2471	  Compile kernel with the retpoline compiler options to guard against
2472	  kernel-to-user data leaks by avoiding speculative indirect
2473	  branches. Requires a compiler with -mindirect-branch=thunk-extern
2474	  support for full protection. The kernel may run slower.
2475
2476config MITIGATION_RETHUNK
2477	bool "Enable return-thunks"
2478	depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK
2479	select OBJTOOL if HAVE_OBJTOOL
2480	default y if X86_64
2481	help
2482	  Compile the kernel with the return-thunks compiler option to guard
2483	  against kernel-to-user data leaks by avoiding return speculation.
2484	  Requires a compiler with -mfunction-return=thunk-extern
2485	  support for full protection. The kernel may run slower.
2486
2487config MITIGATION_UNRET_ENTRY
2488	bool "Enable UNRET on kernel entry"
2489	depends on CPU_SUP_AMD && MITIGATION_RETHUNK && X86_64
2490	default y
2491	help
2492	  Compile the kernel with support for the retbleed=unret mitigation.
2493
2494config MITIGATION_CALL_DEPTH_TRACKING
2495	bool "Mitigate RSB underflow with call depth tracking"
2496	depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS
2497	select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
2498	select CALL_THUNKS
2499	default y
2500	help
2501	  Compile the kernel with call depth tracking to mitigate the Intel
2502	  SKL Return-Stack-Buffer (RSB) underflow issue. The mitigation is off
2503	  by default and needs to be enabled on the kernel command line via the
2504	  retbleed=stuff option. For non-affected systems the overhead of this
2505	  option is marginal as the call depth tracking is using run-time
2506	  generated call thunks in a compiler generated padding area and call
2507	  patching. This increases text size by ~5%. For non affected systems
2508	  this space is unused. On affected SKL systems this results in a
2509	  significant performance gain over the IBRS mitigation.
2510
2511config CALL_THUNKS_DEBUG
2512	bool "Enable call thunks and call depth tracking debugging"
2513	depends on MITIGATION_CALL_DEPTH_TRACKING
2514	select FUNCTION_ALIGNMENT_32B
2515	default n
2516	help
2517	  Enable call/ret counters for imbalance detection and build in
2518	  a noisy dmesg about callthunks generation and call patching for
2519	  trouble shooting. The debug prints need to be enabled on the
2520	  kernel command line with 'debug-callthunks'.
2521	  Only enable this when you are debugging call thunks as this
2522	  creates a noticeable runtime overhead. If unsure say N.
2523
2524config MITIGATION_IBPB_ENTRY
2525	bool "Enable IBPB on kernel entry"
2526	depends on CPU_SUP_AMD && X86_64
2527	default y
2528	help
2529	  Compile the kernel with support for the retbleed=ibpb and
2530	  spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations.
2531
2532config MITIGATION_IBRS_ENTRY
2533	bool "Enable IBRS on kernel entry"
2534	depends on CPU_SUP_INTEL && X86_64
2535	default y
2536	help
2537	  Compile the kernel with support for the spectre_v2=ibrs mitigation.
2538	  This mitigates both spectre_v2 and retbleed at great cost to
2539	  performance.
2540
2541config MITIGATION_SRSO
2542	bool "Mitigate speculative RAS overflow on AMD"
2543	depends on CPU_SUP_AMD && X86_64 && MITIGATION_RETHUNK
2544	default y
2545	help
2546	  Enable the SRSO mitigation needed on AMD Zen1-4 machines.
2547
2548config MITIGATION_SLS
2549	bool "Mitigate Straight-Line-Speculation"
2550	depends on CC_HAS_SLS && X86_64
2551	select OBJTOOL if HAVE_OBJTOOL
2552	default n
2553	help
2554	  Compile the kernel with straight-line-speculation options to guard
2555	  against straight line speculation. The kernel image might be slightly
2556	  larger.
2557
2558config MITIGATION_GDS
2559	bool "Mitigate Gather Data Sampling"
2560	depends on CPU_SUP_INTEL
2561	default y
2562	help
2563	  Enable mitigation for Gather Data Sampling (GDS). GDS is a hardware
2564	  vulnerability which allows unprivileged speculative access to data
2565	  which was previously stored in vector registers. The attacker uses gather
2566	  instructions to infer the stale vector register data.
2567
2568config MITIGATION_RFDS
2569	bool "RFDS Mitigation"
2570	depends on CPU_SUP_INTEL
2571	default y
2572	help
2573	  Enable mitigation for Register File Data Sampling (RFDS) by default.
2574	  RFDS is a hardware vulnerability which affects Intel Atom CPUs. It
2575	  allows unprivileged speculative access to stale data previously
2576	  stored in floating point, vector and integer registers.
2577	  See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst>
2578
2579config MITIGATION_SPECTRE_BHI
2580	bool "Mitigate Spectre-BHB (Branch History Injection)"
2581	depends on CPU_SUP_INTEL
2582	default y
2583	help
2584	  Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks
2585	  where the branch history buffer is poisoned to speculatively steer
2586	  indirect branches.
2587	  See <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2588
2589config MITIGATION_MDS
2590	bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug"
2591	depends on CPU_SUP_INTEL
2592	default y
2593	help
2594	  Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is
2595	  a hardware vulnerability which allows unprivileged speculative access
2596	  to data which is available in various CPU internal buffers.
2597	  See also <file:Documentation/admin-guide/hw-vuln/mds.rst>
2598
2599config MITIGATION_TAA
2600	bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug"
2601	depends on CPU_SUP_INTEL
2602	default y
2603	help
2604	  Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware
2605	  vulnerability that allows unprivileged speculative access to data
2606	  which is available in various CPU internal buffers by using
2607	  asynchronous aborts within an Intel TSX transactional region.
2608	  See also <file:Documentation/admin-guide/hw-vuln/tsx_async_abort.rst>
2609
2610config MITIGATION_MMIO_STALE_DATA
2611	bool "Mitigate MMIO Stale Data hardware bug"
2612	depends on CPU_SUP_INTEL
2613	default y
2614	help
2615	  Enable mitigation for MMIO Stale Data hardware bugs.  Processor MMIO
2616	  Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO)
2617	  vulnerabilities that can expose data. The vulnerabilities require the
2618	  attacker to have access to MMIO.
2619	  See also
2620	  <file:Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst>
2621
2622config MITIGATION_L1TF
2623	bool "Mitigate L1 Terminal Fault (L1TF) hardware bug"
2624	depends on CPU_SUP_INTEL
2625	default y
2626	help
2627	  Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a
2628	  hardware vulnerability which allows unprivileged speculative access to data
2629	  available in the Level 1 Data Cache.
2630	  See <file:Documentation/admin-guide/hw-vuln/l1tf.rst
2631
2632config MITIGATION_RETBLEED
2633	bool "Mitigate RETBleed hardware bug"
2634	depends on (CPU_SUP_INTEL && MITIGATION_SPECTRE_V2) || MITIGATION_UNRET_ENTRY || MITIGATION_IBPB_ENTRY
2635	default y
2636	help
2637	  Enable mitigation for RETBleed (Arbitrary Speculative Code Execution
2638	  with Return Instructions) vulnerability.  RETBleed is a speculative
2639	  execution attack which takes advantage of microarchitectural behavior
2640	  in many modern microprocessors, similar to Spectre v2. An
2641	  unprivileged attacker can use these flaws to bypass conventional
2642	  memory security restrictions to gain read access to privileged memory
2643	  that would otherwise be inaccessible.
2644
2645config MITIGATION_SPECTRE_V1
2646	bool "Mitigate SPECTRE V1 hardware bug"
2647	default y
2648	help
2649	  Enable mitigation for Spectre V1 (Bounds Check Bypass). Spectre V1 is a
2650	  class of side channel attacks that takes advantage of speculative
2651	  execution that bypasses conditional branch instructions used for
2652	  memory access bounds check.
2653	  See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2654
2655config MITIGATION_SPECTRE_V2
2656	bool "Mitigate SPECTRE V2 hardware bug"
2657	default y
2658	help
2659	  Enable mitigation for Spectre V2 (Branch Target Injection). Spectre
2660	  V2 is a class of side channel attacks that takes advantage of
2661	  indirect branch predictors inside the processor. In Spectre variant 2
2662	  attacks, the attacker can steer speculative indirect branches in the
2663	  victim to gadget code by poisoning the branch target buffer of a CPU
2664	  used for predicting indirect branch addresses.
2665	  See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2666
2667config MITIGATION_SRBDS
2668	bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug"
2669	depends on CPU_SUP_INTEL
2670	default y
2671	help
2672	  Enable mitigation for Special Register Buffer Data Sampling (SRBDS).
2673	  SRBDS is a hardware vulnerability that allows Microarchitectural Data
2674	  Sampling (MDS) techniques to infer values returned from special
2675	  register accesses. An unprivileged user can extract values returned
2676	  from RDRAND and RDSEED executed on another core or sibling thread
2677	  using MDS techniques.
2678	  See also
2679	  <file:Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst>
2680
2681config MITIGATION_SSB
2682	bool "Mitigate Speculative Store Bypass (SSB) hardware bug"
2683	default y
2684	help
2685	  Enable mitigation for Speculative Store Bypass (SSB). SSB is a
2686	  hardware security vulnerability and its exploitation takes advantage
2687	  of speculative execution in a similar way to the Meltdown and Spectre
2688	  security vulnerabilities.
2689
2690config MITIGATION_ITS
2691	bool "Enable Indirect Target Selection mitigation"
2692	depends on CPU_SUP_INTEL && X86_64
2693	depends on MITIGATION_RETPOLINE && MITIGATION_RETHUNK
2694	select EXECMEM
2695	default y
2696	help
2697	  Enable Indirect Target Selection (ITS) mitigation. ITS is a bug in
2698	  BPU on some Intel CPUs that may allow Spectre V2 style attacks. If
2699	  disabled, mitigation cannot be enabled via cmdline.
2700	  See <file:Documentation/admin-guide/hw-vuln/indirect-target-selection.rst>
2701
2702config MITIGATION_TSA
2703	bool "Mitigate Transient Scheduler Attacks"
2704	depends on CPU_SUP_AMD
2705	default y
2706	help
2707	  Enable mitigation for Transient Scheduler Attacks. TSA is a hardware
2708	  security vulnerability on AMD CPUs which can lead to forwarding of
2709	  invalid info to subsequent instructions and thus can affect their
2710	  timing and thereby cause a leakage.
2711
2712config MITIGATION_VMSCAPE
2713	bool "Mitigate VMSCAPE"
2714	depends on KVM
2715	default y
2716	help
2717	  Enable mitigation for VMSCAPE attacks. VMSCAPE is a hardware security
2718	  vulnerability on Intel and AMD CPUs that may allow a guest to do
2719	  Spectre v2 style attacks on userspace hypervisor.
2720endif
2721
2722config ARCH_HAS_ADD_PAGES
2723	def_bool y
2724	depends on ARCH_ENABLE_MEMORY_HOTPLUG
2725
2726menu "Power management and ACPI options"
2727
2728config ARCH_HIBERNATION_HEADER
2729	def_bool y
2730	depends on HIBERNATION
2731
2732source "kernel/power/Kconfig"
2733
2734source "drivers/acpi/Kconfig"
2735
2736config X86_APM_BOOT
2737	def_bool y
2738	depends on APM
2739
2740menuconfig APM
2741	tristate "APM (Advanced Power Management) BIOS support"
2742	depends on X86_32 && PM_SLEEP
2743	help
2744	  APM is a BIOS specification for saving power using several different
2745	  techniques. This is mostly useful for battery powered laptops with
2746	  APM compliant BIOSes. If you say Y here, the system time will be
2747	  reset after a RESUME operation, the /proc/apm device will provide
2748	  battery status information, and user-space programs will receive
2749	  notification of APM "events" (e.g. battery status change).
2750
2751	  If you select "Y" here, you can disable actual use of the APM
2752	  BIOS by passing the "apm=off" option to the kernel at boot time.
2753
2754	  Note that the APM support is almost completely disabled for
2755	  machines with more than one CPU.
2756
2757	  In order to use APM, you will need supporting software. For location
2758	  and more information, read <file:Documentation/power/apm-acpi.rst>
2759	  and the Battery Powered Linux mini-HOWTO, available from
2760	  <http://www.tldp.org/docs.html#howto>.
2761
2762	  This driver does not spin down disk drives (see the hdparm(8)
2763	  manpage ("man 8 hdparm") for that), and it doesn't turn off
2764	  VESA-compliant "green" monitors.
2765
2766	  This driver does not support the TI 4000M TravelMate and the ACER
2767	  486/DX4/75 because they don't have compliant BIOSes. Many "green"
2768	  desktop machines also don't have compliant BIOSes, and this driver
2769	  may cause those machines to panic during the boot phase.
2770
2771	  Generally, if you don't have a battery in your machine, there isn't
2772	  much point in using this driver and you should say N. If you get
2773	  random kernel OOPSes or reboots that don't seem to be related to
2774	  anything, try disabling/enabling this option (or disabling/enabling
2775	  APM in your BIOS).
2776
2777	  Some other things you should try when experiencing seemingly random,
2778	  "weird" problems:
2779
2780	  1) make sure that you have enough swap space and that it is
2781	  enabled.
2782	  2) pass the "idle=poll" option to the kernel
2783	  3) switch on floating point emulation in the kernel and pass
2784	  the "no387" option to the kernel
2785	  4) pass the "floppy=nodma" option to the kernel
2786	  5) pass the "mem=4M" option to the kernel (thereby disabling
2787	  all but the first 4 MB of RAM)
2788	  6) make sure that the CPU is not over clocked.
2789	  7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
2790	  8) disable the cache from your BIOS settings
2791	  9) install a fan for the video card or exchange video RAM
2792	  10) install a better fan for the CPU
2793	  11) exchange RAM chips
2794	  12) exchange the motherboard.
2795
2796	  To compile this driver as a module, choose M here: the
2797	  module will be called apm.
2798
2799if APM
2800
2801config APM_IGNORE_USER_SUSPEND
2802	bool "Ignore USER SUSPEND"
2803	help
2804	  This option will ignore USER SUSPEND requests. On machines with a
2805	  compliant APM BIOS, you want to say N. However, on the NEC Versa M
2806	  series notebooks, it is necessary to say Y because of a BIOS bug.
2807
2808config APM_DO_ENABLE
2809	bool "Enable PM at boot time"
2810	help
2811	  Enable APM features at boot time. From page 36 of the APM BIOS
2812	  specification: "When disabled, the APM BIOS does not automatically
2813	  power manage devices, enter the Standby State, enter the Suspend
2814	  State, or take power saving steps in response to CPU Idle calls."
2815	  This driver will make CPU Idle calls when Linux is idle (unless this
2816	  feature is turned off -- see "Do CPU IDLE calls", below). This
2817	  should always save battery power, but more complicated APM features
2818	  will be dependent on your BIOS implementation. You may need to turn
2819	  this option off if your computer hangs at boot time when using APM
2820	  support, or if it beeps continuously instead of suspending. Turn
2821	  this off if you have a NEC UltraLite Versa 33/C or a Toshiba
2822	  T400CDT. This is off by default since most machines do fine without
2823	  this feature.
2824
2825config APM_CPU_IDLE
2826	depends on CPU_IDLE
2827	bool "Make CPU Idle calls when idle"
2828	help
2829	  Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
2830	  On some machines, this can activate improved power savings, such as
2831	  a slowed CPU clock rate, when the machine is idle. These idle calls
2832	  are made after the idle loop has run for some length of time (e.g.,
2833	  333 mS). On some machines, this will cause a hang at boot time or
2834	  whenever the CPU becomes idle. (On machines with more than one CPU,
2835	  this option does nothing.)
2836
2837config APM_DISPLAY_BLANK
2838	bool "Enable console blanking using APM"
2839	help
2840	  Enable console blanking using the APM. Some laptops can use this to
2841	  turn off the LCD backlight when the screen blanker of the Linux
2842	  virtual console blanks the screen. Note that this is only used by
2843	  the virtual console screen blanker, and won't turn off the backlight
2844	  when using the X Window system. This also doesn't have anything to
2845	  do with your VESA-compliant power-saving monitor. Further, this
2846	  option doesn't work for all laptops -- it might not turn off your
2847	  backlight at all, or it might print a lot of errors to the console,
2848	  especially if you are using gpm.
2849
2850config APM_ALLOW_INTS
2851	bool "Allow interrupts during APM BIOS calls"
2852	help
2853	  Normally we disable external interrupts while we are making calls to
2854	  the APM BIOS as a measure to lessen the effects of a badly behaving
2855	  BIOS implementation.  The BIOS should reenable interrupts if it
2856	  needs to.  Unfortunately, some BIOSes do not -- especially those in
2857	  many of the newer IBM Thinkpads.  If you experience hangs when you
2858	  suspend, try setting this to Y.  Otherwise, say N.
2859
2860endif # APM
2861
2862source "drivers/cpufreq/Kconfig"
2863
2864source "drivers/cpuidle/Kconfig"
2865
2866source "drivers/idle/Kconfig"
2867
2868endmenu
2869
2870menu "Bus options (PCI etc.)"
2871
2872choice
2873	prompt "PCI access mode"
2874	depends on X86_32 && PCI
2875	default PCI_GOANY
2876	help
2877	  On PCI systems, the BIOS can be used to detect the PCI devices and
2878	  determine their configuration. However, some old PCI motherboards
2879	  have BIOS bugs and may crash if this is done. Also, some embedded
2880	  PCI-based systems don't have any BIOS at all. Linux can also try to
2881	  detect the PCI hardware directly without using the BIOS.
2882
2883	  With this option, you can specify how Linux should detect the
2884	  PCI devices. If you choose "BIOS", the BIOS will be used,
2885	  if you choose "Direct", the BIOS won't be used, and if you
2886	  choose "MMConfig", then PCI Express MMCONFIG will be used.
2887	  If you choose "Any", the kernel will try MMCONFIG, then the
2888	  direct access method and falls back to the BIOS if that doesn't
2889	  work. If unsure, go with the default, which is "Any".
2890
2891config PCI_GOBIOS
2892	bool "BIOS"
2893
2894config PCI_GOMMCONFIG
2895	bool "MMConfig"
2896
2897config PCI_GODIRECT
2898	bool "Direct"
2899
2900config PCI_GOOLPC
2901	bool "OLPC XO-1"
2902	depends on OLPC
2903
2904config PCI_GOANY
2905	bool "Any"
2906
2907endchoice
2908
2909config PCI_BIOS
2910	def_bool y
2911	depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
2912
2913# x86-64 doesn't support PCI BIOS access from long mode so always go direct.
2914config PCI_DIRECT
2915	def_bool y
2916	depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
2917
2918config PCI_MMCONFIG
2919	bool "Support mmconfig PCI config space access" if X86_64
2920	default y
2921	depends on PCI && (ACPI || JAILHOUSE_GUEST)
2922	depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
2923	help
2924	  Add support for accessing the PCI configuration space as a memory
2925	  mapped area. It is the recommended method if the system supports
2926	  this (it must have PCI Express and ACPI for it to be available).
2927
2928	  In the unlikely case that enabling this configuration option causes
2929	  problems, the mechanism can be switched off with the 'pci=nommconf'
2930	  command line parameter.
2931
2932	  Say N only if you are sure that your platform does not support this
2933	  access method or you have problems caused by it.
2934
2935	  Say Y otherwise.
2936
2937config PCI_OLPC
2938	def_bool y
2939	depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
2940
2941config PCI_XEN
2942	def_bool y
2943	depends on PCI && XEN
2944
2945config MMCONF_FAM10H
2946	def_bool y
2947	depends on X86_64 && PCI_MMCONFIG && ACPI
2948
2949config PCI_CNB20LE_QUIRK
2950	bool "Read PCI host bridge windows from the CNB20LE chipset" if EXPERT
2951	depends on X86_32 && PCI
2952	help
2953	  Read the PCI windows out of the CNB20LE host bridge. This allows
2954	  PCI hotplug to work on systems with the CNB20LE chipset which do
2955	  not have ACPI.
2956
2957	  The ServerWorks (later Broadcom) CNB20LE was a chipset designed
2958	  most probably only for Pentium III.
2959
2960	  To find out if you have such a chipset, search for a PCI device with
2961	  1166:0009 PCI IDs, for example by executing
2962		lspci -nn | grep '1166:0009'
2963	  The code is inactive if there is none.
2964
2965	  There's no public spec for this chipset, and this functionality
2966	  is known to be incomplete.
2967
2968	  You should say N unless you know you need this.
2969
2970config ISA_BUS
2971	bool "ISA bus support on modern systems" if EXPERT
2972	help
2973	  Expose ISA bus device drivers and options available for selection and
2974	  configuration. Enable this option if your target machine has an ISA
2975	  bus. ISA is an older system, displaced by PCI and newer bus
2976	  architectures -- if your target machine is modern, it probably does
2977	  not have an ISA bus.
2978
2979	  If unsure, say N.
2980
2981# x86_64 have no ISA slots, but can have ISA-style DMA.
2982config ISA_DMA_API
2983	bool "ISA-style DMA support" if (X86_64 && EXPERT)
2984	default y
2985	help
2986	  Enables ISA-style DMA support for devices requiring such controllers.
2987	  If unsure, say Y.
2988
2989if X86_32
2990
2991config ISA
2992	bool "ISA support"
2993	help
2994	  Find out whether you have ISA slots on your motherboard.  ISA is the
2995	  name of a bus system, i.e. the way the CPU talks to the other stuff
2996	  inside your box.  Other bus systems are PCI, EISA, MicroChannel
2997	  (MCA) or VESA.  ISA is an older system, now being displaced by PCI;
2998	  newer boards don't support it.  If you have ISA, say Y, otherwise N.
2999
3000config SCx200
3001	tristate "NatSemi SCx200 support"
3002	help
3003	  This provides basic support for National Semiconductor's
3004	  (now AMD's) Geode processors.  The driver probes for the
3005	  PCI-IDs of several on-chip devices, so its a good dependency
3006	  for other scx200_* drivers.
3007
3008	  If compiled as a module, the driver is named scx200.
3009
3010config SCx200HR_TIMER
3011	tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
3012	depends on SCx200
3013	default y
3014	help
3015	  This driver provides a clocksource built upon the on-chip
3016	  27MHz high-resolution timer.  Its also a workaround for
3017	  NSC Geode SC-1100's buggy TSC, which loses time when the
3018	  processor goes idle (as is done by the scheduler).  The
3019	  other workaround is idle=poll boot option.
3020
3021config OLPC
3022	bool "One Laptop Per Child support"
3023	depends on !X86_PAE
3024	select GPIOLIB
3025	select OF
3026	select OF_PROMTREE
3027	select IRQ_DOMAIN
3028	select OLPC_EC
3029	help
3030	  Add support for detecting the unique features of the OLPC
3031	  XO hardware.
3032
3033config OLPC_XO1_PM
3034	bool "OLPC XO-1 Power Management"
3035	depends on OLPC && MFD_CS5535=y && PM_SLEEP
3036	help
3037	  Add support for poweroff and suspend of the OLPC XO-1 laptop.
3038
3039config OLPC_XO1_RTC
3040	bool "OLPC XO-1 Real Time Clock"
3041	depends on OLPC_XO1_PM && RTC_DRV_CMOS
3042	help
3043	  Add support for the XO-1 real time clock, which can be used as a
3044	  programmable wakeup source.
3045
3046config OLPC_XO1_SCI
3047	bool "OLPC XO-1 SCI extras"
3048	depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
3049	depends on INPUT=y
3050	select POWER_SUPPLY
3051	help
3052	  Add support for SCI-based features of the OLPC XO-1 laptop:
3053	   - EC-driven system wakeups
3054	   - Power button
3055	   - Ebook switch
3056	   - Lid switch
3057	   - AC adapter status updates
3058	   - Battery status updates
3059
3060config OLPC_XO15_SCI
3061	bool "OLPC XO-1.5 SCI extras"
3062	depends on OLPC && ACPI
3063	select POWER_SUPPLY
3064	help
3065	  Add support for SCI-based features of the OLPC XO-1.5 laptop:
3066	   - EC-driven system wakeups
3067	   - AC adapter status updates
3068	   - Battery status updates
3069
3070config GEODE_COMMON
3071	bool
3072
3073config ALIX
3074	bool "PCEngines ALIX System Support (LED setup)"
3075	select GPIOLIB
3076	select GEODE_COMMON
3077	help
3078	  This option enables system support for the PCEngines ALIX.
3079	  At present this just sets up LEDs for GPIO control on
3080	  ALIX2/3/6 boards.  However, other system specific setup should
3081	  get added here.
3082
3083	  Note: You must still enable the drivers for GPIO and LED support
3084	  (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
3085
3086	  Note: You have to set alix.force=1 for boards with Award BIOS.
3087
3088config NET5501
3089	bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
3090	select GPIOLIB
3091	select GEODE_COMMON
3092	help
3093	  This option enables system support for the Soekris Engineering net5501.
3094
3095config GEOS
3096	bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
3097	select GPIOLIB
3098	select GEODE_COMMON
3099	depends on DMI
3100	help
3101	  This option enables system support for the Traverse Technologies GEOS.
3102
3103config TS5500
3104	bool "Technologic Systems TS-5500 platform support"
3105	depends on MELAN
3106	select CHECK_SIGNATURE
3107	select NEW_LEDS
3108	select LEDS_CLASS
3109	help
3110	  This option enables system support for the Technologic Systems TS-5500.
3111
3112endif # X86_32
3113
3114config AMD_NB
3115	def_bool y
3116	depends on AMD_NODE
3117
3118config AMD_NODE
3119	def_bool y
3120	depends on CPU_SUP_AMD && PCI
3121
3122endmenu
3123
3124menu "Binary Emulations"
3125
3126config IA32_EMULATION
3127	bool "IA32 Emulation"
3128	depends on X86_64
3129	select ARCH_WANT_OLD_COMPAT_IPC
3130	select BINFMT_ELF
3131	select COMPAT_OLD_SIGACTION
3132	help
3133	  Include code to run legacy 32-bit programs under a
3134	  64-bit kernel. You should likely turn this on, unless you're
3135	  100% sure that you don't have any 32-bit programs left.
3136
3137config IA32_EMULATION_DEFAULT_DISABLED
3138	bool "IA32 emulation disabled by default"
3139	default n
3140	depends on IA32_EMULATION
3141	help
3142	  Make IA32 emulation disabled by default. This prevents loading 32-bit
3143	  processes and access to 32-bit syscalls. If unsure, leave it to its
3144	  default value.
3145
3146config X86_X32_ABI
3147	bool "x32 ABI for 64-bit mode"
3148	depends on X86_64
3149	# llvm-objcopy does not convert x86_64 .note.gnu.property or
3150	# compressed debug sections to x86_x32 properly:
3151	# https://github.com/ClangBuiltLinux/linux/issues/514
3152	# https://github.com/ClangBuiltLinux/linux/issues/1141
3153	depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm)
3154	help
3155	  Include code to run binaries for the x32 native 32-bit ABI
3156	  for 64-bit processors.  An x32 process gets access to the
3157	  full 64-bit register file and wide data path while leaving
3158	  pointers at 32 bits for smaller memory footprint.
3159
3160config COMPAT_32
3161	def_bool y
3162	depends on IA32_EMULATION || X86_32
3163	select HAVE_UID16
3164	select OLD_SIGSUSPEND3
3165
3166config COMPAT
3167	def_bool y
3168	depends on IA32_EMULATION || X86_X32_ABI
3169
3170config COMPAT_FOR_U64_ALIGNMENT
3171	def_bool y
3172	depends on COMPAT
3173
3174endmenu
3175
3176config HAVE_ATOMIC_IOMAP
3177	def_bool y
3178	depends on X86_32
3179
3180source "arch/x86/kvm/Kconfig"
3181
3182source "arch/x86/Kconfig.cpufeatures"
3183
3184source "arch/x86/Kconfig.assembler"
3185