xref: /linux/arch/x86/Kconfig (revision ea1fda89f5b23734e10c62762990120d5ae23c43)
1# SPDX-License-Identifier: GPL-2.0
2# Select 32 or 64 bit
3config 64BIT
4	bool "64-bit kernel" if "$(ARCH)" = "x86"
5	default "$(ARCH)" != "i386"
6	help
7	  Say yes to build a 64-bit kernel - formerly known as x86_64
8	  Say no to build a 32-bit kernel - formerly known as i386
9
10config X86_32
11	def_bool y
12	depends on !64BIT
13	# Options that are inherently 32-bit kernel only:
14	select ARCH_WANT_IPC_PARSE_VERSION
15	select CLKSRC_I8253
16	select CLONE_BACKWARDS
17	select GENERIC_VDSO_32
18	select HAVE_DEBUG_STACKOVERFLOW
19	select KMAP_LOCAL
20	select MODULES_USE_ELF_REL
21	select OLD_SIGACTION
22	select ARCH_SPLIT_ARG64
23
24config X86_64
25	def_bool y
26	depends on 64BIT
27	# Options that are inherently 64-bit kernel only:
28	select ARCH_HAS_GIGANTIC_PAGE
29	select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
30	select ARCH_SUPPORTS_PER_VMA_LOCK
31	select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE
32	select HAVE_ARCH_SOFT_DIRTY
33	select MODULES_USE_ELF_RELA
34	select NEED_DMA_MAP_STATE
35	select SWIOTLB
36	select ARCH_HAS_ELFCORE_COMPAT
37	select ZONE_DMA32
38	select EXECMEM if DYNAMIC_FTRACE
39
40config FORCE_DYNAMIC_FTRACE
41	def_bool y
42	depends on X86_32
43	depends on FUNCTION_TRACER
44	select DYNAMIC_FTRACE
45	help
46	  We keep the static function tracing (!DYNAMIC_FTRACE) around
47	  in order to test the non static function tracing in the
48	  generic code, as other architectures still use it. But we
49	  only need to keep it around for x86_64. No need to keep it
50	  for x86_32. For x86_32, force DYNAMIC_FTRACE.
51#
52# Arch settings
53#
54# ( Note that options that are marked 'if X86_64' could in principle be
55#   ported to 32-bit as well. )
56#
57config X86
58	def_bool y
59	#
60	# Note: keep this list sorted alphabetically
61	#
62	select ACPI_LEGACY_TABLES_LOOKUP	if ACPI
63	select ACPI_SYSTEM_POWER_STATES_SUPPORT	if ACPI
64	select ACPI_HOTPLUG_CPU			if ACPI_PROCESSOR && HOTPLUG_CPU
65	select ARCH_32BIT_OFF_T			if X86_32
66	select ARCH_CLOCKSOURCE_INIT
67	select ARCH_CONFIGURES_CPU_MITIGATIONS
68	select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
69	select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION
70	select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64
71	select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG
72	select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE)
73	select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE
74	select ARCH_HAS_ACPI_TABLE_UPGRADE	if ACPI
75	select ARCH_HAS_CACHE_LINE_SIZE
76	select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION
77	select ARCH_HAS_CPU_FINALIZE_INIT
78	select ARCH_HAS_CPU_PASID		if IOMMU_SVA
79	select ARCH_HAS_CURRENT_STACK_POINTER
80	select ARCH_HAS_DEBUG_VIRTUAL
81	select ARCH_HAS_DEBUG_VM_PGTABLE	if !X86_PAE
82	select ARCH_HAS_DEVMEM_IS_ALLOWED
83	select ARCH_HAS_DMA_OPS			if GART_IOMMU || XEN
84	select ARCH_HAS_EARLY_DEBUG		if KGDB
85	select ARCH_HAS_ELF_RANDOMIZE
86	select ARCH_HAS_FAST_MULTIPLIER
87	select ARCH_HAS_FORTIFY_SOURCE
88	select ARCH_HAS_GCOV_PROFILE_ALL
89	select ARCH_HAS_KCOV			if X86_64
90	select ARCH_HAS_KERNEL_FPU_SUPPORT
91	select ARCH_HAS_MEM_ENCRYPT
92	select ARCH_HAS_MEMBARRIER_SYNC_CORE
93	select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS
94	select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
95	select ARCH_HAS_PMEM_API		if X86_64
96	select ARCH_HAS_PTE_DEVMAP		if X86_64
97	select ARCH_HAS_PTE_SPECIAL
98	select ARCH_HAS_HW_PTE_YOUNG
99	select ARCH_HAS_NONLEAF_PMD_YOUNG	if PGTABLE_LEVELS > 2
100	select ARCH_HAS_UACCESS_FLUSHCACHE	if X86_64
101	select ARCH_HAS_COPY_MC			if X86_64
102	select ARCH_HAS_SET_MEMORY
103	select ARCH_HAS_SET_DIRECT_MAP
104	select ARCH_HAS_STRICT_KERNEL_RWX
105	select ARCH_HAS_STRICT_MODULE_RWX
106	select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
107	select ARCH_HAS_SYSCALL_WRAPPER
108	select ARCH_HAS_UBSAN
109	select ARCH_HAS_DEBUG_WX
110	select ARCH_HAS_ZONE_DMA_SET if EXPERT
111	select ARCH_HAVE_NMI_SAFE_CMPXCHG
112	select ARCH_HAVE_EXTRA_ELF_NOTES
113	select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE
114	select ARCH_MIGHT_HAVE_ACPI_PDC		if ACPI
115	select ARCH_MIGHT_HAVE_PC_PARPORT
116	select ARCH_MIGHT_HAVE_PC_SERIO
117	select ARCH_STACKWALK
118	select ARCH_SUPPORTS_ACPI
119	select ARCH_SUPPORTS_ATOMIC_RMW
120	select ARCH_SUPPORTS_DEBUG_PAGEALLOC
121	select ARCH_SUPPORTS_PAGE_TABLE_CHECK	if X86_64
122	select ARCH_SUPPORTS_NUMA_BALANCING	if X86_64
123	select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP	if NR_CPUS <= 4096
124	select ARCH_SUPPORTS_CFI_CLANG		if X86_64
125	select ARCH_USES_CFI_TRAPS		if X86_64 && CFI_CLANG
126	select ARCH_SUPPORTS_LTO_CLANG
127	select ARCH_SUPPORTS_LTO_CLANG_THIN
128	select ARCH_SUPPORTS_RT
129	select ARCH_USE_BUILTIN_BSWAP
130	select ARCH_USE_CMPXCHG_LOCKREF		if X86_CMPXCHG64
131	select ARCH_USE_MEMTEST
132	select ARCH_USE_QUEUED_RWLOCKS
133	select ARCH_USE_QUEUED_SPINLOCKS
134	select ARCH_USE_SYM_ANNOTATIONS
135	select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
136	select ARCH_WANT_DEFAULT_BPF_JIT	if X86_64
137	select ARCH_WANTS_DYNAMIC_TASK_STRUCT
138	select ARCH_WANTS_NO_INSTR
139	select ARCH_WANT_GENERAL_HUGETLB
140	select ARCH_WANT_HUGE_PMD_SHARE
141	select ARCH_WANT_LD_ORPHAN_WARN
142	select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP	if X86_64
143	select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP	if X86_64
144	select ARCH_WANTS_THP_SWAP		if X86_64
145	select ARCH_HAS_PARANOID_L1D_FLUSH
146	select BUILDTIME_TABLE_SORT
147	select CLKEVT_I8253
148	select CLOCKSOURCE_VALIDATE_LAST_CYCLE
149	select CLOCKSOURCE_WATCHDOG
150	# Word-size accesses may read uninitialized data past the trailing \0
151	# in strings and cause false KMSAN reports.
152	select DCACHE_WORD_ACCESS		if !KMSAN
153	select DYNAMIC_SIGFRAME
154	select EDAC_ATOMIC_SCRUB
155	select EDAC_SUPPORT
156	select GENERIC_CLOCKEVENTS_BROADCAST	if X86_64 || (X86_32 && X86_LOCAL_APIC)
157	select GENERIC_CLOCKEVENTS_BROADCAST_IDLE	if GENERIC_CLOCKEVENTS_BROADCAST
158	select GENERIC_CLOCKEVENTS_MIN_ADJUST
159	select GENERIC_CMOS_UPDATE
160	select GENERIC_CPU_AUTOPROBE
161	select GENERIC_CPU_DEVICES
162	select GENERIC_CPU_VULNERABILITIES
163	select GENERIC_EARLY_IOREMAP
164	select GENERIC_ENTRY
165	select GENERIC_IOMAP
166	select GENERIC_IRQ_EFFECTIVE_AFF_MASK	if SMP
167	select GENERIC_IRQ_MATRIX_ALLOCATOR	if X86_LOCAL_APIC
168	select GENERIC_IRQ_MIGRATION		if SMP
169	select GENERIC_IRQ_PROBE
170	select GENERIC_IRQ_RESERVATION_MODE
171	select GENERIC_IRQ_SHOW
172	select GENERIC_PENDING_IRQ		if SMP
173	select GENERIC_PTDUMP
174	select GENERIC_SMP_IDLE_THREAD
175	select GENERIC_TIME_VSYSCALL
176	select GENERIC_GETTIMEOFDAY
177	select GENERIC_VDSO_TIME_NS
178	select GENERIC_VDSO_OVERFLOW_PROTECT
179	select GUP_GET_PXX_LOW_HIGH		if X86_PAE
180	select HARDIRQS_SW_RESEND
181	select HARDLOCKUP_CHECK_TIMESTAMP	if X86_64
182	select HAS_IOPORT
183	select HAVE_ACPI_APEI			if ACPI
184	select HAVE_ACPI_APEI_NMI		if ACPI
185	select HAVE_ALIGNED_STRUCT_PAGE
186	select HAVE_ARCH_AUDITSYSCALL
187	select HAVE_ARCH_HUGE_VMAP		if X86_64 || X86_PAE
188	select HAVE_ARCH_HUGE_VMALLOC		if X86_64
189	select HAVE_ARCH_JUMP_LABEL
190	select HAVE_ARCH_JUMP_LABEL_RELATIVE
191	select HAVE_ARCH_KASAN			if X86_64
192	select HAVE_ARCH_KASAN_VMALLOC		if X86_64
193	select HAVE_ARCH_KFENCE
194	select HAVE_ARCH_KMSAN			if X86_64
195	select HAVE_ARCH_KGDB
196	select HAVE_ARCH_MMAP_RND_BITS		if MMU
197	select HAVE_ARCH_MMAP_RND_COMPAT_BITS	if MMU && COMPAT
198	select HAVE_ARCH_COMPAT_MMAP_BASES	if MMU && COMPAT
199	select HAVE_ARCH_PREL32_RELOCATIONS
200	select HAVE_ARCH_SECCOMP_FILTER
201	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
202	select HAVE_ARCH_STACKLEAK
203	select HAVE_ARCH_TRACEHOOK
204	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
205	select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
206	select HAVE_ARCH_USERFAULTFD_WP         if X86_64 && USERFAULTFD
207	select HAVE_ARCH_USERFAULTFD_MINOR	if X86_64 && USERFAULTFD
208	select HAVE_ARCH_VMAP_STACK		if X86_64
209	select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
210	select HAVE_ARCH_WITHIN_STACK_FRAMES
211	select HAVE_ASM_MODVERSIONS
212	select HAVE_CMPXCHG_DOUBLE
213	select HAVE_CMPXCHG_LOCAL
214	select HAVE_CONTEXT_TRACKING_USER		if X86_64
215	select HAVE_CONTEXT_TRACKING_USER_OFFSTACK	if HAVE_CONTEXT_TRACKING_USER
216	select HAVE_C_RECORDMCOUNT
217	select HAVE_OBJTOOL_MCOUNT		if HAVE_OBJTOOL
218	select HAVE_OBJTOOL_NOP_MCOUNT		if HAVE_OBJTOOL_MCOUNT
219	select HAVE_BUILDTIME_MCOUNT_SORT
220	select HAVE_DEBUG_KMEMLEAK
221	select HAVE_DMA_CONTIGUOUS
222	select HAVE_DYNAMIC_FTRACE
223	select HAVE_DYNAMIC_FTRACE_WITH_REGS
224	select HAVE_DYNAMIC_FTRACE_WITH_ARGS	if X86_64
225	select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
226	select HAVE_SAMPLE_FTRACE_DIRECT	if X86_64
227	select HAVE_SAMPLE_FTRACE_DIRECT_MULTI	if X86_64
228	select HAVE_EBPF_JIT
229	select HAVE_EFFICIENT_UNALIGNED_ACCESS
230	select HAVE_EISA
231	select HAVE_EXIT_THREAD
232	select HAVE_GUP_FAST
233	select HAVE_FENTRY			if X86_64 || DYNAMIC_FTRACE
234	select HAVE_FTRACE_MCOUNT_RECORD
235	select HAVE_FUNCTION_GRAPH_RETVAL	if HAVE_FUNCTION_GRAPH_TRACER
236	select HAVE_FUNCTION_GRAPH_TRACER	if X86_32 || (X86_64 && DYNAMIC_FTRACE)
237	select HAVE_FUNCTION_TRACER
238	select HAVE_GCC_PLUGINS
239	select HAVE_HW_BREAKPOINT
240	select HAVE_IOREMAP_PROT
241	select HAVE_IRQ_EXIT_ON_IRQ_STACK	if X86_64
242	select HAVE_IRQ_TIME_ACCOUNTING
243	select HAVE_JUMP_LABEL_HACK		if HAVE_OBJTOOL
244	select HAVE_KERNEL_BZIP2
245	select HAVE_KERNEL_GZIP
246	select HAVE_KERNEL_LZ4
247	select HAVE_KERNEL_LZMA
248	select HAVE_KERNEL_LZO
249	select HAVE_KERNEL_XZ
250	select HAVE_KERNEL_ZSTD
251	select HAVE_KPROBES
252	select HAVE_KPROBES_ON_FTRACE
253	select HAVE_FUNCTION_ERROR_INJECTION
254	select HAVE_KRETPROBES
255	select HAVE_RETHOOK
256	select HAVE_LIVEPATCH			if X86_64
257	select HAVE_MIXED_BREAKPOINTS_REGS
258	select HAVE_MOD_ARCH_SPECIFIC
259	select HAVE_MOVE_PMD
260	select HAVE_MOVE_PUD
261	select HAVE_NOINSTR_HACK		if HAVE_OBJTOOL
262	select HAVE_NMI
263	select HAVE_NOINSTR_VALIDATION		if HAVE_OBJTOOL
264	select HAVE_OBJTOOL			if X86_64
265	select HAVE_OPTPROBES
266	select HAVE_PAGE_SIZE_4KB
267	select HAVE_PCSPKR_PLATFORM
268	select HAVE_PERF_EVENTS
269	select HAVE_PERF_EVENTS_NMI
270	select HAVE_HARDLOCKUP_DETECTOR_PERF	if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
271	select HAVE_PCI
272	select HAVE_PERF_REGS
273	select HAVE_PERF_USER_STACK_DUMP
274	select MMU_GATHER_RCU_TABLE_FREE	if PARAVIRT
275	select MMU_GATHER_MERGE_VMAS
276	select HAVE_POSIX_CPU_TIMERS_TASK_WORK
277	select HAVE_REGS_AND_STACK_ACCESS_API
278	select HAVE_RELIABLE_STACKTRACE		if UNWINDER_ORC || STACK_VALIDATION
279	select HAVE_FUNCTION_ARG_ACCESS_API
280	select HAVE_SETUP_PER_CPU_AREA
281	select HAVE_SOFTIRQ_ON_OWN_STACK
282	select HAVE_STACKPROTECTOR		if CC_HAS_SANE_STACKPROTECTOR
283	select HAVE_STACK_VALIDATION		if HAVE_OBJTOOL
284	select HAVE_STATIC_CALL
285	select HAVE_STATIC_CALL_INLINE		if HAVE_OBJTOOL
286	select HAVE_PREEMPT_DYNAMIC_CALL
287	select HAVE_RSEQ
288	select HAVE_RUST			if X86_64
289	select HAVE_SYSCALL_TRACEPOINTS
290	select HAVE_UACCESS_VALIDATION		if HAVE_OBJTOOL
291	select HAVE_UNSTABLE_SCHED_CLOCK
292	select HAVE_USER_RETURN_NOTIFIER
293	select HAVE_GENERIC_VDSO
294	select VDSO_GETRANDOM			if X86_64
295	select HOTPLUG_PARALLEL			if SMP && X86_64
296	select HOTPLUG_SMT			if SMP
297	select HOTPLUG_SPLIT_STARTUP		if SMP && X86_32
298	select IRQ_FORCED_THREADING
299	select LOCK_MM_AND_FIND_VMA
300	select NEED_PER_CPU_EMBED_FIRST_CHUNK
301	select NEED_PER_CPU_PAGE_FIRST_CHUNK
302	select NEED_SG_DMA_LENGTH
303	select NUMA_MEMBLKS			if NUMA
304	select PCI_DOMAINS			if PCI
305	select PCI_LOCKLESS_CONFIG		if PCI
306	select PERF_EVENTS
307	select RTC_LIB
308	select RTC_MC146818_LIB
309	select SPARSE_IRQ
310	select SYSCTL_EXCEPTION_TRACE
311	select THREAD_INFO_IN_TASK
312	select TRACE_IRQFLAGS_SUPPORT
313	select TRACE_IRQFLAGS_NMI_SUPPORT
314	select USER_STACKTRACE_SUPPORT
315	select HAVE_ARCH_KCSAN			if X86_64
316	select PROC_PID_ARCH_STATUS		if PROC_FS
317	select HAVE_ARCH_NODE_DEV_GROUP		if X86_SGX
318	select FUNCTION_ALIGNMENT_16B		if X86_64 || X86_ALIGNMENT_16
319	select FUNCTION_ALIGNMENT_4B
320	imply IMA_SECURE_AND_OR_TRUSTED_BOOT    if EFI
321	select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
322
323config INSTRUCTION_DECODER
324	def_bool y
325	depends on KPROBES || PERF_EVENTS || UPROBES
326
327config OUTPUT_FORMAT
328	string
329	default "elf32-i386" if X86_32
330	default "elf64-x86-64" if X86_64
331
332config LOCKDEP_SUPPORT
333	def_bool y
334
335config STACKTRACE_SUPPORT
336	def_bool y
337
338config MMU
339	def_bool y
340
341config ARCH_MMAP_RND_BITS_MIN
342	default 28 if 64BIT
343	default 8
344
345config ARCH_MMAP_RND_BITS_MAX
346	default 32 if 64BIT
347	default 16
348
349config ARCH_MMAP_RND_COMPAT_BITS_MIN
350	default 8
351
352config ARCH_MMAP_RND_COMPAT_BITS_MAX
353	default 16
354
355config SBUS
356	bool
357
358config GENERIC_ISA_DMA
359	def_bool y
360	depends on ISA_DMA_API
361
362config GENERIC_CSUM
363	bool
364	default y if KMSAN || KASAN
365
366config GENERIC_BUG
367	def_bool y
368	depends on BUG
369	select GENERIC_BUG_RELATIVE_POINTERS if X86_64
370
371config GENERIC_BUG_RELATIVE_POINTERS
372	bool
373
374config ARCH_MAY_HAVE_PC_FDC
375	def_bool y
376	depends on ISA_DMA_API
377
378config GENERIC_CALIBRATE_DELAY
379	def_bool y
380
381config ARCH_HAS_CPU_RELAX
382	def_bool y
383
384config ARCH_HIBERNATION_POSSIBLE
385	def_bool y
386
387config ARCH_SUSPEND_POSSIBLE
388	def_bool y
389
390config AUDIT_ARCH
391	def_bool y if X86_64
392
393config KASAN_SHADOW_OFFSET
394	hex
395	depends on KASAN
396	default 0xdffffc0000000000
397
398config HAVE_INTEL_TXT
399	def_bool y
400	depends on INTEL_IOMMU && ACPI
401
402config X86_64_SMP
403	def_bool y
404	depends on X86_64 && SMP
405
406config ARCH_SUPPORTS_UPROBES
407	def_bool y
408
409config FIX_EARLYCON_MEM
410	def_bool y
411
412config DYNAMIC_PHYSICAL_MASK
413	bool
414
415config PGTABLE_LEVELS
416	int
417	default 5 if X86_5LEVEL
418	default 4 if X86_64
419	default 3 if X86_PAE
420	default 2
421
422config CC_HAS_SANE_STACKPROTECTOR
423	bool
424	default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT
425	default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS))
426	help
427	  We have to make sure stack protector is unconditionally disabled if
428	  the compiler produces broken code or if it does not let us control
429	  the segment on 32-bit kernels.
430
431menu "Processor type and features"
432
433config SMP
434	bool "Symmetric multi-processing support"
435	help
436	  This enables support for systems with more than one CPU. If you have
437	  a system with only one CPU, say N. If you have a system with more
438	  than one CPU, say Y.
439
440	  If you say N here, the kernel will run on uni- and multiprocessor
441	  machines, but will use only one CPU of a multiprocessor machine. If
442	  you say Y here, the kernel will run on many, but not all,
443	  uniprocessor machines. On a uniprocessor machine, the kernel
444	  will run faster if you say N here.
445
446	  Note that if you say Y here and choose architecture "586" or
447	  "Pentium" under "Processor family", the kernel will not work on 486
448	  architectures. Similarly, multiprocessor kernels for the "PPro"
449	  architecture may not work on all Pentium based boards.
450
451	  People using multiprocessor machines who say Y here should also say
452	  Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
453	  Management" code will be disabled if you say Y here.
454
455	  See also <file:Documentation/arch/x86/i386/IO-APIC.rst>,
456	  <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
457	  <http://www.tldp.org/docs.html#howto>.
458
459	  If you don't know what to do here, say N.
460
461config X86_X2APIC
462	bool "Support x2apic"
463	depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
464	help
465	  This enables x2apic support on CPUs that have this feature.
466
467	  This allows 32-bit apic IDs (so it can support very large systems),
468	  and accesses the local apic via MSRs not via mmio.
469
470	  Some Intel systems circa 2022 and later are locked into x2APIC mode
471	  and can not fall back to the legacy APIC modes if SGX or TDX are
472	  enabled in the BIOS. They will boot with very reduced functionality
473	  without enabling this option.
474
475	  If you don't know what to do here, say N.
476
477config X86_POSTED_MSI
478	bool "Enable MSI and MSI-x delivery by posted interrupts"
479	depends on X86_64 && IRQ_REMAP
480	help
481	  This enables MSIs that are under interrupt remapping to be delivered as
482	  posted interrupts to the host kernel. Interrupt throughput can
483	  potentially be improved by coalescing CPU notifications during high
484	  frequency bursts.
485
486	  If you don't know what to do here, say N.
487
488config X86_MPPARSE
489	bool "Enable MPS table" if ACPI
490	default y
491	depends on X86_LOCAL_APIC
492	help
493	  For old smp systems that do not have proper acpi support. Newer systems
494	  (esp with 64bit cpus) with acpi support, MADT and DSDT will override it
495
496config X86_CPU_RESCTRL
497	bool "x86 CPU resource control support"
498	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
499	select KERNFS
500	select PROC_CPU_RESCTRL		if PROC_FS
501	help
502	  Enable x86 CPU resource control support.
503
504	  Provide support for the allocation and monitoring of system resources
505	  usage by the CPU.
506
507	  Intel calls this Intel Resource Director Technology
508	  (Intel(R) RDT). More information about RDT can be found in the
509	  Intel x86 Architecture Software Developer Manual.
510
511	  AMD calls this AMD Platform Quality of Service (AMD QoS).
512	  More information about AMD QoS can be found in the AMD64 Technology
513	  Platform Quality of Service Extensions manual.
514
515	  Say N if unsure.
516
517config X86_FRED
518	bool "Flexible Return and Event Delivery"
519	depends on X86_64
520	help
521	  When enabled, try to use Flexible Return and Event Delivery
522	  instead of the legacy SYSCALL/SYSENTER/IDT architecture for
523	  ring transitions and exception/interrupt handling if the
524	  system supports it.
525
526config X86_BIGSMP
527	bool "Support for big SMP systems with more than 8 CPUs"
528	depends on SMP && X86_32
529	help
530	  This option is needed for the systems that have more than 8 CPUs.
531
532config X86_EXTENDED_PLATFORM
533	bool "Support for extended (non-PC) x86 platforms"
534	default y
535	help
536	  If you disable this option then the kernel will only support
537	  standard PC platforms. (which covers the vast majority of
538	  systems out there.)
539
540	  If you enable this option then you'll be able to select support
541	  for the following non-PC x86 platforms, depending on the value of
542	  CONFIG_64BIT.
543
544	  32-bit platforms (CONFIG_64BIT=n):
545		Goldfish (Android emulator)
546		AMD Elan
547		RDC R-321x SoC
548		SGI 320/540 (Visual Workstation)
549		STA2X11-based (e.g. Northville)
550		Moorestown MID devices
551
552	  64-bit platforms (CONFIG_64BIT=y):
553		Numascale NumaChip
554		ScaleMP vSMP
555		SGI Ultraviolet
556
557	  If you have one of these systems, or if you want to build a
558	  generic distribution kernel, say Y here - otherwise say N.
559
560# This is an alphabetically sorted list of 64 bit extended platforms
561# Please maintain the alphabetic order if and when there are additions
562config X86_NUMACHIP
563	bool "Numascale NumaChip"
564	depends on X86_64
565	depends on X86_EXTENDED_PLATFORM
566	depends on NUMA
567	depends on SMP
568	depends on X86_X2APIC
569	depends on PCI_MMCONFIG
570	help
571	  Adds support for Numascale NumaChip large-SMP systems. Needed to
572	  enable more than ~168 cores.
573	  If you don't have one of these, you should say N here.
574
575config X86_VSMP
576	bool "ScaleMP vSMP"
577	select HYPERVISOR_GUEST
578	select PARAVIRT
579	depends on X86_64 && PCI
580	depends on X86_EXTENDED_PLATFORM
581	depends on SMP
582	help
583	  Support for ScaleMP vSMP systems.  Say 'Y' here if this kernel is
584	  supposed to run on these EM64T-based machines.  Only choose this option
585	  if you have one of these machines.
586
587config X86_UV
588	bool "SGI Ultraviolet"
589	depends on X86_64
590	depends on X86_EXTENDED_PLATFORM
591	depends on NUMA
592	depends on EFI
593	depends on KEXEC_CORE
594	depends on X86_X2APIC
595	depends on PCI
596	help
597	  This option is needed in order to support SGI Ultraviolet systems.
598	  If you don't have one of these, you should say N here.
599
600# Following is an alphabetically sorted list of 32 bit extended platforms
601# Please maintain the alphabetic order if and when there are additions
602
603config X86_GOLDFISH
604	bool "Goldfish (Virtual Platform)"
605	depends on X86_EXTENDED_PLATFORM
606	help
607	  Enable support for the Goldfish virtual platform used primarily
608	  for Android development. Unless you are building for the Android
609	  Goldfish emulator say N here.
610
611config X86_INTEL_CE
612	bool "CE4100 TV platform"
613	depends on PCI
614	depends on PCI_GODIRECT
615	depends on X86_IO_APIC
616	depends on X86_32
617	depends on X86_EXTENDED_PLATFORM
618	select X86_REBOOTFIXUPS
619	select OF
620	select OF_EARLY_FLATTREE
621	help
622	  Select for the Intel CE media processor (CE4100) SOC.
623	  This option compiles in support for the CE4100 SOC for settop
624	  boxes and media devices.
625
626config X86_INTEL_MID
627	bool "Intel MID platform support"
628	depends on X86_EXTENDED_PLATFORM
629	depends on X86_PLATFORM_DEVICES
630	depends on PCI
631	depends on X86_64 || (PCI_GOANY && X86_32)
632	depends on X86_IO_APIC
633	select I2C
634	select DW_APB_TIMER
635	select INTEL_SCU_PCI
636	help
637	  Select to build a kernel capable of supporting Intel MID (Mobile
638	  Internet Device) platform systems which do not have the PCI legacy
639	  interfaces. If you are building for a PC class system say N here.
640
641	  Intel MID platforms are based on an Intel processor and chipset which
642	  consume less power than most of the x86 derivatives.
643
644config X86_INTEL_QUARK
645	bool "Intel Quark platform support"
646	depends on X86_32
647	depends on X86_EXTENDED_PLATFORM
648	depends on X86_PLATFORM_DEVICES
649	depends on X86_TSC
650	depends on PCI
651	depends on PCI_GOANY
652	depends on X86_IO_APIC
653	select IOSF_MBI
654	select INTEL_IMR
655	select COMMON_CLK
656	help
657	  Select to include support for Quark X1000 SoC.
658	  Say Y here if you have a Quark based system such as the Arduino
659	  compatible Intel Galileo.
660
661config X86_INTEL_LPSS
662	bool "Intel Low Power Subsystem Support"
663	depends on X86 && ACPI && PCI
664	select COMMON_CLK
665	select PINCTRL
666	select IOSF_MBI
667	help
668	  Select to build support for Intel Low Power Subsystem such as
669	  found on Intel Lynxpoint PCH. Selecting this option enables
670	  things like clock tree (common clock framework) and pincontrol
671	  which are needed by the LPSS peripheral drivers.
672
673config X86_AMD_PLATFORM_DEVICE
674	bool "AMD ACPI2Platform devices support"
675	depends on ACPI
676	select COMMON_CLK
677	select PINCTRL
678	help
679	  Select to interpret AMD specific ACPI device to platform device
680	  such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
681	  I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
682	  implemented under PINCTRL subsystem.
683
684config IOSF_MBI
685	tristate "Intel SoC IOSF Sideband support for SoC platforms"
686	depends on PCI
687	help
688	  This option enables sideband register access support for Intel SoC
689	  platforms. On these platforms the IOSF sideband is used in lieu of
690	  MSR's for some register accesses, mostly but not limited to thermal
691	  and power. Drivers may query the availability of this device to
692	  determine if they need the sideband in order to work on these
693	  platforms. The sideband is available on the following SoC products.
694	  This list is not meant to be exclusive.
695	   - BayTrail
696	   - Braswell
697	   - Quark
698
699	  You should say Y if you are running a kernel on one of these SoC's.
700
701config IOSF_MBI_DEBUG
702	bool "Enable IOSF sideband access through debugfs"
703	depends on IOSF_MBI && DEBUG_FS
704	help
705	  Select this option to expose the IOSF sideband access registers (MCR,
706	  MDR, MCRX) through debugfs to write and read register information from
707	  different units on the SoC. This is most useful for obtaining device
708	  state information for debug and analysis. As this is a general access
709	  mechanism, users of this option would have specific knowledge of the
710	  device they want to access.
711
712	  If you don't require the option or are in doubt, say N.
713
714config X86_RDC321X
715	bool "RDC R-321x SoC"
716	depends on X86_32
717	depends on X86_EXTENDED_PLATFORM
718	select M486
719	select X86_REBOOTFIXUPS
720	help
721	  This option is needed for RDC R-321x system-on-chip, also known
722	  as R-8610-(G).
723	  If you don't have one of these chips, you should say N here.
724
725config X86_32_NON_STANDARD
726	bool "Support non-standard 32-bit SMP architectures"
727	depends on X86_32 && SMP
728	depends on X86_EXTENDED_PLATFORM
729	help
730	  This option compiles in the bigsmp and STA2X11 default
731	  subarchitectures.  It is intended for a generic binary
732	  kernel. If you select them all, kernel will probe it one by
733	  one and will fallback to default.
734
735# Alphabetically sorted list of Non standard 32 bit platforms
736
737config X86_SUPPORTS_MEMORY_FAILURE
738	def_bool y
739	# MCE code calls memory_failure():
740	depends on X86_MCE
741	# On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
742	# On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
743	depends on X86_64 || !SPARSEMEM
744	select ARCH_SUPPORTS_MEMORY_FAILURE
745
746config STA2X11
747	bool "STA2X11 Companion Chip Support"
748	depends on X86_32_NON_STANDARD && PCI
749	select SWIOTLB
750	select MFD_STA2X11
751	select GPIOLIB
752	help
753	  This adds support for boards based on the STA2X11 IO-Hub,
754	  a.k.a. "ConneXt". The chip is used in place of the standard
755	  PC chipset, so all "standard" peripherals are missing. If this
756	  option is selected the kernel will still be able to boot on
757	  standard PC machines.
758
759config X86_32_IRIS
760	tristate "Eurobraille/Iris poweroff module"
761	depends on X86_32
762	help
763	  The Iris machines from EuroBraille do not have APM or ACPI support
764	  to shut themselves down properly.  A special I/O sequence is
765	  needed to do so, which is what this module does at
766	  kernel shutdown.
767
768	  This is only for Iris machines from EuroBraille.
769
770	  If unused, say N.
771
772config SCHED_OMIT_FRAME_POINTER
773	def_bool y
774	prompt "Single-depth WCHAN output"
775	depends on X86
776	help
777	  Calculate simpler /proc/<PID>/wchan values. If this option
778	  is disabled then wchan values will recurse back to the
779	  caller function. This provides more accurate wchan values,
780	  at the expense of slightly more scheduling overhead.
781
782	  If in doubt, say "Y".
783
784menuconfig HYPERVISOR_GUEST
785	bool "Linux guest support"
786	help
787	  Say Y here to enable options for running Linux under various hyper-
788	  visors. This option enables basic hypervisor detection and platform
789	  setup.
790
791	  If you say N, all options in this submenu will be skipped and
792	  disabled, and Linux guest support won't be built in.
793
794if HYPERVISOR_GUEST
795
796config PARAVIRT
797	bool "Enable paravirtualization code"
798	depends on HAVE_STATIC_CALL
799	help
800	  This changes the kernel so it can modify itself when it is run
801	  under a hypervisor, potentially improving performance significantly
802	  over full virtualization.  However, when run without a hypervisor
803	  the kernel is theoretically slower and slightly larger.
804
805config PARAVIRT_XXL
806	bool
807
808config PARAVIRT_DEBUG
809	bool "paravirt-ops debugging"
810	depends on PARAVIRT && DEBUG_KERNEL
811	help
812	  Enable to debug paravirt_ops internals.  Specifically, BUG if
813	  a paravirt_op is missing when it is called.
814
815config PARAVIRT_SPINLOCKS
816	bool "Paravirtualization layer for spinlocks"
817	depends on PARAVIRT && SMP
818	help
819	  Paravirtualized spinlocks allow a pvops backend to replace the
820	  spinlock implementation with something virtualization-friendly
821	  (for example, block the virtual CPU rather than spinning).
822
823	  It has a minimal impact on native kernels and gives a nice performance
824	  benefit on paravirtualized KVM / Xen kernels.
825
826	  If you are unsure how to answer this question, answer Y.
827
828config X86_HV_CALLBACK_VECTOR
829	def_bool n
830
831source "arch/x86/xen/Kconfig"
832
833config KVM_GUEST
834	bool "KVM Guest support (including kvmclock)"
835	depends on PARAVIRT
836	select PARAVIRT_CLOCK
837	select ARCH_CPUIDLE_HALTPOLL
838	select X86_HV_CALLBACK_VECTOR
839	default y
840	help
841	  This option enables various optimizations for running under the KVM
842	  hypervisor. It includes a paravirtualized clock, so that instead
843	  of relying on a PIT (or probably other) emulation by the
844	  underlying device model, the host provides the guest with
845	  timing infrastructure such as time of day, and system time
846
847config ARCH_CPUIDLE_HALTPOLL
848	def_bool n
849	prompt "Disable host haltpoll when loading haltpoll driver"
850	help
851	  If virtualized under KVM, disable host haltpoll.
852
853config PVH
854	bool "Support for running PVH guests"
855	help
856	  This option enables the PVH entry point for guest virtual machines
857	  as specified in the x86/HVM direct boot ABI.
858
859config PARAVIRT_TIME_ACCOUNTING
860	bool "Paravirtual steal time accounting"
861	depends on PARAVIRT
862	help
863	  Select this option to enable fine granularity task steal time
864	  accounting. Time spent executing other tasks in parallel with
865	  the current vCPU is discounted from the vCPU power. To account for
866	  that, there can be a small performance impact.
867
868	  If in doubt, say N here.
869
870config PARAVIRT_CLOCK
871	bool
872
873config JAILHOUSE_GUEST
874	bool "Jailhouse non-root cell support"
875	depends on X86_64 && PCI
876	select X86_PM_TIMER
877	help
878	  This option allows to run Linux as guest in a Jailhouse non-root
879	  cell. You can leave this option disabled if you only want to start
880	  Jailhouse and run Linux afterwards in the root cell.
881
882config ACRN_GUEST
883	bool "ACRN Guest support"
884	depends on X86_64
885	select X86_HV_CALLBACK_VECTOR
886	help
887	  This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
888	  a flexible, lightweight reference open-source hypervisor, built with
889	  real-time and safety-criticality in mind. It is built for embedded
890	  IOT with small footprint and real-time features. More details can be
891	  found in https://projectacrn.org/.
892
893config INTEL_TDX_GUEST
894	bool "Intel TDX (Trust Domain Extensions) - Guest Support"
895	depends on X86_64 && CPU_SUP_INTEL
896	depends on X86_X2APIC
897	depends on EFI_STUB
898	select ARCH_HAS_CC_PLATFORM
899	select X86_MEM_ENCRYPT
900	select X86_MCE
901	select UNACCEPTED_MEMORY
902	help
903	  Support running as a guest under Intel TDX.  Without this support,
904	  the guest kernel can not boot or run under TDX.
905	  TDX includes memory encryption and integrity capabilities
906	  which protect the confidentiality and integrity of guest
907	  memory contents and CPU state. TDX guests are protected from
908	  some attacks from the VMM.
909
910endif # HYPERVISOR_GUEST
911
912source "arch/x86/Kconfig.cpu"
913
914config HPET_TIMER
915	def_bool X86_64
916	prompt "HPET Timer Support" if X86_32
917	help
918	  Use the IA-PC HPET (High Precision Event Timer) to manage
919	  time in preference to the PIT and RTC, if a HPET is
920	  present.
921	  HPET is the next generation timer replacing legacy 8254s.
922	  The HPET provides a stable time base on SMP
923	  systems, unlike the TSC, but it is more expensive to access,
924	  as it is off-chip.  The interface used is documented
925	  in the HPET spec, revision 1.
926
927	  You can safely choose Y here.  However, HPET will only be
928	  activated if the platform and the BIOS support this feature.
929	  Otherwise the 8254 will be used for timing services.
930
931	  Choose N to continue using the legacy 8254 timer.
932
933config HPET_EMULATE_RTC
934	def_bool y
935	depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
936
937# Mark as expert because too many people got it wrong.
938# The code disables itself when not needed.
939config DMI
940	default y
941	select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
942	bool "Enable DMI scanning" if EXPERT
943	help
944	  Enabled scanning of DMI to identify machine quirks. Say Y
945	  here unless you have verified that your setup is not
946	  affected by entries in the DMI blacklist. Required by PNP
947	  BIOS code.
948
949config GART_IOMMU
950	bool "Old AMD GART IOMMU support"
951	select IOMMU_HELPER
952	select SWIOTLB
953	depends on X86_64 && PCI && AMD_NB
954	help
955	  Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
956	  GART based hardware IOMMUs.
957
958	  The GART supports full DMA access for devices with 32-bit access
959	  limitations, on systems with more than 3 GB. This is usually needed
960	  for USB, sound, many IDE/SATA chipsets and some other devices.
961
962	  Newer systems typically have a modern AMD IOMMU, supported via
963	  the CONFIG_AMD_IOMMU=y config option.
964
965	  In normal configurations this driver is only active when needed:
966	  there's more than 3 GB of memory and the system contains a
967	  32-bit limited device.
968
969	  If unsure, say Y.
970
971config BOOT_VESA_SUPPORT
972	bool
973	help
974	  If true, at least one selected framebuffer driver can take advantage
975	  of VESA video modes set at an early boot stage via the vga= parameter.
976
977config MAXSMP
978	bool "Enable Maximum number of SMP Processors and NUMA Nodes"
979	depends on X86_64 && SMP && DEBUG_KERNEL
980	select CPUMASK_OFFSTACK
981	help
982	  Enable maximum number of CPUS and NUMA Nodes for this architecture.
983	  If unsure, say N.
984
985#
986# The maximum number of CPUs supported:
987#
988# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
989# and which can be configured interactively in the
990# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
991#
992# The ranges are different on 32-bit and 64-bit kernels, depending on
993# hardware capabilities and scalability features of the kernel.
994#
995# ( If MAXSMP is enabled we just use the highest possible value and disable
996#   interactive configuration. )
997#
998
999config NR_CPUS_RANGE_BEGIN
1000	int
1001	default NR_CPUS_RANGE_END if MAXSMP
1002	default    1 if !SMP
1003	default    2
1004
1005config NR_CPUS_RANGE_END
1006	int
1007	depends on X86_32
1008	default   64 if  SMP &&  X86_BIGSMP
1009	default    8 if  SMP && !X86_BIGSMP
1010	default    1 if !SMP
1011
1012config NR_CPUS_RANGE_END
1013	int
1014	depends on X86_64
1015	default 8192 if  SMP && CPUMASK_OFFSTACK
1016	default  512 if  SMP && !CPUMASK_OFFSTACK
1017	default    1 if !SMP
1018
1019config NR_CPUS_DEFAULT
1020	int
1021	depends on X86_32
1022	default   32 if  X86_BIGSMP
1023	default    8 if  SMP
1024	default    1 if !SMP
1025
1026config NR_CPUS_DEFAULT
1027	int
1028	depends on X86_64
1029	default 8192 if  MAXSMP
1030	default   64 if  SMP
1031	default    1 if !SMP
1032
1033config NR_CPUS
1034	int "Maximum number of CPUs" if SMP && !MAXSMP
1035	range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
1036	default NR_CPUS_DEFAULT
1037	help
1038	  This allows you to specify the maximum number of CPUs which this
1039	  kernel will support.  If CPUMASK_OFFSTACK is enabled, the maximum
1040	  supported value is 8192, otherwise the maximum value is 512.  The
1041	  minimum value which makes sense is 2.
1042
1043	  This is purely to save memory: each supported CPU adds about 8KB
1044	  to the kernel image.
1045
1046config SCHED_CLUSTER
1047	bool "Cluster scheduler support"
1048	depends on SMP
1049	default y
1050	help
1051	  Cluster scheduler support improves the CPU scheduler's decision
1052	  making when dealing with machines that have clusters of CPUs.
1053	  Cluster usually means a couple of CPUs which are placed closely
1054	  by sharing mid-level caches, last-level cache tags or internal
1055	  busses.
1056
1057config SCHED_SMT
1058	def_bool y if SMP
1059
1060config SCHED_MC
1061	def_bool y
1062	prompt "Multi-core scheduler support"
1063	depends on SMP
1064	help
1065	  Multi-core scheduler support improves the CPU scheduler's decision
1066	  making when dealing with multi-core CPU chips at a cost of slightly
1067	  increased overhead in some places. If unsure say N here.
1068
1069config SCHED_MC_PRIO
1070	bool "CPU core priorities scheduler support"
1071	depends on SCHED_MC
1072	select X86_INTEL_PSTATE if CPU_SUP_INTEL
1073	select X86_AMD_PSTATE if CPU_SUP_AMD && ACPI
1074	select CPU_FREQ
1075	default y
1076	help
1077	  Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
1078	  core ordering determined at manufacturing time, which allows
1079	  certain cores to reach higher turbo frequencies (when running
1080	  single threaded workloads) than others.
1081
1082	  Enabling this kernel feature teaches the scheduler about
1083	  the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
1084	  scheduler's CPU selection logic accordingly, so that higher
1085	  overall system performance can be achieved.
1086
1087	  This feature will have no effect on CPUs without this feature.
1088
1089	  If unsure say Y here.
1090
1091config UP_LATE_INIT
1092	def_bool y
1093	depends on !SMP && X86_LOCAL_APIC
1094
1095config X86_UP_APIC
1096	bool "Local APIC support on uniprocessors" if !PCI_MSI
1097	default PCI_MSI
1098	depends on X86_32 && !SMP && !X86_32_NON_STANDARD
1099	help
1100	  A local APIC (Advanced Programmable Interrupt Controller) is an
1101	  integrated interrupt controller in the CPU. If you have a single-CPU
1102	  system which has a processor with a local APIC, you can say Y here to
1103	  enable and use it. If you say Y here even though your machine doesn't
1104	  have a local APIC, then the kernel will still run with no slowdown at
1105	  all. The local APIC supports CPU-generated self-interrupts (timer,
1106	  performance counters), and the NMI watchdog which detects hard
1107	  lockups.
1108
1109config X86_UP_IOAPIC
1110	bool "IO-APIC support on uniprocessors"
1111	depends on X86_UP_APIC
1112	help
1113	  An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
1114	  SMP-capable replacement for PC-style interrupt controllers. Most
1115	  SMP systems and many recent uniprocessor systems have one.
1116
1117	  If you have a single-CPU system with an IO-APIC, you can say Y here
1118	  to use it. If you say Y here even though your machine doesn't have
1119	  an IO-APIC, then the kernel will still run with no slowdown at all.
1120
1121config X86_LOCAL_APIC
1122	def_bool y
1123	depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
1124	select IRQ_DOMAIN_HIERARCHY
1125
1126config ACPI_MADT_WAKEUP
1127	def_bool y
1128	depends on X86_64
1129	depends on ACPI
1130	depends on SMP
1131	depends on X86_LOCAL_APIC
1132
1133config X86_IO_APIC
1134	def_bool y
1135	depends on X86_LOCAL_APIC || X86_UP_IOAPIC
1136
1137config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
1138	bool "Reroute for broken boot IRQs"
1139	depends on X86_IO_APIC
1140	help
1141	  This option enables a workaround that fixes a source of
1142	  spurious interrupts. This is recommended when threaded
1143	  interrupt handling is used on systems where the generation of
1144	  superfluous "boot interrupts" cannot be disabled.
1145
1146	  Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
1147	  entry in the chipset's IO-APIC is masked (as, e.g. the RT
1148	  kernel does during interrupt handling). On chipsets where this
1149	  boot IRQ generation cannot be disabled, this workaround keeps
1150	  the original IRQ line masked so that only the equivalent "boot
1151	  IRQ" is delivered to the CPUs. The workaround also tells the
1152	  kernel to set up the IRQ handler on the boot IRQ line. In this
1153	  way only one interrupt is delivered to the kernel. Otherwise
1154	  the spurious second interrupt may cause the kernel to bring
1155	  down (vital) interrupt lines.
1156
1157	  Only affects "broken" chipsets. Interrupt sharing may be
1158	  increased on these systems.
1159
1160config X86_MCE
1161	bool "Machine Check / overheating reporting"
1162	select GENERIC_ALLOCATOR
1163	default y
1164	help
1165	  Machine Check support allows the processor to notify the
1166	  kernel if it detects a problem (e.g. overheating, data corruption).
1167	  The action the kernel takes depends on the severity of the problem,
1168	  ranging from warning messages to halting the machine.
1169
1170config X86_MCELOG_LEGACY
1171	bool "Support for deprecated /dev/mcelog character device"
1172	depends on X86_MCE
1173	help
1174	  Enable support for /dev/mcelog which is needed by the old mcelog
1175	  userspace logging daemon. Consider switching to the new generation
1176	  rasdaemon solution.
1177
1178config X86_MCE_INTEL
1179	def_bool y
1180	prompt "Intel MCE features"
1181	depends on X86_MCE && X86_LOCAL_APIC
1182	help
1183	  Additional support for intel specific MCE features such as
1184	  the thermal monitor.
1185
1186config X86_MCE_AMD
1187	def_bool y
1188	prompt "AMD MCE features"
1189	depends on X86_MCE && X86_LOCAL_APIC && AMD_NB
1190	help
1191	  Additional support for AMD specific MCE features such as
1192	  the DRAM Error Threshold.
1193
1194config X86_ANCIENT_MCE
1195	bool "Support for old Pentium 5 / WinChip machine checks"
1196	depends on X86_32 && X86_MCE
1197	help
1198	  Include support for machine check handling on old Pentium 5 or WinChip
1199	  systems. These typically need to be enabled explicitly on the command
1200	  line.
1201
1202config X86_MCE_THRESHOLD
1203	depends on X86_MCE_AMD || X86_MCE_INTEL
1204	def_bool y
1205
1206config X86_MCE_INJECT
1207	depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
1208	tristate "Machine check injector support"
1209	help
1210	  Provide support for injecting machine checks for testing purposes.
1211	  If you don't know what a machine check is and you don't do kernel
1212	  QA it is safe to say n.
1213
1214source "arch/x86/events/Kconfig"
1215
1216config X86_LEGACY_VM86
1217	bool "Legacy VM86 support"
1218	depends on X86_32
1219	help
1220	  This option allows user programs to put the CPU into V8086
1221	  mode, which is an 80286-era approximation of 16-bit real mode.
1222
1223	  Some very old versions of X and/or vbetool require this option
1224	  for user mode setting.  Similarly, DOSEMU will use it if
1225	  available to accelerate real mode DOS programs.  However, any
1226	  recent version of DOSEMU, X, or vbetool should be fully
1227	  functional even without kernel VM86 support, as they will all
1228	  fall back to software emulation. Nevertheless, if you are using
1229	  a 16-bit DOS program where 16-bit performance matters, vm86
1230	  mode might be faster than emulation and you might want to
1231	  enable this option.
1232
1233	  Note that any app that works on a 64-bit kernel is unlikely to
1234	  need this option, as 64-bit kernels don't, and can't, support
1235	  V8086 mode. This option is also unrelated to 16-bit protected
1236	  mode and is not needed to run most 16-bit programs under Wine.
1237
1238	  Enabling this option increases the complexity of the kernel
1239	  and slows down exception handling a tiny bit.
1240
1241	  If unsure, say N here.
1242
1243config VM86
1244	bool
1245	default X86_LEGACY_VM86
1246
1247config X86_16BIT
1248	bool "Enable support for 16-bit segments" if EXPERT
1249	default y
1250	depends on MODIFY_LDT_SYSCALL
1251	help
1252	  This option is required by programs like Wine to run 16-bit
1253	  protected mode legacy code on x86 processors.  Disabling
1254	  this option saves about 300 bytes on i386, or around 6K text
1255	  plus 16K runtime memory on x86-64,
1256
1257config X86_ESPFIX32
1258	def_bool y
1259	depends on X86_16BIT && X86_32
1260
1261config X86_ESPFIX64
1262	def_bool y
1263	depends on X86_16BIT && X86_64
1264
1265config X86_VSYSCALL_EMULATION
1266	bool "Enable vsyscall emulation" if EXPERT
1267	default y
1268	depends on X86_64
1269	help
1270	  This enables emulation of the legacy vsyscall page.  Disabling
1271	  it is roughly equivalent to booting with vsyscall=none, except
1272	  that it will also disable the helpful warning if a program
1273	  tries to use a vsyscall.  With this option set to N, offending
1274	  programs will just segfault, citing addresses of the form
1275	  0xffffffffff600?00.
1276
1277	  This option is required by many programs built before 2013, and
1278	  care should be used even with newer programs if set to N.
1279
1280	  Disabling this option saves about 7K of kernel size and
1281	  possibly 4K of additional runtime pagetable memory.
1282
1283config X86_IOPL_IOPERM
1284	bool "IOPERM and IOPL Emulation"
1285	default y
1286	help
1287	  This enables the ioperm() and iopl() syscalls which are necessary
1288	  for legacy applications.
1289
1290	  Legacy IOPL support is an overbroad mechanism which allows user
1291	  space aside of accessing all 65536 I/O ports also to disable
1292	  interrupts. To gain this access the caller needs CAP_SYS_RAWIO
1293	  capabilities and permission from potentially active security
1294	  modules.
1295
1296	  The emulation restricts the functionality of the syscall to
1297	  only allowing the full range I/O port access, but prevents the
1298	  ability to disable interrupts from user space which would be
1299	  granted if the hardware IOPL mechanism would be used.
1300
1301config TOSHIBA
1302	tristate "Toshiba Laptop support"
1303	depends on X86_32
1304	help
1305	  This adds a driver to safely access the System Management Mode of
1306	  the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
1307	  not work on models with a Phoenix BIOS. The System Management Mode
1308	  is used to set the BIOS and power saving options on Toshiba portables.
1309
1310	  For information on utilities to make use of this driver see the
1311	  Toshiba Linux utilities web site at:
1312	  <http://www.buzzard.org.uk/toshiba/>.
1313
1314	  Say Y if you intend to run this kernel on a Toshiba portable.
1315	  Say N otherwise.
1316
1317config X86_REBOOTFIXUPS
1318	bool "Enable X86 board specific fixups for reboot"
1319	depends on X86_32
1320	help
1321	  This enables chipset and/or board specific fixups to be done
1322	  in order to get reboot to work correctly. This is only needed on
1323	  some combinations of hardware and BIOS. The symptom, for which
1324	  this config is intended, is when reboot ends with a stalled/hung
1325	  system.
1326
1327	  Currently, the only fixup is for the Geode machines using
1328	  CS5530A and CS5536 chipsets and the RDC R-321x SoC.
1329
1330	  Say Y if you want to enable the fixup. Currently, it's safe to
1331	  enable this option even if you don't need it.
1332	  Say N otherwise.
1333
1334config MICROCODE
1335	def_bool y
1336	depends on CPU_SUP_AMD || CPU_SUP_INTEL
1337
1338config MICROCODE_INITRD32
1339	def_bool y
1340	depends on MICROCODE && X86_32 && BLK_DEV_INITRD
1341
1342config MICROCODE_LATE_LOADING
1343	bool "Late microcode loading (DANGEROUS)"
1344	default n
1345	depends on MICROCODE && SMP
1346	help
1347	  Loading microcode late, when the system is up and executing instructions
1348	  is a tricky business and should be avoided if possible. Just the sequence
1349	  of synchronizing all cores and SMT threads is one fragile dance which does
1350	  not guarantee that cores might not softlock after the loading. Therefore,
1351	  use this at your own risk. Late loading taints the kernel unless the
1352	  microcode header indicates that it is safe for late loading via the
1353	  minimal revision check. This minimal revision check can be enforced on
1354	  the kernel command line with "microcode.minrev=Y".
1355
1356config MICROCODE_LATE_FORCE_MINREV
1357	bool "Enforce late microcode loading minimal revision check"
1358	default n
1359	depends on MICROCODE_LATE_LOADING
1360	help
1361	  To prevent that users load microcode late which modifies already
1362	  in use features, newer microcode patches have a minimum revision field
1363	  in the microcode header, which tells the kernel which minimum
1364	  revision must be active in the CPU to safely load that new microcode
1365	  late into the running system. If disabled the check will not
1366	  be enforced but the kernel will be tainted when the minimal
1367	  revision check fails.
1368
1369	  This minimal revision check can also be controlled via the
1370	  "microcode.minrev" parameter on the kernel command line.
1371
1372	  If unsure say Y.
1373
1374config X86_MSR
1375	tristate "/dev/cpu/*/msr - Model-specific register support"
1376	help
1377	  This device gives privileged processes access to the x86
1378	  Model-Specific Registers (MSRs).  It is a character device with
1379	  major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
1380	  MSR accesses are directed to a specific CPU on multi-processor
1381	  systems.
1382
1383config X86_CPUID
1384	tristate "/dev/cpu/*/cpuid - CPU information support"
1385	help
1386	  This device gives processes access to the x86 CPUID instruction to
1387	  be executed on a specific processor.  It is a character device
1388	  with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
1389	  /dev/cpu/31/cpuid.
1390
1391choice
1392	prompt "High Memory Support"
1393	default HIGHMEM4G
1394	depends on X86_32
1395
1396config NOHIGHMEM
1397	bool "off"
1398	help
1399	  Linux can use up to 64 Gigabytes of physical memory on x86 systems.
1400	  However, the address space of 32-bit x86 processors is only 4
1401	  Gigabytes large. That means that, if you have a large amount of
1402	  physical memory, not all of it can be "permanently mapped" by the
1403	  kernel. The physical memory that's not permanently mapped is called
1404	  "high memory".
1405
1406	  If you are compiling a kernel which will never run on a machine with
1407	  more than 1 Gigabyte total physical RAM, answer "off" here (default
1408	  choice and suitable for most users). This will result in a "3GB/1GB"
1409	  split: 3GB are mapped so that each process sees a 3GB virtual memory
1410	  space and the remaining part of the 4GB virtual memory space is used
1411	  by the kernel to permanently map as much physical memory as
1412	  possible.
1413
1414	  If the machine has between 1 and 4 Gigabytes physical RAM, then
1415	  answer "4GB" here.
1416
1417	  If more than 4 Gigabytes is used then answer "64GB" here. This
1418	  selection turns Intel PAE (Physical Address Extension) mode on.
1419	  PAE implements 3-level paging on IA32 processors. PAE is fully
1420	  supported by Linux, PAE mode is implemented on all recent Intel
1421	  processors (Pentium Pro and better). NOTE: If you say "64GB" here,
1422	  then the kernel will not boot on CPUs that don't support PAE!
1423
1424	  The actual amount of total physical memory will either be
1425	  auto detected or can be forced by using a kernel command line option
1426	  such as "mem=256M". (Try "man bootparam" or see the documentation of
1427	  your boot loader (lilo or loadlin) about how to pass options to the
1428	  kernel at boot time.)
1429
1430	  If unsure, say "off".
1431
1432config HIGHMEM4G
1433	bool "4GB"
1434	help
1435	  Select this if you have a 32-bit processor and between 1 and 4
1436	  gigabytes of physical RAM.
1437
1438config HIGHMEM64G
1439	bool "64GB"
1440	depends on X86_HAVE_PAE
1441	select X86_PAE
1442	help
1443	  Select this if you have a 32-bit processor and more than 4
1444	  gigabytes of physical RAM.
1445
1446endchoice
1447
1448choice
1449	prompt "Memory split" if EXPERT
1450	default VMSPLIT_3G
1451	depends on X86_32
1452	help
1453	  Select the desired split between kernel and user memory.
1454
1455	  If the address range available to the kernel is less than the
1456	  physical memory installed, the remaining memory will be available
1457	  as "high memory". Accessing high memory is a little more costly
1458	  than low memory, as it needs to be mapped into the kernel first.
1459	  Note that increasing the kernel address space limits the range
1460	  available to user programs, making the address space there
1461	  tighter.  Selecting anything other than the default 3G/1G split
1462	  will also likely make your kernel incompatible with binary-only
1463	  kernel modules.
1464
1465	  If you are not absolutely sure what you are doing, leave this
1466	  option alone!
1467
1468	config VMSPLIT_3G
1469		bool "3G/1G user/kernel split"
1470	config VMSPLIT_3G_OPT
1471		depends on !X86_PAE
1472		bool "3G/1G user/kernel split (for full 1G low memory)"
1473	config VMSPLIT_2G
1474		bool "2G/2G user/kernel split"
1475	config VMSPLIT_2G_OPT
1476		depends on !X86_PAE
1477		bool "2G/2G user/kernel split (for full 2G low memory)"
1478	config VMSPLIT_1G
1479		bool "1G/3G user/kernel split"
1480endchoice
1481
1482config PAGE_OFFSET
1483	hex
1484	default 0xB0000000 if VMSPLIT_3G_OPT
1485	default 0x80000000 if VMSPLIT_2G
1486	default 0x78000000 if VMSPLIT_2G_OPT
1487	default 0x40000000 if VMSPLIT_1G
1488	default 0xC0000000
1489	depends on X86_32
1490
1491config HIGHMEM
1492	def_bool y
1493	depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
1494
1495config X86_PAE
1496	bool "PAE (Physical Address Extension) Support"
1497	depends on X86_32 && X86_HAVE_PAE
1498	select PHYS_ADDR_T_64BIT
1499	select SWIOTLB
1500	help
1501	  PAE is required for NX support, and furthermore enables
1502	  larger swapspace support for non-overcommit purposes. It
1503	  has the cost of more pagetable lookup overhead, and also
1504	  consumes more pagetable space per process.
1505
1506config X86_5LEVEL
1507	bool "Enable 5-level page tables support"
1508	default y
1509	select DYNAMIC_MEMORY_LAYOUT
1510	select SPARSEMEM_VMEMMAP
1511	depends on X86_64
1512	help
1513	  5-level paging enables access to larger address space:
1514	  up to 128 PiB of virtual address space and 4 PiB of
1515	  physical address space.
1516
1517	  It will be supported by future Intel CPUs.
1518
1519	  A kernel with the option enabled can be booted on machines that
1520	  support 4- or 5-level paging.
1521
1522	  See Documentation/arch/x86/x86_64/5level-paging.rst for more
1523	  information.
1524
1525	  Say N if unsure.
1526
1527config X86_DIRECT_GBPAGES
1528	def_bool y
1529	depends on X86_64
1530	help
1531	  Certain kernel features effectively disable kernel
1532	  linear 1 GB mappings (even if the CPU otherwise
1533	  supports them), so don't confuse the user by printing
1534	  that we have them enabled.
1535
1536config X86_CPA_STATISTICS
1537	bool "Enable statistic for Change Page Attribute"
1538	depends on DEBUG_FS
1539	help
1540	  Expose statistics about the Change Page Attribute mechanism, which
1541	  helps to determine the effectiveness of preserving large and huge
1542	  page mappings when mapping protections are changed.
1543
1544config X86_MEM_ENCRYPT
1545	select ARCH_HAS_FORCE_DMA_UNENCRYPTED
1546	select DYNAMIC_PHYSICAL_MASK
1547	def_bool n
1548
1549config AMD_MEM_ENCRYPT
1550	bool "AMD Secure Memory Encryption (SME) support"
1551	depends on X86_64 && CPU_SUP_AMD
1552	depends on EFI_STUB
1553	select DMA_COHERENT_POOL
1554	select ARCH_USE_MEMREMAP_PROT
1555	select INSTRUCTION_DECODER
1556	select ARCH_HAS_CC_PLATFORM
1557	select X86_MEM_ENCRYPT
1558	select UNACCEPTED_MEMORY
1559	help
1560	  Say yes to enable support for the encryption of system memory.
1561	  This requires an AMD processor that supports Secure Memory
1562	  Encryption (SME).
1563
1564# Common NUMA Features
1565config NUMA
1566	bool "NUMA Memory Allocation and Scheduler Support"
1567	depends on SMP
1568	depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
1569	default y if X86_BIGSMP
1570	select USE_PERCPU_NUMA_NODE_ID
1571	select OF_NUMA if OF
1572	help
1573	  Enable NUMA (Non-Uniform Memory Access) support.
1574
1575	  The kernel will try to allocate memory used by a CPU on the
1576	  local memory controller of the CPU and add some more
1577	  NUMA awareness to the kernel.
1578
1579	  For 64-bit this is recommended if the system is Intel Core i7
1580	  (or later), AMD Opteron, or EM64T NUMA.
1581
1582	  For 32-bit this is only needed if you boot a 32-bit
1583	  kernel on a 64-bit NUMA platform.
1584
1585	  Otherwise, you should say N.
1586
1587config AMD_NUMA
1588	def_bool y
1589	prompt "Old style AMD Opteron NUMA detection"
1590	depends on X86_64 && NUMA && PCI
1591	help
1592	  Enable AMD NUMA node topology detection.  You should say Y here if
1593	  you have a multi processor AMD system. This uses an old method to
1594	  read the NUMA configuration directly from the builtin Northbridge
1595	  of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
1596	  which also takes priority if both are compiled in.
1597
1598config X86_64_ACPI_NUMA
1599	def_bool y
1600	prompt "ACPI NUMA detection"
1601	depends on X86_64 && NUMA && ACPI && PCI
1602	select ACPI_NUMA
1603	help
1604	  Enable ACPI SRAT based node topology detection.
1605
1606config NODES_SHIFT
1607	int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
1608	range 1 10
1609	default "10" if MAXSMP
1610	default "6" if X86_64
1611	default "3"
1612	depends on NUMA
1613	help
1614	  Specify the maximum number of NUMA Nodes available on the target
1615	  system.  Increases memory reserved to accommodate various tables.
1616
1617config ARCH_FLATMEM_ENABLE
1618	def_bool y
1619	depends on X86_32 && !NUMA
1620
1621config ARCH_SPARSEMEM_ENABLE
1622	def_bool y
1623	depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD
1624	select SPARSEMEM_STATIC if X86_32
1625	select SPARSEMEM_VMEMMAP_ENABLE if X86_64
1626
1627config ARCH_SPARSEMEM_DEFAULT
1628	def_bool X86_64 || (NUMA && X86_32)
1629
1630config ARCH_SELECT_MEMORY_MODEL
1631	def_bool y
1632	depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE
1633
1634config ARCH_MEMORY_PROBE
1635	bool "Enable sysfs memory/probe interface"
1636	depends on MEMORY_HOTPLUG
1637	help
1638	  This option enables a sysfs memory/probe interface for testing.
1639	  See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
1640	  If you are unsure how to answer this question, answer N.
1641
1642config ARCH_PROC_KCORE_TEXT
1643	def_bool y
1644	depends on X86_64 && PROC_KCORE
1645
1646config ILLEGAL_POINTER_VALUE
1647	hex
1648	default 0 if X86_32
1649	default 0xdead000000000000 if X86_64
1650
1651config X86_PMEM_LEGACY_DEVICE
1652	bool
1653
1654config X86_PMEM_LEGACY
1655	tristate "Support non-standard NVDIMMs and ADR protected memory"
1656	depends on PHYS_ADDR_T_64BIT
1657	depends on BLK_DEV
1658	select X86_PMEM_LEGACY_DEVICE
1659	select NUMA_KEEP_MEMINFO if NUMA
1660	select LIBNVDIMM
1661	help
1662	  Treat memory marked using the non-standard e820 type of 12 as used
1663	  by the Intel Sandy Bridge-EP reference BIOS as protected memory.
1664	  The kernel will offer these regions to the 'pmem' driver so
1665	  they can be used for persistent storage.
1666
1667	  Say Y if unsure.
1668
1669config HIGHPTE
1670	bool "Allocate 3rd-level pagetables from highmem"
1671	depends on HIGHMEM
1672	help
1673	  The VM uses one page table entry for each page of physical memory.
1674	  For systems with a lot of RAM, this can be wasteful of precious
1675	  low memory.  Setting this option will put user-space page table
1676	  entries in high memory.
1677
1678config X86_CHECK_BIOS_CORRUPTION
1679	bool "Check for low memory corruption"
1680	help
1681	  Periodically check for memory corruption in low memory, which
1682	  is suspected to be caused by BIOS.  Even when enabled in the
1683	  configuration, it is disabled at runtime.  Enable it by
1684	  setting "memory_corruption_check=1" on the kernel command
1685	  line.  By default it scans the low 64k of memory every 60
1686	  seconds; see the memory_corruption_check_size and
1687	  memory_corruption_check_period parameters in
1688	  Documentation/admin-guide/kernel-parameters.rst to adjust this.
1689
1690	  When enabled with the default parameters, this option has
1691	  almost no overhead, as it reserves a relatively small amount
1692	  of memory and scans it infrequently.  It both detects corruption
1693	  and prevents it from affecting the running system.
1694
1695	  It is, however, intended as a diagnostic tool; if repeatable
1696	  BIOS-originated corruption always affects the same memory,
1697	  you can use memmap= to prevent the kernel from using that
1698	  memory.
1699
1700config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
1701	bool "Set the default setting of memory_corruption_check"
1702	depends on X86_CHECK_BIOS_CORRUPTION
1703	default y
1704	help
1705	  Set whether the default state of memory_corruption_check is
1706	  on or off.
1707
1708config MATH_EMULATION
1709	bool
1710	depends on MODIFY_LDT_SYSCALL
1711	prompt "Math emulation" if X86_32 && (M486SX || MELAN)
1712	help
1713	  Linux can emulate a math coprocessor (used for floating point
1714	  operations) if you don't have one. 486DX and Pentium processors have
1715	  a math coprocessor built in, 486SX and 386 do not, unless you added
1716	  a 487DX or 387, respectively. (The messages during boot time can
1717	  give you some hints here ["man dmesg"].) Everyone needs either a
1718	  coprocessor or this emulation.
1719
1720	  If you don't have a math coprocessor, you need to say Y here; if you
1721	  say Y here even though you have a coprocessor, the coprocessor will
1722	  be used nevertheless. (This behavior can be changed with the kernel
1723	  command line option "no387", which comes handy if your coprocessor
1724	  is broken. Try "man bootparam" or see the documentation of your boot
1725	  loader (lilo or loadlin) about how to pass options to the kernel at
1726	  boot time.) This means that it is a good idea to say Y here if you
1727	  intend to use this kernel on different machines.
1728
1729	  More information about the internals of the Linux math coprocessor
1730	  emulation can be found in <file:arch/x86/math-emu/README>.
1731
1732	  If you are not sure, say Y; apart from resulting in a 66 KB bigger
1733	  kernel, it won't hurt.
1734
1735config MTRR
1736	def_bool y
1737	prompt "MTRR (Memory Type Range Register) support" if EXPERT
1738	help
1739	  On Intel P6 family processors (Pentium Pro, Pentium II and later)
1740	  the Memory Type Range Registers (MTRRs) may be used to control
1741	  processor access to memory ranges. This is most useful if you have
1742	  a video (VGA) card on a PCI or AGP bus. Enabling write-combining
1743	  allows bus write transfers to be combined into a larger transfer
1744	  before bursting over the PCI/AGP bus. This can increase performance
1745	  of image write operations 2.5 times or more. Saying Y here creates a
1746	  /proc/mtrr file which may be used to manipulate your processor's
1747	  MTRRs. Typically the X server should use this.
1748
1749	  This code has a reasonably generic interface so that similar
1750	  control registers on other processors can be easily supported
1751	  as well:
1752
1753	  The Cyrix 6x86, 6x86MX and M II processors have Address Range
1754	  Registers (ARRs) which provide a similar functionality to MTRRs. For
1755	  these, the ARRs are used to emulate the MTRRs.
1756	  The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
1757	  MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
1758	  write-combining. All of these processors are supported by this code
1759	  and it makes sense to say Y here if you have one of them.
1760
1761	  Saying Y here also fixes a problem with buggy SMP BIOSes which only
1762	  set the MTRRs for the boot CPU and not for the secondary CPUs. This
1763	  can lead to all sorts of problems, so it's good to say Y here.
1764
1765	  You can safely say Y even if your machine doesn't have MTRRs, you'll
1766	  just add about 9 KB to your kernel.
1767
1768	  See <file:Documentation/arch/x86/mtrr.rst> for more information.
1769
1770config MTRR_SANITIZER
1771	def_bool y
1772	prompt "MTRR cleanup support"
1773	depends on MTRR
1774	help
1775	  Convert MTRR layout from continuous to discrete, so X drivers can
1776	  add writeback entries.
1777
1778	  Can be disabled with disable_mtrr_cleanup on the kernel command line.
1779	  The largest mtrr entry size for a continuous block can be set with
1780	  mtrr_chunk_size.
1781
1782	  If unsure, say Y.
1783
1784config MTRR_SANITIZER_ENABLE_DEFAULT
1785	int "MTRR cleanup enable value (0-1)"
1786	range 0 1
1787	default "0"
1788	depends on MTRR_SANITIZER
1789	help
1790	  Enable mtrr cleanup default value
1791
1792config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
1793	int "MTRR cleanup spare reg num (0-7)"
1794	range 0 7
1795	default "1"
1796	depends on MTRR_SANITIZER
1797	help
1798	  mtrr cleanup spare entries default, it can be changed via
1799	  mtrr_spare_reg_nr=N on the kernel command line.
1800
1801config X86_PAT
1802	def_bool y
1803	prompt "x86 PAT support" if EXPERT
1804	depends on MTRR
1805	select ARCH_USES_PG_ARCH_2
1806	help
1807	  Use PAT attributes to setup page level cache control.
1808
1809	  PATs are the modern equivalents of MTRRs and are much more
1810	  flexible than MTRRs.
1811
1812	  Say N here if you see bootup problems (boot crash, boot hang,
1813	  spontaneous reboots) or a non-working video driver.
1814
1815	  If unsure, say Y.
1816
1817config X86_UMIP
1818	def_bool y
1819	prompt "User Mode Instruction Prevention" if EXPERT
1820	help
1821	  User Mode Instruction Prevention (UMIP) is a security feature in
1822	  some x86 processors. If enabled, a general protection fault is
1823	  issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are
1824	  executed in user mode. These instructions unnecessarily expose
1825	  information about the hardware state.
1826
1827	  The vast majority of applications do not use these instructions.
1828	  For the very few that do, software emulation is provided in
1829	  specific cases in protected and virtual-8086 modes. Emulated
1830	  results are dummy.
1831
1832config CC_HAS_IBT
1833	# GCC >= 9 and binutils >= 2.29
1834	# Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
1835	# Clang/LLVM >= 14
1836	# https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f
1837	# https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
1838	def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
1839		  (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
1840		  $(as-instr,endbr64)
1841
1842config X86_CET
1843	def_bool n
1844	help
1845	  CET features configured (Shadow stack or IBT)
1846
1847config X86_KERNEL_IBT
1848	prompt "Indirect Branch Tracking"
1849	def_bool y
1850	depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
1851	# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
1852	depends on !LD_IS_LLD || LLD_VERSION >= 140000
1853	select OBJTOOL
1854	select X86_CET
1855	help
1856	  Build the kernel with support for Indirect Branch Tracking, a
1857	  hardware support course-grain forward-edge Control Flow Integrity
1858	  protection. It enforces that all indirect calls must land on
1859	  an ENDBR instruction, as such, the compiler will instrument the
1860	  code with them to make this happen.
1861
1862	  In addition to building the kernel with IBT, seal all functions that
1863	  are not indirect call targets, avoiding them ever becoming one.
1864
1865	  This requires LTO like objtool runs and will slow down the build. It
1866	  does significantly reduce the number of ENDBR instructions in the
1867	  kernel image.
1868
1869config X86_INTEL_MEMORY_PROTECTION_KEYS
1870	prompt "Memory Protection Keys"
1871	def_bool y
1872	# Note: only available in 64-bit mode
1873	depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD)
1874	select ARCH_USES_HIGH_VMA_FLAGS
1875	select ARCH_HAS_PKEYS
1876	help
1877	  Memory Protection Keys provides a mechanism for enforcing
1878	  page-based protections, but without requiring modification of the
1879	  page tables when an application changes protection domains.
1880
1881	  For details, see Documentation/core-api/protection-keys.rst
1882
1883	  If unsure, say y.
1884
1885config ARCH_PKEY_BITS
1886	int
1887	default 4
1888
1889choice
1890	prompt "TSX enable mode"
1891	depends on CPU_SUP_INTEL
1892	default X86_INTEL_TSX_MODE_OFF
1893	help
1894	  Intel's TSX (Transactional Synchronization Extensions) feature
1895	  allows to optimize locking protocols through lock elision which
1896	  can lead to a noticeable performance boost.
1897
1898	  On the other hand it has been shown that TSX can be exploited
1899	  to form side channel attacks (e.g. TAA) and chances are there
1900	  will be more of those attacks discovered in the future.
1901
1902	  Therefore TSX is not enabled by default (aka tsx=off). An admin
1903	  might override this decision by tsx=on the command line parameter.
1904	  Even with TSX enabled, the kernel will attempt to enable the best
1905	  possible TAA mitigation setting depending on the microcode available
1906	  for the particular machine.
1907
1908	  This option allows to set the default tsx mode between tsx=on, =off
1909	  and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
1910	  details.
1911
1912	  Say off if not sure, auto if TSX is in use but it should be used on safe
1913	  platforms or on if TSX is in use and the security aspect of tsx is not
1914	  relevant.
1915
1916config X86_INTEL_TSX_MODE_OFF
1917	bool "off"
1918	help
1919	  TSX is disabled if possible - equals to tsx=off command line parameter.
1920
1921config X86_INTEL_TSX_MODE_ON
1922	bool "on"
1923	help
1924	  TSX is always enabled on TSX capable HW - equals the tsx=on command
1925	  line parameter.
1926
1927config X86_INTEL_TSX_MODE_AUTO
1928	bool "auto"
1929	help
1930	  TSX is enabled on TSX capable HW that is believed to be safe against
1931	  side channel attacks- equals the tsx=auto command line parameter.
1932endchoice
1933
1934config X86_SGX
1935	bool "Software Guard eXtensions (SGX)"
1936	depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC
1937	depends on CRYPTO=y
1938	depends on CRYPTO_SHA256=y
1939	select MMU_NOTIFIER
1940	select NUMA_KEEP_MEMINFO if NUMA
1941	select XARRAY_MULTI
1942	help
1943	  Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions
1944	  that can be used by applications to set aside private regions of code
1945	  and data, referred to as enclaves. An enclave's private memory can
1946	  only be accessed by code running within the enclave. Accesses from
1947	  outside the enclave, including other enclaves, are disallowed by
1948	  hardware.
1949
1950	  If unsure, say N.
1951
1952config X86_USER_SHADOW_STACK
1953	bool "X86 userspace shadow stack"
1954	depends on AS_WRUSS
1955	depends on X86_64
1956	select ARCH_USES_HIGH_VMA_FLAGS
1957	select X86_CET
1958	help
1959	  Shadow stack protection is a hardware feature that detects function
1960	  return address corruption.  This helps mitigate ROP attacks.
1961	  Applications must be enabled to use it, and old userspace does not
1962	  get protection "for free".
1963
1964	  CPUs supporting shadow stacks were first released in 2020.
1965
1966	  See Documentation/arch/x86/shstk.rst for more information.
1967
1968	  If unsure, say N.
1969
1970config INTEL_TDX_HOST
1971	bool "Intel Trust Domain Extensions (TDX) host support"
1972	depends on CPU_SUP_INTEL
1973	depends on X86_64
1974	depends on KVM_INTEL
1975	depends on X86_X2APIC
1976	select ARCH_KEEP_MEMBLOCK
1977	depends on CONTIG_ALLOC
1978	depends on !KEXEC_CORE
1979	depends on X86_MCE
1980	help
1981	  Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
1982	  host and certain physical attacks.  This option enables necessary TDX
1983	  support in the host kernel to run confidential VMs.
1984
1985	  If unsure, say N.
1986
1987config EFI
1988	bool "EFI runtime service support"
1989	depends on ACPI
1990	select UCS2_STRING
1991	select EFI_RUNTIME_WRAPPERS
1992	select ARCH_USE_MEMREMAP_PROT
1993	select EFI_RUNTIME_MAP if KEXEC_CORE
1994	help
1995	  This enables the kernel to use EFI runtime services that are
1996	  available (such as the EFI variable services).
1997
1998	  This option is only useful on systems that have EFI firmware.
1999	  In addition, you should use the latest ELILO loader available
2000	  at <http://elilo.sourceforge.net> in order to take advantage
2001	  of EFI runtime services. However, even with this option, the
2002	  resultant kernel should continue to boot on existing non-EFI
2003	  platforms.
2004
2005config EFI_STUB
2006	bool "EFI stub support"
2007	depends on EFI
2008	select RELOCATABLE
2009	help
2010	  This kernel feature allows a bzImage to be loaded directly
2011	  by EFI firmware without the use of a bootloader.
2012
2013	  See Documentation/admin-guide/efi-stub.rst for more information.
2014
2015config EFI_HANDOVER_PROTOCOL
2016	bool "EFI handover protocol (DEPRECATED)"
2017	depends on EFI_STUB
2018	default y
2019	help
2020	  Select this in order to include support for the deprecated EFI
2021	  handover protocol, which defines alternative entry points into the
2022	  EFI stub.  This is a practice that has no basis in the UEFI
2023	  specification, and requires a priori knowledge on the part of the
2024	  bootloader about Linux/x86 specific ways of passing the command line
2025	  and initrd, and where in memory those assets may be loaded.
2026
2027	  If in doubt, say Y. Even though the corresponding support is not
2028	  present in upstream GRUB or other bootloaders, most distros build
2029	  GRUB with numerous downstream patches applied, and may rely on the
2030	  handover protocol as as result.
2031
2032config EFI_MIXED
2033	bool "EFI mixed-mode support"
2034	depends on EFI_STUB && X86_64
2035	help
2036	  Enabling this feature allows a 64-bit kernel to be booted
2037	  on a 32-bit firmware, provided that your CPU supports 64-bit
2038	  mode.
2039
2040	  Note that it is not possible to boot a mixed-mode enabled
2041	  kernel via the EFI boot stub - a bootloader that supports
2042	  the EFI handover protocol must be used.
2043
2044	  If unsure, say N.
2045
2046config EFI_RUNTIME_MAP
2047	bool "Export EFI runtime maps to sysfs" if EXPERT
2048	depends on EFI
2049	help
2050	  Export EFI runtime memory regions to /sys/firmware/efi/runtime-map.
2051	  That memory map is required by the 2nd kernel to set up EFI virtual
2052	  mappings after kexec, but can also be used for debugging purposes.
2053
2054	  See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
2055
2056source "kernel/Kconfig.hz"
2057
2058config ARCH_SUPPORTS_KEXEC
2059	def_bool y
2060
2061config ARCH_SUPPORTS_KEXEC_FILE
2062	def_bool X86_64
2063
2064config ARCH_SELECTS_KEXEC_FILE
2065	def_bool y
2066	depends on KEXEC_FILE
2067	select HAVE_IMA_KEXEC if IMA
2068
2069config ARCH_SUPPORTS_KEXEC_PURGATORY
2070	def_bool y
2071
2072config ARCH_SUPPORTS_KEXEC_SIG
2073	def_bool y
2074
2075config ARCH_SUPPORTS_KEXEC_SIG_FORCE
2076	def_bool y
2077
2078config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
2079	def_bool y
2080
2081config ARCH_SUPPORTS_KEXEC_JUMP
2082	def_bool y
2083
2084config ARCH_SUPPORTS_CRASH_DUMP
2085	def_bool X86_64 || (X86_32 && HIGHMEM)
2086
2087config ARCH_SUPPORTS_CRASH_HOTPLUG
2088	def_bool y
2089
2090config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION
2091	def_bool CRASH_RESERVE
2092
2093config PHYSICAL_START
2094	hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
2095	default "0x1000000"
2096	help
2097	  This gives the physical address where the kernel is loaded.
2098
2099	  If the kernel is not relocatable (CONFIG_RELOCATABLE=n) then bzImage
2100	  will decompress itself to above physical address and run from there.
2101	  Otherwise, bzImage will run from the address where it has been loaded
2102	  by the boot loader. The only exception is if it is loaded below the
2103	  above physical address, in which case it will relocate itself there.
2104
2105	  In normal kdump cases one does not have to set/change this option
2106	  as now bzImage can be compiled as a completely relocatable image
2107	  (CONFIG_RELOCATABLE=y) and be used to load and run from a different
2108	  address. This option is mainly useful for the folks who don't want
2109	  to use a bzImage for capturing the crash dump and want to use a
2110	  vmlinux instead. vmlinux is not relocatable hence a kernel needs
2111	  to be specifically compiled to run from a specific memory area
2112	  (normally a reserved region) and this option comes handy.
2113
2114	  So if you are using bzImage for capturing the crash dump,
2115	  leave the value here unchanged to 0x1000000 and set
2116	  CONFIG_RELOCATABLE=y.  Otherwise if you plan to use vmlinux
2117	  for capturing the crash dump change this value to start of
2118	  the reserved region.  In other words, it can be set based on
2119	  the "X" value as specified in the "crashkernel=YM@XM"
2120	  command line boot parameter passed to the panic-ed
2121	  kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
2122	  for more details about crash dumps.
2123
2124	  Usage of bzImage for capturing the crash dump is recommended as
2125	  one does not have to build two kernels. Same kernel can be used
2126	  as production kernel and capture kernel. Above option should have
2127	  gone away after relocatable bzImage support is introduced. But it
2128	  is present because there are users out there who continue to use
2129	  vmlinux for dump capture. This option should go away down the
2130	  line.
2131
2132	  Don't change this unless you know what you are doing.
2133
2134config RELOCATABLE
2135	bool "Build a relocatable kernel"
2136	default y
2137	help
2138	  This builds a kernel image that retains relocation information
2139	  so it can be loaded someplace besides the default 1MB.
2140	  The relocations tend to make the kernel binary about 10% larger,
2141	  but are discarded at runtime.
2142
2143	  One use is for the kexec on panic case where the recovery kernel
2144	  must live at a different physical address than the primary
2145	  kernel.
2146
2147	  Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
2148	  it has been loaded at and the compile time physical address
2149	  (CONFIG_PHYSICAL_START) is used as the minimum location.
2150
2151config RANDOMIZE_BASE
2152	bool "Randomize the address of the kernel image (KASLR)"
2153	depends on RELOCATABLE
2154	default y
2155	help
2156	  In support of Kernel Address Space Layout Randomization (KASLR),
2157	  this randomizes the physical address at which the kernel image
2158	  is decompressed and the virtual address where the kernel
2159	  image is mapped, as a security feature that deters exploit
2160	  attempts relying on knowledge of the location of kernel
2161	  code internals.
2162
2163	  On 64-bit, the kernel physical and virtual addresses are
2164	  randomized separately. The physical address will be anywhere
2165	  between 16MB and the top of physical memory (up to 64TB). The
2166	  virtual address will be randomized from 16MB up to 1GB (9 bits
2167	  of entropy). Note that this also reduces the memory space
2168	  available to kernel modules from 1.5GB to 1GB.
2169
2170	  On 32-bit, the kernel physical and virtual addresses are
2171	  randomized together. They will be randomized from 16MB up to
2172	  512MB (8 bits of entropy).
2173
2174	  Entropy is generated using the RDRAND instruction if it is
2175	  supported. If RDTSC is supported, its value is mixed into
2176	  the entropy pool as well. If neither RDRAND nor RDTSC are
2177	  supported, then entropy is read from the i8254 timer. The
2178	  usable entropy is limited by the kernel being built using
2179	  2GB addressing, and that PHYSICAL_ALIGN must be at a
2180	  minimum of 2MB. As a result, only 10 bits of entropy are
2181	  theoretically possible, but the implementations are further
2182	  limited due to memory layouts.
2183
2184	  If unsure, say Y.
2185
2186# Relocation on x86 needs some additional build support
2187config X86_NEED_RELOCS
2188	def_bool y
2189	depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
2190
2191config PHYSICAL_ALIGN
2192	hex "Alignment value to which kernel should be aligned"
2193	default "0x200000"
2194	range 0x2000 0x1000000 if X86_32
2195	range 0x200000 0x1000000 if X86_64
2196	help
2197	  This value puts the alignment restrictions on physical address
2198	  where kernel is loaded and run from. Kernel is compiled for an
2199	  address which meets above alignment restriction.
2200
2201	  If bootloader loads the kernel at a non-aligned address and
2202	  CONFIG_RELOCATABLE is set, kernel will move itself to nearest
2203	  address aligned to above value and run from there.
2204
2205	  If bootloader loads the kernel at a non-aligned address and
2206	  CONFIG_RELOCATABLE is not set, kernel will ignore the run time
2207	  load address and decompress itself to the address it has been
2208	  compiled for and run from there. The address for which kernel is
2209	  compiled already meets above alignment restrictions. Hence the
2210	  end result is that kernel runs from a physical address meeting
2211	  above alignment restrictions.
2212
2213	  On 32-bit this value must be a multiple of 0x2000. On 64-bit
2214	  this value must be a multiple of 0x200000.
2215
2216	  Don't change this unless you know what you are doing.
2217
2218config DYNAMIC_MEMORY_LAYOUT
2219	bool
2220	help
2221	  This option makes base addresses of vmalloc and vmemmap as well as
2222	  __PAGE_OFFSET movable during boot.
2223
2224config RANDOMIZE_MEMORY
2225	bool "Randomize the kernel memory sections"
2226	depends on X86_64
2227	depends on RANDOMIZE_BASE
2228	select DYNAMIC_MEMORY_LAYOUT
2229	default RANDOMIZE_BASE
2230	help
2231	  Randomizes the base virtual address of kernel memory sections
2232	  (physical memory mapping, vmalloc & vmemmap). This security feature
2233	  makes exploits relying on predictable memory locations less reliable.
2234
2235	  The order of allocations remains unchanged. Entropy is generated in
2236	  the same way as RANDOMIZE_BASE. Current implementation in the optimal
2237	  configuration have in average 30,000 different possible virtual
2238	  addresses for each memory section.
2239
2240	  If unsure, say Y.
2241
2242config RANDOMIZE_MEMORY_PHYSICAL_PADDING
2243	hex "Physical memory mapping padding" if EXPERT
2244	depends on RANDOMIZE_MEMORY
2245	default "0xa" if MEMORY_HOTPLUG
2246	default "0x0"
2247	range 0x1 0x40 if MEMORY_HOTPLUG
2248	range 0x0 0x40
2249	help
2250	  Define the padding in terabytes added to the existing physical
2251	  memory size during kernel memory randomization. It is useful
2252	  for memory hotplug support but reduces the entropy available for
2253	  address randomization.
2254
2255	  If unsure, leave at the default value.
2256
2257config ADDRESS_MASKING
2258	bool "Linear Address Masking support"
2259	depends on X86_64
2260	depends on COMPILE_TEST || !CPU_MITIGATIONS # wait for LASS
2261	help
2262	  Linear Address Masking (LAM) modifies the checking that is applied
2263	  to 64-bit linear addresses, allowing software to use of the
2264	  untranslated address bits for metadata.
2265
2266	  The capability can be used for efficient address sanitizers (ASAN)
2267	  implementation and for optimizations in JITs.
2268
2269config HOTPLUG_CPU
2270	def_bool y
2271	depends on SMP
2272
2273config COMPAT_VDSO
2274	def_bool n
2275	prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
2276	depends on COMPAT_32
2277	help
2278	  Certain buggy versions of glibc will crash if they are
2279	  presented with a 32-bit vDSO that is not mapped at the address
2280	  indicated in its segment table.
2281
2282	  The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
2283	  and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
2284	  49ad572a70b8aeb91e57483a11dd1b77e31c4468.  Glibc 2.3.3 is
2285	  the only released version with the bug, but OpenSUSE 9
2286	  contains a buggy "glibc 2.3.2".
2287
2288	  The symptom of the bug is that everything crashes on startup, saying:
2289	  dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
2290
2291	  Saying Y here changes the default value of the vdso32 boot
2292	  option from 1 to 0, which turns off the 32-bit vDSO entirely.
2293	  This works around the glibc bug but hurts performance.
2294
2295	  If unsure, say N: if you are compiling your own kernel, you
2296	  are unlikely to be using a buggy version of glibc.
2297
2298choice
2299	prompt "vsyscall table for legacy applications"
2300	depends on X86_64
2301	default LEGACY_VSYSCALL_XONLY
2302	help
2303	  Legacy user code that does not know how to find the vDSO expects
2304	  to be able to issue three syscalls by calling fixed addresses in
2305	  kernel space. Since this location is not randomized with ASLR,
2306	  it can be used to assist security vulnerability exploitation.
2307
2308	  This setting can be changed at boot time via the kernel command
2309	  line parameter vsyscall=[emulate|xonly|none].  Emulate mode
2310	  is deprecated and can only be enabled using the kernel command
2311	  line.
2312
2313	  On a system with recent enough glibc (2.14 or newer) and no
2314	  static binaries, you can say None without a performance penalty
2315	  to improve security.
2316
2317	  If unsure, select "Emulate execution only".
2318
2319	config LEGACY_VSYSCALL_XONLY
2320		bool "Emulate execution only"
2321		help
2322		  The kernel traps and emulates calls into the fixed vsyscall
2323		  address mapping and does not allow reads.  This
2324		  configuration is recommended when userspace might use the
2325		  legacy vsyscall area but support for legacy binary
2326		  instrumentation of legacy code is not needed.  It mitigates
2327		  certain uses of the vsyscall area as an ASLR-bypassing
2328		  buffer.
2329
2330	config LEGACY_VSYSCALL_NONE
2331		bool "None"
2332		help
2333		  There will be no vsyscall mapping at all. This will
2334		  eliminate any risk of ASLR bypass due to the vsyscall
2335		  fixed address mapping. Attempts to use the vsyscalls
2336		  will be reported to dmesg, so that either old or
2337		  malicious userspace programs can be identified.
2338
2339endchoice
2340
2341config CMDLINE_BOOL
2342	bool "Built-in kernel command line"
2343	help
2344	  Allow for specifying boot arguments to the kernel at
2345	  build time.  On some systems (e.g. embedded ones), it is
2346	  necessary or convenient to provide some or all of the
2347	  kernel boot arguments with the kernel itself (that is,
2348	  to not rely on the boot loader to provide them.)
2349
2350	  To compile command line arguments into the kernel,
2351	  set this option to 'Y', then fill in the
2352	  boot arguments in CONFIG_CMDLINE.
2353
2354	  Systems with fully functional boot loaders (i.e. non-embedded)
2355	  should leave this option set to 'N'.
2356
2357config CMDLINE
2358	string "Built-in kernel command string"
2359	depends on CMDLINE_BOOL
2360	default ""
2361	help
2362	  Enter arguments here that should be compiled into the kernel
2363	  image and used at boot time.  If the boot loader provides a
2364	  command line at boot time, it is appended to this string to
2365	  form the full kernel command line, when the system boots.
2366
2367	  However, you can use the CONFIG_CMDLINE_OVERRIDE option to
2368	  change this behavior.
2369
2370	  In most cases, the command line (whether built-in or provided
2371	  by the boot loader) should specify the device for the root
2372	  file system.
2373
2374config CMDLINE_OVERRIDE
2375	bool "Built-in command line overrides boot loader arguments"
2376	depends on CMDLINE_BOOL && CMDLINE != ""
2377	help
2378	  Set this option to 'Y' to have the kernel ignore the boot loader
2379	  command line, and use ONLY the built-in command line.
2380
2381	  This is used to work around broken boot loaders.  This should
2382	  be set to 'N' under normal conditions.
2383
2384config MODIFY_LDT_SYSCALL
2385	bool "Enable the LDT (local descriptor table)" if EXPERT
2386	default y
2387	help
2388	  Linux can allow user programs to install a per-process x86
2389	  Local Descriptor Table (LDT) using the modify_ldt(2) system
2390	  call.  This is required to run 16-bit or segmented code such as
2391	  DOSEMU or some Wine programs.  It is also used by some very old
2392	  threading libraries.
2393
2394	  Enabling this feature adds a small amount of overhead to
2395	  context switches and increases the low-level kernel attack
2396	  surface.  Disabling it removes the modify_ldt(2) system call.
2397
2398	  Saying 'N' here may make sense for embedded or server kernels.
2399
2400config STRICT_SIGALTSTACK_SIZE
2401	bool "Enforce strict size checking for sigaltstack"
2402	depends on DYNAMIC_SIGFRAME
2403	help
2404	  For historical reasons MINSIGSTKSZ is a constant which became
2405	  already too small with AVX512 support. Add a mechanism to
2406	  enforce strict checking of the sigaltstack size against the
2407	  real size of the FPU frame. This option enables the check
2408	  by default. It can also be controlled via the kernel command
2409	  line option 'strict_sas_size' independent of this config
2410	  switch. Enabling it might break existing applications which
2411	  allocate a too small sigaltstack but 'work' because they
2412	  never get a signal delivered.
2413
2414	  Say 'N' unless you want to really enforce this check.
2415
2416config CFI_AUTO_DEFAULT
2417	bool "Attempt to use FineIBT by default at boot time"
2418	depends on FINEIBT
2419	default y
2420	help
2421	  Attempt to use FineIBT by default at boot time. If enabled,
2422	  this is the same as booting with "cfi=auto". If disabled,
2423	  this is the same as booting with "cfi=kcfi".
2424
2425source "kernel/livepatch/Kconfig"
2426
2427endmenu
2428
2429config CC_HAS_NAMED_AS
2430	def_bool $(success,echo 'int __seg_fs fs; int __seg_gs gs;' | $(CC) -x c - -S -o /dev/null)
2431	depends on CC_IS_GCC
2432
2433config CC_HAS_NAMED_AS_FIXED_SANITIZERS
2434	def_bool CC_IS_GCC && GCC_VERSION >= 130300
2435
2436config USE_X86_SEG_SUPPORT
2437	def_bool y
2438	depends on CC_HAS_NAMED_AS
2439	#
2440	# -fsanitize=kernel-address (KASAN) and -fsanitize=thread
2441	# (KCSAN) are incompatible with named address spaces with
2442	# GCC < 13.3 - see GCC PR sanitizer/111736.
2443	#
2444	depends on !(KASAN || KCSAN) || CC_HAS_NAMED_AS_FIXED_SANITIZERS
2445
2446config CC_HAS_SLS
2447	def_bool $(cc-option,-mharden-sls=all)
2448
2449config CC_HAS_RETURN_THUNK
2450	def_bool $(cc-option,-mfunction-return=thunk-extern)
2451
2452config CC_HAS_ENTRY_PADDING
2453	def_bool $(cc-option,-fpatchable-function-entry=16,16)
2454
2455config FUNCTION_PADDING_CFI
2456	int
2457	default 59 if FUNCTION_ALIGNMENT_64B
2458	default 27 if FUNCTION_ALIGNMENT_32B
2459	default 11 if FUNCTION_ALIGNMENT_16B
2460	default  3 if FUNCTION_ALIGNMENT_8B
2461	default  0
2462
2463# Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG
2464# except Kconfig can't do arithmetic :/
2465config FUNCTION_PADDING_BYTES
2466	int
2467	default FUNCTION_PADDING_CFI if CFI_CLANG
2468	default FUNCTION_ALIGNMENT
2469
2470config CALL_PADDING
2471	def_bool n
2472	depends on CC_HAS_ENTRY_PADDING && OBJTOOL
2473	select FUNCTION_ALIGNMENT_16B
2474
2475config FINEIBT
2476	def_bool y
2477	depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE
2478	select CALL_PADDING
2479
2480config HAVE_CALL_THUNKS
2481	def_bool y
2482	depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL
2483
2484config CALL_THUNKS
2485	def_bool n
2486	select CALL_PADDING
2487
2488config PREFIX_SYMBOLS
2489	def_bool y
2490	depends on CALL_PADDING && !CFI_CLANG
2491
2492menuconfig CPU_MITIGATIONS
2493	bool "Mitigations for CPU vulnerabilities"
2494	default y
2495	help
2496	  Say Y here to enable options which enable mitigations for hardware
2497	  vulnerabilities (usually related to speculative execution).
2498	  Mitigations can be disabled or restricted to SMT systems at runtime
2499	  via the "mitigations" kernel parameter.
2500
2501	  If you say N, all mitigations will be disabled.  This CANNOT be
2502	  overridden at runtime.
2503
2504	  Say 'Y', unless you really know what you are doing.
2505
2506if CPU_MITIGATIONS
2507
2508config MITIGATION_PAGE_TABLE_ISOLATION
2509	bool "Remove the kernel mapping in user mode"
2510	default y
2511	depends on (X86_64 || X86_PAE)
2512	help
2513	  This feature reduces the number of hardware side channels by
2514	  ensuring that the majority of kernel addresses are not mapped
2515	  into userspace.
2516
2517	  See Documentation/arch/x86/pti.rst for more details.
2518
2519config MITIGATION_RETPOLINE
2520	bool "Avoid speculative indirect branches in kernel"
2521	select OBJTOOL if HAVE_OBJTOOL
2522	default y
2523	help
2524	  Compile kernel with the retpoline compiler options to guard against
2525	  kernel-to-user data leaks by avoiding speculative indirect
2526	  branches. Requires a compiler with -mindirect-branch=thunk-extern
2527	  support for full protection. The kernel may run slower.
2528
2529config MITIGATION_RETHUNK
2530	bool "Enable return-thunks"
2531	depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK
2532	select OBJTOOL if HAVE_OBJTOOL
2533	default y if X86_64
2534	help
2535	  Compile the kernel with the return-thunks compiler option to guard
2536	  against kernel-to-user data leaks by avoiding return speculation.
2537	  Requires a compiler with -mfunction-return=thunk-extern
2538	  support for full protection. The kernel may run slower.
2539
2540config MITIGATION_UNRET_ENTRY
2541	bool "Enable UNRET on kernel entry"
2542	depends on CPU_SUP_AMD && MITIGATION_RETHUNK && X86_64
2543	default y
2544	help
2545	  Compile the kernel with support for the retbleed=unret mitigation.
2546
2547config MITIGATION_CALL_DEPTH_TRACKING
2548	bool "Mitigate RSB underflow with call depth tracking"
2549	depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS
2550	select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
2551	select CALL_THUNKS
2552	default y
2553	help
2554	  Compile the kernel with call depth tracking to mitigate the Intel
2555	  SKL Return-Speculation-Buffer (RSB) underflow issue. The
2556	  mitigation is off by default and needs to be enabled on the
2557	  kernel command line via the retbleed=stuff option. For
2558	  non-affected systems the overhead of this option is marginal as
2559	  the call depth tracking is using run-time generated call thunks
2560	  in a compiler generated padding area and call patching. This
2561	  increases text size by ~5%. For non affected systems this space
2562	  is unused. On affected SKL systems this results in a significant
2563	  performance gain over the IBRS mitigation.
2564
2565config CALL_THUNKS_DEBUG
2566	bool "Enable call thunks and call depth tracking debugging"
2567	depends on MITIGATION_CALL_DEPTH_TRACKING
2568	select FUNCTION_ALIGNMENT_32B
2569	default n
2570	help
2571	  Enable call/ret counters for imbalance detection and build in
2572	  a noisy dmesg about callthunks generation and call patching for
2573	  trouble shooting. The debug prints need to be enabled on the
2574	  kernel command line with 'debug-callthunks'.
2575	  Only enable this when you are debugging call thunks as this
2576	  creates a noticeable runtime overhead. If unsure say N.
2577
2578config MITIGATION_IBPB_ENTRY
2579	bool "Enable IBPB on kernel entry"
2580	depends on CPU_SUP_AMD && X86_64
2581	default y
2582	help
2583	  Compile the kernel with support for the retbleed=ibpb mitigation.
2584
2585config MITIGATION_IBRS_ENTRY
2586	bool "Enable IBRS on kernel entry"
2587	depends on CPU_SUP_INTEL && X86_64
2588	default y
2589	help
2590	  Compile the kernel with support for the spectre_v2=ibrs mitigation.
2591	  This mitigates both spectre_v2 and retbleed at great cost to
2592	  performance.
2593
2594config MITIGATION_SRSO
2595	bool "Mitigate speculative RAS overflow on AMD"
2596	depends on CPU_SUP_AMD && X86_64 && MITIGATION_RETHUNK
2597	default y
2598	help
2599	  Enable the SRSO mitigation needed on AMD Zen1-4 machines.
2600
2601config MITIGATION_SLS
2602	bool "Mitigate Straight-Line-Speculation"
2603	depends on CC_HAS_SLS && X86_64
2604	select OBJTOOL if HAVE_OBJTOOL
2605	default n
2606	help
2607	  Compile the kernel with straight-line-speculation options to guard
2608	  against straight line speculation. The kernel image might be slightly
2609	  larger.
2610
2611config MITIGATION_GDS
2612	bool "Mitigate Gather Data Sampling"
2613	depends on CPU_SUP_INTEL
2614	default y
2615	help
2616	  Enable mitigation for Gather Data Sampling (GDS). GDS is a hardware
2617	  vulnerability which allows unprivileged speculative access to data
2618	  which was previously stored in vector registers. The attacker uses gather
2619	  instructions to infer the stale vector register data.
2620
2621config MITIGATION_RFDS
2622	bool "RFDS Mitigation"
2623	depends on CPU_SUP_INTEL
2624	default y
2625	help
2626	  Enable mitigation for Register File Data Sampling (RFDS) by default.
2627	  RFDS is a hardware vulnerability which affects Intel Atom CPUs. It
2628	  allows unprivileged speculative access to stale data previously
2629	  stored in floating point, vector and integer registers.
2630	  See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst>
2631
2632config MITIGATION_SPECTRE_BHI
2633	bool "Mitigate Spectre-BHB (Branch History Injection)"
2634	depends on CPU_SUP_INTEL
2635	default y
2636	help
2637	  Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks
2638	  where the branch history buffer is poisoned to speculatively steer
2639	  indirect branches.
2640	  See <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2641
2642config MITIGATION_MDS
2643	bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug"
2644	depends on CPU_SUP_INTEL
2645	default y
2646	help
2647	  Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is
2648	  a hardware vulnerability which allows unprivileged speculative access
2649	  to data which is available in various CPU internal buffers.
2650	  See also <file:Documentation/admin-guide/hw-vuln/mds.rst>
2651
2652config MITIGATION_TAA
2653	bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug"
2654	depends on CPU_SUP_INTEL
2655	default y
2656	help
2657	  Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware
2658	  vulnerability that allows unprivileged speculative access to data
2659	  which is available in various CPU internal buffers by using
2660	  asynchronous aborts within an Intel TSX transactional region.
2661	  See also <file:Documentation/admin-guide/hw-vuln/tsx_async_abort.rst>
2662
2663config MITIGATION_MMIO_STALE_DATA
2664	bool "Mitigate MMIO Stale Data hardware bug"
2665	depends on CPU_SUP_INTEL
2666	default y
2667	help
2668	  Enable mitigation for MMIO Stale Data hardware bugs.  Processor MMIO
2669	  Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO)
2670	  vulnerabilities that can expose data. The vulnerabilities require the
2671	  attacker to have access to MMIO.
2672	  See also
2673	  <file:Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst>
2674
2675config MITIGATION_L1TF
2676	bool "Mitigate L1 Terminal Fault (L1TF) hardware bug"
2677	depends on CPU_SUP_INTEL
2678	default y
2679	help
2680	  Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a
2681	  hardware vulnerability which allows unprivileged speculative access to data
2682	  available in the Level 1 Data Cache.
2683	  See <file:Documentation/admin-guide/hw-vuln/l1tf.rst
2684
2685config MITIGATION_RETBLEED
2686	bool "Mitigate RETBleed hardware bug"
2687	depends on (CPU_SUP_INTEL && MITIGATION_SPECTRE_V2) || MITIGATION_UNRET_ENTRY || MITIGATION_IBPB_ENTRY
2688	default y
2689	help
2690	  Enable mitigation for RETBleed (Arbitrary Speculative Code Execution
2691	  with Return Instructions) vulnerability.  RETBleed is a speculative
2692	  execution attack which takes advantage of microarchitectural behavior
2693	  in many modern microprocessors, similar to Spectre v2. An
2694	  unprivileged attacker can use these flaws to bypass conventional
2695	  memory security restrictions to gain read access to privileged memory
2696	  that would otherwise be inaccessible.
2697
2698config MITIGATION_SPECTRE_V1
2699	bool "Mitigate SPECTRE V1 hardware bug"
2700	default y
2701	help
2702	  Enable mitigation for Spectre V1 (Bounds Check Bypass). Spectre V1 is a
2703	  class of side channel attacks that takes advantage of speculative
2704	  execution that bypasses conditional branch instructions used for
2705	  memory access bounds check.
2706	  See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2707
2708config MITIGATION_SPECTRE_V2
2709	bool "Mitigate SPECTRE V2 hardware bug"
2710	default y
2711	help
2712	  Enable mitigation for Spectre V2 (Branch Target Injection). Spectre
2713	  V2 is a class of side channel attacks that takes advantage of
2714	  indirect branch predictors inside the processor. In Spectre variant 2
2715	  attacks, the attacker can steer speculative indirect branches in the
2716	  victim to gadget code by poisoning the branch target buffer of a CPU
2717	  used for predicting indirect branch addresses.
2718	  See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2719
2720config MITIGATION_SRBDS
2721	bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug"
2722	depends on CPU_SUP_INTEL
2723	default y
2724	help
2725	  Enable mitigation for Special Register Buffer Data Sampling (SRBDS).
2726	  SRBDS is a hardware vulnerability that allows Microarchitectural Data
2727	  Sampling (MDS) techniques to infer values returned from special
2728	  register accesses. An unprivileged user can extract values returned
2729	  from RDRAND and RDSEED executed on another core or sibling thread
2730	  using MDS techniques.
2731	  See also
2732	  <file:Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst>
2733
2734config MITIGATION_SSB
2735	bool "Mitigate Speculative Store Bypass (SSB) hardware bug"
2736	default y
2737	help
2738	  Enable mitigation for Speculative Store Bypass (SSB). SSB is a
2739	  hardware security vulnerability and its exploitation takes advantage
2740	  of speculative execution in a similar way to the Meltdown and Spectre
2741	  security vulnerabilities.
2742
2743endif
2744
2745config ARCH_HAS_ADD_PAGES
2746	def_bool y
2747	depends on ARCH_ENABLE_MEMORY_HOTPLUG
2748
2749menu "Power management and ACPI options"
2750
2751config ARCH_HIBERNATION_HEADER
2752	def_bool y
2753	depends on HIBERNATION
2754
2755source "kernel/power/Kconfig"
2756
2757source "drivers/acpi/Kconfig"
2758
2759config X86_APM_BOOT
2760	def_bool y
2761	depends on APM
2762
2763menuconfig APM
2764	tristate "APM (Advanced Power Management) BIOS support"
2765	depends on X86_32 && PM_SLEEP
2766	help
2767	  APM is a BIOS specification for saving power using several different
2768	  techniques. This is mostly useful for battery powered laptops with
2769	  APM compliant BIOSes. If you say Y here, the system time will be
2770	  reset after a RESUME operation, the /proc/apm device will provide
2771	  battery status information, and user-space programs will receive
2772	  notification of APM "events" (e.g. battery status change).
2773
2774	  If you select "Y" here, you can disable actual use of the APM
2775	  BIOS by passing the "apm=off" option to the kernel at boot time.
2776
2777	  Note that the APM support is almost completely disabled for
2778	  machines with more than one CPU.
2779
2780	  In order to use APM, you will need supporting software. For location
2781	  and more information, read <file:Documentation/power/apm-acpi.rst>
2782	  and the Battery Powered Linux mini-HOWTO, available from
2783	  <http://www.tldp.org/docs.html#howto>.
2784
2785	  This driver does not spin down disk drives (see the hdparm(8)
2786	  manpage ("man 8 hdparm") for that), and it doesn't turn off
2787	  VESA-compliant "green" monitors.
2788
2789	  This driver does not support the TI 4000M TravelMate and the ACER
2790	  486/DX4/75 because they don't have compliant BIOSes. Many "green"
2791	  desktop machines also don't have compliant BIOSes, and this driver
2792	  may cause those machines to panic during the boot phase.
2793
2794	  Generally, if you don't have a battery in your machine, there isn't
2795	  much point in using this driver and you should say N. If you get
2796	  random kernel OOPSes or reboots that don't seem to be related to
2797	  anything, try disabling/enabling this option (or disabling/enabling
2798	  APM in your BIOS).
2799
2800	  Some other things you should try when experiencing seemingly random,
2801	  "weird" problems:
2802
2803	  1) make sure that you have enough swap space and that it is
2804	  enabled.
2805	  2) pass the "idle=poll" option to the kernel
2806	  3) switch on floating point emulation in the kernel and pass
2807	  the "no387" option to the kernel
2808	  4) pass the "floppy=nodma" option to the kernel
2809	  5) pass the "mem=4M" option to the kernel (thereby disabling
2810	  all but the first 4 MB of RAM)
2811	  6) make sure that the CPU is not over clocked.
2812	  7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
2813	  8) disable the cache from your BIOS settings
2814	  9) install a fan for the video card or exchange video RAM
2815	  10) install a better fan for the CPU
2816	  11) exchange RAM chips
2817	  12) exchange the motherboard.
2818
2819	  To compile this driver as a module, choose M here: the
2820	  module will be called apm.
2821
2822if APM
2823
2824config APM_IGNORE_USER_SUSPEND
2825	bool "Ignore USER SUSPEND"
2826	help
2827	  This option will ignore USER SUSPEND requests. On machines with a
2828	  compliant APM BIOS, you want to say N. However, on the NEC Versa M
2829	  series notebooks, it is necessary to say Y because of a BIOS bug.
2830
2831config APM_DO_ENABLE
2832	bool "Enable PM at boot time"
2833	help
2834	  Enable APM features at boot time. From page 36 of the APM BIOS
2835	  specification: "When disabled, the APM BIOS does not automatically
2836	  power manage devices, enter the Standby State, enter the Suspend
2837	  State, or take power saving steps in response to CPU Idle calls."
2838	  This driver will make CPU Idle calls when Linux is idle (unless this
2839	  feature is turned off -- see "Do CPU IDLE calls", below). This
2840	  should always save battery power, but more complicated APM features
2841	  will be dependent on your BIOS implementation. You may need to turn
2842	  this option off if your computer hangs at boot time when using APM
2843	  support, or if it beeps continuously instead of suspending. Turn
2844	  this off if you have a NEC UltraLite Versa 33/C or a Toshiba
2845	  T400CDT. This is off by default since most machines do fine without
2846	  this feature.
2847
2848config APM_CPU_IDLE
2849	depends on CPU_IDLE
2850	bool "Make CPU Idle calls when idle"
2851	help
2852	  Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
2853	  On some machines, this can activate improved power savings, such as
2854	  a slowed CPU clock rate, when the machine is idle. These idle calls
2855	  are made after the idle loop has run for some length of time (e.g.,
2856	  333 mS). On some machines, this will cause a hang at boot time or
2857	  whenever the CPU becomes idle. (On machines with more than one CPU,
2858	  this option does nothing.)
2859
2860config APM_DISPLAY_BLANK
2861	bool "Enable console blanking using APM"
2862	help
2863	  Enable console blanking using the APM. Some laptops can use this to
2864	  turn off the LCD backlight when the screen blanker of the Linux
2865	  virtual console blanks the screen. Note that this is only used by
2866	  the virtual console screen blanker, and won't turn off the backlight
2867	  when using the X Window system. This also doesn't have anything to
2868	  do with your VESA-compliant power-saving monitor. Further, this
2869	  option doesn't work for all laptops -- it might not turn off your
2870	  backlight at all, or it might print a lot of errors to the console,
2871	  especially if you are using gpm.
2872
2873config APM_ALLOW_INTS
2874	bool "Allow interrupts during APM BIOS calls"
2875	help
2876	  Normally we disable external interrupts while we are making calls to
2877	  the APM BIOS as a measure to lessen the effects of a badly behaving
2878	  BIOS implementation.  The BIOS should reenable interrupts if it
2879	  needs to.  Unfortunately, some BIOSes do not -- especially those in
2880	  many of the newer IBM Thinkpads.  If you experience hangs when you
2881	  suspend, try setting this to Y.  Otherwise, say N.
2882
2883endif # APM
2884
2885source "drivers/cpufreq/Kconfig"
2886
2887source "drivers/cpuidle/Kconfig"
2888
2889source "drivers/idle/Kconfig"
2890
2891endmenu
2892
2893menu "Bus options (PCI etc.)"
2894
2895choice
2896	prompt "PCI access mode"
2897	depends on X86_32 && PCI
2898	default PCI_GOANY
2899	help
2900	  On PCI systems, the BIOS can be used to detect the PCI devices and
2901	  determine their configuration. However, some old PCI motherboards
2902	  have BIOS bugs and may crash if this is done. Also, some embedded
2903	  PCI-based systems don't have any BIOS at all. Linux can also try to
2904	  detect the PCI hardware directly without using the BIOS.
2905
2906	  With this option, you can specify how Linux should detect the
2907	  PCI devices. If you choose "BIOS", the BIOS will be used,
2908	  if you choose "Direct", the BIOS won't be used, and if you
2909	  choose "MMConfig", then PCI Express MMCONFIG will be used.
2910	  If you choose "Any", the kernel will try MMCONFIG, then the
2911	  direct access method and falls back to the BIOS if that doesn't
2912	  work. If unsure, go with the default, which is "Any".
2913
2914config PCI_GOBIOS
2915	bool "BIOS"
2916
2917config PCI_GOMMCONFIG
2918	bool "MMConfig"
2919
2920config PCI_GODIRECT
2921	bool "Direct"
2922
2923config PCI_GOOLPC
2924	bool "OLPC XO-1"
2925	depends on OLPC
2926
2927config PCI_GOANY
2928	bool "Any"
2929
2930endchoice
2931
2932config PCI_BIOS
2933	def_bool y
2934	depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
2935
2936# x86-64 doesn't support PCI BIOS access from long mode so always go direct.
2937config PCI_DIRECT
2938	def_bool y
2939	depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
2940
2941config PCI_MMCONFIG
2942	bool "Support mmconfig PCI config space access" if X86_64
2943	default y
2944	depends on PCI && (ACPI || JAILHOUSE_GUEST)
2945	depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
2946
2947config PCI_OLPC
2948	def_bool y
2949	depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
2950
2951config PCI_XEN
2952	def_bool y
2953	depends on PCI && XEN
2954
2955config MMCONF_FAM10H
2956	def_bool y
2957	depends on X86_64 && PCI_MMCONFIG && ACPI
2958
2959config PCI_CNB20LE_QUIRK
2960	bool "Read CNB20LE Host Bridge Windows" if EXPERT
2961	depends on PCI
2962	help
2963	  Read the PCI windows out of the CNB20LE host bridge. This allows
2964	  PCI hotplug to work on systems with the CNB20LE chipset which do
2965	  not have ACPI.
2966
2967	  There's no public spec for this chipset, and this functionality
2968	  is known to be incomplete.
2969
2970	  You should say N unless you know you need this.
2971
2972config ISA_BUS
2973	bool "ISA bus support on modern systems" if EXPERT
2974	help
2975	  Expose ISA bus device drivers and options available for selection and
2976	  configuration. Enable this option if your target machine has an ISA
2977	  bus. ISA is an older system, displaced by PCI and newer bus
2978	  architectures -- if your target machine is modern, it probably does
2979	  not have an ISA bus.
2980
2981	  If unsure, say N.
2982
2983# x86_64 have no ISA slots, but can have ISA-style DMA.
2984config ISA_DMA_API
2985	bool "ISA-style DMA support" if (X86_64 && EXPERT)
2986	default y
2987	help
2988	  Enables ISA-style DMA support for devices requiring such controllers.
2989	  If unsure, say Y.
2990
2991if X86_32
2992
2993config ISA
2994	bool "ISA support"
2995	help
2996	  Find out whether you have ISA slots on your motherboard.  ISA is the
2997	  name of a bus system, i.e. the way the CPU talks to the other stuff
2998	  inside your box.  Other bus systems are PCI, EISA, MicroChannel
2999	  (MCA) or VESA.  ISA is an older system, now being displaced by PCI;
3000	  newer boards don't support it.  If you have ISA, say Y, otherwise N.
3001
3002config SCx200
3003	tristate "NatSemi SCx200 support"
3004	help
3005	  This provides basic support for National Semiconductor's
3006	  (now AMD's) Geode processors.  The driver probes for the
3007	  PCI-IDs of several on-chip devices, so its a good dependency
3008	  for other scx200_* drivers.
3009
3010	  If compiled as a module, the driver is named scx200.
3011
3012config SCx200HR_TIMER
3013	tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
3014	depends on SCx200
3015	default y
3016	help
3017	  This driver provides a clocksource built upon the on-chip
3018	  27MHz high-resolution timer.  Its also a workaround for
3019	  NSC Geode SC-1100's buggy TSC, which loses time when the
3020	  processor goes idle (as is done by the scheduler).  The
3021	  other workaround is idle=poll boot option.
3022
3023config OLPC
3024	bool "One Laptop Per Child support"
3025	depends on !X86_PAE
3026	select GPIOLIB
3027	select OF
3028	select OF_PROMTREE
3029	select IRQ_DOMAIN
3030	select OLPC_EC
3031	help
3032	  Add support for detecting the unique features of the OLPC
3033	  XO hardware.
3034
3035config OLPC_XO1_PM
3036	bool "OLPC XO-1 Power Management"
3037	depends on OLPC && MFD_CS5535=y && PM_SLEEP
3038	help
3039	  Add support for poweroff and suspend of the OLPC XO-1 laptop.
3040
3041config OLPC_XO1_RTC
3042	bool "OLPC XO-1 Real Time Clock"
3043	depends on OLPC_XO1_PM && RTC_DRV_CMOS
3044	help
3045	  Add support for the XO-1 real time clock, which can be used as a
3046	  programmable wakeup source.
3047
3048config OLPC_XO1_SCI
3049	bool "OLPC XO-1 SCI extras"
3050	depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
3051	depends on INPUT=y
3052	select POWER_SUPPLY
3053	help
3054	  Add support for SCI-based features of the OLPC XO-1 laptop:
3055	   - EC-driven system wakeups
3056	   - Power button
3057	   - Ebook switch
3058	   - Lid switch
3059	   - AC adapter status updates
3060	   - Battery status updates
3061
3062config OLPC_XO15_SCI
3063	bool "OLPC XO-1.5 SCI extras"
3064	depends on OLPC && ACPI
3065	select POWER_SUPPLY
3066	help
3067	  Add support for SCI-based features of the OLPC XO-1.5 laptop:
3068	   - EC-driven system wakeups
3069	   - AC adapter status updates
3070	   - Battery status updates
3071
3072config GEODE_COMMON
3073	bool
3074
3075config ALIX
3076	bool "PCEngines ALIX System Support (LED setup)"
3077	select GPIOLIB
3078	select GEODE_COMMON
3079	help
3080	  This option enables system support for the PCEngines ALIX.
3081	  At present this just sets up LEDs for GPIO control on
3082	  ALIX2/3/6 boards.  However, other system specific setup should
3083	  get added here.
3084
3085	  Note: You must still enable the drivers for GPIO and LED support
3086	  (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
3087
3088	  Note: You have to set alix.force=1 for boards with Award BIOS.
3089
3090config NET5501
3091	bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
3092	select GPIOLIB
3093	select GEODE_COMMON
3094	help
3095	  This option enables system support for the Soekris Engineering net5501.
3096
3097config GEOS
3098	bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
3099	select GPIOLIB
3100	select GEODE_COMMON
3101	depends on DMI
3102	help
3103	  This option enables system support for the Traverse Technologies GEOS.
3104
3105config TS5500
3106	bool "Technologic Systems TS-5500 platform support"
3107	depends on MELAN
3108	select CHECK_SIGNATURE
3109	select NEW_LEDS
3110	select LEDS_CLASS
3111	help
3112	  This option enables system support for the Technologic Systems TS-5500.
3113
3114endif # X86_32
3115
3116config AMD_NB
3117	def_bool y
3118	depends on CPU_SUP_AMD && PCI
3119
3120endmenu
3121
3122menu "Binary Emulations"
3123
3124config IA32_EMULATION
3125	bool "IA32 Emulation"
3126	depends on X86_64
3127	select ARCH_WANT_OLD_COMPAT_IPC
3128	select BINFMT_ELF
3129	select COMPAT_OLD_SIGACTION
3130	help
3131	  Include code to run legacy 32-bit programs under a
3132	  64-bit kernel. You should likely turn this on, unless you're
3133	  100% sure that you don't have any 32-bit programs left.
3134
3135config IA32_EMULATION_DEFAULT_DISABLED
3136	bool "IA32 emulation disabled by default"
3137	default n
3138	depends on IA32_EMULATION
3139	help
3140	  Make IA32 emulation disabled by default. This prevents loading 32-bit
3141	  processes and access to 32-bit syscalls. If unsure, leave it to its
3142	  default value.
3143
3144config X86_X32_ABI
3145	bool "x32 ABI for 64-bit mode"
3146	depends on X86_64
3147	# llvm-objcopy does not convert x86_64 .note.gnu.property or
3148	# compressed debug sections to x86_x32 properly:
3149	# https://github.com/ClangBuiltLinux/linux/issues/514
3150	# https://github.com/ClangBuiltLinux/linux/issues/1141
3151	depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm)
3152	help
3153	  Include code to run binaries for the x32 native 32-bit ABI
3154	  for 64-bit processors.  An x32 process gets access to the
3155	  full 64-bit register file and wide data path while leaving
3156	  pointers at 32 bits for smaller memory footprint.
3157
3158config COMPAT_32
3159	def_bool y
3160	depends on IA32_EMULATION || X86_32
3161	select HAVE_UID16
3162	select OLD_SIGSUSPEND3
3163
3164config COMPAT
3165	def_bool y
3166	depends on IA32_EMULATION || X86_X32_ABI
3167
3168config COMPAT_FOR_U64_ALIGNMENT
3169	def_bool y
3170	depends on COMPAT
3171
3172endmenu
3173
3174config HAVE_ATOMIC_IOMAP
3175	def_bool y
3176	depends on X86_32
3177
3178source "arch/x86/kvm/Kconfig"
3179
3180source "arch/x86/Kconfig.assembler"
3181