Loading...
1# SPDX-License-Identifier: GPL-2.0
2# Select 32 or 64 bit
3config 64BIT
4 bool "64-bit kernel" if "$(ARCH)" = "x86"
5 default "$(ARCH)" != "i386"
6 help
7 Say yes to build a 64-bit kernel - formerly known as x86_64
8 Say no to build a 32-bit kernel - formerly known as i386
9
10config X86_32
11 def_bool y
12 depends on !64BIT
13 # Options that are inherently 32-bit kernel only:
14 select ARCH_WANT_IPC_PARSE_VERSION
15 select CLKSRC_I8253
16 select CLONE_BACKWARDS
17 select GENERIC_VDSO_32
18 select HAVE_DEBUG_STACKOVERFLOW
19 select KMAP_LOCAL
20 select MODULES_USE_ELF_REL
21 select OLD_SIGACTION
22 select ARCH_SPLIT_ARG64
23
24config X86_64
25 def_bool y
26 depends on 64BIT
27 # Options that are inherently 64-bit kernel only:
28 select ARCH_HAS_GIGANTIC_PAGE
29 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
30 select ARCH_USE_CMPXCHG_LOCKREF
31 select HAVE_ARCH_SOFT_DIRTY
32 select MODULES_USE_ELF_RELA
33 select NEED_DMA_MAP_STATE
34 select SWIOTLB
35 select ARCH_HAS_ELFCORE_COMPAT
36 select ZONE_DMA32
37
38config FORCE_DYNAMIC_FTRACE
39 def_bool y
40 depends on X86_32
41 depends on FUNCTION_TRACER
42 select DYNAMIC_FTRACE
43 help
44 We keep the static function tracing (!DYNAMIC_FTRACE) around
45 in order to test the non static function tracing in the
46 generic code, as other architectures still use it. But we
47 only need to keep it around for x86_64. No need to keep it
48 for x86_32. For x86_32, force DYNAMIC_FTRACE.
49#
50# Arch settings
51#
52# ( Note that options that are marked 'if X86_64' could in principle be
53# ported to 32-bit as well. )
54#
55config X86
56 def_bool y
57 #
58 # Note: keep this list sorted alphabetically
59 #
60 select ACPI_LEGACY_TABLES_LOOKUP if ACPI
61 select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI
62 select ARCH_32BIT_OFF_T if X86_32
63 select ARCH_CLOCKSOURCE_INIT
64 select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
65 select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION
66 select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64
67 select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG
68 select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE)
69 select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE
70 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
71 select ARCH_HAS_CACHE_LINE_SIZE
72 select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION
73 select ARCH_HAS_CURRENT_STACK_POINTER
74 select ARCH_HAS_DEBUG_VIRTUAL
75 select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE
76 select ARCH_HAS_DEVMEM_IS_ALLOWED
77 select ARCH_HAS_EARLY_DEBUG if KGDB
78 select ARCH_HAS_ELF_RANDOMIZE
79 select ARCH_HAS_FAST_MULTIPLIER
80 select ARCH_HAS_FORTIFY_SOURCE
81 select ARCH_HAS_GCOV_PROFILE_ALL
82 select ARCH_HAS_KCOV if X86_64
83 select ARCH_HAS_MEM_ENCRYPT
84 select ARCH_HAS_MEMBARRIER_SYNC_CORE
85 select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS
86 select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
87 select ARCH_HAS_PMEM_API if X86_64
88 select ARCH_HAS_PTE_DEVMAP if X86_64
89 select ARCH_HAS_PTE_SPECIAL
90 select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2
91 select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64
92 select ARCH_HAS_COPY_MC if X86_64
93 select ARCH_HAS_SET_MEMORY
94 select ARCH_HAS_SET_DIRECT_MAP
95 select ARCH_HAS_STRICT_KERNEL_RWX
96 select ARCH_HAS_STRICT_MODULE_RWX
97 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
98 select ARCH_HAS_SYSCALL_WRAPPER
99 select ARCH_HAS_UBSAN_SANITIZE_ALL
100 select ARCH_HAS_DEBUG_WX
101 select ARCH_HAS_ZONE_DMA_SET if EXPERT
102 select ARCH_HAVE_NMI_SAFE_CMPXCHG
103 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
104 select ARCH_MIGHT_HAVE_PC_PARPORT
105 select ARCH_MIGHT_HAVE_PC_SERIO
106 select ARCH_STACKWALK
107 select ARCH_SUPPORTS_ACPI
108 select ARCH_SUPPORTS_ATOMIC_RMW
109 select ARCH_SUPPORTS_DEBUG_PAGEALLOC
110 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64
111 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64
112 select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096
113 select ARCH_SUPPORTS_CFI_CLANG if X86_64
114 select ARCH_USES_CFI_TRAPS if X86_64 && CFI_CLANG
115 select ARCH_SUPPORTS_LTO_CLANG
116 select ARCH_SUPPORTS_LTO_CLANG_THIN
117 select ARCH_USE_BUILTIN_BSWAP
118 select ARCH_USE_MEMTEST
119 select ARCH_USE_QUEUED_RWLOCKS
120 select ARCH_USE_QUEUED_SPINLOCKS
121 select ARCH_USE_SYM_ANNOTATIONS
122 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
123 select ARCH_WANT_DEFAULT_BPF_JIT if X86_64
124 select ARCH_WANTS_DYNAMIC_TASK_STRUCT
125 select ARCH_WANTS_NO_INSTR
126 select ARCH_WANT_GENERAL_HUGETLB
127 select ARCH_WANT_HUGE_PMD_SHARE
128 select ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP if X86_64
129 select ARCH_WANT_LD_ORPHAN_WARN
130 select ARCH_WANTS_THP_SWAP if X86_64
131 select ARCH_HAS_PARANOID_L1D_FLUSH
132 select BUILDTIME_TABLE_SORT
133 select CLKEVT_I8253
134 select CLOCKSOURCE_VALIDATE_LAST_CYCLE
135 select CLOCKSOURCE_WATCHDOG
136 # Word-size accesses may read uninitialized data past the trailing \0
137 # in strings and cause false KMSAN reports.
138 select DCACHE_WORD_ACCESS if !KMSAN
139 select DYNAMIC_SIGFRAME
140 select EDAC_ATOMIC_SCRUB
141 select EDAC_SUPPORT
142 select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC)
143 select GENERIC_CLOCKEVENTS_MIN_ADJUST
144 select GENERIC_CMOS_UPDATE
145 select GENERIC_CPU_AUTOPROBE
146 select GENERIC_CPU_VULNERABILITIES
147 select GENERIC_EARLY_IOREMAP
148 select GENERIC_ENTRY
149 select GENERIC_IOMAP
150 select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP
151 select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC
152 select GENERIC_IRQ_MIGRATION if SMP
153 select GENERIC_IRQ_PROBE
154 select GENERIC_IRQ_RESERVATION_MODE
155 select GENERIC_IRQ_SHOW
156 select GENERIC_PENDING_IRQ if SMP
157 select GENERIC_PTDUMP
158 select GENERIC_SMP_IDLE_THREAD
159 select GENERIC_TIME_VSYSCALL
160 select GENERIC_GETTIMEOFDAY
161 select GENERIC_VDSO_TIME_NS
162 select GUP_GET_PXX_LOW_HIGH if X86_PAE
163 select HARDIRQS_SW_RESEND
164 select HARDLOCKUP_CHECK_TIMESTAMP if X86_64
165 select HAVE_ACPI_APEI if ACPI
166 select HAVE_ACPI_APEI_NMI if ACPI
167 select HAVE_ALIGNED_STRUCT_PAGE if SLUB
168 select HAVE_ARCH_AUDITSYSCALL
169 select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE
170 select HAVE_ARCH_HUGE_VMALLOC if X86_64
171 select HAVE_ARCH_JUMP_LABEL
172 select HAVE_ARCH_JUMP_LABEL_RELATIVE
173 select HAVE_ARCH_KASAN if X86_64
174 select HAVE_ARCH_KASAN_VMALLOC if X86_64
175 select HAVE_ARCH_KFENCE
176 select HAVE_ARCH_KMSAN if X86_64
177 select HAVE_ARCH_KGDB
178 select HAVE_ARCH_MMAP_RND_BITS if MMU
179 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT
180 select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT
181 select HAVE_ARCH_PREL32_RELOCATIONS
182 select HAVE_ARCH_SECCOMP_FILTER
183 select HAVE_ARCH_THREAD_STRUCT_WHITELIST
184 select HAVE_ARCH_STACKLEAK
185 select HAVE_ARCH_TRACEHOOK
186 select HAVE_ARCH_TRANSPARENT_HUGEPAGE
187 select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
188 select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD
189 select HAVE_ARCH_USERFAULTFD_MINOR if X86_64 && USERFAULTFD
190 select HAVE_ARCH_VMAP_STACK if X86_64
191 select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
192 select HAVE_ARCH_WITHIN_STACK_FRAMES
193 select HAVE_ASM_MODVERSIONS
194 select HAVE_CMPXCHG_DOUBLE
195 select HAVE_CMPXCHG_LOCAL
196 select HAVE_CONTEXT_TRACKING_USER if X86_64
197 select HAVE_CONTEXT_TRACKING_USER_OFFSTACK if HAVE_CONTEXT_TRACKING_USER
198 select HAVE_C_RECORDMCOUNT
199 select HAVE_OBJTOOL_MCOUNT if HAVE_OBJTOOL
200 select HAVE_OBJTOOL_NOP_MCOUNT if HAVE_OBJTOOL_MCOUNT
201 select HAVE_BUILDTIME_MCOUNT_SORT
202 select HAVE_DEBUG_KMEMLEAK
203 select HAVE_DMA_CONTIGUOUS
204 select HAVE_DYNAMIC_FTRACE
205 select HAVE_DYNAMIC_FTRACE_WITH_REGS
206 select HAVE_DYNAMIC_FTRACE_WITH_ARGS if X86_64
207 select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
208 select HAVE_SAMPLE_FTRACE_DIRECT if X86_64
209 select HAVE_SAMPLE_FTRACE_DIRECT_MULTI if X86_64
210 select HAVE_EBPF_JIT
211 select HAVE_EFFICIENT_UNALIGNED_ACCESS
212 select HAVE_EISA
213 select HAVE_EXIT_THREAD
214 select HAVE_FAST_GUP
215 select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE
216 select HAVE_FTRACE_MCOUNT_RECORD
217 select HAVE_FUNCTION_GRAPH_TRACER if X86_32 || (X86_64 && DYNAMIC_FTRACE)
218 select HAVE_FUNCTION_TRACER
219 select HAVE_GCC_PLUGINS
220 select HAVE_HW_BREAKPOINT
221 select HAVE_IOREMAP_PROT
222 select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
223 select HAVE_IRQ_TIME_ACCOUNTING
224 select HAVE_JUMP_LABEL_HACK if HAVE_OBJTOOL
225 select HAVE_KERNEL_BZIP2
226 select HAVE_KERNEL_GZIP
227 select HAVE_KERNEL_LZ4
228 select HAVE_KERNEL_LZMA
229 select HAVE_KERNEL_LZO
230 select HAVE_KERNEL_XZ
231 select HAVE_KERNEL_ZSTD
232 select HAVE_KPROBES
233 select HAVE_KPROBES_ON_FTRACE
234 select HAVE_FUNCTION_ERROR_INJECTION
235 select HAVE_KRETPROBES
236 select HAVE_RETHOOK
237 select HAVE_KVM
238 select HAVE_LIVEPATCH if X86_64
239 select HAVE_MIXED_BREAKPOINTS_REGS
240 select HAVE_MOD_ARCH_SPECIFIC
241 select HAVE_MOVE_PMD
242 select HAVE_MOVE_PUD
243 select HAVE_NOINSTR_HACK if HAVE_OBJTOOL
244 select HAVE_NMI
245 select HAVE_NOINSTR_VALIDATION if HAVE_OBJTOOL
246 select HAVE_OBJTOOL if X86_64
247 select HAVE_OPTPROBES
248 select HAVE_PCSPKR_PLATFORM
249 select HAVE_PERF_EVENTS
250 select HAVE_PERF_EVENTS_NMI
251 select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
252 select HAVE_PCI
253 select HAVE_PERF_REGS
254 select HAVE_PERF_USER_STACK_DUMP
255 select MMU_GATHER_RCU_TABLE_FREE if PARAVIRT
256 select MMU_GATHER_MERGE_VMAS
257 select HAVE_POSIX_CPU_TIMERS_TASK_WORK
258 select HAVE_REGS_AND_STACK_ACCESS_API
259 select HAVE_RELIABLE_STACKTRACE if UNWINDER_ORC || STACK_VALIDATION
260 select HAVE_FUNCTION_ARG_ACCESS_API
261 select HAVE_SETUP_PER_CPU_AREA
262 select HAVE_SOFTIRQ_ON_OWN_STACK
263 select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR
264 select HAVE_STACK_VALIDATION if HAVE_OBJTOOL
265 select HAVE_STATIC_CALL
266 select HAVE_STATIC_CALL_INLINE if HAVE_OBJTOOL
267 select HAVE_PREEMPT_DYNAMIC_CALL
268 select HAVE_RSEQ
269 select HAVE_RUST if X86_64
270 select HAVE_SYSCALL_TRACEPOINTS
271 select HAVE_UACCESS_VALIDATION if HAVE_OBJTOOL
272 select HAVE_UNSTABLE_SCHED_CLOCK
273 select HAVE_USER_RETURN_NOTIFIER
274 select HAVE_GENERIC_VDSO
275 select HOTPLUG_SMT if SMP
276 select IRQ_FORCED_THREADING
277 select NEED_PER_CPU_EMBED_FIRST_CHUNK
278 select NEED_PER_CPU_PAGE_FIRST_CHUNK
279 select NEED_SG_DMA_LENGTH
280 select PCI_DOMAINS if PCI
281 select PCI_LOCKLESS_CONFIG if PCI
282 select PERF_EVENTS
283 select RTC_LIB
284 select RTC_MC146818_LIB
285 select SPARSE_IRQ
286 select SRCU
287 select SYSCTL_EXCEPTION_TRACE
288 select THREAD_INFO_IN_TASK
289 select TRACE_IRQFLAGS_SUPPORT
290 select TRACE_IRQFLAGS_NMI_SUPPORT
291 select USER_STACKTRACE_SUPPORT
292 select HAVE_ARCH_KCSAN if X86_64
293 select X86_FEATURE_NAMES if PROC_FS
294 select PROC_PID_ARCH_STATUS if PROC_FS
295 select HAVE_ARCH_NODE_DEV_GROUP if X86_SGX
296 select FUNCTION_ALIGNMENT_16B if X86_64 || X86_ALIGNMENT_16
297 select FUNCTION_ALIGNMENT_4B
298 imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI
299 select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
300
301config INSTRUCTION_DECODER
302 def_bool y
303 depends on KPROBES || PERF_EVENTS || UPROBES
304
305config OUTPUT_FORMAT
306 string
307 default "elf32-i386" if X86_32
308 default "elf64-x86-64" if X86_64
309
310config LOCKDEP_SUPPORT
311 def_bool y
312
313config STACKTRACE_SUPPORT
314 def_bool y
315
316config MMU
317 def_bool y
318
319config ARCH_MMAP_RND_BITS_MIN
320 default 28 if 64BIT
321 default 8
322
323config ARCH_MMAP_RND_BITS_MAX
324 default 32 if 64BIT
325 default 16
326
327config ARCH_MMAP_RND_COMPAT_BITS_MIN
328 default 8
329
330config ARCH_MMAP_RND_COMPAT_BITS_MAX
331 default 16
332
333config SBUS
334 bool
335
336config GENERIC_ISA_DMA
337 def_bool y
338 depends on ISA_DMA_API
339
340config GENERIC_CSUM
341 bool
342 default y if KMSAN || KASAN
343
344config GENERIC_BUG
345 def_bool y
346 depends on BUG
347 select GENERIC_BUG_RELATIVE_POINTERS if X86_64
348
349config GENERIC_BUG_RELATIVE_POINTERS
350 bool
351
352config ARCH_MAY_HAVE_PC_FDC
353 def_bool y
354 depends on ISA_DMA_API
355
356config GENERIC_CALIBRATE_DELAY
357 def_bool y
358
359config ARCH_HAS_CPU_RELAX
360 def_bool y
361
362config ARCH_HIBERNATION_POSSIBLE
363 def_bool y
364
365config ARCH_SUSPEND_POSSIBLE
366 def_bool y
367
368config AUDIT_ARCH
369 def_bool y if X86_64
370
371config KASAN_SHADOW_OFFSET
372 hex
373 depends on KASAN
374 default 0xdffffc0000000000
375
376config HAVE_INTEL_TXT
377 def_bool y
378 depends on INTEL_IOMMU && ACPI
379
380config X86_32_SMP
381 def_bool y
382 depends on X86_32 && SMP
383
384config X86_64_SMP
385 def_bool y
386 depends on X86_64 && SMP
387
388config ARCH_SUPPORTS_UPROBES
389 def_bool y
390
391config FIX_EARLYCON_MEM
392 def_bool y
393
394config DYNAMIC_PHYSICAL_MASK
395 bool
396
397config PGTABLE_LEVELS
398 int
399 default 5 if X86_5LEVEL
400 default 4 if X86_64
401 default 3 if X86_PAE
402 default 2
403
404config CC_HAS_SANE_STACKPROTECTOR
405 bool
406 default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT
407 default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS))
408 help
409 We have to make sure stack protector is unconditionally disabled if
410 the compiler produces broken code or if it does not let us control
411 the segment on 32-bit kernels.
412
413menu "Processor type and features"
414
415config SMP
416 bool "Symmetric multi-processing support"
417 help
418 This enables support for systems with more than one CPU. If you have
419 a system with only one CPU, say N. If you have a system with more
420 than one CPU, say Y.
421
422 If you say N here, the kernel will run on uni- and multiprocessor
423 machines, but will use only one CPU of a multiprocessor machine. If
424 you say Y here, the kernel will run on many, but not all,
425 uniprocessor machines. On a uniprocessor machine, the kernel
426 will run faster if you say N here.
427
428 Note that if you say Y here and choose architecture "586" or
429 "Pentium" under "Processor family", the kernel will not work on 486
430 architectures. Similarly, multiprocessor kernels for the "PPro"
431 architecture may not work on all Pentium based boards.
432
433 People using multiprocessor machines who say Y here should also say
434 Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
435 Management" code will be disabled if you say Y here.
436
437 See also <file:Documentation/x86/i386/IO-APIC.rst>,
438 <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
439 <http://www.tldp.org/docs.html#howto>.
440
441 If you don't know what to do here, say N.
442
443config X86_FEATURE_NAMES
444 bool "Processor feature human-readable names" if EMBEDDED
445 default y
446 help
447 This option compiles in a table of x86 feature bits and corresponding
448 names. This is required to support /proc/cpuinfo and a few kernel
449 messages. You can disable this to save space, at the expense of
450 making those few kernel messages show numeric feature bits instead.
451
452 If in doubt, say Y.
453
454config X86_X2APIC
455 bool "Support x2apic"
456 depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
457 help
458 This enables x2apic support on CPUs that have this feature.
459
460 This allows 32-bit apic IDs (so it can support very large systems),
461 and accesses the local apic via MSRs not via mmio.
462
463 Some Intel systems circa 2022 and later are locked into x2APIC mode
464 and can not fall back to the legacy APIC modes if SGX or TDX are
465 enabled in the BIOS. They will boot with very reduced functionality
466 without enabling this option.
467
468 If you don't know what to do here, say N.
469
470config X86_MPPARSE
471 bool "Enable MPS table" if ACPI
472 default y
473 depends on X86_LOCAL_APIC
474 help
475 For old smp systems that do not have proper acpi support. Newer systems
476 (esp with 64bit cpus) with acpi support, MADT and DSDT will override it
477
478config GOLDFISH
479 def_bool y
480 depends on X86_GOLDFISH
481
482config X86_CPU_RESCTRL
483 bool "x86 CPU resource control support"
484 depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
485 select KERNFS
486 select PROC_CPU_RESCTRL if PROC_FS
487 help
488 Enable x86 CPU resource control support.
489
490 Provide support for the allocation and monitoring of system resources
491 usage by the CPU.
492
493 Intel calls this Intel Resource Director Technology
494 (Intel(R) RDT). More information about RDT can be found in the
495 Intel x86 Architecture Software Developer Manual.
496
497 AMD calls this AMD Platform Quality of Service (AMD QoS).
498 More information about AMD QoS can be found in the AMD64 Technology
499 Platform Quality of Service Extensions manual.
500
501 Say N if unsure.
502
503if X86_32
504config X86_BIGSMP
505 bool "Support for big SMP systems with more than 8 CPUs"
506 depends on SMP
507 help
508 This option is needed for the systems that have more than 8 CPUs.
509
510config X86_EXTENDED_PLATFORM
511 bool "Support for extended (non-PC) x86 platforms"
512 default y
513 help
514 If you disable this option then the kernel will only support
515 standard PC platforms. (which covers the vast majority of
516 systems out there.)
517
518 If you enable this option then you'll be able to select support
519 for the following (non-PC) 32 bit x86 platforms:
520 Goldfish (Android emulator)
521 AMD Elan
522 RDC R-321x SoC
523 SGI 320/540 (Visual Workstation)
524 STA2X11-based (e.g. Northville)
525 Moorestown MID devices
526
527 If you have one of these systems, or if you want to build a
528 generic distribution kernel, say Y here - otherwise say N.
529endif # X86_32
530
531if X86_64
532config X86_EXTENDED_PLATFORM
533 bool "Support for extended (non-PC) x86 platforms"
534 default y
535 help
536 If you disable this option then the kernel will only support
537 standard PC platforms. (which covers the vast majority of
538 systems out there.)
539
540 If you enable this option then you'll be able to select support
541 for the following (non-PC) 64 bit x86 platforms:
542 Numascale NumaChip
543 ScaleMP vSMP
544 SGI Ultraviolet
545
546 If you have one of these systems, or if you want to build a
547 generic distribution kernel, say Y here - otherwise say N.
548endif # X86_64
549# This is an alphabetically sorted list of 64 bit extended platforms
550# Please maintain the alphabetic order if and when there are additions
551config X86_NUMACHIP
552 bool "Numascale NumaChip"
553 depends on X86_64
554 depends on X86_EXTENDED_PLATFORM
555 depends on NUMA
556 depends on SMP
557 depends on X86_X2APIC
558 depends on PCI_MMCONFIG
559 help
560 Adds support for Numascale NumaChip large-SMP systems. Needed to
561 enable more than ~168 cores.
562 If you don't have one of these, you should say N here.
563
564config X86_VSMP
565 bool "ScaleMP vSMP"
566 select HYPERVISOR_GUEST
567 select PARAVIRT
568 depends on X86_64 && PCI
569 depends on X86_EXTENDED_PLATFORM
570 depends on SMP
571 help
572 Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is
573 supposed to run on these EM64T-based machines. Only choose this option
574 if you have one of these machines.
575
576config X86_UV
577 bool "SGI Ultraviolet"
578 depends on X86_64
579 depends on X86_EXTENDED_PLATFORM
580 depends on NUMA
581 depends on EFI
582 depends on KEXEC_CORE
583 depends on X86_X2APIC
584 depends on PCI
585 help
586 This option is needed in order to support SGI Ultraviolet systems.
587 If you don't have one of these, you should say N here.
588
589# Following is an alphabetically sorted list of 32 bit extended platforms
590# Please maintain the alphabetic order if and when there are additions
591
592config X86_GOLDFISH
593 bool "Goldfish (Virtual Platform)"
594 depends on X86_EXTENDED_PLATFORM
595 help
596 Enable support for the Goldfish virtual platform used primarily
597 for Android development. Unless you are building for the Android
598 Goldfish emulator say N here.
599
600config X86_INTEL_CE
601 bool "CE4100 TV platform"
602 depends on PCI
603 depends on PCI_GODIRECT
604 depends on X86_IO_APIC
605 depends on X86_32
606 depends on X86_EXTENDED_PLATFORM
607 select X86_REBOOTFIXUPS
608 select OF
609 select OF_EARLY_FLATTREE
610 help
611 Select for the Intel CE media processor (CE4100) SOC.
612 This option compiles in support for the CE4100 SOC for settop
613 boxes and media devices.
614
615config X86_INTEL_MID
616 bool "Intel MID platform support"
617 depends on X86_EXTENDED_PLATFORM
618 depends on X86_PLATFORM_DEVICES
619 depends on PCI
620 depends on X86_64 || (PCI_GOANY && X86_32)
621 depends on X86_IO_APIC
622 select I2C
623 select DW_APB_TIMER
624 select INTEL_SCU_PCI
625 help
626 Select to build a kernel capable of supporting Intel MID (Mobile
627 Internet Device) platform systems which do not have the PCI legacy
628 interfaces. If you are building for a PC class system say N here.
629
630 Intel MID platforms are based on an Intel processor and chipset which
631 consume less power than most of the x86 derivatives.
632
633config X86_INTEL_QUARK
634 bool "Intel Quark platform support"
635 depends on X86_32
636 depends on X86_EXTENDED_PLATFORM
637 depends on X86_PLATFORM_DEVICES
638 depends on X86_TSC
639 depends on PCI
640 depends on PCI_GOANY
641 depends on X86_IO_APIC
642 select IOSF_MBI
643 select INTEL_IMR
644 select COMMON_CLK
645 help
646 Select to include support for Quark X1000 SoC.
647 Say Y here if you have a Quark based system such as the Arduino
648 compatible Intel Galileo.
649
650config X86_INTEL_LPSS
651 bool "Intel Low Power Subsystem Support"
652 depends on X86 && ACPI && PCI
653 select COMMON_CLK
654 select PINCTRL
655 select IOSF_MBI
656 help
657 Select to build support for Intel Low Power Subsystem such as
658 found on Intel Lynxpoint PCH. Selecting this option enables
659 things like clock tree (common clock framework) and pincontrol
660 which are needed by the LPSS peripheral drivers.
661
662config X86_AMD_PLATFORM_DEVICE
663 bool "AMD ACPI2Platform devices support"
664 depends on ACPI
665 select COMMON_CLK
666 select PINCTRL
667 help
668 Select to interpret AMD specific ACPI device to platform device
669 such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
670 I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
671 implemented under PINCTRL subsystem.
672
673config IOSF_MBI
674 tristate "Intel SoC IOSF Sideband support for SoC platforms"
675 depends on PCI
676 help
677 This option enables sideband register access support for Intel SoC
678 platforms. On these platforms the IOSF sideband is used in lieu of
679 MSR's for some register accesses, mostly but not limited to thermal
680 and power. Drivers may query the availability of this device to
681 determine if they need the sideband in order to work on these
682 platforms. The sideband is available on the following SoC products.
683 This list is not meant to be exclusive.
684 - BayTrail
685 - Braswell
686 - Quark
687
688 You should say Y if you are running a kernel on one of these SoC's.
689
690config IOSF_MBI_DEBUG
691 bool "Enable IOSF sideband access through debugfs"
692 depends on IOSF_MBI && DEBUG_FS
693 help
694 Select this option to expose the IOSF sideband access registers (MCR,
695 MDR, MCRX) through debugfs to write and read register information from
696 different units on the SoC. This is most useful for obtaining device
697 state information for debug and analysis. As this is a general access
698 mechanism, users of this option would have specific knowledge of the
699 device they want to access.
700
701 If you don't require the option or are in doubt, say N.
702
703config X86_RDC321X
704 bool "RDC R-321x SoC"
705 depends on X86_32
706 depends on X86_EXTENDED_PLATFORM
707 select M486
708 select X86_REBOOTFIXUPS
709 help
710 This option is needed for RDC R-321x system-on-chip, also known
711 as R-8610-(G).
712 If you don't have one of these chips, you should say N here.
713
714config X86_32_NON_STANDARD
715 bool "Support non-standard 32-bit SMP architectures"
716 depends on X86_32 && SMP
717 depends on X86_EXTENDED_PLATFORM
718 help
719 This option compiles in the bigsmp and STA2X11 default
720 subarchitectures. It is intended for a generic binary
721 kernel. If you select them all, kernel will probe it one by
722 one and will fallback to default.
723
724# Alphabetically sorted list of Non standard 32 bit platforms
725
726config X86_SUPPORTS_MEMORY_FAILURE
727 def_bool y
728 # MCE code calls memory_failure():
729 depends on X86_MCE
730 # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
731 # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
732 depends on X86_64 || !SPARSEMEM
733 select ARCH_SUPPORTS_MEMORY_FAILURE
734
735config STA2X11
736 bool "STA2X11 Companion Chip Support"
737 depends on X86_32_NON_STANDARD && PCI
738 select SWIOTLB
739 select MFD_STA2X11
740 select GPIOLIB
741 help
742 This adds support for boards based on the STA2X11 IO-Hub,
743 a.k.a. "ConneXt". The chip is used in place of the standard
744 PC chipset, so all "standard" peripherals are missing. If this
745 option is selected the kernel will still be able to boot on
746 standard PC machines.
747
748config X86_32_IRIS
749 tristate "Eurobraille/Iris poweroff module"
750 depends on X86_32
751 help
752 The Iris machines from EuroBraille do not have APM or ACPI support
753 to shut themselves down properly. A special I/O sequence is
754 needed to do so, which is what this module does at
755 kernel shutdown.
756
757 This is only for Iris machines from EuroBraille.
758
759 If unused, say N.
760
761config SCHED_OMIT_FRAME_POINTER
762 def_bool y
763 prompt "Single-depth WCHAN output"
764 depends on X86
765 help
766 Calculate simpler /proc/<PID>/wchan values. If this option
767 is disabled then wchan values will recurse back to the
768 caller function. This provides more accurate wchan values,
769 at the expense of slightly more scheduling overhead.
770
771 If in doubt, say "Y".
772
773menuconfig HYPERVISOR_GUEST
774 bool "Linux guest support"
775 help
776 Say Y here to enable options for running Linux under various hyper-
777 visors. This option enables basic hypervisor detection and platform
778 setup.
779
780 If you say N, all options in this submenu will be skipped and
781 disabled, and Linux guest support won't be built in.
782
783if HYPERVISOR_GUEST
784
785config PARAVIRT
786 bool "Enable paravirtualization code"
787 depends on HAVE_STATIC_CALL
788 help
789 This changes the kernel so it can modify itself when it is run
790 under a hypervisor, potentially improving performance significantly
791 over full virtualization. However, when run without a hypervisor
792 the kernel is theoretically slower and slightly larger.
793
794config PARAVIRT_XXL
795 bool
796
797config PARAVIRT_DEBUG
798 bool "paravirt-ops debugging"
799 depends on PARAVIRT && DEBUG_KERNEL
800 help
801 Enable to debug paravirt_ops internals. Specifically, BUG if
802 a paravirt_op is missing when it is called.
803
804config PARAVIRT_SPINLOCKS
805 bool "Paravirtualization layer for spinlocks"
806 depends on PARAVIRT && SMP
807 help
808 Paravirtualized spinlocks allow a pvops backend to replace the
809 spinlock implementation with something virtualization-friendly
810 (for example, block the virtual CPU rather than spinning).
811
812 It has a minimal impact on native kernels and gives a nice performance
813 benefit on paravirtualized KVM / Xen kernels.
814
815 If you are unsure how to answer this question, answer Y.
816
817config X86_HV_CALLBACK_VECTOR
818 def_bool n
819
820source "arch/x86/xen/Kconfig"
821
822config KVM_GUEST
823 bool "KVM Guest support (including kvmclock)"
824 depends on PARAVIRT
825 select PARAVIRT_CLOCK
826 select ARCH_CPUIDLE_HALTPOLL
827 select X86_HV_CALLBACK_VECTOR
828 default y
829 help
830 This option enables various optimizations for running under the KVM
831 hypervisor. It includes a paravirtualized clock, so that instead
832 of relying on a PIT (or probably other) emulation by the
833 underlying device model, the host provides the guest with
834 timing infrastructure such as time of day, and system time
835
836config ARCH_CPUIDLE_HALTPOLL
837 def_bool n
838 prompt "Disable host haltpoll when loading haltpoll driver"
839 help
840 If virtualized under KVM, disable host haltpoll.
841
842config PVH
843 bool "Support for running PVH guests"
844 help
845 This option enables the PVH entry point for guest virtual machines
846 as specified in the x86/HVM direct boot ABI.
847
848config PARAVIRT_TIME_ACCOUNTING
849 bool "Paravirtual steal time accounting"
850 depends on PARAVIRT
851 help
852 Select this option to enable fine granularity task steal time
853 accounting. Time spent executing other tasks in parallel with
854 the current vCPU is discounted from the vCPU power. To account for
855 that, there can be a small performance impact.
856
857 If in doubt, say N here.
858
859config PARAVIRT_CLOCK
860 bool
861
862config JAILHOUSE_GUEST
863 bool "Jailhouse non-root cell support"
864 depends on X86_64 && PCI
865 select X86_PM_TIMER
866 help
867 This option allows to run Linux as guest in a Jailhouse non-root
868 cell. You can leave this option disabled if you only want to start
869 Jailhouse and run Linux afterwards in the root cell.
870
871config ACRN_GUEST
872 bool "ACRN Guest support"
873 depends on X86_64
874 select X86_HV_CALLBACK_VECTOR
875 help
876 This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
877 a flexible, lightweight reference open-source hypervisor, built with
878 real-time and safety-criticality in mind. It is built for embedded
879 IOT with small footprint and real-time features. More details can be
880 found in https://projectacrn.org/.
881
882config INTEL_TDX_GUEST
883 bool "Intel TDX (Trust Domain Extensions) - Guest Support"
884 depends on X86_64 && CPU_SUP_INTEL
885 depends on X86_X2APIC
886 select ARCH_HAS_CC_PLATFORM
887 select X86_MEM_ENCRYPT
888 select X86_MCE
889 help
890 Support running as a guest under Intel TDX. Without this support,
891 the guest kernel can not boot or run under TDX.
892 TDX includes memory encryption and integrity capabilities
893 which protect the confidentiality and integrity of guest
894 memory contents and CPU state. TDX guests are protected from
895 some attacks from the VMM.
896
897endif # HYPERVISOR_GUEST
898
899source "arch/x86/Kconfig.cpu"
900
901config HPET_TIMER
902 def_bool X86_64
903 prompt "HPET Timer Support" if X86_32
904 help
905 Use the IA-PC HPET (High Precision Event Timer) to manage
906 time in preference to the PIT and RTC, if a HPET is
907 present.
908 HPET is the next generation timer replacing legacy 8254s.
909 The HPET provides a stable time base on SMP
910 systems, unlike the TSC, but it is more expensive to access,
911 as it is off-chip. The interface used is documented
912 in the HPET spec, revision 1.
913
914 You can safely choose Y here. However, HPET will only be
915 activated if the platform and the BIOS support this feature.
916 Otherwise the 8254 will be used for timing services.
917
918 Choose N to continue using the legacy 8254 timer.
919
920config HPET_EMULATE_RTC
921 def_bool y
922 depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
923
924# Mark as expert because too many people got it wrong.
925# The code disables itself when not needed.
926config DMI
927 default y
928 select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
929 bool "Enable DMI scanning" if EXPERT
930 help
931 Enabled scanning of DMI to identify machine quirks. Say Y
932 here unless you have verified that your setup is not
933 affected by entries in the DMI blacklist. Required by PNP
934 BIOS code.
935
936config GART_IOMMU
937 bool "Old AMD GART IOMMU support"
938 select DMA_OPS
939 select IOMMU_HELPER
940 select SWIOTLB
941 depends on X86_64 && PCI && AMD_NB
942 help
943 Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
944 GART based hardware IOMMUs.
945
946 The GART supports full DMA access for devices with 32-bit access
947 limitations, on systems with more than 3 GB. This is usually needed
948 for USB, sound, many IDE/SATA chipsets and some other devices.
949
950 Newer systems typically have a modern AMD IOMMU, supported via
951 the CONFIG_AMD_IOMMU=y config option.
952
953 In normal configurations this driver is only active when needed:
954 there's more than 3 GB of memory and the system contains a
955 32-bit limited device.
956
957 If unsure, say Y.
958
959config BOOT_VESA_SUPPORT
960 bool
961 help
962 If true, at least one selected framebuffer driver can take advantage
963 of VESA video modes set at an early boot stage via the vga= parameter.
964
965config MAXSMP
966 bool "Enable Maximum number of SMP Processors and NUMA Nodes"
967 depends on X86_64 && SMP && DEBUG_KERNEL
968 select CPUMASK_OFFSTACK
969 help
970 Enable maximum number of CPUS and NUMA Nodes for this architecture.
971 If unsure, say N.
972
973#
974# The maximum number of CPUs supported:
975#
976# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
977# and which can be configured interactively in the
978# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
979#
980# The ranges are different on 32-bit and 64-bit kernels, depending on
981# hardware capabilities and scalability features of the kernel.
982#
983# ( If MAXSMP is enabled we just use the highest possible value and disable
984# interactive configuration. )
985#
986
987config NR_CPUS_RANGE_BEGIN
988 int
989 default NR_CPUS_RANGE_END if MAXSMP
990 default 1 if !SMP
991 default 2
992
993config NR_CPUS_RANGE_END
994 int
995 depends on X86_32
996 default 64 if SMP && X86_BIGSMP
997 default 8 if SMP && !X86_BIGSMP
998 default 1 if !SMP
999
1000config NR_CPUS_RANGE_END
1001 int
1002 depends on X86_64
1003 default 8192 if SMP && CPUMASK_OFFSTACK
1004 default 512 if SMP && !CPUMASK_OFFSTACK
1005 default 1 if !SMP
1006
1007config NR_CPUS_DEFAULT
1008 int
1009 depends on X86_32
1010 default 32 if X86_BIGSMP
1011 default 8 if SMP
1012 default 1 if !SMP
1013
1014config NR_CPUS_DEFAULT
1015 int
1016 depends on X86_64
1017 default 8192 if MAXSMP
1018 default 64 if SMP
1019 default 1 if !SMP
1020
1021config NR_CPUS
1022 int "Maximum number of CPUs" if SMP && !MAXSMP
1023 range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
1024 default NR_CPUS_DEFAULT
1025 help
1026 This allows you to specify the maximum number of CPUs which this
1027 kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum
1028 supported value is 8192, otherwise the maximum value is 512. The
1029 minimum value which makes sense is 2.
1030
1031 This is purely to save memory: each supported CPU adds about 8KB
1032 to the kernel image.
1033
1034config SCHED_CLUSTER
1035 bool "Cluster scheduler support"
1036 depends on SMP
1037 default y
1038 help
1039 Cluster scheduler support improves the CPU scheduler's decision
1040 making when dealing with machines that have clusters of CPUs.
1041 Cluster usually means a couple of CPUs which are placed closely
1042 by sharing mid-level caches, last-level cache tags or internal
1043 busses.
1044
1045config SCHED_SMT
1046 def_bool y if SMP
1047
1048config SCHED_MC
1049 def_bool y
1050 prompt "Multi-core scheduler support"
1051 depends on SMP
1052 help
1053 Multi-core scheduler support improves the CPU scheduler's decision
1054 making when dealing with multi-core CPU chips at a cost of slightly
1055 increased overhead in some places. If unsure say N here.
1056
1057config SCHED_MC_PRIO
1058 bool "CPU core priorities scheduler support"
1059 depends on SCHED_MC && CPU_SUP_INTEL
1060 select X86_INTEL_PSTATE
1061 select CPU_FREQ
1062 default y
1063 help
1064 Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
1065 core ordering determined at manufacturing time, which allows
1066 certain cores to reach higher turbo frequencies (when running
1067 single threaded workloads) than others.
1068
1069 Enabling this kernel feature teaches the scheduler about
1070 the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
1071 scheduler's CPU selection logic accordingly, so that higher
1072 overall system performance can be achieved.
1073
1074 This feature will have no effect on CPUs without this feature.
1075
1076 If unsure say Y here.
1077
1078config UP_LATE_INIT
1079 def_bool y
1080 depends on !SMP && X86_LOCAL_APIC
1081
1082config X86_UP_APIC
1083 bool "Local APIC support on uniprocessors" if !PCI_MSI
1084 default PCI_MSI
1085 depends on X86_32 && !SMP && !X86_32_NON_STANDARD
1086 help
1087 A local APIC (Advanced Programmable Interrupt Controller) is an
1088 integrated interrupt controller in the CPU. If you have a single-CPU
1089 system which has a processor with a local APIC, you can say Y here to
1090 enable and use it. If you say Y here even though your machine doesn't
1091 have a local APIC, then the kernel will still run with no slowdown at
1092 all. The local APIC supports CPU-generated self-interrupts (timer,
1093 performance counters), and the NMI watchdog which detects hard
1094 lockups.
1095
1096config X86_UP_IOAPIC
1097 bool "IO-APIC support on uniprocessors"
1098 depends on X86_UP_APIC
1099 help
1100 An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
1101 SMP-capable replacement for PC-style interrupt controllers. Most
1102 SMP systems and many recent uniprocessor systems have one.
1103
1104 If you have a single-CPU system with an IO-APIC, you can say Y here
1105 to use it. If you say Y here even though your machine doesn't have
1106 an IO-APIC, then the kernel will still run with no slowdown at all.
1107
1108config X86_LOCAL_APIC
1109 def_bool y
1110 depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
1111 select IRQ_DOMAIN_HIERARCHY
1112
1113config X86_IO_APIC
1114 def_bool y
1115 depends on X86_LOCAL_APIC || X86_UP_IOAPIC
1116
1117config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
1118 bool "Reroute for broken boot IRQs"
1119 depends on X86_IO_APIC
1120 help
1121 This option enables a workaround that fixes a source of
1122 spurious interrupts. This is recommended when threaded
1123 interrupt handling is used on systems where the generation of
1124 superfluous "boot interrupts" cannot be disabled.
1125
1126 Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
1127 entry in the chipset's IO-APIC is masked (as, e.g. the RT
1128 kernel does during interrupt handling). On chipsets where this
1129 boot IRQ generation cannot be disabled, this workaround keeps
1130 the original IRQ line masked so that only the equivalent "boot
1131 IRQ" is delivered to the CPUs. The workaround also tells the
1132 kernel to set up the IRQ handler on the boot IRQ line. In this
1133 way only one interrupt is delivered to the kernel. Otherwise
1134 the spurious second interrupt may cause the kernel to bring
1135 down (vital) interrupt lines.
1136
1137 Only affects "broken" chipsets. Interrupt sharing may be
1138 increased on these systems.
1139
1140config X86_MCE
1141 bool "Machine Check / overheating reporting"
1142 select GENERIC_ALLOCATOR
1143 default y
1144 help
1145 Machine Check support allows the processor to notify the
1146 kernel if it detects a problem (e.g. overheating, data corruption).
1147 The action the kernel takes depends on the severity of the problem,
1148 ranging from warning messages to halting the machine.
1149
1150config X86_MCELOG_LEGACY
1151 bool "Support for deprecated /dev/mcelog character device"
1152 depends on X86_MCE
1153 help
1154 Enable support for /dev/mcelog which is needed by the old mcelog
1155 userspace logging daemon. Consider switching to the new generation
1156 rasdaemon solution.
1157
1158config X86_MCE_INTEL
1159 def_bool y
1160 prompt "Intel MCE features"
1161 depends on X86_MCE && X86_LOCAL_APIC
1162 help
1163 Additional support for intel specific MCE features such as
1164 the thermal monitor.
1165
1166config X86_MCE_AMD
1167 def_bool y
1168 prompt "AMD MCE features"
1169 depends on X86_MCE && X86_LOCAL_APIC && AMD_NB
1170 help
1171 Additional support for AMD specific MCE features such as
1172 the DRAM Error Threshold.
1173
1174config X86_ANCIENT_MCE
1175 bool "Support for old Pentium 5 / WinChip machine checks"
1176 depends on X86_32 && X86_MCE
1177 help
1178 Include support for machine check handling on old Pentium 5 or WinChip
1179 systems. These typically need to be enabled explicitly on the command
1180 line.
1181
1182config X86_MCE_THRESHOLD
1183 depends on X86_MCE_AMD || X86_MCE_INTEL
1184 def_bool y
1185
1186config X86_MCE_INJECT
1187 depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
1188 tristate "Machine check injector support"
1189 help
1190 Provide support for injecting machine checks for testing purposes.
1191 If you don't know what a machine check is and you don't do kernel
1192 QA it is safe to say n.
1193
1194source "arch/x86/events/Kconfig"
1195
1196config X86_LEGACY_VM86
1197 bool "Legacy VM86 support"
1198 depends on X86_32
1199 help
1200 This option allows user programs to put the CPU into V8086
1201 mode, which is an 80286-era approximation of 16-bit real mode.
1202
1203 Some very old versions of X and/or vbetool require this option
1204 for user mode setting. Similarly, DOSEMU will use it if
1205 available to accelerate real mode DOS programs. However, any
1206 recent version of DOSEMU, X, or vbetool should be fully
1207 functional even without kernel VM86 support, as they will all
1208 fall back to software emulation. Nevertheless, if you are using
1209 a 16-bit DOS program where 16-bit performance matters, vm86
1210 mode might be faster than emulation and you might want to
1211 enable this option.
1212
1213 Note that any app that works on a 64-bit kernel is unlikely to
1214 need this option, as 64-bit kernels don't, and can't, support
1215 V8086 mode. This option is also unrelated to 16-bit protected
1216 mode and is not needed to run most 16-bit programs under Wine.
1217
1218 Enabling this option increases the complexity of the kernel
1219 and slows down exception handling a tiny bit.
1220
1221 If unsure, say N here.
1222
1223config VM86
1224 bool
1225 default X86_LEGACY_VM86
1226
1227config X86_16BIT
1228 bool "Enable support for 16-bit segments" if EXPERT
1229 default y
1230 depends on MODIFY_LDT_SYSCALL
1231 help
1232 This option is required by programs like Wine to run 16-bit
1233 protected mode legacy code on x86 processors. Disabling
1234 this option saves about 300 bytes on i386, or around 6K text
1235 plus 16K runtime memory on x86-64,
1236
1237config X86_ESPFIX32
1238 def_bool y
1239 depends on X86_16BIT && X86_32
1240
1241config X86_ESPFIX64
1242 def_bool y
1243 depends on X86_16BIT && X86_64
1244
1245config X86_VSYSCALL_EMULATION
1246 bool "Enable vsyscall emulation" if EXPERT
1247 default y
1248 depends on X86_64
1249 help
1250 This enables emulation of the legacy vsyscall page. Disabling
1251 it is roughly equivalent to booting with vsyscall=none, except
1252 that it will also disable the helpful warning if a program
1253 tries to use a vsyscall. With this option set to N, offending
1254 programs will just segfault, citing addresses of the form
1255 0xffffffffff600?00.
1256
1257 This option is required by many programs built before 2013, and
1258 care should be used even with newer programs if set to N.
1259
1260 Disabling this option saves about 7K of kernel size and
1261 possibly 4K of additional runtime pagetable memory.
1262
1263config X86_IOPL_IOPERM
1264 bool "IOPERM and IOPL Emulation"
1265 default y
1266 help
1267 This enables the ioperm() and iopl() syscalls which are necessary
1268 for legacy applications.
1269
1270 Legacy IOPL support is an overbroad mechanism which allows user
1271 space aside of accessing all 65536 I/O ports also to disable
1272 interrupts. To gain this access the caller needs CAP_SYS_RAWIO
1273 capabilities and permission from potentially active security
1274 modules.
1275
1276 The emulation restricts the functionality of the syscall to
1277 only allowing the full range I/O port access, but prevents the
1278 ability to disable interrupts from user space which would be
1279 granted if the hardware IOPL mechanism would be used.
1280
1281config TOSHIBA
1282 tristate "Toshiba Laptop support"
1283 depends on X86_32
1284 help
1285 This adds a driver to safely access the System Management Mode of
1286 the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
1287 not work on models with a Phoenix BIOS. The System Management Mode
1288 is used to set the BIOS and power saving options on Toshiba portables.
1289
1290 For information on utilities to make use of this driver see the
1291 Toshiba Linux utilities web site at:
1292 <http://www.buzzard.org.uk/toshiba/>.
1293
1294 Say Y if you intend to run this kernel on a Toshiba portable.
1295 Say N otherwise.
1296
1297config X86_REBOOTFIXUPS
1298 bool "Enable X86 board specific fixups for reboot"
1299 depends on X86_32
1300 help
1301 This enables chipset and/or board specific fixups to be done
1302 in order to get reboot to work correctly. This is only needed on
1303 some combinations of hardware and BIOS. The symptom, for which
1304 this config is intended, is when reboot ends with a stalled/hung
1305 system.
1306
1307 Currently, the only fixup is for the Geode machines using
1308 CS5530A and CS5536 chipsets and the RDC R-321x SoC.
1309
1310 Say Y if you want to enable the fixup. Currently, it's safe to
1311 enable this option even if you don't need it.
1312 Say N otherwise.
1313
1314config MICROCODE
1315 bool "CPU microcode loading support"
1316 default y
1317 depends on CPU_SUP_AMD || CPU_SUP_INTEL
1318 help
1319 If you say Y here, you will be able to update the microcode on
1320 Intel and AMD processors. The Intel support is for the IA32 family,
1321 e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, Xeon etc. The
1322 AMD support is for families 0x10 and later. You will obviously need
1323 the actual microcode binary data itself which is not shipped with
1324 the Linux kernel.
1325
1326 The preferred method to load microcode from a detached initrd is described
1327 in Documentation/x86/microcode.rst. For that you need to enable
1328 CONFIG_BLK_DEV_INITRD in order for the loader to be able to scan the
1329 initrd for microcode blobs.
1330
1331 In addition, you can build the microcode into the kernel. For that you
1332 need to add the vendor-supplied microcode to the CONFIG_EXTRA_FIRMWARE
1333 config option.
1334
1335config MICROCODE_INTEL
1336 bool "Intel microcode loading support"
1337 depends on CPU_SUP_INTEL && MICROCODE
1338 default MICROCODE
1339 help
1340 This options enables microcode patch loading support for Intel
1341 processors.
1342
1343 For the current Intel microcode data package go to
1344 <https://downloadcenter.intel.com> and search for
1345 'Linux Processor Microcode Data File'.
1346
1347config MICROCODE_AMD
1348 bool "AMD microcode loading support"
1349 depends on CPU_SUP_AMD && MICROCODE
1350 help
1351 If you select this option, microcode patch loading support for AMD
1352 processors will be enabled.
1353
1354config MICROCODE_LATE_LOADING
1355 bool "Late microcode loading (DANGEROUS)"
1356 default n
1357 depends on MICROCODE
1358 help
1359 Loading microcode late, when the system is up and executing instructions
1360 is a tricky business and should be avoided if possible. Just the sequence
1361 of synchronizing all cores and SMT threads is one fragile dance which does
1362 not guarantee that cores might not softlock after the loading. Therefore,
1363 use this at your own risk. Late loading taints the kernel too.
1364
1365config X86_MSR
1366 tristate "/dev/cpu/*/msr - Model-specific register support"
1367 help
1368 This device gives privileged processes access to the x86
1369 Model-Specific Registers (MSRs). It is a character device with
1370 major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
1371 MSR accesses are directed to a specific CPU on multi-processor
1372 systems.
1373
1374config X86_CPUID
1375 tristate "/dev/cpu/*/cpuid - CPU information support"
1376 help
1377 This device gives processes access to the x86 CPUID instruction to
1378 be executed on a specific processor. It is a character device
1379 with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
1380 /dev/cpu/31/cpuid.
1381
1382choice
1383 prompt "High Memory Support"
1384 default HIGHMEM4G
1385 depends on X86_32
1386
1387config NOHIGHMEM
1388 bool "off"
1389 help
1390 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
1391 However, the address space of 32-bit x86 processors is only 4
1392 Gigabytes large. That means that, if you have a large amount of
1393 physical memory, not all of it can be "permanently mapped" by the
1394 kernel. The physical memory that's not permanently mapped is called
1395 "high memory".
1396
1397 If you are compiling a kernel which will never run on a machine with
1398 more than 1 Gigabyte total physical RAM, answer "off" here (default
1399 choice and suitable for most users). This will result in a "3GB/1GB"
1400 split: 3GB are mapped so that each process sees a 3GB virtual memory
1401 space and the remaining part of the 4GB virtual memory space is used
1402 by the kernel to permanently map as much physical memory as
1403 possible.
1404
1405 If the machine has between 1 and 4 Gigabytes physical RAM, then
1406 answer "4GB" here.
1407
1408 If more than 4 Gigabytes is used then answer "64GB" here. This
1409 selection turns Intel PAE (Physical Address Extension) mode on.
1410 PAE implements 3-level paging on IA32 processors. PAE is fully
1411 supported by Linux, PAE mode is implemented on all recent Intel
1412 processors (Pentium Pro and better). NOTE: If you say "64GB" here,
1413 then the kernel will not boot on CPUs that don't support PAE!
1414
1415 The actual amount of total physical memory will either be
1416 auto detected or can be forced by using a kernel command line option
1417 such as "mem=256M". (Try "man bootparam" or see the documentation of
1418 your boot loader (lilo or loadlin) about how to pass options to the
1419 kernel at boot time.)
1420
1421 If unsure, say "off".
1422
1423config HIGHMEM4G
1424 bool "4GB"
1425 help
1426 Select this if you have a 32-bit processor and between 1 and 4
1427 gigabytes of physical RAM.
1428
1429config HIGHMEM64G
1430 bool "64GB"
1431 depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6
1432 select X86_PAE
1433 help
1434 Select this if you have a 32-bit processor and more than 4
1435 gigabytes of physical RAM.
1436
1437endchoice
1438
1439choice
1440 prompt "Memory split" if EXPERT
1441 default VMSPLIT_3G
1442 depends on X86_32
1443 help
1444 Select the desired split between kernel and user memory.
1445
1446 If the address range available to the kernel is less than the
1447 physical memory installed, the remaining memory will be available
1448 as "high memory". Accessing high memory is a little more costly
1449 than low memory, as it needs to be mapped into the kernel first.
1450 Note that increasing the kernel address space limits the range
1451 available to user programs, making the address space there
1452 tighter. Selecting anything other than the default 3G/1G split
1453 will also likely make your kernel incompatible with binary-only
1454 kernel modules.
1455
1456 If you are not absolutely sure what you are doing, leave this
1457 option alone!
1458
1459 config VMSPLIT_3G
1460 bool "3G/1G user/kernel split"
1461 config VMSPLIT_3G_OPT
1462 depends on !X86_PAE
1463 bool "3G/1G user/kernel split (for full 1G low memory)"
1464 config VMSPLIT_2G
1465 bool "2G/2G user/kernel split"
1466 config VMSPLIT_2G_OPT
1467 depends on !X86_PAE
1468 bool "2G/2G user/kernel split (for full 2G low memory)"
1469 config VMSPLIT_1G
1470 bool "1G/3G user/kernel split"
1471endchoice
1472
1473config PAGE_OFFSET
1474 hex
1475 default 0xB0000000 if VMSPLIT_3G_OPT
1476 default 0x80000000 if VMSPLIT_2G
1477 default 0x78000000 if VMSPLIT_2G_OPT
1478 default 0x40000000 if VMSPLIT_1G
1479 default 0xC0000000
1480 depends on X86_32
1481
1482config HIGHMEM
1483 def_bool y
1484 depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
1485
1486config X86_PAE
1487 bool "PAE (Physical Address Extension) Support"
1488 depends on X86_32 && !HIGHMEM4G
1489 select PHYS_ADDR_T_64BIT
1490 select SWIOTLB
1491 help
1492 PAE is required for NX support, and furthermore enables
1493 larger swapspace support for non-overcommit purposes. It
1494 has the cost of more pagetable lookup overhead, and also
1495 consumes more pagetable space per process.
1496
1497config X86_5LEVEL
1498 bool "Enable 5-level page tables support"
1499 default y
1500 select DYNAMIC_MEMORY_LAYOUT
1501 select SPARSEMEM_VMEMMAP
1502 depends on X86_64
1503 help
1504 5-level paging enables access to larger address space:
1505 upto 128 PiB of virtual address space and 4 PiB of
1506 physical address space.
1507
1508 It will be supported by future Intel CPUs.
1509
1510 A kernel with the option enabled can be booted on machines that
1511 support 4- or 5-level paging.
1512
1513 See Documentation/x86/x86_64/5level-paging.rst for more
1514 information.
1515
1516 Say N if unsure.
1517
1518config X86_DIRECT_GBPAGES
1519 def_bool y
1520 depends on X86_64
1521 help
1522 Certain kernel features effectively disable kernel
1523 linear 1 GB mappings (even if the CPU otherwise
1524 supports them), so don't confuse the user by printing
1525 that we have them enabled.
1526
1527config X86_CPA_STATISTICS
1528 bool "Enable statistic for Change Page Attribute"
1529 depends on DEBUG_FS
1530 help
1531 Expose statistics about the Change Page Attribute mechanism, which
1532 helps to determine the effectiveness of preserving large and huge
1533 page mappings when mapping protections are changed.
1534
1535config X86_MEM_ENCRYPT
1536 select ARCH_HAS_FORCE_DMA_UNENCRYPTED
1537 select DYNAMIC_PHYSICAL_MASK
1538 def_bool n
1539
1540config AMD_MEM_ENCRYPT
1541 bool "AMD Secure Memory Encryption (SME) support"
1542 depends on X86_64 && CPU_SUP_AMD
1543 select DMA_COHERENT_POOL
1544 select ARCH_USE_MEMREMAP_PROT
1545 select INSTRUCTION_DECODER
1546 select ARCH_HAS_CC_PLATFORM
1547 select X86_MEM_ENCRYPT
1548 help
1549 Say yes to enable support for the encryption of system memory.
1550 This requires an AMD processor that supports Secure Memory
1551 Encryption (SME).
1552
1553config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
1554 bool "Activate AMD Secure Memory Encryption (SME) by default"
1555 depends on AMD_MEM_ENCRYPT
1556 help
1557 Say yes to have system memory encrypted by default if running on
1558 an AMD processor that supports Secure Memory Encryption (SME).
1559
1560 If set to Y, then the encryption of system memory can be
1561 deactivated with the mem_encrypt=off command line option.
1562
1563 If set to N, then the encryption of system memory can be
1564 activated with the mem_encrypt=on command line option.
1565
1566# Common NUMA Features
1567config NUMA
1568 bool "NUMA Memory Allocation and Scheduler Support"
1569 depends on SMP
1570 depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
1571 default y if X86_BIGSMP
1572 select USE_PERCPU_NUMA_NODE_ID
1573 help
1574 Enable NUMA (Non-Uniform Memory Access) support.
1575
1576 The kernel will try to allocate memory used by a CPU on the
1577 local memory controller of the CPU and add some more
1578 NUMA awareness to the kernel.
1579
1580 For 64-bit this is recommended if the system is Intel Core i7
1581 (or later), AMD Opteron, or EM64T NUMA.
1582
1583 For 32-bit this is only needed if you boot a 32-bit
1584 kernel on a 64-bit NUMA platform.
1585
1586 Otherwise, you should say N.
1587
1588config AMD_NUMA
1589 def_bool y
1590 prompt "Old style AMD Opteron NUMA detection"
1591 depends on X86_64 && NUMA && PCI
1592 help
1593 Enable AMD NUMA node topology detection. You should say Y here if
1594 you have a multi processor AMD system. This uses an old method to
1595 read the NUMA configuration directly from the builtin Northbridge
1596 of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
1597 which also takes priority if both are compiled in.
1598
1599config X86_64_ACPI_NUMA
1600 def_bool y
1601 prompt "ACPI NUMA detection"
1602 depends on X86_64 && NUMA && ACPI && PCI
1603 select ACPI_NUMA
1604 help
1605 Enable ACPI SRAT based node topology detection.
1606
1607config NUMA_EMU
1608 bool "NUMA emulation"
1609 depends on NUMA
1610 help
1611 Enable NUMA emulation. A flat machine will be split
1612 into virtual nodes when booted with "numa=fake=N", where N is the
1613 number of nodes. This is only useful for debugging.
1614
1615config NODES_SHIFT
1616 int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
1617 range 1 10
1618 default "10" if MAXSMP
1619 default "6" if X86_64
1620 default "3"
1621 depends on NUMA
1622 help
1623 Specify the maximum number of NUMA Nodes available on the target
1624 system. Increases memory reserved to accommodate various tables.
1625
1626config ARCH_FLATMEM_ENABLE
1627 def_bool y
1628 depends on X86_32 && !NUMA
1629
1630config ARCH_SPARSEMEM_ENABLE
1631 def_bool y
1632 depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD
1633 select SPARSEMEM_STATIC if X86_32
1634 select SPARSEMEM_VMEMMAP_ENABLE if X86_64
1635
1636config ARCH_SPARSEMEM_DEFAULT
1637 def_bool X86_64 || (NUMA && X86_32)
1638
1639config ARCH_SELECT_MEMORY_MODEL
1640 def_bool y
1641 depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE
1642
1643config ARCH_MEMORY_PROBE
1644 bool "Enable sysfs memory/probe interface"
1645 depends on MEMORY_HOTPLUG
1646 help
1647 This option enables a sysfs memory/probe interface for testing.
1648 See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
1649 If you are unsure how to answer this question, answer N.
1650
1651config ARCH_PROC_KCORE_TEXT
1652 def_bool y
1653 depends on X86_64 && PROC_KCORE
1654
1655config ILLEGAL_POINTER_VALUE
1656 hex
1657 default 0 if X86_32
1658 default 0xdead000000000000 if X86_64
1659
1660config X86_PMEM_LEGACY_DEVICE
1661 bool
1662
1663config X86_PMEM_LEGACY
1664 tristate "Support non-standard NVDIMMs and ADR protected memory"
1665 depends on PHYS_ADDR_T_64BIT
1666 depends on BLK_DEV
1667 select X86_PMEM_LEGACY_DEVICE
1668 select NUMA_KEEP_MEMINFO if NUMA
1669 select LIBNVDIMM
1670 help
1671 Treat memory marked using the non-standard e820 type of 12 as used
1672 by the Intel Sandy Bridge-EP reference BIOS as protected memory.
1673 The kernel will offer these regions to the 'pmem' driver so
1674 they can be used for persistent storage.
1675
1676 Say Y if unsure.
1677
1678config HIGHPTE
1679 bool "Allocate 3rd-level pagetables from highmem"
1680 depends on HIGHMEM
1681 help
1682 The VM uses one page table entry for each page of physical memory.
1683 For systems with a lot of RAM, this can be wasteful of precious
1684 low memory. Setting this option will put user-space page table
1685 entries in high memory.
1686
1687config X86_CHECK_BIOS_CORRUPTION
1688 bool "Check for low memory corruption"
1689 help
1690 Periodically check for memory corruption in low memory, which
1691 is suspected to be caused by BIOS. Even when enabled in the
1692 configuration, it is disabled at runtime. Enable it by
1693 setting "memory_corruption_check=1" on the kernel command
1694 line. By default it scans the low 64k of memory every 60
1695 seconds; see the memory_corruption_check_size and
1696 memory_corruption_check_period parameters in
1697 Documentation/admin-guide/kernel-parameters.rst to adjust this.
1698
1699 When enabled with the default parameters, this option has
1700 almost no overhead, as it reserves a relatively small amount
1701 of memory and scans it infrequently. It both detects corruption
1702 and prevents it from affecting the running system.
1703
1704 It is, however, intended as a diagnostic tool; if repeatable
1705 BIOS-originated corruption always affects the same memory,
1706 you can use memmap= to prevent the kernel from using that
1707 memory.
1708
1709config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
1710 bool "Set the default setting of memory_corruption_check"
1711 depends on X86_CHECK_BIOS_CORRUPTION
1712 default y
1713 help
1714 Set whether the default state of memory_corruption_check is
1715 on or off.
1716
1717config MATH_EMULATION
1718 bool
1719 depends on MODIFY_LDT_SYSCALL
1720 prompt "Math emulation" if X86_32 && (M486SX || MELAN)
1721 help
1722 Linux can emulate a math coprocessor (used for floating point
1723 operations) if you don't have one. 486DX and Pentium processors have
1724 a math coprocessor built in, 486SX and 386 do not, unless you added
1725 a 487DX or 387, respectively. (The messages during boot time can
1726 give you some hints here ["man dmesg"].) Everyone needs either a
1727 coprocessor or this emulation.
1728
1729 If you don't have a math coprocessor, you need to say Y here; if you
1730 say Y here even though you have a coprocessor, the coprocessor will
1731 be used nevertheless. (This behavior can be changed with the kernel
1732 command line option "no387", which comes handy if your coprocessor
1733 is broken. Try "man bootparam" or see the documentation of your boot
1734 loader (lilo or loadlin) about how to pass options to the kernel at
1735 boot time.) This means that it is a good idea to say Y here if you
1736 intend to use this kernel on different machines.
1737
1738 More information about the internals of the Linux math coprocessor
1739 emulation can be found in <file:arch/x86/math-emu/README>.
1740
1741 If you are not sure, say Y; apart from resulting in a 66 KB bigger
1742 kernel, it won't hurt.
1743
1744config MTRR
1745 def_bool y
1746 prompt "MTRR (Memory Type Range Register) support" if EXPERT
1747 help
1748 On Intel P6 family processors (Pentium Pro, Pentium II and later)
1749 the Memory Type Range Registers (MTRRs) may be used to control
1750 processor access to memory ranges. This is most useful if you have
1751 a video (VGA) card on a PCI or AGP bus. Enabling write-combining
1752 allows bus write transfers to be combined into a larger transfer
1753 before bursting over the PCI/AGP bus. This can increase performance
1754 of image write operations 2.5 times or more. Saying Y here creates a
1755 /proc/mtrr file which may be used to manipulate your processor's
1756 MTRRs. Typically the X server should use this.
1757
1758 This code has a reasonably generic interface so that similar
1759 control registers on other processors can be easily supported
1760 as well:
1761
1762 The Cyrix 6x86, 6x86MX and M II processors have Address Range
1763 Registers (ARRs) which provide a similar functionality to MTRRs. For
1764 these, the ARRs are used to emulate the MTRRs.
1765 The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
1766 MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
1767 write-combining. All of these processors are supported by this code
1768 and it makes sense to say Y here if you have one of them.
1769
1770 Saying Y here also fixes a problem with buggy SMP BIOSes which only
1771 set the MTRRs for the boot CPU and not for the secondary CPUs. This
1772 can lead to all sorts of problems, so it's good to say Y here.
1773
1774 You can safely say Y even if your machine doesn't have MTRRs, you'll
1775 just add about 9 KB to your kernel.
1776
1777 See <file:Documentation/x86/mtrr.rst> for more information.
1778
1779config MTRR_SANITIZER
1780 def_bool y
1781 prompt "MTRR cleanup support"
1782 depends on MTRR
1783 help
1784 Convert MTRR layout from continuous to discrete, so X drivers can
1785 add writeback entries.
1786
1787 Can be disabled with disable_mtrr_cleanup on the kernel command line.
1788 The largest mtrr entry size for a continuous block can be set with
1789 mtrr_chunk_size.
1790
1791 If unsure, say Y.
1792
1793config MTRR_SANITIZER_ENABLE_DEFAULT
1794 int "MTRR cleanup enable value (0-1)"
1795 range 0 1
1796 default "0"
1797 depends on MTRR_SANITIZER
1798 help
1799 Enable mtrr cleanup default value
1800
1801config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
1802 int "MTRR cleanup spare reg num (0-7)"
1803 range 0 7
1804 default "1"
1805 depends on MTRR_SANITIZER
1806 help
1807 mtrr cleanup spare entries default, it can be changed via
1808 mtrr_spare_reg_nr=N on the kernel command line.
1809
1810config X86_PAT
1811 def_bool y
1812 prompt "x86 PAT support" if EXPERT
1813 depends on MTRR
1814 help
1815 Use PAT attributes to setup page level cache control.
1816
1817 PATs are the modern equivalents of MTRRs and are much more
1818 flexible than MTRRs.
1819
1820 Say N here if you see bootup problems (boot crash, boot hang,
1821 spontaneous reboots) or a non-working video driver.
1822
1823 If unsure, say Y.
1824
1825config ARCH_USES_PG_UNCACHED
1826 def_bool y
1827 depends on X86_PAT
1828
1829config X86_UMIP
1830 def_bool y
1831 prompt "User Mode Instruction Prevention" if EXPERT
1832 help
1833 User Mode Instruction Prevention (UMIP) is a security feature in
1834 some x86 processors. If enabled, a general protection fault is
1835 issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are
1836 executed in user mode. These instructions unnecessarily expose
1837 information about the hardware state.
1838
1839 The vast majority of applications do not use these instructions.
1840 For the very few that do, software emulation is provided in
1841 specific cases in protected and virtual-8086 modes. Emulated
1842 results are dummy.
1843
1844config CC_HAS_IBT
1845 # GCC >= 9 and binutils >= 2.29
1846 # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
1847 # Clang/LLVM >= 14
1848 # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f
1849 # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
1850 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
1851 (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
1852 $(as-instr,endbr64)
1853
1854config X86_KERNEL_IBT
1855 prompt "Indirect Branch Tracking"
1856 def_bool y
1857 depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
1858 # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
1859 depends on !LD_IS_LLD || LLD_VERSION >= 140000
1860 select OBJTOOL
1861 help
1862 Build the kernel with support for Indirect Branch Tracking, a
1863 hardware support course-grain forward-edge Control Flow Integrity
1864 protection. It enforces that all indirect calls must land on
1865 an ENDBR instruction, as such, the compiler will instrument the
1866 code with them to make this happen.
1867
1868 In addition to building the kernel with IBT, seal all functions that
1869 are not indirect call targets, avoiding them ever becoming one.
1870
1871 This requires LTO like objtool runs and will slow down the build. It
1872 does significantly reduce the number of ENDBR instructions in the
1873 kernel image.
1874
1875config X86_INTEL_MEMORY_PROTECTION_KEYS
1876 prompt "Memory Protection Keys"
1877 def_bool y
1878 # Note: only available in 64-bit mode
1879 depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD)
1880 select ARCH_USES_HIGH_VMA_FLAGS
1881 select ARCH_HAS_PKEYS
1882 help
1883 Memory Protection Keys provides a mechanism for enforcing
1884 page-based protections, but without requiring modification of the
1885 page tables when an application changes protection domains.
1886
1887 For details, see Documentation/core-api/protection-keys.rst
1888
1889 If unsure, say y.
1890
1891choice
1892 prompt "TSX enable mode"
1893 depends on CPU_SUP_INTEL
1894 default X86_INTEL_TSX_MODE_OFF
1895 help
1896 Intel's TSX (Transactional Synchronization Extensions) feature
1897 allows to optimize locking protocols through lock elision which
1898 can lead to a noticeable performance boost.
1899
1900 On the other hand it has been shown that TSX can be exploited
1901 to form side channel attacks (e.g. TAA) and chances are there
1902 will be more of those attacks discovered in the future.
1903
1904 Therefore TSX is not enabled by default (aka tsx=off). An admin
1905 might override this decision by tsx=on the command line parameter.
1906 Even with TSX enabled, the kernel will attempt to enable the best
1907 possible TAA mitigation setting depending on the microcode available
1908 for the particular machine.
1909
1910 This option allows to set the default tsx mode between tsx=on, =off
1911 and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
1912 details.
1913
1914 Say off if not sure, auto if TSX is in use but it should be used on safe
1915 platforms or on if TSX is in use and the security aspect of tsx is not
1916 relevant.
1917
1918config X86_INTEL_TSX_MODE_OFF
1919 bool "off"
1920 help
1921 TSX is disabled if possible - equals to tsx=off command line parameter.
1922
1923config X86_INTEL_TSX_MODE_ON
1924 bool "on"
1925 help
1926 TSX is always enabled on TSX capable HW - equals the tsx=on command
1927 line parameter.
1928
1929config X86_INTEL_TSX_MODE_AUTO
1930 bool "auto"
1931 help
1932 TSX is enabled on TSX capable HW that is believed to be safe against
1933 side channel attacks- equals the tsx=auto command line parameter.
1934endchoice
1935
1936config X86_SGX
1937 bool "Software Guard eXtensions (SGX)"
1938 depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC
1939 depends on CRYPTO=y
1940 depends on CRYPTO_SHA256=y
1941 select SRCU
1942 select MMU_NOTIFIER
1943 select NUMA_KEEP_MEMINFO if NUMA
1944 select XARRAY_MULTI
1945 help
1946 Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions
1947 that can be used by applications to set aside private regions of code
1948 and data, referred to as enclaves. An enclave's private memory can
1949 only be accessed by code running within the enclave. Accesses from
1950 outside the enclave, including other enclaves, are disallowed by
1951 hardware.
1952
1953 If unsure, say N.
1954
1955config EFI
1956 bool "EFI runtime service support"
1957 depends on ACPI
1958 select UCS2_STRING
1959 select EFI_RUNTIME_WRAPPERS
1960 select ARCH_USE_MEMREMAP_PROT
1961 help
1962 This enables the kernel to use EFI runtime services that are
1963 available (such as the EFI variable services).
1964
1965 This option is only useful on systems that have EFI firmware.
1966 In addition, you should use the latest ELILO loader available
1967 at <http://elilo.sourceforge.net> in order to take advantage
1968 of EFI runtime services. However, even with this option, the
1969 resultant kernel should continue to boot on existing non-EFI
1970 platforms.
1971
1972config EFI_STUB
1973 bool "EFI stub support"
1974 depends on EFI
1975 select RELOCATABLE
1976 help
1977 This kernel feature allows a bzImage to be loaded directly
1978 by EFI firmware without the use of a bootloader.
1979
1980 See Documentation/admin-guide/efi-stub.rst for more information.
1981
1982config EFI_HANDOVER_PROTOCOL
1983 bool "EFI handover protocol (DEPRECATED)"
1984 depends on EFI_STUB
1985 default y
1986 help
1987 Select this in order to include support for the deprecated EFI
1988 handover protocol, which defines alternative entry points into the
1989 EFI stub. This is a practice that has no basis in the UEFI
1990 specification, and requires a priori knowledge on the part of the
1991 bootloader about Linux/x86 specific ways of passing the command line
1992 and initrd, and where in memory those assets may be loaded.
1993
1994 If in doubt, say Y. Even though the corresponding support is not
1995 present in upstream GRUB or other bootloaders, most distros build
1996 GRUB with numerous downstream patches applied, and may rely on the
1997 handover protocol as as result.
1998
1999config EFI_MIXED
2000 bool "EFI mixed-mode support"
2001 depends on EFI_STUB && X86_64
2002 help
2003 Enabling this feature allows a 64-bit kernel to be booted
2004 on a 32-bit firmware, provided that your CPU supports 64-bit
2005 mode.
2006
2007 Note that it is not possible to boot a mixed-mode enabled
2008 kernel via the EFI boot stub - a bootloader that supports
2009 the EFI handover protocol must be used.
2010
2011 If unsure, say N.
2012
2013config EFI_FAKE_MEMMAP
2014 bool "Enable EFI fake memory map"
2015 depends on EFI
2016 help
2017 Saying Y here will enable "efi_fake_mem" boot option. By specifying
2018 this parameter, you can add arbitrary attribute to specific memory
2019 range by updating original (firmware provided) EFI memmap. This is
2020 useful for debugging of EFI memmap related feature, e.g., Address
2021 Range Mirroring feature.
2022
2023config EFI_MAX_FAKE_MEM
2024 int "maximum allowable number of ranges in efi_fake_mem boot option"
2025 depends on EFI_FAKE_MEMMAP
2026 range 1 128
2027 default 8
2028 help
2029 Maximum allowable number of ranges in efi_fake_mem boot option.
2030 Ranges can be set up to this value using comma-separated list.
2031 The default value is 8.
2032
2033config EFI_RUNTIME_MAP
2034 bool "Export EFI runtime maps to sysfs" if EXPERT
2035 depends on EFI
2036 default KEXEC_CORE
2037 help
2038 Export EFI runtime memory regions to /sys/firmware/efi/runtime-map.
2039 That memory map is required by the 2nd kernel to set up EFI virtual
2040 mappings after kexec, but can also be used for debugging purposes.
2041
2042 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
2043
2044source "kernel/Kconfig.hz"
2045
2046config KEXEC
2047 bool "kexec system call"
2048 select KEXEC_CORE
2049 help
2050 kexec is a system call that implements the ability to shutdown your
2051 current kernel, and to start another kernel. It is like a reboot
2052 but it is independent of the system firmware. And like a reboot
2053 you can start any kernel with it, not just Linux.
2054
2055 The name comes from the similarity to the exec system call.
2056
2057 It is an ongoing process to be certain the hardware in a machine
2058 is properly shutdown, so do not be surprised if this code does not
2059 initially work for you. As of this writing the exact hardware
2060 interface is strongly in flux, so no good recommendation can be
2061 made.
2062
2063config KEXEC_FILE
2064 bool "kexec file based system call"
2065 select KEXEC_CORE
2066 select HAVE_IMA_KEXEC if IMA
2067 depends on X86_64
2068 depends on CRYPTO=y
2069 depends on CRYPTO_SHA256=y
2070 help
2071 This is new version of kexec system call. This system call is
2072 file based and takes file descriptors as system call argument
2073 for kernel and initramfs as opposed to list of segments as
2074 accepted by previous system call.
2075
2076config ARCH_HAS_KEXEC_PURGATORY
2077 def_bool KEXEC_FILE
2078
2079config KEXEC_SIG
2080 bool "Verify kernel signature during kexec_file_load() syscall"
2081 depends on KEXEC_FILE
2082 help
2083
2084 This option makes the kexec_file_load() syscall check for a valid
2085 signature of the kernel image. The image can still be loaded without
2086 a valid signature unless you also enable KEXEC_SIG_FORCE, though if
2087 there's a signature that we can check, then it must be valid.
2088
2089 In addition to this option, you need to enable signature
2090 verification for the corresponding kernel image type being
2091 loaded in order for this to work.
2092
2093config KEXEC_SIG_FORCE
2094 bool "Require a valid signature in kexec_file_load() syscall"
2095 depends on KEXEC_SIG
2096 help
2097 This option makes kernel signature verification mandatory for
2098 the kexec_file_load() syscall.
2099
2100config KEXEC_BZIMAGE_VERIFY_SIG
2101 bool "Enable bzImage signature verification support"
2102 depends on KEXEC_SIG
2103 depends on SIGNED_PE_FILE_VERIFICATION
2104 select SYSTEM_TRUSTED_KEYRING
2105 help
2106 Enable bzImage signature verification support.
2107
2108config CRASH_DUMP
2109 bool "kernel crash dumps"
2110 depends on X86_64 || (X86_32 && HIGHMEM)
2111 help
2112 Generate crash dump after being started by kexec.
2113 This should be normally only set in special crash dump kernels
2114 which are loaded in the main kernel with kexec-tools into
2115 a specially reserved region and then later executed after
2116 a crash by kdump/kexec. The crash dump kernel must be compiled
2117 to a memory address not used by the main kernel or BIOS using
2118 PHYSICAL_START, or it must be built as a relocatable image
2119 (CONFIG_RELOCATABLE=y).
2120 For more details see Documentation/admin-guide/kdump/kdump.rst
2121
2122config KEXEC_JUMP
2123 bool "kexec jump"
2124 depends on KEXEC && HIBERNATION
2125 help
2126 Jump between original kernel and kexeced kernel and invoke
2127 code in physical address mode via KEXEC
2128
2129config PHYSICAL_START
2130 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
2131 default "0x1000000"
2132 help
2133 This gives the physical address where the kernel is loaded.
2134
2135 If kernel is a not relocatable (CONFIG_RELOCATABLE=n) then
2136 bzImage will decompress itself to above physical address and
2137 run from there. Otherwise, bzImage will run from the address where
2138 it has been loaded by the boot loader and will ignore above physical
2139 address.
2140
2141 In normal kdump cases one does not have to set/change this option
2142 as now bzImage can be compiled as a completely relocatable image
2143 (CONFIG_RELOCATABLE=y) and be used to load and run from a different
2144 address. This option is mainly useful for the folks who don't want
2145 to use a bzImage for capturing the crash dump and want to use a
2146 vmlinux instead. vmlinux is not relocatable hence a kernel needs
2147 to be specifically compiled to run from a specific memory area
2148 (normally a reserved region) and this option comes handy.
2149
2150 So if you are using bzImage for capturing the crash dump,
2151 leave the value here unchanged to 0x1000000 and set
2152 CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux
2153 for capturing the crash dump change this value to start of
2154 the reserved region. In other words, it can be set based on
2155 the "X" value as specified in the "crashkernel=YM@XM"
2156 command line boot parameter passed to the panic-ed
2157 kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
2158 for more details about crash dumps.
2159
2160 Usage of bzImage for capturing the crash dump is recommended as
2161 one does not have to build two kernels. Same kernel can be used
2162 as production kernel and capture kernel. Above option should have
2163 gone away after relocatable bzImage support is introduced. But it
2164 is present because there are users out there who continue to use
2165 vmlinux for dump capture. This option should go away down the
2166 line.
2167
2168 Don't change this unless you know what you are doing.
2169
2170config RELOCATABLE
2171 bool "Build a relocatable kernel"
2172 default y
2173 help
2174 This builds a kernel image that retains relocation information
2175 so it can be loaded someplace besides the default 1MB.
2176 The relocations tend to make the kernel binary about 10% larger,
2177 but are discarded at runtime.
2178
2179 One use is for the kexec on panic case where the recovery kernel
2180 must live at a different physical address than the primary
2181 kernel.
2182
2183 Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
2184 it has been loaded at and the compile time physical address
2185 (CONFIG_PHYSICAL_START) is used as the minimum location.
2186
2187config RANDOMIZE_BASE
2188 bool "Randomize the address of the kernel image (KASLR)"
2189 depends on RELOCATABLE
2190 default y
2191 help
2192 In support of Kernel Address Space Layout Randomization (KASLR),
2193 this randomizes the physical address at which the kernel image
2194 is decompressed and the virtual address where the kernel
2195 image is mapped, as a security feature that deters exploit
2196 attempts relying on knowledge of the location of kernel
2197 code internals.
2198
2199 On 64-bit, the kernel physical and virtual addresses are
2200 randomized separately. The physical address will be anywhere
2201 between 16MB and the top of physical memory (up to 64TB). The
2202 virtual address will be randomized from 16MB up to 1GB (9 bits
2203 of entropy). Note that this also reduces the memory space
2204 available to kernel modules from 1.5GB to 1GB.
2205
2206 On 32-bit, the kernel physical and virtual addresses are
2207 randomized together. They will be randomized from 16MB up to
2208 512MB (8 bits of entropy).
2209
2210 Entropy is generated using the RDRAND instruction if it is
2211 supported. If RDTSC is supported, its value is mixed into
2212 the entropy pool as well. If neither RDRAND nor RDTSC are
2213 supported, then entropy is read from the i8254 timer. The
2214 usable entropy is limited by the kernel being built using
2215 2GB addressing, and that PHYSICAL_ALIGN must be at a
2216 minimum of 2MB. As a result, only 10 bits of entropy are
2217 theoretically possible, but the implementations are further
2218 limited due to memory layouts.
2219
2220 If unsure, say Y.
2221
2222# Relocation on x86 needs some additional build support
2223config X86_NEED_RELOCS
2224 def_bool y
2225 depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
2226
2227config PHYSICAL_ALIGN
2228 hex "Alignment value to which kernel should be aligned"
2229 default "0x200000"
2230 range 0x2000 0x1000000 if X86_32
2231 range 0x200000 0x1000000 if X86_64
2232 help
2233 This value puts the alignment restrictions on physical address
2234 where kernel is loaded and run from. Kernel is compiled for an
2235 address which meets above alignment restriction.
2236
2237 If bootloader loads the kernel at a non-aligned address and
2238 CONFIG_RELOCATABLE is set, kernel will move itself to nearest
2239 address aligned to above value and run from there.
2240
2241 If bootloader loads the kernel at a non-aligned address and
2242 CONFIG_RELOCATABLE is not set, kernel will ignore the run time
2243 load address and decompress itself to the address it has been
2244 compiled for and run from there. The address for which kernel is
2245 compiled already meets above alignment restrictions. Hence the
2246 end result is that kernel runs from a physical address meeting
2247 above alignment restrictions.
2248
2249 On 32-bit this value must be a multiple of 0x2000. On 64-bit
2250 this value must be a multiple of 0x200000.
2251
2252 Don't change this unless you know what you are doing.
2253
2254config DYNAMIC_MEMORY_LAYOUT
2255 bool
2256 help
2257 This option makes base addresses of vmalloc and vmemmap as well as
2258 __PAGE_OFFSET movable during boot.
2259
2260config RANDOMIZE_MEMORY
2261 bool "Randomize the kernel memory sections"
2262 depends on X86_64
2263 depends on RANDOMIZE_BASE
2264 select DYNAMIC_MEMORY_LAYOUT
2265 default RANDOMIZE_BASE
2266 help
2267 Randomizes the base virtual address of kernel memory sections
2268 (physical memory mapping, vmalloc & vmemmap). This security feature
2269 makes exploits relying on predictable memory locations less reliable.
2270
2271 The order of allocations remains unchanged. Entropy is generated in
2272 the same way as RANDOMIZE_BASE. Current implementation in the optimal
2273 configuration have in average 30,000 different possible virtual
2274 addresses for each memory section.
2275
2276 If unsure, say Y.
2277
2278config RANDOMIZE_MEMORY_PHYSICAL_PADDING
2279 hex "Physical memory mapping padding" if EXPERT
2280 depends on RANDOMIZE_MEMORY
2281 default "0xa" if MEMORY_HOTPLUG
2282 default "0x0"
2283 range 0x1 0x40 if MEMORY_HOTPLUG
2284 range 0x0 0x40
2285 help
2286 Define the padding in terabytes added to the existing physical
2287 memory size during kernel memory randomization. It is useful
2288 for memory hotplug support but reduces the entropy available for
2289 address randomization.
2290
2291 If unsure, leave at the default value.
2292
2293config HOTPLUG_CPU
2294 def_bool y
2295 depends on SMP
2296
2297config BOOTPARAM_HOTPLUG_CPU0
2298 bool "Set default setting of cpu0_hotpluggable"
2299 depends on HOTPLUG_CPU
2300 help
2301 Set whether default state of cpu0_hotpluggable is on or off.
2302
2303 Say Y here to enable CPU0 hotplug by default. If this switch
2304 is turned on, there is no need to give cpu0_hotplug kernel
2305 parameter and the CPU0 hotplug feature is enabled by default.
2306
2307 Please note: there are two known CPU0 dependencies if you want
2308 to enable the CPU0 hotplug feature either by this switch or by
2309 cpu0_hotplug kernel parameter.
2310
2311 First, resume from hibernate or suspend always starts from CPU0.
2312 So hibernate and suspend are prevented if CPU0 is offline.
2313
2314 Second dependency is PIC interrupts always go to CPU0. CPU0 can not
2315 offline if any interrupt can not migrate out of CPU0. There may
2316 be other CPU0 dependencies.
2317
2318 Please make sure the dependencies are under your control before
2319 you enable this feature.
2320
2321 Say N if you don't want to enable CPU0 hotplug feature by default.
2322 You still can enable the CPU0 hotplug feature at boot by kernel
2323 parameter cpu0_hotplug.
2324
2325config DEBUG_HOTPLUG_CPU0
2326 def_bool n
2327 prompt "Debug CPU0 hotplug"
2328 depends on HOTPLUG_CPU
2329 help
2330 Enabling this option offlines CPU0 (if CPU0 can be offlined) as
2331 soon as possible and boots up userspace with CPU0 offlined. User
2332 can online CPU0 back after boot time.
2333
2334 To debug CPU0 hotplug, you need to enable CPU0 offline/online
2335 feature by either turning on CONFIG_BOOTPARAM_HOTPLUG_CPU0 during
2336 compilation or giving cpu0_hotplug kernel parameter at boot.
2337
2338 If unsure, say N.
2339
2340config COMPAT_VDSO
2341 def_bool n
2342 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
2343 depends on COMPAT_32
2344 help
2345 Certain buggy versions of glibc will crash if they are
2346 presented with a 32-bit vDSO that is not mapped at the address
2347 indicated in its segment table.
2348
2349 The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
2350 and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
2351 49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is
2352 the only released version with the bug, but OpenSUSE 9
2353 contains a buggy "glibc 2.3.2".
2354
2355 The symptom of the bug is that everything crashes on startup, saying:
2356 dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
2357
2358 Saying Y here changes the default value of the vdso32 boot
2359 option from 1 to 0, which turns off the 32-bit vDSO entirely.
2360 This works around the glibc bug but hurts performance.
2361
2362 If unsure, say N: if you are compiling your own kernel, you
2363 are unlikely to be using a buggy version of glibc.
2364
2365choice
2366 prompt "vsyscall table for legacy applications"
2367 depends on X86_64
2368 default LEGACY_VSYSCALL_XONLY
2369 help
2370 Legacy user code that does not know how to find the vDSO expects
2371 to be able to issue three syscalls by calling fixed addresses in
2372 kernel space. Since this location is not randomized with ASLR,
2373 it can be used to assist security vulnerability exploitation.
2374
2375 This setting can be changed at boot time via the kernel command
2376 line parameter vsyscall=[emulate|xonly|none]. Emulate mode
2377 is deprecated and can only be enabled using the kernel command
2378 line.
2379
2380 On a system with recent enough glibc (2.14 or newer) and no
2381 static binaries, you can say None without a performance penalty
2382 to improve security.
2383
2384 If unsure, select "Emulate execution only".
2385
2386 config LEGACY_VSYSCALL_XONLY
2387 bool "Emulate execution only"
2388 help
2389 The kernel traps and emulates calls into the fixed vsyscall
2390 address mapping and does not allow reads. This
2391 configuration is recommended when userspace might use the
2392 legacy vsyscall area but support for legacy binary
2393 instrumentation of legacy code is not needed. It mitigates
2394 certain uses of the vsyscall area as an ASLR-bypassing
2395 buffer.
2396
2397 config LEGACY_VSYSCALL_NONE
2398 bool "None"
2399 help
2400 There will be no vsyscall mapping at all. This will
2401 eliminate any risk of ASLR bypass due to the vsyscall
2402 fixed address mapping. Attempts to use the vsyscalls
2403 will be reported to dmesg, so that either old or
2404 malicious userspace programs can be identified.
2405
2406endchoice
2407
2408config CMDLINE_BOOL
2409 bool "Built-in kernel command line"
2410 help
2411 Allow for specifying boot arguments to the kernel at
2412 build time. On some systems (e.g. embedded ones), it is
2413 necessary or convenient to provide some or all of the
2414 kernel boot arguments with the kernel itself (that is,
2415 to not rely on the boot loader to provide them.)
2416
2417 To compile command line arguments into the kernel,
2418 set this option to 'Y', then fill in the
2419 boot arguments in CONFIG_CMDLINE.
2420
2421 Systems with fully functional boot loaders (i.e. non-embedded)
2422 should leave this option set to 'N'.
2423
2424config CMDLINE
2425 string "Built-in kernel command string"
2426 depends on CMDLINE_BOOL
2427 default ""
2428 help
2429 Enter arguments here that should be compiled into the kernel
2430 image and used at boot time. If the boot loader provides a
2431 command line at boot time, it is appended to this string to
2432 form the full kernel command line, when the system boots.
2433
2434 However, you can use the CONFIG_CMDLINE_OVERRIDE option to
2435 change this behavior.
2436
2437 In most cases, the command line (whether built-in or provided
2438 by the boot loader) should specify the device for the root
2439 file system.
2440
2441config CMDLINE_OVERRIDE
2442 bool "Built-in command line overrides boot loader arguments"
2443 depends on CMDLINE_BOOL && CMDLINE != ""
2444 help
2445 Set this option to 'Y' to have the kernel ignore the boot loader
2446 command line, and use ONLY the built-in command line.
2447
2448 This is used to work around broken boot loaders. This should
2449 be set to 'N' under normal conditions.
2450
2451config MODIFY_LDT_SYSCALL
2452 bool "Enable the LDT (local descriptor table)" if EXPERT
2453 default y
2454 help
2455 Linux can allow user programs to install a per-process x86
2456 Local Descriptor Table (LDT) using the modify_ldt(2) system
2457 call. This is required to run 16-bit or segmented code such as
2458 DOSEMU or some Wine programs. It is also used by some very old
2459 threading libraries.
2460
2461 Enabling this feature adds a small amount of overhead to
2462 context switches and increases the low-level kernel attack
2463 surface. Disabling it removes the modify_ldt(2) system call.
2464
2465 Saying 'N' here may make sense for embedded or server kernels.
2466
2467config STRICT_SIGALTSTACK_SIZE
2468 bool "Enforce strict size checking for sigaltstack"
2469 depends on DYNAMIC_SIGFRAME
2470 help
2471 For historical reasons MINSIGSTKSZ is a constant which became
2472 already too small with AVX512 support. Add a mechanism to
2473 enforce strict checking of the sigaltstack size against the
2474 real size of the FPU frame. This option enables the check
2475 by default. It can also be controlled via the kernel command
2476 line option 'strict_sas_size' independent of this config
2477 switch. Enabling it might break existing applications which
2478 allocate a too small sigaltstack but 'work' because they
2479 never get a signal delivered.
2480
2481 Say 'N' unless you want to really enforce this check.
2482
2483source "kernel/livepatch/Kconfig"
2484
2485endmenu
2486
2487config CC_HAS_SLS
2488 def_bool $(cc-option,-mharden-sls=all)
2489
2490config CC_HAS_RETURN_THUNK
2491 def_bool $(cc-option,-mfunction-return=thunk-extern)
2492
2493config CC_HAS_ENTRY_PADDING
2494 def_bool $(cc-option,-fpatchable-function-entry=16,16)
2495
2496config FUNCTION_PADDING_CFI
2497 int
2498 default 59 if FUNCTION_ALIGNMENT_64B
2499 default 27 if FUNCTION_ALIGNMENT_32B
2500 default 11 if FUNCTION_ALIGNMENT_16B
2501 default 3 if FUNCTION_ALIGNMENT_8B
2502 default 0
2503
2504# Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG
2505# except Kconfig can't do arithmetic :/
2506config FUNCTION_PADDING_BYTES
2507 int
2508 default FUNCTION_PADDING_CFI if CFI_CLANG
2509 default FUNCTION_ALIGNMENT
2510
2511config CALL_PADDING
2512 def_bool n
2513 depends on CC_HAS_ENTRY_PADDING && OBJTOOL
2514 select FUNCTION_ALIGNMENT_16B
2515
2516config FINEIBT
2517 def_bool y
2518 depends on X86_KERNEL_IBT && CFI_CLANG && RETPOLINE
2519 select CALL_PADDING
2520
2521config HAVE_CALL_THUNKS
2522 def_bool y
2523 depends on CC_HAS_ENTRY_PADDING && RETHUNK && OBJTOOL
2524
2525config CALL_THUNKS
2526 def_bool n
2527 select CALL_PADDING
2528
2529config PREFIX_SYMBOLS
2530 def_bool y
2531 depends on CALL_PADDING && !CFI_CLANG
2532
2533menuconfig SPECULATION_MITIGATIONS
2534 bool "Mitigations for speculative execution vulnerabilities"
2535 default y
2536 help
2537 Say Y here to enable options which enable mitigations for
2538 speculative execution hardware vulnerabilities.
2539
2540 If you say N, all mitigations will be disabled. You really
2541 should know what you are doing to say so.
2542
2543if SPECULATION_MITIGATIONS
2544
2545config PAGE_TABLE_ISOLATION
2546 bool "Remove the kernel mapping in user mode"
2547 default y
2548 depends on (X86_64 || X86_PAE)
2549 help
2550 This feature reduces the number of hardware side channels by
2551 ensuring that the majority of kernel addresses are not mapped
2552 into userspace.
2553
2554 See Documentation/x86/pti.rst for more details.
2555
2556config RETPOLINE
2557 bool "Avoid speculative indirect branches in kernel"
2558 select OBJTOOL if HAVE_OBJTOOL
2559 default y
2560 help
2561 Compile kernel with the retpoline compiler options to guard against
2562 kernel-to-user data leaks by avoiding speculative indirect
2563 branches. Requires a compiler with -mindirect-branch=thunk-extern
2564 support for full protection. The kernel may run slower.
2565
2566config RETHUNK
2567 bool "Enable return-thunks"
2568 depends on RETPOLINE && CC_HAS_RETURN_THUNK
2569 select OBJTOOL if HAVE_OBJTOOL
2570 default y if X86_64
2571 help
2572 Compile the kernel with the return-thunks compiler option to guard
2573 against kernel-to-user data leaks by avoiding return speculation.
2574 Requires a compiler with -mfunction-return=thunk-extern
2575 support for full protection. The kernel may run slower.
2576
2577config CPU_UNRET_ENTRY
2578 bool "Enable UNRET on kernel entry"
2579 depends on CPU_SUP_AMD && RETHUNK && X86_64
2580 default y
2581 help
2582 Compile the kernel with support for the retbleed=unret mitigation.
2583
2584config CALL_DEPTH_TRACKING
2585 bool "Mitigate RSB underflow with call depth tracking"
2586 depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS
2587 select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
2588 select CALL_THUNKS
2589 default y
2590 help
2591 Compile the kernel with call depth tracking to mitigate the Intel
2592 SKL Return-Speculation-Buffer (RSB) underflow issue. The
2593 mitigation is off by default and needs to be enabled on the
2594 kernel command line via the retbleed=stuff option. For
2595 non-affected systems the overhead of this option is marginal as
2596 the call depth tracking is using run-time generated call thunks
2597 in a compiler generated padding area and call patching. This
2598 increases text size by ~5%. For non affected systems this space
2599 is unused. On affected SKL systems this results in a significant
2600 performance gain over the IBRS mitigation.
2601
2602config CALL_THUNKS_DEBUG
2603 bool "Enable call thunks and call depth tracking debugging"
2604 depends on CALL_DEPTH_TRACKING
2605 select FUNCTION_ALIGNMENT_32B
2606 default n
2607 help
2608 Enable call/ret counters for imbalance detection and build in
2609 a noisy dmesg about callthunks generation and call patching for
2610 trouble shooting. The debug prints need to be enabled on the
2611 kernel command line with 'debug-callthunks'.
2612 Only enable this, when you are debugging call thunks as this
2613 creates a noticable runtime overhead. If unsure say N.
2614
2615config CPU_IBPB_ENTRY
2616 bool "Enable IBPB on kernel entry"
2617 depends on CPU_SUP_AMD && X86_64
2618 default y
2619 help
2620 Compile the kernel with support for the retbleed=ibpb mitigation.
2621
2622config CPU_IBRS_ENTRY
2623 bool "Enable IBRS on kernel entry"
2624 depends on CPU_SUP_INTEL && X86_64
2625 default y
2626 help
2627 Compile the kernel with support for the spectre_v2=ibrs mitigation.
2628 This mitigates both spectre_v2 and retbleed at great cost to
2629 performance.
2630
2631config SLS
2632 bool "Mitigate Straight-Line-Speculation"
2633 depends on CC_HAS_SLS && X86_64
2634 select OBJTOOL if HAVE_OBJTOOL
2635 default n
2636 help
2637 Compile the kernel with straight-line-speculation options to guard
2638 against straight line speculation. The kernel image might be slightly
2639 larger.
2640
2641endif
2642
2643config ARCH_HAS_ADD_PAGES
2644 def_bool y
2645 depends on ARCH_ENABLE_MEMORY_HOTPLUG
2646
2647config ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE
2648 def_bool y
2649
2650menu "Power management and ACPI options"
2651
2652config ARCH_HIBERNATION_HEADER
2653 def_bool y
2654 depends on HIBERNATION
2655
2656source "kernel/power/Kconfig"
2657
2658source "drivers/acpi/Kconfig"
2659
2660config X86_APM_BOOT
2661 def_bool y
2662 depends on APM
2663
2664menuconfig APM
2665 tristate "APM (Advanced Power Management) BIOS support"
2666 depends on X86_32 && PM_SLEEP
2667 help
2668 APM is a BIOS specification for saving power using several different
2669 techniques. This is mostly useful for battery powered laptops with
2670 APM compliant BIOSes. If you say Y here, the system time will be
2671 reset after a RESUME operation, the /proc/apm device will provide
2672 battery status information, and user-space programs will receive
2673 notification of APM "events" (e.g. battery status change).
2674
2675 If you select "Y" here, you can disable actual use of the APM
2676 BIOS by passing the "apm=off" option to the kernel at boot time.
2677
2678 Note that the APM support is almost completely disabled for
2679 machines with more than one CPU.
2680
2681 In order to use APM, you will need supporting software. For location
2682 and more information, read <file:Documentation/power/apm-acpi.rst>
2683 and the Battery Powered Linux mini-HOWTO, available from
2684 <http://www.tldp.org/docs.html#howto>.
2685
2686 This driver does not spin down disk drives (see the hdparm(8)
2687 manpage ("man 8 hdparm") for that), and it doesn't turn off
2688 VESA-compliant "green" monitors.
2689
2690 This driver does not support the TI 4000M TravelMate and the ACER
2691 486/DX4/75 because they don't have compliant BIOSes. Many "green"
2692 desktop machines also don't have compliant BIOSes, and this driver
2693 may cause those machines to panic during the boot phase.
2694
2695 Generally, if you don't have a battery in your machine, there isn't
2696 much point in using this driver and you should say N. If you get
2697 random kernel OOPSes or reboots that don't seem to be related to
2698 anything, try disabling/enabling this option (or disabling/enabling
2699 APM in your BIOS).
2700
2701 Some other things you should try when experiencing seemingly random,
2702 "weird" problems:
2703
2704 1) make sure that you have enough swap space and that it is
2705 enabled.
2706 2) pass the "idle=poll" option to the kernel
2707 3) switch on floating point emulation in the kernel and pass
2708 the "no387" option to the kernel
2709 4) pass the "floppy=nodma" option to the kernel
2710 5) pass the "mem=4M" option to the kernel (thereby disabling
2711 all but the first 4 MB of RAM)
2712 6) make sure that the CPU is not over clocked.
2713 7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
2714 8) disable the cache from your BIOS settings
2715 9) install a fan for the video card or exchange video RAM
2716 10) install a better fan for the CPU
2717 11) exchange RAM chips
2718 12) exchange the motherboard.
2719
2720 To compile this driver as a module, choose M here: the
2721 module will be called apm.
2722
2723if APM
2724
2725config APM_IGNORE_USER_SUSPEND
2726 bool "Ignore USER SUSPEND"
2727 help
2728 This option will ignore USER SUSPEND requests. On machines with a
2729 compliant APM BIOS, you want to say N. However, on the NEC Versa M
2730 series notebooks, it is necessary to say Y because of a BIOS bug.
2731
2732config APM_DO_ENABLE
2733 bool "Enable PM at boot time"
2734 help
2735 Enable APM features at boot time. From page 36 of the APM BIOS
2736 specification: "When disabled, the APM BIOS does not automatically
2737 power manage devices, enter the Standby State, enter the Suspend
2738 State, or take power saving steps in response to CPU Idle calls."
2739 This driver will make CPU Idle calls when Linux is idle (unless this
2740 feature is turned off -- see "Do CPU IDLE calls", below). This
2741 should always save battery power, but more complicated APM features
2742 will be dependent on your BIOS implementation. You may need to turn
2743 this option off if your computer hangs at boot time when using APM
2744 support, or if it beeps continuously instead of suspending. Turn
2745 this off if you have a NEC UltraLite Versa 33/C or a Toshiba
2746 T400CDT. This is off by default since most machines do fine without
2747 this feature.
2748
2749config APM_CPU_IDLE
2750 depends on CPU_IDLE
2751 bool "Make CPU Idle calls when idle"
2752 help
2753 Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
2754 On some machines, this can activate improved power savings, such as
2755 a slowed CPU clock rate, when the machine is idle. These idle calls
2756 are made after the idle loop has run for some length of time (e.g.,
2757 333 mS). On some machines, this will cause a hang at boot time or
2758 whenever the CPU becomes idle. (On machines with more than one CPU,
2759 this option does nothing.)
2760
2761config APM_DISPLAY_BLANK
2762 bool "Enable console blanking using APM"
2763 help
2764 Enable console blanking using the APM. Some laptops can use this to
2765 turn off the LCD backlight when the screen blanker of the Linux
2766 virtual console blanks the screen. Note that this is only used by
2767 the virtual console screen blanker, and won't turn off the backlight
2768 when using the X Window system. This also doesn't have anything to
2769 do with your VESA-compliant power-saving monitor. Further, this
2770 option doesn't work for all laptops -- it might not turn off your
2771 backlight at all, or it might print a lot of errors to the console,
2772 especially if you are using gpm.
2773
2774config APM_ALLOW_INTS
2775 bool "Allow interrupts during APM BIOS calls"
2776 help
2777 Normally we disable external interrupts while we are making calls to
2778 the APM BIOS as a measure to lessen the effects of a badly behaving
2779 BIOS implementation. The BIOS should reenable interrupts if it
2780 needs to. Unfortunately, some BIOSes do not -- especially those in
2781 many of the newer IBM Thinkpads. If you experience hangs when you
2782 suspend, try setting this to Y. Otherwise, say N.
2783
2784endif # APM
2785
2786source "drivers/cpufreq/Kconfig"
2787
2788source "drivers/cpuidle/Kconfig"
2789
2790source "drivers/idle/Kconfig"
2791
2792endmenu
2793
2794menu "Bus options (PCI etc.)"
2795
2796choice
2797 prompt "PCI access mode"
2798 depends on X86_32 && PCI
2799 default PCI_GOANY
2800 help
2801 On PCI systems, the BIOS can be used to detect the PCI devices and
2802 determine their configuration. However, some old PCI motherboards
2803 have BIOS bugs and may crash if this is done. Also, some embedded
2804 PCI-based systems don't have any BIOS at all. Linux can also try to
2805 detect the PCI hardware directly without using the BIOS.
2806
2807 With this option, you can specify how Linux should detect the
2808 PCI devices. If you choose "BIOS", the BIOS will be used,
2809 if you choose "Direct", the BIOS won't be used, and if you
2810 choose "MMConfig", then PCI Express MMCONFIG will be used.
2811 If you choose "Any", the kernel will try MMCONFIG, then the
2812 direct access method and falls back to the BIOS if that doesn't
2813 work. If unsure, go with the default, which is "Any".
2814
2815config PCI_GOBIOS
2816 bool "BIOS"
2817
2818config PCI_GOMMCONFIG
2819 bool "MMConfig"
2820
2821config PCI_GODIRECT
2822 bool "Direct"
2823
2824config PCI_GOOLPC
2825 bool "OLPC XO-1"
2826 depends on OLPC
2827
2828config PCI_GOANY
2829 bool "Any"
2830
2831endchoice
2832
2833config PCI_BIOS
2834 def_bool y
2835 depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
2836
2837# x86-64 doesn't support PCI BIOS access from long mode so always go direct.
2838config PCI_DIRECT
2839 def_bool y
2840 depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
2841
2842config PCI_MMCONFIG
2843 bool "Support mmconfig PCI config space access" if X86_64
2844 default y
2845 depends on PCI && (ACPI || JAILHOUSE_GUEST)
2846 depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
2847
2848config PCI_OLPC
2849 def_bool y
2850 depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
2851
2852config PCI_XEN
2853 def_bool y
2854 depends on PCI && XEN
2855
2856config MMCONF_FAM10H
2857 def_bool y
2858 depends on X86_64 && PCI_MMCONFIG && ACPI
2859
2860config PCI_CNB20LE_QUIRK
2861 bool "Read CNB20LE Host Bridge Windows" if EXPERT
2862 depends on PCI
2863 help
2864 Read the PCI windows out of the CNB20LE host bridge. This allows
2865 PCI hotplug to work on systems with the CNB20LE chipset which do
2866 not have ACPI.
2867
2868 There's no public spec for this chipset, and this functionality
2869 is known to be incomplete.
2870
2871 You should say N unless you know you need this.
2872
2873config ISA_BUS
2874 bool "ISA bus support on modern systems" if EXPERT
2875 help
2876 Expose ISA bus device drivers and options available for selection and
2877 configuration. Enable this option if your target machine has an ISA
2878 bus. ISA is an older system, displaced by PCI and newer bus
2879 architectures -- if your target machine is modern, it probably does
2880 not have an ISA bus.
2881
2882 If unsure, say N.
2883
2884# x86_64 have no ISA slots, but can have ISA-style DMA.
2885config ISA_DMA_API
2886 bool "ISA-style DMA support" if (X86_64 && EXPERT)
2887 default y
2888 help
2889 Enables ISA-style DMA support for devices requiring such controllers.
2890 If unsure, say Y.
2891
2892if X86_32
2893
2894config ISA
2895 bool "ISA support"
2896 help
2897 Find out whether you have ISA slots on your motherboard. ISA is the
2898 name of a bus system, i.e. the way the CPU talks to the other stuff
2899 inside your box. Other bus systems are PCI, EISA, MicroChannel
2900 (MCA) or VESA. ISA is an older system, now being displaced by PCI;
2901 newer boards don't support it. If you have ISA, say Y, otherwise N.
2902
2903config SCx200
2904 tristate "NatSemi SCx200 support"
2905 help
2906 This provides basic support for National Semiconductor's
2907 (now AMD's) Geode processors. The driver probes for the
2908 PCI-IDs of several on-chip devices, so its a good dependency
2909 for other scx200_* drivers.
2910
2911 If compiled as a module, the driver is named scx200.
2912
2913config SCx200HR_TIMER
2914 tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
2915 depends on SCx200
2916 default y
2917 help
2918 This driver provides a clocksource built upon the on-chip
2919 27MHz high-resolution timer. Its also a workaround for
2920 NSC Geode SC-1100's buggy TSC, which loses time when the
2921 processor goes idle (as is done by the scheduler). The
2922 other workaround is idle=poll boot option.
2923
2924config OLPC
2925 bool "One Laptop Per Child support"
2926 depends on !X86_PAE
2927 select GPIOLIB
2928 select OF
2929 select OF_PROMTREE
2930 select IRQ_DOMAIN
2931 select OLPC_EC
2932 help
2933 Add support for detecting the unique features of the OLPC
2934 XO hardware.
2935
2936config OLPC_XO1_PM
2937 bool "OLPC XO-1 Power Management"
2938 depends on OLPC && MFD_CS5535=y && PM_SLEEP
2939 help
2940 Add support for poweroff and suspend of the OLPC XO-1 laptop.
2941
2942config OLPC_XO1_RTC
2943 bool "OLPC XO-1 Real Time Clock"
2944 depends on OLPC_XO1_PM && RTC_DRV_CMOS
2945 help
2946 Add support for the XO-1 real time clock, which can be used as a
2947 programmable wakeup source.
2948
2949config OLPC_XO1_SCI
2950 bool "OLPC XO-1 SCI extras"
2951 depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
2952 depends on INPUT=y
2953 select POWER_SUPPLY
2954 help
2955 Add support for SCI-based features of the OLPC XO-1 laptop:
2956 - EC-driven system wakeups
2957 - Power button
2958 - Ebook switch
2959 - Lid switch
2960 - AC adapter status updates
2961 - Battery status updates
2962
2963config OLPC_XO15_SCI
2964 bool "OLPC XO-1.5 SCI extras"
2965 depends on OLPC && ACPI
2966 select POWER_SUPPLY
2967 help
2968 Add support for SCI-based features of the OLPC XO-1.5 laptop:
2969 - EC-driven system wakeups
2970 - AC adapter status updates
2971 - Battery status updates
2972
2973config ALIX
2974 bool "PCEngines ALIX System Support (LED setup)"
2975 select GPIOLIB
2976 help
2977 This option enables system support for the PCEngines ALIX.
2978 At present this just sets up LEDs for GPIO control on
2979 ALIX2/3/6 boards. However, other system specific setup should
2980 get added here.
2981
2982 Note: You must still enable the drivers for GPIO and LED support
2983 (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
2984
2985 Note: You have to set alix.force=1 for boards with Award BIOS.
2986
2987config NET5501
2988 bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
2989 select GPIOLIB
2990 help
2991 This option enables system support for the Soekris Engineering net5501.
2992
2993config GEOS
2994 bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
2995 select GPIOLIB
2996 depends on DMI
2997 help
2998 This option enables system support for the Traverse Technologies GEOS.
2999
3000config TS5500
3001 bool "Technologic Systems TS-5500 platform support"
3002 depends on MELAN
3003 select CHECK_SIGNATURE
3004 select NEW_LEDS
3005 select LEDS_CLASS
3006 help
3007 This option enables system support for the Technologic Systems TS-5500.
3008
3009endif # X86_32
3010
3011config AMD_NB
3012 def_bool y
3013 depends on CPU_SUP_AMD && PCI
3014
3015endmenu
3016
3017menu "Binary Emulations"
3018
3019config IA32_EMULATION
3020 bool "IA32 Emulation"
3021 depends on X86_64
3022 select ARCH_WANT_OLD_COMPAT_IPC
3023 select BINFMT_ELF
3024 select COMPAT_OLD_SIGACTION
3025 help
3026 Include code to run legacy 32-bit programs under a
3027 64-bit kernel. You should likely turn this on, unless you're
3028 100% sure that you don't have any 32-bit programs left.
3029
3030config X86_X32_ABI
3031 bool "x32 ABI for 64-bit mode"
3032 depends on X86_64
3033 # llvm-objcopy does not convert x86_64 .note.gnu.property or
3034 # compressed debug sections to x86_x32 properly:
3035 # https://github.com/ClangBuiltLinux/linux/issues/514
3036 # https://github.com/ClangBuiltLinux/linux/issues/1141
3037 depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm)
3038 help
3039 Include code to run binaries for the x32 native 32-bit ABI
3040 for 64-bit processors. An x32 process gets access to the
3041 full 64-bit register file and wide data path while leaving
3042 pointers at 32 bits for smaller memory footprint.
3043
3044config COMPAT_32
3045 def_bool y
3046 depends on IA32_EMULATION || X86_32
3047 select HAVE_UID16
3048 select OLD_SIGSUSPEND3
3049
3050config COMPAT
3051 def_bool y
3052 depends on IA32_EMULATION || X86_X32_ABI
3053
3054config COMPAT_FOR_U64_ALIGNMENT
3055 def_bool y
3056 depends on COMPAT
3057
3058endmenu
3059
3060config HAVE_ATOMIC_IOMAP
3061 def_bool y
3062 depends on X86_32
3063
3064source "arch/x86/kvm/Kconfig"
3065
3066source "arch/x86/Kconfig.assembler"
1# SPDX-License-Identifier: GPL-2.0
2# Select 32 or 64 bit
3config 64BIT
4 bool "64-bit kernel" if "$(ARCH)" = "x86"
5 default "$(ARCH)" != "i386"
6 help
7 Say yes to build a 64-bit kernel - formerly known as x86_64
8 Say no to build a 32-bit kernel - formerly known as i386
9
10config X86_32
11 def_bool y
12 depends on !64BIT
13 # Options that are inherently 32-bit kernel only:
14 select ARCH_WANT_IPC_PARSE_VERSION
15 select CLKSRC_I8253
16 select CLONE_BACKWARDS
17 select GENERIC_VDSO_32
18 select HAVE_DEBUG_STACKOVERFLOW
19 select KMAP_LOCAL
20 select MODULES_USE_ELF_REL
21 select OLD_SIGACTION
22 select ARCH_SPLIT_ARG64
23
24config X86_64
25 def_bool y
26 depends on 64BIT
27 # Options that are inherently 64-bit kernel only:
28 select ARCH_HAS_GIGANTIC_PAGE
29 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
30 select ARCH_SUPPORTS_PER_VMA_LOCK
31 select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE
32 select HAVE_ARCH_SOFT_DIRTY
33 select MODULES_USE_ELF_RELA
34 select NEED_DMA_MAP_STATE
35 select SWIOTLB
36 select ARCH_HAS_ELFCORE_COMPAT
37 select ZONE_DMA32
38 select EXECMEM if DYNAMIC_FTRACE
39
40config FORCE_DYNAMIC_FTRACE
41 def_bool y
42 depends on X86_32
43 depends on FUNCTION_TRACER
44 select DYNAMIC_FTRACE
45 help
46 We keep the static function tracing (!DYNAMIC_FTRACE) around
47 in order to test the non static function tracing in the
48 generic code, as other architectures still use it. But we
49 only need to keep it around for x86_64. No need to keep it
50 for x86_32. For x86_32, force DYNAMIC_FTRACE.
51#
52# Arch settings
53#
54# ( Note that options that are marked 'if X86_64' could in principle be
55# ported to 32-bit as well. )
56#
57config X86
58 def_bool y
59 #
60 # Note: keep this list sorted alphabetically
61 #
62 select ACPI_LEGACY_TABLES_LOOKUP if ACPI
63 select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI
64 select ACPI_HOTPLUG_CPU if ACPI_PROCESSOR && HOTPLUG_CPU
65 select ARCH_32BIT_OFF_T if X86_32
66 select ARCH_CLOCKSOURCE_INIT
67 select ARCH_CONFIGURES_CPU_MITIGATIONS
68 select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
69 select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION
70 select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64
71 select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG
72 select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE)
73 select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE
74 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
75 select ARCH_HAS_CACHE_LINE_SIZE
76 select ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION
77 select ARCH_HAS_CPU_FINALIZE_INIT
78 select ARCH_HAS_CPU_PASID if IOMMU_SVA
79 select ARCH_HAS_CURRENT_STACK_POINTER
80 select ARCH_HAS_DEBUG_VIRTUAL
81 select ARCH_HAS_DEBUG_VM_PGTABLE if !X86_PAE
82 select ARCH_HAS_DEVMEM_IS_ALLOWED
83 select ARCH_HAS_DMA_OPS if GART_IOMMU || XEN
84 select ARCH_HAS_EARLY_DEBUG if KGDB
85 select ARCH_HAS_ELF_RANDOMIZE
86 select ARCH_HAS_FAST_MULTIPLIER
87 select ARCH_HAS_FORTIFY_SOURCE
88 select ARCH_HAS_GCOV_PROFILE_ALL
89 select ARCH_HAS_KCOV if X86_64
90 select ARCH_HAS_KERNEL_FPU_SUPPORT
91 select ARCH_HAS_MEM_ENCRYPT
92 select ARCH_HAS_MEMBARRIER_SYNC_CORE
93 select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS
94 select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
95 select ARCH_HAS_PMEM_API if X86_64
96 select ARCH_HAS_PREEMPT_LAZY
97 select ARCH_HAS_PTE_DEVMAP if X86_64
98 select ARCH_HAS_PTE_SPECIAL
99 select ARCH_HAS_HW_PTE_YOUNG
100 select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2
101 select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64
102 select ARCH_HAS_COPY_MC if X86_64
103 select ARCH_HAS_SET_MEMORY
104 select ARCH_HAS_SET_DIRECT_MAP
105 select ARCH_HAS_STRICT_KERNEL_RWX
106 select ARCH_HAS_STRICT_MODULE_RWX
107 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
108 select ARCH_HAS_SYSCALL_WRAPPER
109 select ARCH_HAS_UBSAN
110 select ARCH_HAS_DEBUG_WX
111 select ARCH_HAS_ZONE_DMA_SET if EXPERT
112 select ARCH_HAVE_NMI_SAFE_CMPXCHG
113 select ARCH_HAVE_EXTRA_ELF_NOTES
114 select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE
115 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
116 select ARCH_MIGHT_HAVE_PC_PARPORT
117 select ARCH_MIGHT_HAVE_PC_SERIO
118 select ARCH_STACKWALK
119 select ARCH_SUPPORTS_ACPI
120 select ARCH_SUPPORTS_ATOMIC_RMW
121 select ARCH_SUPPORTS_DEBUG_PAGEALLOC
122 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64
123 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64
124 select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096
125 select ARCH_SUPPORTS_CFI_CLANG if X86_64
126 select ARCH_USES_CFI_TRAPS if X86_64 && CFI_CLANG
127 select ARCH_SUPPORTS_LTO_CLANG
128 select ARCH_SUPPORTS_LTO_CLANG_THIN
129 select ARCH_SUPPORTS_RT
130 select ARCH_SUPPORTS_AUTOFDO_CLANG
131 select ARCH_SUPPORTS_PROPELLER_CLANG if X86_64
132 select ARCH_USE_BUILTIN_BSWAP
133 select ARCH_USE_CMPXCHG_LOCKREF if X86_CMPXCHG64
134 select ARCH_USE_MEMTEST
135 select ARCH_USE_QUEUED_RWLOCKS
136 select ARCH_USE_QUEUED_SPINLOCKS
137 select ARCH_USE_SYM_ANNOTATIONS
138 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
139 select ARCH_WANT_DEFAULT_BPF_JIT if X86_64
140 select ARCH_WANTS_DYNAMIC_TASK_STRUCT
141 select ARCH_WANTS_NO_INSTR
142 select ARCH_WANT_GENERAL_HUGETLB
143 select ARCH_WANT_HUGE_PMD_SHARE
144 select ARCH_WANT_LD_ORPHAN_WARN
145 select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64
146 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64
147 select ARCH_WANTS_THP_SWAP if X86_64
148 select ARCH_HAS_PARANOID_L1D_FLUSH
149 select BUILDTIME_TABLE_SORT
150 select CLKEVT_I8253
151 select CLOCKSOURCE_WATCHDOG
152 # Word-size accesses may read uninitialized data past the trailing \0
153 # in strings and cause false KMSAN reports.
154 select DCACHE_WORD_ACCESS if !KMSAN
155 select DYNAMIC_SIGFRAME
156 select EDAC_ATOMIC_SCRUB
157 select EDAC_SUPPORT
158 select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC)
159 select GENERIC_CLOCKEVENTS_BROADCAST_IDLE if GENERIC_CLOCKEVENTS_BROADCAST
160 select GENERIC_CLOCKEVENTS_MIN_ADJUST
161 select GENERIC_CMOS_UPDATE
162 select GENERIC_CPU_AUTOPROBE
163 select GENERIC_CPU_DEVICES
164 select GENERIC_CPU_VULNERABILITIES
165 select GENERIC_EARLY_IOREMAP
166 select GENERIC_ENTRY
167 select GENERIC_IOMAP
168 select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP
169 select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC
170 select GENERIC_IRQ_MIGRATION if SMP
171 select GENERIC_IRQ_PROBE
172 select GENERIC_IRQ_RESERVATION_MODE
173 select GENERIC_IRQ_SHOW
174 select GENERIC_PENDING_IRQ if SMP
175 select GENERIC_PTDUMP
176 select GENERIC_SMP_IDLE_THREAD
177 select GENERIC_TIME_VSYSCALL
178 select GENERIC_GETTIMEOFDAY
179 select GENERIC_VDSO_TIME_NS
180 select GENERIC_VDSO_OVERFLOW_PROTECT
181 select GUP_GET_PXX_LOW_HIGH if X86_PAE
182 select HARDIRQS_SW_RESEND
183 select HARDLOCKUP_CHECK_TIMESTAMP if X86_64
184 select HAS_IOPORT
185 select HAVE_ACPI_APEI if ACPI
186 select HAVE_ACPI_APEI_NMI if ACPI
187 select HAVE_ALIGNED_STRUCT_PAGE
188 select HAVE_ARCH_AUDITSYSCALL
189 select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE
190 select HAVE_ARCH_HUGE_VMALLOC if X86_64
191 select HAVE_ARCH_JUMP_LABEL
192 select HAVE_ARCH_JUMP_LABEL_RELATIVE
193 select HAVE_ARCH_KASAN if X86_64
194 select HAVE_ARCH_KASAN_VMALLOC if X86_64
195 select HAVE_ARCH_KFENCE
196 select HAVE_ARCH_KMSAN if X86_64
197 select HAVE_ARCH_KGDB
198 select HAVE_ARCH_MMAP_RND_BITS if MMU
199 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT
200 select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT
201 select HAVE_ARCH_PREL32_RELOCATIONS
202 select HAVE_ARCH_SECCOMP_FILTER
203 select HAVE_ARCH_THREAD_STRUCT_WHITELIST
204 select HAVE_ARCH_STACKLEAK
205 select HAVE_ARCH_TRACEHOOK
206 select HAVE_ARCH_TRANSPARENT_HUGEPAGE
207 select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
208 select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD
209 select HAVE_ARCH_USERFAULTFD_MINOR if X86_64 && USERFAULTFD
210 select HAVE_ARCH_VMAP_STACK if X86_64
211 select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
212 select HAVE_ARCH_WITHIN_STACK_FRAMES
213 select HAVE_ASM_MODVERSIONS
214 select HAVE_CMPXCHG_DOUBLE
215 select HAVE_CMPXCHG_LOCAL
216 select HAVE_CONTEXT_TRACKING_USER if X86_64
217 select HAVE_CONTEXT_TRACKING_USER_OFFSTACK if HAVE_CONTEXT_TRACKING_USER
218 select HAVE_C_RECORDMCOUNT
219 select HAVE_OBJTOOL_MCOUNT if HAVE_OBJTOOL
220 select HAVE_OBJTOOL_NOP_MCOUNT if HAVE_OBJTOOL_MCOUNT
221 select HAVE_BUILDTIME_MCOUNT_SORT
222 select HAVE_DEBUG_KMEMLEAK
223 select HAVE_DMA_CONTIGUOUS
224 select HAVE_DYNAMIC_FTRACE
225 select HAVE_DYNAMIC_FTRACE_WITH_REGS
226 select HAVE_DYNAMIC_FTRACE_WITH_ARGS if X86_64
227 select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
228 select HAVE_SAMPLE_FTRACE_DIRECT if X86_64
229 select HAVE_SAMPLE_FTRACE_DIRECT_MULTI if X86_64
230 select HAVE_EBPF_JIT
231 select HAVE_EFFICIENT_UNALIGNED_ACCESS
232 select HAVE_EISA
233 select HAVE_EXIT_THREAD
234 select HAVE_GUP_FAST
235 select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE
236 select HAVE_FTRACE_MCOUNT_RECORD
237 select HAVE_FUNCTION_GRAPH_RETVAL if HAVE_FUNCTION_GRAPH_TRACER
238 select HAVE_FUNCTION_GRAPH_TRACER if X86_32 || (X86_64 && DYNAMIC_FTRACE)
239 select HAVE_FUNCTION_TRACER
240 select HAVE_GCC_PLUGINS
241 select HAVE_HW_BREAKPOINT
242 select HAVE_IOREMAP_PROT
243 select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
244 select HAVE_IRQ_TIME_ACCOUNTING
245 select HAVE_JUMP_LABEL_HACK if HAVE_OBJTOOL
246 select HAVE_KERNEL_BZIP2
247 select HAVE_KERNEL_GZIP
248 select HAVE_KERNEL_LZ4
249 select HAVE_KERNEL_LZMA
250 select HAVE_KERNEL_LZO
251 select HAVE_KERNEL_XZ
252 select HAVE_KERNEL_ZSTD
253 select HAVE_KPROBES
254 select HAVE_KPROBES_ON_FTRACE
255 select HAVE_FUNCTION_ERROR_INJECTION
256 select HAVE_KRETPROBES
257 select HAVE_RETHOOK
258 select HAVE_LIVEPATCH if X86_64
259 select HAVE_MIXED_BREAKPOINTS_REGS
260 select HAVE_MOD_ARCH_SPECIFIC
261 select HAVE_MOVE_PMD
262 select HAVE_MOVE_PUD
263 select HAVE_NOINSTR_HACK if HAVE_OBJTOOL
264 select HAVE_NMI
265 select HAVE_NOINSTR_VALIDATION if HAVE_OBJTOOL
266 select HAVE_OBJTOOL if X86_64
267 select HAVE_OPTPROBES
268 select HAVE_PAGE_SIZE_4KB
269 select HAVE_PCSPKR_PLATFORM
270 select HAVE_PERF_EVENTS
271 select HAVE_PERF_EVENTS_NMI
272 select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
273 select HAVE_PCI
274 select HAVE_PERF_REGS
275 select HAVE_PERF_USER_STACK_DUMP
276 select MMU_GATHER_RCU_TABLE_FREE if PARAVIRT
277 select MMU_GATHER_MERGE_VMAS
278 select HAVE_POSIX_CPU_TIMERS_TASK_WORK
279 select HAVE_REGS_AND_STACK_ACCESS_API
280 select HAVE_RELIABLE_STACKTRACE if UNWINDER_ORC || STACK_VALIDATION
281 select HAVE_FUNCTION_ARG_ACCESS_API
282 select HAVE_SETUP_PER_CPU_AREA
283 select HAVE_SOFTIRQ_ON_OWN_STACK
284 select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR
285 select HAVE_STACK_VALIDATION if HAVE_OBJTOOL
286 select HAVE_STATIC_CALL
287 select HAVE_STATIC_CALL_INLINE if HAVE_OBJTOOL
288 select HAVE_PREEMPT_DYNAMIC_CALL
289 select HAVE_RSEQ
290 select HAVE_RUST if X86_64
291 select HAVE_SYSCALL_TRACEPOINTS
292 select HAVE_UACCESS_VALIDATION if HAVE_OBJTOOL
293 select HAVE_UNSTABLE_SCHED_CLOCK
294 select HAVE_USER_RETURN_NOTIFIER
295 select HAVE_GENERIC_VDSO
296 select VDSO_GETRANDOM if X86_64
297 select HOTPLUG_PARALLEL if SMP && X86_64
298 select HOTPLUG_SMT if SMP
299 select HOTPLUG_SPLIT_STARTUP if SMP && X86_32
300 select IRQ_FORCED_THREADING
301 select LOCK_MM_AND_FIND_VMA
302 select NEED_PER_CPU_EMBED_FIRST_CHUNK
303 select NEED_PER_CPU_PAGE_FIRST_CHUNK
304 select NEED_SG_DMA_LENGTH
305 select NUMA_MEMBLKS if NUMA
306 select PCI_DOMAINS if PCI
307 select PCI_LOCKLESS_CONFIG if PCI
308 select PERF_EVENTS
309 select RTC_LIB
310 select RTC_MC146818_LIB
311 select SPARSE_IRQ
312 select SYSCTL_EXCEPTION_TRACE
313 select THREAD_INFO_IN_TASK
314 select TRACE_IRQFLAGS_SUPPORT
315 select TRACE_IRQFLAGS_NMI_SUPPORT
316 select USER_STACKTRACE_SUPPORT
317 select HAVE_ARCH_KCSAN if X86_64
318 select PROC_PID_ARCH_STATUS if PROC_FS
319 select HAVE_ARCH_NODE_DEV_GROUP if X86_SGX
320 select FUNCTION_ALIGNMENT_16B if X86_64 || X86_ALIGNMENT_16
321 select FUNCTION_ALIGNMENT_4B
322 imply IMA_SECURE_AND_OR_TRUSTED_BOOT if EFI
323 select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
324
325config INSTRUCTION_DECODER
326 def_bool y
327 depends on KPROBES || PERF_EVENTS || UPROBES
328
329config OUTPUT_FORMAT
330 string
331 default "elf32-i386" if X86_32
332 default "elf64-x86-64" if X86_64
333
334config LOCKDEP_SUPPORT
335 def_bool y
336
337config STACKTRACE_SUPPORT
338 def_bool y
339
340config MMU
341 def_bool y
342
343config ARCH_MMAP_RND_BITS_MIN
344 default 28 if 64BIT
345 default 8
346
347config ARCH_MMAP_RND_BITS_MAX
348 default 32 if 64BIT
349 default 16
350
351config ARCH_MMAP_RND_COMPAT_BITS_MIN
352 default 8
353
354config ARCH_MMAP_RND_COMPAT_BITS_MAX
355 default 16
356
357config SBUS
358 bool
359
360config GENERIC_ISA_DMA
361 def_bool y
362 depends on ISA_DMA_API
363
364config GENERIC_CSUM
365 bool
366 default y if KMSAN || KASAN
367
368config GENERIC_BUG
369 def_bool y
370 depends on BUG
371 select GENERIC_BUG_RELATIVE_POINTERS if X86_64
372
373config GENERIC_BUG_RELATIVE_POINTERS
374 bool
375
376config ARCH_MAY_HAVE_PC_FDC
377 def_bool y
378 depends on ISA_DMA_API
379
380config GENERIC_CALIBRATE_DELAY
381 def_bool y
382
383config ARCH_HAS_CPU_RELAX
384 def_bool y
385
386config ARCH_HIBERNATION_POSSIBLE
387 def_bool y
388
389config ARCH_SUSPEND_POSSIBLE
390 def_bool y
391
392config AUDIT_ARCH
393 def_bool y if X86_64
394
395config KASAN_SHADOW_OFFSET
396 hex
397 depends on KASAN
398 default 0xdffffc0000000000
399
400config HAVE_INTEL_TXT
401 def_bool y
402 depends on INTEL_IOMMU && ACPI
403
404config X86_64_SMP
405 def_bool y
406 depends on X86_64 && SMP
407
408config ARCH_SUPPORTS_UPROBES
409 def_bool y
410
411config FIX_EARLYCON_MEM
412 def_bool y
413
414config DYNAMIC_PHYSICAL_MASK
415 bool
416
417config PGTABLE_LEVELS
418 int
419 default 5 if X86_5LEVEL
420 default 4 if X86_64
421 default 3 if X86_PAE
422 default 2
423
424config CC_HAS_SANE_STACKPROTECTOR
425 bool
426 default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT
427 default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS))
428 help
429 We have to make sure stack protector is unconditionally disabled if
430 the compiler produces broken code or if it does not let us control
431 the segment on 32-bit kernels.
432
433menu "Processor type and features"
434
435config SMP
436 bool "Symmetric multi-processing support"
437 help
438 This enables support for systems with more than one CPU. If you have
439 a system with only one CPU, say N. If you have a system with more
440 than one CPU, say Y.
441
442 If you say N here, the kernel will run on uni- and multiprocessor
443 machines, but will use only one CPU of a multiprocessor machine. If
444 you say Y here, the kernel will run on many, but not all,
445 uniprocessor machines. On a uniprocessor machine, the kernel
446 will run faster if you say N here.
447
448 Note that if you say Y here and choose architecture "586" or
449 "Pentium" under "Processor family", the kernel will not work on 486
450 architectures. Similarly, multiprocessor kernels for the "PPro"
451 architecture may not work on all Pentium based boards.
452
453 People using multiprocessor machines who say Y here should also say
454 Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
455 Management" code will be disabled if you say Y here.
456
457 See also <file:Documentation/arch/x86/i386/IO-APIC.rst>,
458 <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
459 <http://www.tldp.org/docs.html#howto>.
460
461 If you don't know what to do here, say N.
462
463config X86_X2APIC
464 bool "Support x2apic"
465 depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
466 help
467 This enables x2apic support on CPUs that have this feature.
468
469 This allows 32-bit apic IDs (so it can support very large systems),
470 and accesses the local apic via MSRs not via mmio.
471
472 Some Intel systems circa 2022 and later are locked into x2APIC mode
473 and can not fall back to the legacy APIC modes if SGX or TDX are
474 enabled in the BIOS. They will boot with very reduced functionality
475 without enabling this option.
476
477 If you don't know what to do here, say N.
478
479config X86_POSTED_MSI
480 bool "Enable MSI and MSI-x delivery by posted interrupts"
481 depends on X86_64 && IRQ_REMAP
482 help
483 This enables MSIs that are under interrupt remapping to be delivered as
484 posted interrupts to the host kernel. Interrupt throughput can
485 potentially be improved by coalescing CPU notifications during high
486 frequency bursts.
487
488 If you don't know what to do here, say N.
489
490config X86_MPPARSE
491 bool "Enable MPS table" if ACPI
492 default y
493 depends on X86_LOCAL_APIC
494 help
495 For old smp systems that do not have proper acpi support. Newer systems
496 (esp with 64bit cpus) with acpi support, MADT and DSDT will override it
497
498config X86_CPU_RESCTRL
499 bool "x86 CPU resource control support"
500 depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
501 select KERNFS
502 select PROC_CPU_RESCTRL if PROC_FS
503 help
504 Enable x86 CPU resource control support.
505
506 Provide support for the allocation and monitoring of system resources
507 usage by the CPU.
508
509 Intel calls this Intel Resource Director Technology
510 (Intel(R) RDT). More information about RDT can be found in the
511 Intel x86 Architecture Software Developer Manual.
512
513 AMD calls this AMD Platform Quality of Service (AMD QoS).
514 More information about AMD QoS can be found in the AMD64 Technology
515 Platform Quality of Service Extensions manual.
516
517 Say N if unsure.
518
519config X86_FRED
520 bool "Flexible Return and Event Delivery"
521 depends on X86_64
522 help
523 When enabled, try to use Flexible Return and Event Delivery
524 instead of the legacy SYSCALL/SYSENTER/IDT architecture for
525 ring transitions and exception/interrupt handling if the
526 system supports it.
527
528config X86_BIGSMP
529 bool "Support for big SMP systems with more than 8 CPUs"
530 depends on SMP && X86_32
531 help
532 This option is needed for the systems that have more than 8 CPUs.
533
534config X86_EXTENDED_PLATFORM
535 bool "Support for extended (non-PC) x86 platforms"
536 default y
537 help
538 If you disable this option then the kernel will only support
539 standard PC platforms. (which covers the vast majority of
540 systems out there.)
541
542 If you enable this option then you'll be able to select support
543 for the following non-PC x86 platforms, depending on the value of
544 CONFIG_64BIT.
545
546 32-bit platforms (CONFIG_64BIT=n):
547 Goldfish (Android emulator)
548 AMD Elan
549 RDC R-321x SoC
550 SGI 320/540 (Visual Workstation)
551 STA2X11-based (e.g. Northville)
552 Moorestown MID devices
553
554 64-bit platforms (CONFIG_64BIT=y):
555 Numascale NumaChip
556 ScaleMP vSMP
557 SGI Ultraviolet
558
559 If you have one of these systems, or if you want to build a
560 generic distribution kernel, say Y here - otherwise say N.
561
562# This is an alphabetically sorted list of 64 bit extended platforms
563# Please maintain the alphabetic order if and when there are additions
564config X86_NUMACHIP
565 bool "Numascale NumaChip"
566 depends on X86_64
567 depends on X86_EXTENDED_PLATFORM
568 depends on NUMA
569 depends on SMP
570 depends on X86_X2APIC
571 depends on PCI_MMCONFIG
572 help
573 Adds support for Numascale NumaChip large-SMP systems. Needed to
574 enable more than ~168 cores.
575 If you don't have one of these, you should say N here.
576
577config X86_VSMP
578 bool "ScaleMP vSMP"
579 select HYPERVISOR_GUEST
580 select PARAVIRT
581 depends on X86_64 && PCI
582 depends on X86_EXTENDED_PLATFORM
583 depends on SMP
584 help
585 Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is
586 supposed to run on these EM64T-based machines. Only choose this option
587 if you have one of these machines.
588
589config X86_UV
590 bool "SGI Ultraviolet"
591 depends on X86_64
592 depends on X86_EXTENDED_PLATFORM
593 depends on NUMA
594 depends on EFI
595 depends on KEXEC_CORE
596 depends on X86_X2APIC
597 depends on PCI
598 help
599 This option is needed in order to support SGI Ultraviolet systems.
600 If you don't have one of these, you should say N here.
601
602# Following is an alphabetically sorted list of 32 bit extended platforms
603# Please maintain the alphabetic order if and when there are additions
604
605config X86_GOLDFISH
606 bool "Goldfish (Virtual Platform)"
607 depends on X86_EXTENDED_PLATFORM
608 help
609 Enable support for the Goldfish virtual platform used primarily
610 for Android development. Unless you are building for the Android
611 Goldfish emulator say N here.
612
613config X86_INTEL_CE
614 bool "CE4100 TV platform"
615 depends on PCI
616 depends on PCI_GODIRECT
617 depends on X86_IO_APIC
618 depends on X86_32
619 depends on X86_EXTENDED_PLATFORM
620 select X86_REBOOTFIXUPS
621 select OF
622 select OF_EARLY_FLATTREE
623 help
624 Select for the Intel CE media processor (CE4100) SOC.
625 This option compiles in support for the CE4100 SOC for settop
626 boxes and media devices.
627
628config X86_INTEL_MID
629 bool "Intel MID platform support"
630 depends on X86_EXTENDED_PLATFORM
631 depends on X86_PLATFORM_DEVICES
632 depends on PCI
633 depends on X86_64 || (PCI_GOANY && X86_32)
634 depends on X86_IO_APIC
635 select I2C
636 select DW_APB_TIMER
637 select INTEL_SCU_PCI
638 help
639 Select to build a kernel capable of supporting Intel MID (Mobile
640 Internet Device) platform systems which do not have the PCI legacy
641 interfaces. If you are building for a PC class system say N here.
642
643 Intel MID platforms are based on an Intel processor and chipset which
644 consume less power than most of the x86 derivatives.
645
646config X86_INTEL_QUARK
647 bool "Intel Quark platform support"
648 depends on X86_32
649 depends on X86_EXTENDED_PLATFORM
650 depends on X86_PLATFORM_DEVICES
651 depends on X86_TSC
652 depends on PCI
653 depends on PCI_GOANY
654 depends on X86_IO_APIC
655 select IOSF_MBI
656 select INTEL_IMR
657 select COMMON_CLK
658 help
659 Select to include support for Quark X1000 SoC.
660 Say Y here if you have a Quark based system such as the Arduino
661 compatible Intel Galileo.
662
663config X86_INTEL_LPSS
664 bool "Intel Low Power Subsystem Support"
665 depends on X86 && ACPI && PCI
666 select COMMON_CLK
667 select PINCTRL
668 select IOSF_MBI
669 help
670 Select to build support for Intel Low Power Subsystem such as
671 found on Intel Lynxpoint PCH. Selecting this option enables
672 things like clock tree (common clock framework) and pincontrol
673 which are needed by the LPSS peripheral drivers.
674
675config X86_AMD_PLATFORM_DEVICE
676 bool "AMD ACPI2Platform devices support"
677 depends on ACPI
678 select COMMON_CLK
679 select PINCTRL
680 help
681 Select to interpret AMD specific ACPI device to platform device
682 such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
683 I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
684 implemented under PINCTRL subsystem.
685
686config IOSF_MBI
687 tristate "Intel SoC IOSF Sideband support for SoC platforms"
688 depends on PCI
689 help
690 This option enables sideband register access support for Intel SoC
691 platforms. On these platforms the IOSF sideband is used in lieu of
692 MSR's for some register accesses, mostly but not limited to thermal
693 and power. Drivers may query the availability of this device to
694 determine if they need the sideband in order to work on these
695 platforms. The sideband is available on the following SoC products.
696 This list is not meant to be exclusive.
697 - BayTrail
698 - Braswell
699 - Quark
700
701 You should say Y if you are running a kernel on one of these SoC's.
702
703config IOSF_MBI_DEBUG
704 bool "Enable IOSF sideband access through debugfs"
705 depends on IOSF_MBI && DEBUG_FS
706 help
707 Select this option to expose the IOSF sideband access registers (MCR,
708 MDR, MCRX) through debugfs to write and read register information from
709 different units on the SoC. This is most useful for obtaining device
710 state information for debug and analysis. As this is a general access
711 mechanism, users of this option would have specific knowledge of the
712 device they want to access.
713
714 If you don't require the option or are in doubt, say N.
715
716config X86_RDC321X
717 bool "RDC R-321x SoC"
718 depends on X86_32
719 depends on X86_EXTENDED_PLATFORM
720 select M486
721 select X86_REBOOTFIXUPS
722 help
723 This option is needed for RDC R-321x system-on-chip, also known
724 as R-8610-(G).
725 If you don't have one of these chips, you should say N here.
726
727config X86_32_NON_STANDARD
728 bool "Support non-standard 32-bit SMP architectures"
729 depends on X86_32 && SMP
730 depends on X86_EXTENDED_PLATFORM
731 help
732 This option compiles in the bigsmp and STA2X11 default
733 subarchitectures. It is intended for a generic binary
734 kernel. If you select them all, kernel will probe it one by
735 one and will fallback to default.
736
737# Alphabetically sorted list of Non standard 32 bit platforms
738
739config X86_SUPPORTS_MEMORY_FAILURE
740 def_bool y
741 # MCE code calls memory_failure():
742 depends on X86_MCE
743 # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
744 # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
745 depends on X86_64 || !SPARSEMEM
746 select ARCH_SUPPORTS_MEMORY_FAILURE
747
748config STA2X11
749 bool "STA2X11 Companion Chip Support"
750 depends on X86_32_NON_STANDARD && PCI
751 select SWIOTLB
752 select MFD_STA2X11
753 select GPIOLIB
754 help
755 This adds support for boards based on the STA2X11 IO-Hub,
756 a.k.a. "ConneXt". The chip is used in place of the standard
757 PC chipset, so all "standard" peripherals are missing. If this
758 option is selected the kernel will still be able to boot on
759 standard PC machines.
760
761config X86_32_IRIS
762 tristate "Eurobraille/Iris poweroff module"
763 depends on X86_32
764 help
765 The Iris machines from EuroBraille do not have APM or ACPI support
766 to shut themselves down properly. A special I/O sequence is
767 needed to do so, which is what this module does at
768 kernel shutdown.
769
770 This is only for Iris machines from EuroBraille.
771
772 If unused, say N.
773
774config SCHED_OMIT_FRAME_POINTER
775 def_bool y
776 prompt "Single-depth WCHAN output"
777 depends on X86
778 help
779 Calculate simpler /proc/<PID>/wchan values. If this option
780 is disabled then wchan values will recurse back to the
781 caller function. This provides more accurate wchan values,
782 at the expense of slightly more scheduling overhead.
783
784 If in doubt, say "Y".
785
786menuconfig HYPERVISOR_GUEST
787 bool "Linux guest support"
788 help
789 Say Y here to enable options for running Linux under various hyper-
790 visors. This option enables basic hypervisor detection and platform
791 setup.
792
793 If you say N, all options in this submenu will be skipped and
794 disabled, and Linux guest support won't be built in.
795
796if HYPERVISOR_GUEST
797
798config PARAVIRT
799 bool "Enable paravirtualization code"
800 depends on HAVE_STATIC_CALL
801 help
802 This changes the kernel so it can modify itself when it is run
803 under a hypervisor, potentially improving performance significantly
804 over full virtualization. However, when run without a hypervisor
805 the kernel is theoretically slower and slightly larger.
806
807config PARAVIRT_XXL
808 bool
809
810config PARAVIRT_DEBUG
811 bool "paravirt-ops debugging"
812 depends on PARAVIRT && DEBUG_KERNEL
813 help
814 Enable to debug paravirt_ops internals. Specifically, BUG if
815 a paravirt_op is missing when it is called.
816
817config PARAVIRT_SPINLOCKS
818 bool "Paravirtualization layer for spinlocks"
819 depends on PARAVIRT && SMP
820 help
821 Paravirtualized spinlocks allow a pvops backend to replace the
822 spinlock implementation with something virtualization-friendly
823 (for example, block the virtual CPU rather than spinning).
824
825 It has a minimal impact on native kernels and gives a nice performance
826 benefit on paravirtualized KVM / Xen kernels.
827
828 If you are unsure how to answer this question, answer Y.
829
830config X86_HV_CALLBACK_VECTOR
831 def_bool n
832
833source "arch/x86/xen/Kconfig"
834
835config KVM_GUEST
836 bool "KVM Guest support (including kvmclock)"
837 depends on PARAVIRT
838 select PARAVIRT_CLOCK
839 select ARCH_CPUIDLE_HALTPOLL
840 select X86_HV_CALLBACK_VECTOR
841 default y
842 help
843 This option enables various optimizations for running under the KVM
844 hypervisor. It includes a paravirtualized clock, so that instead
845 of relying on a PIT (or probably other) emulation by the
846 underlying device model, the host provides the guest with
847 timing infrastructure such as time of day, and system time
848
849config ARCH_CPUIDLE_HALTPOLL
850 def_bool n
851 prompt "Disable host haltpoll when loading haltpoll driver"
852 help
853 If virtualized under KVM, disable host haltpoll.
854
855config PVH
856 bool "Support for running PVH guests"
857 help
858 This option enables the PVH entry point for guest virtual machines
859 as specified in the x86/HVM direct boot ABI.
860
861config PARAVIRT_TIME_ACCOUNTING
862 bool "Paravirtual steal time accounting"
863 depends on PARAVIRT
864 help
865 Select this option to enable fine granularity task steal time
866 accounting. Time spent executing other tasks in parallel with
867 the current vCPU is discounted from the vCPU power. To account for
868 that, there can be a small performance impact.
869
870 If in doubt, say N here.
871
872config PARAVIRT_CLOCK
873 bool
874
875config JAILHOUSE_GUEST
876 bool "Jailhouse non-root cell support"
877 depends on X86_64 && PCI
878 select X86_PM_TIMER
879 help
880 This option allows to run Linux as guest in a Jailhouse non-root
881 cell. You can leave this option disabled if you only want to start
882 Jailhouse and run Linux afterwards in the root cell.
883
884config ACRN_GUEST
885 bool "ACRN Guest support"
886 depends on X86_64
887 select X86_HV_CALLBACK_VECTOR
888 help
889 This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
890 a flexible, lightweight reference open-source hypervisor, built with
891 real-time and safety-criticality in mind. It is built for embedded
892 IOT with small footprint and real-time features. More details can be
893 found in https://projectacrn.org/.
894
895config INTEL_TDX_GUEST
896 bool "Intel TDX (Trust Domain Extensions) - Guest Support"
897 depends on X86_64 && CPU_SUP_INTEL
898 depends on X86_X2APIC
899 depends on EFI_STUB
900 select ARCH_HAS_CC_PLATFORM
901 select X86_MEM_ENCRYPT
902 select X86_MCE
903 select UNACCEPTED_MEMORY
904 help
905 Support running as a guest under Intel TDX. Without this support,
906 the guest kernel can not boot or run under TDX.
907 TDX includes memory encryption and integrity capabilities
908 which protect the confidentiality and integrity of guest
909 memory contents and CPU state. TDX guests are protected from
910 some attacks from the VMM.
911
912endif # HYPERVISOR_GUEST
913
914source "arch/x86/Kconfig.cpu"
915
916config HPET_TIMER
917 def_bool X86_64
918 prompt "HPET Timer Support" if X86_32
919 help
920 Use the IA-PC HPET (High Precision Event Timer) to manage
921 time in preference to the PIT and RTC, if a HPET is
922 present.
923 HPET is the next generation timer replacing legacy 8254s.
924 The HPET provides a stable time base on SMP
925 systems, unlike the TSC, but it is more expensive to access,
926 as it is off-chip. The interface used is documented
927 in the HPET spec, revision 1.
928
929 You can safely choose Y here. However, HPET will only be
930 activated if the platform and the BIOS support this feature.
931 Otherwise the 8254 will be used for timing services.
932
933 Choose N to continue using the legacy 8254 timer.
934
935config HPET_EMULATE_RTC
936 def_bool y
937 depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
938
939# Mark as expert because too many people got it wrong.
940# The code disables itself when not needed.
941config DMI
942 default y
943 select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
944 bool "Enable DMI scanning" if EXPERT
945 help
946 Enabled scanning of DMI to identify machine quirks. Say Y
947 here unless you have verified that your setup is not
948 affected by entries in the DMI blacklist. Required by PNP
949 BIOS code.
950
951config GART_IOMMU
952 bool "Old AMD GART IOMMU support"
953 select IOMMU_HELPER
954 select SWIOTLB
955 depends on X86_64 && PCI && AMD_NB
956 help
957 Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
958 GART based hardware IOMMUs.
959
960 The GART supports full DMA access for devices with 32-bit access
961 limitations, on systems with more than 3 GB. This is usually needed
962 for USB, sound, many IDE/SATA chipsets and some other devices.
963
964 Newer systems typically have a modern AMD IOMMU, supported via
965 the CONFIG_AMD_IOMMU=y config option.
966
967 In normal configurations this driver is only active when needed:
968 there's more than 3 GB of memory and the system contains a
969 32-bit limited device.
970
971 If unsure, say Y.
972
973config BOOT_VESA_SUPPORT
974 bool
975 help
976 If true, at least one selected framebuffer driver can take advantage
977 of VESA video modes set at an early boot stage via the vga= parameter.
978
979config MAXSMP
980 bool "Enable Maximum number of SMP Processors and NUMA Nodes"
981 depends on X86_64 && SMP && DEBUG_KERNEL
982 select CPUMASK_OFFSTACK
983 help
984 Enable maximum number of CPUS and NUMA Nodes for this architecture.
985 If unsure, say N.
986
987#
988# The maximum number of CPUs supported:
989#
990# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
991# and which can be configured interactively in the
992# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
993#
994# The ranges are different on 32-bit and 64-bit kernels, depending on
995# hardware capabilities and scalability features of the kernel.
996#
997# ( If MAXSMP is enabled we just use the highest possible value and disable
998# interactive configuration. )
999#
1000
1001config NR_CPUS_RANGE_BEGIN
1002 int
1003 default NR_CPUS_RANGE_END if MAXSMP
1004 default 1 if !SMP
1005 default 2
1006
1007config NR_CPUS_RANGE_END
1008 int
1009 depends on X86_32
1010 default 64 if SMP && X86_BIGSMP
1011 default 8 if SMP && !X86_BIGSMP
1012 default 1 if !SMP
1013
1014config NR_CPUS_RANGE_END
1015 int
1016 depends on X86_64
1017 default 8192 if SMP && CPUMASK_OFFSTACK
1018 default 512 if SMP && !CPUMASK_OFFSTACK
1019 default 1 if !SMP
1020
1021config NR_CPUS_DEFAULT
1022 int
1023 depends on X86_32
1024 default 32 if X86_BIGSMP
1025 default 8 if SMP
1026 default 1 if !SMP
1027
1028config NR_CPUS_DEFAULT
1029 int
1030 depends on X86_64
1031 default 8192 if MAXSMP
1032 default 64 if SMP
1033 default 1 if !SMP
1034
1035config NR_CPUS
1036 int "Maximum number of CPUs" if SMP && !MAXSMP
1037 range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
1038 default NR_CPUS_DEFAULT
1039 help
1040 This allows you to specify the maximum number of CPUs which this
1041 kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum
1042 supported value is 8192, otherwise the maximum value is 512. The
1043 minimum value which makes sense is 2.
1044
1045 This is purely to save memory: each supported CPU adds about 8KB
1046 to the kernel image.
1047
1048config SCHED_CLUSTER
1049 bool "Cluster scheduler support"
1050 depends on SMP
1051 default y
1052 help
1053 Cluster scheduler support improves the CPU scheduler's decision
1054 making when dealing with machines that have clusters of CPUs.
1055 Cluster usually means a couple of CPUs which are placed closely
1056 by sharing mid-level caches, last-level cache tags or internal
1057 busses.
1058
1059config SCHED_SMT
1060 def_bool y if SMP
1061
1062config SCHED_MC
1063 def_bool y
1064 prompt "Multi-core scheduler support"
1065 depends on SMP
1066 help
1067 Multi-core scheduler support improves the CPU scheduler's decision
1068 making when dealing with multi-core CPU chips at a cost of slightly
1069 increased overhead in some places. If unsure say N here.
1070
1071config SCHED_MC_PRIO
1072 bool "CPU core priorities scheduler support"
1073 depends on SCHED_MC
1074 select X86_INTEL_PSTATE if CPU_SUP_INTEL
1075 select X86_AMD_PSTATE if CPU_SUP_AMD && ACPI
1076 select CPU_FREQ
1077 default y
1078 help
1079 Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
1080 core ordering determined at manufacturing time, which allows
1081 certain cores to reach higher turbo frequencies (when running
1082 single threaded workloads) than others.
1083
1084 Enabling this kernel feature teaches the scheduler about
1085 the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
1086 scheduler's CPU selection logic accordingly, so that higher
1087 overall system performance can be achieved.
1088
1089 This feature will have no effect on CPUs without this feature.
1090
1091 If unsure say Y here.
1092
1093config UP_LATE_INIT
1094 def_bool y
1095 depends on !SMP && X86_LOCAL_APIC
1096
1097config X86_UP_APIC
1098 bool "Local APIC support on uniprocessors" if !PCI_MSI
1099 default PCI_MSI
1100 depends on X86_32 && !SMP && !X86_32_NON_STANDARD
1101 help
1102 A local APIC (Advanced Programmable Interrupt Controller) is an
1103 integrated interrupt controller in the CPU. If you have a single-CPU
1104 system which has a processor with a local APIC, you can say Y here to
1105 enable and use it. If you say Y here even though your machine doesn't
1106 have a local APIC, then the kernel will still run with no slowdown at
1107 all. The local APIC supports CPU-generated self-interrupts (timer,
1108 performance counters), and the NMI watchdog which detects hard
1109 lockups.
1110
1111config X86_UP_IOAPIC
1112 bool "IO-APIC support on uniprocessors"
1113 depends on X86_UP_APIC
1114 help
1115 An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
1116 SMP-capable replacement for PC-style interrupt controllers. Most
1117 SMP systems and many recent uniprocessor systems have one.
1118
1119 If you have a single-CPU system with an IO-APIC, you can say Y here
1120 to use it. If you say Y here even though your machine doesn't have
1121 an IO-APIC, then the kernel will still run with no slowdown at all.
1122
1123config X86_LOCAL_APIC
1124 def_bool y
1125 depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
1126 select IRQ_DOMAIN_HIERARCHY
1127
1128config ACPI_MADT_WAKEUP
1129 def_bool y
1130 depends on X86_64
1131 depends on ACPI
1132 depends on SMP
1133 depends on X86_LOCAL_APIC
1134
1135config X86_IO_APIC
1136 def_bool y
1137 depends on X86_LOCAL_APIC || X86_UP_IOAPIC
1138
1139config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
1140 bool "Reroute for broken boot IRQs"
1141 depends on X86_IO_APIC
1142 help
1143 This option enables a workaround that fixes a source of
1144 spurious interrupts. This is recommended when threaded
1145 interrupt handling is used on systems where the generation of
1146 superfluous "boot interrupts" cannot be disabled.
1147
1148 Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
1149 entry in the chipset's IO-APIC is masked (as, e.g. the RT
1150 kernel does during interrupt handling). On chipsets where this
1151 boot IRQ generation cannot be disabled, this workaround keeps
1152 the original IRQ line masked so that only the equivalent "boot
1153 IRQ" is delivered to the CPUs. The workaround also tells the
1154 kernel to set up the IRQ handler on the boot IRQ line. In this
1155 way only one interrupt is delivered to the kernel. Otherwise
1156 the spurious second interrupt may cause the kernel to bring
1157 down (vital) interrupt lines.
1158
1159 Only affects "broken" chipsets. Interrupt sharing may be
1160 increased on these systems.
1161
1162config X86_MCE
1163 bool "Machine Check / overheating reporting"
1164 select GENERIC_ALLOCATOR
1165 default y
1166 help
1167 Machine Check support allows the processor to notify the
1168 kernel if it detects a problem (e.g. overheating, data corruption).
1169 The action the kernel takes depends on the severity of the problem,
1170 ranging from warning messages to halting the machine.
1171
1172config X86_MCELOG_LEGACY
1173 bool "Support for deprecated /dev/mcelog character device"
1174 depends on X86_MCE
1175 help
1176 Enable support for /dev/mcelog which is needed by the old mcelog
1177 userspace logging daemon. Consider switching to the new generation
1178 rasdaemon solution.
1179
1180config X86_MCE_INTEL
1181 def_bool y
1182 prompt "Intel MCE features"
1183 depends on X86_MCE && X86_LOCAL_APIC
1184 help
1185 Additional support for intel specific MCE features such as
1186 the thermal monitor.
1187
1188config X86_MCE_AMD
1189 def_bool y
1190 prompt "AMD MCE features"
1191 depends on X86_MCE && X86_LOCAL_APIC && AMD_NB
1192 help
1193 Additional support for AMD specific MCE features such as
1194 the DRAM Error Threshold.
1195
1196config X86_ANCIENT_MCE
1197 bool "Support for old Pentium 5 / WinChip machine checks"
1198 depends on X86_32 && X86_MCE
1199 help
1200 Include support for machine check handling on old Pentium 5 or WinChip
1201 systems. These typically need to be enabled explicitly on the command
1202 line.
1203
1204config X86_MCE_THRESHOLD
1205 depends on X86_MCE_AMD || X86_MCE_INTEL
1206 def_bool y
1207
1208config X86_MCE_INJECT
1209 depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
1210 tristate "Machine check injector support"
1211 help
1212 Provide support for injecting machine checks for testing purposes.
1213 If you don't know what a machine check is and you don't do kernel
1214 QA it is safe to say n.
1215
1216source "arch/x86/events/Kconfig"
1217
1218config X86_LEGACY_VM86
1219 bool "Legacy VM86 support"
1220 depends on X86_32
1221 help
1222 This option allows user programs to put the CPU into V8086
1223 mode, which is an 80286-era approximation of 16-bit real mode.
1224
1225 Some very old versions of X and/or vbetool require this option
1226 for user mode setting. Similarly, DOSEMU will use it if
1227 available to accelerate real mode DOS programs. However, any
1228 recent version of DOSEMU, X, or vbetool should be fully
1229 functional even without kernel VM86 support, as they will all
1230 fall back to software emulation. Nevertheless, if you are using
1231 a 16-bit DOS program where 16-bit performance matters, vm86
1232 mode might be faster than emulation and you might want to
1233 enable this option.
1234
1235 Note that any app that works on a 64-bit kernel is unlikely to
1236 need this option, as 64-bit kernels don't, and can't, support
1237 V8086 mode. This option is also unrelated to 16-bit protected
1238 mode and is not needed to run most 16-bit programs under Wine.
1239
1240 Enabling this option increases the complexity of the kernel
1241 and slows down exception handling a tiny bit.
1242
1243 If unsure, say N here.
1244
1245config VM86
1246 bool
1247 default X86_LEGACY_VM86
1248
1249config X86_16BIT
1250 bool "Enable support for 16-bit segments" if EXPERT
1251 default y
1252 depends on MODIFY_LDT_SYSCALL
1253 help
1254 This option is required by programs like Wine to run 16-bit
1255 protected mode legacy code on x86 processors. Disabling
1256 this option saves about 300 bytes on i386, or around 6K text
1257 plus 16K runtime memory on x86-64,
1258
1259config X86_ESPFIX32
1260 def_bool y
1261 depends on X86_16BIT && X86_32
1262
1263config X86_ESPFIX64
1264 def_bool y
1265 depends on X86_16BIT && X86_64
1266
1267config X86_VSYSCALL_EMULATION
1268 bool "Enable vsyscall emulation" if EXPERT
1269 default y
1270 depends on X86_64
1271 help
1272 This enables emulation of the legacy vsyscall page. Disabling
1273 it is roughly equivalent to booting with vsyscall=none, except
1274 that it will also disable the helpful warning if a program
1275 tries to use a vsyscall. With this option set to N, offending
1276 programs will just segfault, citing addresses of the form
1277 0xffffffffff600?00.
1278
1279 This option is required by many programs built before 2013, and
1280 care should be used even with newer programs if set to N.
1281
1282 Disabling this option saves about 7K of kernel size and
1283 possibly 4K of additional runtime pagetable memory.
1284
1285config X86_IOPL_IOPERM
1286 bool "IOPERM and IOPL Emulation"
1287 default y
1288 help
1289 This enables the ioperm() and iopl() syscalls which are necessary
1290 for legacy applications.
1291
1292 Legacy IOPL support is an overbroad mechanism which allows user
1293 space aside of accessing all 65536 I/O ports also to disable
1294 interrupts. To gain this access the caller needs CAP_SYS_RAWIO
1295 capabilities and permission from potentially active security
1296 modules.
1297
1298 The emulation restricts the functionality of the syscall to
1299 only allowing the full range I/O port access, but prevents the
1300 ability to disable interrupts from user space which would be
1301 granted if the hardware IOPL mechanism would be used.
1302
1303config TOSHIBA
1304 tristate "Toshiba Laptop support"
1305 depends on X86_32
1306 help
1307 This adds a driver to safely access the System Management Mode of
1308 the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
1309 not work on models with a Phoenix BIOS. The System Management Mode
1310 is used to set the BIOS and power saving options on Toshiba portables.
1311
1312 For information on utilities to make use of this driver see the
1313 Toshiba Linux utilities web site at:
1314 <http://www.buzzard.org.uk/toshiba/>.
1315
1316 Say Y if you intend to run this kernel on a Toshiba portable.
1317 Say N otherwise.
1318
1319config X86_REBOOTFIXUPS
1320 bool "Enable X86 board specific fixups for reboot"
1321 depends on X86_32
1322 help
1323 This enables chipset and/or board specific fixups to be done
1324 in order to get reboot to work correctly. This is only needed on
1325 some combinations of hardware and BIOS. The symptom, for which
1326 this config is intended, is when reboot ends with a stalled/hung
1327 system.
1328
1329 Currently, the only fixup is for the Geode machines using
1330 CS5530A and CS5536 chipsets and the RDC R-321x SoC.
1331
1332 Say Y if you want to enable the fixup. Currently, it's safe to
1333 enable this option even if you don't need it.
1334 Say N otherwise.
1335
1336config MICROCODE
1337 def_bool y
1338 depends on CPU_SUP_AMD || CPU_SUP_INTEL
1339 select CRYPTO_LIB_SHA256 if CPU_SUP_AMD
1340
1341config MICROCODE_INITRD32
1342 def_bool y
1343 depends on MICROCODE && X86_32 && BLK_DEV_INITRD
1344
1345config MICROCODE_LATE_LOADING
1346 bool "Late microcode loading (DANGEROUS)"
1347 default n
1348 depends on MICROCODE && SMP
1349 help
1350 Loading microcode late, when the system is up and executing instructions
1351 is a tricky business and should be avoided if possible. Just the sequence
1352 of synchronizing all cores and SMT threads is one fragile dance which does
1353 not guarantee that cores might not softlock after the loading. Therefore,
1354 use this at your own risk. Late loading taints the kernel unless the
1355 microcode header indicates that it is safe for late loading via the
1356 minimal revision check. This minimal revision check can be enforced on
1357 the kernel command line with "microcode.minrev=Y".
1358
1359config MICROCODE_LATE_FORCE_MINREV
1360 bool "Enforce late microcode loading minimal revision check"
1361 default n
1362 depends on MICROCODE_LATE_LOADING
1363 help
1364 To prevent that users load microcode late which modifies already
1365 in use features, newer microcode patches have a minimum revision field
1366 in the microcode header, which tells the kernel which minimum
1367 revision must be active in the CPU to safely load that new microcode
1368 late into the running system. If disabled the check will not
1369 be enforced but the kernel will be tainted when the minimal
1370 revision check fails.
1371
1372 This minimal revision check can also be controlled via the
1373 "microcode.minrev" parameter on the kernel command line.
1374
1375 If unsure say Y.
1376
1377config X86_MSR
1378 tristate "/dev/cpu/*/msr - Model-specific register support"
1379 help
1380 This device gives privileged processes access to the x86
1381 Model-Specific Registers (MSRs). It is a character device with
1382 major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
1383 MSR accesses are directed to a specific CPU on multi-processor
1384 systems.
1385
1386config X86_CPUID
1387 tristate "/dev/cpu/*/cpuid - CPU information support"
1388 help
1389 This device gives processes access to the x86 CPUID instruction to
1390 be executed on a specific processor. It is a character device
1391 with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
1392 /dev/cpu/31/cpuid.
1393
1394choice
1395 prompt "High Memory Support"
1396 default HIGHMEM4G
1397 depends on X86_32
1398
1399config NOHIGHMEM
1400 bool "off"
1401 help
1402 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
1403 However, the address space of 32-bit x86 processors is only 4
1404 Gigabytes large. That means that, if you have a large amount of
1405 physical memory, not all of it can be "permanently mapped" by the
1406 kernel. The physical memory that's not permanently mapped is called
1407 "high memory".
1408
1409 If you are compiling a kernel which will never run on a machine with
1410 more than 1 Gigabyte total physical RAM, answer "off" here (default
1411 choice and suitable for most users). This will result in a "3GB/1GB"
1412 split: 3GB are mapped so that each process sees a 3GB virtual memory
1413 space and the remaining part of the 4GB virtual memory space is used
1414 by the kernel to permanently map as much physical memory as
1415 possible.
1416
1417 If the machine has between 1 and 4 Gigabytes physical RAM, then
1418 answer "4GB" here.
1419
1420 If more than 4 Gigabytes is used then answer "64GB" here. This
1421 selection turns Intel PAE (Physical Address Extension) mode on.
1422 PAE implements 3-level paging on IA32 processors. PAE is fully
1423 supported by Linux, PAE mode is implemented on all recent Intel
1424 processors (Pentium Pro and better). NOTE: If you say "64GB" here,
1425 then the kernel will not boot on CPUs that don't support PAE!
1426
1427 The actual amount of total physical memory will either be
1428 auto detected or can be forced by using a kernel command line option
1429 such as "mem=256M". (Try "man bootparam" or see the documentation of
1430 your boot loader (lilo or loadlin) about how to pass options to the
1431 kernel at boot time.)
1432
1433 If unsure, say "off".
1434
1435config HIGHMEM4G
1436 bool "4GB"
1437 help
1438 Select this if you have a 32-bit processor and between 1 and 4
1439 gigabytes of physical RAM.
1440
1441config HIGHMEM64G
1442 bool "64GB"
1443 depends on X86_HAVE_PAE
1444 select X86_PAE
1445 help
1446 Select this if you have a 32-bit processor and more than 4
1447 gigabytes of physical RAM.
1448
1449endchoice
1450
1451choice
1452 prompt "Memory split" if EXPERT
1453 default VMSPLIT_3G
1454 depends on X86_32
1455 help
1456 Select the desired split between kernel and user memory.
1457
1458 If the address range available to the kernel is less than the
1459 physical memory installed, the remaining memory will be available
1460 as "high memory". Accessing high memory is a little more costly
1461 than low memory, as it needs to be mapped into the kernel first.
1462 Note that increasing the kernel address space limits the range
1463 available to user programs, making the address space there
1464 tighter. Selecting anything other than the default 3G/1G split
1465 will also likely make your kernel incompatible with binary-only
1466 kernel modules.
1467
1468 If you are not absolutely sure what you are doing, leave this
1469 option alone!
1470
1471 config VMSPLIT_3G
1472 bool "3G/1G user/kernel split"
1473 config VMSPLIT_3G_OPT
1474 depends on !X86_PAE
1475 bool "3G/1G user/kernel split (for full 1G low memory)"
1476 config VMSPLIT_2G
1477 bool "2G/2G user/kernel split"
1478 config VMSPLIT_2G_OPT
1479 depends on !X86_PAE
1480 bool "2G/2G user/kernel split (for full 2G low memory)"
1481 config VMSPLIT_1G
1482 bool "1G/3G user/kernel split"
1483endchoice
1484
1485config PAGE_OFFSET
1486 hex
1487 default 0xB0000000 if VMSPLIT_3G_OPT
1488 default 0x80000000 if VMSPLIT_2G
1489 default 0x78000000 if VMSPLIT_2G_OPT
1490 default 0x40000000 if VMSPLIT_1G
1491 default 0xC0000000
1492 depends on X86_32
1493
1494config HIGHMEM
1495 def_bool y
1496 depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
1497
1498config X86_PAE
1499 bool "PAE (Physical Address Extension) Support"
1500 depends on X86_32 && X86_HAVE_PAE
1501 select PHYS_ADDR_T_64BIT
1502 select SWIOTLB
1503 help
1504 PAE is required for NX support, and furthermore enables
1505 larger swapspace support for non-overcommit purposes. It
1506 has the cost of more pagetable lookup overhead, and also
1507 consumes more pagetable space per process.
1508
1509config X86_5LEVEL
1510 bool "Enable 5-level page tables support"
1511 default y
1512 select DYNAMIC_MEMORY_LAYOUT
1513 select SPARSEMEM_VMEMMAP
1514 depends on X86_64
1515 help
1516 5-level paging enables access to larger address space:
1517 up to 128 PiB of virtual address space and 4 PiB of
1518 physical address space.
1519
1520 It will be supported by future Intel CPUs.
1521
1522 A kernel with the option enabled can be booted on machines that
1523 support 4- or 5-level paging.
1524
1525 See Documentation/arch/x86/x86_64/5level-paging.rst for more
1526 information.
1527
1528 Say N if unsure.
1529
1530config X86_DIRECT_GBPAGES
1531 def_bool y
1532 depends on X86_64
1533 help
1534 Certain kernel features effectively disable kernel
1535 linear 1 GB mappings (even if the CPU otherwise
1536 supports them), so don't confuse the user by printing
1537 that we have them enabled.
1538
1539config X86_CPA_STATISTICS
1540 bool "Enable statistic for Change Page Attribute"
1541 depends on DEBUG_FS
1542 help
1543 Expose statistics about the Change Page Attribute mechanism, which
1544 helps to determine the effectiveness of preserving large and huge
1545 page mappings when mapping protections are changed.
1546
1547config X86_MEM_ENCRYPT
1548 select ARCH_HAS_FORCE_DMA_UNENCRYPTED
1549 select DYNAMIC_PHYSICAL_MASK
1550 def_bool n
1551
1552config AMD_MEM_ENCRYPT
1553 bool "AMD Secure Memory Encryption (SME) support"
1554 depends on X86_64 && CPU_SUP_AMD
1555 depends on EFI_STUB
1556 select DMA_COHERENT_POOL
1557 select ARCH_USE_MEMREMAP_PROT
1558 select INSTRUCTION_DECODER
1559 select ARCH_HAS_CC_PLATFORM
1560 select X86_MEM_ENCRYPT
1561 select UNACCEPTED_MEMORY
1562 help
1563 Say yes to enable support for the encryption of system memory.
1564 This requires an AMD processor that supports Secure Memory
1565 Encryption (SME).
1566
1567# Common NUMA Features
1568config NUMA
1569 bool "NUMA Memory Allocation and Scheduler Support"
1570 depends on SMP
1571 depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
1572 default y if X86_BIGSMP
1573 select USE_PERCPU_NUMA_NODE_ID
1574 select OF_NUMA if OF
1575 help
1576 Enable NUMA (Non-Uniform Memory Access) support.
1577
1578 The kernel will try to allocate memory used by a CPU on the
1579 local memory controller of the CPU and add some more
1580 NUMA awareness to the kernel.
1581
1582 For 64-bit this is recommended if the system is Intel Core i7
1583 (or later), AMD Opteron, or EM64T NUMA.
1584
1585 For 32-bit this is only needed if you boot a 32-bit
1586 kernel on a 64-bit NUMA platform.
1587
1588 Otherwise, you should say N.
1589
1590config AMD_NUMA
1591 def_bool y
1592 prompt "Old style AMD Opteron NUMA detection"
1593 depends on X86_64 && NUMA && PCI
1594 help
1595 Enable AMD NUMA node topology detection. You should say Y here if
1596 you have a multi processor AMD system. This uses an old method to
1597 read the NUMA configuration directly from the builtin Northbridge
1598 of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
1599 which also takes priority if both are compiled in.
1600
1601config X86_64_ACPI_NUMA
1602 def_bool y
1603 prompt "ACPI NUMA detection"
1604 depends on X86_64 && NUMA && ACPI && PCI
1605 select ACPI_NUMA
1606 help
1607 Enable ACPI SRAT based node topology detection.
1608
1609config NODES_SHIFT
1610 int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
1611 range 1 10
1612 default "10" if MAXSMP
1613 default "6" if X86_64
1614 default "3"
1615 depends on NUMA
1616 help
1617 Specify the maximum number of NUMA Nodes available on the target
1618 system. Increases memory reserved to accommodate various tables.
1619
1620config ARCH_FLATMEM_ENABLE
1621 def_bool y
1622 depends on X86_32 && !NUMA
1623
1624config ARCH_SPARSEMEM_ENABLE
1625 def_bool y
1626 depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD
1627 select SPARSEMEM_STATIC if X86_32
1628 select SPARSEMEM_VMEMMAP_ENABLE if X86_64
1629
1630config ARCH_SPARSEMEM_DEFAULT
1631 def_bool X86_64 || (NUMA && X86_32)
1632
1633config ARCH_SELECT_MEMORY_MODEL
1634 def_bool y
1635 depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE
1636
1637config ARCH_MEMORY_PROBE
1638 bool "Enable sysfs memory/probe interface"
1639 depends on MEMORY_HOTPLUG
1640 help
1641 This option enables a sysfs memory/probe interface for testing.
1642 See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
1643 If you are unsure how to answer this question, answer N.
1644
1645config ARCH_PROC_KCORE_TEXT
1646 def_bool y
1647 depends on X86_64 && PROC_KCORE
1648
1649config ILLEGAL_POINTER_VALUE
1650 hex
1651 default 0 if X86_32
1652 default 0xdead000000000000 if X86_64
1653
1654config X86_PMEM_LEGACY_DEVICE
1655 bool
1656
1657config X86_PMEM_LEGACY
1658 tristate "Support non-standard NVDIMMs and ADR protected memory"
1659 depends on PHYS_ADDR_T_64BIT
1660 depends on BLK_DEV
1661 select X86_PMEM_LEGACY_DEVICE
1662 select NUMA_KEEP_MEMINFO if NUMA
1663 select LIBNVDIMM
1664 help
1665 Treat memory marked using the non-standard e820 type of 12 as used
1666 by the Intel Sandy Bridge-EP reference BIOS as protected memory.
1667 The kernel will offer these regions to the 'pmem' driver so
1668 they can be used for persistent storage.
1669
1670 Say Y if unsure.
1671
1672config HIGHPTE
1673 bool "Allocate 3rd-level pagetables from highmem"
1674 depends on HIGHMEM
1675 help
1676 The VM uses one page table entry for each page of physical memory.
1677 For systems with a lot of RAM, this can be wasteful of precious
1678 low memory. Setting this option will put user-space page table
1679 entries in high memory.
1680
1681config X86_CHECK_BIOS_CORRUPTION
1682 bool "Check for low memory corruption"
1683 help
1684 Periodically check for memory corruption in low memory, which
1685 is suspected to be caused by BIOS. Even when enabled in the
1686 configuration, it is disabled at runtime. Enable it by
1687 setting "memory_corruption_check=1" on the kernel command
1688 line. By default it scans the low 64k of memory every 60
1689 seconds; see the memory_corruption_check_size and
1690 memory_corruption_check_period parameters in
1691 Documentation/admin-guide/kernel-parameters.rst to adjust this.
1692
1693 When enabled with the default parameters, this option has
1694 almost no overhead, as it reserves a relatively small amount
1695 of memory and scans it infrequently. It both detects corruption
1696 and prevents it from affecting the running system.
1697
1698 It is, however, intended as a diagnostic tool; if repeatable
1699 BIOS-originated corruption always affects the same memory,
1700 you can use memmap= to prevent the kernel from using that
1701 memory.
1702
1703config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
1704 bool "Set the default setting of memory_corruption_check"
1705 depends on X86_CHECK_BIOS_CORRUPTION
1706 default y
1707 help
1708 Set whether the default state of memory_corruption_check is
1709 on or off.
1710
1711config MATH_EMULATION
1712 bool
1713 depends on MODIFY_LDT_SYSCALL
1714 prompt "Math emulation" if X86_32 && (M486SX || MELAN)
1715 help
1716 Linux can emulate a math coprocessor (used for floating point
1717 operations) if you don't have one. 486DX and Pentium processors have
1718 a math coprocessor built in, 486SX and 386 do not, unless you added
1719 a 487DX or 387, respectively. (The messages during boot time can
1720 give you some hints here ["man dmesg"].) Everyone needs either a
1721 coprocessor or this emulation.
1722
1723 If you don't have a math coprocessor, you need to say Y here; if you
1724 say Y here even though you have a coprocessor, the coprocessor will
1725 be used nevertheless. (This behavior can be changed with the kernel
1726 command line option "no387", which comes handy if your coprocessor
1727 is broken. Try "man bootparam" or see the documentation of your boot
1728 loader (lilo or loadlin) about how to pass options to the kernel at
1729 boot time.) This means that it is a good idea to say Y here if you
1730 intend to use this kernel on different machines.
1731
1732 More information about the internals of the Linux math coprocessor
1733 emulation can be found in <file:arch/x86/math-emu/README>.
1734
1735 If you are not sure, say Y; apart from resulting in a 66 KB bigger
1736 kernel, it won't hurt.
1737
1738config MTRR
1739 def_bool y
1740 prompt "MTRR (Memory Type Range Register) support" if EXPERT
1741 help
1742 On Intel P6 family processors (Pentium Pro, Pentium II and later)
1743 the Memory Type Range Registers (MTRRs) may be used to control
1744 processor access to memory ranges. This is most useful if you have
1745 a video (VGA) card on a PCI or AGP bus. Enabling write-combining
1746 allows bus write transfers to be combined into a larger transfer
1747 before bursting over the PCI/AGP bus. This can increase performance
1748 of image write operations 2.5 times or more. Saying Y here creates a
1749 /proc/mtrr file which may be used to manipulate your processor's
1750 MTRRs. Typically the X server should use this.
1751
1752 This code has a reasonably generic interface so that similar
1753 control registers on other processors can be easily supported
1754 as well:
1755
1756 The Cyrix 6x86, 6x86MX and M II processors have Address Range
1757 Registers (ARRs) which provide a similar functionality to MTRRs. For
1758 these, the ARRs are used to emulate the MTRRs.
1759 The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
1760 MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
1761 write-combining. All of these processors are supported by this code
1762 and it makes sense to say Y here if you have one of them.
1763
1764 Saying Y here also fixes a problem with buggy SMP BIOSes which only
1765 set the MTRRs for the boot CPU and not for the secondary CPUs. This
1766 can lead to all sorts of problems, so it's good to say Y here.
1767
1768 You can safely say Y even if your machine doesn't have MTRRs, you'll
1769 just add about 9 KB to your kernel.
1770
1771 See <file:Documentation/arch/x86/mtrr.rst> for more information.
1772
1773config MTRR_SANITIZER
1774 def_bool y
1775 prompt "MTRR cleanup support"
1776 depends on MTRR
1777 help
1778 Convert MTRR layout from continuous to discrete, so X drivers can
1779 add writeback entries.
1780
1781 Can be disabled with disable_mtrr_cleanup on the kernel command line.
1782 The largest mtrr entry size for a continuous block can be set with
1783 mtrr_chunk_size.
1784
1785 If unsure, say Y.
1786
1787config MTRR_SANITIZER_ENABLE_DEFAULT
1788 int "MTRR cleanup enable value (0-1)"
1789 range 0 1
1790 default "0"
1791 depends on MTRR_SANITIZER
1792 help
1793 Enable mtrr cleanup default value
1794
1795config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
1796 int "MTRR cleanup spare reg num (0-7)"
1797 range 0 7
1798 default "1"
1799 depends on MTRR_SANITIZER
1800 help
1801 mtrr cleanup spare entries default, it can be changed via
1802 mtrr_spare_reg_nr=N on the kernel command line.
1803
1804config X86_PAT
1805 def_bool y
1806 prompt "x86 PAT support" if EXPERT
1807 depends on MTRR
1808 select ARCH_USES_PG_ARCH_2
1809 help
1810 Use PAT attributes to setup page level cache control.
1811
1812 PATs are the modern equivalents of MTRRs and are much more
1813 flexible than MTRRs.
1814
1815 Say N here if you see bootup problems (boot crash, boot hang,
1816 spontaneous reboots) or a non-working video driver.
1817
1818 If unsure, say Y.
1819
1820config X86_UMIP
1821 def_bool y
1822 prompt "User Mode Instruction Prevention" if EXPERT
1823 help
1824 User Mode Instruction Prevention (UMIP) is a security feature in
1825 some x86 processors. If enabled, a general protection fault is
1826 issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are
1827 executed in user mode. These instructions unnecessarily expose
1828 information about the hardware state.
1829
1830 The vast majority of applications do not use these instructions.
1831 For the very few that do, software emulation is provided in
1832 specific cases in protected and virtual-8086 modes. Emulated
1833 results are dummy.
1834
1835config CC_HAS_IBT
1836 # GCC >= 9 and binutils >= 2.29
1837 # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
1838 # Clang/LLVM >= 14
1839 # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f
1840 # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
1841 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
1842 (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
1843 $(as-instr,endbr64)
1844
1845config X86_CET
1846 def_bool n
1847 help
1848 CET features configured (Shadow stack or IBT)
1849
1850config X86_KERNEL_IBT
1851 prompt "Indirect Branch Tracking"
1852 def_bool y
1853 depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
1854 # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
1855 depends on !LD_IS_LLD || LLD_VERSION >= 140000
1856 select OBJTOOL
1857 select X86_CET
1858 help
1859 Build the kernel with support for Indirect Branch Tracking, a
1860 hardware support course-grain forward-edge Control Flow Integrity
1861 protection. It enforces that all indirect calls must land on
1862 an ENDBR instruction, as such, the compiler will instrument the
1863 code with them to make this happen.
1864
1865 In addition to building the kernel with IBT, seal all functions that
1866 are not indirect call targets, avoiding them ever becoming one.
1867
1868 This requires LTO like objtool runs and will slow down the build. It
1869 does significantly reduce the number of ENDBR instructions in the
1870 kernel image.
1871
1872config X86_INTEL_MEMORY_PROTECTION_KEYS
1873 prompt "Memory Protection Keys"
1874 def_bool y
1875 # Note: only available in 64-bit mode
1876 depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD)
1877 select ARCH_USES_HIGH_VMA_FLAGS
1878 select ARCH_HAS_PKEYS
1879 help
1880 Memory Protection Keys provides a mechanism for enforcing
1881 page-based protections, but without requiring modification of the
1882 page tables when an application changes protection domains.
1883
1884 For details, see Documentation/core-api/protection-keys.rst
1885
1886 If unsure, say y.
1887
1888config ARCH_PKEY_BITS
1889 int
1890 default 4
1891
1892choice
1893 prompt "TSX enable mode"
1894 depends on CPU_SUP_INTEL
1895 default X86_INTEL_TSX_MODE_OFF
1896 help
1897 Intel's TSX (Transactional Synchronization Extensions) feature
1898 allows to optimize locking protocols through lock elision which
1899 can lead to a noticeable performance boost.
1900
1901 On the other hand it has been shown that TSX can be exploited
1902 to form side channel attacks (e.g. TAA) and chances are there
1903 will be more of those attacks discovered in the future.
1904
1905 Therefore TSX is not enabled by default (aka tsx=off). An admin
1906 might override this decision by tsx=on the command line parameter.
1907 Even with TSX enabled, the kernel will attempt to enable the best
1908 possible TAA mitigation setting depending on the microcode available
1909 for the particular machine.
1910
1911 This option allows to set the default tsx mode between tsx=on, =off
1912 and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
1913 details.
1914
1915 Say off if not sure, auto if TSX is in use but it should be used on safe
1916 platforms or on if TSX is in use and the security aspect of tsx is not
1917 relevant.
1918
1919config X86_INTEL_TSX_MODE_OFF
1920 bool "off"
1921 help
1922 TSX is disabled if possible - equals to tsx=off command line parameter.
1923
1924config X86_INTEL_TSX_MODE_ON
1925 bool "on"
1926 help
1927 TSX is always enabled on TSX capable HW - equals the tsx=on command
1928 line parameter.
1929
1930config X86_INTEL_TSX_MODE_AUTO
1931 bool "auto"
1932 help
1933 TSX is enabled on TSX capable HW that is believed to be safe against
1934 side channel attacks- equals the tsx=auto command line parameter.
1935endchoice
1936
1937config X86_SGX
1938 bool "Software Guard eXtensions (SGX)"
1939 depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC
1940 depends on CRYPTO=y
1941 depends on CRYPTO_SHA256=y
1942 select MMU_NOTIFIER
1943 select NUMA_KEEP_MEMINFO if NUMA
1944 select XARRAY_MULTI
1945 help
1946 Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions
1947 that can be used by applications to set aside private regions of code
1948 and data, referred to as enclaves. An enclave's private memory can
1949 only be accessed by code running within the enclave. Accesses from
1950 outside the enclave, including other enclaves, are disallowed by
1951 hardware.
1952
1953 If unsure, say N.
1954
1955config X86_USER_SHADOW_STACK
1956 bool "X86 userspace shadow stack"
1957 depends on AS_WRUSS
1958 depends on X86_64
1959 select ARCH_USES_HIGH_VMA_FLAGS
1960 select ARCH_HAS_USER_SHADOW_STACK
1961 select X86_CET
1962 help
1963 Shadow stack protection is a hardware feature that detects function
1964 return address corruption. This helps mitigate ROP attacks.
1965 Applications must be enabled to use it, and old userspace does not
1966 get protection "for free".
1967
1968 CPUs supporting shadow stacks were first released in 2020.
1969
1970 See Documentation/arch/x86/shstk.rst for more information.
1971
1972 If unsure, say N.
1973
1974config INTEL_TDX_HOST
1975 bool "Intel Trust Domain Extensions (TDX) host support"
1976 depends on CPU_SUP_INTEL
1977 depends on X86_64
1978 depends on KVM_INTEL
1979 depends on X86_X2APIC
1980 select ARCH_KEEP_MEMBLOCK
1981 depends on CONTIG_ALLOC
1982 depends on !KEXEC_CORE
1983 depends on X86_MCE
1984 help
1985 Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
1986 host and certain physical attacks. This option enables necessary TDX
1987 support in the host kernel to run confidential VMs.
1988
1989 If unsure, say N.
1990
1991config EFI
1992 bool "EFI runtime service support"
1993 depends on ACPI
1994 select UCS2_STRING
1995 select EFI_RUNTIME_WRAPPERS
1996 select ARCH_USE_MEMREMAP_PROT
1997 select EFI_RUNTIME_MAP if KEXEC_CORE
1998 help
1999 This enables the kernel to use EFI runtime services that are
2000 available (such as the EFI variable services).
2001
2002 This option is only useful on systems that have EFI firmware.
2003 In addition, you should use the latest ELILO loader available
2004 at <http://elilo.sourceforge.net> in order to take advantage
2005 of EFI runtime services. However, even with this option, the
2006 resultant kernel should continue to boot on existing non-EFI
2007 platforms.
2008
2009config EFI_STUB
2010 bool "EFI stub support"
2011 depends on EFI
2012 select RELOCATABLE
2013 help
2014 This kernel feature allows a bzImage to be loaded directly
2015 by EFI firmware without the use of a bootloader.
2016
2017 See Documentation/admin-guide/efi-stub.rst for more information.
2018
2019config EFI_HANDOVER_PROTOCOL
2020 bool "EFI handover protocol (DEPRECATED)"
2021 depends on EFI_STUB
2022 default y
2023 help
2024 Select this in order to include support for the deprecated EFI
2025 handover protocol, which defines alternative entry points into the
2026 EFI stub. This is a practice that has no basis in the UEFI
2027 specification, and requires a priori knowledge on the part of the
2028 bootloader about Linux/x86 specific ways of passing the command line
2029 and initrd, and where in memory those assets may be loaded.
2030
2031 If in doubt, say Y. Even though the corresponding support is not
2032 present in upstream GRUB or other bootloaders, most distros build
2033 GRUB with numerous downstream patches applied, and may rely on the
2034 handover protocol as as result.
2035
2036config EFI_MIXED
2037 bool "EFI mixed-mode support"
2038 depends on EFI_STUB && X86_64
2039 help
2040 Enabling this feature allows a 64-bit kernel to be booted
2041 on a 32-bit firmware, provided that your CPU supports 64-bit
2042 mode.
2043
2044 Note that it is not possible to boot a mixed-mode enabled
2045 kernel via the EFI boot stub - a bootloader that supports
2046 the EFI handover protocol must be used.
2047
2048 If unsure, say N.
2049
2050config EFI_RUNTIME_MAP
2051 bool "Export EFI runtime maps to sysfs" if EXPERT
2052 depends on EFI
2053 help
2054 Export EFI runtime memory regions to /sys/firmware/efi/runtime-map.
2055 That memory map is required by the 2nd kernel to set up EFI virtual
2056 mappings after kexec, but can also be used for debugging purposes.
2057
2058 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
2059
2060source "kernel/Kconfig.hz"
2061
2062config ARCH_SUPPORTS_KEXEC
2063 def_bool y
2064
2065config ARCH_SUPPORTS_KEXEC_FILE
2066 def_bool X86_64
2067
2068config ARCH_SELECTS_KEXEC_FILE
2069 def_bool y
2070 depends on KEXEC_FILE
2071 select HAVE_IMA_KEXEC if IMA
2072
2073config ARCH_SUPPORTS_KEXEC_PURGATORY
2074 def_bool y
2075
2076config ARCH_SUPPORTS_KEXEC_SIG
2077 def_bool y
2078
2079config ARCH_SUPPORTS_KEXEC_SIG_FORCE
2080 def_bool y
2081
2082config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
2083 def_bool y
2084
2085config ARCH_SUPPORTS_KEXEC_JUMP
2086 def_bool y
2087
2088config ARCH_SUPPORTS_CRASH_DUMP
2089 def_bool X86_64 || (X86_32 && HIGHMEM)
2090
2091config ARCH_DEFAULT_CRASH_DUMP
2092 def_bool y
2093
2094config ARCH_SUPPORTS_CRASH_HOTPLUG
2095 def_bool y
2096
2097config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION
2098 def_bool CRASH_RESERVE
2099
2100config PHYSICAL_START
2101 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
2102 default "0x1000000"
2103 help
2104 This gives the physical address where the kernel is loaded.
2105
2106 If the kernel is not relocatable (CONFIG_RELOCATABLE=n) then bzImage
2107 will decompress itself to above physical address and run from there.
2108 Otherwise, bzImage will run from the address where it has been loaded
2109 by the boot loader. The only exception is if it is loaded below the
2110 above physical address, in which case it will relocate itself there.
2111
2112 In normal kdump cases one does not have to set/change this option
2113 as now bzImage can be compiled as a completely relocatable image
2114 (CONFIG_RELOCATABLE=y) and be used to load and run from a different
2115 address. This option is mainly useful for the folks who don't want
2116 to use a bzImage for capturing the crash dump and want to use a
2117 vmlinux instead. vmlinux is not relocatable hence a kernel needs
2118 to be specifically compiled to run from a specific memory area
2119 (normally a reserved region) and this option comes handy.
2120
2121 So if you are using bzImage for capturing the crash dump,
2122 leave the value here unchanged to 0x1000000 and set
2123 CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux
2124 for capturing the crash dump change this value to start of
2125 the reserved region. In other words, it can be set based on
2126 the "X" value as specified in the "crashkernel=YM@XM"
2127 command line boot parameter passed to the panic-ed
2128 kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
2129 for more details about crash dumps.
2130
2131 Usage of bzImage for capturing the crash dump is recommended as
2132 one does not have to build two kernels. Same kernel can be used
2133 as production kernel and capture kernel. Above option should have
2134 gone away after relocatable bzImage support is introduced. But it
2135 is present because there are users out there who continue to use
2136 vmlinux for dump capture. This option should go away down the
2137 line.
2138
2139 Don't change this unless you know what you are doing.
2140
2141config RELOCATABLE
2142 bool "Build a relocatable kernel"
2143 default y
2144 help
2145 This builds a kernel image that retains relocation information
2146 so it can be loaded someplace besides the default 1MB.
2147 The relocations tend to make the kernel binary about 10% larger,
2148 but are discarded at runtime.
2149
2150 One use is for the kexec on panic case where the recovery kernel
2151 must live at a different physical address than the primary
2152 kernel.
2153
2154 Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
2155 it has been loaded at and the compile time physical address
2156 (CONFIG_PHYSICAL_START) is used as the minimum location.
2157
2158config RANDOMIZE_BASE
2159 bool "Randomize the address of the kernel image (KASLR)"
2160 depends on RELOCATABLE
2161 default y
2162 help
2163 In support of Kernel Address Space Layout Randomization (KASLR),
2164 this randomizes the physical address at which the kernel image
2165 is decompressed and the virtual address where the kernel
2166 image is mapped, as a security feature that deters exploit
2167 attempts relying on knowledge of the location of kernel
2168 code internals.
2169
2170 On 64-bit, the kernel physical and virtual addresses are
2171 randomized separately. The physical address will be anywhere
2172 between 16MB and the top of physical memory (up to 64TB). The
2173 virtual address will be randomized from 16MB up to 1GB (9 bits
2174 of entropy). Note that this also reduces the memory space
2175 available to kernel modules from 1.5GB to 1GB.
2176
2177 On 32-bit, the kernel physical and virtual addresses are
2178 randomized together. They will be randomized from 16MB up to
2179 512MB (8 bits of entropy).
2180
2181 Entropy is generated using the RDRAND instruction if it is
2182 supported. If RDTSC is supported, its value is mixed into
2183 the entropy pool as well. If neither RDRAND nor RDTSC are
2184 supported, then entropy is read from the i8254 timer. The
2185 usable entropy is limited by the kernel being built using
2186 2GB addressing, and that PHYSICAL_ALIGN must be at a
2187 minimum of 2MB. As a result, only 10 bits of entropy are
2188 theoretically possible, but the implementations are further
2189 limited due to memory layouts.
2190
2191 If unsure, say Y.
2192
2193# Relocation on x86 needs some additional build support
2194config X86_NEED_RELOCS
2195 def_bool y
2196 depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
2197
2198config PHYSICAL_ALIGN
2199 hex "Alignment value to which kernel should be aligned"
2200 default "0x200000"
2201 range 0x2000 0x1000000 if X86_32
2202 range 0x200000 0x1000000 if X86_64
2203 help
2204 This value puts the alignment restrictions on physical address
2205 where kernel is loaded and run from. Kernel is compiled for an
2206 address which meets above alignment restriction.
2207
2208 If bootloader loads the kernel at a non-aligned address and
2209 CONFIG_RELOCATABLE is set, kernel will move itself to nearest
2210 address aligned to above value and run from there.
2211
2212 If bootloader loads the kernel at a non-aligned address and
2213 CONFIG_RELOCATABLE is not set, kernel will ignore the run time
2214 load address and decompress itself to the address it has been
2215 compiled for and run from there. The address for which kernel is
2216 compiled already meets above alignment restrictions. Hence the
2217 end result is that kernel runs from a physical address meeting
2218 above alignment restrictions.
2219
2220 On 32-bit this value must be a multiple of 0x2000. On 64-bit
2221 this value must be a multiple of 0x200000.
2222
2223 Don't change this unless you know what you are doing.
2224
2225config DYNAMIC_MEMORY_LAYOUT
2226 bool
2227 help
2228 This option makes base addresses of vmalloc and vmemmap as well as
2229 __PAGE_OFFSET movable during boot.
2230
2231config RANDOMIZE_MEMORY
2232 bool "Randomize the kernel memory sections"
2233 depends on X86_64
2234 depends on RANDOMIZE_BASE
2235 select DYNAMIC_MEMORY_LAYOUT
2236 default RANDOMIZE_BASE
2237 help
2238 Randomizes the base virtual address of kernel memory sections
2239 (physical memory mapping, vmalloc & vmemmap). This security feature
2240 makes exploits relying on predictable memory locations less reliable.
2241
2242 The order of allocations remains unchanged. Entropy is generated in
2243 the same way as RANDOMIZE_BASE. Current implementation in the optimal
2244 configuration have in average 30,000 different possible virtual
2245 addresses for each memory section.
2246
2247 If unsure, say Y.
2248
2249config RANDOMIZE_MEMORY_PHYSICAL_PADDING
2250 hex "Physical memory mapping padding" if EXPERT
2251 depends on RANDOMIZE_MEMORY
2252 default "0xa" if MEMORY_HOTPLUG
2253 default "0x0"
2254 range 0x1 0x40 if MEMORY_HOTPLUG
2255 range 0x0 0x40
2256 help
2257 Define the padding in terabytes added to the existing physical
2258 memory size during kernel memory randomization. It is useful
2259 for memory hotplug support but reduces the entropy available for
2260 address randomization.
2261
2262 If unsure, leave at the default value.
2263
2264config ADDRESS_MASKING
2265 bool "Linear Address Masking support"
2266 depends on X86_64
2267 depends on COMPILE_TEST || !CPU_MITIGATIONS # wait for LASS
2268 help
2269 Linear Address Masking (LAM) modifies the checking that is applied
2270 to 64-bit linear addresses, allowing software to use of the
2271 untranslated address bits for metadata.
2272
2273 The capability can be used for efficient address sanitizers (ASAN)
2274 implementation and for optimizations in JITs.
2275
2276config HOTPLUG_CPU
2277 def_bool y
2278 depends on SMP
2279
2280config COMPAT_VDSO
2281 def_bool n
2282 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
2283 depends on COMPAT_32
2284 help
2285 Certain buggy versions of glibc will crash if they are
2286 presented with a 32-bit vDSO that is not mapped at the address
2287 indicated in its segment table.
2288
2289 The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
2290 and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
2291 49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is
2292 the only released version with the bug, but OpenSUSE 9
2293 contains a buggy "glibc 2.3.2".
2294
2295 The symptom of the bug is that everything crashes on startup, saying:
2296 dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
2297
2298 Saying Y here changes the default value of the vdso32 boot
2299 option from 1 to 0, which turns off the 32-bit vDSO entirely.
2300 This works around the glibc bug but hurts performance.
2301
2302 If unsure, say N: if you are compiling your own kernel, you
2303 are unlikely to be using a buggy version of glibc.
2304
2305choice
2306 prompt "vsyscall table for legacy applications"
2307 depends on X86_64
2308 default LEGACY_VSYSCALL_XONLY
2309 help
2310 Legacy user code that does not know how to find the vDSO expects
2311 to be able to issue three syscalls by calling fixed addresses in
2312 kernel space. Since this location is not randomized with ASLR,
2313 it can be used to assist security vulnerability exploitation.
2314
2315 This setting can be changed at boot time via the kernel command
2316 line parameter vsyscall=[emulate|xonly|none]. Emulate mode
2317 is deprecated and can only be enabled using the kernel command
2318 line.
2319
2320 On a system with recent enough glibc (2.14 or newer) and no
2321 static binaries, you can say None without a performance penalty
2322 to improve security.
2323
2324 If unsure, select "Emulate execution only".
2325
2326 config LEGACY_VSYSCALL_XONLY
2327 bool "Emulate execution only"
2328 help
2329 The kernel traps and emulates calls into the fixed vsyscall
2330 address mapping and does not allow reads. This
2331 configuration is recommended when userspace might use the
2332 legacy vsyscall area but support for legacy binary
2333 instrumentation of legacy code is not needed. It mitigates
2334 certain uses of the vsyscall area as an ASLR-bypassing
2335 buffer.
2336
2337 config LEGACY_VSYSCALL_NONE
2338 bool "None"
2339 help
2340 There will be no vsyscall mapping at all. This will
2341 eliminate any risk of ASLR bypass due to the vsyscall
2342 fixed address mapping. Attempts to use the vsyscalls
2343 will be reported to dmesg, so that either old or
2344 malicious userspace programs can be identified.
2345
2346endchoice
2347
2348config CMDLINE_BOOL
2349 bool "Built-in kernel command line"
2350 help
2351 Allow for specifying boot arguments to the kernel at
2352 build time. On some systems (e.g. embedded ones), it is
2353 necessary or convenient to provide some or all of the
2354 kernel boot arguments with the kernel itself (that is,
2355 to not rely on the boot loader to provide them.)
2356
2357 To compile command line arguments into the kernel,
2358 set this option to 'Y', then fill in the
2359 boot arguments in CONFIG_CMDLINE.
2360
2361 Systems with fully functional boot loaders (i.e. non-embedded)
2362 should leave this option set to 'N'.
2363
2364config CMDLINE
2365 string "Built-in kernel command string"
2366 depends on CMDLINE_BOOL
2367 default ""
2368 help
2369 Enter arguments here that should be compiled into the kernel
2370 image and used at boot time. If the boot loader provides a
2371 command line at boot time, it is appended to this string to
2372 form the full kernel command line, when the system boots.
2373
2374 However, you can use the CONFIG_CMDLINE_OVERRIDE option to
2375 change this behavior.
2376
2377 In most cases, the command line (whether built-in or provided
2378 by the boot loader) should specify the device for the root
2379 file system.
2380
2381config CMDLINE_OVERRIDE
2382 bool "Built-in command line overrides boot loader arguments"
2383 depends on CMDLINE_BOOL && CMDLINE != ""
2384 help
2385 Set this option to 'Y' to have the kernel ignore the boot loader
2386 command line, and use ONLY the built-in command line.
2387
2388 This is used to work around broken boot loaders. This should
2389 be set to 'N' under normal conditions.
2390
2391config MODIFY_LDT_SYSCALL
2392 bool "Enable the LDT (local descriptor table)" if EXPERT
2393 default y
2394 help
2395 Linux can allow user programs to install a per-process x86
2396 Local Descriptor Table (LDT) using the modify_ldt(2) system
2397 call. This is required to run 16-bit or segmented code such as
2398 DOSEMU or some Wine programs. It is also used by some very old
2399 threading libraries.
2400
2401 Enabling this feature adds a small amount of overhead to
2402 context switches and increases the low-level kernel attack
2403 surface. Disabling it removes the modify_ldt(2) system call.
2404
2405 Saying 'N' here may make sense for embedded or server kernels.
2406
2407config STRICT_SIGALTSTACK_SIZE
2408 bool "Enforce strict size checking for sigaltstack"
2409 depends on DYNAMIC_SIGFRAME
2410 help
2411 For historical reasons MINSIGSTKSZ is a constant which became
2412 already too small with AVX512 support. Add a mechanism to
2413 enforce strict checking of the sigaltstack size against the
2414 real size of the FPU frame. This option enables the check
2415 by default. It can also be controlled via the kernel command
2416 line option 'strict_sas_size' independent of this config
2417 switch. Enabling it might break existing applications which
2418 allocate a too small sigaltstack but 'work' because they
2419 never get a signal delivered.
2420
2421 Say 'N' unless you want to really enforce this check.
2422
2423config CFI_AUTO_DEFAULT
2424 bool "Attempt to use FineIBT by default at boot time"
2425 depends on FINEIBT
2426 default y
2427 help
2428 Attempt to use FineIBT by default at boot time. If enabled,
2429 this is the same as booting with "cfi=auto". If disabled,
2430 this is the same as booting with "cfi=kcfi".
2431
2432source "kernel/livepatch/Kconfig"
2433
2434config X86_BUS_LOCK_DETECT
2435 bool "Split Lock Detect and Bus Lock Detect support"
2436 depends on CPU_SUP_INTEL || CPU_SUP_AMD
2437 default y
2438 help
2439 Enable Split Lock Detect and Bus Lock Detect functionalities.
2440 See <file:Documentation/arch/x86/buslock.rst> for more information.
2441
2442endmenu
2443
2444config CC_HAS_NAMED_AS
2445 def_bool $(success,echo 'int __seg_fs fs; int __seg_gs gs;' | $(CC) -x c - -S -o /dev/null)
2446 depends on CC_IS_GCC
2447
2448config CC_HAS_NAMED_AS_FIXED_SANITIZERS
2449 def_bool CC_IS_GCC && GCC_VERSION >= 130300
2450
2451config USE_X86_SEG_SUPPORT
2452 def_bool y
2453 depends on CC_HAS_NAMED_AS
2454 #
2455 # -fsanitize=kernel-address (KASAN) and -fsanitize=thread
2456 # (KCSAN) are incompatible with named address spaces with
2457 # GCC < 13.3 - see GCC PR sanitizer/111736.
2458 #
2459 depends on !(KASAN || KCSAN) || CC_HAS_NAMED_AS_FIXED_SANITIZERS
2460
2461config CC_HAS_SLS
2462 def_bool $(cc-option,-mharden-sls=all)
2463
2464config CC_HAS_RETURN_THUNK
2465 def_bool $(cc-option,-mfunction-return=thunk-extern)
2466
2467config CC_HAS_ENTRY_PADDING
2468 def_bool $(cc-option,-fpatchable-function-entry=16,16)
2469
2470config FUNCTION_PADDING_CFI
2471 int
2472 default 59 if FUNCTION_ALIGNMENT_64B
2473 default 27 if FUNCTION_ALIGNMENT_32B
2474 default 11 if FUNCTION_ALIGNMENT_16B
2475 default 3 if FUNCTION_ALIGNMENT_8B
2476 default 0
2477
2478# Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG
2479# except Kconfig can't do arithmetic :/
2480config FUNCTION_PADDING_BYTES
2481 int
2482 default FUNCTION_PADDING_CFI if CFI_CLANG
2483 default FUNCTION_ALIGNMENT
2484
2485config CALL_PADDING
2486 def_bool n
2487 depends on CC_HAS_ENTRY_PADDING && OBJTOOL
2488 select FUNCTION_ALIGNMENT_16B
2489
2490config FINEIBT
2491 def_bool y
2492 depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE
2493 select CALL_PADDING
2494
2495config HAVE_CALL_THUNKS
2496 def_bool y
2497 depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL
2498
2499config CALL_THUNKS
2500 def_bool n
2501 select CALL_PADDING
2502
2503config PREFIX_SYMBOLS
2504 def_bool y
2505 depends on CALL_PADDING && !CFI_CLANG
2506
2507menuconfig CPU_MITIGATIONS
2508 bool "Mitigations for CPU vulnerabilities"
2509 default y
2510 help
2511 Say Y here to enable options which enable mitigations for hardware
2512 vulnerabilities (usually related to speculative execution).
2513 Mitigations can be disabled or restricted to SMT systems at runtime
2514 via the "mitigations" kernel parameter.
2515
2516 If you say N, all mitigations will be disabled. This CANNOT be
2517 overridden at runtime.
2518
2519 Say 'Y', unless you really know what you are doing.
2520
2521if CPU_MITIGATIONS
2522
2523config MITIGATION_PAGE_TABLE_ISOLATION
2524 bool "Remove the kernel mapping in user mode"
2525 default y
2526 depends on (X86_64 || X86_PAE)
2527 help
2528 This feature reduces the number of hardware side channels by
2529 ensuring that the majority of kernel addresses are not mapped
2530 into userspace.
2531
2532 See Documentation/arch/x86/pti.rst for more details.
2533
2534config MITIGATION_RETPOLINE
2535 bool "Avoid speculative indirect branches in kernel"
2536 select OBJTOOL if HAVE_OBJTOOL
2537 default y
2538 help
2539 Compile kernel with the retpoline compiler options to guard against
2540 kernel-to-user data leaks by avoiding speculative indirect
2541 branches. Requires a compiler with -mindirect-branch=thunk-extern
2542 support for full protection. The kernel may run slower.
2543
2544config MITIGATION_RETHUNK
2545 bool "Enable return-thunks"
2546 depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK
2547 select OBJTOOL if HAVE_OBJTOOL
2548 default y if X86_64
2549 help
2550 Compile the kernel with the return-thunks compiler option to guard
2551 against kernel-to-user data leaks by avoiding return speculation.
2552 Requires a compiler with -mfunction-return=thunk-extern
2553 support for full protection. The kernel may run slower.
2554
2555config MITIGATION_UNRET_ENTRY
2556 bool "Enable UNRET on kernel entry"
2557 depends on CPU_SUP_AMD && MITIGATION_RETHUNK && X86_64
2558 default y
2559 help
2560 Compile the kernel with support for the retbleed=unret mitigation.
2561
2562config MITIGATION_CALL_DEPTH_TRACKING
2563 bool "Mitigate RSB underflow with call depth tracking"
2564 depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS
2565 select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
2566 select CALL_THUNKS
2567 default y
2568 help
2569 Compile the kernel with call depth tracking to mitigate the Intel
2570 SKL Return-Stack-Buffer (RSB) underflow issue. The mitigation is off
2571 by default and needs to be enabled on the kernel command line via the
2572 retbleed=stuff option. For non-affected systems the overhead of this
2573 option is marginal as the call depth tracking is using run-time
2574 generated call thunks in a compiler generated padding area and call
2575 patching. This increases text size by ~5%. For non affected systems
2576 this space is unused. On affected SKL systems this results in a
2577 significant performance gain over the IBRS mitigation.
2578
2579config CALL_THUNKS_DEBUG
2580 bool "Enable call thunks and call depth tracking debugging"
2581 depends on MITIGATION_CALL_DEPTH_TRACKING
2582 select FUNCTION_ALIGNMENT_32B
2583 default n
2584 help
2585 Enable call/ret counters for imbalance detection and build in
2586 a noisy dmesg about callthunks generation and call patching for
2587 trouble shooting. The debug prints need to be enabled on the
2588 kernel command line with 'debug-callthunks'.
2589 Only enable this when you are debugging call thunks as this
2590 creates a noticeable runtime overhead. If unsure say N.
2591
2592config MITIGATION_IBPB_ENTRY
2593 bool "Enable IBPB on kernel entry"
2594 depends on CPU_SUP_AMD && X86_64
2595 default y
2596 help
2597 Compile the kernel with support for the retbleed=ibpb and
2598 spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations.
2599
2600config MITIGATION_IBRS_ENTRY
2601 bool "Enable IBRS on kernel entry"
2602 depends on CPU_SUP_INTEL && X86_64
2603 default y
2604 help
2605 Compile the kernel with support for the spectre_v2=ibrs mitigation.
2606 This mitigates both spectre_v2 and retbleed at great cost to
2607 performance.
2608
2609config MITIGATION_SRSO
2610 bool "Mitigate speculative RAS overflow on AMD"
2611 depends on CPU_SUP_AMD && X86_64 && MITIGATION_RETHUNK
2612 default y
2613 help
2614 Enable the SRSO mitigation needed on AMD Zen1-4 machines.
2615
2616config MITIGATION_SLS
2617 bool "Mitigate Straight-Line-Speculation"
2618 depends on CC_HAS_SLS && X86_64
2619 select OBJTOOL if HAVE_OBJTOOL
2620 default n
2621 help
2622 Compile the kernel with straight-line-speculation options to guard
2623 against straight line speculation. The kernel image might be slightly
2624 larger.
2625
2626config MITIGATION_GDS
2627 bool "Mitigate Gather Data Sampling"
2628 depends on CPU_SUP_INTEL
2629 default y
2630 help
2631 Enable mitigation for Gather Data Sampling (GDS). GDS is a hardware
2632 vulnerability which allows unprivileged speculative access to data
2633 which was previously stored in vector registers. The attacker uses gather
2634 instructions to infer the stale vector register data.
2635
2636config MITIGATION_RFDS
2637 bool "RFDS Mitigation"
2638 depends on CPU_SUP_INTEL
2639 default y
2640 help
2641 Enable mitigation for Register File Data Sampling (RFDS) by default.
2642 RFDS is a hardware vulnerability which affects Intel Atom CPUs. It
2643 allows unprivileged speculative access to stale data previously
2644 stored in floating point, vector and integer registers.
2645 See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst>
2646
2647config MITIGATION_SPECTRE_BHI
2648 bool "Mitigate Spectre-BHB (Branch History Injection)"
2649 depends on CPU_SUP_INTEL
2650 default y
2651 help
2652 Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks
2653 where the branch history buffer is poisoned to speculatively steer
2654 indirect branches.
2655 See <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2656
2657config MITIGATION_MDS
2658 bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug"
2659 depends on CPU_SUP_INTEL
2660 default y
2661 help
2662 Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is
2663 a hardware vulnerability which allows unprivileged speculative access
2664 to data which is available in various CPU internal buffers.
2665 See also <file:Documentation/admin-guide/hw-vuln/mds.rst>
2666
2667config MITIGATION_TAA
2668 bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug"
2669 depends on CPU_SUP_INTEL
2670 default y
2671 help
2672 Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware
2673 vulnerability that allows unprivileged speculative access to data
2674 which is available in various CPU internal buffers by using
2675 asynchronous aborts within an Intel TSX transactional region.
2676 See also <file:Documentation/admin-guide/hw-vuln/tsx_async_abort.rst>
2677
2678config MITIGATION_MMIO_STALE_DATA
2679 bool "Mitigate MMIO Stale Data hardware bug"
2680 depends on CPU_SUP_INTEL
2681 default y
2682 help
2683 Enable mitigation for MMIO Stale Data hardware bugs. Processor MMIO
2684 Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO)
2685 vulnerabilities that can expose data. The vulnerabilities require the
2686 attacker to have access to MMIO.
2687 See also
2688 <file:Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst>
2689
2690config MITIGATION_L1TF
2691 bool "Mitigate L1 Terminal Fault (L1TF) hardware bug"
2692 depends on CPU_SUP_INTEL
2693 default y
2694 help
2695 Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a
2696 hardware vulnerability which allows unprivileged speculative access to data
2697 available in the Level 1 Data Cache.
2698 See <file:Documentation/admin-guide/hw-vuln/l1tf.rst
2699
2700config MITIGATION_RETBLEED
2701 bool "Mitigate RETBleed hardware bug"
2702 depends on (CPU_SUP_INTEL && MITIGATION_SPECTRE_V2) || MITIGATION_UNRET_ENTRY || MITIGATION_IBPB_ENTRY
2703 default y
2704 help
2705 Enable mitigation for RETBleed (Arbitrary Speculative Code Execution
2706 with Return Instructions) vulnerability. RETBleed is a speculative
2707 execution attack which takes advantage of microarchitectural behavior
2708 in many modern microprocessors, similar to Spectre v2. An
2709 unprivileged attacker can use these flaws to bypass conventional
2710 memory security restrictions to gain read access to privileged memory
2711 that would otherwise be inaccessible.
2712
2713config MITIGATION_SPECTRE_V1
2714 bool "Mitigate SPECTRE V1 hardware bug"
2715 default y
2716 help
2717 Enable mitigation for Spectre V1 (Bounds Check Bypass). Spectre V1 is a
2718 class of side channel attacks that takes advantage of speculative
2719 execution that bypasses conditional branch instructions used for
2720 memory access bounds check.
2721 See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2722
2723config MITIGATION_SPECTRE_V2
2724 bool "Mitigate SPECTRE V2 hardware bug"
2725 default y
2726 help
2727 Enable mitigation for Spectre V2 (Branch Target Injection). Spectre
2728 V2 is a class of side channel attacks that takes advantage of
2729 indirect branch predictors inside the processor. In Spectre variant 2
2730 attacks, the attacker can steer speculative indirect branches in the
2731 victim to gadget code by poisoning the branch target buffer of a CPU
2732 used for predicting indirect branch addresses.
2733 See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2734
2735config MITIGATION_SRBDS
2736 bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug"
2737 depends on CPU_SUP_INTEL
2738 default y
2739 help
2740 Enable mitigation for Special Register Buffer Data Sampling (SRBDS).
2741 SRBDS is a hardware vulnerability that allows Microarchitectural Data
2742 Sampling (MDS) techniques to infer values returned from special
2743 register accesses. An unprivileged user can extract values returned
2744 from RDRAND and RDSEED executed on another core or sibling thread
2745 using MDS techniques.
2746 See also
2747 <file:Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst>
2748
2749config MITIGATION_SSB
2750 bool "Mitigate Speculative Store Bypass (SSB) hardware bug"
2751 default y
2752 help
2753 Enable mitigation for Speculative Store Bypass (SSB). SSB is a
2754 hardware security vulnerability and its exploitation takes advantage
2755 of speculative execution in a similar way to the Meltdown and Spectre
2756 security vulnerabilities.
2757
2758endif
2759
2760config ARCH_HAS_ADD_PAGES
2761 def_bool y
2762 depends on ARCH_ENABLE_MEMORY_HOTPLUG
2763
2764menu "Power management and ACPI options"
2765
2766config ARCH_HIBERNATION_HEADER
2767 def_bool y
2768 depends on HIBERNATION
2769
2770source "kernel/power/Kconfig"
2771
2772source "drivers/acpi/Kconfig"
2773
2774config X86_APM_BOOT
2775 def_bool y
2776 depends on APM
2777
2778menuconfig APM
2779 tristate "APM (Advanced Power Management) BIOS support"
2780 depends on X86_32 && PM_SLEEP
2781 help
2782 APM is a BIOS specification for saving power using several different
2783 techniques. This is mostly useful for battery powered laptops with
2784 APM compliant BIOSes. If you say Y here, the system time will be
2785 reset after a RESUME operation, the /proc/apm device will provide
2786 battery status information, and user-space programs will receive
2787 notification of APM "events" (e.g. battery status change).
2788
2789 If you select "Y" here, you can disable actual use of the APM
2790 BIOS by passing the "apm=off" option to the kernel at boot time.
2791
2792 Note that the APM support is almost completely disabled for
2793 machines with more than one CPU.
2794
2795 In order to use APM, you will need supporting software. For location
2796 and more information, read <file:Documentation/power/apm-acpi.rst>
2797 and the Battery Powered Linux mini-HOWTO, available from
2798 <http://www.tldp.org/docs.html#howto>.
2799
2800 This driver does not spin down disk drives (see the hdparm(8)
2801 manpage ("man 8 hdparm") for that), and it doesn't turn off
2802 VESA-compliant "green" monitors.
2803
2804 This driver does not support the TI 4000M TravelMate and the ACER
2805 486/DX4/75 because they don't have compliant BIOSes. Many "green"
2806 desktop machines also don't have compliant BIOSes, and this driver
2807 may cause those machines to panic during the boot phase.
2808
2809 Generally, if you don't have a battery in your machine, there isn't
2810 much point in using this driver and you should say N. If you get
2811 random kernel OOPSes or reboots that don't seem to be related to
2812 anything, try disabling/enabling this option (or disabling/enabling
2813 APM in your BIOS).
2814
2815 Some other things you should try when experiencing seemingly random,
2816 "weird" problems:
2817
2818 1) make sure that you have enough swap space and that it is
2819 enabled.
2820 2) pass the "idle=poll" option to the kernel
2821 3) switch on floating point emulation in the kernel and pass
2822 the "no387" option to the kernel
2823 4) pass the "floppy=nodma" option to the kernel
2824 5) pass the "mem=4M" option to the kernel (thereby disabling
2825 all but the first 4 MB of RAM)
2826 6) make sure that the CPU is not over clocked.
2827 7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
2828 8) disable the cache from your BIOS settings
2829 9) install a fan for the video card or exchange video RAM
2830 10) install a better fan for the CPU
2831 11) exchange RAM chips
2832 12) exchange the motherboard.
2833
2834 To compile this driver as a module, choose M here: the
2835 module will be called apm.
2836
2837if APM
2838
2839config APM_IGNORE_USER_SUSPEND
2840 bool "Ignore USER SUSPEND"
2841 help
2842 This option will ignore USER SUSPEND requests. On machines with a
2843 compliant APM BIOS, you want to say N. However, on the NEC Versa M
2844 series notebooks, it is necessary to say Y because of a BIOS bug.
2845
2846config APM_DO_ENABLE
2847 bool "Enable PM at boot time"
2848 help
2849 Enable APM features at boot time. From page 36 of the APM BIOS
2850 specification: "When disabled, the APM BIOS does not automatically
2851 power manage devices, enter the Standby State, enter the Suspend
2852 State, or take power saving steps in response to CPU Idle calls."
2853 This driver will make CPU Idle calls when Linux is idle (unless this
2854 feature is turned off -- see "Do CPU IDLE calls", below). This
2855 should always save battery power, but more complicated APM features
2856 will be dependent on your BIOS implementation. You may need to turn
2857 this option off if your computer hangs at boot time when using APM
2858 support, or if it beeps continuously instead of suspending. Turn
2859 this off if you have a NEC UltraLite Versa 33/C or a Toshiba
2860 T400CDT. This is off by default since most machines do fine without
2861 this feature.
2862
2863config APM_CPU_IDLE
2864 depends on CPU_IDLE
2865 bool "Make CPU Idle calls when idle"
2866 help
2867 Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
2868 On some machines, this can activate improved power savings, such as
2869 a slowed CPU clock rate, when the machine is idle. These idle calls
2870 are made after the idle loop has run for some length of time (e.g.,
2871 333 mS). On some machines, this will cause a hang at boot time or
2872 whenever the CPU becomes idle. (On machines with more than one CPU,
2873 this option does nothing.)
2874
2875config APM_DISPLAY_BLANK
2876 bool "Enable console blanking using APM"
2877 help
2878 Enable console blanking using the APM. Some laptops can use this to
2879 turn off the LCD backlight when the screen blanker of the Linux
2880 virtual console blanks the screen. Note that this is only used by
2881 the virtual console screen blanker, and won't turn off the backlight
2882 when using the X Window system. This also doesn't have anything to
2883 do with your VESA-compliant power-saving monitor. Further, this
2884 option doesn't work for all laptops -- it might not turn off your
2885 backlight at all, or it might print a lot of errors to the console,
2886 especially if you are using gpm.
2887
2888config APM_ALLOW_INTS
2889 bool "Allow interrupts during APM BIOS calls"
2890 help
2891 Normally we disable external interrupts while we are making calls to
2892 the APM BIOS as a measure to lessen the effects of a badly behaving
2893 BIOS implementation. The BIOS should reenable interrupts if it
2894 needs to. Unfortunately, some BIOSes do not -- especially those in
2895 many of the newer IBM Thinkpads. If you experience hangs when you
2896 suspend, try setting this to Y. Otherwise, say N.
2897
2898endif # APM
2899
2900source "drivers/cpufreq/Kconfig"
2901
2902source "drivers/cpuidle/Kconfig"
2903
2904source "drivers/idle/Kconfig"
2905
2906endmenu
2907
2908menu "Bus options (PCI etc.)"
2909
2910choice
2911 prompt "PCI access mode"
2912 depends on X86_32 && PCI
2913 default PCI_GOANY
2914 help
2915 On PCI systems, the BIOS can be used to detect the PCI devices and
2916 determine their configuration. However, some old PCI motherboards
2917 have BIOS bugs and may crash if this is done. Also, some embedded
2918 PCI-based systems don't have any BIOS at all. Linux can also try to
2919 detect the PCI hardware directly without using the BIOS.
2920
2921 With this option, you can specify how Linux should detect the
2922 PCI devices. If you choose "BIOS", the BIOS will be used,
2923 if you choose "Direct", the BIOS won't be used, and if you
2924 choose "MMConfig", then PCI Express MMCONFIG will be used.
2925 If you choose "Any", the kernel will try MMCONFIG, then the
2926 direct access method and falls back to the BIOS if that doesn't
2927 work. If unsure, go with the default, which is "Any".
2928
2929config PCI_GOBIOS
2930 bool "BIOS"
2931
2932config PCI_GOMMCONFIG
2933 bool "MMConfig"
2934
2935config PCI_GODIRECT
2936 bool "Direct"
2937
2938config PCI_GOOLPC
2939 bool "OLPC XO-1"
2940 depends on OLPC
2941
2942config PCI_GOANY
2943 bool "Any"
2944
2945endchoice
2946
2947config PCI_BIOS
2948 def_bool y
2949 depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
2950
2951# x86-64 doesn't support PCI BIOS access from long mode so always go direct.
2952config PCI_DIRECT
2953 def_bool y
2954 depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
2955
2956config PCI_MMCONFIG
2957 bool "Support mmconfig PCI config space access" if X86_64
2958 default y
2959 depends on PCI && (ACPI || JAILHOUSE_GUEST)
2960 depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
2961
2962config PCI_OLPC
2963 def_bool y
2964 depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
2965
2966config PCI_XEN
2967 def_bool y
2968 depends on PCI && XEN
2969
2970config MMCONF_FAM10H
2971 def_bool y
2972 depends on X86_64 && PCI_MMCONFIG && ACPI
2973
2974config PCI_CNB20LE_QUIRK
2975 bool "Read CNB20LE Host Bridge Windows" if EXPERT
2976 depends on PCI
2977 help
2978 Read the PCI windows out of the CNB20LE host bridge. This allows
2979 PCI hotplug to work on systems with the CNB20LE chipset which do
2980 not have ACPI.
2981
2982 There's no public spec for this chipset, and this functionality
2983 is known to be incomplete.
2984
2985 You should say N unless you know you need this.
2986
2987config ISA_BUS
2988 bool "ISA bus support on modern systems" if EXPERT
2989 help
2990 Expose ISA bus device drivers and options available for selection and
2991 configuration. Enable this option if your target machine has an ISA
2992 bus. ISA is an older system, displaced by PCI and newer bus
2993 architectures -- if your target machine is modern, it probably does
2994 not have an ISA bus.
2995
2996 If unsure, say N.
2997
2998# x86_64 have no ISA slots, but can have ISA-style DMA.
2999config ISA_DMA_API
3000 bool "ISA-style DMA support" if (X86_64 && EXPERT)
3001 default y
3002 help
3003 Enables ISA-style DMA support for devices requiring such controllers.
3004 If unsure, say Y.
3005
3006if X86_32
3007
3008config ISA
3009 bool "ISA support"
3010 help
3011 Find out whether you have ISA slots on your motherboard. ISA is the
3012 name of a bus system, i.e. the way the CPU talks to the other stuff
3013 inside your box. Other bus systems are PCI, EISA, MicroChannel
3014 (MCA) or VESA. ISA is an older system, now being displaced by PCI;
3015 newer boards don't support it. If you have ISA, say Y, otherwise N.
3016
3017config SCx200
3018 tristate "NatSemi SCx200 support"
3019 help
3020 This provides basic support for National Semiconductor's
3021 (now AMD's) Geode processors. The driver probes for the
3022 PCI-IDs of several on-chip devices, so its a good dependency
3023 for other scx200_* drivers.
3024
3025 If compiled as a module, the driver is named scx200.
3026
3027config SCx200HR_TIMER
3028 tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
3029 depends on SCx200
3030 default y
3031 help
3032 This driver provides a clocksource built upon the on-chip
3033 27MHz high-resolution timer. Its also a workaround for
3034 NSC Geode SC-1100's buggy TSC, which loses time when the
3035 processor goes idle (as is done by the scheduler). The
3036 other workaround is idle=poll boot option.
3037
3038config OLPC
3039 bool "One Laptop Per Child support"
3040 depends on !X86_PAE
3041 select GPIOLIB
3042 select OF
3043 select OF_PROMTREE
3044 select IRQ_DOMAIN
3045 select OLPC_EC
3046 help
3047 Add support for detecting the unique features of the OLPC
3048 XO hardware.
3049
3050config OLPC_XO1_PM
3051 bool "OLPC XO-1 Power Management"
3052 depends on OLPC && MFD_CS5535=y && PM_SLEEP
3053 help
3054 Add support for poweroff and suspend of the OLPC XO-1 laptop.
3055
3056config OLPC_XO1_RTC
3057 bool "OLPC XO-1 Real Time Clock"
3058 depends on OLPC_XO1_PM && RTC_DRV_CMOS
3059 help
3060 Add support for the XO-1 real time clock, which can be used as a
3061 programmable wakeup source.
3062
3063config OLPC_XO1_SCI
3064 bool "OLPC XO-1 SCI extras"
3065 depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
3066 depends on INPUT=y
3067 select POWER_SUPPLY
3068 help
3069 Add support for SCI-based features of the OLPC XO-1 laptop:
3070 - EC-driven system wakeups
3071 - Power button
3072 - Ebook switch
3073 - Lid switch
3074 - AC adapter status updates
3075 - Battery status updates
3076
3077config OLPC_XO15_SCI
3078 bool "OLPC XO-1.5 SCI extras"
3079 depends on OLPC && ACPI
3080 select POWER_SUPPLY
3081 help
3082 Add support for SCI-based features of the OLPC XO-1.5 laptop:
3083 - EC-driven system wakeups
3084 - AC adapter status updates
3085 - Battery status updates
3086
3087config GEODE_COMMON
3088 bool
3089
3090config ALIX
3091 bool "PCEngines ALIX System Support (LED setup)"
3092 select GPIOLIB
3093 select GEODE_COMMON
3094 help
3095 This option enables system support for the PCEngines ALIX.
3096 At present this just sets up LEDs for GPIO control on
3097 ALIX2/3/6 boards. However, other system specific setup should
3098 get added here.
3099
3100 Note: You must still enable the drivers for GPIO and LED support
3101 (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
3102
3103 Note: You have to set alix.force=1 for boards with Award BIOS.
3104
3105config NET5501
3106 bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
3107 select GPIOLIB
3108 select GEODE_COMMON
3109 help
3110 This option enables system support for the Soekris Engineering net5501.
3111
3112config GEOS
3113 bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
3114 select GPIOLIB
3115 select GEODE_COMMON
3116 depends on DMI
3117 help
3118 This option enables system support for the Traverse Technologies GEOS.
3119
3120config TS5500
3121 bool "Technologic Systems TS-5500 platform support"
3122 depends on MELAN
3123 select CHECK_SIGNATURE
3124 select NEW_LEDS
3125 select LEDS_CLASS
3126 help
3127 This option enables system support for the Technologic Systems TS-5500.
3128
3129endif # X86_32
3130
3131config AMD_NB
3132 def_bool y
3133 depends on CPU_SUP_AMD && PCI
3134
3135endmenu
3136
3137menu "Binary Emulations"
3138
3139config IA32_EMULATION
3140 bool "IA32 Emulation"
3141 depends on X86_64
3142 select ARCH_WANT_OLD_COMPAT_IPC
3143 select BINFMT_ELF
3144 select COMPAT_OLD_SIGACTION
3145 help
3146 Include code to run legacy 32-bit programs under a
3147 64-bit kernel. You should likely turn this on, unless you're
3148 100% sure that you don't have any 32-bit programs left.
3149
3150config IA32_EMULATION_DEFAULT_DISABLED
3151 bool "IA32 emulation disabled by default"
3152 default n
3153 depends on IA32_EMULATION
3154 help
3155 Make IA32 emulation disabled by default. This prevents loading 32-bit
3156 processes and access to 32-bit syscalls. If unsure, leave it to its
3157 default value.
3158
3159config X86_X32_ABI
3160 bool "x32 ABI for 64-bit mode"
3161 depends on X86_64
3162 # llvm-objcopy does not convert x86_64 .note.gnu.property or
3163 # compressed debug sections to x86_x32 properly:
3164 # https://github.com/ClangBuiltLinux/linux/issues/514
3165 # https://github.com/ClangBuiltLinux/linux/issues/1141
3166 depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm)
3167 help
3168 Include code to run binaries for the x32 native 32-bit ABI
3169 for 64-bit processors. An x32 process gets access to the
3170 full 64-bit register file and wide data path while leaving
3171 pointers at 32 bits for smaller memory footprint.
3172
3173config COMPAT_32
3174 def_bool y
3175 depends on IA32_EMULATION || X86_32
3176 select HAVE_UID16
3177 select OLD_SIGSUSPEND3
3178
3179config COMPAT
3180 def_bool y
3181 depends on IA32_EMULATION || X86_X32_ABI
3182
3183config COMPAT_FOR_U64_ALIGNMENT
3184 def_bool y
3185 depends on COMPAT
3186
3187endmenu
3188
3189config HAVE_ATOMIC_IOMAP
3190 def_bool y
3191 depends on X86_32
3192
3193source "arch/x86/kvm/Kconfig"
3194
3195source "arch/x86/Kconfig.assembler"