mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-15 23:56:45 +07:00
aefcf2f4b5
Pull kernel lockdown mode from James Morris:
"This is the latest iteration of the kernel lockdown patchset, from
Matthew Garrett, David Howells and others.
From the original description:
This patchset introduces an optional kernel lockdown feature,
intended to strengthen the boundary between UID 0 and the kernel.
When enabled, various pieces of kernel functionality are restricted.
Applications that rely on low-level access to either hardware or the
kernel may cease working as a result - therefore this should not be
enabled without appropriate evaluation beforehand.
The majority of mainstream distributions have been carrying variants
of this patchset for many years now, so there's value in providing a
doesn't meet every distribution requirement, but gets us much closer
to not requiring external patches.
There are two major changes since this was last proposed for mainline:
- Separating lockdown from EFI secure boot. Background discussion is
covered here: https://lwn.net/Articles/751061/
- Implementation as an LSM, with a default stackable lockdown LSM
module. This allows the lockdown feature to be policy-driven,
rather than encoding an implicit policy within the mechanism.
The new locked_down LSM hook is provided to allow LSMs to make a
policy decision around whether kernel functionality that would allow
tampering with or examining the runtime state of the kernel should be
permitted.
The included lockdown LSM provides an implementation with a simple
policy intended for general purpose use. This policy provides a coarse
level of granularity, controllable via the kernel command line:
lockdown={integrity|confidentiality}
Enable the kernel lockdown feature. If set to integrity, kernel features
that allow userland to modify the running kernel are disabled. If set to
confidentiality, kernel features that allow userland to extract
confidential information from the kernel are also disabled.
This may also be controlled via /sys/kernel/security/lockdown and
overriden by kernel configuration.
New or existing LSMs may implement finer-grained controls of the
lockdown features. Refer to the lockdown_reason documentation in
include/linux/security.h for details.
The lockdown feature has had signficant design feedback and review
across many subsystems. This code has been in linux-next for some
weeks, with a few fixes applied along the way.
Stephen Rothwell noted that commit 9d1f8be5cf
("bpf: Restrict bpf
when kernel lockdown is in confidentiality mode") is missing a
Signed-off-by from its author. Matthew responded that he is providing
this under category (c) of the DCO"
* 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (31 commits)
kexec: Fix file verification on S390
security: constify some arrays in lockdown LSM
lockdown: Print current->comm in restriction messages
efi: Restrict efivar_ssdt_load when the kernel is locked down
tracefs: Restrict tracefs when the kernel is locked down
debugfs: Restrict debugfs when the kernel is locked down
kexec: Allow kexec_file() with appropriate IMA policy when locked down
lockdown: Lock down perf when in confidentiality mode
bpf: Restrict bpf when kernel lockdown is in confidentiality mode
lockdown: Lock down tracing and perf kprobes when in confidentiality mode
lockdown: Lock down /proc/kcore
x86/mmiotrace: Lock down the testmmiotrace module
lockdown: Lock down module params that specify hardware parameters (eg. ioport)
lockdown: Lock down TIOCSSERIAL
lockdown: Prohibit PCMCIA CIS storage when the kernel is locked down
acpi: Disable ACPI table override if the kernel is locked down
acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
ACPI: Limit access to custom_method when the kernel is locked down
x86/msr: Restrict MSR access when the kernel is locked down
x86: Lock down IO port access when the kernel is locked down
...
2930 lines
96 KiB
Plaintext
2930 lines
96 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
# Select 32 or 64 bit
|
|
config 64BIT
|
|
bool "64-bit kernel" if "$(ARCH)" = "x86"
|
|
default "$(ARCH)" != "i386"
|
|
---help---
|
|
Say yes to build a 64-bit kernel - formerly known as x86_64
|
|
Say no to build a 32-bit kernel - formerly known as i386
|
|
|
|
config X86_32
|
|
def_bool y
|
|
depends on !64BIT
|
|
# Options that are inherently 32-bit kernel only:
|
|
select ARCH_WANT_IPC_PARSE_VERSION
|
|
select CLKSRC_I8253
|
|
select CLONE_BACKWARDS
|
|
select HAVE_DEBUG_STACKOVERFLOW
|
|
select MODULES_USE_ELF_REL
|
|
select OLD_SIGACTION
|
|
select GENERIC_VDSO_32
|
|
|
|
config X86_64
|
|
def_bool y
|
|
depends on 64BIT
|
|
# Options that are inherently 64-bit kernel only:
|
|
select ARCH_HAS_GIGANTIC_PAGE
|
|
select ARCH_SUPPORTS_INT128
|
|
select ARCH_USE_CMPXCHG_LOCKREF
|
|
select HAVE_ARCH_SOFT_DIRTY
|
|
select MODULES_USE_ELF_RELA
|
|
select NEED_DMA_MAP_STATE
|
|
select SWIOTLB
|
|
select ARCH_HAS_SYSCALL_WRAPPER
|
|
|
|
config FORCE_DYNAMIC_FTRACE
|
|
def_bool y
|
|
depends on X86_32
|
|
depends on FUNCTION_TRACER
|
|
select DYNAMIC_FTRACE
|
|
help
|
|
We keep the static function tracing (!DYNAMIC_FTRACE) around
|
|
in order to test the non static function tracing in the
|
|
generic code, as other architectures still use it. But we
|
|
only need to keep it around for x86_64. No need to keep it
|
|
for x86_32. For x86_32, force DYNAMIC_FTRACE.
|
|
#
|
|
# Arch settings
|
|
#
|
|
# ( Note that options that are marked 'if X86_64' could in principle be
|
|
# ported to 32-bit as well. )
|
|
#
|
|
config X86
|
|
def_bool y
|
|
#
|
|
# Note: keep this list sorted alphabetically
|
|
#
|
|
select ACPI_LEGACY_TABLES_LOOKUP if ACPI
|
|
select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI
|
|
select ARCH_32BIT_OFF_T if X86_32
|
|
select ARCH_CLOCKSOURCE_DATA
|
|
select ARCH_CLOCKSOURCE_INIT
|
|
select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
|
|
select ARCH_HAS_DEBUG_VIRTUAL
|
|
select ARCH_HAS_DEVMEM_IS_ALLOWED
|
|
select ARCH_HAS_ELF_RANDOMIZE
|
|
select ARCH_HAS_FAST_MULTIPLIER
|
|
select ARCH_HAS_FILTER_PGPROT
|
|
select ARCH_HAS_FORTIFY_SOURCE
|
|
select ARCH_HAS_GCOV_PROFILE_ALL
|
|
select ARCH_HAS_KCOV if X86_64
|
|
select ARCH_HAS_MEM_ENCRYPT
|
|
select ARCH_HAS_MEMBARRIER_SYNC_CORE
|
|
select ARCH_HAS_PMEM_API if X86_64
|
|
select ARCH_HAS_PTE_DEVMAP if X86_64
|
|
select ARCH_HAS_PTE_SPECIAL
|
|
select ARCH_HAS_REFCOUNT
|
|
select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64
|
|
select ARCH_HAS_UACCESS_MCSAFE if X86_64 && X86_MCE
|
|
select ARCH_HAS_SET_MEMORY
|
|
select ARCH_HAS_SET_DIRECT_MAP
|
|
select ARCH_HAS_STRICT_KERNEL_RWX
|
|
select ARCH_HAS_STRICT_MODULE_RWX
|
|
select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
|
|
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
|
select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
|
|
select ARCH_MIGHT_HAVE_PC_PARPORT
|
|
select ARCH_MIGHT_HAVE_PC_SERIO
|
|
select ARCH_STACKWALK
|
|
select ARCH_SUPPORTS_ACPI
|
|
select ARCH_SUPPORTS_ATOMIC_RMW
|
|
select ARCH_SUPPORTS_NUMA_BALANCING if X86_64
|
|
select ARCH_USE_BUILTIN_BSWAP
|
|
select ARCH_USE_QUEUED_RWLOCKS
|
|
select ARCH_USE_QUEUED_SPINLOCKS
|
|
select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
|
|
select ARCH_WANTS_DYNAMIC_TASK_STRUCT
|
|
select ARCH_WANT_HUGE_PMD_SHARE
|
|
select ARCH_WANTS_THP_SWAP if X86_64
|
|
select BUILDTIME_EXTABLE_SORT
|
|
select CLKEVT_I8253
|
|
select CLOCKSOURCE_VALIDATE_LAST_CYCLE
|
|
select CLOCKSOURCE_WATCHDOG
|
|
select DCACHE_WORD_ACCESS
|
|
select EDAC_ATOMIC_SCRUB
|
|
select EDAC_SUPPORT
|
|
select GENERIC_CLOCKEVENTS
|
|
select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC)
|
|
select GENERIC_CLOCKEVENTS_MIN_ADJUST
|
|
select GENERIC_CMOS_UPDATE
|
|
select GENERIC_CPU_AUTOPROBE
|
|
select GENERIC_CPU_VULNERABILITIES
|
|
select GENERIC_EARLY_IOREMAP
|
|
select GENERIC_FIND_FIRST_BIT
|
|
select GENERIC_IOMAP
|
|
select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP
|
|
select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC
|
|
select GENERIC_IRQ_MIGRATION if SMP
|
|
select GENERIC_IRQ_PROBE
|
|
select GENERIC_IRQ_RESERVATION_MODE
|
|
select GENERIC_IRQ_SHOW
|
|
select GENERIC_PENDING_IRQ if SMP
|
|
select GENERIC_SMP_IDLE_THREAD
|
|
select GENERIC_STRNCPY_FROM_USER
|
|
select GENERIC_STRNLEN_USER
|
|
select GENERIC_TIME_VSYSCALL
|
|
select GENERIC_GETTIMEOFDAY
|
|
select GUP_GET_PTE_LOW_HIGH if X86_PAE
|
|
select HARDLOCKUP_CHECK_TIMESTAMP if X86_64
|
|
select HAVE_ACPI_APEI if ACPI
|
|
select HAVE_ACPI_APEI_NMI if ACPI
|
|
select HAVE_ALIGNED_STRUCT_PAGE if SLUB
|
|
select HAVE_ARCH_AUDITSYSCALL
|
|
select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE
|
|
select HAVE_ARCH_JUMP_LABEL
|
|
select HAVE_ARCH_JUMP_LABEL_RELATIVE
|
|
select HAVE_ARCH_KASAN if X86_64
|
|
select HAVE_ARCH_KGDB
|
|
select HAVE_ARCH_MMAP_RND_BITS if MMU
|
|
select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT
|
|
select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT
|
|
select HAVE_ARCH_PREL32_RELOCATIONS
|
|
select HAVE_ARCH_SECCOMP_FILTER
|
|
select HAVE_ARCH_THREAD_STRUCT_WHITELIST
|
|
select HAVE_ARCH_STACKLEAK
|
|
select HAVE_ARCH_TRACEHOOK
|
|
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
|
|
select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
|
|
select HAVE_ARCH_VMAP_STACK if X86_64
|
|
select HAVE_ARCH_WITHIN_STACK_FRAMES
|
|
select HAVE_ASM_MODVERSIONS
|
|
select HAVE_CMPXCHG_DOUBLE
|
|
select HAVE_CMPXCHG_LOCAL
|
|
select HAVE_CONTEXT_TRACKING if X86_64
|
|
select HAVE_COPY_THREAD_TLS
|
|
select HAVE_C_RECORDMCOUNT
|
|
select HAVE_DEBUG_KMEMLEAK
|
|
select HAVE_DMA_CONTIGUOUS
|
|
select HAVE_DYNAMIC_FTRACE
|
|
select HAVE_DYNAMIC_FTRACE_WITH_REGS
|
|
select HAVE_EBPF_JIT
|
|
select HAVE_EFFICIENT_UNALIGNED_ACCESS
|
|
select HAVE_EISA
|
|
select HAVE_EXIT_THREAD
|
|
select HAVE_FAST_GUP
|
|
select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE
|
|
select HAVE_FTRACE_MCOUNT_RECORD
|
|
select HAVE_FUNCTION_GRAPH_TRACER
|
|
select HAVE_FUNCTION_TRACER
|
|
select HAVE_GCC_PLUGINS
|
|
select HAVE_HW_BREAKPOINT
|
|
select HAVE_IDE
|
|
select HAVE_IOREMAP_PROT
|
|
select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
|
|
select HAVE_IRQ_TIME_ACCOUNTING
|
|
select HAVE_KERNEL_BZIP2
|
|
select HAVE_KERNEL_GZIP
|
|
select HAVE_KERNEL_LZ4
|
|
select HAVE_KERNEL_LZMA
|
|
select HAVE_KERNEL_LZO
|
|
select HAVE_KERNEL_XZ
|
|
select HAVE_KPROBES
|
|
select HAVE_KPROBES_ON_FTRACE
|
|
select HAVE_FUNCTION_ERROR_INJECTION
|
|
select HAVE_KRETPROBES
|
|
select HAVE_KVM
|
|
select HAVE_LIVEPATCH if X86_64
|
|
select HAVE_MEMBLOCK_NODE_MAP
|
|
select HAVE_MIXED_BREAKPOINTS_REGS
|
|
select HAVE_MOD_ARCH_SPECIFIC
|
|
select HAVE_MOVE_PMD
|
|
select HAVE_NMI
|
|
select HAVE_OPROFILE
|
|
select HAVE_OPTPROBES
|
|
select HAVE_PCSPKR_PLATFORM
|
|
select HAVE_PERF_EVENTS
|
|
select HAVE_PERF_EVENTS_NMI
|
|
select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
|
|
select HAVE_PCI
|
|
select HAVE_PERF_REGS
|
|
select HAVE_PERF_USER_STACK_DUMP
|
|
select HAVE_RCU_TABLE_FREE if PARAVIRT
|
|
select HAVE_REGS_AND_STACK_ACCESS_API
|
|
select HAVE_RELIABLE_STACKTRACE if X86_64 && (UNWINDER_FRAME_POINTER || UNWINDER_ORC) && STACK_VALIDATION
|
|
select HAVE_FUNCTION_ARG_ACCESS_API
|
|
select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR
|
|
select HAVE_STACK_VALIDATION if X86_64
|
|
select HAVE_RSEQ
|
|
select HAVE_SYSCALL_TRACEPOINTS
|
|
select HAVE_UNSTABLE_SCHED_CLOCK
|
|
select HAVE_USER_RETURN_NOTIFIER
|
|
select HAVE_GENERIC_VDSO
|
|
select HOTPLUG_SMT if SMP
|
|
select IRQ_FORCED_THREADING
|
|
select NEED_SG_DMA_LENGTH
|
|
select PCI_DOMAINS if PCI
|
|
select PCI_LOCKLESS_CONFIG if PCI
|
|
select PERF_EVENTS
|
|
select RTC_LIB
|
|
select RTC_MC146818_LIB
|
|
select SPARSE_IRQ
|
|
select SRCU
|
|
select SYSCTL_EXCEPTION_TRACE
|
|
select THREAD_INFO_IN_TASK
|
|
select USER_STACKTRACE_SUPPORT
|
|
select VIRT_TO_BUS
|
|
select X86_FEATURE_NAMES if PROC_FS
|
|
select PROC_PID_ARCH_STATUS if PROC_FS
|
|
|
|
config INSTRUCTION_DECODER
|
|
def_bool y
|
|
depends on KPROBES || PERF_EVENTS || UPROBES
|
|
|
|
config OUTPUT_FORMAT
|
|
string
|
|
default "elf32-i386" if X86_32
|
|
default "elf64-x86-64" if X86_64
|
|
|
|
config ARCH_DEFCONFIG
|
|
string
|
|
default "arch/x86/configs/i386_defconfig" if X86_32
|
|
default "arch/x86/configs/x86_64_defconfig" if X86_64
|
|
|
|
config LOCKDEP_SUPPORT
|
|
def_bool y
|
|
|
|
config STACKTRACE_SUPPORT
|
|
def_bool y
|
|
|
|
config MMU
|
|
def_bool y
|
|
|
|
config ARCH_MMAP_RND_BITS_MIN
|
|
default 28 if 64BIT
|
|
default 8
|
|
|
|
config ARCH_MMAP_RND_BITS_MAX
|
|
default 32 if 64BIT
|
|
default 16
|
|
|
|
config ARCH_MMAP_RND_COMPAT_BITS_MIN
|
|
default 8
|
|
|
|
config ARCH_MMAP_RND_COMPAT_BITS_MAX
|
|
default 16
|
|
|
|
config SBUS
|
|
bool
|
|
|
|
config GENERIC_ISA_DMA
|
|
def_bool y
|
|
depends on ISA_DMA_API
|
|
|
|
config GENERIC_BUG
|
|
def_bool y
|
|
depends on BUG
|
|
select GENERIC_BUG_RELATIVE_POINTERS if X86_64
|
|
|
|
config GENERIC_BUG_RELATIVE_POINTERS
|
|
bool
|
|
|
|
config ARCH_MAY_HAVE_PC_FDC
|
|
def_bool y
|
|
depends on ISA_DMA_API
|
|
|
|
config GENERIC_CALIBRATE_DELAY
|
|
def_bool y
|
|
|
|
config ARCH_HAS_CPU_RELAX
|
|
def_bool y
|
|
|
|
config ARCH_HAS_CACHE_LINE_SIZE
|
|
def_bool y
|
|
|
|
config ARCH_HAS_FILTER_PGPROT
|
|
def_bool y
|
|
|
|
config HAVE_SETUP_PER_CPU_AREA
|
|
def_bool y
|
|
|
|
config NEED_PER_CPU_EMBED_FIRST_CHUNK
|
|
def_bool y
|
|
|
|
config NEED_PER_CPU_PAGE_FIRST_CHUNK
|
|
def_bool y
|
|
|
|
config ARCH_HIBERNATION_POSSIBLE
|
|
def_bool y
|
|
|
|
config ARCH_SUSPEND_POSSIBLE
|
|
def_bool y
|
|
|
|
config ARCH_WANT_GENERAL_HUGETLB
|
|
def_bool y
|
|
|
|
config ZONE_DMA32
|
|
def_bool y if X86_64
|
|
|
|
config AUDIT_ARCH
|
|
def_bool y if X86_64
|
|
|
|
config ARCH_SUPPORTS_DEBUG_PAGEALLOC
|
|
def_bool y
|
|
|
|
config KASAN_SHADOW_OFFSET
|
|
hex
|
|
depends on KASAN
|
|
default 0xdffffc0000000000
|
|
|
|
config HAVE_INTEL_TXT
|
|
def_bool y
|
|
depends on INTEL_IOMMU && ACPI
|
|
|
|
config X86_32_SMP
|
|
def_bool y
|
|
depends on X86_32 && SMP
|
|
|
|
config X86_64_SMP
|
|
def_bool y
|
|
depends on X86_64 && SMP
|
|
|
|
config X86_32_LAZY_GS
|
|
def_bool y
|
|
depends on X86_32 && !STACKPROTECTOR
|
|
|
|
config ARCH_SUPPORTS_UPROBES
|
|
def_bool y
|
|
|
|
config FIX_EARLYCON_MEM
|
|
def_bool y
|
|
|
|
config DYNAMIC_PHYSICAL_MASK
|
|
bool
|
|
|
|
config PGTABLE_LEVELS
|
|
int
|
|
default 5 if X86_5LEVEL
|
|
default 4 if X86_64
|
|
default 3 if X86_PAE
|
|
default 2
|
|
|
|
config CC_HAS_SANE_STACKPROTECTOR
|
|
bool
|
|
default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC)) if 64BIT
|
|
default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC))
|
|
help
|
|
We have to make sure stack protector is unconditionally disabled if
|
|
the compiler produces broken code.
|
|
|
|
menu "Processor type and features"
|
|
|
|
config ZONE_DMA
|
|
bool "DMA memory allocation support" if EXPERT
|
|
default y
|
|
help
|
|
DMA memory allocation support allows devices with less than 32-bit
|
|
addressing to allocate within the first 16MB of address space.
|
|
Disable if no such devices will be used.
|
|
|
|
If unsure, say Y.
|
|
|
|
config SMP
|
|
bool "Symmetric multi-processing support"
|
|
---help---
|
|
This enables support for systems with more than one CPU. If you have
|
|
a system with only one CPU, say N. If you have a system with more
|
|
than one CPU, say Y.
|
|
|
|
If you say N here, the kernel will run on uni- and multiprocessor
|
|
machines, but will use only one CPU of a multiprocessor machine. If
|
|
you say Y here, the kernel will run on many, but not all,
|
|
uniprocessor machines. On a uniprocessor machine, the kernel
|
|
will run faster if you say N here.
|
|
|
|
Note that if you say Y here and choose architecture "586" or
|
|
"Pentium" under "Processor family", the kernel will not work on 486
|
|
architectures. Similarly, multiprocessor kernels for the "PPro"
|
|
architecture may not work on all Pentium based boards.
|
|
|
|
People using multiprocessor machines who say Y here should also say
|
|
Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
|
|
Management" code will be disabled if you say Y here.
|
|
|
|
See also <file:Documentation/x86/i386/IO-APIC.rst>,
|
|
<file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
|
|
<http://www.tldp.org/docs.html#howto>.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config X86_FEATURE_NAMES
|
|
bool "Processor feature human-readable names" if EMBEDDED
|
|
default y
|
|
---help---
|
|
This option compiles in a table of x86 feature bits and corresponding
|
|
names. This is required to support /proc/cpuinfo and a few kernel
|
|
messages. You can disable this to save space, at the expense of
|
|
making those few kernel messages show numeric feature bits instead.
|
|
|
|
If in doubt, say Y.
|
|
|
|
config X86_X2APIC
|
|
bool "Support x2apic"
|
|
depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
|
|
---help---
|
|
This enables x2apic support on CPUs that have this feature.
|
|
|
|
This allows 32-bit apic IDs (so it can support very large systems),
|
|
and accesses the local apic via MSRs not via mmio.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config X86_MPPARSE
|
|
bool "Enable MPS table" if ACPI || SFI
|
|
default y
|
|
depends on X86_LOCAL_APIC
|
|
---help---
|
|
For old smp systems that do not have proper acpi support. Newer systems
|
|
(esp with 64bit cpus) with acpi support, MADT and DSDT will override it
|
|
|
|
config GOLDFISH
|
|
def_bool y
|
|
depends on X86_GOLDFISH
|
|
|
|
config RETPOLINE
|
|
bool "Avoid speculative indirect branches in kernel"
|
|
default y
|
|
select STACK_VALIDATION if HAVE_STACK_VALIDATION
|
|
help
|
|
Compile kernel with the retpoline compiler options to guard against
|
|
kernel-to-user data leaks by avoiding speculative indirect
|
|
branches. Requires a compiler with -mindirect-branch=thunk-extern
|
|
support for full protection. The kernel may run slower.
|
|
|
|
config X86_CPU_RESCTRL
|
|
bool "x86 CPU resource control support"
|
|
depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
|
|
select KERNFS
|
|
help
|
|
Enable x86 CPU resource control support.
|
|
|
|
Provide support for the allocation and monitoring of system resources
|
|
usage by the CPU.
|
|
|
|
Intel calls this Intel Resource Director Technology
|
|
(Intel(R) RDT). More information about RDT can be found in the
|
|
Intel x86 Architecture Software Developer Manual.
|
|
|
|
AMD calls this AMD Platform Quality of Service (AMD QoS).
|
|
More information about AMD QoS can be found in the AMD64 Technology
|
|
Platform Quality of Service Extensions manual.
|
|
|
|
Say N if unsure.
|
|
|
|
if X86_32
|
|
config X86_BIGSMP
|
|
bool "Support for big SMP systems with more than 8 CPUs"
|
|
depends on SMP
|
|
---help---
|
|
This option is needed for the systems that have more than 8 CPUs
|
|
|
|
config X86_EXTENDED_PLATFORM
|
|
bool "Support for extended (non-PC) x86 platforms"
|
|
default y
|
|
---help---
|
|
If you disable this option then the kernel will only support
|
|
standard PC platforms. (which covers the vast majority of
|
|
systems out there.)
|
|
|
|
If you enable this option then you'll be able to select support
|
|
for the following (non-PC) 32 bit x86 platforms:
|
|
Goldfish (Android emulator)
|
|
AMD Elan
|
|
RDC R-321x SoC
|
|
SGI 320/540 (Visual Workstation)
|
|
STA2X11-based (e.g. Northville)
|
|
Moorestown MID devices
|
|
|
|
If you have one of these systems, or if you want to build a
|
|
generic distribution kernel, say Y here - otherwise say N.
|
|
endif
|
|
|
|
if X86_64
|
|
config X86_EXTENDED_PLATFORM
|
|
bool "Support for extended (non-PC) x86 platforms"
|
|
default y
|
|
---help---
|
|
If you disable this option then the kernel will only support
|
|
standard PC platforms. (which covers the vast majority of
|
|
systems out there.)
|
|
|
|
If you enable this option then you'll be able to select support
|
|
for the following (non-PC) 64 bit x86 platforms:
|
|
Numascale NumaChip
|
|
ScaleMP vSMP
|
|
SGI Ultraviolet
|
|
|
|
If you have one of these systems, or if you want to build a
|
|
generic distribution kernel, say Y here - otherwise say N.
|
|
endif
|
|
# This is an alphabetically sorted list of 64 bit extended platforms
|
|
# Please maintain the alphabetic order if and when there are additions
|
|
config X86_NUMACHIP
|
|
bool "Numascale NumaChip"
|
|
depends on X86_64
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on NUMA
|
|
depends on SMP
|
|
depends on X86_X2APIC
|
|
depends on PCI_MMCONFIG
|
|
---help---
|
|
Adds support for Numascale NumaChip large-SMP systems. Needed to
|
|
enable more than ~168 cores.
|
|
If you don't have one of these, you should say N here.
|
|
|
|
config X86_VSMP
|
|
bool "ScaleMP vSMP"
|
|
select HYPERVISOR_GUEST
|
|
select PARAVIRT
|
|
depends on X86_64 && PCI
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on SMP
|
|
---help---
|
|
Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is
|
|
supposed to run on these EM64T-based machines. Only choose this option
|
|
if you have one of these machines.
|
|
|
|
config X86_UV
|
|
bool "SGI Ultraviolet"
|
|
depends on X86_64
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on NUMA
|
|
depends on EFI
|
|
depends on X86_X2APIC
|
|
depends on PCI
|
|
---help---
|
|
This option is needed in order to support SGI Ultraviolet systems.
|
|
If you don't have one of these, you should say N here.
|
|
|
|
# Following is an alphabetically sorted list of 32 bit extended platforms
|
|
# Please maintain the alphabetic order if and when there are additions
|
|
|
|
config X86_GOLDFISH
|
|
bool "Goldfish (Virtual Platform)"
|
|
depends on X86_EXTENDED_PLATFORM
|
|
---help---
|
|
Enable support for the Goldfish virtual platform used primarily
|
|
for Android development. Unless you are building for the Android
|
|
Goldfish emulator say N here.
|
|
|
|
config X86_INTEL_CE
|
|
bool "CE4100 TV platform"
|
|
depends on PCI
|
|
depends on PCI_GODIRECT
|
|
depends on X86_IO_APIC
|
|
depends on X86_32
|
|
depends on X86_EXTENDED_PLATFORM
|
|
select X86_REBOOTFIXUPS
|
|
select OF
|
|
select OF_EARLY_FLATTREE
|
|
---help---
|
|
Select for the Intel CE media processor (CE4100) SOC.
|
|
This option compiles in support for the CE4100 SOC for settop
|
|
boxes and media devices.
|
|
|
|
config X86_INTEL_MID
|
|
bool "Intel MID platform support"
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on X86_PLATFORM_DEVICES
|
|
depends on PCI
|
|
depends on X86_64 || (PCI_GOANY && X86_32)
|
|
depends on X86_IO_APIC
|
|
select SFI
|
|
select I2C
|
|
select DW_APB_TIMER
|
|
select APB_TIMER
|
|
select INTEL_SCU_IPC
|
|
select MFD_INTEL_MSIC
|
|
---help---
|
|
Select to build a kernel capable of supporting Intel MID (Mobile
|
|
Internet Device) platform systems which do not have the PCI legacy
|
|
interfaces. If you are building for a PC class system say N here.
|
|
|
|
Intel MID platforms are based on an Intel processor and chipset which
|
|
consume less power than most of the x86 derivatives.
|
|
|
|
config X86_INTEL_QUARK
|
|
bool "Intel Quark platform support"
|
|
depends on X86_32
|
|
depends on X86_EXTENDED_PLATFORM
|
|
depends on X86_PLATFORM_DEVICES
|
|
depends on X86_TSC
|
|
depends on PCI
|
|
depends on PCI_GOANY
|
|
depends on X86_IO_APIC
|
|
select IOSF_MBI
|
|
select INTEL_IMR
|
|
select COMMON_CLK
|
|
---help---
|
|
Select to include support for Quark X1000 SoC.
|
|
Say Y here if you have a Quark based system such as the Arduino
|
|
compatible Intel Galileo.
|
|
|
|
config X86_INTEL_LPSS
|
|
bool "Intel Low Power Subsystem Support"
|
|
depends on X86 && ACPI && PCI
|
|
select COMMON_CLK
|
|
select PINCTRL
|
|
select IOSF_MBI
|
|
---help---
|
|
Select to build support for Intel Low Power Subsystem such as
|
|
found on Intel Lynxpoint PCH. Selecting this option enables
|
|
things like clock tree (common clock framework) and pincontrol
|
|
which are needed by the LPSS peripheral drivers.
|
|
|
|
config X86_AMD_PLATFORM_DEVICE
|
|
bool "AMD ACPI2Platform devices support"
|
|
depends on ACPI
|
|
select COMMON_CLK
|
|
select PINCTRL
|
|
---help---
|
|
Select to interpret AMD specific ACPI device to platform device
|
|
such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
|
|
I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
|
|
implemented under PINCTRL subsystem.
|
|
|
|
config IOSF_MBI
|
|
tristate "Intel SoC IOSF Sideband support for SoC platforms"
|
|
depends on PCI
|
|
---help---
|
|
This option enables sideband register access support for Intel SoC
|
|
platforms. On these platforms the IOSF sideband is used in lieu of
|
|
MSR's for some register accesses, mostly but not limited to thermal
|
|
and power. Drivers may query the availability of this device to
|
|
determine if they need the sideband in order to work on these
|
|
platforms. The sideband is available on the following SoC products.
|
|
This list is not meant to be exclusive.
|
|
- BayTrail
|
|
- Braswell
|
|
- Quark
|
|
|
|
You should say Y if you are running a kernel on one of these SoC's.
|
|
|
|
config IOSF_MBI_DEBUG
|
|
bool "Enable IOSF sideband access through debugfs"
|
|
depends on IOSF_MBI && DEBUG_FS
|
|
---help---
|
|
Select this option to expose the IOSF sideband access registers (MCR,
|
|
MDR, MCRX) through debugfs to write and read register information from
|
|
different units on the SoC. This is most useful for obtaining device
|
|
state information for debug and analysis. As this is a general access
|
|
mechanism, users of this option would have specific knowledge of the
|
|
device they want to access.
|
|
|
|
If you don't require the option or are in doubt, say N.
|
|
|
|
config X86_RDC321X
|
|
bool "RDC R-321x SoC"
|
|
depends on X86_32
|
|
depends on X86_EXTENDED_PLATFORM
|
|
select M486
|
|
select X86_REBOOTFIXUPS
|
|
---help---
|
|
This option is needed for RDC R-321x system-on-chip, also known
|
|
as R-8610-(G).
|
|
If you don't have one of these chips, you should say N here.
|
|
|
|
config X86_32_NON_STANDARD
|
|
bool "Support non-standard 32-bit SMP architectures"
|
|
depends on X86_32 && SMP
|
|
depends on X86_EXTENDED_PLATFORM
|
|
---help---
|
|
This option compiles in the bigsmp and STA2X11 default
|
|
subarchitectures. It is intended for a generic binary
|
|
kernel. If you select them all, kernel will probe it one by
|
|
one and will fallback to default.
|
|
|
|
# Alphabetically sorted list of Non standard 32 bit platforms
|
|
|
|
config X86_SUPPORTS_MEMORY_FAILURE
|
|
def_bool y
|
|
# MCE code calls memory_failure():
|
|
depends on X86_MCE
|
|
# On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
|
|
# On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
|
|
depends on X86_64 || !SPARSEMEM
|
|
select ARCH_SUPPORTS_MEMORY_FAILURE
|
|
|
|
config STA2X11
|
|
bool "STA2X11 Companion Chip Support"
|
|
depends on X86_32_NON_STANDARD && PCI
|
|
select ARCH_HAS_PHYS_TO_DMA
|
|
select SWIOTLB
|
|
select MFD_STA2X11
|
|
select GPIOLIB
|
|
---help---
|
|
This adds support for boards based on the STA2X11 IO-Hub,
|
|
a.k.a. "ConneXt". The chip is used in place of the standard
|
|
PC chipset, so all "standard" peripherals are missing. If this
|
|
option is selected the kernel will still be able to boot on
|
|
standard PC machines.
|
|
|
|
config X86_32_IRIS
|
|
tristate "Eurobraille/Iris poweroff module"
|
|
depends on X86_32
|
|
---help---
|
|
The Iris machines from EuroBraille do not have APM or ACPI support
|
|
to shut themselves down properly. A special I/O sequence is
|
|
needed to do so, which is what this module does at
|
|
kernel shutdown.
|
|
|
|
This is only for Iris machines from EuroBraille.
|
|
|
|
If unused, say N.
|
|
|
|
config SCHED_OMIT_FRAME_POINTER
|
|
def_bool y
|
|
prompt "Single-depth WCHAN output"
|
|
depends on X86
|
|
---help---
|
|
Calculate simpler /proc/<PID>/wchan values. If this option
|
|
is disabled then wchan values will recurse back to the
|
|
caller function. This provides more accurate wchan values,
|
|
at the expense of slightly more scheduling overhead.
|
|
|
|
If in doubt, say "Y".
|
|
|
|
menuconfig HYPERVISOR_GUEST
|
|
bool "Linux guest support"
|
|
---help---
|
|
Say Y here to enable options for running Linux under various hyper-
|
|
visors. This option enables basic hypervisor detection and platform
|
|
setup.
|
|
|
|
If you say N, all options in this submenu will be skipped and
|
|
disabled, and Linux guest support won't be built in.
|
|
|
|
if HYPERVISOR_GUEST
|
|
|
|
config PARAVIRT
|
|
bool "Enable paravirtualization code"
|
|
---help---
|
|
This changes the kernel so it can modify itself when it is run
|
|
under a hypervisor, potentially improving performance significantly
|
|
over full virtualization. However, when run without a hypervisor
|
|
the kernel is theoretically slower and slightly larger.
|
|
|
|
config PARAVIRT_XXL
|
|
bool
|
|
|
|
config PARAVIRT_DEBUG
|
|
bool "paravirt-ops debugging"
|
|
depends on PARAVIRT && DEBUG_KERNEL
|
|
---help---
|
|
Enable to debug paravirt_ops internals. Specifically, BUG if
|
|
a paravirt_op is missing when it is called.
|
|
|
|
config PARAVIRT_SPINLOCKS
|
|
bool "Paravirtualization layer for spinlocks"
|
|
depends on PARAVIRT && SMP
|
|
---help---
|
|
Paravirtualized spinlocks allow a pvops backend to replace the
|
|
spinlock implementation with something virtualization-friendly
|
|
(for example, block the virtual CPU rather than spinning).
|
|
|
|
It has a minimal impact on native kernels and gives a nice performance
|
|
benefit on paravirtualized KVM / Xen kernels.
|
|
|
|
If you are unsure how to answer this question, answer Y.
|
|
|
|
config X86_HV_CALLBACK_VECTOR
|
|
def_bool n
|
|
|
|
source "arch/x86/xen/Kconfig"
|
|
|
|
config KVM_GUEST
|
|
bool "KVM Guest support (including kvmclock)"
|
|
depends on PARAVIRT
|
|
select PARAVIRT_CLOCK
|
|
select ARCH_CPUIDLE_HALTPOLL
|
|
default y
|
|
---help---
|
|
This option enables various optimizations for running under the KVM
|
|
hypervisor. It includes a paravirtualized clock, so that instead
|
|
of relying on a PIT (or probably other) emulation by the
|
|
underlying device model, the host provides the guest with
|
|
timing infrastructure such as time of day, and system time
|
|
|
|
config ARCH_CPUIDLE_HALTPOLL
|
|
def_bool n
|
|
prompt "Disable host haltpoll when loading haltpoll driver"
|
|
help
|
|
If virtualized under KVM, disable host haltpoll.
|
|
|
|
config PVH
|
|
bool "Support for running PVH guests"
|
|
---help---
|
|
This option enables the PVH entry point for guest virtual machines
|
|
as specified in the x86/HVM direct boot ABI.
|
|
|
|
config KVM_DEBUG_FS
|
|
bool "Enable debug information for KVM Guests in debugfs"
|
|
depends on KVM_GUEST && DEBUG_FS
|
|
---help---
|
|
This option enables collection of various statistics for KVM guest.
|
|
Statistics are displayed in debugfs filesystem. Enabling this option
|
|
may incur significant overhead.
|
|
|
|
config PARAVIRT_TIME_ACCOUNTING
|
|
bool "Paravirtual steal time accounting"
|
|
depends on PARAVIRT
|
|
---help---
|
|
Select this option to enable fine granularity task steal time
|
|
accounting. Time spent executing other tasks in parallel with
|
|
the current vCPU is discounted from the vCPU power. To account for
|
|
that, there can be a small performance impact.
|
|
|
|
If in doubt, say N here.
|
|
|
|
config PARAVIRT_CLOCK
|
|
bool
|
|
|
|
config JAILHOUSE_GUEST
|
|
bool "Jailhouse non-root cell support"
|
|
depends on X86_64 && PCI
|
|
select X86_PM_TIMER
|
|
---help---
|
|
This option allows to run Linux as guest in a Jailhouse non-root
|
|
cell. You can leave this option disabled if you only want to start
|
|
Jailhouse and run Linux afterwards in the root cell.
|
|
|
|
config ACRN_GUEST
|
|
bool "ACRN Guest support"
|
|
depends on X86_64
|
|
select X86_HV_CALLBACK_VECTOR
|
|
help
|
|
This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
|
|
a flexible, lightweight reference open-source hypervisor, built with
|
|
real-time and safety-criticality in mind. It is built for embedded
|
|
IOT with small footprint and real-time features. More details can be
|
|
found in https://projectacrn.org/.
|
|
|
|
endif #HYPERVISOR_GUEST
|
|
|
|
source "arch/x86/Kconfig.cpu"
|
|
|
|
config HPET_TIMER
|
|
def_bool X86_64
|
|
prompt "HPET Timer Support" if X86_32
|
|
---help---
|
|
Use the IA-PC HPET (High Precision Event Timer) to manage
|
|
time in preference to the PIT and RTC, if a HPET is
|
|
present.
|
|
HPET is the next generation timer replacing legacy 8254s.
|
|
The HPET provides a stable time base on SMP
|
|
systems, unlike the TSC, but it is more expensive to access,
|
|
as it is off-chip. The interface used is documented
|
|
in the HPET spec, revision 1.
|
|
|
|
You can safely choose Y here. However, HPET will only be
|
|
activated if the platform and the BIOS support this feature.
|
|
Otherwise the 8254 will be used for timing services.
|
|
|
|
Choose N to continue using the legacy 8254 timer.
|
|
|
|
config HPET_EMULATE_RTC
|
|
def_bool y
|
|
depends on HPET_TIMER && (RTC=y || RTC=m || RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
|
|
|
|
config APB_TIMER
|
|
def_bool y if X86_INTEL_MID
|
|
prompt "Intel MID APB Timer Support" if X86_INTEL_MID
|
|
select DW_APB_TIMER
|
|
depends on X86_INTEL_MID && SFI
|
|
help
|
|
APB timer is the replacement for 8254, HPET on X86 MID platforms.
|
|
The APBT provides a stable time base on SMP
|
|
systems, unlike the TSC, but it is more expensive to access,
|
|
as it is off-chip. APB timers are always running regardless of CPU
|
|
C states, they are used as per CPU clockevent device when possible.
|
|
|
|
# Mark as expert because too many people got it wrong.
|
|
# The code disables itself when not needed.
|
|
config DMI
|
|
default y
|
|
select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
|
|
bool "Enable DMI scanning" if EXPERT
|
|
---help---
|
|
Enabled scanning of DMI to identify machine quirks. Say Y
|
|
here unless you have verified that your setup is not
|
|
affected by entries in the DMI blacklist. Required by PNP
|
|
BIOS code.
|
|
|
|
config GART_IOMMU
|
|
bool "Old AMD GART IOMMU support"
|
|
select IOMMU_HELPER
|
|
select SWIOTLB
|
|
depends on X86_64 && PCI && AMD_NB
|
|
---help---
|
|
Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
|
|
GART based hardware IOMMUs.
|
|
|
|
The GART supports full DMA access for devices with 32-bit access
|
|
limitations, on systems with more than 3 GB. This is usually needed
|
|
for USB, sound, many IDE/SATA chipsets and some other devices.
|
|
|
|
Newer systems typically have a modern AMD IOMMU, supported via
|
|
the CONFIG_AMD_IOMMU=y config option.
|
|
|
|
In normal configurations this driver is only active when needed:
|
|
there's more than 3 GB of memory and the system contains a
|
|
32-bit limited device.
|
|
|
|
If unsure, say Y.
|
|
|
|
config CALGARY_IOMMU
|
|
bool "IBM Calgary IOMMU support"
|
|
select IOMMU_HELPER
|
|
select SWIOTLB
|
|
depends on X86_64 && PCI
|
|
---help---
|
|
Support for hardware IOMMUs in IBM's xSeries x366 and x460
|
|
systems. Needed to run systems with more than 3GB of memory
|
|
properly with 32-bit PCI devices that do not support DAC
|
|
(Double Address Cycle). Calgary also supports bus level
|
|
isolation, where all DMAs pass through the IOMMU. This
|
|
prevents them from going anywhere except their intended
|
|
destination. This catches hard-to-find kernel bugs and
|
|
mis-behaving drivers and devices that do not use the DMA-API
|
|
properly to set up their DMA buffers. The IOMMU can be
|
|
turned off at boot time with the iommu=off parameter.
|
|
Normally the kernel will make the right choice by itself.
|
|
If unsure, say Y.
|
|
|
|
config CALGARY_IOMMU_ENABLED_BY_DEFAULT
|
|
def_bool y
|
|
prompt "Should Calgary be enabled by default?"
|
|
depends on CALGARY_IOMMU
|
|
---help---
|
|
Should Calgary be enabled by default? if you choose 'y', Calgary
|
|
will be used (if it exists). If you choose 'n', Calgary will not be
|
|
used even if it exists. If you choose 'n' and would like to use
|
|
Calgary anyway, pass 'iommu=calgary' on the kernel command line.
|
|
If unsure, say Y.
|
|
|
|
config MAXSMP
|
|
bool "Enable Maximum number of SMP Processors and NUMA Nodes"
|
|
depends on X86_64 && SMP && DEBUG_KERNEL
|
|
select CPUMASK_OFFSTACK
|
|
---help---
|
|
Enable maximum number of CPUS and NUMA Nodes for this architecture.
|
|
If unsure, say N.
|
|
|
|
#
|
|
# The maximum number of CPUs supported:
|
|
#
|
|
# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
|
|
# and which can be configured interactively in the
|
|
# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
|
|
#
|
|
# The ranges are different on 32-bit and 64-bit kernels, depending on
|
|
# hardware capabilities and scalability features of the kernel.
|
|
#
|
|
# ( If MAXSMP is enabled we just use the highest possible value and disable
|
|
# interactive configuration. )
|
|
#
|
|
|
|
config NR_CPUS_RANGE_BEGIN
|
|
int
|
|
default NR_CPUS_RANGE_END if MAXSMP
|
|
default 1 if !SMP
|
|
default 2
|
|
|
|
config NR_CPUS_RANGE_END
|
|
int
|
|
depends on X86_32
|
|
default 64 if SMP && X86_BIGSMP
|
|
default 8 if SMP && !X86_BIGSMP
|
|
default 1 if !SMP
|
|
|
|
config NR_CPUS_RANGE_END
|
|
int
|
|
depends on X86_64
|
|
default 8192 if SMP && ( MAXSMP || CPUMASK_OFFSTACK)
|
|
default 512 if SMP && (!MAXSMP && !CPUMASK_OFFSTACK)
|
|
default 1 if !SMP
|
|
|
|
config NR_CPUS_DEFAULT
|
|
int
|
|
depends on X86_32
|
|
default 32 if X86_BIGSMP
|
|
default 8 if SMP
|
|
default 1 if !SMP
|
|
|
|
config NR_CPUS_DEFAULT
|
|
int
|
|
depends on X86_64
|
|
default 8192 if MAXSMP
|
|
default 64 if SMP
|
|
default 1 if !SMP
|
|
|
|
config NR_CPUS
|
|
int "Maximum number of CPUs" if SMP && !MAXSMP
|
|
range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
|
|
default NR_CPUS_DEFAULT
|
|
---help---
|
|
This allows you to specify the maximum number of CPUs which this
|
|
kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum
|
|
supported value is 8192, otherwise the maximum value is 512. The
|
|
minimum value which makes sense is 2.
|
|
|
|
This is purely to save memory: each supported CPU adds about 8KB
|
|
to the kernel image.
|
|
|
|
config SCHED_SMT
|
|
def_bool y if SMP
|
|
|
|
config SCHED_MC
|
|
def_bool y
|
|
prompt "Multi-core scheduler support"
|
|
depends on SMP
|
|
---help---
|
|
Multi-core scheduler support improves the CPU scheduler's decision
|
|
making when dealing with multi-core CPU chips at a cost of slightly
|
|
increased overhead in some places. If unsure say N here.
|
|
|
|
config SCHED_MC_PRIO
|
|
bool "CPU core priorities scheduler support"
|
|
depends on SCHED_MC && CPU_SUP_INTEL
|
|
select X86_INTEL_PSTATE
|
|
select CPU_FREQ
|
|
default y
|
|
---help---
|
|
Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
|
|
core ordering determined at manufacturing time, which allows
|
|
certain cores to reach higher turbo frequencies (when running
|
|
single threaded workloads) than others.
|
|
|
|
Enabling this kernel feature teaches the scheduler about
|
|
the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
|
|
scheduler's CPU selection logic accordingly, so that higher
|
|
overall system performance can be achieved.
|
|
|
|
This feature will have no effect on CPUs without this feature.
|
|
|
|
If unsure say Y here.
|
|
|
|
config UP_LATE_INIT
|
|
def_bool y
|
|
depends on !SMP && X86_LOCAL_APIC
|
|
|
|
config X86_UP_APIC
|
|
bool "Local APIC support on uniprocessors" if !PCI_MSI
|
|
default PCI_MSI
|
|
depends on X86_32 && !SMP && !X86_32_NON_STANDARD
|
|
---help---
|
|
A local APIC (Advanced Programmable Interrupt Controller) is an
|
|
integrated interrupt controller in the CPU. If you have a single-CPU
|
|
system which has a processor with a local APIC, you can say Y here to
|
|
enable and use it. If you say Y here even though your machine doesn't
|
|
have a local APIC, then the kernel will still run with no slowdown at
|
|
all. The local APIC supports CPU-generated self-interrupts (timer,
|
|
performance counters), and the NMI watchdog which detects hard
|
|
lockups.
|
|
|
|
config X86_UP_IOAPIC
|
|
bool "IO-APIC support on uniprocessors"
|
|
depends on X86_UP_APIC
|
|
---help---
|
|
An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
|
|
SMP-capable replacement for PC-style interrupt controllers. Most
|
|
SMP systems and many recent uniprocessor systems have one.
|
|
|
|
If you have a single-CPU system with an IO-APIC, you can say Y here
|
|
to use it. If you say Y here even though your machine doesn't have
|
|
an IO-APIC, then the kernel will still run with no slowdown at all.
|
|
|
|
config X86_LOCAL_APIC
|
|
def_bool y
|
|
depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
|
|
select IRQ_DOMAIN_HIERARCHY
|
|
select PCI_MSI_IRQ_DOMAIN if PCI_MSI
|
|
|
|
config X86_IO_APIC
|
|
def_bool y
|
|
depends on X86_LOCAL_APIC || X86_UP_IOAPIC
|
|
|
|
config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
|
|
bool "Reroute for broken boot IRQs"
|
|
depends on X86_IO_APIC
|
|
---help---
|
|
This option enables a workaround that fixes a source of
|
|
spurious interrupts. This is recommended when threaded
|
|
interrupt handling is used on systems where the generation of
|
|
superfluous "boot interrupts" cannot be disabled.
|
|
|
|
Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
|
|
entry in the chipset's IO-APIC is masked (as, e.g. the RT
|
|
kernel does during interrupt handling). On chipsets where this
|
|
boot IRQ generation cannot be disabled, this workaround keeps
|
|
the original IRQ line masked so that only the equivalent "boot
|
|
IRQ" is delivered to the CPUs. The workaround also tells the
|
|
kernel to set up the IRQ handler on the boot IRQ line. In this
|
|
way only one interrupt is delivered to the kernel. Otherwise
|
|
the spurious second interrupt may cause the kernel to bring
|
|
down (vital) interrupt lines.
|
|
|
|
Only affects "broken" chipsets. Interrupt sharing may be
|
|
increased on these systems.
|
|
|
|
config X86_MCE
|
|
bool "Machine Check / overheating reporting"
|
|
select GENERIC_ALLOCATOR
|
|
default y
|
|
---help---
|
|
Machine Check support allows the processor to notify the
|
|
kernel if it detects a problem (e.g. overheating, data corruption).
|
|
The action the kernel takes depends on the severity of the problem,
|
|
ranging from warning messages to halting the machine.
|
|
|
|
config X86_MCELOG_LEGACY
|
|
bool "Support for deprecated /dev/mcelog character device"
|
|
depends on X86_MCE
|
|
---help---
|
|
Enable support for /dev/mcelog which is needed by the old mcelog
|
|
userspace logging daemon. Consider switching to the new generation
|
|
rasdaemon solution.
|
|
|
|
config X86_MCE_INTEL
|
|
def_bool y
|
|
prompt "Intel MCE features"
|
|
depends on X86_MCE && X86_LOCAL_APIC
|
|
---help---
|
|
Additional support for intel specific MCE features such as
|
|
the thermal monitor.
|
|
|
|
config X86_MCE_AMD
|
|
def_bool y
|
|
prompt "AMD MCE features"
|
|
depends on X86_MCE && X86_LOCAL_APIC && AMD_NB
|
|
---help---
|
|
Additional support for AMD specific MCE features such as
|
|
the DRAM Error Threshold.
|
|
|
|
config X86_ANCIENT_MCE
|
|
bool "Support for old Pentium 5 / WinChip machine checks"
|
|
depends on X86_32 && X86_MCE
|
|
---help---
|
|
Include support for machine check handling on old Pentium 5 or WinChip
|
|
systems. These typically need to be enabled explicitly on the command
|
|
line.
|
|
|
|
config X86_MCE_THRESHOLD
|
|
depends on X86_MCE_AMD || X86_MCE_INTEL
|
|
def_bool y
|
|
|
|
config X86_MCE_INJECT
|
|
depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
|
|
tristate "Machine check injector support"
|
|
---help---
|
|
Provide support for injecting machine checks for testing purposes.
|
|
If you don't know what a machine check is and you don't do kernel
|
|
QA it is safe to say n.
|
|
|
|
config X86_THERMAL_VECTOR
|
|
def_bool y
|
|
depends on X86_MCE_INTEL
|
|
|
|
source "arch/x86/events/Kconfig"
|
|
|
|
config X86_LEGACY_VM86
|
|
bool "Legacy VM86 support"
|
|
depends on X86_32
|
|
---help---
|
|
This option allows user programs to put the CPU into V8086
|
|
mode, which is an 80286-era approximation of 16-bit real mode.
|
|
|
|
Some very old versions of X and/or vbetool require this option
|
|
for user mode setting. Similarly, DOSEMU will use it if
|
|
available to accelerate real mode DOS programs. However, any
|
|
recent version of DOSEMU, X, or vbetool should be fully
|
|
functional even without kernel VM86 support, as they will all
|
|
fall back to software emulation. Nevertheless, if you are using
|
|
a 16-bit DOS program where 16-bit performance matters, vm86
|
|
mode might be faster than emulation and you might want to
|
|
enable this option.
|
|
|
|
Note that any app that works on a 64-bit kernel is unlikely to
|
|
need this option, as 64-bit kernels don't, and can't, support
|
|
V8086 mode. This option is also unrelated to 16-bit protected
|
|
mode and is not needed to run most 16-bit programs under Wine.
|
|
|
|
Enabling this option increases the complexity of the kernel
|
|
and slows down exception handling a tiny bit.
|
|
|
|
If unsure, say N here.
|
|
|
|
config VM86
|
|
bool
|
|
default X86_LEGACY_VM86
|
|
|
|
config X86_16BIT
|
|
bool "Enable support for 16-bit segments" if EXPERT
|
|
default y
|
|
depends on MODIFY_LDT_SYSCALL
|
|
---help---
|
|
This option is required by programs like Wine to run 16-bit
|
|
protected mode legacy code on x86 processors. Disabling
|
|
this option saves about 300 bytes on i386, or around 6K text
|
|
plus 16K runtime memory on x86-64,
|
|
|
|
config X86_ESPFIX32
|
|
def_bool y
|
|
depends on X86_16BIT && X86_32
|
|
|
|
config X86_ESPFIX64
|
|
def_bool y
|
|
depends on X86_16BIT && X86_64
|
|
|
|
config X86_VSYSCALL_EMULATION
|
|
bool "Enable vsyscall emulation" if EXPERT
|
|
default y
|
|
depends on X86_64
|
|
---help---
|
|
This enables emulation of the legacy vsyscall page. Disabling
|
|
it is roughly equivalent to booting with vsyscall=none, except
|
|
that it will also disable the helpful warning if a program
|
|
tries to use a vsyscall. With this option set to N, offending
|
|
programs will just segfault, citing addresses of the form
|
|
0xffffffffff600?00.
|
|
|
|
This option is required by many programs built before 2013, and
|
|
care should be used even with newer programs if set to N.
|
|
|
|
Disabling this option saves about 7K of kernel size and
|
|
possibly 4K of additional runtime pagetable memory.
|
|
|
|
config TOSHIBA
|
|
tristate "Toshiba Laptop support"
|
|
depends on X86_32
|
|
---help---
|
|
This adds a driver to safely access the System Management Mode of
|
|
the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
|
|
not work on models with a Phoenix BIOS. The System Management Mode
|
|
is used to set the BIOS and power saving options on Toshiba portables.
|
|
|
|
For information on utilities to make use of this driver see the
|
|
Toshiba Linux utilities web site at:
|
|
<http://www.buzzard.org.uk/toshiba/>.
|
|
|
|
Say Y if you intend to run this kernel on a Toshiba portable.
|
|
Say N otherwise.
|
|
|
|
config I8K
|
|
tristate "Dell i8k legacy laptop support"
|
|
select HWMON
|
|
select SENSORS_DELL_SMM
|
|
---help---
|
|
This option enables legacy /proc/i8k userspace interface in hwmon
|
|
dell-smm-hwmon driver. Character file /proc/i8k reports bios version,
|
|
temperature and allows controlling fan speeds of Dell laptops via
|
|
System Management Mode. For old Dell laptops (like Dell Inspiron 8000)
|
|
it reports also power and hotkey status. For fan speed control is
|
|
needed userspace package i8kutils.
|
|
|
|
Say Y if you intend to run this kernel on old Dell laptops or want to
|
|
use userspace package i8kutils.
|
|
Say N otherwise.
|
|
|
|
config X86_REBOOTFIXUPS
|
|
bool "Enable X86 board specific fixups for reboot"
|
|
depends on X86_32
|
|
---help---
|
|
This enables chipset and/or board specific fixups to be done
|
|
in order to get reboot to work correctly. This is only needed on
|
|
some combinations of hardware and BIOS. The symptom, for which
|
|
this config is intended, is when reboot ends with a stalled/hung
|
|
system.
|
|
|
|
Currently, the only fixup is for the Geode machines using
|
|
CS5530A and CS5536 chipsets and the RDC R-321x SoC.
|
|
|
|
Say Y if you want to enable the fixup. Currently, it's safe to
|
|
enable this option even if you don't need it.
|
|
Say N otherwise.
|
|
|
|
config MICROCODE
|
|
bool "CPU microcode loading support"
|
|
default y
|
|
depends on CPU_SUP_AMD || CPU_SUP_INTEL
|
|
select FW_LOADER
|
|
---help---
|
|
If you say Y here, you will be able to update the microcode on
|
|
Intel and AMD processors. The Intel support is for the IA32 family,
|
|
e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, Xeon etc. The
|
|
AMD support is for families 0x10 and later. You will obviously need
|
|
the actual microcode binary data itself which is not shipped with
|
|
the Linux kernel.
|
|
|
|
The preferred method to load microcode from a detached initrd is described
|
|
in Documentation/x86/microcode.rst. For that you need to enable
|
|
CONFIG_BLK_DEV_INITRD in order for the loader to be able to scan the
|
|
initrd for microcode blobs.
|
|
|
|
In addition, you can build the microcode into the kernel. For that you
|
|
need to add the vendor-supplied microcode to the CONFIG_EXTRA_FIRMWARE
|
|
config option.
|
|
|
|
config MICROCODE_INTEL
|
|
bool "Intel microcode loading support"
|
|
depends on MICROCODE
|
|
default MICROCODE
|
|
select FW_LOADER
|
|
---help---
|
|
This options enables microcode patch loading support for Intel
|
|
processors.
|
|
|
|
For the current Intel microcode data package go to
|
|
<https://downloadcenter.intel.com> and search for
|
|
'Linux Processor Microcode Data File'.
|
|
|
|
config MICROCODE_AMD
|
|
bool "AMD microcode loading support"
|
|
depends on MICROCODE
|
|
select FW_LOADER
|
|
---help---
|
|
If you select this option, microcode patch loading support for AMD
|
|
processors will be enabled.
|
|
|
|
config MICROCODE_OLD_INTERFACE
|
|
bool "Ancient loading interface (DEPRECATED)"
|
|
default n
|
|
depends on MICROCODE
|
|
---help---
|
|
DO NOT USE THIS! This is the ancient /dev/cpu/microcode interface
|
|
which was used by userspace tools like iucode_tool and microcode.ctl.
|
|
It is inadequate because it runs too late to be able to properly
|
|
load microcode on a machine and it needs special tools. Instead, you
|
|
should've switched to the early loading method with the initrd or
|
|
builtin microcode by now: Documentation/x86/microcode.rst
|
|
|
|
config X86_MSR
|
|
tristate "/dev/cpu/*/msr - Model-specific register support"
|
|
---help---
|
|
This device gives privileged processes access to the x86
|
|
Model-Specific Registers (MSRs). It is a character device with
|
|
major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
|
|
MSR accesses are directed to a specific CPU on multi-processor
|
|
systems.
|
|
|
|
config X86_CPUID
|
|
tristate "/dev/cpu/*/cpuid - CPU information support"
|
|
---help---
|
|
This device gives processes access to the x86 CPUID instruction to
|
|
be executed on a specific processor. It is a character device
|
|
with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
|
|
/dev/cpu/31/cpuid.
|
|
|
|
choice
|
|
prompt "High Memory Support"
|
|
default HIGHMEM4G
|
|
depends on X86_32
|
|
|
|
config NOHIGHMEM
|
|
bool "off"
|
|
---help---
|
|
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
|
|
However, the address space of 32-bit x86 processors is only 4
|
|
Gigabytes large. That means that, if you have a large amount of
|
|
physical memory, not all of it can be "permanently mapped" by the
|
|
kernel. The physical memory that's not permanently mapped is called
|
|
"high memory".
|
|
|
|
If you are compiling a kernel which will never run on a machine with
|
|
more than 1 Gigabyte total physical RAM, answer "off" here (default
|
|
choice and suitable for most users). This will result in a "3GB/1GB"
|
|
split: 3GB are mapped so that each process sees a 3GB virtual memory
|
|
space and the remaining part of the 4GB virtual memory space is used
|
|
by the kernel to permanently map as much physical memory as
|
|
possible.
|
|
|
|
If the machine has between 1 and 4 Gigabytes physical RAM, then
|
|
answer "4GB" here.
|
|
|
|
If more than 4 Gigabytes is used then answer "64GB" here. This
|
|
selection turns Intel PAE (Physical Address Extension) mode on.
|
|
PAE implements 3-level paging on IA32 processors. PAE is fully
|
|
supported by Linux, PAE mode is implemented on all recent Intel
|
|
processors (Pentium Pro and better). NOTE: If you say "64GB" here,
|
|
then the kernel will not boot on CPUs that don't support PAE!
|
|
|
|
The actual amount of total physical memory will either be
|
|
auto detected or can be forced by using a kernel command line option
|
|
such as "mem=256M". (Try "man bootparam" or see the documentation of
|
|
your boot loader (lilo or loadlin) about how to pass options to the
|
|
kernel at boot time.)
|
|
|
|
If unsure, say "off".
|
|
|
|
config HIGHMEM4G
|
|
bool "4GB"
|
|
---help---
|
|
Select this if you have a 32-bit processor and between 1 and 4
|
|
gigabytes of physical RAM.
|
|
|
|
config HIGHMEM64G
|
|
bool "64GB"
|
|
depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !WINCHIP3D && !MK6
|
|
select X86_PAE
|
|
---help---
|
|
Select this if you have a 32-bit processor and more than 4
|
|
gigabytes of physical RAM.
|
|
|
|
endchoice
|
|
|
|
choice
|
|
prompt "Memory split" if EXPERT
|
|
default VMSPLIT_3G
|
|
depends on X86_32
|
|
---help---
|
|
Select the desired split between kernel and user memory.
|
|
|
|
If the address range available to the kernel is less than the
|
|
physical memory installed, the remaining memory will be available
|
|
as "high memory". Accessing high memory is a little more costly
|
|
than low memory, as it needs to be mapped into the kernel first.
|
|
Note that increasing the kernel address space limits the range
|
|
available to user programs, making the address space there
|
|
tighter. Selecting anything other than the default 3G/1G split
|
|
will also likely make your kernel incompatible with binary-only
|
|
kernel modules.
|
|
|
|
If you are not absolutely sure what you are doing, leave this
|
|
option alone!
|
|
|
|
config VMSPLIT_3G
|
|
bool "3G/1G user/kernel split"
|
|
config VMSPLIT_3G_OPT
|
|
depends on !X86_PAE
|
|
bool "3G/1G user/kernel split (for full 1G low memory)"
|
|
config VMSPLIT_2G
|
|
bool "2G/2G user/kernel split"
|
|
config VMSPLIT_2G_OPT
|
|
depends on !X86_PAE
|
|
bool "2G/2G user/kernel split (for full 2G low memory)"
|
|
config VMSPLIT_1G
|
|
bool "1G/3G user/kernel split"
|
|
endchoice
|
|
|
|
config PAGE_OFFSET
|
|
hex
|
|
default 0xB0000000 if VMSPLIT_3G_OPT
|
|
default 0x80000000 if VMSPLIT_2G
|
|
default 0x78000000 if VMSPLIT_2G_OPT
|
|
default 0x40000000 if VMSPLIT_1G
|
|
default 0xC0000000
|
|
depends on X86_32
|
|
|
|
config HIGHMEM
|
|
def_bool y
|
|
depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
|
|
|
|
config X86_PAE
|
|
bool "PAE (Physical Address Extension) Support"
|
|
depends on X86_32 && !HIGHMEM4G
|
|
select PHYS_ADDR_T_64BIT
|
|
select SWIOTLB
|
|
---help---
|
|
PAE is required for NX support, and furthermore enables
|
|
larger swapspace support for non-overcommit purposes. It
|
|
has the cost of more pagetable lookup overhead, and also
|
|
consumes more pagetable space per process.
|
|
|
|
config X86_5LEVEL
|
|
bool "Enable 5-level page tables support"
|
|
select DYNAMIC_MEMORY_LAYOUT
|
|
select SPARSEMEM_VMEMMAP
|
|
depends on X86_64
|
|
---help---
|
|
5-level paging enables access to larger address space:
|
|
upto 128 PiB of virtual address space and 4 PiB of
|
|
physical address space.
|
|
|
|
It will be supported by future Intel CPUs.
|
|
|
|
A kernel with the option enabled can be booted on machines that
|
|
support 4- or 5-level paging.
|
|
|
|
See Documentation/x86/x86_64/5level-paging.rst for more
|
|
information.
|
|
|
|
Say N if unsure.
|
|
|
|
config X86_DIRECT_GBPAGES
|
|
def_bool y
|
|
depends on X86_64
|
|
---help---
|
|
Certain kernel features effectively disable kernel
|
|
linear 1 GB mappings (even if the CPU otherwise
|
|
supports them), so don't confuse the user by printing
|
|
that we have them enabled.
|
|
|
|
config X86_CPA_STATISTICS
|
|
bool "Enable statistic for Change Page Attribute"
|
|
depends on DEBUG_FS
|
|
---help---
|
|
Expose statistics about the Change Page Attribute mechanims, which
|
|
helps to determine the effectiveness of preserving large and huge
|
|
page mappings when mapping protections are changed.
|
|
|
|
config AMD_MEM_ENCRYPT
|
|
bool "AMD Secure Memory Encryption (SME) support"
|
|
depends on X86_64 && CPU_SUP_AMD
|
|
select DYNAMIC_PHYSICAL_MASK
|
|
select ARCH_USE_MEMREMAP_PROT
|
|
select ARCH_HAS_FORCE_DMA_UNENCRYPTED
|
|
---help---
|
|
Say yes to enable support for the encryption of system memory.
|
|
This requires an AMD processor that supports Secure Memory
|
|
Encryption (SME).
|
|
|
|
config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
|
|
bool "Activate AMD Secure Memory Encryption (SME) by default"
|
|
default y
|
|
depends on AMD_MEM_ENCRYPT
|
|
---help---
|
|
Say yes to have system memory encrypted by default if running on
|
|
an AMD processor that supports Secure Memory Encryption (SME).
|
|
|
|
If set to Y, then the encryption of system memory can be
|
|
deactivated with the mem_encrypt=off command line option.
|
|
|
|
If set to N, then the encryption of system memory can be
|
|
activated with the mem_encrypt=on command line option.
|
|
|
|
# Common NUMA Features
|
|
config NUMA
|
|
bool "Numa Memory Allocation and Scheduler Support"
|
|
depends on SMP
|
|
depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
|
|
default y if X86_BIGSMP
|
|
---help---
|
|
Enable NUMA (Non Uniform Memory Access) support.
|
|
|
|
The kernel will try to allocate memory used by a CPU on the
|
|
local memory controller of the CPU and add some more
|
|
NUMA awareness to the kernel.
|
|
|
|
For 64-bit this is recommended if the system is Intel Core i7
|
|
(or later), AMD Opteron, or EM64T NUMA.
|
|
|
|
For 32-bit this is only needed if you boot a 32-bit
|
|
kernel on a 64-bit NUMA platform.
|
|
|
|
Otherwise, you should say N.
|
|
|
|
config AMD_NUMA
|
|
def_bool y
|
|
prompt "Old style AMD Opteron NUMA detection"
|
|
depends on X86_64 && NUMA && PCI
|
|
---help---
|
|
Enable AMD NUMA node topology detection. You should say Y here if
|
|
you have a multi processor AMD system. This uses an old method to
|
|
read the NUMA configuration directly from the builtin Northbridge
|
|
of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
|
|
which also takes priority if both are compiled in.
|
|
|
|
config X86_64_ACPI_NUMA
|
|
def_bool y
|
|
prompt "ACPI NUMA detection"
|
|
depends on X86_64 && NUMA && ACPI && PCI
|
|
select ACPI_NUMA
|
|
---help---
|
|
Enable ACPI SRAT based node topology detection.
|
|
|
|
# Some NUMA nodes have memory ranges that span
|
|
# other nodes. Even though a pfn is valid and
|
|
# between a node's start and end pfns, it may not
|
|
# reside on that node. See memmap_init_zone()
|
|
# for details.
|
|
config NODES_SPAN_OTHER_NODES
|
|
def_bool y
|
|
depends on X86_64_ACPI_NUMA
|
|
|
|
config NUMA_EMU
|
|
bool "NUMA emulation"
|
|
depends on NUMA
|
|
---help---
|
|
Enable NUMA emulation. A flat machine will be split
|
|
into virtual nodes when booted with "numa=fake=N", where N is the
|
|
number of nodes. This is only useful for debugging.
|
|
|
|
config NODES_SHIFT
|
|
int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
|
|
range 1 10
|
|
default "10" if MAXSMP
|
|
default "6" if X86_64
|
|
default "3"
|
|
depends on NEED_MULTIPLE_NODES
|
|
---help---
|
|
Specify the maximum number of NUMA Nodes available on the target
|
|
system. Increases memory reserved to accommodate various tables.
|
|
|
|
config ARCH_HAVE_MEMORY_PRESENT
|
|
def_bool y
|
|
depends on X86_32 && DISCONTIGMEM
|
|
|
|
config ARCH_FLATMEM_ENABLE
|
|
def_bool y
|
|
depends on X86_32 && !NUMA
|
|
|
|
config ARCH_DISCONTIGMEM_ENABLE
|
|
def_bool n
|
|
depends on NUMA && X86_32
|
|
depends on BROKEN
|
|
|
|
config ARCH_SPARSEMEM_ENABLE
|
|
def_bool y
|
|
depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD
|
|
select SPARSEMEM_STATIC if X86_32
|
|
select SPARSEMEM_VMEMMAP_ENABLE if X86_64
|
|
|
|
config ARCH_SPARSEMEM_DEFAULT
|
|
def_bool X86_64 || (NUMA && X86_32)
|
|
|
|
config ARCH_SELECT_MEMORY_MODEL
|
|
def_bool y
|
|
depends on ARCH_SPARSEMEM_ENABLE
|
|
|
|
config ARCH_MEMORY_PROBE
|
|
bool "Enable sysfs memory/probe interface"
|
|
depends on X86_64 && MEMORY_HOTPLUG
|
|
help
|
|
This option enables a sysfs memory/probe interface for testing.
|
|
See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config ARCH_PROC_KCORE_TEXT
|
|
def_bool y
|
|
depends on X86_64 && PROC_KCORE
|
|
|
|
config ILLEGAL_POINTER_VALUE
|
|
hex
|
|
default 0 if X86_32
|
|
default 0xdead000000000000 if X86_64
|
|
|
|
config X86_PMEM_LEGACY_DEVICE
|
|
bool
|
|
|
|
config X86_PMEM_LEGACY
|
|
tristate "Support non-standard NVDIMMs and ADR protected memory"
|
|
depends on PHYS_ADDR_T_64BIT
|
|
depends on BLK_DEV
|
|
select X86_PMEM_LEGACY_DEVICE
|
|
select LIBNVDIMM
|
|
help
|
|
Treat memory marked using the non-standard e820 type of 12 as used
|
|
by the Intel Sandy Bridge-EP reference BIOS as protected memory.
|
|
The kernel will offer these regions to the 'pmem' driver so
|
|
they can be used for persistent storage.
|
|
|
|
Say Y if unsure.
|
|
|
|
config HIGHPTE
|
|
bool "Allocate 3rd-level pagetables from highmem"
|
|
depends on HIGHMEM
|
|
---help---
|
|
The VM uses one page table entry for each page of physical memory.
|
|
For systems with a lot of RAM, this can be wasteful of precious
|
|
low memory. Setting this option will put user-space page table
|
|
entries in high memory.
|
|
|
|
config X86_CHECK_BIOS_CORRUPTION
|
|
bool "Check for low memory corruption"
|
|
---help---
|
|
Periodically check for memory corruption in low memory, which
|
|
is suspected to be caused by BIOS. Even when enabled in the
|
|
configuration, it is disabled at runtime. Enable it by
|
|
setting "memory_corruption_check=1" on the kernel command
|
|
line. By default it scans the low 64k of memory every 60
|
|
seconds; see the memory_corruption_check_size and
|
|
memory_corruption_check_period parameters in
|
|
Documentation/admin-guide/kernel-parameters.rst to adjust this.
|
|
|
|
When enabled with the default parameters, this option has
|
|
almost no overhead, as it reserves a relatively small amount
|
|
of memory and scans it infrequently. It both detects corruption
|
|
and prevents it from affecting the running system.
|
|
|
|
It is, however, intended as a diagnostic tool; if repeatable
|
|
BIOS-originated corruption always affects the same memory,
|
|
you can use memmap= to prevent the kernel from using that
|
|
memory.
|
|
|
|
config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
|
|
bool "Set the default setting of memory_corruption_check"
|
|
depends on X86_CHECK_BIOS_CORRUPTION
|
|
default y
|
|
---help---
|
|
Set whether the default state of memory_corruption_check is
|
|
on or off.
|
|
|
|
config X86_RESERVE_LOW
|
|
int "Amount of low memory, in kilobytes, to reserve for the BIOS"
|
|
default 64
|
|
range 4 640
|
|
---help---
|
|
Specify the amount of low memory to reserve for the BIOS.
|
|
|
|
The first page contains BIOS data structures that the kernel
|
|
must not use, so that page must always be reserved.
|
|
|
|
By default we reserve the first 64K of physical RAM, as a
|
|
number of BIOSes are known to corrupt that memory range
|
|
during events such as suspend/resume or monitor cable
|
|
insertion, so it must not be used by the kernel.
|
|
|
|
You can set this to 4 if you are absolutely sure that you
|
|
trust the BIOS to get all its memory reservations and usages
|
|
right. If you know your BIOS have problems beyond the
|
|
default 64K area, you can set this to 640 to avoid using the
|
|
entire low memory range.
|
|
|
|
If you have doubts about the BIOS (e.g. suspend/resume does
|
|
not work or there's kernel crashes after certain hardware
|
|
hotplug events) then you might want to enable
|
|
X86_CHECK_BIOS_CORRUPTION=y to allow the kernel to check
|
|
typical corruption patterns.
|
|
|
|
Leave this to the default value of 64 if you are unsure.
|
|
|
|
config MATH_EMULATION
|
|
bool
|
|
depends on MODIFY_LDT_SYSCALL
|
|
prompt "Math emulation" if X86_32
|
|
---help---
|
|
Linux can emulate a math coprocessor (used for floating point
|
|
operations) if you don't have one. 486DX and Pentium processors have
|
|
a math coprocessor built in, 486SX and 386 do not, unless you added
|
|
a 487DX or 387, respectively. (The messages during boot time can
|
|
give you some hints here ["man dmesg"].) Everyone needs either a
|
|
coprocessor or this emulation.
|
|
|
|
If you don't have a math coprocessor, you need to say Y here; if you
|
|
say Y here even though you have a coprocessor, the coprocessor will
|
|
be used nevertheless. (This behavior can be changed with the kernel
|
|
command line option "no387", which comes handy if your coprocessor
|
|
is broken. Try "man bootparam" or see the documentation of your boot
|
|
loader (lilo or loadlin) about how to pass options to the kernel at
|
|
boot time.) This means that it is a good idea to say Y here if you
|
|
intend to use this kernel on different machines.
|
|
|
|
More information about the internals of the Linux math coprocessor
|
|
emulation can be found in <file:arch/x86/math-emu/README>.
|
|
|
|
If you are not sure, say Y; apart from resulting in a 66 KB bigger
|
|
kernel, it won't hurt.
|
|
|
|
config MTRR
|
|
def_bool y
|
|
prompt "MTRR (Memory Type Range Register) support" if EXPERT
|
|
---help---
|
|
On Intel P6 family processors (Pentium Pro, Pentium II and later)
|
|
the Memory Type Range Registers (MTRRs) may be used to control
|
|
processor access to memory ranges. This is most useful if you have
|
|
a video (VGA) card on a PCI or AGP bus. Enabling write-combining
|
|
allows bus write transfers to be combined into a larger transfer
|
|
before bursting over the PCI/AGP bus. This can increase performance
|
|
of image write operations 2.5 times or more. Saying Y here creates a
|
|
/proc/mtrr file which may be used to manipulate your processor's
|
|
MTRRs. Typically the X server should use this.
|
|
|
|
This code has a reasonably generic interface so that similar
|
|
control registers on other processors can be easily supported
|
|
as well:
|
|
|
|
The Cyrix 6x86, 6x86MX and M II processors have Address Range
|
|
Registers (ARRs) which provide a similar functionality to MTRRs. For
|
|
these, the ARRs are used to emulate the MTRRs.
|
|
The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
|
|
MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
|
|
write-combining. All of these processors are supported by this code
|
|
and it makes sense to say Y here if you have one of them.
|
|
|
|
Saying Y here also fixes a problem with buggy SMP BIOSes which only
|
|
set the MTRRs for the boot CPU and not for the secondary CPUs. This
|
|
can lead to all sorts of problems, so it's good to say Y here.
|
|
|
|
You can safely say Y even if your machine doesn't have MTRRs, you'll
|
|
just add about 9 KB to your kernel.
|
|
|
|
See <file:Documentation/x86/mtrr.rst> for more information.
|
|
|
|
config MTRR_SANITIZER
|
|
def_bool y
|
|
prompt "MTRR cleanup support"
|
|
depends on MTRR
|
|
---help---
|
|
Convert MTRR layout from continuous to discrete, so X drivers can
|
|
add writeback entries.
|
|
|
|
Can be disabled with disable_mtrr_cleanup on the kernel command line.
|
|
The largest mtrr entry size for a continuous block can be set with
|
|
mtrr_chunk_size.
|
|
|
|
If unsure, say Y.
|
|
|
|
config MTRR_SANITIZER_ENABLE_DEFAULT
|
|
int "MTRR cleanup enable value (0-1)"
|
|
range 0 1
|
|
default "0"
|
|
depends on MTRR_SANITIZER
|
|
---help---
|
|
Enable mtrr cleanup default value
|
|
|
|
config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
|
|
int "MTRR cleanup spare reg num (0-7)"
|
|
range 0 7
|
|
default "1"
|
|
depends on MTRR_SANITIZER
|
|
---help---
|
|
mtrr cleanup spare entries default, it can be changed via
|
|
mtrr_spare_reg_nr=N on the kernel command line.
|
|
|
|
config X86_PAT
|
|
def_bool y
|
|
prompt "x86 PAT support" if EXPERT
|
|
depends on MTRR
|
|
---help---
|
|
Use PAT attributes to setup page level cache control.
|
|
|
|
PATs are the modern equivalents of MTRRs and are much more
|
|
flexible than MTRRs.
|
|
|
|
Say N here if you see bootup problems (boot crash, boot hang,
|
|
spontaneous reboots) or a non-working video driver.
|
|
|
|
If unsure, say Y.
|
|
|
|
config ARCH_USES_PG_UNCACHED
|
|
def_bool y
|
|
depends on X86_PAT
|
|
|
|
config ARCH_RANDOM
|
|
def_bool y
|
|
prompt "x86 architectural random number generator" if EXPERT
|
|
---help---
|
|
Enable the x86 architectural RDRAND instruction
|
|
(Intel Bull Mountain technology) to generate random numbers.
|
|
If supported, this is a high bandwidth, cryptographically
|
|
secure hardware random number generator.
|
|
|
|
config X86_SMAP
|
|
def_bool y
|
|
prompt "Supervisor Mode Access Prevention" if EXPERT
|
|
---help---
|
|
Supervisor Mode Access Prevention (SMAP) is a security
|
|
feature in newer Intel processors. There is a small
|
|
performance cost if this enabled and turned on; there is
|
|
also a small increase in the kernel size if this is enabled.
|
|
|
|
If unsure, say Y.
|
|
|
|
config X86_INTEL_UMIP
|
|
def_bool y
|
|
depends on CPU_SUP_INTEL
|
|
prompt "Intel User Mode Instruction Prevention" if EXPERT
|
|
---help---
|
|
The User Mode Instruction Prevention (UMIP) is a security
|
|
feature in newer Intel processors. If enabled, a general
|
|
protection fault is issued if the SGDT, SLDT, SIDT, SMSW
|
|
or STR instructions are executed in user mode. These instructions
|
|
unnecessarily expose information about the hardware state.
|
|
|
|
The vast majority of applications do not use these instructions.
|
|
For the very few that do, software emulation is provided in
|
|
specific cases in protected and virtual-8086 modes. Emulated
|
|
results are dummy.
|
|
|
|
config X86_INTEL_MPX
|
|
prompt "Intel MPX (Memory Protection Extensions)"
|
|
def_bool n
|
|
# Note: only available in 64-bit mode due to VMA flags shortage
|
|
depends on CPU_SUP_INTEL && X86_64
|
|
select ARCH_USES_HIGH_VMA_FLAGS
|
|
---help---
|
|
MPX provides hardware features that can be used in
|
|
conjunction with compiler-instrumented code to check
|
|
memory references. It is designed to detect buffer
|
|
overflow or underflow bugs.
|
|
|
|
This option enables running applications which are
|
|
instrumented or otherwise use MPX. It does not use MPX
|
|
itself inside the kernel or to protect the kernel
|
|
against bad memory references.
|
|
|
|
Enabling this option will make the kernel larger:
|
|
~8k of kernel text and 36 bytes of data on a 64-bit
|
|
defconfig. It adds a long to the 'mm_struct' which
|
|
will increase the kernel memory overhead of each
|
|
process and adds some branches to paths used during
|
|
exec() and munmap().
|
|
|
|
For details, see Documentation/x86/intel_mpx.rst
|
|
|
|
If unsure, say N.
|
|
|
|
config X86_INTEL_MEMORY_PROTECTION_KEYS
|
|
prompt "Intel Memory Protection Keys"
|
|
def_bool y
|
|
# Note: only available in 64-bit mode
|
|
depends on CPU_SUP_INTEL && X86_64
|
|
select ARCH_USES_HIGH_VMA_FLAGS
|
|
select ARCH_HAS_PKEYS
|
|
---help---
|
|
Memory Protection Keys provides a mechanism for enforcing
|
|
page-based protections, but without requiring modification of the
|
|
page tables when an application changes protection domains.
|
|
|
|
For details, see Documentation/core-api/protection-keys.rst
|
|
|
|
If unsure, say y.
|
|
|
|
config EFI
|
|
bool "EFI runtime service support"
|
|
depends on ACPI
|
|
select UCS2_STRING
|
|
select EFI_RUNTIME_WRAPPERS
|
|
---help---
|
|
This enables the kernel to use EFI runtime services that are
|
|
available (such as the EFI variable services).
|
|
|
|
This option is only useful on systems that have EFI firmware.
|
|
In addition, you should use the latest ELILO loader available
|
|
at <http://elilo.sourceforge.net> in order to take advantage
|
|
of EFI runtime services. However, even with this option, the
|
|
resultant kernel should continue to boot on existing non-EFI
|
|
platforms.
|
|
|
|
config EFI_STUB
|
|
bool "EFI stub support"
|
|
depends on EFI && !X86_USE_3DNOW
|
|
select RELOCATABLE
|
|
---help---
|
|
This kernel feature allows a bzImage to be loaded directly
|
|
by EFI firmware without the use of a bootloader.
|
|
|
|
See Documentation/admin-guide/efi-stub.rst for more information.
|
|
|
|
config EFI_MIXED
|
|
bool "EFI mixed-mode support"
|
|
depends on EFI_STUB && X86_64
|
|
---help---
|
|
Enabling this feature allows a 64-bit kernel to be booted
|
|
on a 32-bit firmware, provided that your CPU supports 64-bit
|
|
mode.
|
|
|
|
Note that it is not possible to boot a mixed-mode enabled
|
|
kernel via the EFI boot stub - a bootloader that supports
|
|
the EFI handover protocol must be used.
|
|
|
|
If unsure, say N.
|
|
|
|
config SECCOMP
|
|
def_bool y
|
|
prompt "Enable seccomp to safely compute untrusted bytecode"
|
|
---help---
|
|
This kernel feature is useful for number crunching applications
|
|
that may need to compute untrusted bytecode during their
|
|
execution. By using pipes or other transports made available to
|
|
the process as file descriptors supporting the read/write
|
|
syscalls, it's possible to isolate those applications in
|
|
their own address space using seccomp. Once seccomp is
|
|
enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
|
|
and the task is only allowed to execute a few safe syscalls
|
|
defined by each seccomp mode.
|
|
|
|
If unsure, say Y. Only embedded should say N here.
|
|
|
|
source "kernel/Kconfig.hz"
|
|
|
|
config KEXEC
|
|
bool "kexec system call"
|
|
select KEXEC_CORE
|
|
---help---
|
|
kexec is a system call that implements the ability to shutdown your
|
|
current kernel, and to start another kernel. It is like a reboot
|
|
but it is independent of the system firmware. And like a reboot
|
|
you can start any kernel with it, not just Linux.
|
|
|
|
The name comes from the similarity to the exec system call.
|
|
|
|
It is an ongoing process to be certain the hardware in a machine
|
|
is properly shutdown, so do not be surprised if this code does not
|
|
initially work for you. As of this writing the exact hardware
|
|
interface is strongly in flux, so no good recommendation can be
|
|
made.
|
|
|
|
config KEXEC_FILE
|
|
bool "kexec file based system call"
|
|
select KEXEC_CORE
|
|
select BUILD_BIN2C
|
|
depends on X86_64
|
|
depends on CRYPTO=y
|
|
depends on CRYPTO_SHA256=y
|
|
---help---
|
|
This is new version of kexec system call. This system call is
|
|
file based and takes file descriptors as system call argument
|
|
for kernel and initramfs as opposed to list of segments as
|
|
accepted by previous system call.
|
|
|
|
config ARCH_HAS_KEXEC_PURGATORY
|
|
def_bool KEXEC_FILE
|
|
|
|
config KEXEC_SIG
|
|
bool "Verify kernel signature during kexec_file_load() syscall"
|
|
depends on KEXEC_FILE
|
|
---help---
|
|
|
|
This option makes the kexec_file_load() syscall check for a valid
|
|
signature of the kernel image. The image can still be loaded without
|
|
a valid signature unless you also enable KEXEC_SIG_FORCE, though if
|
|
there's a signature that we can check, then it must be valid.
|
|
|
|
In addition to this option, you need to enable signature
|
|
verification for the corresponding kernel image type being
|
|
loaded in order for this to work.
|
|
|
|
config KEXEC_SIG_FORCE
|
|
bool "Require a valid signature in kexec_file_load() syscall"
|
|
depends on KEXEC_SIG
|
|
---help---
|
|
This option makes kernel signature verification mandatory for
|
|
the kexec_file_load() syscall.
|
|
|
|
config KEXEC_BZIMAGE_VERIFY_SIG
|
|
bool "Enable bzImage signature verification support"
|
|
depends on KEXEC_SIG
|
|
depends on SIGNED_PE_FILE_VERIFICATION
|
|
select SYSTEM_TRUSTED_KEYRING
|
|
---help---
|
|
Enable bzImage signature verification support.
|
|
|
|
config CRASH_DUMP
|
|
bool "kernel crash dumps"
|
|
depends on X86_64 || (X86_32 && HIGHMEM)
|
|
---help---
|
|
Generate crash dump after being started by kexec.
|
|
This should be normally only set in special crash dump kernels
|
|
which are loaded in the main kernel with kexec-tools into
|
|
a specially reserved region and then later executed after
|
|
a crash by kdump/kexec. The crash dump kernel must be compiled
|
|
to a memory address not used by the main kernel or BIOS using
|
|
PHYSICAL_START, or it must be built as a relocatable image
|
|
(CONFIG_RELOCATABLE=y).
|
|
For more details see Documentation/admin-guide/kdump/kdump.rst
|
|
|
|
config KEXEC_JUMP
|
|
bool "kexec jump"
|
|
depends on KEXEC && HIBERNATION
|
|
---help---
|
|
Jump between original kernel and kexeced kernel and invoke
|
|
code in physical address mode via KEXEC
|
|
|
|
config PHYSICAL_START
|
|
hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
|
|
default "0x1000000"
|
|
---help---
|
|
This gives the physical address where the kernel is loaded.
|
|
|
|
If kernel is a not relocatable (CONFIG_RELOCATABLE=n) then
|
|
bzImage will decompress itself to above physical address and
|
|
run from there. Otherwise, bzImage will run from the address where
|
|
it has been loaded by the boot loader and will ignore above physical
|
|
address.
|
|
|
|
In normal kdump cases one does not have to set/change this option
|
|
as now bzImage can be compiled as a completely relocatable image
|
|
(CONFIG_RELOCATABLE=y) and be used to load and run from a different
|
|
address. This option is mainly useful for the folks who don't want
|
|
to use a bzImage for capturing the crash dump and want to use a
|
|
vmlinux instead. vmlinux is not relocatable hence a kernel needs
|
|
to be specifically compiled to run from a specific memory area
|
|
(normally a reserved region) and this option comes handy.
|
|
|
|
So if you are using bzImage for capturing the crash dump,
|
|
leave the value here unchanged to 0x1000000 and set
|
|
CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux
|
|
for capturing the crash dump change this value to start of
|
|
the reserved region. In other words, it can be set based on
|
|
the "X" value as specified in the "crashkernel=YM@XM"
|
|
command line boot parameter passed to the panic-ed
|
|
kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
|
|
for more details about crash dumps.
|
|
|
|
Usage of bzImage for capturing the crash dump is recommended as
|
|
one does not have to build two kernels. Same kernel can be used
|
|
as production kernel and capture kernel. Above option should have
|
|
gone away after relocatable bzImage support is introduced. But it
|
|
is present because there are users out there who continue to use
|
|
vmlinux for dump capture. This option should go away down the
|
|
line.
|
|
|
|
Don't change this unless you know what you are doing.
|
|
|
|
config RELOCATABLE
|
|
bool "Build a relocatable kernel"
|
|
default y
|
|
---help---
|
|
This builds a kernel image that retains relocation information
|
|
so it can be loaded someplace besides the default 1MB.
|
|
The relocations tend to make the kernel binary about 10% larger,
|
|
but are discarded at runtime.
|
|
|
|
One use is for the kexec on panic case where the recovery kernel
|
|
must live at a different physical address than the primary
|
|
kernel.
|
|
|
|
Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
|
|
it has been loaded at and the compile time physical address
|
|
(CONFIG_PHYSICAL_START) is used as the minimum location.
|
|
|
|
config RANDOMIZE_BASE
|
|
bool "Randomize the address of the kernel image (KASLR)"
|
|
depends on RELOCATABLE
|
|
default y
|
|
---help---
|
|
In support of Kernel Address Space Layout Randomization (KASLR),
|
|
this randomizes the physical address at which the kernel image
|
|
is decompressed and the virtual address where the kernel
|
|
image is mapped, as a security feature that deters exploit
|
|
attempts relying on knowledge of the location of kernel
|
|
code internals.
|
|
|
|
On 64-bit, the kernel physical and virtual addresses are
|
|
randomized separately. The physical address will be anywhere
|
|
between 16MB and the top of physical memory (up to 64TB). The
|
|
virtual address will be randomized from 16MB up to 1GB (9 bits
|
|
of entropy). Note that this also reduces the memory space
|
|
available to kernel modules from 1.5GB to 1GB.
|
|
|
|
On 32-bit, the kernel physical and virtual addresses are
|
|
randomized together. They will be randomized from 16MB up to
|
|
512MB (8 bits of entropy).
|
|
|
|
Entropy is generated using the RDRAND instruction if it is
|
|
supported. If RDTSC is supported, its value is mixed into
|
|
the entropy pool as well. If neither RDRAND nor RDTSC are
|
|
supported, then entropy is read from the i8254 timer. The
|
|
usable entropy is limited by the kernel being built using
|
|
2GB addressing, and that PHYSICAL_ALIGN must be at a
|
|
minimum of 2MB. As a result, only 10 bits of entropy are
|
|
theoretically possible, but the implementations are further
|
|
limited due to memory layouts.
|
|
|
|
If unsure, say Y.
|
|
|
|
# Relocation on x86 needs some additional build support
|
|
config X86_NEED_RELOCS
|
|
def_bool y
|
|
depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
|
|
|
|
config PHYSICAL_ALIGN
|
|
hex "Alignment value to which kernel should be aligned"
|
|
default "0x200000"
|
|
range 0x2000 0x1000000 if X86_32
|
|
range 0x200000 0x1000000 if X86_64
|
|
---help---
|
|
This value puts the alignment restrictions on physical address
|
|
where kernel is loaded and run from. Kernel is compiled for an
|
|
address which meets above alignment restriction.
|
|
|
|
If bootloader loads the kernel at a non-aligned address and
|
|
CONFIG_RELOCATABLE is set, kernel will move itself to nearest
|
|
address aligned to above value and run from there.
|
|
|
|
If bootloader loads the kernel at a non-aligned address and
|
|
CONFIG_RELOCATABLE is not set, kernel will ignore the run time
|
|
load address and decompress itself to the address it has been
|
|
compiled for and run from there. The address for which kernel is
|
|
compiled already meets above alignment restrictions. Hence the
|
|
end result is that kernel runs from a physical address meeting
|
|
above alignment restrictions.
|
|
|
|
On 32-bit this value must be a multiple of 0x2000. On 64-bit
|
|
this value must be a multiple of 0x200000.
|
|
|
|
Don't change this unless you know what you are doing.
|
|
|
|
config DYNAMIC_MEMORY_LAYOUT
|
|
bool
|
|
---help---
|
|
This option makes base addresses of vmalloc and vmemmap as well as
|
|
__PAGE_OFFSET movable during boot.
|
|
|
|
config RANDOMIZE_MEMORY
|
|
bool "Randomize the kernel memory sections"
|
|
depends on X86_64
|
|
depends on RANDOMIZE_BASE
|
|
select DYNAMIC_MEMORY_LAYOUT
|
|
default RANDOMIZE_BASE
|
|
---help---
|
|
Randomizes the base virtual address of kernel memory sections
|
|
(physical memory mapping, vmalloc & vmemmap). This security feature
|
|
makes exploits relying on predictable memory locations less reliable.
|
|
|
|
The order of allocations remains unchanged. Entropy is generated in
|
|
the same way as RANDOMIZE_BASE. Current implementation in the optimal
|
|
configuration have in average 30,000 different possible virtual
|
|
addresses for each memory section.
|
|
|
|
If unsure, say Y.
|
|
|
|
config RANDOMIZE_MEMORY_PHYSICAL_PADDING
|
|
hex "Physical memory mapping padding" if EXPERT
|
|
depends on RANDOMIZE_MEMORY
|
|
default "0xa" if MEMORY_HOTPLUG
|
|
default "0x0"
|
|
range 0x1 0x40 if MEMORY_HOTPLUG
|
|
range 0x0 0x40
|
|
---help---
|
|
Define the padding in terabytes added to the existing physical
|
|
memory size during kernel memory randomization. It is useful
|
|
for memory hotplug support but reduces the entropy available for
|
|
address randomization.
|
|
|
|
If unsure, leave at the default value.
|
|
|
|
config HOTPLUG_CPU
|
|
def_bool y
|
|
depends on SMP
|
|
|
|
config BOOTPARAM_HOTPLUG_CPU0
|
|
bool "Set default setting of cpu0_hotpluggable"
|
|
depends on HOTPLUG_CPU
|
|
---help---
|
|
Set whether default state of cpu0_hotpluggable is on or off.
|
|
|
|
Say Y here to enable CPU0 hotplug by default. If this switch
|
|
is turned on, there is no need to give cpu0_hotplug kernel
|
|
parameter and the CPU0 hotplug feature is enabled by default.
|
|
|
|
Please note: there are two known CPU0 dependencies if you want
|
|
to enable the CPU0 hotplug feature either by this switch or by
|
|
cpu0_hotplug kernel parameter.
|
|
|
|
First, resume from hibernate or suspend always starts from CPU0.
|
|
So hibernate and suspend are prevented if CPU0 is offline.
|
|
|
|
Second dependency is PIC interrupts always go to CPU0. CPU0 can not
|
|
offline if any interrupt can not migrate out of CPU0. There may
|
|
be other CPU0 dependencies.
|
|
|
|
Please make sure the dependencies are under your control before
|
|
you enable this feature.
|
|
|
|
Say N if you don't want to enable CPU0 hotplug feature by default.
|
|
You still can enable the CPU0 hotplug feature at boot by kernel
|
|
parameter cpu0_hotplug.
|
|
|
|
config DEBUG_HOTPLUG_CPU0
|
|
def_bool n
|
|
prompt "Debug CPU0 hotplug"
|
|
depends on HOTPLUG_CPU
|
|
---help---
|
|
Enabling this option offlines CPU0 (if CPU0 can be offlined) as
|
|
soon as possible and boots up userspace with CPU0 offlined. User
|
|
can online CPU0 back after boot time.
|
|
|
|
To debug CPU0 hotplug, you need to enable CPU0 offline/online
|
|
feature by either turning on CONFIG_BOOTPARAM_HOTPLUG_CPU0 during
|
|
compilation or giving cpu0_hotplug kernel parameter at boot.
|
|
|
|
If unsure, say N.
|
|
|
|
config COMPAT_VDSO
|
|
def_bool n
|
|
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
|
|
depends on COMPAT_32
|
|
---help---
|
|
Certain buggy versions of glibc will crash if they are
|
|
presented with a 32-bit vDSO that is not mapped at the address
|
|
indicated in its segment table.
|
|
|
|
The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
|
|
and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
|
|
49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is
|
|
the only released version with the bug, but OpenSUSE 9
|
|
contains a buggy "glibc 2.3.2".
|
|
|
|
The symptom of the bug is that everything crashes on startup, saying:
|
|
dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
|
|
|
|
Saying Y here changes the default value of the vdso32 boot
|
|
option from 1 to 0, which turns off the 32-bit vDSO entirely.
|
|
This works around the glibc bug but hurts performance.
|
|
|
|
If unsure, say N: if you are compiling your own kernel, you
|
|
are unlikely to be using a buggy version of glibc.
|
|
|
|
choice
|
|
prompt "vsyscall table for legacy applications"
|
|
depends on X86_64
|
|
default LEGACY_VSYSCALL_XONLY
|
|
help
|
|
Legacy user code that does not know how to find the vDSO expects
|
|
to be able to issue three syscalls by calling fixed addresses in
|
|
kernel space. Since this location is not randomized with ASLR,
|
|
it can be used to assist security vulnerability exploitation.
|
|
|
|
This setting can be changed at boot time via the kernel command
|
|
line parameter vsyscall=[emulate|xonly|none].
|
|
|
|
On a system with recent enough glibc (2.14 or newer) and no
|
|
static binaries, you can say None without a performance penalty
|
|
to improve security.
|
|
|
|
If unsure, select "Emulate execution only".
|
|
|
|
config LEGACY_VSYSCALL_EMULATE
|
|
bool "Full emulation"
|
|
help
|
|
The kernel traps and emulates calls into the fixed vsyscall
|
|
address mapping. This makes the mapping non-executable, but
|
|
it still contains readable known contents, which could be
|
|
used in certain rare security vulnerability exploits. This
|
|
configuration is recommended when using legacy userspace
|
|
that still uses vsyscalls along with legacy binary
|
|
instrumentation tools that require code to be readable.
|
|
|
|
An example of this type of legacy userspace is running
|
|
Pin on an old binary that still uses vsyscalls.
|
|
|
|
config LEGACY_VSYSCALL_XONLY
|
|
bool "Emulate execution only"
|
|
help
|
|
The kernel traps and emulates calls into the fixed vsyscall
|
|
address mapping and does not allow reads. This
|
|
configuration is recommended when userspace might use the
|
|
legacy vsyscall area but support for legacy binary
|
|
instrumentation of legacy code is not needed. It mitigates
|
|
certain uses of the vsyscall area as an ASLR-bypassing
|
|
buffer.
|
|
|
|
config LEGACY_VSYSCALL_NONE
|
|
bool "None"
|
|
help
|
|
There will be no vsyscall mapping at all. This will
|
|
eliminate any risk of ASLR bypass due to the vsyscall
|
|
fixed address mapping. Attempts to use the vsyscalls
|
|
will be reported to dmesg, so that either old or
|
|
malicious userspace programs can be identified.
|
|
|
|
endchoice
|
|
|
|
config CMDLINE_BOOL
|
|
bool "Built-in kernel command line"
|
|
---help---
|
|
Allow for specifying boot arguments to the kernel at
|
|
build time. On some systems (e.g. embedded ones), it is
|
|
necessary or convenient to provide some or all of the
|
|
kernel boot arguments with the kernel itself (that is,
|
|
to not rely on the boot loader to provide them.)
|
|
|
|
To compile command line arguments into the kernel,
|
|
set this option to 'Y', then fill in the
|
|
boot arguments in CONFIG_CMDLINE.
|
|
|
|
Systems with fully functional boot loaders (i.e. non-embedded)
|
|
should leave this option set to 'N'.
|
|
|
|
config CMDLINE
|
|
string "Built-in kernel command string"
|
|
depends on CMDLINE_BOOL
|
|
default ""
|
|
---help---
|
|
Enter arguments here that should be compiled into the kernel
|
|
image and used at boot time. If the boot loader provides a
|
|
command line at boot time, it is appended to this string to
|
|
form the full kernel command line, when the system boots.
|
|
|
|
However, you can use the CONFIG_CMDLINE_OVERRIDE option to
|
|
change this behavior.
|
|
|
|
In most cases, the command line (whether built-in or provided
|
|
by the boot loader) should specify the device for the root
|
|
file system.
|
|
|
|
config CMDLINE_OVERRIDE
|
|
bool "Built-in command line overrides boot loader arguments"
|
|
depends on CMDLINE_BOOL
|
|
---help---
|
|
Set this option to 'Y' to have the kernel ignore the boot loader
|
|
command line, and use ONLY the built-in command line.
|
|
|
|
This is used to work around broken boot loaders. This should
|
|
be set to 'N' under normal conditions.
|
|
|
|
config MODIFY_LDT_SYSCALL
|
|
bool "Enable the LDT (local descriptor table)" if EXPERT
|
|
default y
|
|
---help---
|
|
Linux can allow user programs to install a per-process x86
|
|
Local Descriptor Table (LDT) using the modify_ldt(2) system
|
|
call. This is required to run 16-bit or segmented code such as
|
|
DOSEMU or some Wine programs. It is also used by some very old
|
|
threading libraries.
|
|
|
|
Enabling this feature adds a small amount of overhead to
|
|
context switches and increases the low-level kernel attack
|
|
surface. Disabling it removes the modify_ldt(2) system call.
|
|
|
|
Saying 'N' here may make sense for embedded or server kernels.
|
|
|
|
source "kernel/livepatch/Kconfig"
|
|
|
|
endmenu
|
|
|
|
config ARCH_HAS_ADD_PAGES
|
|
def_bool y
|
|
depends on X86_64 && ARCH_ENABLE_MEMORY_HOTPLUG
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTPLUG
|
|
def_bool y
|
|
depends on X86_64 || (X86_32 && HIGHMEM)
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTREMOVE
|
|
def_bool y
|
|
depends on MEMORY_HOTPLUG
|
|
|
|
config USE_PERCPU_NUMA_NODE_ID
|
|
def_bool y
|
|
depends on NUMA
|
|
|
|
config ARCH_ENABLE_SPLIT_PMD_PTLOCK
|
|
def_bool y
|
|
depends on X86_64 || X86_PAE
|
|
|
|
config ARCH_ENABLE_HUGEPAGE_MIGRATION
|
|
def_bool y
|
|
depends on X86_64 && HUGETLB_PAGE && MIGRATION
|
|
|
|
config ARCH_ENABLE_THP_MIGRATION
|
|
def_bool y
|
|
depends on X86_64 && TRANSPARENT_HUGEPAGE
|
|
|
|
menu "Power management and ACPI options"
|
|
|
|
config ARCH_HIBERNATION_HEADER
|
|
def_bool y
|
|
depends on HIBERNATION
|
|
|
|
source "kernel/power/Kconfig"
|
|
|
|
source "drivers/acpi/Kconfig"
|
|
|
|
source "drivers/sfi/Kconfig"
|
|
|
|
config X86_APM_BOOT
|
|
def_bool y
|
|
depends on APM
|
|
|
|
menuconfig APM
|
|
tristate "APM (Advanced Power Management) BIOS support"
|
|
depends on X86_32 && PM_SLEEP
|
|
---help---
|
|
APM is a BIOS specification for saving power using several different
|
|
techniques. This is mostly useful for battery powered laptops with
|
|
APM compliant BIOSes. If you say Y here, the system time will be
|
|
reset after a RESUME operation, the /proc/apm device will provide
|
|
battery status information, and user-space programs will receive
|
|
notification of APM "events" (e.g. battery status change).
|
|
|
|
If you select "Y" here, you can disable actual use of the APM
|
|
BIOS by passing the "apm=off" option to the kernel at boot time.
|
|
|
|
Note that the APM support is almost completely disabled for
|
|
machines with more than one CPU.
|
|
|
|
In order to use APM, you will need supporting software. For location
|
|
and more information, read <file:Documentation/power/apm-acpi.rst>
|
|
and the Battery Powered Linux mini-HOWTO, available from
|
|
<http://www.tldp.org/docs.html#howto>.
|
|
|
|
This driver does not spin down disk drives (see the hdparm(8)
|
|
manpage ("man 8 hdparm") for that), and it doesn't turn off
|
|
VESA-compliant "green" monitors.
|
|
|
|
This driver does not support the TI 4000M TravelMate and the ACER
|
|
486/DX4/75 because they don't have compliant BIOSes. Many "green"
|
|
desktop machines also don't have compliant BIOSes, and this driver
|
|
may cause those machines to panic during the boot phase.
|
|
|
|
Generally, if you don't have a battery in your machine, there isn't
|
|
much point in using this driver and you should say N. If you get
|
|
random kernel OOPSes or reboots that don't seem to be related to
|
|
anything, try disabling/enabling this option (or disabling/enabling
|
|
APM in your BIOS).
|
|
|
|
Some other things you should try when experiencing seemingly random,
|
|
"weird" problems:
|
|
|
|
1) make sure that you have enough swap space and that it is
|
|
enabled.
|
|
2) pass the "no-hlt" option to the kernel
|
|
3) switch on floating point emulation in the kernel and pass
|
|
the "no387" option to the kernel
|
|
4) pass the "floppy=nodma" option to the kernel
|
|
5) pass the "mem=4M" option to the kernel (thereby disabling
|
|
all but the first 4 MB of RAM)
|
|
6) make sure that the CPU is not over clocked.
|
|
7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
|
|
8) disable the cache from your BIOS settings
|
|
9) install a fan for the video card or exchange video RAM
|
|
10) install a better fan for the CPU
|
|
11) exchange RAM chips
|
|
12) exchange the motherboard.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called apm.
|
|
|
|
if APM
|
|
|
|
config APM_IGNORE_USER_SUSPEND
|
|
bool "Ignore USER SUSPEND"
|
|
---help---
|
|
This option will ignore USER SUSPEND requests. On machines with a
|
|
compliant APM BIOS, you want to say N. However, on the NEC Versa M
|
|
series notebooks, it is necessary to say Y because of a BIOS bug.
|
|
|
|
config APM_DO_ENABLE
|
|
bool "Enable PM at boot time"
|
|
---help---
|
|
Enable APM features at boot time. From page 36 of the APM BIOS
|
|
specification: "When disabled, the APM BIOS does not automatically
|
|
power manage devices, enter the Standby State, enter the Suspend
|
|
State, or take power saving steps in response to CPU Idle calls."
|
|
This driver will make CPU Idle calls when Linux is idle (unless this
|
|
feature is turned off -- see "Do CPU IDLE calls", below). This
|
|
should always save battery power, but more complicated APM features
|
|
will be dependent on your BIOS implementation. You may need to turn
|
|
this option off if your computer hangs at boot time when using APM
|
|
support, or if it beeps continuously instead of suspending. Turn
|
|
this off if you have a NEC UltraLite Versa 33/C or a Toshiba
|
|
T400CDT. This is off by default since most machines do fine without
|
|
this feature.
|
|
|
|
config APM_CPU_IDLE
|
|
depends on CPU_IDLE
|
|
bool "Make CPU Idle calls when idle"
|
|
---help---
|
|
Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
|
|
On some machines, this can activate improved power savings, such as
|
|
a slowed CPU clock rate, when the machine is idle. These idle calls
|
|
are made after the idle loop has run for some length of time (e.g.,
|
|
333 mS). On some machines, this will cause a hang at boot time or
|
|
whenever the CPU becomes idle. (On machines with more than one CPU,
|
|
this option does nothing.)
|
|
|
|
config APM_DISPLAY_BLANK
|
|
bool "Enable console blanking using APM"
|
|
---help---
|
|
Enable console blanking using the APM. Some laptops can use this to
|
|
turn off the LCD backlight when the screen blanker of the Linux
|
|
virtual console blanks the screen. Note that this is only used by
|
|
the virtual console screen blanker, and won't turn off the backlight
|
|
when using the X Window system. This also doesn't have anything to
|
|
do with your VESA-compliant power-saving monitor. Further, this
|
|
option doesn't work for all laptops -- it might not turn off your
|
|
backlight at all, or it might print a lot of errors to the console,
|
|
especially if you are using gpm.
|
|
|
|
config APM_ALLOW_INTS
|
|
bool "Allow interrupts during APM BIOS calls"
|
|
---help---
|
|
Normally we disable external interrupts while we are making calls to
|
|
the APM BIOS as a measure to lessen the effects of a badly behaving
|
|
BIOS implementation. The BIOS should reenable interrupts if it
|
|
needs to. Unfortunately, some BIOSes do not -- especially those in
|
|
many of the newer IBM Thinkpads. If you experience hangs when you
|
|
suspend, try setting this to Y. Otherwise, say N.
|
|
|
|
endif # APM
|
|
|
|
source "drivers/cpufreq/Kconfig"
|
|
|
|
source "drivers/cpuidle/Kconfig"
|
|
|
|
source "drivers/idle/Kconfig"
|
|
|
|
endmenu
|
|
|
|
|
|
menu "Bus options (PCI etc.)"
|
|
|
|
choice
|
|
prompt "PCI access mode"
|
|
depends on X86_32 && PCI
|
|
default PCI_GOANY
|
|
---help---
|
|
On PCI systems, the BIOS can be used to detect the PCI devices and
|
|
determine their configuration. However, some old PCI motherboards
|
|
have BIOS bugs and may crash if this is done. Also, some embedded
|
|
PCI-based systems don't have any BIOS at all. Linux can also try to
|
|
detect the PCI hardware directly without using the BIOS.
|
|
|
|
With this option, you can specify how Linux should detect the
|
|
PCI devices. If you choose "BIOS", the BIOS will be used,
|
|
if you choose "Direct", the BIOS won't be used, and if you
|
|
choose "MMConfig", then PCI Express MMCONFIG will be used.
|
|
If you choose "Any", the kernel will try MMCONFIG, then the
|
|
direct access method and falls back to the BIOS if that doesn't
|
|
work. If unsure, go with the default, which is "Any".
|
|
|
|
config PCI_GOBIOS
|
|
bool "BIOS"
|
|
|
|
config PCI_GOMMCONFIG
|
|
bool "MMConfig"
|
|
|
|
config PCI_GODIRECT
|
|
bool "Direct"
|
|
|
|
config PCI_GOOLPC
|
|
bool "OLPC XO-1"
|
|
depends on OLPC
|
|
|
|
config PCI_GOANY
|
|
bool "Any"
|
|
|
|
endchoice
|
|
|
|
config PCI_BIOS
|
|
def_bool y
|
|
depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
|
|
|
|
# x86-64 doesn't support PCI BIOS access from long mode so always go direct.
|
|
config PCI_DIRECT
|
|
def_bool y
|
|
depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
|
|
|
|
config PCI_MMCONFIG
|
|
bool "Support mmconfig PCI config space access" if X86_64
|
|
default y
|
|
depends on PCI && (ACPI || SFI || JAILHOUSE_GUEST)
|
|
depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
|
|
|
|
config PCI_OLPC
|
|
def_bool y
|
|
depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
|
|
|
|
config PCI_XEN
|
|
def_bool y
|
|
depends on PCI && XEN
|
|
select SWIOTLB_XEN
|
|
|
|
config MMCONF_FAM10H
|
|
def_bool y
|
|
depends on X86_64 && PCI_MMCONFIG && ACPI
|
|
|
|
config PCI_CNB20LE_QUIRK
|
|
bool "Read CNB20LE Host Bridge Windows" if EXPERT
|
|
depends on PCI
|
|
help
|
|
Read the PCI windows out of the CNB20LE host bridge. This allows
|
|
PCI hotplug to work on systems with the CNB20LE chipset which do
|
|
not have ACPI.
|
|
|
|
There's no public spec for this chipset, and this functionality
|
|
is known to be incomplete.
|
|
|
|
You should say N unless you know you need this.
|
|
|
|
config ISA_BUS
|
|
bool "ISA bus support on modern systems" if EXPERT
|
|
help
|
|
Expose ISA bus device drivers and options available for selection and
|
|
configuration. Enable this option if your target machine has an ISA
|
|
bus. ISA is an older system, displaced by PCI and newer bus
|
|
architectures -- if your target machine is modern, it probably does
|
|
not have an ISA bus.
|
|
|
|
If unsure, say N.
|
|
|
|
# x86_64 have no ISA slots, but can have ISA-style DMA.
|
|
config ISA_DMA_API
|
|
bool "ISA-style DMA support" if (X86_64 && EXPERT)
|
|
default y
|
|
help
|
|
Enables ISA-style DMA support for devices requiring such controllers.
|
|
If unsure, say Y.
|
|
|
|
if X86_32
|
|
|
|
config ISA
|
|
bool "ISA support"
|
|
---help---
|
|
Find out whether you have ISA slots on your motherboard. ISA is the
|
|
name of a bus system, i.e. the way the CPU talks to the other stuff
|
|
inside your box. Other bus systems are PCI, EISA, MicroChannel
|
|
(MCA) or VESA. ISA is an older system, now being displaced by PCI;
|
|
newer boards don't support it. If you have ISA, say Y, otherwise N.
|
|
|
|
config SCx200
|
|
tristate "NatSemi SCx200 support"
|
|
---help---
|
|
This provides basic support for National Semiconductor's
|
|
(now AMD's) Geode processors. The driver probes for the
|
|
PCI-IDs of several on-chip devices, so its a good dependency
|
|
for other scx200_* drivers.
|
|
|
|
If compiled as a module, the driver is named scx200.
|
|
|
|
config SCx200HR_TIMER
|
|
tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
|
|
depends on SCx200
|
|
default y
|
|
---help---
|
|
This driver provides a clocksource built upon the on-chip
|
|
27MHz high-resolution timer. Its also a workaround for
|
|
NSC Geode SC-1100's buggy TSC, which loses time when the
|
|
processor goes idle (as is done by the scheduler). The
|
|
other workaround is idle=poll boot option.
|
|
|
|
config OLPC
|
|
bool "One Laptop Per Child support"
|
|
depends on !X86_PAE
|
|
select GPIOLIB
|
|
select OF
|
|
select OF_PROMTREE
|
|
select IRQ_DOMAIN
|
|
select OLPC_EC
|
|
---help---
|
|
Add support for detecting the unique features of the OLPC
|
|
XO hardware.
|
|
|
|
config OLPC_XO1_PM
|
|
bool "OLPC XO-1 Power Management"
|
|
depends on OLPC && MFD_CS5535=y && PM_SLEEP
|
|
---help---
|
|
Add support for poweroff and suspend of the OLPC XO-1 laptop.
|
|
|
|
config OLPC_XO1_RTC
|
|
bool "OLPC XO-1 Real Time Clock"
|
|
depends on OLPC_XO1_PM && RTC_DRV_CMOS
|
|
---help---
|
|
Add support for the XO-1 real time clock, which can be used as a
|
|
programmable wakeup source.
|
|
|
|
config OLPC_XO1_SCI
|
|
bool "OLPC XO-1 SCI extras"
|
|
depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
|
|
depends on INPUT=y
|
|
select POWER_SUPPLY
|
|
---help---
|
|
Add support for SCI-based features of the OLPC XO-1 laptop:
|
|
- EC-driven system wakeups
|
|
- Power button
|
|
- Ebook switch
|
|
- Lid switch
|
|
- AC adapter status updates
|
|
- Battery status updates
|
|
|
|
config OLPC_XO15_SCI
|
|
bool "OLPC XO-1.5 SCI extras"
|
|
depends on OLPC && ACPI
|
|
select POWER_SUPPLY
|
|
---help---
|
|
Add support for SCI-based features of the OLPC XO-1.5 laptop:
|
|
- EC-driven system wakeups
|
|
- AC adapter status updates
|
|
- Battery status updates
|
|
|
|
config ALIX
|
|
bool "PCEngines ALIX System Support (LED setup)"
|
|
select GPIOLIB
|
|
---help---
|
|
This option enables system support for the PCEngines ALIX.
|
|
At present this just sets up LEDs for GPIO control on
|
|
ALIX2/3/6 boards. However, other system specific setup should
|
|
get added here.
|
|
|
|
Note: You must still enable the drivers for GPIO and LED support
|
|
(GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
|
|
|
|
Note: You have to set alix.force=1 for boards with Award BIOS.
|
|
|
|
config NET5501
|
|
bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
|
|
select GPIOLIB
|
|
---help---
|
|
This option enables system support for the Soekris Engineering net5501.
|
|
|
|
config GEOS
|
|
bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
|
|
select GPIOLIB
|
|
depends on DMI
|
|
---help---
|
|
This option enables system support for the Traverse Technologies GEOS.
|
|
|
|
config TS5500
|
|
bool "Technologic Systems TS-5500 platform support"
|
|
depends on MELAN
|
|
select CHECK_SIGNATURE
|
|
select NEW_LEDS
|
|
select LEDS_CLASS
|
|
---help---
|
|
This option enables system support for the Technologic Systems TS-5500.
|
|
|
|
endif # X86_32
|
|
|
|
config AMD_NB
|
|
def_bool y
|
|
depends on CPU_SUP_AMD && PCI
|
|
|
|
config X86_SYSFB
|
|
bool "Mark VGA/VBE/EFI FB as generic system framebuffer"
|
|
help
|
|
Firmwares often provide initial graphics framebuffers so the BIOS,
|
|
bootloader or kernel can show basic video-output during boot for
|
|
user-guidance and debugging. Historically, x86 used the VESA BIOS
|
|
Extensions and EFI-framebuffers for this, which are mostly limited
|
|
to x86.
|
|
This option, if enabled, marks VGA/VBE/EFI framebuffers as generic
|
|
framebuffers so the new generic system-framebuffer drivers can be
|
|
used on x86. If the framebuffer is not compatible with the generic
|
|
modes, it is advertised as fallback platform framebuffer so legacy
|
|
drivers like efifb, vesafb and uvesafb can pick it up.
|
|
If this option is not selected, all system framebuffers are always
|
|
marked as fallback platform framebuffers as usual.
|
|
|
|
Note: Legacy fbdev drivers, including vesafb, efifb, uvesafb, will
|
|
not be able to pick up generic system framebuffers if this option
|
|
is selected. You are highly encouraged to enable simplefb as
|
|
replacement if you select this option. simplefb can correctly deal
|
|
with generic system framebuffers. But you should still keep vesafb
|
|
and others enabled as fallback if a system framebuffer is
|
|
incompatible with simplefb.
|
|
|
|
If unsure, say Y.
|
|
|
|
endmenu
|
|
|
|
|
|
menu "Binary Emulations"
|
|
|
|
config IA32_EMULATION
|
|
bool "IA32 Emulation"
|
|
depends on X86_64
|
|
select ARCH_WANT_OLD_COMPAT_IPC
|
|
select BINFMT_ELF
|
|
select COMPAT_BINFMT_ELF
|
|
select COMPAT_OLD_SIGACTION
|
|
---help---
|
|
Include code to run legacy 32-bit programs under a
|
|
64-bit kernel. You should likely turn this on, unless you're
|
|
100% sure that you don't have any 32-bit programs left.
|
|
|
|
config IA32_AOUT
|
|
tristate "IA32 a.out support"
|
|
depends on IA32_EMULATION
|
|
depends on BROKEN
|
|
---help---
|
|
Support old a.out binaries in the 32bit emulation.
|
|
|
|
config X86_X32
|
|
bool "x32 ABI for 64-bit mode"
|
|
depends on X86_64
|
|
---help---
|
|
Include code to run binaries for the x32 native 32-bit ABI
|
|
for 64-bit processors. An x32 process gets access to the
|
|
full 64-bit register file and wide data path while leaving
|
|
pointers at 32 bits for smaller memory footprint.
|
|
|
|
You will need a recent binutils (2.22 or later) with
|
|
elf32_x86_64 support enabled to compile a kernel with this
|
|
option set.
|
|
|
|
config COMPAT_32
|
|
def_bool y
|
|
depends on IA32_EMULATION || X86_32
|
|
select HAVE_UID16
|
|
select OLD_SIGSUSPEND3
|
|
|
|
config COMPAT
|
|
def_bool y
|
|
depends on IA32_EMULATION || X86_X32
|
|
|
|
if COMPAT
|
|
config COMPAT_FOR_U64_ALIGNMENT
|
|
def_bool y
|
|
|
|
config SYSVIPC_COMPAT
|
|
def_bool y
|
|
depends on SYSVIPC
|
|
endif
|
|
|
|
endmenu
|
|
|
|
|
|
config HAVE_ATOMIC_IOMAP
|
|
def_bool y
|
|
depends on X86_32
|
|
|
|
config X86_DEV_DMA_OPS
|
|
bool
|
|
|
|
source "drivers/firmware/Kconfig"
|
|
|
|
source "arch/x86/kvm/Kconfig"
|