1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0 2fb32e03fSMathieu Desnoyers# 3fb32e03fSMathieu Desnoyers# General architecture dependent options 4fb32e03fSMathieu Desnoyers# 5125e5645SMathieu Desnoyers 61572497cSChristoph Hellwig# 71572497cSChristoph Hellwig# Note: arch/$(SRCARCH)/Kconfig needs to be included first so that it can 81572497cSChristoph Hellwig# override the default values in this file. 91572497cSChristoph Hellwig# 101572497cSChristoph Hellwigsource "arch/$(SRCARCH)/Kconfig" 111572497cSChristoph Hellwig 1222471e13SRandy Dunlapmenu "General architecture-dependent options" 1322471e13SRandy Dunlap 14692f66f2SHari Bathiniconfig CRASH_CORE 15692f66f2SHari Bathini bool 16692f66f2SHari Bathini 172965faa5SDave Youngconfig KEXEC_CORE 18692f66f2SHari Bathini select CRASH_CORE 192965faa5SDave Young bool 202965faa5SDave Young 21175fca3bSSven Schnelleconfig KEXEC_ELF 22175fca3bSSven Schnelle bool 23175fca3bSSven Schnelle 24467d2782SThiago Jung Bauermannconfig HAVE_IMA_KEXEC 25467d2782SThiago Jung Bauermann bool 26467d2782SThiago Jung Bauermann 27da32b581SCatalin Marinasconfig ARCH_HAS_SUBPAGE_FAULTS 28da32b581SCatalin Marinas bool 29da32b581SCatalin Marinas help 30da32b581SCatalin Marinas Select if the architecture can check permissions at sub-page 31da32b581SCatalin Marinas granularity (e.g. arm64 MTE). The probe_user_*() functions 32da32b581SCatalin Marinas must be implemented. 33da32b581SCatalin Marinas 3405736e4aSThomas Gleixnerconfig HOTPLUG_SMT 3505736e4aSThomas Gleixner bool 3605736e4aSThomas Gleixner 37142781e1SThomas Gleixnerconfig GENERIC_ENTRY 38142781e1SThomas Gleixner bool 39142781e1SThomas Gleixner 40125e5645SMathieu Desnoyersconfig KPROBES 41125e5645SMathieu Desnoyers bool "Kprobes" 4205ed160eSMasami Hiramatsu depends on MODULES 43125e5645SMathieu Desnoyers depends on HAVE_KPROBES 4405ed160eSMasami Hiramatsu select KALLSYMS 45835f14edSPaul E. McKenney select TASKS_RCU if PREEMPTION 46125e5645SMathieu Desnoyers help 47125e5645SMathieu Desnoyers Kprobes allows you to trap at almost any kernel address and 48125e5645SMathieu Desnoyers execute a callback function. register_kprobe() establishes 49125e5645SMathieu Desnoyers a probepoint and specifies the callback. Kprobes is useful 50125e5645SMathieu Desnoyers for kernel debugging, non-intrusive instrumentation and testing. 51125e5645SMathieu Desnoyers If in doubt, say "N". 52125e5645SMathieu Desnoyers 5345f81b1cSSteven Rostedtconfig JUMP_LABEL 54c5905afbSIngo Molnar bool "Optimize very unlikely/likely branches" 5545f81b1cSSteven Rostedt depends on HAVE_ARCH_JUMP_LABEL 564ab7674fSJosh Poimboeuf select OBJTOOL if HAVE_JUMP_LABEL_HACK 5745f81b1cSSteven Rostedt help 58c5905afbSIngo Molnar This option enables a transparent branch optimization that 59c5905afbSIngo Molnar makes certain almost-always-true or almost-always-false branch 60c5905afbSIngo Molnar conditions even cheaper to execute within the kernel. 6145f81b1cSSteven Rostedt 62c5905afbSIngo Molnar Certain performance-sensitive kernel code, such as trace points, 63c5905afbSIngo Molnar scheduler functionality, networking code and KVM have such 64c5905afbSIngo Molnar branches and include support for this optimization technique. 65c5905afbSIngo Molnar 66c5905afbSIngo Molnar If it is detected that the compiler has support for "asm goto", 67c5905afbSIngo Molnar the kernel will compile such branches with just a nop 68c5905afbSIngo Molnar instruction. When the condition flag is toggled to true, the 69c5905afbSIngo Molnar nop will be converted to a jump instruction to execute the 70c5905afbSIngo Molnar conditional block of instructions. 71c5905afbSIngo Molnar 72c5905afbSIngo Molnar This technique lowers overhead and stress on the branch prediction 73c5905afbSIngo Molnar of the processor and generally makes the kernel faster. The update 74c5905afbSIngo Molnar of the condition is slower, but those are always very rare. 75c5905afbSIngo Molnar 76c5905afbSIngo Molnar ( On 32-bit x86, the necessary options added to the compiler 77c5905afbSIngo Molnar flags may increase the size of the kernel slightly. ) 7845f81b1cSSteven Rostedt 791987c947SPeter Zijlstraconfig STATIC_KEYS_SELFTEST 801987c947SPeter Zijlstra bool "Static key selftest" 811987c947SPeter Zijlstra depends on JUMP_LABEL 821987c947SPeter Zijlstra help 831987c947SPeter Zijlstra Boot time self-test of the branch patching code. 841987c947SPeter Zijlstra 85f03c4129SPeter Zijlstraconfig STATIC_CALL_SELFTEST 86f03c4129SPeter Zijlstra bool "Static call selftest" 87f03c4129SPeter Zijlstra depends on HAVE_STATIC_CALL 88f03c4129SPeter Zijlstra help 89f03c4129SPeter Zijlstra Boot time self-test of the call patching code. 90f03c4129SPeter Zijlstra 91afd66255SMasami Hiramatsuconfig OPTPROBES 925cc718b9SMasami Hiramatsu def_bool y 935cc718b9SMasami Hiramatsu depends on KPROBES && HAVE_OPTPROBES 9401b1d88bSThomas Gleixner select TASKS_RCU if PREEMPTION 95afd66255SMasami Hiramatsu 96e7dbfe34SMasami Hiramatsuconfig KPROBES_ON_FTRACE 97e7dbfe34SMasami Hiramatsu def_bool y 98e7dbfe34SMasami Hiramatsu depends on KPROBES && HAVE_KPROBES_ON_FTRACE 99e7dbfe34SMasami Hiramatsu depends on DYNAMIC_FTRACE_WITH_REGS 100e7dbfe34SMasami Hiramatsu help 101e7dbfe34SMasami Hiramatsu If function tracer is enabled and the arch supports full 102e7dbfe34SMasami Hiramatsu passing of pt_regs to function tracing, then kprobes can 103e7dbfe34SMasami Hiramatsu optimize on top of function tracing. 104e7dbfe34SMasami Hiramatsu 1052b144498SSrikar Dronamrajuconfig UPROBES 10609294e31SDavid A. Long def_bool n 107e8f4aa60SAllen Pais depends on ARCH_SUPPORTS_UPROBES 1082b144498SSrikar Dronamraju help 1097b2d81d4SIngo Molnar Uprobes is the user-space counterpart to kprobes: they 1107b2d81d4SIngo Molnar enable instrumentation applications (such as 'perf probe') 1117b2d81d4SIngo Molnar to establish unintrusive probes in user-space binaries and 1127b2d81d4SIngo Molnar libraries, by executing handler functions when the probes 1137b2d81d4SIngo Molnar are hit by user-space applications. 1147b2d81d4SIngo Molnar 1157b2d81d4SIngo Molnar ( These probes come in the form of single-byte breakpoints, 1167b2d81d4SIngo Molnar managed by the kernel and kept transparent to the probed 1177b2d81d4SIngo Molnar application. ) 1182b144498SSrikar Dronamraju 119adab66b7SSteven Rostedt (VMware)config HAVE_64BIT_ALIGNED_ACCESS 120adab66b7SSteven Rostedt (VMware) def_bool 64BIT && !HAVE_EFFICIENT_UNALIGNED_ACCESS 121adab66b7SSteven Rostedt (VMware) help 122adab66b7SSteven Rostedt (VMware) Some architectures require 64 bit accesses to be 64 bit 123adab66b7SSteven Rostedt (VMware) aligned, which also requires structs containing 64 bit values 124adab66b7SSteven Rostedt (VMware) to be 64 bit aligned too. This includes some 32 bit 125adab66b7SSteven Rostedt (VMware) architectures which can do 64 bit accesses, as well as 64 bit 126adab66b7SSteven Rostedt (VMware) architectures without unaligned access. 127adab66b7SSteven Rostedt (VMware) 128adab66b7SSteven Rostedt (VMware) This symbol should be selected by an architecture if 64 bit 129adab66b7SSteven Rostedt (VMware) accesses are required to be 64 bit aligned in this way even 130adab66b7SSteven Rostedt (VMware) though it is not a 64 bit architecture. 131adab66b7SSteven Rostedt (VMware) 132ba1a297dSLukas Bulwahn See Documentation/core-api/unaligned-memory-access.rst for 133ba1a297dSLukas Bulwahn more information on the topic of unaligned memory accesses. 134adab66b7SSteven Rostedt (VMware) 13558340a07SJohannes Bergconfig HAVE_EFFICIENT_UNALIGNED_ACCESS 1369ba16087SJan Beulich bool 13758340a07SJohannes Berg help 13858340a07SJohannes Berg Some architectures are unable to perform unaligned accesses 13958340a07SJohannes Berg without the use of get_unaligned/put_unaligned. Others are 14058340a07SJohannes Berg unable to perform such accesses efficiently (e.g. trap on 14158340a07SJohannes Berg unaligned access and require fixing it up in the exception 14258340a07SJohannes Berg handler.) 14358340a07SJohannes Berg 14458340a07SJohannes Berg This symbol should be selected by an architecture if it can 14558340a07SJohannes Berg perform unaligned accesses efficiently to allow different 14658340a07SJohannes Berg code paths to be selected for these cases. Some network 14758340a07SJohannes Berg drivers, for example, could opt to not fix up alignment 14858340a07SJohannes Berg problems with received packets if doing so would not help 14958340a07SJohannes Berg much. 15058340a07SJohannes Berg 151c9b54d6fSMauro Carvalho Chehab See Documentation/core-api/unaligned-memory-access.rst for more 15258340a07SJohannes Berg information on the topic of unaligned memory accesses. 15358340a07SJohannes Berg 154cf66bb93SDavid Woodhouseconfig ARCH_USE_BUILTIN_BSWAP 155cf66bb93SDavid Woodhouse bool 156cf66bb93SDavid Woodhouse help 157cf66bb93SDavid Woodhouse Modern versions of GCC (since 4.4) have builtin functions 158cf66bb93SDavid Woodhouse for handling byte-swapping. Using these, instead of the old 159cf66bb93SDavid Woodhouse inline assembler that the architecture code provides in the 160cf66bb93SDavid Woodhouse __arch_bswapXX() macros, allows the compiler to see what's 161cf66bb93SDavid Woodhouse happening and offers more opportunity for optimisation. In 162cf66bb93SDavid Woodhouse particular, the compiler will be able to combine the byteswap 163cf66bb93SDavid Woodhouse with a nearby load or store and use load-and-swap or 164cf66bb93SDavid Woodhouse store-and-swap instructions if the architecture has them. It 165cf66bb93SDavid Woodhouse should almost *never* result in code which is worse than the 166cf66bb93SDavid Woodhouse hand-coded assembler in <asm/swab.h>. But just in case it 167cf66bb93SDavid Woodhouse does, the use of the builtins is optional. 168cf66bb93SDavid Woodhouse 169cf66bb93SDavid Woodhouse Any architecture with load-and-swap or store-and-swap 170cf66bb93SDavid Woodhouse instructions should set this. And it shouldn't hurt to set it 171cf66bb93SDavid Woodhouse on architectures that don't have such instructions. 172cf66bb93SDavid Woodhouse 1739edddaa2SAnanth N Mavinakayanahalliconfig KRETPROBES 1749edddaa2SAnanth N Mavinakayanahalli def_bool y 17573f9b911SMasami Hiramatsu depends on KPROBES && (HAVE_KRETPROBES || HAVE_RETHOOK) 17673f9b911SMasami Hiramatsu 17773f9b911SMasami Hiramatsuconfig KRETPROBE_ON_RETHOOK 17873f9b911SMasami Hiramatsu def_bool y 17973f9b911SMasami Hiramatsu depends on HAVE_RETHOOK 18073f9b911SMasami Hiramatsu depends on KRETPROBES 18173f9b911SMasami Hiramatsu select RETHOOK 1829edddaa2SAnanth N Mavinakayanahalli 1837c68af6eSAvi Kivityconfig USER_RETURN_NOTIFIER 1847c68af6eSAvi Kivity bool 1857c68af6eSAvi Kivity depends on HAVE_USER_RETURN_NOTIFIER 1867c68af6eSAvi Kivity help 1877c68af6eSAvi Kivity Provide a kernel-internal notification when a cpu is about to 1887c68af6eSAvi Kivity switch to user mode. 1897c68af6eSAvi Kivity 19028b2ee20SRik van Rielconfig HAVE_IOREMAP_PROT 1919ba16087SJan Beulich bool 19228b2ee20SRik van Riel 193125e5645SMathieu Desnoyersconfig HAVE_KPROBES 1949ba16087SJan Beulich bool 1959edddaa2SAnanth N Mavinakayanahalli 1969edddaa2SAnanth N Mavinakayanahalliconfig HAVE_KRETPROBES 1979ba16087SJan Beulich bool 19874bc7ceeSArthur Kepner 199afd66255SMasami Hiramatsuconfig HAVE_OPTPROBES 200afd66255SMasami Hiramatsu bool 201d314d74cSCong Wang 202e7dbfe34SMasami Hiramatsuconfig HAVE_KPROBES_ON_FTRACE 203e7dbfe34SMasami Hiramatsu bool 204e7dbfe34SMasami Hiramatsu 2051f6d3a8fSMasami Hiramatsuconfig ARCH_CORRECT_STACKTRACE_ON_KRETPROBE 2061f6d3a8fSMasami Hiramatsu bool 2071f6d3a8fSMasami Hiramatsu help 2081f6d3a8fSMasami Hiramatsu Since kretprobes modifies return address on the stack, the 2091f6d3a8fSMasami Hiramatsu stacktrace may see the kretprobe trampoline address instead 2101f6d3a8fSMasami Hiramatsu of correct one. If the architecture stacktrace code and 2111f6d3a8fSMasami Hiramatsu unwinder can adjust such entries, select this configuration. 2121f6d3a8fSMasami Hiramatsu 213540adea3SMasami Hiramatsuconfig HAVE_FUNCTION_ERROR_INJECTION 2149802d865SJosef Bacik bool 2159802d865SJosef Bacik 21642a0bb3fSPetr Mladekconfig HAVE_NMI 21742a0bb3fSPetr Mladek bool 21842a0bb3fSPetr Mladek 219a257caccSChristophe Leroyconfig HAVE_FUNCTION_DESCRIPTORS 220a257caccSChristophe Leroy bool 221a257caccSChristophe Leroy 2224aae683fSMasahiro Yamadaconfig TRACE_IRQFLAGS_SUPPORT 2234aae683fSMasahiro Yamada bool 2244aae683fSMasahiro Yamada 2254510bffbSMark Rutlandconfig TRACE_IRQFLAGS_NMI_SUPPORT 2264510bffbSMark Rutland bool 2274510bffbSMark Rutland 2281f5a4ad9SRoland McGrath# 2291f5a4ad9SRoland McGrath# An arch should select this if it provides all these things: 2301f5a4ad9SRoland McGrath# 2311f5a4ad9SRoland McGrath# task_pt_regs() in asm/processor.h or asm/ptrace.h 2321f5a4ad9SRoland McGrath# arch_has_single_step() if there is hardware single-step support 2331f5a4ad9SRoland McGrath# arch_has_block_step() if there is hardware block-step support 2341f5a4ad9SRoland McGrath# asm/syscall.h supplying asm-generic/syscall.h interface 2351f5a4ad9SRoland McGrath# linux/regset.h user_regset interfaces 2361f5a4ad9SRoland McGrath# CORE_DUMP_USE_REGSET #define'd in linux/elf.h 237153474baSEric W. Biederman# TIF_SYSCALL_TRACE calls ptrace_report_syscall_{entry,exit} 23803248addSEric W. Biederman# TIF_NOTIFY_RESUME calls resume_user_mode_work() 2391f5a4ad9SRoland McGrath# 2401f5a4ad9SRoland McGrathconfig HAVE_ARCH_TRACEHOOK 2419ba16087SJan Beulich bool 2421f5a4ad9SRoland McGrath 243c64be2bbSMarek Szyprowskiconfig HAVE_DMA_CONTIGUOUS 244c64be2bbSMarek Szyprowski bool 245c64be2bbSMarek Szyprowski 24629d5e047SThomas Gleixnerconfig GENERIC_SMP_IDLE_THREAD 24729d5e047SThomas Gleixner bool 24829d5e047SThomas Gleixner 249485cf5daSKevin Hilmanconfig GENERIC_IDLE_POLL_SETUP 250485cf5daSKevin Hilman bool 251485cf5daSKevin Hilman 2526974f0c4SDaniel Micayconfig ARCH_HAS_FORTIFY_SOURCE 2536974f0c4SDaniel Micay bool 2546974f0c4SDaniel Micay help 2556974f0c4SDaniel Micay An architecture should select this when it can successfully 2566974f0c4SDaniel Micay build and run with CONFIG_FORTIFY_SOURCE. 2576974f0c4SDaniel Micay 258d8ae8a37SChristoph Hellwig# 259d8ae8a37SChristoph Hellwig# Select if the arch provides a historic keepinit alias for the retain_initrd 260d8ae8a37SChristoph Hellwig# command line option 261d8ae8a37SChristoph Hellwig# 262d8ae8a37SChristoph Hellwigconfig ARCH_HAS_KEEPINITRD 263d8ae8a37SChristoph Hellwig bool 264d8ae8a37SChristoph Hellwig 265d2852a22SDaniel Borkmann# Select if arch has all set_memory_ro/rw/x/nx() functions in asm/cacheflush.h 266d2852a22SDaniel Borkmannconfig ARCH_HAS_SET_MEMORY 267d2852a22SDaniel Borkmann bool 268d2852a22SDaniel Borkmann 269d253ca0cSRick Edgecombe# Select if arch has all set_direct_map_invalid/default() functions 270d253ca0cSRick Edgecombeconfig ARCH_HAS_SET_DIRECT_MAP 271d253ca0cSRick Edgecombe bool 272d253ca0cSRick Edgecombe 273c30700dbSChristoph Hellwig# 274fa7e2247SChristoph Hellwig# Select if the architecture provides the arch_dma_set_uncached symbol to 275a86ecfa6SColin Ian King# either provide an uncached segment alias for a DMA allocation, or 276fa7e2247SChristoph Hellwig# to remap the page tables in place. 277c30700dbSChristoph Hellwig# 278fa7e2247SChristoph Hellwigconfig ARCH_HAS_DMA_SET_UNCACHED 279c30700dbSChristoph Hellwig bool 280c30700dbSChristoph Hellwig 281999a5d12SChristoph Hellwig# 282999a5d12SChristoph Hellwig# Select if the architectures provides the arch_dma_clear_uncached symbol 283999a5d12SChristoph Hellwig# to undo an in-place page table remap for uncached access. 284999a5d12SChristoph Hellwig# 285999a5d12SChristoph Hellwigconfig ARCH_HAS_DMA_CLEAR_UNCACHED 286f5e10287SThomas Gleixner bool 287f5e10287SThomas Gleixner 2885905429aSKees Cook# Select if arch init_task must go in the __init_task_data section 2895905429aSKees Cookconfig ARCH_TASK_STRUCT_ON_STACK 2905905429aSKees Cook bool 2915905429aSKees Cook 2925905429aSKees Cook# Select if arch has its private alloc_task_struct() function 2935905429aSKees Cookconfig ARCH_TASK_STRUCT_ALLOCATOR 2945905429aSKees Cook bool 2955905429aSKees Cook 2965905429aSKees Cookconfig HAVE_ARCH_THREAD_STRUCT_WHITELIST 2975905429aSKees Cook bool 2985905429aSKees Cook depends on !ARCH_TASK_STRUCT_ALLOCATOR 299b235beeaSLinus Torvalds help 300b235beeaSLinus Torvalds An architecture should select this to provide hardened usercopy 301f5e10287SThomas Gleixner knowledge about what region of the thread_struct should be 302f5e10287SThomas Gleixner whitelisted for copying to userspace. Normally this is only the 3035aaeb5c0SIngo Molnar FPU registers. Specifically, arch_thread_struct_whitelist() 3045aaeb5c0SIngo Molnar should be implemented. Without this, the entire thread_struct 3055aaeb5c0SIngo Molnar field in task_struct will be left whitelisted. 3065aaeb5c0SIngo Molnar 307942fa985SYury Norov# Select if arch has its private alloc_thread_stack() function 308942fa985SYury Norovconfig ARCH_THREAD_STACK_ALLOCATOR 309942fa985SYury Norov bool 310942fa985SYury Norov 311942fa985SYury Norov# Select if arch wants to size task_struct dynamically via arch_task_struct_size: 312942fa985SYury Norovconfig ARCH_WANTS_DYNAMIC_TASK_STRUCT 313942fa985SYury Norov bool 314942fa985SYury Norov 31551c2ee6dSNick Desaulniersconfig ARCH_WANTS_NO_INSTR 31651c2ee6dSNick Desaulniers bool 31751c2ee6dSNick Desaulniers help 31851c2ee6dSNick Desaulniers An architecture should select this if the noinstr macro is being used on 31951c2ee6dSNick Desaulniers functions to denote that the toolchain should avoid instrumenting such 32051c2ee6dSNick Desaulniers functions and is required for correctness. 32151c2ee6dSNick Desaulniers 322942fa985SYury Norovconfig ARCH_32BIT_OFF_T 323942fa985SYury Norov bool 324942fa985SYury Norov depends on !64BIT 325942fa985SYury Norov help 326942fa985SYury Norov All new 32-bit architectures should have 64-bit off_t type on 327942fa985SYury Norov userspace side which corresponds to the loff_t kernel type. This 328942fa985SYury Norov is the requirement for modern ABIs. Some existing architectures 329942fa985SYury Norov still support 32-bit off_t. This option is enabled for all such 330942fa985SYury Norov architectures explicitly. 331942fa985SYury Norov 33296c0a6a7SHeiko Carstens# Selected by 64 bit architectures which have a 32 bit f_tinode in struct ustat 33396c0a6a7SHeiko Carstensconfig ARCH_32BIT_USTAT_F_TINODE 33496c0a6a7SHeiko Carstens bool 33596c0a6a7SHeiko Carstens 3362ff2b7ecSMasahiro Yamadaconfig HAVE_ASM_MODVERSIONS 3372ff2b7ecSMasahiro Yamada bool 3382ff2b7ecSMasahiro Yamada help 339a86ecfa6SColin Ian King This symbol should be selected by an architecture if it provides 3402ff2b7ecSMasahiro Yamada <asm/asm-prototypes.h> to support the module versioning for symbols 3412ff2b7ecSMasahiro Yamada exported from assembly code. 3422ff2b7ecSMasahiro Yamada 343f850c30cSHeiko Carstensconfig HAVE_REGS_AND_STACK_ACCESS_API 344f850c30cSHeiko Carstens bool 345e01292b1SHeiko Carstens help 346a86ecfa6SColin Ian King This symbol should be selected by an architecture if it supports 347e01292b1SHeiko Carstens the API needed to access registers and stack entries from pt_regs, 348e01292b1SHeiko Carstens declared in asm/ptrace.h 349e01292b1SHeiko Carstens For example the kprobes-based event tracer needs this API. 350f850c30cSHeiko Carstens 351d7822b1eSMathieu Desnoyersconfig HAVE_RSEQ 352d7822b1eSMathieu Desnoyers bool 353d7822b1eSMathieu Desnoyers depends on HAVE_REGS_AND_STACK_ACCESS_API 354d7822b1eSMathieu Desnoyers help 355d7822b1eSMathieu Desnoyers This symbol should be selected by an architecture if it 356d7822b1eSMathieu Desnoyers supports an implementation of restartable sequences. 357d7822b1eSMathieu Desnoyers 3583c88ee19SMasami Hiramatsuconfig HAVE_FUNCTION_ARG_ACCESS_API 3593c88ee19SMasami Hiramatsu bool 3603c88ee19SMasami Hiramatsu help 361a86ecfa6SColin Ian King This symbol should be selected by an architecture if it supports 3623c88ee19SMasami Hiramatsu the API needed to access function arguments from pt_regs, 3633c88ee19SMasami Hiramatsu declared in asm/ptrace.h 3643c88ee19SMasami Hiramatsu 36562a038d3SK.Prasadconfig HAVE_HW_BREAKPOINT 36662a038d3SK.Prasad bool 36799e8c5a3SFrederic Weisbecker depends on PERF_EVENTS 36862a038d3SK.Prasad 3690102752eSFrederic Weisbeckerconfig HAVE_MIXED_BREAKPOINTS_REGS 3700102752eSFrederic Weisbecker bool 3710102752eSFrederic Weisbecker depends on HAVE_HW_BREAKPOINT 3720102752eSFrederic Weisbecker help 3730102752eSFrederic Weisbecker Depending on the arch implementation of hardware breakpoints, 3740102752eSFrederic Weisbecker some of them have separate registers for data and instruction 3750102752eSFrederic Weisbecker breakpoints addresses, others have mixed registers to store 3760102752eSFrederic Weisbecker them but define the access type in a control register. 3770102752eSFrederic Weisbecker Select this option if your arch implements breakpoints under the 3780102752eSFrederic Weisbecker latter fashion. 3790102752eSFrederic Weisbecker 3807c68af6eSAvi Kivityconfig HAVE_USER_RETURN_NOTIFIER 3817c68af6eSAvi Kivity bool 382a1922ed6SIngo Molnar 383c01d4323SFrederic Weisbeckerconfig HAVE_PERF_EVENTS_NMI 384c01d4323SFrederic Weisbecker bool 38523637d47SFrederic Weisbecker help 38623637d47SFrederic Weisbecker System hardware can generate an NMI using the perf event 38723637d47SFrederic Weisbecker subsystem. Also has support for calculating CPU cycle events 38823637d47SFrederic Weisbecker to determine how many clock cycles in a given period. 389c01d4323SFrederic Weisbecker 39005a4a952SNicholas Pigginconfig HAVE_HARDLOCKUP_DETECTOR_PERF 39105a4a952SNicholas Piggin bool 39205a4a952SNicholas Piggin depends on HAVE_PERF_EVENTS_NMI 39305a4a952SNicholas Piggin help 39405a4a952SNicholas Piggin The arch chooses to use the generic perf-NMI-based hardlockup 39505a4a952SNicholas Piggin detector. Must define HAVE_PERF_EVENTS_NMI. 39605a4a952SNicholas Piggin 39705a4a952SNicholas Pigginconfig HAVE_NMI_WATCHDOG 39805a4a952SNicholas Piggin depends on HAVE_NMI 39905a4a952SNicholas Piggin bool 40005a4a952SNicholas Piggin help 40105a4a952SNicholas Piggin The arch provides a low level NMI watchdog. It provides 40205a4a952SNicholas Piggin asm/nmi.h, and defines its own arch_touch_nmi_watchdog(). 40305a4a952SNicholas Piggin 40405a4a952SNicholas Pigginconfig HAVE_HARDLOCKUP_DETECTOR_ARCH 40505a4a952SNicholas Piggin bool 40605a4a952SNicholas Piggin select HAVE_NMI_WATCHDOG 40705a4a952SNicholas Piggin help 40805a4a952SNicholas Piggin The arch chooses to provide its own hardlockup detector, which is 40905a4a952SNicholas Piggin a superset of the HAVE_NMI_WATCHDOG. It also conforms to config 41005a4a952SNicholas Piggin interfaces and parameters provided by hardlockup detector subsystem. 41105a4a952SNicholas Piggin 412c5e63197SJiri Olsaconfig HAVE_PERF_REGS 413c5e63197SJiri Olsa bool 414c5e63197SJiri Olsa help 415c5e63197SJiri Olsa Support selective register dumps for perf events. This includes 416c5e63197SJiri Olsa bit-mapping of each registers and a unique architecture id. 417c5e63197SJiri Olsa 418c5ebcedbSJiri Olsaconfig HAVE_PERF_USER_STACK_DUMP 419c5ebcedbSJiri Olsa bool 420c5ebcedbSJiri Olsa help 421c5ebcedbSJiri Olsa Support user stack dumps for perf event samples. This needs 422c5ebcedbSJiri Olsa access to the user stack pointer which is not unified across 423c5ebcedbSJiri Olsa architectures. 424c5ebcedbSJiri Olsa 425bf5438fcSJason Baronconfig HAVE_ARCH_JUMP_LABEL 426bf5438fcSJason Baron bool 427bf5438fcSJason Baron 42850ff18abSArd Biesheuvelconfig HAVE_ARCH_JUMP_LABEL_RELATIVE 42950ff18abSArd Biesheuvel bool 43050ff18abSArd Biesheuvel 4310d6e24d4SPeter Zijlstraconfig MMU_GATHER_TABLE_FREE 4320d6e24d4SPeter Zijlstra bool 4330d6e24d4SPeter Zijlstra 434ff2e6d72SPeter Zijlstraconfig MMU_GATHER_RCU_TABLE_FREE 43526723911SPeter Zijlstra bool 4360d6e24d4SPeter Zijlstra select MMU_GATHER_TABLE_FREE 43726723911SPeter Zijlstra 4383af4bd03SPeter Zijlstraconfig MMU_GATHER_PAGE_SIZE 439ed6a7935SPeter Zijlstra bool 440ed6a7935SPeter Zijlstra 44127796d03SPeter Zijlstraconfig MMU_GATHER_NO_RANGE 44227796d03SPeter Zijlstra bool 4431e9fdf21SPeter Zijlstra select MMU_GATHER_MERGE_VMAS 4441e9fdf21SPeter Zijlstra 4451e9fdf21SPeter Zijlstraconfig MMU_GATHER_NO_FLUSH_CACHE 4461e9fdf21SPeter Zijlstra bool 4471e9fdf21SPeter Zijlstra 4481e9fdf21SPeter Zijlstraconfig MMU_GATHER_MERGE_VMAS 4491e9fdf21SPeter Zijlstra bool 45027796d03SPeter Zijlstra 451580a586cSPeter Zijlstraconfig MMU_GATHER_NO_GATHER 452952a31c9SMartin Schwidefsky bool 4530d6e24d4SPeter Zijlstra depends on MMU_GATHER_TABLE_FREE 454952a31c9SMartin Schwidefsky 455d53c3dfbSNicholas Pigginconfig ARCH_WANT_IRQS_OFF_ACTIVATE_MM 456d53c3dfbSNicholas Piggin bool 457d53c3dfbSNicholas Piggin help 458d53c3dfbSNicholas Piggin Temporary select until all architectures can be converted to have 459d53c3dfbSNicholas Piggin irqs disabled over activate_mm. Architectures that do IPI based TLB 460d53c3dfbSNicholas Piggin shootdowns should enable this. 461d53c3dfbSNicholas Piggin 462df013ffbSHuang Yingconfig ARCH_HAVE_NMI_SAFE_CMPXCHG 463df013ffbSHuang Ying bool 464df013ffbSHuang Ying 46543570fd2SHeiko Carstensconfig HAVE_ALIGNED_STRUCT_PAGE 46643570fd2SHeiko Carstens bool 46743570fd2SHeiko Carstens help 46843570fd2SHeiko Carstens This makes sure that struct pages are double word aligned and that 46943570fd2SHeiko Carstens e.g. the SLUB allocator can perform double word atomic operations 47043570fd2SHeiko Carstens on a struct page for better performance. However selecting this 47143570fd2SHeiko Carstens might increase the size of a struct page by a word. 47243570fd2SHeiko Carstens 4734156153cSHeiko Carstensconfig HAVE_CMPXCHG_LOCAL 4744156153cSHeiko Carstens bool 4754156153cSHeiko Carstens 4762565409fSHeiko Carstensconfig HAVE_CMPXCHG_DOUBLE 4772565409fSHeiko Carstens bool 4782565409fSHeiko Carstens 47977e58496SPaul E. McKenneyconfig ARCH_WEAK_RELEASE_ACQUIRE 48077e58496SPaul E. McKenney bool 48177e58496SPaul E. McKenney 482c1d7e01dSWill Deaconconfig ARCH_WANT_IPC_PARSE_VERSION 483c1d7e01dSWill Deacon bool 484c1d7e01dSWill Deacon 485c1d7e01dSWill Deaconconfig ARCH_WANT_COMPAT_IPC_PARSE_VERSION 486c1d7e01dSWill Deacon bool 487c1d7e01dSWill Deacon 48848b25c43SChris Metcalfconfig ARCH_WANT_OLD_COMPAT_IPC 489c1d7e01dSWill Deacon select ARCH_WANT_COMPAT_IPC_PARSE_VERSION 49048b25c43SChris Metcalf bool 49148b25c43SChris Metcalf 492282a181bSYiFei Zhuconfig HAVE_ARCH_SECCOMP 493e2cfabdfSWill Drewry bool 494e2cfabdfSWill Drewry help 495282a181bSYiFei Zhu An arch should select this symbol to support seccomp mode 1 (the fixed 496282a181bSYiFei Zhu syscall policy), and must provide an overrides for __NR_seccomp_sigreturn, 497282a181bSYiFei Zhu and compat syscalls if the asm-generic/seccomp.h defaults need adjustment: 498282a181bSYiFei Zhu - __NR_seccomp_read_32 499282a181bSYiFei Zhu - __NR_seccomp_write_32 500282a181bSYiFei Zhu - __NR_seccomp_exit_32 501282a181bSYiFei Zhu - __NR_seccomp_sigreturn_32 502282a181bSYiFei Zhu 503282a181bSYiFei Zhuconfig HAVE_ARCH_SECCOMP_FILTER 504282a181bSYiFei Zhu bool 505282a181bSYiFei Zhu select HAVE_ARCH_SECCOMP 506282a181bSYiFei Zhu help 507fb0fadf9SWill Drewry An arch should select this symbol if it provides all of these things: 508282a181bSYiFei Zhu - all the requirements for HAVE_ARCH_SECCOMP 509bb6ea430SWill Drewry - syscall_get_arch() 510bb6ea430SWill Drewry - syscall_get_arguments() 511bb6ea430SWill Drewry - syscall_rollback() 512bb6ea430SWill Drewry - syscall_set_return_value() 513fb0fadf9SWill Drewry - SIGSYS siginfo_t support 514fb0fadf9SWill Drewry - secure_computing is called from a ptrace_event()-safe context 515fb0fadf9SWill Drewry - secure_computing return value is checked and a return value of -1 516fb0fadf9SWill Drewry results in the system call being skipped immediately. 51748dc92b9SKees Cook - seccomp syscall wired up 5180d8315ddSYiFei Zhu - if !HAVE_SPARSE_SYSCALL_NR, have SECCOMP_ARCH_NATIVE, 5190d8315ddSYiFei Zhu SECCOMP_ARCH_NATIVE_NR, SECCOMP_ARCH_NATIVE_NAME defined. If 5200d8315ddSYiFei Zhu COMPAT is supported, have the SECCOMP_ARCH_COMPAT* defines too. 521e2cfabdfSWill Drewry 522282a181bSYiFei Zhuconfig SECCOMP 523282a181bSYiFei Zhu prompt "Enable seccomp to safely execute untrusted bytecode" 524282a181bSYiFei Zhu def_bool y 525282a181bSYiFei Zhu depends on HAVE_ARCH_SECCOMP 526282a181bSYiFei Zhu help 527282a181bSYiFei Zhu This kernel feature is useful for number crunching applications 528282a181bSYiFei Zhu that may need to handle untrusted bytecode during their 529282a181bSYiFei Zhu execution. By using pipes or other transports made available 530282a181bSYiFei Zhu to the process as file descriptors supporting the read/write 531282a181bSYiFei Zhu syscalls, it's possible to isolate those applications in their 532282a181bSYiFei Zhu own address space using seccomp. Once seccomp is enabled via 533282a181bSYiFei Zhu prctl(PR_SET_SECCOMP) or the seccomp() syscall, it cannot be 534282a181bSYiFei Zhu disabled and the task is only allowed to execute a few safe 535282a181bSYiFei Zhu syscalls defined by each seccomp mode. 536282a181bSYiFei Zhu 537282a181bSYiFei Zhu If unsure, say Y. 538282a181bSYiFei Zhu 539e2cfabdfSWill Drewryconfig SECCOMP_FILTER 540e2cfabdfSWill Drewry def_bool y 541e2cfabdfSWill Drewry depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET 542e2cfabdfSWill Drewry help 543e2cfabdfSWill Drewry Enable tasks to build secure computing environments defined 544e2cfabdfSWill Drewry in terms of Berkeley Packet Filter programs which implement 545e2cfabdfSWill Drewry task-defined system call filtering polices. 546e2cfabdfSWill Drewry 5475fb94e9cSMauro Carvalho Chehab See Documentation/userspace-api/seccomp_filter.rst for details. 548e2cfabdfSWill Drewry 5490d8315ddSYiFei Zhuconfig SECCOMP_CACHE_DEBUG 5500d8315ddSYiFei Zhu bool "Show seccomp filter cache status in /proc/pid/seccomp_cache" 5510d8315ddSYiFei Zhu depends on SECCOMP_FILTER && !HAVE_SPARSE_SYSCALL_NR 5520d8315ddSYiFei Zhu depends on PROC_FS 5530d8315ddSYiFei Zhu help 5540d8315ddSYiFei Zhu This enables the /proc/pid/seccomp_cache interface to monitor 5550d8315ddSYiFei Zhu seccomp cache data. The file format is subject to change. Reading 5560d8315ddSYiFei Zhu the file requires CAP_SYS_ADMIN. 5570d8315ddSYiFei Zhu 5580d8315ddSYiFei Zhu This option is for debugging only. Enabling presents the risk that 5590d8315ddSYiFei Zhu an adversary may be able to infer the seccomp filter logic. 5600d8315ddSYiFei Zhu 5610d8315ddSYiFei Zhu If unsure, say N. 5620d8315ddSYiFei Zhu 563afaef01cSAlexander Popovconfig HAVE_ARCH_STACKLEAK 564afaef01cSAlexander Popov bool 565afaef01cSAlexander Popov help 566afaef01cSAlexander Popov An architecture should select this if it has the code which 567afaef01cSAlexander Popov fills the used part of the kernel stack with the STACKLEAK_POISON 568afaef01cSAlexander Popov value before returning from system calls. 569afaef01cSAlexander Popov 570d148eac0SMasahiro Yamadaconfig HAVE_STACKPROTECTOR 57119952a92SKees Cook bool 57219952a92SKees Cook help 57319952a92SKees Cook An arch should select this symbol if: 57419952a92SKees Cook - it has implemented a stack canary (e.g. __stack_chk_guard) 57519952a92SKees Cook 576050e9baaSLinus Torvaldsconfig STACKPROTECTOR 5772a61f474SMasahiro Yamada bool "Stack Protector buffer overflow detection" 578d148eac0SMasahiro Yamada depends on HAVE_STACKPROTECTOR 5792a61f474SMasahiro Yamada depends on $(cc-option,-fstack-protector) 5802a61f474SMasahiro Yamada default y 5818779657dSKees Cook help 5828779657dSKees Cook This option turns on the "stack-protector" GCC feature. This 58319952a92SKees Cook feature puts, at the beginning of functions, a canary value on 58419952a92SKees Cook the stack just before the return address, and validates 58519952a92SKees Cook the value just before actually returning. Stack based buffer 58619952a92SKees Cook overflows (that need to overwrite this return address) now also 58719952a92SKees Cook overwrite the canary, which gets detected and the attack is then 58819952a92SKees Cook neutralized via a kernel panic. 58919952a92SKees Cook 5908779657dSKees Cook Functions will have the stack-protector canary logic added if they 5918779657dSKees Cook have an 8-byte or larger character array on the stack. 5928779657dSKees Cook 59319952a92SKees Cook This feature requires gcc version 4.2 or above, or a distribution 5948779657dSKees Cook gcc with the feature backported ("-fstack-protector"). 5958779657dSKees Cook 5968779657dSKees Cook On an x86 "defconfig" build, this feature adds canary checks to 5978779657dSKees Cook about 3% of all kernel functions, which increases kernel code size 5988779657dSKees Cook by about 0.3%. 5998779657dSKees Cook 600050e9baaSLinus Torvaldsconfig STACKPROTECTOR_STRONG 6012a61f474SMasahiro Yamada bool "Strong Stack Protector" 602050e9baaSLinus Torvalds depends on STACKPROTECTOR 6032a61f474SMasahiro Yamada depends on $(cc-option,-fstack-protector-strong) 6042a61f474SMasahiro Yamada default y 6058779657dSKees Cook help 6068779657dSKees Cook Functions will have the stack-protector canary logic added in any 6078779657dSKees Cook of the following conditions: 6088779657dSKees Cook 6098779657dSKees Cook - local variable's address used as part of the right hand side of an 6108779657dSKees Cook assignment or function argument 6118779657dSKees Cook - local variable is an array (or union containing an array), 6128779657dSKees Cook regardless of array type or length 6138779657dSKees Cook - uses register local variables 6148779657dSKees Cook 6158779657dSKees Cook This feature requires gcc version 4.9 or above, or a distribution 6168779657dSKees Cook gcc with the feature backported ("-fstack-protector-strong"). 6178779657dSKees Cook 6188779657dSKees Cook On an x86 "defconfig" build, this feature adds canary checks to 6198779657dSKees Cook about 20% of all kernel functions, which increases the kernel code 6208779657dSKees Cook size by about 2%. 6218779657dSKees Cook 622d08b9f0cSSami Tolvanenconfig ARCH_SUPPORTS_SHADOW_CALL_STACK 623d08b9f0cSSami Tolvanen bool 624d08b9f0cSSami Tolvanen help 625afcf5441SDan Li An architecture should select this if it supports the compiler's 626afcf5441SDan Li Shadow Call Stack and implements runtime support for shadow stack 627aa7a65aeSWill Deacon switching. 628d08b9f0cSSami Tolvanen 629d08b9f0cSSami Tolvanenconfig SHADOW_CALL_STACK 630afcf5441SDan Li bool "Shadow Call Stack" 631afcf5441SDan Li depends on ARCH_SUPPORTS_SHADOW_CALL_STACK 632ddc9863eSSami Tolvanen depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER 633d08b9f0cSSami Tolvanen help 634afcf5441SDan Li This option enables the compiler's Shadow Call Stack, which 635afcf5441SDan Li uses a shadow stack to protect function return addresses from 636afcf5441SDan Li being overwritten by an attacker. More information can be found 637afcf5441SDan Li in the compiler's documentation: 638d08b9f0cSSami Tolvanen 639afcf5441SDan Li - Clang: https://clang.llvm.org/docs/ShadowCallStack.html 640afcf5441SDan Li - GCC: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options 641d08b9f0cSSami Tolvanen 642d08b9f0cSSami Tolvanen Note that security guarantees in the kernel differ from the 643d08b9f0cSSami Tolvanen ones documented for user space. The kernel must store addresses 644d08b9f0cSSami Tolvanen of shadow stacks in memory, which means an attacker capable of 645d08b9f0cSSami Tolvanen reading and writing arbitrary memory may be able to locate them 646d08b9f0cSSami Tolvanen and hijack control flow by modifying the stacks. 647d08b9f0cSSami Tolvanen 648dc5723b0SSami Tolvanenconfig LTO 649dc5723b0SSami Tolvanen bool 650dc5723b0SSami Tolvanen help 651dc5723b0SSami Tolvanen Selected if the kernel will be built using the compiler's LTO feature. 652dc5723b0SSami Tolvanen 653dc5723b0SSami Tolvanenconfig LTO_CLANG 654dc5723b0SSami Tolvanen bool 655dc5723b0SSami Tolvanen select LTO 656dc5723b0SSami Tolvanen help 657dc5723b0SSami Tolvanen Selected if the kernel will be built using Clang's LTO feature. 658dc5723b0SSami Tolvanen 659dc5723b0SSami Tolvanenconfig ARCH_SUPPORTS_LTO_CLANG 660dc5723b0SSami Tolvanen bool 661dc5723b0SSami Tolvanen help 662dc5723b0SSami Tolvanen An architecture should select this option if it supports: 663dc5723b0SSami Tolvanen - compiling with Clang, 664dc5723b0SSami Tolvanen - compiling inline assembly with Clang's integrated assembler, 665dc5723b0SSami Tolvanen - and linking with LLD. 666dc5723b0SSami Tolvanen 667dc5723b0SSami Tolvanenconfig ARCH_SUPPORTS_LTO_CLANG_THIN 668dc5723b0SSami Tolvanen bool 669dc5723b0SSami Tolvanen help 670dc5723b0SSami Tolvanen An architecture should select this option if it can support Clang's 671dc5723b0SSami Tolvanen ThinLTO mode. 672dc5723b0SSami Tolvanen 673dc5723b0SSami Tolvanenconfig HAS_LTO_CLANG 674dc5723b0SSami Tolvanen def_bool y 6751e68a8afSNathan Chancellor depends on CC_IS_CLANG && LD_IS_LLD && AS_IS_LLVM 676dc5723b0SSami Tolvanen depends on $(success,$(NM) --help | head -n 1 | grep -qi llvm) 677dc5723b0SSami Tolvanen depends on $(success,$(AR) --help | head -n 1 | grep -qi llvm) 678dc5723b0SSami Tolvanen depends on ARCH_SUPPORTS_LTO_CLANG 679dc5723b0SSami Tolvanen depends on !FTRACE_MCOUNT_USE_RECORDMCOUNT 680bf3c2551SSami Tolvanen depends on !KASAN || KASAN_HW_TAGS 681dc5723b0SSami Tolvanen depends on !GCOV_KERNEL 682dc5723b0SSami Tolvanen help 683dc5723b0SSami Tolvanen The compiler and Kconfig options support building with Clang's 684dc5723b0SSami Tolvanen LTO. 685dc5723b0SSami Tolvanen 686dc5723b0SSami Tolvanenchoice 687dc5723b0SSami Tolvanen prompt "Link Time Optimization (LTO)" 688dc5723b0SSami Tolvanen default LTO_NONE 689dc5723b0SSami Tolvanen help 690dc5723b0SSami Tolvanen This option enables Link Time Optimization (LTO), which allows the 691dc5723b0SSami Tolvanen compiler to optimize binaries globally. 692dc5723b0SSami Tolvanen 693dc5723b0SSami Tolvanen If unsure, select LTO_NONE. Note that LTO is very resource-intensive 694dc5723b0SSami Tolvanen so it's disabled by default. 695dc5723b0SSami Tolvanen 696dc5723b0SSami Tolvanenconfig LTO_NONE 697dc5723b0SSami Tolvanen bool "None" 698dc5723b0SSami Tolvanen help 699dc5723b0SSami Tolvanen Build the kernel normally, without Link Time Optimization (LTO). 700dc5723b0SSami Tolvanen 701dc5723b0SSami Tolvanenconfig LTO_CLANG_FULL 702dc5723b0SSami Tolvanen bool "Clang Full LTO (EXPERIMENTAL)" 703dc5723b0SSami Tolvanen depends on HAS_LTO_CLANG 704dc5723b0SSami Tolvanen depends on !COMPILE_TEST 705dc5723b0SSami Tolvanen select LTO_CLANG 706dc5723b0SSami Tolvanen help 707dc5723b0SSami Tolvanen This option enables Clang's full Link Time Optimization (LTO), which 708dc5723b0SSami Tolvanen allows the compiler to optimize the kernel globally. If you enable 709dc5723b0SSami Tolvanen this option, the compiler generates LLVM bitcode instead of ELF 710dc5723b0SSami Tolvanen object files, and the actual compilation from bitcode happens at 711dc5723b0SSami Tolvanen the LTO link step, which may take several minutes depending on the 712dc5723b0SSami Tolvanen kernel configuration. More information can be found from LLVM's 713dc5723b0SSami Tolvanen documentation: 714dc5723b0SSami Tolvanen 715dc5723b0SSami Tolvanen https://llvm.org/docs/LinkTimeOptimization.html 716dc5723b0SSami Tolvanen 717dc5723b0SSami Tolvanen During link time, this option can use a large amount of RAM, and 718dc5723b0SSami Tolvanen may take much longer than the ThinLTO option. 719dc5723b0SSami Tolvanen 720dc5723b0SSami Tolvanenconfig LTO_CLANG_THIN 721dc5723b0SSami Tolvanen bool "Clang ThinLTO (EXPERIMENTAL)" 722dc5723b0SSami Tolvanen depends on HAS_LTO_CLANG && ARCH_SUPPORTS_LTO_CLANG_THIN 723dc5723b0SSami Tolvanen select LTO_CLANG 724dc5723b0SSami Tolvanen help 725dc5723b0SSami Tolvanen This option enables Clang's ThinLTO, which allows for parallel 726dc5723b0SSami Tolvanen optimization and faster incremental compiles compared to the 727dc5723b0SSami Tolvanen CONFIG_LTO_CLANG_FULL option. More information can be found 728dc5723b0SSami Tolvanen from Clang's documentation: 729dc5723b0SSami Tolvanen 730dc5723b0SSami Tolvanen https://clang.llvm.org/docs/ThinLTO.html 731dc5723b0SSami Tolvanen 732dc5723b0SSami Tolvanen If unsure, say Y. 733dc5723b0SSami Tolvanenendchoice 734dc5723b0SSami Tolvanen 735cf68fffbSSami Tolvanenconfig ARCH_SUPPORTS_CFI_CLANG 736cf68fffbSSami Tolvanen bool 737cf68fffbSSami Tolvanen help 738cf68fffbSSami Tolvanen An architecture should select this option if it can support Clang's 739cf68fffbSSami Tolvanen Control-Flow Integrity (CFI) checking. 740cf68fffbSSami Tolvanen 741cf68fffbSSami Tolvanenconfig CFI_CLANG 742cf68fffbSSami Tolvanen bool "Use Clang's Control Flow Integrity (CFI)" 743cf68fffbSSami Tolvanen depends on LTO_CLANG && ARCH_SUPPORTS_CFI_CLANG 744e6f3b3c9SSami Tolvanen depends on CLANG_VERSION >= 140000 745cf68fffbSSami Tolvanen select KALLSYMS 746cf68fffbSSami Tolvanen help 747cf68fffbSSami Tolvanen This option enables Clang’s forward-edge Control Flow Integrity 748cf68fffbSSami Tolvanen (CFI) checking, where the compiler injects a runtime check to each 749cf68fffbSSami Tolvanen indirect function call to ensure the target is a valid function with 750cf68fffbSSami Tolvanen the correct static type. This restricts possible call targets and 751cf68fffbSSami Tolvanen makes it more difficult for an attacker to exploit bugs that allow 752cf68fffbSSami Tolvanen the modification of stored function pointers. More information can be 753cf68fffbSSami Tolvanen found from Clang's documentation: 754cf68fffbSSami Tolvanen 755cf68fffbSSami Tolvanen https://clang.llvm.org/docs/ControlFlowIntegrity.html 756cf68fffbSSami Tolvanen 757cf68fffbSSami Tolvanenconfig CFI_CLANG_SHADOW 758cf68fffbSSami Tolvanen bool "Use CFI shadow to speed up cross-module checks" 759cf68fffbSSami Tolvanen default y 760cf68fffbSSami Tolvanen depends on CFI_CLANG && MODULES 761cf68fffbSSami Tolvanen help 762cf68fffbSSami Tolvanen If you select this option, the kernel builds a fast look-up table of 763cf68fffbSSami Tolvanen CFI check functions in loaded modules to reduce performance overhead. 764cf68fffbSSami Tolvanen 765cf68fffbSSami Tolvanen If unsure, say Y. 766cf68fffbSSami Tolvanen 767cf68fffbSSami Tolvanenconfig CFI_PERMISSIVE 768cf68fffbSSami Tolvanen bool "Use CFI in permissive mode" 769cf68fffbSSami Tolvanen depends on CFI_CLANG 770cf68fffbSSami Tolvanen help 771cf68fffbSSami Tolvanen When selected, Control Flow Integrity (CFI) violations result in a 772cf68fffbSSami Tolvanen warning instead of a kernel panic. This option should only be used 773cf68fffbSSami Tolvanen for finding indirect call type mismatches during development. 774cf68fffbSSami Tolvanen 775cf68fffbSSami Tolvanen If unsure, say N. 776cf68fffbSSami Tolvanen 7770f60a8efSKees Cookconfig HAVE_ARCH_WITHIN_STACK_FRAMES 7780f60a8efSKees Cook bool 7790f60a8efSKees Cook help 7800f60a8efSKees Cook An architecture should select this if it can walk the kernel stack 7810f60a8efSKees Cook frames to determine if an object is part of either the arguments 7820f60a8efSKees Cook or local variables (i.e. that it excludes saved return addresses, 7830f60a8efSKees Cook and similar) by implementing an inline arch_within_stack_frames(), 7840f60a8efSKees Cook which is used by CONFIG_HARDENED_USERCOPY. 7850f60a8efSKees Cook 78624a9c541SFrederic Weisbeckerconfig HAVE_CONTEXT_TRACKING_USER 7872b1d5024SFrederic Weisbecker bool 7882b1d5024SFrederic Weisbecker help 78991d1aa43SFrederic Weisbecker Provide kernel/user boundaries probes necessary for subsystems 79091d1aa43SFrederic Weisbecker that need it, such as userspace RCU extended quiescent state. 791490f561bSFrederic Weisbecker Syscalls need to be wrapped inside user_exit()-user_enter(), either 792490f561bSFrederic Weisbecker optimized behind static key or through the slow path using TIF_NOHZ 793490f561bSFrederic Weisbecker flag. Exceptions handlers must be wrapped as well. Irqs are already 7946f0e6c15SFrederic Weisbecker protected inside ct_irq_enter/ct_irq_exit() but preemption or signal 795490f561bSFrederic Weisbecker handling on irq exit still need to be protected. 796490f561bSFrederic Weisbecker 79724a9c541SFrederic Weisbeckerconfig HAVE_CONTEXT_TRACKING_USER_OFFSTACK 79883c2da2eSFrederic Weisbecker bool 79983c2da2eSFrederic Weisbecker help 80083c2da2eSFrederic Weisbecker Architecture neither relies on exception_enter()/exception_exit() 80183c2da2eSFrederic Weisbecker nor on schedule_user(). Also preempt_schedule_notrace() and 80283c2da2eSFrederic Weisbecker preempt_schedule_irq() can't be called in a preemptible section 80383c2da2eSFrederic Weisbecker while context tracking is CONTEXT_USER. This feature reflects a sane 80483c2da2eSFrederic Weisbecker entry implementation where the following requirements are met on 80583c2da2eSFrederic Weisbecker critical entry code, ie: before user_exit() or after user_enter(): 80683c2da2eSFrederic Weisbecker 80783c2da2eSFrederic Weisbecker - Critical entry code isn't preemptible (or better yet: 80883c2da2eSFrederic Weisbecker not interruptible). 809493c1822SFrederic Weisbecker - No use of RCU read side critical sections, unless ct_nmi_enter() 81083c2da2eSFrederic Weisbecker got called. 81183c2da2eSFrederic Weisbecker - No use of instrumentation, unless instrumentation_begin() got 81283c2da2eSFrederic Weisbecker called. 81383c2da2eSFrederic Weisbecker 814490f561bSFrederic Weisbeckerconfig HAVE_TIF_NOHZ 815490f561bSFrederic Weisbecker bool 816490f561bSFrederic Weisbecker help 817490f561bSFrederic Weisbecker Arch relies on TIF_NOHZ and syscall slow path to implement context 818490f561bSFrederic Weisbecker tracking calls to user_enter()/user_exit(). 8192b1d5024SFrederic Weisbecker 820b952741cSFrederic Weisbeckerconfig HAVE_VIRT_CPU_ACCOUNTING 821b952741cSFrederic Weisbecker bool 822b952741cSFrederic Weisbecker 8232b91ec9fSFrederic Weisbeckerconfig HAVE_VIRT_CPU_ACCOUNTING_IDLE 8242b91ec9fSFrederic Weisbecker bool 8252b91ec9fSFrederic Weisbecker help 8262b91ec9fSFrederic Weisbecker Architecture has its own way to account idle CPU time and therefore 8272b91ec9fSFrederic Weisbecker doesn't implement vtime_account_idle(). 8282b91ec9fSFrederic Weisbecker 82940565b5aSStanislaw Gruszkaconfig ARCH_HAS_SCALED_CPUTIME 83040565b5aSStanislaw Gruszka bool 83140565b5aSStanislaw Gruszka 832554b0004SKevin Hilmanconfig HAVE_VIRT_CPU_ACCOUNTING_GEN 833554b0004SKevin Hilman bool 834554b0004SKevin Hilman default y if 64BIT 835554b0004SKevin Hilman help 836554b0004SKevin Hilman With VIRT_CPU_ACCOUNTING_GEN, cputime_t becomes 64-bit. 837554b0004SKevin Hilman Before enabling this option, arch code must be audited 838554b0004SKevin Hilman to ensure there are no races in concurrent read/write of 839554b0004SKevin Hilman cputime_t. For example, reading/writing 64-bit cputime_t on 840554b0004SKevin Hilman some 32-bit arches may require multiple accesses, so proper 841554b0004SKevin Hilman locking is needed to protect against concurrent accesses. 842554b0004SKevin Hilman 843fdf9c356SFrederic Weisbeckerconfig HAVE_IRQ_TIME_ACCOUNTING 844fdf9c356SFrederic Weisbecker bool 845fdf9c356SFrederic Weisbecker help 846fdf9c356SFrederic Weisbecker Archs need to ensure they use a high enough resolution clock to 847fdf9c356SFrederic Weisbecker support irq time accounting and then call enable_sched_clock_irqtime(). 848fdf9c356SFrederic Weisbecker 849c49dd340SKalesh Singhconfig HAVE_MOVE_PUD 850c49dd340SKalesh Singh bool 851c49dd340SKalesh Singh help 852c49dd340SKalesh Singh Architectures that select this are able to move page tables at the 853c49dd340SKalesh Singh PUD level. If there are only 3 page table levels, the move effectively 854c49dd340SKalesh Singh happens at the PGD level. 855c49dd340SKalesh Singh 8562c91bd4aSJoel Fernandes (Google)config HAVE_MOVE_PMD 8572c91bd4aSJoel Fernandes (Google) bool 8582c91bd4aSJoel Fernandes (Google) help 8592c91bd4aSJoel Fernandes (Google) Archs that select this are able to move page tables at the PMD level. 8602c91bd4aSJoel Fernandes (Google) 86115626062SGerald Schaeferconfig HAVE_ARCH_TRANSPARENT_HUGEPAGE 86215626062SGerald Schaefer bool 86315626062SGerald Schaefer 864a00cc7d9SMatthew Wilcoxconfig HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD 865a00cc7d9SMatthew Wilcox bool 866a00cc7d9SMatthew Wilcox 8670ddab1d2SToshi Kaniconfig HAVE_ARCH_HUGE_VMAP 8680ddab1d2SToshi Kani bool 8690ddab1d2SToshi Kani 870121e6f32SNicholas Piggin# 871121e6f32SNicholas Piggin# Archs that select this would be capable of PMD-sized vmaps (i.e., 872559089e0SSong Liu# arch_vmap_pmd_supported() returns true). The VM_ALLOW_HUGE_VMAP flag 873559089e0SSong Liu# must be used to enable allocations to use hugepages. 874121e6f32SNicholas Piggin# 875121e6f32SNicholas Pigginconfig HAVE_ARCH_HUGE_VMALLOC 876121e6f32SNicholas Piggin depends on HAVE_ARCH_HUGE_VMAP 877121e6f32SNicholas Piggin bool 878121e6f32SNicholas Piggin 8793876d4a3SAlexandre Ghiticonfig ARCH_WANT_HUGE_PMD_SHARE 8803876d4a3SAlexandre Ghiti bool 8813876d4a3SAlexandre Ghiti 8820f8975ecSPavel Emelyanovconfig HAVE_ARCH_SOFT_DIRTY 8830f8975ecSPavel Emelyanov bool 8840f8975ecSPavel Emelyanov 885786d35d4SDavid Howellsconfig HAVE_MOD_ARCH_SPECIFIC 886786d35d4SDavid Howells bool 887786d35d4SDavid Howells help 888786d35d4SDavid Howells The arch uses struct mod_arch_specific to store data. Many arches 889786d35d4SDavid Howells just need a simple module loader without arch specific data - those 890786d35d4SDavid Howells should not enable this. 891786d35d4SDavid Howells 892786d35d4SDavid Howellsconfig MODULES_USE_ELF_RELA 893786d35d4SDavid Howells bool 894786d35d4SDavid Howells help 895786d35d4SDavid Howells Modules only use ELF RELA relocations. Modules with ELF REL 896786d35d4SDavid Howells relocations will give an error. 897786d35d4SDavid Howells 898786d35d4SDavid Howellsconfig MODULES_USE_ELF_REL 899786d35d4SDavid Howells bool 900786d35d4SDavid Howells help 901786d35d4SDavid Howells Modules only use ELF REL relocations. Modules with ELF RELA 902786d35d4SDavid Howells relocations will give an error. 903786d35d4SDavid Howells 90401dc0386SChristophe Leroyconfig ARCH_WANTS_MODULES_DATA_IN_VMALLOC 90501dc0386SChristophe Leroy bool 90601dc0386SChristophe Leroy help 90701dc0386SChristophe Leroy For architectures like powerpc/32 which have constraints on module 90801dc0386SChristophe Leroy allocation and need to allocate module data outside of module area. 90901dc0386SChristophe Leroy 910cc1f0274SFrederic Weisbeckerconfig HAVE_IRQ_EXIT_ON_IRQ_STACK 911cc1f0274SFrederic Weisbecker bool 912cc1f0274SFrederic Weisbecker help 913cc1f0274SFrederic Weisbecker Architecture doesn't only execute the irq handler on the irq stack 914cc1f0274SFrederic Weisbecker but also irq_exit(). This way we can process softirqs on this irq 915cc1f0274SFrederic Weisbecker stack instead of switching to a new one when we call __do_softirq() 916cc1f0274SFrederic Weisbecker in the end of an hardirq. 917cc1f0274SFrederic Weisbecker This spares a stack switch and improves cache usage on softirq 918cc1f0274SFrederic Weisbecker processing. 919cc1f0274SFrederic Weisbecker 920cd1a41ceSThomas Gleixnerconfig HAVE_SOFTIRQ_ON_OWN_STACK 921cd1a41ceSThomas Gleixner bool 922cd1a41ceSThomas Gleixner help 923cd1a41ceSThomas Gleixner Architecture provides a function to run __do_softirq() on a 924c226bc3cSColin Ian King separate stack. 925cd1a41ceSThomas Gleixner 926*8cbb2b50SSebastian Andrzej Siewiorconfig SOFTIRQ_ON_OWN_STACK 927*8cbb2b50SSebastian Andrzej Siewior def_bool HAVE_SOFTIRQ_ON_OWN_STACK && !PREEMPT_RT 928*8cbb2b50SSebastian Andrzej Siewior 92912700c17SArnd Bergmannconfig ALTERNATE_USER_ADDRESS_SPACE 93012700c17SArnd Bergmann bool 93112700c17SArnd Bergmann help 93212700c17SArnd Bergmann Architectures set this when the CPU uses separate address 93312700c17SArnd Bergmann spaces for kernel and user space pointers. In this case, the 93412700c17SArnd Bergmann access_ok() check on a __user pointer is skipped. 93512700c17SArnd Bergmann 936235a8f02SKirill A. Shutemovconfig PGTABLE_LEVELS 937235a8f02SKirill A. Shutemov int 938235a8f02SKirill A. Shutemov default 2 939235a8f02SKirill A. Shutemov 9402b68f6caSKees Cookconfig ARCH_HAS_ELF_RANDOMIZE 9412b68f6caSKees Cook bool 9422b68f6caSKees Cook help 9432b68f6caSKees Cook An architecture supports choosing randomized locations for 9442b68f6caSKees Cook stack, mmap, brk, and ET_DYN. Defined functions: 9452b68f6caSKees Cook - arch_mmap_rnd() 946204db6edSKees Cook - arch_randomize_brk() 9472b68f6caSKees Cook 948d07e2259SDaniel Cashmanconfig HAVE_ARCH_MMAP_RND_BITS 949d07e2259SDaniel Cashman bool 950d07e2259SDaniel Cashman help 951d07e2259SDaniel Cashman An arch should select this symbol if it supports setting a variable 952d07e2259SDaniel Cashman number of bits for use in establishing the base address for mmap 953d07e2259SDaniel Cashman allocations, has MMU enabled and provides values for both: 954d07e2259SDaniel Cashman - ARCH_MMAP_RND_BITS_MIN 955d07e2259SDaniel Cashman - ARCH_MMAP_RND_BITS_MAX 956d07e2259SDaniel Cashman 9575f56a5dfSJiri Slabyconfig HAVE_EXIT_THREAD 9585f56a5dfSJiri Slaby bool 9595f56a5dfSJiri Slaby help 9605f56a5dfSJiri Slaby An architecture implements exit_thread. 9615f56a5dfSJiri Slaby 962d07e2259SDaniel Cashmanconfig ARCH_MMAP_RND_BITS_MIN 963d07e2259SDaniel Cashman int 964d07e2259SDaniel Cashman 965d07e2259SDaniel Cashmanconfig ARCH_MMAP_RND_BITS_MAX 966d07e2259SDaniel Cashman int 967d07e2259SDaniel Cashman 968d07e2259SDaniel Cashmanconfig ARCH_MMAP_RND_BITS_DEFAULT 969d07e2259SDaniel Cashman int 970d07e2259SDaniel Cashman 971d07e2259SDaniel Cashmanconfig ARCH_MMAP_RND_BITS 972d07e2259SDaniel Cashman int "Number of bits to use for ASLR of mmap base address" if EXPERT 973d07e2259SDaniel Cashman range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX 974d07e2259SDaniel Cashman default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT 975d07e2259SDaniel Cashman default ARCH_MMAP_RND_BITS_MIN 976d07e2259SDaniel Cashman depends on HAVE_ARCH_MMAP_RND_BITS 977d07e2259SDaniel Cashman help 978d07e2259SDaniel Cashman This value can be used to select the number of bits to use to 979d07e2259SDaniel Cashman determine the random offset to the base address of vma regions 980d07e2259SDaniel Cashman resulting from mmap allocations. This value will be bounded 981d07e2259SDaniel Cashman by the architecture's minimum and maximum supported values. 982d07e2259SDaniel Cashman 983d07e2259SDaniel Cashman This value can be changed after boot using the 984d07e2259SDaniel Cashman /proc/sys/vm/mmap_rnd_bits tunable 985d07e2259SDaniel Cashman 986d07e2259SDaniel Cashmanconfig HAVE_ARCH_MMAP_RND_COMPAT_BITS 987d07e2259SDaniel Cashman bool 988d07e2259SDaniel Cashman help 989d07e2259SDaniel Cashman An arch should select this symbol if it supports running applications 990d07e2259SDaniel Cashman in compatibility mode, supports setting a variable number of bits for 991d07e2259SDaniel Cashman use in establishing the base address for mmap allocations, has MMU 992d07e2259SDaniel Cashman enabled and provides values for both: 993d07e2259SDaniel Cashman - ARCH_MMAP_RND_COMPAT_BITS_MIN 994d07e2259SDaniel Cashman - ARCH_MMAP_RND_COMPAT_BITS_MAX 995d07e2259SDaniel Cashman 996d07e2259SDaniel Cashmanconfig ARCH_MMAP_RND_COMPAT_BITS_MIN 997d07e2259SDaniel Cashman int 998d07e2259SDaniel Cashman 999d07e2259SDaniel Cashmanconfig ARCH_MMAP_RND_COMPAT_BITS_MAX 1000d07e2259SDaniel Cashman int 1001d07e2259SDaniel Cashman 1002d07e2259SDaniel Cashmanconfig ARCH_MMAP_RND_COMPAT_BITS_DEFAULT 1003d07e2259SDaniel Cashman int 1004d07e2259SDaniel Cashman 1005d07e2259SDaniel Cashmanconfig ARCH_MMAP_RND_COMPAT_BITS 1006d07e2259SDaniel Cashman int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT 1007d07e2259SDaniel Cashman range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX 1008d07e2259SDaniel Cashman default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT 1009d07e2259SDaniel Cashman default ARCH_MMAP_RND_COMPAT_BITS_MIN 1010d07e2259SDaniel Cashman depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS 1011d07e2259SDaniel Cashman help 1012d07e2259SDaniel Cashman This value can be used to select the number of bits to use to 1013d07e2259SDaniel Cashman determine the random offset to the base address of vma regions 1014d07e2259SDaniel Cashman resulting from mmap allocations for compatible applications This 1015d07e2259SDaniel Cashman value will be bounded by the architecture's minimum and maximum 1016d07e2259SDaniel Cashman supported values. 1017d07e2259SDaniel Cashman 1018d07e2259SDaniel Cashman This value can be changed after boot using the 1019d07e2259SDaniel Cashman /proc/sys/vm/mmap_rnd_compat_bits tunable 1020d07e2259SDaniel Cashman 10211b028f78SDmitry Safonovconfig HAVE_ARCH_COMPAT_MMAP_BASES 10221b028f78SDmitry Safonov bool 10231b028f78SDmitry Safonov help 10241b028f78SDmitry Safonov This allows 64bit applications to invoke 32-bit mmap() syscall 10251b028f78SDmitry Safonov and vice-versa 32-bit applications to call 64-bit mmap(). 10261b028f78SDmitry Safonov Required for applications doing different bitness syscalls. 10271b028f78SDmitry Safonov 10281f0e290cSGuenter Roeckconfig PAGE_SIZE_LESS_THAN_64KB 10291f0e290cSGuenter Roeck def_bool y 10301f0e290cSGuenter Roeck depends on !ARM64_64K_PAGES 10311f0e290cSGuenter Roeck depends on !IA64_PAGE_SIZE_64KB 10321f0e290cSGuenter Roeck depends on !PAGE_SIZE_64KB 10331f0e290cSGuenter Roeck depends on !PARISC_PAGE_SIZE_64KB 1034e4bbd20dSNathan Chancellor depends on PAGE_SIZE_LESS_THAN_256KB 1035e4bbd20dSNathan Chancellor 1036e4bbd20dSNathan Chancellorconfig PAGE_SIZE_LESS_THAN_256KB 1037e4bbd20dSNathan Chancellor def_bool y 10381f0e290cSGuenter Roeck depends on !PAGE_SIZE_256KB 10391f0e290cSGuenter Roeck 104067f3977fSAlexandre Ghiti# This allows to use a set of generic functions to determine mmap base 104167f3977fSAlexandre Ghiti# address by giving priority to top-down scheme only if the process 104267f3977fSAlexandre Ghiti# is not in legacy mode (compat task, unlimited stack size or 104367f3977fSAlexandre Ghiti# sysctl_legacy_va_layout). 104467f3977fSAlexandre Ghiti# Architecture that selects this option can provide its own version of: 104567f3977fSAlexandre Ghiti# - STACK_RND_MASK 104667f3977fSAlexandre Ghiticonfig ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT 104767f3977fSAlexandre Ghiti bool 104867f3977fSAlexandre Ghiti depends on MMU 1049e7142bf5SAlexandre Ghiti select ARCH_HAS_ELF_RANDOMIZE 105067f3977fSAlexandre Ghiti 105103f16cd0SJosh Poimboeufconfig HAVE_OBJTOOL 105203f16cd0SJosh Poimboeuf bool 105303f16cd0SJosh Poimboeuf 10544ab7674fSJosh Poimboeufconfig HAVE_JUMP_LABEL_HACK 10554ab7674fSJosh Poimboeuf bool 10564ab7674fSJosh Poimboeuf 105722102f45SJosh Poimboeufconfig HAVE_NOINSTR_HACK 105822102f45SJosh Poimboeuf bool 105922102f45SJosh Poimboeuf 1060489e355bSJosh Poimboeufconfig HAVE_NOINSTR_VALIDATION 1061489e355bSJosh Poimboeuf bool 1062489e355bSJosh Poimboeuf 10635f3da8c0SJosh Poimboeufconfig HAVE_UACCESS_VALIDATION 10645f3da8c0SJosh Poimboeuf bool 10655f3da8c0SJosh Poimboeuf select OBJTOOL 10665f3da8c0SJosh Poimboeuf 1067b9ab5ebbSJosh Poimboeufconfig HAVE_STACK_VALIDATION 1068b9ab5ebbSJosh Poimboeuf bool 1069b9ab5ebbSJosh Poimboeuf help 107003f16cd0SJosh Poimboeuf Architecture supports objtool compile-time frame pointer rule 107103f16cd0SJosh Poimboeuf validation. 1072b9ab5ebbSJosh Poimboeuf 1073af085d90SJosh Poimboeufconfig HAVE_RELIABLE_STACKTRACE 1074af085d90SJosh Poimboeuf bool 1075af085d90SJosh Poimboeuf help 1076140d7e88SMiroslav Benes Architecture has either save_stack_trace_tsk_reliable() or 1077140d7e88SMiroslav Benes arch_stack_walk_reliable() function which only returns a stack trace 1078140d7e88SMiroslav Benes if it can guarantee the trace is reliable. 1079af085d90SJosh Poimboeuf 1080468a9428SGeorge Spelvinconfig HAVE_ARCH_HASH 1081468a9428SGeorge Spelvin bool 1082468a9428SGeorge Spelvin default n 1083468a9428SGeorge Spelvin help 1084468a9428SGeorge Spelvin If this is set, the architecture provides an <asm/hash.h> 1085468a9428SGeorge Spelvin file which provides platform-specific implementations of some 1086468a9428SGeorge Spelvin functions in <linux/hash.h> or fs/namei.c. 1087468a9428SGeorge Spelvin 1088666047feSFinn Thainconfig HAVE_ARCH_NVRAM_OPS 1089666047feSFinn Thain bool 1090666047feSFinn Thain 10913a495511SWilliam Breathitt Grayconfig ISA_BUS_API 10923a495511SWilliam Breathitt Gray def_bool ISA 10933a495511SWilliam Breathitt Gray 1094d2125043SAl Viro# 1095d2125043SAl Viro# ABI hall of shame 1096d2125043SAl Viro# 1097d2125043SAl Viroconfig CLONE_BACKWARDS 1098d2125043SAl Viro bool 1099d2125043SAl Viro help 1100d2125043SAl Viro Architecture has tls passed as the 4th argument of clone(2), 1101d2125043SAl Viro not the 5th one. 1102d2125043SAl Viro 1103d2125043SAl Viroconfig CLONE_BACKWARDS2 1104d2125043SAl Viro bool 1105d2125043SAl Viro help 1106d2125043SAl Viro Architecture has the first two arguments of clone(2) swapped. 1107d2125043SAl Viro 1108dfa9771aSMichal Simekconfig CLONE_BACKWARDS3 1109dfa9771aSMichal Simek bool 1110dfa9771aSMichal Simek help 1111dfa9771aSMichal Simek Architecture has tls passed as the 3rd argument of clone(2), 1112dfa9771aSMichal Simek not the 5th one. 1113dfa9771aSMichal Simek 1114eaca6eaeSAl Viroconfig ODD_RT_SIGACTION 1115eaca6eaeSAl Viro bool 1116eaca6eaeSAl Viro help 1117eaca6eaeSAl Viro Architecture has unusual rt_sigaction(2) arguments 1118eaca6eaeSAl Viro 11190a0e8cdfSAl Viroconfig OLD_SIGSUSPEND 11200a0e8cdfSAl Viro bool 11210a0e8cdfSAl Viro help 11220a0e8cdfSAl Viro Architecture has old sigsuspend(2) syscall, of one-argument variety 11230a0e8cdfSAl Viro 11240a0e8cdfSAl Viroconfig OLD_SIGSUSPEND3 11250a0e8cdfSAl Viro bool 11260a0e8cdfSAl Viro help 11270a0e8cdfSAl Viro Even weirder antique ABI - three-argument sigsuspend(2) 11280a0e8cdfSAl Viro 1129495dfbf7SAl Viroconfig OLD_SIGACTION 1130495dfbf7SAl Viro bool 1131495dfbf7SAl Viro help 1132495dfbf7SAl Viro Architecture has old sigaction(2) syscall. Nope, not the same 1133495dfbf7SAl Viro as OLD_SIGSUSPEND | OLD_SIGSUSPEND3 - alpha has sigsuspend(2), 1134495dfbf7SAl Viro but fairly different variant of sigaction(2), thanks to OSF/1 1135495dfbf7SAl Viro compatibility... 1136495dfbf7SAl Viro 1137495dfbf7SAl Viroconfig COMPAT_OLD_SIGACTION 1138495dfbf7SAl Viro bool 1139495dfbf7SAl Viro 114017435e5fSDeepa Dinamaniconfig COMPAT_32BIT_TIME 1141942437c9SArnd Bergmann bool "Provide system calls for 32-bit time_t" 1142942437c9SArnd Bergmann default !64BIT || COMPAT 114317435e5fSDeepa Dinamani help 114417435e5fSDeepa Dinamani This enables 32 bit time_t support in addition to 64 bit time_t support. 114517435e5fSDeepa Dinamani This is relevant on all 32-bit architectures, and 64-bit architectures 114617435e5fSDeepa Dinamani as part of compat syscall handling. 114717435e5fSDeepa Dinamani 114887a4c375SChristoph Hellwigconfig ARCH_NO_PREEMPT 114987a4c375SChristoph Hellwig bool 115087a4c375SChristoph Hellwig 1151cb2c7d1aSMickaël Salaünconfig ARCH_EPHEMERAL_INODES 1152cb2c7d1aSMickaël Salaün def_bool n 1153cb2c7d1aSMickaël Salaün help 1154cb2c7d1aSMickaël Salaün An arch should select this symbol if it doesn't keep track of inode 1155cb2c7d1aSMickaël Salaün instances on its own, but instead relies on something else (e.g. the 1156cb2c7d1aSMickaël Salaün host kernel for an UML kernel). 1157cb2c7d1aSMickaël Salaün 1158a50a3f4bSThomas Gleixnerconfig ARCH_SUPPORTS_RT 1159a50a3f4bSThomas Gleixner bool 1160a50a3f4bSThomas Gleixner 1161fff7fb0bSZhaoxiu Zengconfig CPU_NO_EFFICIENT_FFS 1162fff7fb0bSZhaoxiu Zeng def_bool n 1163fff7fb0bSZhaoxiu Zeng 1164ba14a194SAndy Lutomirskiconfig HAVE_ARCH_VMAP_STACK 1165ba14a194SAndy Lutomirski def_bool n 1166ba14a194SAndy Lutomirski help 1167ba14a194SAndy Lutomirski An arch should select this symbol if it can support kernel stacks 1168ba14a194SAndy Lutomirski in vmalloc space. This means: 1169ba14a194SAndy Lutomirski 1170ba14a194SAndy Lutomirski - vmalloc space must be large enough to hold many kernel stacks. 1171ba14a194SAndy Lutomirski This may rule out many 32-bit architectures. 1172ba14a194SAndy Lutomirski 1173ba14a194SAndy Lutomirski - Stacks in vmalloc space need to work reliably. For example, if 1174ba14a194SAndy Lutomirski vmap page tables are created on demand, either this mechanism 1175ba14a194SAndy Lutomirski needs to work while the stack points to a virtual address with 1176ba14a194SAndy Lutomirski unpopulated page tables or arch code (switch_to() and switch_mm(), 1177ba14a194SAndy Lutomirski most likely) needs to ensure that the stack's page table entries 1178ba14a194SAndy Lutomirski are populated before running on a possibly unpopulated stack. 1179ba14a194SAndy Lutomirski 1180ba14a194SAndy Lutomirski - If the stack overflows into a guard page, something reasonable 1181ba14a194SAndy Lutomirski should happen. The definition of "reasonable" is flexible, but 1182ba14a194SAndy Lutomirski instantly rebooting without logging anything would be unfriendly. 1183ba14a194SAndy Lutomirski 1184ba14a194SAndy Lutomirskiconfig VMAP_STACK 1185ba14a194SAndy Lutomirski default y 1186ba14a194SAndy Lutomirski bool "Use a virtually-mapped stack" 1187eafb149eSDaniel Axtens depends on HAVE_ARCH_VMAP_STACK 118838dd767dSAndrey Konovalov depends on !KASAN || KASAN_HW_TAGS || KASAN_VMALLOC 1189a7f7f624SMasahiro Yamada help 1190ba14a194SAndy Lutomirski Enable this if you want the use virtually-mapped kernel stacks 1191ba14a194SAndy Lutomirski with guard pages. This causes kernel stack overflows to be 1192ba14a194SAndy Lutomirski caught immediately rather than causing difficult-to-diagnose 1193ba14a194SAndy Lutomirski corruption. 1194ba14a194SAndy Lutomirski 119538dd767dSAndrey Konovalov To use this with software KASAN modes, the architecture must support 119638dd767dSAndrey Konovalov backing virtual mappings with real shadow memory, and KASAN_VMALLOC 119738dd767dSAndrey Konovalov must be enabled. 1198ba14a194SAndy Lutomirski 119939218ff4SKees Cookconfig HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET 120039218ff4SKees Cook def_bool n 120139218ff4SKees Cook help 120239218ff4SKees Cook An arch should select this symbol if it can support kernel stack 120339218ff4SKees Cook offset randomization with calls to add_random_kstack_offset() 120439218ff4SKees Cook during syscall entry and choose_random_kstack_offset() during 120539218ff4SKees Cook syscall exit. Careful removal of -fstack-protector-strong and 120639218ff4SKees Cook -fstack-protector should also be applied to the entry code and 120739218ff4SKees Cook closely examined, as the artificial stack bump looks like an array 120839218ff4SKees Cook to the compiler, so it will attempt to add canary checks regardless 120939218ff4SKees Cook of the static branch state. 121039218ff4SKees Cook 12118cb37a59SMarco Elverconfig RANDOMIZE_KSTACK_OFFSET 12128cb37a59SMarco Elver bool "Support for randomizing kernel stack offset on syscall entry" if EXPERT 12138cb37a59SMarco Elver default y 121439218ff4SKees Cook depends on HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET 1215efa90c11SMarco Elver depends on INIT_STACK_NONE || !CC_IS_CLANG || CLANG_VERSION >= 140000 121639218ff4SKees Cook help 121739218ff4SKees Cook The kernel stack offset can be randomized (after pt_regs) by 121839218ff4SKees Cook roughly 5 bits of entropy, frustrating memory corruption 121939218ff4SKees Cook attacks that depend on stack address determinism or 12208cb37a59SMarco Elver cross-syscall address exposures. 12218cb37a59SMarco Elver 12228cb37a59SMarco Elver The feature is controlled via the "randomize_kstack_offset=on/off" 12238cb37a59SMarco Elver kernel boot param, and if turned off has zero overhead due to its use 12248cb37a59SMarco Elver of static branches (see JUMP_LABEL). 12258cb37a59SMarco Elver 12268cb37a59SMarco Elver If unsure, say Y. 12278cb37a59SMarco Elver 12288cb37a59SMarco Elverconfig RANDOMIZE_KSTACK_OFFSET_DEFAULT 12298cb37a59SMarco Elver bool "Default state of kernel stack offset randomization" 12308cb37a59SMarco Elver depends on RANDOMIZE_KSTACK_OFFSET 12318cb37a59SMarco Elver help 12328cb37a59SMarco Elver Kernel stack offset randomization is controlled by kernel boot param 12338cb37a59SMarco Elver "randomize_kstack_offset=on/off", and this config chooses the default 12348cb37a59SMarco Elver boot state. 123539218ff4SKees Cook 1236ad21fc4fSLaura Abbottconfig ARCH_OPTIONAL_KERNEL_RWX 1237ad21fc4fSLaura Abbott def_bool n 1238ad21fc4fSLaura Abbott 1239ad21fc4fSLaura Abbottconfig ARCH_OPTIONAL_KERNEL_RWX_DEFAULT 1240ad21fc4fSLaura Abbott def_bool n 1241ad21fc4fSLaura Abbott 1242ad21fc4fSLaura Abbottconfig ARCH_HAS_STRICT_KERNEL_RWX 1243ad21fc4fSLaura Abbott def_bool n 1244ad21fc4fSLaura Abbott 12450f5bf6d0SLaura Abbottconfig STRICT_KERNEL_RWX 1246ad21fc4fSLaura Abbott bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX 1247ad21fc4fSLaura Abbott depends on ARCH_HAS_STRICT_KERNEL_RWX 1248ad21fc4fSLaura Abbott default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT 1249ad21fc4fSLaura Abbott help 1250ad21fc4fSLaura Abbott If this is set, kernel text and rodata memory will be made read-only, 1251ad21fc4fSLaura Abbott and non-text memory will be made non-executable. This provides 1252ad21fc4fSLaura Abbott protection against certain security exploits (e.g. executing the heap 1253ad21fc4fSLaura Abbott or modifying text) 1254ad21fc4fSLaura Abbott 1255ad21fc4fSLaura Abbott These features are considered standard security practice these days. 1256ad21fc4fSLaura Abbott You should say Y here in almost all cases. 1257ad21fc4fSLaura Abbott 1258ad21fc4fSLaura Abbottconfig ARCH_HAS_STRICT_MODULE_RWX 1259ad21fc4fSLaura Abbott def_bool n 1260ad21fc4fSLaura Abbott 12610f5bf6d0SLaura Abbottconfig STRICT_MODULE_RWX 1262ad21fc4fSLaura Abbott bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX 1263ad21fc4fSLaura Abbott depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES 1264ad21fc4fSLaura Abbott default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT 1265ad21fc4fSLaura Abbott help 1266ad21fc4fSLaura Abbott If this is set, module text and rodata memory will be made read-only, 1267ad21fc4fSLaura Abbott and non-text memory will be made non-executable. This provides 1268ad21fc4fSLaura Abbott protection against certain security exploits (e.g. writing to text) 1269ad21fc4fSLaura Abbott 1270ea8c64acSChristoph Hellwig# select if the architecture provides an asm/dma-direct.h header 1271ea8c64acSChristoph Hellwigconfig ARCH_HAS_PHYS_TO_DMA 1272ea8c64acSChristoph Hellwig bool 1273ea8c64acSChristoph Hellwig 127404f264d3SPaul Burtonconfig HAVE_ARCH_COMPILER_H 127504f264d3SPaul Burton bool 127604f264d3SPaul Burton help 127704f264d3SPaul Burton An architecture can select this if it provides an 127804f264d3SPaul Burton asm/compiler.h header that should be included after 127904f264d3SPaul Burton linux/compiler-*.h in order to override macro definitions that those 128004f264d3SPaul Burton headers generally provide. 128104f264d3SPaul Burton 1282271ca788SArd Biesheuvelconfig HAVE_ARCH_PREL32_RELOCATIONS 1283271ca788SArd Biesheuvel bool 1284271ca788SArd Biesheuvel help 1285271ca788SArd Biesheuvel May be selected by an architecture if it supports place-relative 1286271ca788SArd Biesheuvel 32-bit relocations, both in the toolchain and in the module loader, 1287271ca788SArd Biesheuvel in which case relative references can be used in special sections 1288271ca788SArd Biesheuvel for PCI fixup, initcalls etc which are only half the size on 64 bit 1289271ca788SArd Biesheuvel architectures, and don't require runtime relocation on relocatable 1290271ca788SArd Biesheuvel kernels. 1291271ca788SArd Biesheuvel 1292ce9084baSArd Biesheuvelconfig ARCH_USE_MEMREMAP_PROT 1293ce9084baSArd Biesheuvel bool 1294ce9084baSArd Biesheuvel 1295fb346fd9SWaiman Longconfig LOCK_EVENT_COUNTS 1296fb346fd9SWaiman Long bool "Locking event counts collection" 1297fb346fd9SWaiman Long depends on DEBUG_FS 1298a7f7f624SMasahiro Yamada help 1299fb346fd9SWaiman Long Enable light-weight counting of various locking related events 1300fb346fd9SWaiman Long in the system with minimal performance impact. This reduces 1301fb346fd9SWaiman Long the chance of application behavior change because of timing 1302fb346fd9SWaiman Long differences. The counts are reported via debugfs. 1303fb346fd9SWaiman Long 13045cf896fbSPeter Collingbourne# Select if the architecture has support for applying RELR relocations. 13055cf896fbSPeter Collingbourneconfig ARCH_HAS_RELR 13065cf896fbSPeter Collingbourne bool 13075cf896fbSPeter Collingbourne 13085cf896fbSPeter Collingbourneconfig RELR 13095cf896fbSPeter Collingbourne bool "Use RELR relocation packing" 13105cf896fbSPeter Collingbourne depends on ARCH_HAS_RELR && TOOLS_SUPPORT_RELR 13115cf896fbSPeter Collingbourne default y 13125cf896fbSPeter Collingbourne help 13135cf896fbSPeter Collingbourne Store the kernel's dynamic relocations in the RELR relocation packing 13145cf896fbSPeter Collingbourne format. Requires a compatible linker (LLD supports this feature), as 13155cf896fbSPeter Collingbourne well as compatible NM and OBJCOPY utilities (llvm-nm and llvm-objcopy 13165cf896fbSPeter Collingbourne are compatible). 13175cf896fbSPeter Collingbourne 13180c9c1d56SThiago Jung Bauermannconfig ARCH_HAS_MEM_ENCRYPT 13190c9c1d56SThiago Jung Bauermann bool 13200c9c1d56SThiago Jung Bauermann 132146b49b12STom Lendackyconfig ARCH_HAS_CC_PLATFORM 132246b49b12STom Lendacky bool 132346b49b12STom Lendacky 13240e242208SHassan Naveedconfig HAVE_SPARSE_SYSCALL_NR 13250e242208SHassan Naveed bool 13260e242208SHassan Naveed help 13270e242208SHassan Naveed An architecture should select this if its syscall numbering is sparse 13280e242208SHassan Naveed to save space. For example, MIPS architecture has a syscall array with 13290e242208SHassan Naveed entries at 4000, 5000 and 6000 locations. This option turns on syscall 13300e242208SHassan Naveed related optimizations for a given architecture. 13310e242208SHassan Naveed 1332d60d7de3SSven Schnelleconfig ARCH_HAS_VDSO_DATA 1333d60d7de3SSven Schnelle bool 1334d60d7de3SSven Schnelle 1335115284d8SJosh Poimboeufconfig HAVE_STATIC_CALL 1336115284d8SJosh Poimboeuf bool 1337115284d8SJosh Poimboeuf 13389183c3f9SJosh Poimboeufconfig HAVE_STATIC_CALL_INLINE 13399183c3f9SJosh Poimboeuf bool 13409183c3f9SJosh Poimboeuf depends on HAVE_STATIC_CALL 134103f16cd0SJosh Poimboeuf select OBJTOOL 13429183c3f9SJosh Poimboeuf 13436ef869e0SMichal Hockoconfig HAVE_PREEMPT_DYNAMIC 13446ef869e0SMichal Hocko bool 134599cf983cSMark Rutland 134699cf983cSMark Rutlandconfig HAVE_PREEMPT_DYNAMIC_CALL 134799cf983cSMark Rutland bool 13486ef869e0SMichal Hocko depends on HAVE_STATIC_CALL 134999cf983cSMark Rutland select HAVE_PREEMPT_DYNAMIC 13506ef869e0SMichal Hocko help 135199cf983cSMark Rutland An architecture should select this if it can handle the preemption 135299cf983cSMark Rutland model being selected at boot time using static calls. 135399cf983cSMark Rutland 135499cf983cSMark Rutland Where an architecture selects HAVE_STATIC_CALL_INLINE, any call to a 135599cf983cSMark Rutland preemption function will be patched directly. 135699cf983cSMark Rutland 135799cf983cSMark Rutland Where an architecture does not select HAVE_STATIC_CALL_INLINE, any 135899cf983cSMark Rutland call to a preemption function will go through a trampoline, and the 135999cf983cSMark Rutland trampoline will be patched. 136099cf983cSMark Rutland 136199cf983cSMark Rutland It is strongly advised to support inline static call to avoid any 136299cf983cSMark Rutland overhead. 136399cf983cSMark Rutland 136499cf983cSMark Rutlandconfig HAVE_PREEMPT_DYNAMIC_KEY 136599cf983cSMark Rutland bool 1366a0a12c3eSNick Desaulniers depends on HAVE_ARCH_JUMP_LABEL 136799cf983cSMark Rutland select HAVE_PREEMPT_DYNAMIC 136899cf983cSMark Rutland help 136999cf983cSMark Rutland An architecture should select this if it can handle the preemption 137099cf983cSMark Rutland model being selected at boot time using static keys. 137199cf983cSMark Rutland 137299cf983cSMark Rutland Each preemption function will be given an early return based on a 137399cf983cSMark Rutland static key. This should have slightly lower overhead than non-inline 137499cf983cSMark Rutland static calls, as this effectively inlines each trampoline into the 137599cf983cSMark Rutland start of its callee. This may avoid redundant work, and may 137699cf983cSMark Rutland integrate better with CFI schemes. 137799cf983cSMark Rutland 137899cf983cSMark Rutland This will have greater overhead than using inline static calls as 137999cf983cSMark Rutland the call to the preemption function cannot be entirely elided. 13806ef869e0SMichal Hocko 138159612b24SNathan Chancellorconfig ARCH_WANT_LD_ORPHAN_WARN 138259612b24SNathan Chancellor bool 138359612b24SNathan Chancellor help 138459612b24SNathan Chancellor An arch should select this symbol once all linker sections are explicitly 138559612b24SNathan Chancellor included, size-asserted, or discarded in the linker scripts. This is 138659612b24SNathan Chancellor important because we never want expected sections to be placed heuristically 138759612b24SNathan Chancellor by the linker, since the locations of such sections can change between linker 138859612b24SNathan Chancellor versions. 138959612b24SNathan Chancellor 13904f5b0c17SMike Rapoportconfig HAVE_ARCH_PFN_VALID 13914f5b0c17SMike Rapoport bool 13924f5b0c17SMike Rapoport 13935d6ad668SMike Rapoportconfig ARCH_SUPPORTS_DEBUG_PAGEALLOC 13945d6ad668SMike Rapoport bool 13955d6ad668SMike Rapoport 1396df4e817bSPasha Tatashinconfig ARCH_SUPPORTS_PAGE_TABLE_CHECK 1397df4e817bSPasha Tatashin bool 1398df4e817bSPasha Tatashin 13992ca408d9SBrian Gerstconfig ARCH_SPLIT_ARG64 14002ca408d9SBrian Gerst bool 14012ca408d9SBrian Gerst help 14022ca408d9SBrian Gerst If a 32-bit architecture requires 64-bit arguments to be split into 14032ca408d9SBrian Gerst pairs of 32-bit arguments, select this option. 14042ca408d9SBrian Gerst 14057facdc42SAl Viroconfig ARCH_HAS_ELFCORE_COMPAT 14067facdc42SAl Viro bool 14077facdc42SAl Viro 140858e106e7SBalbir Singhconfig ARCH_HAS_PARANOID_L1D_FLUSH 140958e106e7SBalbir Singh bool 141058e106e7SBalbir Singh 1411d593d64fSPrasad Sodagudiconfig ARCH_HAVE_TRACE_MMIO_ACCESS 1412d593d64fSPrasad Sodagudi bool 1413d593d64fSPrasad Sodagudi 14141bdda24cSThomas Gleixnerconfig DYNAMIC_SIGFRAME 14151bdda24cSThomas Gleixner bool 14161bdda24cSThomas Gleixner 141750468e43SJarkko Sakkinen# Select, if arch has a named attribute group bound to NUMA device nodes. 141850468e43SJarkko Sakkinenconfig HAVE_ARCH_NODE_DEV_GROUP 141950468e43SJarkko Sakkinen bool 142050468e43SJarkko Sakkinen 14212521f2c2SPeter Oberparleitersource "kernel/gcov/Kconfig" 142245332b1bSMasahiro Yamada 142345332b1bSMasahiro Yamadasource "scripts/gcc-plugins/Kconfig" 1424fa1b5d09SLinus Torvalds 142522471e13SRandy Dunlapendmenu 1426