1# SPDX-License-Identifier: GPL-2.0-only 2config ARM64 3 def_bool y 4 select ACPI_CCA_REQUIRED if ACPI 5 select ACPI_GENERIC_GSI if ACPI 6 select ACPI_GTDT if ACPI 7 select ACPI_IORT if ACPI 8 select ACPI_REDUCED_HARDWARE_ONLY if ACPI 9 select ACPI_MCFG if (ACPI && PCI) 10 select ACPI_SPCR_TABLE if ACPI 11 select ACPI_PPTT if ACPI 12 select ARCH_CLOCKSOURCE_DATA 13 select ARCH_HAS_DEBUG_VIRTUAL 14 select ARCH_HAS_DEVMEM_IS_ALLOWED 15 select ARCH_HAS_DMA_PREP_COHERENT 16 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI 17 select ARCH_HAS_FAST_MULTIPLIER 18 select ARCH_HAS_FORTIFY_SOURCE 19 select ARCH_HAS_GCOV_PROFILE_ALL 20 select ARCH_HAS_GIGANTIC_PAGE 21 select ARCH_HAS_KCOV 22 select ARCH_HAS_KEEPINITRD 23 select ARCH_HAS_MEMBARRIER_SYNC_CORE 24 select ARCH_HAS_PTE_DEVMAP 25 select ARCH_HAS_PTE_SPECIAL 26 select ARCH_HAS_SETUP_DMA_OPS 27 select ARCH_HAS_SET_DIRECT_MAP 28 select ARCH_HAS_SET_MEMORY 29 select ARCH_HAS_STRICT_KERNEL_RWX 30 select ARCH_HAS_STRICT_MODULE_RWX 31 select ARCH_HAS_SYNC_DMA_FOR_DEVICE 32 select ARCH_HAS_SYNC_DMA_FOR_CPU 33 select ARCH_HAS_SYSCALL_WRAPPER 34 select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT 35 select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST 36 select ARCH_HAVE_NMI_SAFE_CMPXCHG 37 select ARCH_INLINE_READ_LOCK if !PREEMPTION 38 select ARCH_INLINE_READ_LOCK_BH if !PREEMPTION 39 select ARCH_INLINE_READ_LOCK_IRQ if !PREEMPTION 40 select ARCH_INLINE_READ_LOCK_IRQSAVE if !PREEMPTION 41 select ARCH_INLINE_READ_UNLOCK if !PREEMPTION 42 select ARCH_INLINE_READ_UNLOCK_BH if !PREEMPTION 43 select ARCH_INLINE_READ_UNLOCK_IRQ if !PREEMPTION 44 select ARCH_INLINE_READ_UNLOCK_IRQRESTORE if !PREEMPTION 45 select ARCH_INLINE_WRITE_LOCK if !PREEMPTION 46 select ARCH_INLINE_WRITE_LOCK_BH if !PREEMPTION 47 select ARCH_INLINE_WRITE_LOCK_IRQ if !PREEMPTION 48 select ARCH_INLINE_WRITE_LOCK_IRQSAVE if !PREEMPTION 49 select ARCH_INLINE_WRITE_UNLOCK if !PREEMPTION 50 select ARCH_INLINE_WRITE_UNLOCK_BH if !PREEMPTION 51 select ARCH_INLINE_WRITE_UNLOCK_IRQ if !PREEMPTION 52 select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE if !PREEMPTION 53 select ARCH_INLINE_SPIN_TRYLOCK if !PREEMPTION 54 select ARCH_INLINE_SPIN_TRYLOCK_BH if !PREEMPTION 55 select ARCH_INLINE_SPIN_LOCK if !PREEMPTION 56 select ARCH_INLINE_SPIN_LOCK_BH if !PREEMPTION 57 select ARCH_INLINE_SPIN_LOCK_IRQ if !PREEMPTION 58 select ARCH_INLINE_SPIN_LOCK_IRQSAVE if !PREEMPTION 59 select ARCH_INLINE_SPIN_UNLOCK if !PREEMPTION 60 select ARCH_INLINE_SPIN_UNLOCK_BH if !PREEMPTION 61 select ARCH_INLINE_SPIN_UNLOCK_IRQ if !PREEMPTION 62 select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPTION 63 select ARCH_KEEP_MEMBLOCK 64 select ARCH_USE_CMPXCHG_LOCKREF 65 select ARCH_USE_QUEUED_RWLOCKS 66 select ARCH_USE_QUEUED_SPINLOCKS 67 select ARCH_SUPPORTS_MEMORY_FAILURE 68 select ARCH_SUPPORTS_ATOMIC_RMW 69 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 && (GCC_VERSION >= 50000 || CC_IS_CLANG) 70 select ARCH_SUPPORTS_NUMA_BALANCING 71 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION if COMPAT 72 select ARCH_WANT_DEFAULT_BPF_JIT 73 select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT 74 select ARCH_WANT_FRAME_POINTERS 75 select ARCH_WANT_HUGE_PMD_SHARE if ARM64_4K_PAGES || (ARM64_16K_PAGES && !ARM64_VA_BITS_36) 76 select ARCH_HAS_UBSAN_SANITIZE_ALL 77 select ARM_AMBA 78 select ARM_ARCH_TIMER 79 select ARM_GIC 80 select AUDIT_ARCH_COMPAT_GENERIC 81 select ARM_GIC_V2M if PCI 82 select ARM_GIC_V3 83 select ARM_GIC_V3_ITS if PCI 84 select ARM_PSCI_FW 85 select BUILDTIME_TABLE_SORT 86 select CLONE_BACKWARDS 87 select COMMON_CLK 88 select CPU_PM if (SUSPEND || CPU_IDLE) 89 select CRC32 90 select DCACHE_WORD_ACCESS 91 select DMA_DIRECT_REMAP 92 select EDAC_SUPPORT 93 select FRAME_POINTER 94 select GENERIC_ALLOCATOR 95 select GENERIC_ARCH_TOPOLOGY 96 select GENERIC_CLOCKEVENTS 97 select GENERIC_CLOCKEVENTS_BROADCAST 98 select GENERIC_CPU_AUTOPROBE 99 select GENERIC_CPU_VULNERABILITIES 100 select GENERIC_EARLY_IOREMAP 101 select GENERIC_IDLE_POLL_SETUP 102 select GENERIC_IRQ_MULTI_HANDLER 103 select GENERIC_IRQ_PROBE 104 select GENERIC_IRQ_SHOW 105 select GENERIC_IRQ_SHOW_LEVEL 106 select GENERIC_PCI_IOMAP 107 select GENERIC_PTDUMP 108 select GENERIC_SCHED_CLOCK 109 select GENERIC_SMP_IDLE_THREAD 110 select GENERIC_STRNCPY_FROM_USER 111 select GENERIC_STRNLEN_USER 112 select GENERIC_TIME_VSYSCALL 113 select GENERIC_GETTIMEOFDAY 114 select HANDLE_DOMAIN_IRQ 115 select HARDIRQS_SW_RESEND 116 select HAVE_PCI 117 select HAVE_ACPI_APEI if (ACPI && EFI) 118 select HAVE_ALIGNED_STRUCT_PAGE if SLUB 119 select HAVE_ARCH_AUDITSYSCALL 120 select HAVE_ARCH_BITREVERSE 121 select HAVE_ARCH_HUGE_VMAP 122 select HAVE_ARCH_JUMP_LABEL 123 select HAVE_ARCH_JUMP_LABEL_RELATIVE 124 select HAVE_ARCH_KASAN if !(ARM64_16K_PAGES && ARM64_VA_BITS_48) 125 select HAVE_ARCH_KASAN_SW_TAGS if HAVE_ARCH_KASAN 126 select HAVE_ARCH_KGDB 127 select HAVE_ARCH_MMAP_RND_BITS 128 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT 129 select HAVE_ARCH_PREL32_RELOCATIONS 130 select HAVE_ARCH_SECCOMP_FILTER 131 select HAVE_ARCH_STACKLEAK 132 select HAVE_ARCH_THREAD_STRUCT_WHITELIST 133 select HAVE_ARCH_TRACEHOOK 134 select HAVE_ARCH_TRANSPARENT_HUGEPAGE 135 select HAVE_ARCH_VMAP_STACK 136 select HAVE_ARM_SMCCC 137 select HAVE_ASM_MODVERSIONS 138 select HAVE_EBPF_JIT 139 select HAVE_C_RECORDMCOUNT 140 select HAVE_CMPXCHG_DOUBLE 141 select HAVE_CMPXCHG_LOCAL 142 select HAVE_CONTEXT_TRACKING 143 select HAVE_COPY_THREAD_TLS 144 select HAVE_DEBUG_BUGVERBOSE 145 select HAVE_DEBUG_KMEMLEAK 146 select HAVE_DMA_CONTIGUOUS 147 select HAVE_DYNAMIC_FTRACE 148 select HAVE_DYNAMIC_FTRACE_WITH_REGS \ 149 if $(cc-option,-fpatchable-function-entry=2) 150 select HAVE_EFFICIENT_UNALIGNED_ACCESS 151 select HAVE_FAST_GUP 152 select HAVE_FTRACE_MCOUNT_RECORD 153 select HAVE_FUNCTION_TRACER 154 select HAVE_FUNCTION_ERROR_INJECTION 155 select HAVE_FUNCTION_GRAPH_TRACER 156 select HAVE_GCC_PLUGINS 157 select HAVE_HW_BREAKPOINT if PERF_EVENTS 158 select HAVE_IRQ_TIME_ACCOUNTING 159 select HAVE_MEMBLOCK_NODE_MAP if NUMA 160 select HAVE_NMI 161 select HAVE_PATA_PLATFORM 162 select HAVE_PERF_EVENTS 163 select HAVE_PERF_REGS 164 select HAVE_PERF_USER_STACK_DUMP 165 select HAVE_REGS_AND_STACK_ACCESS_API 166 select HAVE_FUNCTION_ARG_ACCESS_API 167 select HAVE_FUTEX_CMPXCHG if FUTEX 168 select MMU_GATHER_RCU_TABLE_FREE 169 select HAVE_RSEQ 170 select HAVE_STACKPROTECTOR 171 select HAVE_SYSCALL_TRACEPOINTS 172 select HAVE_KPROBES 173 select HAVE_KRETPROBES 174 select HAVE_GENERIC_VDSO 175 select IOMMU_DMA if IOMMU_SUPPORT 176 select IRQ_DOMAIN 177 select IRQ_FORCED_THREADING 178 select MODULES_USE_ELF_RELA 179 select NEED_DMA_MAP_STATE 180 select NEED_SG_DMA_LENGTH 181 select OF 182 select OF_EARLY_FLATTREE 183 select PCI_DOMAINS_GENERIC if PCI 184 select PCI_ECAM if (ACPI && PCI) 185 select PCI_SYSCALL if PCI 186 select POWER_RESET 187 select POWER_SUPPLY 188 select SPARSE_IRQ 189 select SWIOTLB 190 select SYSCTL_EXCEPTION_TRACE 191 select THREAD_INFO_IN_TASK 192 help 193 ARM 64-bit (AArch64) Linux support. 194 195config 64BIT 196 def_bool y 197 198config MMU 199 def_bool y 200 201config ARM64_PAGE_SHIFT 202 int 203 default 16 if ARM64_64K_PAGES 204 default 14 if ARM64_16K_PAGES 205 default 12 206 207config ARM64_CONT_SHIFT 208 int 209 default 5 if ARM64_64K_PAGES 210 default 7 if ARM64_16K_PAGES 211 default 4 212 213config ARCH_MMAP_RND_BITS_MIN 214 default 14 if ARM64_64K_PAGES 215 default 16 if ARM64_16K_PAGES 216 default 18 217 218# max bits determined by the following formula: 219# VA_BITS - PAGE_SHIFT - 3 220config ARCH_MMAP_RND_BITS_MAX 221 default 19 if ARM64_VA_BITS=36 222 default 24 if ARM64_VA_BITS=39 223 default 27 if ARM64_VA_BITS=42 224 default 30 if ARM64_VA_BITS=47 225 default 29 if ARM64_VA_BITS=48 && ARM64_64K_PAGES 226 default 31 if ARM64_VA_BITS=48 && ARM64_16K_PAGES 227 default 33 if ARM64_VA_BITS=48 228 default 14 if ARM64_64K_PAGES 229 default 16 if ARM64_16K_PAGES 230 default 18 231 232config ARCH_MMAP_RND_COMPAT_BITS_MIN 233 default 7 if ARM64_64K_PAGES 234 default 9 if ARM64_16K_PAGES 235 default 11 236 237config ARCH_MMAP_RND_COMPAT_BITS_MAX 238 default 16 239 240config NO_IOPORT_MAP 241 def_bool y if !PCI 242 243config STACKTRACE_SUPPORT 244 def_bool y 245 246config ILLEGAL_POINTER_VALUE 247 hex 248 default 0xdead000000000000 249 250config LOCKDEP_SUPPORT 251 def_bool y 252 253config TRACE_IRQFLAGS_SUPPORT 254 def_bool y 255 256config GENERIC_BUG 257 def_bool y 258 depends on BUG 259 260config GENERIC_BUG_RELATIVE_POINTERS 261 def_bool y 262 depends on GENERIC_BUG 263 264config GENERIC_HWEIGHT 265 def_bool y 266 267config GENERIC_CSUM 268 def_bool y 269 270config GENERIC_CALIBRATE_DELAY 271 def_bool y 272 273config ZONE_DMA 274 bool "Support DMA zone" if EXPERT 275 default y 276 277config ZONE_DMA32 278 bool "Support DMA32 zone" if EXPERT 279 default y 280 281config ARCH_ENABLE_MEMORY_HOTPLUG 282 def_bool y 283 284config SMP 285 def_bool y 286 287config KERNEL_MODE_NEON 288 def_bool y 289 290config FIX_EARLYCON_MEM 291 def_bool y 292 293config PGTABLE_LEVELS 294 int 295 default 2 if ARM64_16K_PAGES && ARM64_VA_BITS_36 296 default 2 if ARM64_64K_PAGES && ARM64_VA_BITS_42 297 default 3 if ARM64_64K_PAGES && (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) 298 default 3 if ARM64_4K_PAGES && ARM64_VA_BITS_39 299 default 3 if ARM64_16K_PAGES && ARM64_VA_BITS_47 300 default 4 if !ARM64_64K_PAGES && ARM64_VA_BITS_48 301 302config ARCH_SUPPORTS_UPROBES 303 def_bool y 304 305config ARCH_PROC_KCORE_TEXT 306 def_bool y 307 308config BROKEN_GAS_INST 309 def_bool !$(as-instr,1:\n.inst 0\n.rept . - 1b\n\nnop\n.endr\n) 310 311config KASAN_SHADOW_OFFSET 312 hex 313 depends on KASAN 314 default 0xdfffa00000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && !KASAN_SW_TAGS 315 default 0xdfffd00000000000 if ARM64_VA_BITS_47 && !KASAN_SW_TAGS 316 default 0xdffffe8000000000 if ARM64_VA_BITS_42 && !KASAN_SW_TAGS 317 default 0xdfffffd000000000 if ARM64_VA_BITS_39 && !KASAN_SW_TAGS 318 default 0xdffffffa00000000 if ARM64_VA_BITS_36 && !KASAN_SW_TAGS 319 default 0xefff900000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && KASAN_SW_TAGS 320 default 0xefffc80000000000 if ARM64_VA_BITS_47 && KASAN_SW_TAGS 321 default 0xeffffe4000000000 if ARM64_VA_BITS_42 && KASAN_SW_TAGS 322 default 0xefffffc800000000 if ARM64_VA_BITS_39 && KASAN_SW_TAGS 323 default 0xeffffff900000000 if ARM64_VA_BITS_36 && KASAN_SW_TAGS 324 default 0xffffffffffffffff 325 326source "arch/arm64/Kconfig.platforms" 327 328menu "Kernel Features" 329 330menu "ARM errata workarounds via the alternatives framework" 331 332config ARM64_WORKAROUND_CLEAN_CACHE 333 bool 334 335config ARM64_ERRATUM_826319 336 bool "Cortex-A53: 826319: System might deadlock if a write cannot complete until read data is accepted" 337 default y 338 select ARM64_WORKAROUND_CLEAN_CACHE 339 help 340 This option adds an alternative code sequence to work around ARM 341 erratum 826319 on Cortex-A53 parts up to r0p2 with an AMBA 4 ACE or 342 AXI master interface and an L2 cache. 343 344 If a Cortex-A53 uses an AMBA AXI4 ACE interface to other processors 345 and is unable to accept a certain write via this interface, it will 346 not progress on read data presented on the read data channel and the 347 system can deadlock. 348 349 The workaround promotes data cache clean instructions to 350 data cache clean-and-invalidate. 351 Please note that this does not necessarily enable the workaround, 352 as it depends on the alternative framework, which will only patch 353 the kernel if an affected CPU is detected. 354 355 If unsure, say Y. 356 357config ARM64_ERRATUM_827319 358 bool "Cortex-A53: 827319: Data cache clean instructions might cause overlapping transactions to the interconnect" 359 default y 360 select ARM64_WORKAROUND_CLEAN_CACHE 361 help 362 This option adds an alternative code sequence to work around ARM 363 erratum 827319 on Cortex-A53 parts up to r0p2 with an AMBA 5 CHI 364 master interface and an L2 cache. 365 366 Under certain conditions this erratum can cause a clean line eviction 367 to occur at the same time as another transaction to the same address 368 on the AMBA 5 CHI interface, which can cause data corruption if the 369 interconnect reorders the two transactions. 370 371 The workaround promotes data cache clean instructions to 372 data cache clean-and-invalidate. 373 Please note that this does not necessarily enable the workaround, 374 as it depends on the alternative framework, which will only patch 375 the kernel if an affected CPU is detected. 376 377 If unsure, say Y. 378 379config ARM64_ERRATUM_824069 380 bool "Cortex-A53: 824069: Cache line might not be marked as clean after a CleanShared snoop" 381 default y 382 select ARM64_WORKAROUND_CLEAN_CACHE 383 help 384 This option adds an alternative code sequence to work around ARM 385 erratum 824069 on Cortex-A53 parts up to r0p2 when it is connected 386 to a coherent interconnect. 387 388 If a Cortex-A53 processor is executing a store or prefetch for 389 write instruction at the same time as a processor in another 390 cluster is executing a cache maintenance operation to the same 391 address, then this erratum might cause a clean cache line to be 392 incorrectly marked as dirty. 393 394 The workaround promotes data cache clean instructions to 395 data cache clean-and-invalidate. 396 Please note that this option does not necessarily enable the 397 workaround, as it depends on the alternative framework, which will 398 only patch the kernel if an affected CPU is detected. 399 400 If unsure, say Y. 401 402config ARM64_ERRATUM_819472 403 bool "Cortex-A53: 819472: Store exclusive instructions might cause data corruption" 404 default y 405 select ARM64_WORKAROUND_CLEAN_CACHE 406 help 407 This option adds an alternative code sequence to work around ARM 408 erratum 819472 on Cortex-A53 parts up to r0p1 with an L2 cache 409 present when it is connected to a coherent interconnect. 410 411 If the processor is executing a load and store exclusive sequence at 412 the same time as a processor in another cluster is executing a cache 413 maintenance operation to the same address, then this erratum might 414 cause data corruption. 415 416 The workaround promotes data cache clean instructions to 417 data cache clean-and-invalidate. 418 Please note that this does not necessarily enable the workaround, 419 as it depends on the alternative framework, which will only patch 420 the kernel if an affected CPU is detected. 421 422 If unsure, say Y. 423 424config ARM64_ERRATUM_832075 425 bool "Cortex-A57: 832075: possible deadlock on mixing exclusive memory accesses with device loads" 426 default y 427 help 428 This option adds an alternative code sequence to work around ARM 429 erratum 832075 on Cortex-A57 parts up to r1p2. 430 431 Affected Cortex-A57 parts might deadlock when exclusive load/store 432 instructions to Write-Back memory are mixed with Device loads. 433 434 The workaround is to promote device loads to use Load-Acquire 435 semantics. 436 Please note that this does not necessarily enable the workaround, 437 as it depends on the alternative framework, which will only patch 438 the kernel if an affected CPU is detected. 439 440 If unsure, say Y. 441 442config ARM64_ERRATUM_834220 443 bool "Cortex-A57: 834220: Stage 2 translation fault might be incorrectly reported in presence of a Stage 1 fault" 444 depends on KVM 445 default y 446 help 447 This option adds an alternative code sequence to work around ARM 448 erratum 834220 on Cortex-A57 parts up to r1p2. 449 450 Affected Cortex-A57 parts might report a Stage 2 translation 451 fault as the result of a Stage 1 fault for load crossing a 452 page boundary when there is a permission or device memory 453 alignment fault at Stage 1 and a translation fault at Stage 2. 454 455 The workaround is to verify that the Stage 1 translation 456 doesn't generate a fault before handling the Stage 2 fault. 457 Please note that this does not necessarily enable the workaround, 458 as it depends on the alternative framework, which will only patch 459 the kernel if an affected CPU is detected. 460 461 If unsure, say Y. 462 463config ARM64_ERRATUM_845719 464 bool "Cortex-A53: 845719: a load might read incorrect data" 465 depends on COMPAT 466 default y 467 help 468 This option adds an alternative code sequence to work around ARM 469 erratum 845719 on Cortex-A53 parts up to r0p4. 470 471 When running a compat (AArch32) userspace on an affected Cortex-A53 472 part, a load at EL0 from a virtual address that matches the bottom 32 473 bits of the virtual address used by a recent load at (AArch64) EL1 474 might return incorrect data. 475 476 The workaround is to write the contextidr_el1 register on exception 477 return to a 32-bit task. 478 Please note that this does not necessarily enable the workaround, 479 as it depends on the alternative framework, which will only patch 480 the kernel if an affected CPU is detected. 481 482 If unsure, say Y. 483 484config ARM64_ERRATUM_843419 485 bool "Cortex-A53: 843419: A load or store might access an incorrect address" 486 default y 487 select ARM64_MODULE_PLTS if MODULES 488 help 489 This option links the kernel with '--fix-cortex-a53-843419' and 490 enables PLT support to replace certain ADRP instructions, which can 491 cause subsequent memory accesses to use an incorrect address on 492 Cortex-A53 parts up to r0p4. 493 494 If unsure, say Y. 495 496config ARM64_ERRATUM_1024718 497 bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" 498 default y 499 help 500 This option adds a workaround for ARM Cortex-A55 Erratum 1024718. 501 502 Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect 503 update of the hardware dirty bit when the DBM/AP bits are updated 504 without a break-before-make. The workaround is to disable the usage 505 of hardware DBM locally on the affected cores. CPUs not affected by 506 this erratum will continue to use the feature. 507 508 If unsure, say Y. 509 510config ARM64_ERRATUM_1418040 511 bool "Cortex-A76/Neoverse-N1: MRC read following MRRC read of specific Generic Timer in AArch32 might give incorrect result" 512 default y 513 depends on COMPAT 514 help 515 This option adds a workaround for ARM Cortex-A76/Neoverse-N1 516 errata 1188873 and 1418040. 517 518 Affected Cortex-A76/Neoverse-N1 cores (r0p0 to r3p1) could 519 cause register corruption when accessing the timer registers 520 from AArch32 userspace. 521 522 If unsure, say Y. 523 524config ARM64_WORKAROUND_SPECULATIVE_AT_VHE 525 bool 526 527config ARM64_ERRATUM_1165522 528 bool "Cortex-A76: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 529 default y 530 select ARM64_WORKAROUND_SPECULATIVE_AT_VHE 531 help 532 This option adds a workaround for ARM Cortex-A76 erratum 1165522. 533 534 Affected Cortex-A76 cores (r0p0, r1p0, r2p0) could end-up with 535 corrupted TLBs by speculating an AT instruction during a guest 536 context switch. 537 538 If unsure, say Y. 539 540config ARM64_ERRATUM_1530923 541 bool "Cortex-A55: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 542 default y 543 select ARM64_WORKAROUND_SPECULATIVE_AT_VHE 544 help 545 This option adds a workaround for ARM Cortex-A55 erratum 1530923. 546 547 Affected Cortex-A55 cores (r0p0, r0p1, r1p0, r2p0) could end-up with 548 corrupted TLBs by speculating an AT instruction during a guest 549 context switch. 550 551 If unsure, say Y. 552 553config ARM64_ERRATUM_1286807 554 bool "Cortex-A76: Modification of the translation table for a virtual address might lead to read-after-read ordering violation" 555 default y 556 select ARM64_WORKAROUND_REPEAT_TLBI 557 help 558 This option adds a workaround for ARM Cortex-A76 erratum 1286807. 559 560 On the affected Cortex-A76 cores (r0p0 to r3p0), if a virtual 561 address for a cacheable mapping of a location is being 562 accessed by a core while another core is remapping the virtual 563 address to a new physical page using the recommended 564 break-before-make sequence, then under very rare circumstances 565 TLBI+DSB completes before a read using the translation being 566 invalidated has been observed by other observers. The 567 workaround repeats the TLBI+DSB operation. 568 569config ARM64_WORKAROUND_SPECULATIVE_AT_NVHE 570 bool 571 572config ARM64_ERRATUM_1319367 573 bool "Cortex-A57/A72: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 574 default y 575 select ARM64_WORKAROUND_SPECULATIVE_AT_NVHE 576 help 577 This option adds work arounds for ARM Cortex-A57 erratum 1319537 578 and A72 erratum 1319367 579 580 Cortex-A57 and A72 cores could end-up with corrupted TLBs by 581 speculating an AT instruction during a guest context switch. 582 583 If unsure, say Y. 584 585config ARM64_ERRATUM_1463225 586 bool "Cortex-A76: Software Step might prevent interrupt recognition" 587 default y 588 help 589 This option adds a workaround for Arm Cortex-A76 erratum 1463225. 590 591 On the affected Cortex-A76 cores (r0p0 to r3p1), software stepping 592 of a system call instruction (SVC) can prevent recognition of 593 subsequent interrupts when software stepping is disabled in the 594 exception handler of the system call and either kernel debugging 595 is enabled or VHE is in use. 596 597 Work around the erratum by triggering a dummy step exception 598 when handling a system call from a task that is being stepped 599 in a VHE configuration of the kernel. 600 601 If unsure, say Y. 602 603config ARM64_ERRATUM_1542419 604 bool "Neoverse-N1: workaround mis-ordering of instruction fetches" 605 default y 606 help 607 This option adds a workaround for ARM Neoverse-N1 erratum 608 1542419. 609 610 Affected Neoverse-N1 cores could execute a stale instruction when 611 modified by another CPU. The workaround depends on a firmware 612 counterpart. 613 614 Workaround the issue by hiding the DIC feature from EL0. This 615 forces user-space to perform cache maintenance. 616 617 If unsure, say Y. 618 619config CAVIUM_ERRATUM_22375 620 bool "Cavium erratum 22375, 24313" 621 default y 622 help 623 Enable workaround for errata 22375 and 24313. 624 625 This implements two gicv3-its errata workarounds for ThunderX. Both 626 with a small impact affecting only ITS table allocation. 627 628 erratum 22375: only alloc 8MB table size 629 erratum 24313: ignore memory access type 630 631 The fixes are in ITS initialization and basically ignore memory access 632 type and table size provided by the TYPER and BASER registers. 633 634 If unsure, say Y. 635 636config CAVIUM_ERRATUM_23144 637 bool "Cavium erratum 23144: ITS SYNC hang on dual socket system" 638 depends on NUMA 639 default y 640 help 641 ITS SYNC command hang for cross node io and collections/cpu mapping. 642 643 If unsure, say Y. 644 645config CAVIUM_ERRATUM_23154 646 bool "Cavium erratum 23154: Access to ICC_IAR1_EL1 is not sync'ed" 647 default y 648 help 649 The gicv3 of ThunderX requires a modified version for 650 reading the IAR status to ensure data synchronization 651 (access to icc_iar1_el1 is not sync'ed before and after). 652 653 If unsure, say Y. 654 655config CAVIUM_ERRATUM_27456 656 bool "Cavium erratum 27456: Broadcast TLBI instructions may cause icache corruption" 657 default y 658 help 659 On ThunderX T88 pass 1.x through 2.1 parts, broadcast TLBI 660 instructions may cause the icache to become corrupted if it 661 contains data for a non-current ASID. The fix is to 662 invalidate the icache when changing the mm context. 663 664 If unsure, say Y. 665 666config CAVIUM_ERRATUM_30115 667 bool "Cavium erratum 30115: Guest may disable interrupts in host" 668 default y 669 help 670 On ThunderX T88 pass 1.x through 2.2, T81 pass 1.0 through 671 1.2, and T83 Pass 1.0, KVM guest execution may disable 672 interrupts in host. Trapping both GICv3 group-0 and group-1 673 accesses sidesteps the issue. 674 675 If unsure, say Y. 676 677config CAVIUM_TX2_ERRATUM_219 678 bool "Cavium ThunderX2 erratum 219: PRFM between TTBR change and ISB fails" 679 default y 680 help 681 On Cavium ThunderX2, a load, store or prefetch instruction between a 682 TTBR update and the corresponding context synchronizing operation can 683 cause a spurious Data Abort to be delivered to any hardware thread in 684 the CPU core. 685 686 Work around the issue by avoiding the problematic code sequence and 687 trapping KVM guest TTBRx_EL1 writes to EL2 when SMT is enabled. The 688 trap handler performs the corresponding register access, skips the 689 instruction and ensures context synchronization by virtue of the 690 exception return. 691 692 If unsure, say Y. 693 694config QCOM_FALKOR_ERRATUM_1003 695 bool "Falkor E1003: Incorrect translation due to ASID change" 696 default y 697 help 698 On Falkor v1, an incorrect ASID may be cached in the TLB when ASID 699 and BADDR are changed together in TTBRx_EL1. Since we keep the ASID 700 in TTBR1_EL1, this situation only occurs in the entry trampoline and 701 then only for entries in the walk cache, since the leaf translation 702 is unchanged. Work around the erratum by invalidating the walk cache 703 entries for the trampoline before entering the kernel proper. 704 705config ARM64_WORKAROUND_REPEAT_TLBI 706 bool 707 708config QCOM_FALKOR_ERRATUM_1009 709 bool "Falkor E1009: Prematurely complete a DSB after a TLBI" 710 default y 711 select ARM64_WORKAROUND_REPEAT_TLBI 712 help 713 On Falkor v1, the CPU may prematurely complete a DSB following a 714 TLBI xxIS invalidate maintenance operation. Repeat the TLBI operation 715 one more time to fix the issue. 716 717 If unsure, say Y. 718 719config QCOM_QDF2400_ERRATUM_0065 720 bool "QDF2400 E0065: Incorrect GITS_TYPER.ITT_Entry_size" 721 default y 722 help 723 On Qualcomm Datacenter Technologies QDF2400 SoC, ITS hardware reports 724 ITE size incorrectly. The GITS_TYPER.ITT_Entry_size field should have 725 been indicated as 16Bytes (0xf), not 8Bytes (0x7). 726 727 If unsure, say Y. 728 729config SOCIONEXT_SYNQUACER_PREITS 730 bool "Socionext Synquacer: Workaround for GICv3 pre-ITS" 731 default y 732 help 733 Socionext Synquacer SoCs implement a separate h/w block to generate 734 MSI doorbell writes with non-zero values for the device ID. 735 736 If unsure, say Y. 737 738config HISILICON_ERRATUM_161600802 739 bool "Hip07 161600802: Erroneous redistributor VLPI base" 740 default y 741 help 742 The HiSilicon Hip07 SoC uses the wrong redistributor base 743 when issued ITS commands such as VMOVP and VMAPP, and requires 744 a 128kB offset to be applied to the target address in this commands. 745 746 If unsure, say Y. 747 748config QCOM_FALKOR_ERRATUM_E1041 749 bool "Falkor E1041: Speculative instruction fetches might cause errant memory access" 750 default y 751 help 752 Falkor CPU may speculatively fetch instructions from an improper 753 memory location when MMU translation is changed from SCTLR_ELn[M]=1 754 to SCTLR_ELn[M]=0. Prefix an ISB instruction to fix the problem. 755 756 If unsure, say Y. 757 758config FUJITSU_ERRATUM_010001 759 bool "Fujitsu-A64FX erratum E#010001: Undefined fault may occur wrongly" 760 default y 761 help 762 This option adds a workaround for Fujitsu-A64FX erratum E#010001. 763 On some variants of the Fujitsu-A64FX cores ver(1.0, 1.1), memory 764 accesses may cause undefined fault (Data abort, DFSC=0b111111). 765 This fault occurs under a specific hardware condition when a 766 load/store instruction performs an address translation using: 767 case-1 TTBR0_EL1 with TCR_EL1.NFD0 == 1. 768 case-2 TTBR0_EL2 with TCR_EL2.NFD0 == 1. 769 case-3 TTBR1_EL1 with TCR_EL1.NFD1 == 1. 770 case-4 TTBR1_EL2 with TCR_EL2.NFD1 == 1. 771 772 The workaround is to ensure these bits are clear in TCR_ELx. 773 The workaround only affects the Fujitsu-A64FX. 774 775 If unsure, say Y. 776 777endmenu 778 779 780choice 781 prompt "Page size" 782 default ARM64_4K_PAGES 783 help 784 Page size (translation granule) configuration. 785 786config ARM64_4K_PAGES 787 bool "4KB" 788 help 789 This feature enables 4KB pages support. 790 791config ARM64_16K_PAGES 792 bool "16KB" 793 help 794 The system will use 16KB pages support. AArch32 emulation 795 requires applications compiled with 16K (or a multiple of 16K) 796 aligned segments. 797 798config ARM64_64K_PAGES 799 bool "64KB" 800 help 801 This feature enables 64KB pages support (4KB by default) 802 allowing only two levels of page tables and faster TLB 803 look-up. AArch32 emulation requires applications compiled 804 with 64K aligned segments. 805 806endchoice 807 808choice 809 prompt "Virtual address space size" 810 default ARM64_VA_BITS_39 if ARM64_4K_PAGES 811 default ARM64_VA_BITS_47 if ARM64_16K_PAGES 812 default ARM64_VA_BITS_42 if ARM64_64K_PAGES 813 help 814 Allows choosing one of multiple possible virtual address 815 space sizes. The level of translation table is determined by 816 a combination of page size and virtual address space size. 817 818config ARM64_VA_BITS_36 819 bool "36-bit" if EXPERT 820 depends on ARM64_16K_PAGES 821 822config ARM64_VA_BITS_39 823 bool "39-bit" 824 depends on ARM64_4K_PAGES 825 826config ARM64_VA_BITS_42 827 bool "42-bit" 828 depends on ARM64_64K_PAGES 829 830config ARM64_VA_BITS_47 831 bool "47-bit" 832 depends on ARM64_16K_PAGES 833 834config ARM64_VA_BITS_48 835 bool "48-bit" 836 837config ARM64_VA_BITS_52 838 bool "52-bit" 839 depends on ARM64_64K_PAGES && (ARM64_PAN || !ARM64_SW_TTBR0_PAN) 840 help 841 Enable 52-bit virtual addressing for userspace when explicitly 842 requested via a hint to mmap(). The kernel will also use 52-bit 843 virtual addresses for its own mappings (provided HW support for 844 this feature is available, otherwise it reverts to 48-bit). 845 846 NOTE: Enabling 52-bit virtual addressing in conjunction with 847 ARMv8.3 Pointer Authentication will result in the PAC being 848 reduced from 7 bits to 3 bits, which may have a significant 849 impact on its susceptibility to brute-force attacks. 850 851 If unsure, select 48-bit virtual addressing instead. 852 853endchoice 854 855config ARM64_FORCE_52BIT 856 bool "Force 52-bit virtual addresses for userspace" 857 depends on ARM64_VA_BITS_52 && EXPERT 858 help 859 For systems with 52-bit userspace VAs enabled, the kernel will attempt 860 to maintain compatibility with older software by providing 48-bit VAs 861 unless a hint is supplied to mmap. 862 863 This configuration option disables the 48-bit compatibility logic, and 864 forces all userspace addresses to be 52-bit on HW that supports it. One 865 should only enable this configuration option for stress testing userspace 866 memory management code. If unsure say N here. 867 868config ARM64_VA_BITS 869 int 870 default 36 if ARM64_VA_BITS_36 871 default 39 if ARM64_VA_BITS_39 872 default 42 if ARM64_VA_BITS_42 873 default 47 if ARM64_VA_BITS_47 874 default 48 if ARM64_VA_BITS_48 875 default 52 if ARM64_VA_BITS_52 876 877choice 878 prompt "Physical address space size" 879 default ARM64_PA_BITS_48 880 help 881 Choose the maximum physical address range that the kernel will 882 support. 883 884config ARM64_PA_BITS_48 885 bool "48-bit" 886 887config ARM64_PA_BITS_52 888 bool "52-bit (ARMv8.2)" 889 depends on ARM64_64K_PAGES 890 depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN 891 help 892 Enable support for a 52-bit physical address space, introduced as 893 part of the ARMv8.2-LPA extension. 894 895 With this enabled, the kernel will also continue to work on CPUs that 896 do not support ARMv8.2-LPA, but with some added memory overhead (and 897 minor performance overhead). 898 899endchoice 900 901config ARM64_PA_BITS 902 int 903 default 48 if ARM64_PA_BITS_48 904 default 52 if ARM64_PA_BITS_52 905 906choice 907 prompt "Endianness" 908 default CPU_LITTLE_ENDIAN 909 help 910 Select the endianness of data accesses performed by the CPU. Userspace 911 applications will need to be compiled and linked for the endianness 912 that is selected here. 913 914config CPU_BIG_ENDIAN 915 bool "Build big-endian kernel" 916 help 917 Say Y if you plan on running a kernel with a big-endian userspace. 918 919config CPU_LITTLE_ENDIAN 920 bool "Build little-endian kernel" 921 help 922 Say Y if you plan on running a kernel with a little-endian userspace. 923 This is usually the case for distributions targeting arm64. 924 925endchoice 926 927config SCHED_MC 928 bool "Multi-core scheduler support" 929 help 930 Multi-core scheduler support improves the CPU scheduler's decision 931 making when dealing with multi-core CPU chips at a cost of slightly 932 increased overhead in some places. If unsure say N here. 933 934config SCHED_SMT 935 bool "SMT scheduler support" 936 help 937 Improves the CPU scheduler's decision making when dealing with 938 MultiThreading at a cost of slightly increased overhead in some 939 places. If unsure say N here. 940 941config NR_CPUS 942 int "Maximum number of CPUs (2-4096)" 943 range 2 4096 944 default "256" 945 946config HOTPLUG_CPU 947 bool "Support for hot-pluggable CPUs" 948 select GENERIC_IRQ_MIGRATION 949 help 950 Say Y here to experiment with turning CPUs off and on. CPUs 951 can be controlled through /sys/devices/system/cpu. 952 953# Common NUMA Features 954config NUMA 955 bool "Numa Memory Allocation and Scheduler Support" 956 select ACPI_NUMA if ACPI 957 select OF_NUMA 958 help 959 Enable NUMA (Non Uniform Memory Access) support. 960 961 The kernel will try to allocate memory used by a CPU on the 962 local memory of the CPU and add some more 963 NUMA awareness to the kernel. 964 965config NODES_SHIFT 966 int "Maximum NUMA Nodes (as a power of 2)" 967 range 1 10 968 default "2" 969 depends on NEED_MULTIPLE_NODES 970 help 971 Specify the maximum number of NUMA Nodes available on the target 972 system. Increases memory reserved to accommodate various tables. 973 974config USE_PERCPU_NUMA_NODE_ID 975 def_bool y 976 depends on NUMA 977 978config HAVE_SETUP_PER_CPU_AREA 979 def_bool y 980 depends on NUMA 981 982config NEED_PER_CPU_EMBED_FIRST_CHUNK 983 def_bool y 984 depends on NUMA 985 986config HOLES_IN_ZONE 987 def_bool y 988 989source "kernel/Kconfig.hz" 990 991config ARCH_SUPPORTS_DEBUG_PAGEALLOC 992 def_bool y 993 994config ARCH_SPARSEMEM_ENABLE 995 def_bool y 996 select SPARSEMEM_VMEMMAP_ENABLE 997 998config ARCH_SPARSEMEM_DEFAULT 999 def_bool ARCH_SPARSEMEM_ENABLE 1000 1001config ARCH_SELECT_MEMORY_MODEL 1002 def_bool ARCH_SPARSEMEM_ENABLE 1003 1004config ARCH_FLATMEM_ENABLE 1005 def_bool !NUMA 1006 1007config HAVE_ARCH_PFN_VALID 1008 def_bool y 1009 1010config HW_PERF_EVENTS 1011 def_bool y 1012 depends on ARM_PMU 1013 1014config SYS_SUPPORTS_HUGETLBFS 1015 def_bool y 1016 1017config ARCH_WANT_HUGE_PMD_SHARE 1018 1019config ARCH_HAS_CACHE_LINE_SIZE 1020 def_bool y 1021 1022config ARCH_ENABLE_SPLIT_PMD_PTLOCK 1023 def_bool y if PGTABLE_LEVELS > 2 1024 1025config SECCOMP 1026 bool "Enable seccomp to safely compute untrusted bytecode" 1027 ---help--- 1028 This kernel feature is useful for number crunching applications 1029 that may need to compute untrusted bytecode during their 1030 execution. By using pipes or other transports made available to 1031 the process as file descriptors supporting the read/write 1032 syscalls, it's possible to isolate those applications in 1033 their own address space using seccomp. Once seccomp is 1034 enabled via prctl(PR_SET_SECCOMP), it cannot be disabled 1035 and the task is only allowed to execute a few safe syscalls 1036 defined by each seccomp mode. 1037 1038config PARAVIRT 1039 bool "Enable paravirtualization code" 1040 help 1041 This changes the kernel so it can modify itself when it is run 1042 under a hypervisor, potentially improving performance significantly 1043 over full virtualization. 1044 1045config PARAVIRT_TIME_ACCOUNTING 1046 bool "Paravirtual steal time accounting" 1047 select PARAVIRT 1048 help 1049 Select this option to enable fine granularity task steal time 1050 accounting. Time spent executing other tasks in parallel with 1051 the current vCPU is discounted from the vCPU power. To account for 1052 that, there can be a small performance impact. 1053 1054 If in doubt, say N here. 1055 1056config KEXEC 1057 depends on PM_SLEEP_SMP 1058 select KEXEC_CORE 1059 bool "kexec system call" 1060 ---help--- 1061 kexec is a system call that implements the ability to shutdown your 1062 current kernel, and to start another kernel. It is like a reboot 1063 but it is independent of the system firmware. And like a reboot 1064 you can start any kernel with it, not just Linux. 1065 1066config KEXEC_FILE 1067 bool "kexec file based system call" 1068 select KEXEC_CORE 1069 help 1070 This is new version of kexec system call. This system call is 1071 file based and takes file descriptors as system call argument 1072 for kernel and initramfs as opposed to list of segments as 1073 accepted by previous system call. 1074 1075config KEXEC_SIG 1076 bool "Verify kernel signature during kexec_file_load() syscall" 1077 depends on KEXEC_FILE 1078 help 1079 Select this option to verify a signature with loaded kernel 1080 image. If configured, any attempt of loading a image without 1081 valid signature will fail. 1082 1083 In addition to that option, you need to enable signature 1084 verification for the corresponding kernel image type being 1085 loaded in order for this to work. 1086 1087config KEXEC_IMAGE_VERIFY_SIG 1088 bool "Enable Image signature verification support" 1089 default y 1090 depends on KEXEC_SIG 1091 depends on EFI && SIGNED_PE_FILE_VERIFICATION 1092 help 1093 Enable Image signature verification support. 1094 1095comment "Support for PE file signature verification disabled" 1096 depends on KEXEC_SIG 1097 depends on !EFI || !SIGNED_PE_FILE_VERIFICATION 1098 1099config CRASH_DUMP 1100 bool "Build kdump crash kernel" 1101 help 1102 Generate crash dump after being started by kexec. This should 1103 be normally only set in special crash dump kernels which are 1104 loaded in the main kernel with kexec-tools into a specially 1105 reserved region and then later executed after a crash by 1106 kdump/kexec. 1107 1108 For more details see Documentation/admin-guide/kdump/kdump.rst 1109 1110config XEN_DOM0 1111 def_bool y 1112 depends on XEN 1113 1114config XEN 1115 bool "Xen guest support on ARM64" 1116 depends on ARM64 && OF 1117 select SWIOTLB_XEN 1118 select PARAVIRT 1119 help 1120 Say Y if you want to run Linux in a Virtual Machine on Xen on ARM64. 1121 1122config FORCE_MAX_ZONEORDER 1123 int 1124 default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE) 1125 default "12" if (ARM64_16K_PAGES && TRANSPARENT_HUGEPAGE) 1126 default "11" 1127 help 1128 The kernel memory allocator divides physically contiguous memory 1129 blocks into "zones", where each zone is a power of two number of 1130 pages. This option selects the largest power of two that the kernel 1131 keeps in the memory allocator. If you need to allocate very large 1132 blocks of physically contiguous memory, then you may need to 1133 increase this value. 1134 1135 This config option is actually maximum order plus one. For example, 1136 a value of 11 means that the largest free memory block is 2^10 pages. 1137 1138 We make sure that we can allocate upto a HugePage size for each configuration. 1139 Hence we have : 1140 MAX_ORDER = (PMD_SHIFT - PAGE_SHIFT) + 1 => PAGE_SHIFT - 2 1141 1142 However for 4K, we choose a higher default value, 11 as opposed to 10, giving us 1143 4M allocations matching the default size used by generic code. 1144 1145config UNMAP_KERNEL_AT_EL0 1146 bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT 1147 default y 1148 help 1149 Speculation attacks against some high-performance processors can 1150 be used to bypass MMU permission checks and leak kernel data to 1151 userspace. This can be defended against by unmapping the kernel 1152 when running in userspace, mapping it back in on exception entry 1153 via a trampoline page in the vector table. 1154 1155 If unsure, say Y. 1156 1157config HARDEN_BRANCH_PREDICTOR 1158 bool "Harden the branch predictor against aliasing attacks" if EXPERT 1159 default y 1160 help 1161 Speculation attacks against some high-performance processors rely on 1162 being able to manipulate the branch predictor for a victim context by 1163 executing aliasing branches in the attacker context. Such attacks 1164 can be partially mitigated against by clearing internal branch 1165 predictor state and limiting the prediction logic in some situations. 1166 1167 This config option will take CPU-specific actions to harden the 1168 branch predictor against aliasing attacks and may rely on specific 1169 instruction sequences or control bits being set by the system 1170 firmware. 1171 1172 If unsure, say Y. 1173 1174config HARDEN_EL2_VECTORS 1175 bool "Harden EL2 vector mapping against system register leak" if EXPERT 1176 default y 1177 help 1178 Speculation attacks against some high-performance processors can 1179 be used to leak privileged information such as the vector base 1180 register, resulting in a potential defeat of the EL2 layout 1181 randomization. 1182 1183 This config option will map the vectors to a fixed location, 1184 independent of the EL2 code mapping, so that revealing VBAR_EL2 1185 to an attacker does not give away any extra information. This 1186 only gets enabled on affected CPUs. 1187 1188 If unsure, say Y. 1189 1190config ARM64_SSBD 1191 bool "Speculative Store Bypass Disable" if EXPERT 1192 default y 1193 help 1194 This enables mitigation of the bypassing of previous stores 1195 by speculative loads. 1196 1197 If unsure, say Y. 1198 1199config RODATA_FULL_DEFAULT_ENABLED 1200 bool "Apply r/o permissions of VM areas also to their linear aliases" 1201 default y 1202 help 1203 Apply read-only attributes of VM areas to the linear alias of 1204 the backing pages as well. This prevents code or read-only data 1205 from being modified (inadvertently or intentionally) via another 1206 mapping of the same memory page. This additional enhancement can 1207 be turned off at runtime by passing rodata=[off|on] (and turned on 1208 with rodata=full if this option is set to 'n') 1209 1210 This requires the linear region to be mapped down to pages, 1211 which may adversely affect performance in some cases. 1212 1213config ARM64_SW_TTBR0_PAN 1214 bool "Emulate Privileged Access Never using TTBR0_EL1 switching" 1215 help 1216 Enabling this option prevents the kernel from accessing 1217 user-space memory directly by pointing TTBR0_EL1 to a reserved 1218 zeroed area and reserved ASID. The user access routines 1219 restore the valid TTBR0_EL1 temporarily. 1220 1221config ARM64_TAGGED_ADDR_ABI 1222 bool "Enable the tagged user addresses syscall ABI" 1223 default y 1224 help 1225 When this option is enabled, user applications can opt in to a 1226 relaxed ABI via prctl() allowing tagged addresses to be passed 1227 to system calls as pointer arguments. For details, see 1228 Documentation/arm64/tagged-address-abi.rst. 1229 1230menuconfig COMPAT 1231 bool "Kernel support for 32-bit EL0" 1232 depends on ARM64_4K_PAGES || EXPERT 1233 select COMPAT_BINFMT_ELF if BINFMT_ELF 1234 select HAVE_UID16 1235 select OLD_SIGSUSPEND3 1236 select COMPAT_OLD_SIGACTION 1237 help 1238 This option enables support for a 32-bit EL0 running under a 64-bit 1239 kernel at EL1. AArch32-specific components such as system calls, 1240 the user helper functions, VFP support and the ptrace interface are 1241 handled appropriately by the kernel. 1242 1243 If you use a page size other than 4KB (i.e, 16KB or 64KB), please be aware 1244 that you will only be able to execute AArch32 binaries that were compiled 1245 with page size aligned segments. 1246 1247 If you want to execute 32-bit userspace applications, say Y. 1248 1249if COMPAT 1250 1251config KUSER_HELPERS 1252 bool "Enable kuser helpers page for 32-bit applications" 1253 default y 1254 help 1255 Warning: disabling this option may break 32-bit user programs. 1256 1257 Provide kuser helpers to compat tasks. The kernel provides 1258 helper code to userspace in read only form at a fixed location 1259 to allow userspace to be independent of the CPU type fitted to 1260 the system. This permits binaries to be run on ARMv4 through 1261 to ARMv8 without modification. 1262 1263 See Documentation/arm/kernel_user_helpers.rst for details. 1264 1265 However, the fixed address nature of these helpers can be used 1266 by ROP (return orientated programming) authors when creating 1267 exploits. 1268 1269 If all of the binaries and libraries which run on your platform 1270 are built specifically for your platform, and make no use of 1271 these helpers, then you can turn this option off to hinder 1272 such exploits. However, in that case, if a binary or library 1273 relying on those helpers is run, it will not function correctly. 1274 1275 Say N here only if you are absolutely certain that you do not 1276 need these helpers; otherwise, the safe option is to say Y. 1277 1278config COMPAT_VDSO 1279 bool "Enable vDSO for 32-bit applications" 1280 depends on !CPU_BIG_ENDIAN && "$(CROSS_COMPILE_COMPAT)" != "" 1281 select GENERIC_COMPAT_VDSO 1282 default y 1283 help 1284 Place in the process address space of 32-bit applications an 1285 ELF shared object providing fast implementations of gettimeofday 1286 and clock_gettime. 1287 1288 You must have a 32-bit build of glibc 2.22 or later for programs 1289 to seamlessly take advantage of this. 1290 1291menuconfig ARMV8_DEPRECATED 1292 bool "Emulate deprecated/obsolete ARMv8 instructions" 1293 depends on SYSCTL 1294 help 1295 Legacy software support may require certain instructions 1296 that have been deprecated or obsoleted in the architecture. 1297 1298 Enable this config to enable selective emulation of these 1299 features. 1300 1301 If unsure, say Y 1302 1303if ARMV8_DEPRECATED 1304 1305config SWP_EMULATION 1306 bool "Emulate SWP/SWPB instructions" 1307 help 1308 ARMv8 obsoletes the use of A32 SWP/SWPB instructions such that 1309 they are always undefined. Say Y here to enable software 1310 emulation of these instructions for userspace using LDXR/STXR. 1311 1312 In some older versions of glibc [<=2.8] SWP is used during futex 1313 trylock() operations with the assumption that the code will not 1314 be preempted. This invalid assumption may be more likely to fail 1315 with SWP emulation enabled, leading to deadlock of the user 1316 application. 1317 1318 NOTE: when accessing uncached shared regions, LDXR/STXR rely 1319 on an external transaction monitoring block called a global 1320 monitor to maintain update atomicity. If your system does not 1321 implement a global monitor, this option can cause programs that 1322 perform SWP operations to uncached memory to deadlock. 1323 1324 If unsure, say Y 1325 1326config CP15_BARRIER_EMULATION 1327 bool "Emulate CP15 Barrier instructions" 1328 help 1329 The CP15 barrier instructions - CP15ISB, CP15DSB, and 1330 CP15DMB - are deprecated in ARMv8 (and ARMv7). It is 1331 strongly recommended to use the ISB, DSB, and DMB 1332 instructions instead. 1333 1334 Say Y here to enable software emulation of these 1335 instructions for AArch32 userspace code. When this option is 1336 enabled, CP15 barrier usage is traced which can help 1337 identify software that needs updating. 1338 1339 If unsure, say Y 1340 1341config SETEND_EMULATION 1342 bool "Emulate SETEND instruction" 1343 help 1344 The SETEND instruction alters the data-endianness of the 1345 AArch32 EL0, and is deprecated in ARMv8. 1346 1347 Say Y here to enable software emulation of the instruction 1348 for AArch32 userspace code. 1349 1350 Note: All the cpus on the system must have mixed endian support at EL0 1351 for this feature to be enabled. If a new CPU - which doesn't support mixed 1352 endian - is hotplugged in after this feature has been enabled, there could 1353 be unexpected results in the applications. 1354 1355 If unsure, say Y 1356endif 1357 1358endif 1359 1360menu "ARMv8.1 architectural features" 1361 1362config ARM64_HW_AFDBM 1363 bool "Support for hardware updates of the Access and Dirty page flags" 1364 default y 1365 help 1366 The ARMv8.1 architecture extensions introduce support for 1367 hardware updates of the access and dirty information in page 1368 table entries. When enabled in TCR_EL1 (HA and HD bits) on 1369 capable processors, accesses to pages with PTE_AF cleared will 1370 set this bit instead of raising an access flag fault. 1371 Similarly, writes to read-only pages with the DBM bit set will 1372 clear the read-only bit (AP[2]) instead of raising a 1373 permission fault. 1374 1375 Kernels built with this configuration option enabled continue 1376 to work on pre-ARMv8.1 hardware and the performance impact is 1377 minimal. If unsure, say Y. 1378 1379config ARM64_PAN 1380 bool "Enable support for Privileged Access Never (PAN)" 1381 default y 1382 help 1383 Privileged Access Never (PAN; part of the ARMv8.1 Extensions) 1384 prevents the kernel or hypervisor from accessing user-space (EL0) 1385 memory directly. 1386 1387 Choosing this option will cause any unprotected (not using 1388 copy_to_user et al) memory access to fail with a permission fault. 1389 1390 The feature is detected at runtime, and will remain as a 'nop' 1391 instruction if the cpu does not implement the feature. 1392 1393config ARM64_LSE_ATOMICS 1394 bool 1395 default ARM64_USE_LSE_ATOMICS 1396 depends on $(as-instr,.arch_extension lse) 1397 1398config ARM64_USE_LSE_ATOMICS 1399 bool "Atomic instructions" 1400 depends on JUMP_LABEL 1401 default y 1402 help 1403 As part of the Large System Extensions, ARMv8.1 introduces new 1404 atomic instructions that are designed specifically to scale in 1405 very large systems. 1406 1407 Say Y here to make use of these instructions for the in-kernel 1408 atomic routines. This incurs a small overhead on CPUs that do 1409 not support these instructions and requires the kernel to be 1410 built with binutils >= 2.25 in order for the new instructions 1411 to be used. 1412 1413config ARM64_VHE 1414 bool "Enable support for Virtualization Host Extensions (VHE)" 1415 default y 1416 help 1417 Virtualization Host Extensions (VHE) allow the kernel to run 1418 directly at EL2 (instead of EL1) on processors that support 1419 it. This leads to better performance for KVM, as they reduce 1420 the cost of the world switch. 1421 1422 Selecting this option allows the VHE feature to be detected 1423 at runtime, and does not affect processors that do not 1424 implement this feature. 1425 1426endmenu 1427 1428menu "ARMv8.2 architectural features" 1429 1430config ARM64_UAO 1431 bool "Enable support for User Access Override (UAO)" 1432 default y 1433 help 1434 User Access Override (UAO; part of the ARMv8.2 Extensions) 1435 causes the 'unprivileged' variant of the load/store instructions to 1436 be overridden to be privileged. 1437 1438 This option changes get_user() and friends to use the 'unprivileged' 1439 variant of the load/store instructions. This ensures that user-space 1440 really did have access to the supplied memory. When addr_limit is 1441 set to kernel memory the UAO bit will be set, allowing privileged 1442 access to kernel memory. 1443 1444 Choosing this option will cause copy_to_user() et al to use user-space 1445 memory permissions. 1446 1447 The feature is detected at runtime, the kernel will use the 1448 regular load/store instructions if the cpu does not implement the 1449 feature. 1450 1451config ARM64_PMEM 1452 bool "Enable support for persistent memory" 1453 select ARCH_HAS_PMEM_API 1454 select ARCH_HAS_UACCESS_FLUSHCACHE 1455 help 1456 Say Y to enable support for the persistent memory API based on the 1457 ARMv8.2 DCPoP feature. 1458 1459 The feature is detected at runtime, and the kernel will use DC CVAC 1460 operations if DC CVAP is not supported (following the behaviour of 1461 DC CVAP itself if the system does not define a point of persistence). 1462 1463config ARM64_RAS_EXTN 1464 bool "Enable support for RAS CPU Extensions" 1465 default y 1466 help 1467 CPUs that support the Reliability, Availability and Serviceability 1468 (RAS) Extensions, part of ARMv8.2 are able to track faults and 1469 errors, classify them and report them to software. 1470 1471 On CPUs with these extensions system software can use additional 1472 barriers to determine if faults are pending and read the 1473 classification from a new set of registers. 1474 1475 Selecting this feature will allow the kernel to use these barriers 1476 and access the new registers if the system supports the extension. 1477 Platform RAS features may additionally depend on firmware support. 1478 1479config ARM64_CNP 1480 bool "Enable support for Common Not Private (CNP) translations" 1481 default y 1482 depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN 1483 help 1484 Common Not Private (CNP) allows translation table entries to 1485 be shared between different PEs in the same inner shareable 1486 domain, so the hardware can use this fact to optimise the 1487 caching of such entries in the TLB. 1488 1489 Selecting this option allows the CNP feature to be detected 1490 at runtime, and does not affect PEs that do not implement 1491 this feature. 1492 1493endmenu 1494 1495menu "ARMv8.3 architectural features" 1496 1497config ARM64_PTR_AUTH 1498 bool "Enable support for pointer authentication" 1499 default y 1500 depends on !KVM || ARM64_VHE 1501 help 1502 Pointer authentication (part of the ARMv8.3 Extensions) provides 1503 instructions for signing and authenticating pointers against secret 1504 keys, which can be used to mitigate Return Oriented Programming (ROP) 1505 and other attacks. 1506 1507 This option enables these instructions at EL0 (i.e. for userspace). 1508 1509 Choosing this option will cause the kernel to initialise secret keys 1510 for each process at exec() time, with these keys being 1511 context-switched along with the process. 1512 1513 The feature is detected at runtime. If the feature is not present in 1514 hardware it will not be advertised to userspace/KVM guest nor will it 1515 be enabled. However, KVM guest also require VHE mode and hence 1516 CONFIG_ARM64_VHE=y option to use this feature. 1517 1518endmenu 1519 1520menu "ARMv8.5 architectural features" 1521 1522config ARM64_E0PD 1523 bool "Enable support for E0PD" 1524 default y 1525 help 1526 E0PD (part of the ARMv8.5 extensions) allows us to ensure 1527 that EL0 accesses made via TTBR1 always fault in constant time, 1528 providing similar benefits to KASLR as those provided by KPTI, but 1529 with lower overhead and without disrupting legitimate access to 1530 kernel memory such as SPE. 1531 1532 This option enables E0PD for TTBR1 where available. 1533 1534config ARCH_RANDOM 1535 bool "Enable support for random number generation" 1536 default y 1537 help 1538 Random number generation (part of the ARMv8.5 Extensions) 1539 provides a high bandwidth, cryptographically secure 1540 hardware random number generator. 1541 1542endmenu 1543 1544config ARM64_SVE 1545 bool "ARM Scalable Vector Extension support" 1546 default y 1547 depends on !KVM || ARM64_VHE 1548 help 1549 The Scalable Vector Extension (SVE) is an extension to the AArch64 1550 execution state which complements and extends the SIMD functionality 1551 of the base architecture to support much larger vectors and to enable 1552 additional vectorisation opportunities. 1553 1554 To enable use of this extension on CPUs that implement it, say Y. 1555 1556 On CPUs that support the SVE2 extensions, this option will enable 1557 those too. 1558 1559 Note that for architectural reasons, firmware _must_ implement SVE 1560 support when running on SVE capable hardware. The required support 1561 is present in: 1562 1563 * version 1.5 and later of the ARM Trusted Firmware 1564 * the AArch64 boot wrapper since commit 5e1261e08abf 1565 ("bootwrapper: SVE: Enable SVE for EL2 and below"). 1566 1567 For other firmware implementations, consult the firmware documentation 1568 or vendor. 1569 1570 If you need the kernel to boot on SVE-capable hardware with broken 1571 firmware, you may need to say N here until you get your firmware 1572 fixed. Otherwise, you may experience firmware panics or lockups when 1573 booting the kernel. If unsure and you are not observing these 1574 symptoms, you should assume that it is safe to say Y. 1575 1576 CPUs that support SVE are architecturally required to support the 1577 Virtualization Host Extensions (VHE), so the kernel makes no 1578 provision for supporting SVE alongside KVM without VHE enabled. 1579 Thus, you will need to enable CONFIG_ARM64_VHE if you want to support 1580 KVM in the same kernel image. 1581 1582config ARM64_MODULE_PLTS 1583 bool "Use PLTs to allow module memory to spill over into vmalloc area" 1584 depends on MODULES 1585 select HAVE_MOD_ARCH_SPECIFIC 1586 help 1587 Allocate PLTs when loading modules so that jumps and calls whose 1588 targets are too far away for their relative offsets to be encoded 1589 in the instructions themselves can be bounced via veneers in the 1590 module's PLT. This allows modules to be allocated in the generic 1591 vmalloc area after the dedicated module memory area has been 1592 exhausted. 1593 1594 When running with address space randomization (KASLR), the module 1595 region itself may be too far away for ordinary relative jumps and 1596 calls, and so in that case, module PLTs are required and cannot be 1597 disabled. 1598 1599 Specific errata workaround(s) might also force module PLTs to be 1600 enabled (ARM64_ERRATUM_843419). 1601 1602config ARM64_PSEUDO_NMI 1603 bool "Support for NMI-like interrupts" 1604 select ARM_GIC_V3 1605 help 1606 Adds support for mimicking Non-Maskable Interrupts through the use of 1607 GIC interrupt priority. This support requires version 3 or later of 1608 ARM GIC. 1609 1610 This high priority configuration for interrupts needs to be 1611 explicitly enabled by setting the kernel parameter 1612 "irqchip.gicv3_pseudo_nmi" to 1. 1613 1614 If unsure, say N 1615 1616if ARM64_PSEUDO_NMI 1617config ARM64_DEBUG_PRIORITY_MASKING 1618 bool "Debug interrupt priority masking" 1619 help 1620 This adds runtime checks to functions enabling/disabling 1621 interrupts when using priority masking. The additional checks verify 1622 the validity of ICC_PMR_EL1 when calling concerned functions. 1623 1624 If unsure, say N 1625endif 1626 1627config RELOCATABLE 1628 bool 1629 select ARCH_HAS_RELR 1630 help 1631 This builds the kernel as a Position Independent Executable (PIE), 1632 which retains all relocation metadata required to relocate the 1633 kernel binary at runtime to a different virtual address than the 1634 address it was linked at. 1635 Since AArch64 uses the RELA relocation format, this requires a 1636 relocation pass at runtime even if the kernel is loaded at the 1637 same address it was linked at. 1638 1639config RANDOMIZE_BASE 1640 bool "Randomize the address of the kernel image" 1641 select ARM64_MODULE_PLTS if MODULES 1642 select RELOCATABLE 1643 help 1644 Randomizes the virtual address at which the kernel image is 1645 loaded, as a security feature that deters exploit attempts 1646 relying on knowledge of the location of kernel internals. 1647 1648 It is the bootloader's job to provide entropy, by passing a 1649 random u64 value in /chosen/kaslr-seed at kernel entry. 1650 1651 When booting via the UEFI stub, it will invoke the firmware's 1652 EFI_RNG_PROTOCOL implementation (if available) to supply entropy 1653 to the kernel proper. In addition, it will randomise the physical 1654 location of the kernel Image as well. 1655 1656 If unsure, say N. 1657 1658config RANDOMIZE_MODULE_REGION_FULL 1659 bool "Randomize the module region over a 4 GB range" 1660 depends on RANDOMIZE_BASE 1661 default y 1662 help 1663 Randomizes the location of the module region inside a 4 GB window 1664 covering the core kernel. This way, it is less likely for modules 1665 to leak information about the location of core kernel data structures 1666 but it does imply that function calls between modules and the core 1667 kernel will need to be resolved via veneers in the module PLT. 1668 1669 When this option is not set, the module region will be randomized over 1670 a limited range that contains the [_stext, _etext] interval of the 1671 core kernel, so branch relocations are always in range. 1672 1673config CC_HAVE_STACKPROTECTOR_SYSREG 1674 def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) 1675 1676config STACKPROTECTOR_PER_TASK 1677 def_bool y 1678 depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG 1679 1680endmenu 1681 1682menu "Boot options" 1683 1684config ARM64_ACPI_PARKING_PROTOCOL 1685 bool "Enable support for the ARM64 ACPI parking protocol" 1686 depends on ACPI 1687 help 1688 Enable support for the ARM64 ACPI parking protocol. If disabled 1689 the kernel will not allow booting through the ARM64 ACPI parking 1690 protocol even if the corresponding data is present in the ACPI 1691 MADT table. 1692 1693config CMDLINE 1694 string "Default kernel command string" 1695 default "" 1696 help 1697 Provide a set of default command-line options at build time by 1698 entering them here. As a minimum, you should specify the the 1699 root device (e.g. root=/dev/nfs). 1700 1701config CMDLINE_FORCE 1702 bool "Always use the default kernel command string" 1703 depends on CMDLINE != "" 1704 help 1705 Always use the default kernel command string, even if the boot 1706 loader passes other arguments to the kernel. 1707 This is useful if you cannot or don't want to change the 1708 command-line options your boot loader passes to the kernel. 1709 1710config EFI_STUB 1711 bool 1712 1713config EFI 1714 bool "UEFI runtime support" 1715 depends on OF && !CPU_BIG_ENDIAN 1716 depends on KERNEL_MODE_NEON 1717 select ARCH_SUPPORTS_ACPI 1718 select LIBFDT 1719 select UCS2_STRING 1720 select EFI_PARAMS_FROM_FDT 1721 select EFI_RUNTIME_WRAPPERS 1722 select EFI_STUB 1723 select EFI_ARMSTUB 1724 default y 1725 help 1726 This option provides support for runtime services provided 1727 by UEFI firmware (such as non-volatile variables, realtime 1728 clock, and platform reset). A UEFI stub is also provided to 1729 allow the kernel to be booted as an EFI application. This 1730 is only useful on systems that have UEFI firmware. 1731 1732config DMI 1733 bool "Enable support for SMBIOS (DMI) tables" 1734 depends on EFI 1735 default y 1736 help 1737 This enables SMBIOS/DMI feature for systems. 1738 1739 This option is only useful on systems that have UEFI firmware. 1740 However, even with this option, the resultant kernel should 1741 continue to boot on existing non-UEFI platforms. 1742 1743endmenu 1744 1745config SYSVIPC_COMPAT 1746 def_bool y 1747 depends on COMPAT && SYSVIPC 1748 1749config ARCH_ENABLE_HUGEPAGE_MIGRATION 1750 def_bool y 1751 depends on HUGETLB_PAGE && MIGRATION 1752 1753menu "Power management options" 1754 1755source "kernel/power/Kconfig" 1756 1757config ARCH_HIBERNATION_POSSIBLE 1758 def_bool y 1759 depends on CPU_PM 1760 1761config ARCH_HIBERNATION_HEADER 1762 def_bool y 1763 depends on HIBERNATION 1764 1765config ARCH_SUSPEND_POSSIBLE 1766 def_bool y 1767 1768endmenu 1769 1770menu "CPU Power Management" 1771 1772source "drivers/cpuidle/Kconfig" 1773 1774source "drivers/cpufreq/Kconfig" 1775 1776endmenu 1777 1778source "drivers/firmware/Kconfig" 1779 1780source "drivers/acpi/Kconfig" 1781 1782source "arch/arm64/kvm/Kconfig" 1783 1784if CRYPTO 1785source "arch/arm64/crypto/Kconfig" 1786endif 1787