xref: /openbmc/linux/arch/x86/Kconfig (revision b8a94bfb)
1# SPDX-License-Identifier: GPL-2.0
2# Select 32 or 64 bit
3config 64BIT
4	bool "64-bit kernel" if "$(ARCH)" = "x86"
5	default "$(ARCH)" != "i386"
6	help
7	  Say yes to build a 64-bit kernel - formerly known as x86_64
8	  Say no to build a 32-bit kernel - formerly known as i386
9
10config X86_32
11	def_bool y
12	depends on !64BIT
13	# Options that are inherently 32-bit kernel only:
14	select ARCH_WANT_IPC_PARSE_VERSION
15	select CLKSRC_I8253
16	select CLONE_BACKWARDS
17	select GENERIC_VDSO_32
18	select HAVE_DEBUG_STACKOVERFLOW
19	select KMAP_LOCAL
20	select MODULES_USE_ELF_REL
21	select OLD_SIGACTION
22	select ARCH_SPLIT_ARG64
23
24config X86_64
25	def_bool y
26	depends on 64BIT
27	# Options that are inherently 64-bit kernel only:
28	select ARCH_HAS_GIGANTIC_PAGE
29	select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
30	select ARCH_USE_CMPXCHG_LOCKREF
31	select HAVE_ARCH_SOFT_DIRTY
32	select MODULES_USE_ELF_RELA
33	select NEED_DMA_MAP_STATE
34	select SWIOTLB
35	select ARCH_HAS_ELFCORE_COMPAT
36	select ZONE_DMA32
37
38config FORCE_DYNAMIC_FTRACE
39	def_bool y
40	depends on X86_32
41	depends on FUNCTION_TRACER
42	select DYNAMIC_FTRACE
43	help
44	  We keep the static function tracing (!DYNAMIC_FTRACE) around
45	  in order to test the non static function tracing in the
46	  generic code, as other architectures still use it. But we
47	  only need to keep it around for x86_64. No need to keep it
48	  for x86_32. For x86_32, force DYNAMIC_FTRACE.
49#
50# Arch settings
51#
52# ( Note that options that are marked 'if X86_64' could in principle be
53#   ported to 32-bit as well. )
54#
55config X86
56	def_bool y
57	#
58	# Note: keep this list sorted alphabetically
59	#
60	select ACPI_LEGACY_TABLES_LOOKUP	if ACPI
61	select ACPI_SYSTEM_POWER_STATES_SUPPORT	if ACPI
62	select ARCH_32BIT_OFF_T			if X86_32
63	select ARCH_CLOCKSOURCE_INIT
64	select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
65	select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION
66	select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64
67	select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG
68	select ARCH_ENABLE_SPLIT_PMD_PTLOCK if (PGTABLE_LEVELS > 2) && (X86_64 || X86_PAE)
69	select ARCH_ENABLE_THP_MIGRATION if X86_64 && TRANSPARENT_HUGEPAGE
70	select ARCH_HAS_ACPI_TABLE_UPGRADE	if ACPI
71	select ARCH_HAS_CACHE_LINE_SIZE
72	select ARCH_HAS_CURRENT_STACK_POINTER
73	select ARCH_HAS_DEBUG_VIRTUAL
74	select ARCH_HAS_DEBUG_VM_PGTABLE	if !X86_PAE
75	select ARCH_HAS_DEVMEM_IS_ALLOWED
76	select ARCH_HAS_EARLY_DEBUG		if KGDB
77	select ARCH_HAS_ELF_RANDOMIZE
78	select ARCH_HAS_FAST_MULTIPLIER
79	select ARCH_HAS_FORTIFY_SOURCE
80	select ARCH_HAS_GCOV_PROFILE_ALL
81	select ARCH_HAS_KCOV			if X86_64
82	select ARCH_HAS_MEM_ENCRYPT
83	select ARCH_HAS_MEMBARRIER_SYNC_CORE
84	select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
85	select ARCH_HAS_PMEM_API		if X86_64
86	select ARCH_HAS_PTE_DEVMAP		if X86_64
87	select ARCH_HAS_PTE_SPECIAL
88	select ARCH_HAS_UACCESS_FLUSHCACHE	if X86_64
89	select ARCH_HAS_COPY_MC			if X86_64
90	select ARCH_HAS_SET_MEMORY
91	select ARCH_HAS_SET_DIRECT_MAP
92	select ARCH_HAS_STRICT_KERNEL_RWX
93	select ARCH_HAS_STRICT_MODULE_RWX
94	select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
95	select ARCH_HAS_SYSCALL_WRAPPER
96	select ARCH_HAS_UBSAN_SANITIZE_ALL
97	select ARCH_HAS_DEBUG_WX
98	select ARCH_HAS_ZONE_DMA_SET if EXPERT
99	select ARCH_HAVE_NMI_SAFE_CMPXCHG
100	select ARCH_MIGHT_HAVE_ACPI_PDC		if ACPI
101	select ARCH_MIGHT_HAVE_PC_PARPORT
102	select ARCH_MIGHT_HAVE_PC_SERIO
103	select ARCH_STACKWALK
104	select ARCH_SUPPORTS_ACPI
105	select ARCH_SUPPORTS_ATOMIC_RMW
106	select ARCH_SUPPORTS_DEBUG_PAGEALLOC
107	select ARCH_SUPPORTS_PAGE_TABLE_CHECK	if X86_64
108	select ARCH_SUPPORTS_NUMA_BALANCING	if X86_64
109	select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP	if NR_CPUS <= 4096
110	select ARCH_SUPPORTS_LTO_CLANG
111	select ARCH_SUPPORTS_LTO_CLANG_THIN
112	select ARCH_USE_BUILTIN_BSWAP
113	select ARCH_USE_MEMTEST
114	select ARCH_USE_QUEUED_RWLOCKS
115	select ARCH_USE_QUEUED_SPINLOCKS
116	select ARCH_USE_SYM_ANNOTATIONS
117	select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
118	select ARCH_WANT_DEFAULT_BPF_JIT	if X86_64
119	select ARCH_WANTS_DYNAMIC_TASK_STRUCT
120	select ARCH_WANTS_NO_INSTR
121	select ARCH_WANT_GENERAL_HUGETLB
122	select ARCH_WANT_HUGE_PMD_SHARE
123	select ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP	if X86_64
124	select ARCH_WANT_LD_ORPHAN_WARN
125	select ARCH_WANTS_THP_SWAP		if X86_64
126	select ARCH_HAS_PARANOID_L1D_FLUSH
127	select BUILDTIME_TABLE_SORT
128	select CLKEVT_I8253
129	select CLOCKSOURCE_VALIDATE_LAST_CYCLE
130	select CLOCKSOURCE_WATCHDOG
131	select DCACHE_WORD_ACCESS
132	select DYNAMIC_SIGFRAME
133	select EDAC_ATOMIC_SCRUB
134	select EDAC_SUPPORT
135	select GENERIC_CLOCKEVENTS_BROADCAST	if X86_64 || (X86_32 && X86_LOCAL_APIC)
136	select GENERIC_CLOCKEVENTS_MIN_ADJUST
137	select GENERIC_CMOS_UPDATE
138	select GENERIC_CPU_AUTOPROBE
139	select GENERIC_CPU_VULNERABILITIES
140	select GENERIC_EARLY_IOREMAP
141	select GENERIC_ENTRY
142	select GENERIC_IOMAP
143	select GENERIC_IRQ_EFFECTIVE_AFF_MASK	if SMP
144	select GENERIC_IRQ_MATRIX_ALLOCATOR	if X86_LOCAL_APIC
145	select GENERIC_IRQ_MIGRATION		if SMP
146	select GENERIC_IRQ_PROBE
147	select GENERIC_IRQ_RESERVATION_MODE
148	select GENERIC_IRQ_SHOW
149	select GENERIC_PENDING_IRQ		if SMP
150	select GENERIC_PTDUMP
151	select GENERIC_SMP_IDLE_THREAD
152	select GENERIC_TIME_VSYSCALL
153	select GENERIC_GETTIMEOFDAY
154	select GENERIC_VDSO_TIME_NS
155	select GUP_GET_PTE_LOW_HIGH		if X86_PAE
156	select HARDIRQS_SW_RESEND
157	select HARDLOCKUP_CHECK_TIMESTAMP	if X86_64
158	select HAVE_ACPI_APEI			if ACPI
159	select HAVE_ACPI_APEI_NMI		if ACPI
160	select HAVE_ALIGNED_STRUCT_PAGE		if SLUB
161	select HAVE_ARCH_AUDITSYSCALL
162	select HAVE_ARCH_HUGE_VMAP		if X86_64 || X86_PAE
163	select HAVE_ARCH_HUGE_VMALLOC		if X86_64
164	select HAVE_ARCH_JUMP_LABEL
165	select HAVE_ARCH_JUMP_LABEL_RELATIVE
166	select HAVE_ARCH_KASAN			if X86_64
167	select HAVE_ARCH_KASAN_VMALLOC		if X86_64
168	select HAVE_ARCH_KFENCE
169	select HAVE_ARCH_KGDB
170	select HAVE_ARCH_MMAP_RND_BITS		if MMU
171	select HAVE_ARCH_MMAP_RND_COMPAT_BITS	if MMU && COMPAT
172	select HAVE_ARCH_COMPAT_MMAP_BASES	if MMU && COMPAT
173	select HAVE_ARCH_PREL32_RELOCATIONS
174	select HAVE_ARCH_SECCOMP_FILTER
175	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
176	select HAVE_ARCH_STACKLEAK
177	select HAVE_ARCH_TRACEHOOK
178	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
179	select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
180	select HAVE_ARCH_USERFAULTFD_WP         if X86_64 && USERFAULTFD
181	select HAVE_ARCH_USERFAULTFD_MINOR	if X86_64 && USERFAULTFD
182	select HAVE_ARCH_VMAP_STACK		if X86_64
183	select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
184	select HAVE_ARCH_WITHIN_STACK_FRAMES
185	select HAVE_ASM_MODVERSIONS
186	select HAVE_CMPXCHG_DOUBLE
187	select HAVE_CMPXCHG_LOCAL
188	select HAVE_CONTEXT_TRACKING_USER		if X86_64
189	select HAVE_CONTEXT_TRACKING_USER_OFFSTACK	if HAVE_CONTEXT_TRACKING_USER
190	select HAVE_C_RECORDMCOUNT
191	select HAVE_OBJTOOL_MCOUNT		if HAVE_OBJTOOL
192	select HAVE_BUILDTIME_MCOUNT_SORT
193	select HAVE_DEBUG_KMEMLEAK
194	select HAVE_DMA_CONTIGUOUS
195	select HAVE_DYNAMIC_FTRACE
196	select HAVE_DYNAMIC_FTRACE_WITH_REGS
197	select HAVE_DYNAMIC_FTRACE_WITH_ARGS	if X86_64
198	select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
199	select HAVE_SAMPLE_FTRACE_DIRECT	if X86_64
200	select HAVE_SAMPLE_FTRACE_DIRECT_MULTI	if X86_64
201	select HAVE_EBPF_JIT
202	select HAVE_EFFICIENT_UNALIGNED_ACCESS
203	select HAVE_EISA
204	select HAVE_EXIT_THREAD
205	select HAVE_FAST_GUP
206	select HAVE_FENTRY			if X86_64 || DYNAMIC_FTRACE
207	select HAVE_FTRACE_MCOUNT_RECORD
208	select HAVE_FUNCTION_GRAPH_TRACER	if X86_32 || (X86_64 && DYNAMIC_FTRACE)
209	select HAVE_FUNCTION_TRACER
210	select HAVE_GCC_PLUGINS
211	select HAVE_HW_BREAKPOINT
212	select HAVE_IOREMAP_PROT
213	select HAVE_IRQ_EXIT_ON_IRQ_STACK	if X86_64
214	select HAVE_IRQ_TIME_ACCOUNTING
215	select HAVE_JUMP_LABEL_HACK		if HAVE_OBJTOOL
216	select HAVE_KERNEL_BZIP2
217	select HAVE_KERNEL_GZIP
218	select HAVE_KERNEL_LZ4
219	select HAVE_KERNEL_LZMA
220	select HAVE_KERNEL_LZO
221	select HAVE_KERNEL_XZ
222	select HAVE_KERNEL_ZSTD
223	select HAVE_KPROBES
224	select HAVE_KPROBES_ON_FTRACE
225	select HAVE_FUNCTION_ERROR_INJECTION
226	select HAVE_KRETPROBES
227	select HAVE_RETHOOK
228	select HAVE_KVM
229	select HAVE_LIVEPATCH			if X86_64
230	select HAVE_MIXED_BREAKPOINTS_REGS
231	select HAVE_MOD_ARCH_SPECIFIC
232	select HAVE_MOVE_PMD
233	select HAVE_MOVE_PUD
234	select HAVE_NOINSTR_HACK		if HAVE_OBJTOOL
235	select HAVE_NMI
236	select HAVE_NOINSTR_VALIDATION		if HAVE_OBJTOOL
237	select HAVE_OBJTOOL			if X86_64
238	select HAVE_OPTPROBES
239	select HAVE_PCSPKR_PLATFORM
240	select HAVE_PERF_EVENTS
241	select HAVE_PERF_EVENTS_NMI
242	select HAVE_HARDLOCKUP_DETECTOR_PERF	if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
243	select HAVE_PCI
244	select HAVE_PERF_REGS
245	select HAVE_PERF_USER_STACK_DUMP
246	select MMU_GATHER_RCU_TABLE_FREE	if PARAVIRT
247	select MMU_GATHER_MERGE_VMAS
248	select HAVE_POSIX_CPU_TIMERS_TASK_WORK
249	select HAVE_REGS_AND_STACK_ACCESS_API
250	select HAVE_RELIABLE_STACKTRACE		if UNWINDER_ORC || STACK_VALIDATION
251	select HAVE_FUNCTION_ARG_ACCESS_API
252	select HAVE_SETUP_PER_CPU_AREA
253	select HAVE_SOFTIRQ_ON_OWN_STACK
254	select HAVE_STACKPROTECTOR		if CC_HAS_SANE_STACKPROTECTOR
255	select HAVE_STACK_VALIDATION		if HAVE_OBJTOOL
256	select HAVE_STATIC_CALL
257	select HAVE_STATIC_CALL_INLINE		if HAVE_OBJTOOL
258	select HAVE_PREEMPT_DYNAMIC_CALL
259	select HAVE_RSEQ
260	select HAVE_SYSCALL_TRACEPOINTS
261	select HAVE_UACCESS_VALIDATION		if HAVE_OBJTOOL
262	select HAVE_UNSTABLE_SCHED_CLOCK
263	select HAVE_USER_RETURN_NOTIFIER
264	select HAVE_GENERIC_VDSO
265	select HOTPLUG_SMT			if SMP
266	select IRQ_FORCED_THREADING
267	select NEED_PER_CPU_EMBED_FIRST_CHUNK
268	select NEED_PER_CPU_PAGE_FIRST_CHUNK
269	select NEED_SG_DMA_LENGTH
270	select PCI_DOMAINS			if PCI
271	select PCI_LOCKLESS_CONFIG		if PCI
272	select PERF_EVENTS
273	select RTC_LIB
274	select RTC_MC146818_LIB
275	select SPARSE_IRQ
276	select SRCU
277	select SYSCTL_EXCEPTION_TRACE
278	select THREAD_INFO_IN_TASK
279	select TRACE_IRQFLAGS_SUPPORT
280	select TRACE_IRQFLAGS_NMI_SUPPORT
281	select USER_STACKTRACE_SUPPORT
282	select HAVE_ARCH_KCSAN			if X86_64
283	select X86_FEATURE_NAMES		if PROC_FS
284	select PROC_PID_ARCH_STATUS		if PROC_FS
285	select HAVE_ARCH_NODE_DEV_GROUP		if X86_SGX
286	imply IMA_SECURE_AND_OR_TRUSTED_BOOT    if EFI
287
288config INSTRUCTION_DECODER
289	def_bool y
290	depends on KPROBES || PERF_EVENTS || UPROBES
291
292config OUTPUT_FORMAT
293	string
294	default "elf32-i386" if X86_32
295	default "elf64-x86-64" if X86_64
296
297config LOCKDEP_SUPPORT
298	def_bool y
299
300config STACKTRACE_SUPPORT
301	def_bool y
302
303config MMU
304	def_bool y
305
306config ARCH_MMAP_RND_BITS_MIN
307	default 28 if 64BIT
308	default 8
309
310config ARCH_MMAP_RND_BITS_MAX
311	default 32 if 64BIT
312	default 16
313
314config ARCH_MMAP_RND_COMPAT_BITS_MIN
315	default 8
316
317config ARCH_MMAP_RND_COMPAT_BITS_MAX
318	default 16
319
320config SBUS
321	bool
322
323config GENERIC_ISA_DMA
324	def_bool y
325	depends on ISA_DMA_API
326
327config GENERIC_BUG
328	def_bool y
329	depends on BUG
330	select GENERIC_BUG_RELATIVE_POINTERS if X86_64
331
332config GENERIC_BUG_RELATIVE_POINTERS
333	bool
334
335config ARCH_MAY_HAVE_PC_FDC
336	def_bool y
337	depends on ISA_DMA_API
338
339config GENERIC_CALIBRATE_DELAY
340	def_bool y
341
342config ARCH_HAS_CPU_RELAX
343	def_bool y
344
345config ARCH_HIBERNATION_POSSIBLE
346	def_bool y
347
348config ARCH_NR_GPIO
349	int
350	default 1024 if X86_64
351	default 512
352
353config ARCH_SUSPEND_POSSIBLE
354	def_bool y
355
356config AUDIT_ARCH
357	def_bool y if X86_64
358
359config KASAN_SHADOW_OFFSET
360	hex
361	depends on KASAN
362	default 0xdffffc0000000000
363
364config HAVE_INTEL_TXT
365	def_bool y
366	depends on INTEL_IOMMU && ACPI
367
368config X86_32_SMP
369	def_bool y
370	depends on X86_32 && SMP
371
372config X86_64_SMP
373	def_bool y
374	depends on X86_64 && SMP
375
376config ARCH_SUPPORTS_UPROBES
377	def_bool y
378
379config FIX_EARLYCON_MEM
380	def_bool y
381
382config DYNAMIC_PHYSICAL_MASK
383	bool
384
385config PGTABLE_LEVELS
386	int
387	default 5 if X86_5LEVEL
388	default 4 if X86_64
389	default 3 if X86_PAE
390	default 2
391
392config CC_HAS_SANE_STACKPROTECTOR
393	bool
394	default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT
395	default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS))
396	help
397	  We have to make sure stack protector is unconditionally disabled if
398	  the compiler produces broken code or if it does not let us control
399	  the segment on 32-bit kernels.
400
401menu "Processor type and features"
402
403config SMP
404	bool "Symmetric multi-processing support"
405	help
406	  This enables support for systems with more than one CPU. If you have
407	  a system with only one CPU, say N. If you have a system with more
408	  than one CPU, say Y.
409
410	  If you say N here, the kernel will run on uni- and multiprocessor
411	  machines, but will use only one CPU of a multiprocessor machine. If
412	  you say Y here, the kernel will run on many, but not all,
413	  uniprocessor machines. On a uniprocessor machine, the kernel
414	  will run faster if you say N here.
415
416	  Note that if you say Y here and choose architecture "586" or
417	  "Pentium" under "Processor family", the kernel will not work on 486
418	  architectures. Similarly, multiprocessor kernels for the "PPro"
419	  architecture may not work on all Pentium based boards.
420
421	  People using multiprocessor machines who say Y here should also say
422	  Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
423	  Management" code will be disabled if you say Y here.
424
425	  See also <file:Documentation/x86/i386/IO-APIC.rst>,
426	  <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
427	  <http://www.tldp.org/docs.html#howto>.
428
429	  If you don't know what to do here, say N.
430
431config X86_FEATURE_NAMES
432	bool "Processor feature human-readable names" if EMBEDDED
433	default y
434	help
435	  This option compiles in a table of x86 feature bits and corresponding
436	  names.  This is required to support /proc/cpuinfo and a few kernel
437	  messages.  You can disable this to save space, at the expense of
438	  making those few kernel messages show numeric feature bits instead.
439
440	  If in doubt, say Y.
441
442config X86_X2APIC
443	bool "Support x2apic"
444	depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
445	help
446	  This enables x2apic support on CPUs that have this feature.
447
448	  This allows 32-bit apic IDs (so it can support very large systems),
449	  and accesses the local apic via MSRs not via mmio.
450
451	  If you don't know what to do here, say N.
452
453config X86_MPPARSE
454	bool "Enable MPS table" if ACPI
455	default y
456	depends on X86_LOCAL_APIC
457	help
458	  For old smp systems that do not have proper acpi support. Newer systems
459	  (esp with 64bit cpus) with acpi support, MADT and DSDT will override it
460
461config GOLDFISH
462	def_bool y
463	depends on X86_GOLDFISH
464
465config X86_CPU_RESCTRL
466	bool "x86 CPU resource control support"
467	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
468	select KERNFS
469	select PROC_CPU_RESCTRL		if PROC_FS
470	help
471	  Enable x86 CPU resource control support.
472
473	  Provide support for the allocation and monitoring of system resources
474	  usage by the CPU.
475
476	  Intel calls this Intel Resource Director Technology
477	  (Intel(R) RDT). More information about RDT can be found in the
478	  Intel x86 Architecture Software Developer Manual.
479
480	  AMD calls this AMD Platform Quality of Service (AMD QoS).
481	  More information about AMD QoS can be found in the AMD64 Technology
482	  Platform Quality of Service Extensions manual.
483
484	  Say N if unsure.
485
486if X86_32
487config X86_BIGSMP
488	bool "Support for big SMP systems with more than 8 CPUs"
489	depends on SMP
490	help
491	  This option is needed for the systems that have more than 8 CPUs.
492
493config X86_EXTENDED_PLATFORM
494	bool "Support for extended (non-PC) x86 platforms"
495	default y
496	help
497	  If you disable this option then the kernel will only support
498	  standard PC platforms. (which covers the vast majority of
499	  systems out there.)
500
501	  If you enable this option then you'll be able to select support
502	  for the following (non-PC) 32 bit x86 platforms:
503		Goldfish (Android emulator)
504		AMD Elan
505		RDC R-321x SoC
506		SGI 320/540 (Visual Workstation)
507		STA2X11-based (e.g. Northville)
508		Moorestown MID devices
509
510	  If you have one of these systems, or if you want to build a
511	  generic distribution kernel, say Y here - otherwise say N.
512endif # X86_32
513
514if X86_64
515config X86_EXTENDED_PLATFORM
516	bool "Support for extended (non-PC) x86 platforms"
517	default y
518	help
519	  If you disable this option then the kernel will only support
520	  standard PC platforms. (which covers the vast majority of
521	  systems out there.)
522
523	  If you enable this option then you'll be able to select support
524	  for the following (non-PC) 64 bit x86 platforms:
525		Numascale NumaChip
526		ScaleMP vSMP
527		SGI Ultraviolet
528
529	  If you have one of these systems, or if you want to build a
530	  generic distribution kernel, say Y here - otherwise say N.
531endif # X86_64
532# This is an alphabetically sorted list of 64 bit extended platforms
533# Please maintain the alphabetic order if and when there are additions
534config X86_NUMACHIP
535	bool "Numascale NumaChip"
536	depends on X86_64
537	depends on X86_EXTENDED_PLATFORM
538	depends on NUMA
539	depends on SMP
540	depends on X86_X2APIC
541	depends on PCI_MMCONFIG
542	help
543	  Adds support for Numascale NumaChip large-SMP systems. Needed to
544	  enable more than ~168 cores.
545	  If you don't have one of these, you should say N here.
546
547config X86_VSMP
548	bool "ScaleMP vSMP"
549	select HYPERVISOR_GUEST
550	select PARAVIRT
551	depends on X86_64 && PCI
552	depends on X86_EXTENDED_PLATFORM
553	depends on SMP
554	help
555	  Support for ScaleMP vSMP systems.  Say 'Y' here if this kernel is
556	  supposed to run on these EM64T-based machines.  Only choose this option
557	  if you have one of these machines.
558
559config X86_UV
560	bool "SGI Ultraviolet"
561	depends on X86_64
562	depends on X86_EXTENDED_PLATFORM
563	depends on NUMA
564	depends on EFI
565	depends on KEXEC_CORE
566	depends on X86_X2APIC
567	depends on PCI
568	help
569	  This option is needed in order to support SGI Ultraviolet systems.
570	  If you don't have one of these, you should say N here.
571
572# Following is an alphabetically sorted list of 32 bit extended platforms
573# Please maintain the alphabetic order if and when there are additions
574
575config X86_GOLDFISH
576	bool "Goldfish (Virtual Platform)"
577	depends on X86_EXTENDED_PLATFORM
578	help
579	  Enable support for the Goldfish virtual platform used primarily
580	  for Android development. Unless you are building for the Android
581	  Goldfish emulator say N here.
582
583config X86_INTEL_CE
584	bool "CE4100 TV platform"
585	depends on PCI
586	depends on PCI_GODIRECT
587	depends on X86_IO_APIC
588	depends on X86_32
589	depends on X86_EXTENDED_PLATFORM
590	select X86_REBOOTFIXUPS
591	select OF
592	select OF_EARLY_FLATTREE
593	help
594	  Select for the Intel CE media processor (CE4100) SOC.
595	  This option compiles in support for the CE4100 SOC for settop
596	  boxes and media devices.
597
598config X86_INTEL_MID
599	bool "Intel MID platform support"
600	depends on X86_EXTENDED_PLATFORM
601	depends on X86_PLATFORM_DEVICES
602	depends on PCI
603	depends on X86_64 || (PCI_GOANY && X86_32)
604	depends on X86_IO_APIC
605	select I2C
606	select DW_APB_TIMER
607	select INTEL_SCU_PCI
608	help
609	  Select to build a kernel capable of supporting Intel MID (Mobile
610	  Internet Device) platform systems which do not have the PCI legacy
611	  interfaces. If you are building for a PC class system say N here.
612
613	  Intel MID platforms are based on an Intel processor and chipset which
614	  consume less power than most of the x86 derivatives.
615
616config X86_INTEL_QUARK
617	bool "Intel Quark platform support"
618	depends on X86_32
619	depends on X86_EXTENDED_PLATFORM
620	depends on X86_PLATFORM_DEVICES
621	depends on X86_TSC
622	depends on PCI
623	depends on PCI_GOANY
624	depends on X86_IO_APIC
625	select IOSF_MBI
626	select INTEL_IMR
627	select COMMON_CLK
628	help
629	  Select to include support for Quark X1000 SoC.
630	  Say Y here if you have a Quark based system such as the Arduino
631	  compatible Intel Galileo.
632
633config X86_INTEL_LPSS
634	bool "Intel Low Power Subsystem Support"
635	depends on X86 && ACPI && PCI
636	select COMMON_CLK
637	select PINCTRL
638	select IOSF_MBI
639	help
640	  Select to build support for Intel Low Power Subsystem such as
641	  found on Intel Lynxpoint PCH. Selecting this option enables
642	  things like clock tree (common clock framework) and pincontrol
643	  which are needed by the LPSS peripheral drivers.
644
645config X86_AMD_PLATFORM_DEVICE
646	bool "AMD ACPI2Platform devices support"
647	depends on ACPI
648	select COMMON_CLK
649	select PINCTRL
650	help
651	  Select to interpret AMD specific ACPI device to platform device
652	  such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
653	  I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
654	  implemented under PINCTRL subsystem.
655
656config IOSF_MBI
657	tristate "Intel SoC IOSF Sideband support for SoC platforms"
658	depends on PCI
659	help
660	  This option enables sideband register access support for Intel SoC
661	  platforms. On these platforms the IOSF sideband is used in lieu of
662	  MSR's for some register accesses, mostly but not limited to thermal
663	  and power. Drivers may query the availability of this device to
664	  determine if they need the sideband in order to work on these
665	  platforms. The sideband is available on the following SoC products.
666	  This list is not meant to be exclusive.
667	   - BayTrail
668	   - Braswell
669	   - Quark
670
671	  You should say Y if you are running a kernel on one of these SoC's.
672
673config IOSF_MBI_DEBUG
674	bool "Enable IOSF sideband access through debugfs"
675	depends on IOSF_MBI && DEBUG_FS
676	help
677	  Select this option to expose the IOSF sideband access registers (MCR,
678	  MDR, MCRX) through debugfs to write and read register information from
679	  different units on the SoC. This is most useful for obtaining device
680	  state information for debug and analysis. As this is a general access
681	  mechanism, users of this option would have specific knowledge of the
682	  device they want to access.
683
684	  If you don't require the option or are in doubt, say N.
685
686config X86_RDC321X
687	bool "RDC R-321x SoC"
688	depends on X86_32
689	depends on X86_EXTENDED_PLATFORM
690	select M486
691	select X86_REBOOTFIXUPS
692	help
693	  This option is needed for RDC R-321x system-on-chip, also known
694	  as R-8610-(G).
695	  If you don't have one of these chips, you should say N here.
696
697config X86_32_NON_STANDARD
698	bool "Support non-standard 32-bit SMP architectures"
699	depends on X86_32 && SMP
700	depends on X86_EXTENDED_PLATFORM
701	help
702	  This option compiles in the bigsmp and STA2X11 default
703	  subarchitectures.  It is intended for a generic binary
704	  kernel. If you select them all, kernel will probe it one by
705	  one and will fallback to default.
706
707# Alphabetically sorted list of Non standard 32 bit platforms
708
709config X86_SUPPORTS_MEMORY_FAILURE
710	def_bool y
711	# MCE code calls memory_failure():
712	depends on X86_MCE
713	# On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
714	# On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
715	depends on X86_64 || !SPARSEMEM
716	select ARCH_SUPPORTS_MEMORY_FAILURE
717
718config STA2X11
719	bool "STA2X11 Companion Chip Support"
720	depends on X86_32_NON_STANDARD && PCI
721	select SWIOTLB
722	select MFD_STA2X11
723	select GPIOLIB
724	help
725	  This adds support for boards based on the STA2X11 IO-Hub,
726	  a.k.a. "ConneXt". The chip is used in place of the standard
727	  PC chipset, so all "standard" peripherals are missing. If this
728	  option is selected the kernel will still be able to boot on
729	  standard PC machines.
730
731config X86_32_IRIS
732	tristate "Eurobraille/Iris poweroff module"
733	depends on X86_32
734	help
735	  The Iris machines from EuroBraille do not have APM or ACPI support
736	  to shut themselves down properly.  A special I/O sequence is
737	  needed to do so, which is what this module does at
738	  kernel shutdown.
739
740	  This is only for Iris machines from EuroBraille.
741
742	  If unused, say N.
743
744config SCHED_OMIT_FRAME_POINTER
745	def_bool y
746	prompt "Single-depth WCHAN output"
747	depends on X86
748	help
749	  Calculate simpler /proc/<PID>/wchan values. If this option
750	  is disabled then wchan values will recurse back to the
751	  caller function. This provides more accurate wchan values,
752	  at the expense of slightly more scheduling overhead.
753
754	  If in doubt, say "Y".
755
756menuconfig HYPERVISOR_GUEST
757	bool "Linux guest support"
758	help
759	  Say Y here to enable options for running Linux under various hyper-
760	  visors. This option enables basic hypervisor detection and platform
761	  setup.
762
763	  If you say N, all options in this submenu will be skipped and
764	  disabled, and Linux guest support won't be built in.
765
766if HYPERVISOR_GUEST
767
768config PARAVIRT
769	bool "Enable paravirtualization code"
770	depends on HAVE_STATIC_CALL
771	help
772	  This changes the kernel so it can modify itself when it is run
773	  under a hypervisor, potentially improving performance significantly
774	  over full virtualization.  However, when run without a hypervisor
775	  the kernel is theoretically slower and slightly larger.
776
777config PARAVIRT_XXL
778	bool
779
780config PARAVIRT_DEBUG
781	bool "paravirt-ops debugging"
782	depends on PARAVIRT && DEBUG_KERNEL
783	help
784	  Enable to debug paravirt_ops internals.  Specifically, BUG if
785	  a paravirt_op is missing when it is called.
786
787config PARAVIRT_SPINLOCKS
788	bool "Paravirtualization layer for spinlocks"
789	depends on PARAVIRT && SMP
790	help
791	  Paravirtualized spinlocks allow a pvops backend to replace the
792	  spinlock implementation with something virtualization-friendly
793	  (for example, block the virtual CPU rather than spinning).
794
795	  It has a minimal impact on native kernels and gives a nice performance
796	  benefit on paravirtualized KVM / Xen kernels.
797
798	  If you are unsure how to answer this question, answer Y.
799
800config X86_HV_CALLBACK_VECTOR
801	def_bool n
802
803source "arch/x86/xen/Kconfig"
804
805config KVM_GUEST
806	bool "KVM Guest support (including kvmclock)"
807	depends on PARAVIRT
808	select PARAVIRT_CLOCK
809	select ARCH_CPUIDLE_HALTPOLL
810	select X86_HV_CALLBACK_VECTOR
811	default y
812	help
813	  This option enables various optimizations for running under the KVM
814	  hypervisor. It includes a paravirtualized clock, so that instead
815	  of relying on a PIT (or probably other) emulation by the
816	  underlying device model, the host provides the guest with
817	  timing infrastructure such as time of day, and system time
818
819config ARCH_CPUIDLE_HALTPOLL
820	def_bool n
821	prompt "Disable host haltpoll when loading haltpoll driver"
822	help
823	  If virtualized under KVM, disable host haltpoll.
824
825config PVH
826	bool "Support for running PVH guests"
827	help
828	  This option enables the PVH entry point for guest virtual machines
829	  as specified in the x86/HVM direct boot ABI.
830
831config PARAVIRT_TIME_ACCOUNTING
832	bool "Paravirtual steal time accounting"
833	depends on PARAVIRT
834	help
835	  Select this option to enable fine granularity task steal time
836	  accounting. Time spent executing other tasks in parallel with
837	  the current vCPU is discounted from the vCPU power. To account for
838	  that, there can be a small performance impact.
839
840	  If in doubt, say N here.
841
842config PARAVIRT_CLOCK
843	bool
844
845config JAILHOUSE_GUEST
846	bool "Jailhouse non-root cell support"
847	depends on X86_64 && PCI
848	select X86_PM_TIMER
849	help
850	  This option allows to run Linux as guest in a Jailhouse non-root
851	  cell. You can leave this option disabled if you only want to start
852	  Jailhouse and run Linux afterwards in the root cell.
853
854config ACRN_GUEST
855	bool "ACRN Guest support"
856	depends on X86_64
857	select X86_HV_CALLBACK_VECTOR
858	help
859	  This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
860	  a flexible, lightweight reference open-source hypervisor, built with
861	  real-time and safety-criticality in mind. It is built for embedded
862	  IOT with small footprint and real-time features. More details can be
863	  found in https://projectacrn.org/.
864
865config INTEL_TDX_GUEST
866	bool "Intel TDX (Trust Domain Extensions) - Guest Support"
867	depends on X86_64 && CPU_SUP_INTEL
868	depends on X86_X2APIC
869	select ARCH_HAS_CC_PLATFORM
870	select X86_MEM_ENCRYPT
871	select X86_MCE
872	help
873	  Support running as a guest under Intel TDX.  Without this support,
874	  the guest kernel can not boot or run under TDX.
875	  TDX includes memory encryption and integrity capabilities
876	  which protect the confidentiality and integrity of guest
877	  memory contents and CPU state. TDX guests are protected from
878	  some attacks from the VMM.
879
880endif # HYPERVISOR_GUEST
881
882source "arch/x86/Kconfig.cpu"
883
884config HPET_TIMER
885	def_bool X86_64
886	prompt "HPET Timer Support" if X86_32
887	help
888	  Use the IA-PC HPET (High Precision Event Timer) to manage
889	  time in preference to the PIT and RTC, if a HPET is
890	  present.
891	  HPET is the next generation timer replacing legacy 8254s.
892	  The HPET provides a stable time base on SMP
893	  systems, unlike the TSC, but it is more expensive to access,
894	  as it is off-chip.  The interface used is documented
895	  in the HPET spec, revision 1.
896
897	  You can safely choose Y here.  However, HPET will only be
898	  activated if the platform and the BIOS support this feature.
899	  Otherwise the 8254 will be used for timing services.
900
901	  Choose N to continue using the legacy 8254 timer.
902
903config HPET_EMULATE_RTC
904	def_bool y
905	depends on HPET_TIMER && (RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
906
907# Mark as expert because too many people got it wrong.
908# The code disables itself when not needed.
909config DMI
910	default y
911	select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
912	bool "Enable DMI scanning" if EXPERT
913	help
914	  Enabled scanning of DMI to identify machine quirks. Say Y
915	  here unless you have verified that your setup is not
916	  affected by entries in the DMI blacklist. Required by PNP
917	  BIOS code.
918
919config GART_IOMMU
920	bool "Old AMD GART IOMMU support"
921	select DMA_OPS
922	select IOMMU_HELPER
923	select SWIOTLB
924	depends on X86_64 && PCI && AMD_NB
925	help
926	  Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
927	  GART based hardware IOMMUs.
928
929	  The GART supports full DMA access for devices with 32-bit access
930	  limitations, on systems with more than 3 GB. This is usually needed
931	  for USB, sound, many IDE/SATA chipsets and some other devices.
932
933	  Newer systems typically have a modern AMD IOMMU, supported via
934	  the CONFIG_AMD_IOMMU=y config option.
935
936	  In normal configurations this driver is only active when needed:
937	  there's more than 3 GB of memory and the system contains a
938	  32-bit limited device.
939
940	  If unsure, say Y.
941
942config BOOT_VESA_SUPPORT
943	bool
944	help
945	  If true, at least one selected framebuffer driver can take advantage
946	  of VESA video modes set at an early boot stage via the vga= parameter.
947
948config MAXSMP
949	bool "Enable Maximum number of SMP Processors and NUMA Nodes"
950	depends on X86_64 && SMP && DEBUG_KERNEL
951	select CPUMASK_OFFSTACK
952	help
953	  Enable maximum number of CPUS and NUMA Nodes for this architecture.
954	  If unsure, say N.
955
956#
957# The maximum number of CPUs supported:
958#
959# The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
960# and which can be configured interactively in the
961# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
962#
963# The ranges are different on 32-bit and 64-bit kernels, depending on
964# hardware capabilities and scalability features of the kernel.
965#
966# ( If MAXSMP is enabled we just use the highest possible value and disable
967#   interactive configuration. )
968#
969
970config NR_CPUS_RANGE_BEGIN
971	int
972	default NR_CPUS_RANGE_END if MAXSMP
973	default    1 if !SMP
974	default    2
975
976config NR_CPUS_RANGE_END
977	int
978	depends on X86_32
979	default   64 if  SMP &&  X86_BIGSMP
980	default    8 if  SMP && !X86_BIGSMP
981	default    1 if !SMP
982
983config NR_CPUS_RANGE_END
984	int
985	depends on X86_64
986	default 8192 if  SMP && CPUMASK_OFFSTACK
987	default  512 if  SMP && !CPUMASK_OFFSTACK
988	default    1 if !SMP
989
990config NR_CPUS_DEFAULT
991	int
992	depends on X86_32
993	default   32 if  X86_BIGSMP
994	default    8 if  SMP
995	default    1 if !SMP
996
997config NR_CPUS_DEFAULT
998	int
999	depends on X86_64
1000	default 8192 if  MAXSMP
1001	default   64 if  SMP
1002	default    1 if !SMP
1003
1004config NR_CPUS
1005	int "Maximum number of CPUs" if SMP && !MAXSMP
1006	range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
1007	default NR_CPUS_DEFAULT
1008	help
1009	  This allows you to specify the maximum number of CPUs which this
1010	  kernel will support.  If CPUMASK_OFFSTACK is enabled, the maximum
1011	  supported value is 8192, otherwise the maximum value is 512.  The
1012	  minimum value which makes sense is 2.
1013
1014	  This is purely to save memory: each supported CPU adds about 8KB
1015	  to the kernel image.
1016
1017config SCHED_CLUSTER
1018	bool "Cluster scheduler support"
1019	depends on SMP
1020	default y
1021	help
1022	  Cluster scheduler support improves the CPU scheduler's decision
1023	  making when dealing with machines that have clusters of CPUs.
1024	  Cluster usually means a couple of CPUs which are placed closely
1025	  by sharing mid-level caches, last-level cache tags or internal
1026	  busses.
1027
1028config SCHED_SMT
1029	def_bool y if SMP
1030
1031config SCHED_MC
1032	def_bool y
1033	prompt "Multi-core scheduler support"
1034	depends on SMP
1035	help
1036	  Multi-core scheduler support improves the CPU scheduler's decision
1037	  making when dealing with multi-core CPU chips at a cost of slightly
1038	  increased overhead in some places. If unsure say N here.
1039
1040config SCHED_MC_PRIO
1041	bool "CPU core priorities scheduler support"
1042	depends on SCHED_MC && CPU_SUP_INTEL
1043	select X86_INTEL_PSTATE
1044	select CPU_FREQ
1045	default y
1046	help
1047	  Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
1048	  core ordering determined at manufacturing time, which allows
1049	  certain cores to reach higher turbo frequencies (when running
1050	  single threaded workloads) than others.
1051
1052	  Enabling this kernel feature teaches the scheduler about
1053	  the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
1054	  scheduler's CPU selection logic accordingly, so that higher
1055	  overall system performance can be achieved.
1056
1057	  This feature will have no effect on CPUs without this feature.
1058
1059	  If unsure say Y here.
1060
1061config UP_LATE_INIT
1062	def_bool y
1063	depends on !SMP && X86_LOCAL_APIC
1064
1065config X86_UP_APIC
1066	bool "Local APIC support on uniprocessors" if !PCI_MSI
1067	default PCI_MSI
1068	depends on X86_32 && !SMP && !X86_32_NON_STANDARD
1069	help
1070	  A local APIC (Advanced Programmable Interrupt Controller) is an
1071	  integrated interrupt controller in the CPU. If you have a single-CPU
1072	  system which has a processor with a local APIC, you can say Y here to
1073	  enable and use it. If you say Y here even though your machine doesn't
1074	  have a local APIC, then the kernel will still run with no slowdown at
1075	  all. The local APIC supports CPU-generated self-interrupts (timer,
1076	  performance counters), and the NMI watchdog which detects hard
1077	  lockups.
1078
1079config X86_UP_IOAPIC
1080	bool "IO-APIC support on uniprocessors"
1081	depends on X86_UP_APIC
1082	help
1083	  An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
1084	  SMP-capable replacement for PC-style interrupt controllers. Most
1085	  SMP systems and many recent uniprocessor systems have one.
1086
1087	  If you have a single-CPU system with an IO-APIC, you can say Y here
1088	  to use it. If you say Y here even though your machine doesn't have
1089	  an IO-APIC, then the kernel will still run with no slowdown at all.
1090
1091config X86_LOCAL_APIC
1092	def_bool y
1093	depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
1094	select IRQ_DOMAIN_HIERARCHY
1095	select PCI_MSI_IRQ_DOMAIN if PCI_MSI
1096
1097config X86_IO_APIC
1098	def_bool y
1099	depends on X86_LOCAL_APIC || X86_UP_IOAPIC
1100
1101config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
1102	bool "Reroute for broken boot IRQs"
1103	depends on X86_IO_APIC
1104	help
1105	  This option enables a workaround that fixes a source of
1106	  spurious interrupts. This is recommended when threaded
1107	  interrupt handling is used on systems where the generation of
1108	  superfluous "boot interrupts" cannot be disabled.
1109
1110	  Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
1111	  entry in the chipset's IO-APIC is masked (as, e.g. the RT
1112	  kernel does during interrupt handling). On chipsets where this
1113	  boot IRQ generation cannot be disabled, this workaround keeps
1114	  the original IRQ line masked so that only the equivalent "boot
1115	  IRQ" is delivered to the CPUs. The workaround also tells the
1116	  kernel to set up the IRQ handler on the boot IRQ line. In this
1117	  way only one interrupt is delivered to the kernel. Otherwise
1118	  the spurious second interrupt may cause the kernel to bring
1119	  down (vital) interrupt lines.
1120
1121	  Only affects "broken" chipsets. Interrupt sharing may be
1122	  increased on these systems.
1123
1124config X86_MCE
1125	bool "Machine Check / overheating reporting"
1126	select GENERIC_ALLOCATOR
1127	default y
1128	help
1129	  Machine Check support allows the processor to notify the
1130	  kernel if it detects a problem (e.g. overheating, data corruption).
1131	  The action the kernel takes depends on the severity of the problem,
1132	  ranging from warning messages to halting the machine.
1133
1134config X86_MCELOG_LEGACY
1135	bool "Support for deprecated /dev/mcelog character device"
1136	depends on X86_MCE
1137	help
1138	  Enable support for /dev/mcelog which is needed by the old mcelog
1139	  userspace logging daemon. Consider switching to the new generation
1140	  rasdaemon solution.
1141
1142config X86_MCE_INTEL
1143	def_bool y
1144	prompt "Intel MCE features"
1145	depends on X86_MCE && X86_LOCAL_APIC
1146	help
1147	  Additional support for intel specific MCE features such as
1148	  the thermal monitor.
1149
1150config X86_MCE_AMD
1151	def_bool y
1152	prompt "AMD MCE features"
1153	depends on X86_MCE && X86_LOCAL_APIC && AMD_NB
1154	help
1155	  Additional support for AMD specific MCE features such as
1156	  the DRAM Error Threshold.
1157
1158config X86_ANCIENT_MCE
1159	bool "Support for old Pentium 5 / WinChip machine checks"
1160	depends on X86_32 && X86_MCE
1161	help
1162	  Include support for machine check handling on old Pentium 5 or WinChip
1163	  systems. These typically need to be enabled explicitly on the command
1164	  line.
1165
1166config X86_MCE_THRESHOLD
1167	depends on X86_MCE_AMD || X86_MCE_INTEL
1168	def_bool y
1169
1170config X86_MCE_INJECT
1171	depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
1172	tristate "Machine check injector support"
1173	help
1174	  Provide support for injecting machine checks for testing purposes.
1175	  If you don't know what a machine check is and you don't do kernel
1176	  QA it is safe to say n.
1177
1178source "arch/x86/events/Kconfig"
1179
1180config X86_LEGACY_VM86
1181	bool "Legacy VM86 support"
1182	depends on X86_32
1183	help
1184	  This option allows user programs to put the CPU into V8086
1185	  mode, which is an 80286-era approximation of 16-bit real mode.
1186
1187	  Some very old versions of X and/or vbetool require this option
1188	  for user mode setting.  Similarly, DOSEMU will use it if
1189	  available to accelerate real mode DOS programs.  However, any
1190	  recent version of DOSEMU, X, or vbetool should be fully
1191	  functional even without kernel VM86 support, as they will all
1192	  fall back to software emulation. Nevertheless, if you are using
1193	  a 16-bit DOS program where 16-bit performance matters, vm86
1194	  mode might be faster than emulation and you might want to
1195	  enable this option.
1196
1197	  Note that any app that works on a 64-bit kernel is unlikely to
1198	  need this option, as 64-bit kernels don't, and can't, support
1199	  V8086 mode. This option is also unrelated to 16-bit protected
1200	  mode and is not needed to run most 16-bit programs under Wine.
1201
1202	  Enabling this option increases the complexity of the kernel
1203	  and slows down exception handling a tiny bit.
1204
1205	  If unsure, say N here.
1206
1207config VM86
1208	bool
1209	default X86_LEGACY_VM86
1210
1211config X86_16BIT
1212	bool "Enable support for 16-bit segments" if EXPERT
1213	default y
1214	depends on MODIFY_LDT_SYSCALL
1215	help
1216	  This option is required by programs like Wine to run 16-bit
1217	  protected mode legacy code on x86 processors.  Disabling
1218	  this option saves about 300 bytes on i386, or around 6K text
1219	  plus 16K runtime memory on x86-64,
1220
1221config X86_ESPFIX32
1222	def_bool y
1223	depends on X86_16BIT && X86_32
1224
1225config X86_ESPFIX64
1226	def_bool y
1227	depends on X86_16BIT && X86_64
1228
1229config X86_VSYSCALL_EMULATION
1230	bool "Enable vsyscall emulation" if EXPERT
1231	default y
1232	depends on X86_64
1233	help
1234	  This enables emulation of the legacy vsyscall page.  Disabling
1235	  it is roughly equivalent to booting with vsyscall=none, except
1236	  that it will also disable the helpful warning if a program
1237	  tries to use a vsyscall.  With this option set to N, offending
1238	  programs will just segfault, citing addresses of the form
1239	  0xffffffffff600?00.
1240
1241	  This option is required by many programs built before 2013, and
1242	  care should be used even with newer programs if set to N.
1243
1244	  Disabling this option saves about 7K of kernel size and
1245	  possibly 4K of additional runtime pagetable memory.
1246
1247config X86_IOPL_IOPERM
1248	bool "IOPERM and IOPL Emulation"
1249	default y
1250	help
1251	  This enables the ioperm() and iopl() syscalls which are necessary
1252	  for legacy applications.
1253
1254	  Legacy IOPL support is an overbroad mechanism which allows user
1255	  space aside of accessing all 65536 I/O ports also to disable
1256	  interrupts. To gain this access the caller needs CAP_SYS_RAWIO
1257	  capabilities and permission from potentially active security
1258	  modules.
1259
1260	  The emulation restricts the functionality of the syscall to
1261	  only allowing the full range I/O port access, but prevents the
1262	  ability to disable interrupts from user space which would be
1263	  granted if the hardware IOPL mechanism would be used.
1264
1265config TOSHIBA
1266	tristate "Toshiba Laptop support"
1267	depends on X86_32
1268	help
1269	  This adds a driver to safely access the System Management Mode of
1270	  the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
1271	  not work on models with a Phoenix BIOS. The System Management Mode
1272	  is used to set the BIOS and power saving options on Toshiba portables.
1273
1274	  For information on utilities to make use of this driver see the
1275	  Toshiba Linux utilities web site at:
1276	  <http://www.buzzard.org.uk/toshiba/>.
1277
1278	  Say Y if you intend to run this kernel on a Toshiba portable.
1279	  Say N otherwise.
1280
1281config X86_REBOOTFIXUPS
1282	bool "Enable X86 board specific fixups for reboot"
1283	depends on X86_32
1284	help
1285	  This enables chipset and/or board specific fixups to be done
1286	  in order to get reboot to work correctly. This is only needed on
1287	  some combinations of hardware and BIOS. The symptom, for which
1288	  this config is intended, is when reboot ends with a stalled/hung
1289	  system.
1290
1291	  Currently, the only fixup is for the Geode machines using
1292	  CS5530A and CS5536 chipsets and the RDC R-321x SoC.
1293
1294	  Say Y if you want to enable the fixup. Currently, it's safe to
1295	  enable this option even if you don't need it.
1296	  Say N otherwise.
1297
1298config MICROCODE
1299	bool "CPU microcode loading support"
1300	default y
1301	depends on CPU_SUP_AMD || CPU_SUP_INTEL
1302	help
1303	  If you say Y here, you will be able to update the microcode on
1304	  Intel and AMD processors. The Intel support is for the IA32 family,
1305	  e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, Xeon etc. The
1306	  AMD support is for families 0x10 and later. You will obviously need
1307	  the actual microcode binary data itself which is not shipped with
1308	  the Linux kernel.
1309
1310	  The preferred method to load microcode from a detached initrd is described
1311	  in Documentation/x86/microcode.rst. For that you need to enable
1312	  CONFIG_BLK_DEV_INITRD in order for the loader to be able to scan the
1313	  initrd for microcode blobs.
1314
1315	  In addition, you can build the microcode into the kernel. For that you
1316	  need to add the vendor-supplied microcode to the CONFIG_EXTRA_FIRMWARE
1317	  config option.
1318
1319config MICROCODE_INTEL
1320	bool "Intel microcode loading support"
1321	depends on CPU_SUP_INTEL && MICROCODE
1322	default MICROCODE
1323	help
1324	  This options enables microcode patch loading support for Intel
1325	  processors.
1326
1327	  For the current Intel microcode data package go to
1328	  <https://downloadcenter.intel.com> and search for
1329	  'Linux Processor Microcode Data File'.
1330
1331config MICROCODE_AMD
1332	bool "AMD microcode loading support"
1333	depends on CPU_SUP_AMD && MICROCODE
1334	help
1335	  If you select this option, microcode patch loading support for AMD
1336	  processors will be enabled.
1337
1338config MICROCODE_LATE_LOADING
1339	bool "Late microcode loading (DANGEROUS)"
1340	default n
1341	depends on MICROCODE
1342	help
1343	  Loading microcode late, when the system is up and executing instructions
1344	  is a tricky business and should be avoided if possible. Just the sequence
1345	  of synchronizing all cores and SMT threads is one fragile dance which does
1346	  not guarantee that cores might not softlock after the loading. Therefore,
1347	  use this at your own risk. Late loading taints the kernel too.
1348
1349config X86_MSR
1350	tristate "/dev/cpu/*/msr - Model-specific register support"
1351	help
1352	  This device gives privileged processes access to the x86
1353	  Model-Specific Registers (MSRs).  It is a character device with
1354	  major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
1355	  MSR accesses are directed to a specific CPU on multi-processor
1356	  systems.
1357
1358config X86_CPUID
1359	tristate "/dev/cpu/*/cpuid - CPU information support"
1360	help
1361	  This device gives processes access to the x86 CPUID instruction to
1362	  be executed on a specific processor.  It is a character device
1363	  with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
1364	  /dev/cpu/31/cpuid.
1365
1366choice
1367	prompt "High Memory Support"
1368	default HIGHMEM4G
1369	depends on X86_32
1370
1371config NOHIGHMEM
1372	bool "off"
1373	help
1374	  Linux can use up to 64 Gigabytes of physical memory on x86 systems.
1375	  However, the address space of 32-bit x86 processors is only 4
1376	  Gigabytes large. That means that, if you have a large amount of
1377	  physical memory, not all of it can be "permanently mapped" by the
1378	  kernel. The physical memory that's not permanently mapped is called
1379	  "high memory".
1380
1381	  If you are compiling a kernel which will never run on a machine with
1382	  more than 1 Gigabyte total physical RAM, answer "off" here (default
1383	  choice and suitable for most users). This will result in a "3GB/1GB"
1384	  split: 3GB are mapped so that each process sees a 3GB virtual memory
1385	  space and the remaining part of the 4GB virtual memory space is used
1386	  by the kernel to permanently map as much physical memory as
1387	  possible.
1388
1389	  If the machine has between 1 and 4 Gigabytes physical RAM, then
1390	  answer "4GB" here.
1391
1392	  If more than 4 Gigabytes is used then answer "64GB" here. This
1393	  selection turns Intel PAE (Physical Address Extension) mode on.
1394	  PAE implements 3-level paging on IA32 processors. PAE is fully
1395	  supported by Linux, PAE mode is implemented on all recent Intel
1396	  processors (Pentium Pro and better). NOTE: If you say "64GB" here,
1397	  then the kernel will not boot on CPUs that don't support PAE!
1398
1399	  The actual amount of total physical memory will either be
1400	  auto detected or can be forced by using a kernel command line option
1401	  such as "mem=256M". (Try "man bootparam" or see the documentation of
1402	  your boot loader (lilo or loadlin) about how to pass options to the
1403	  kernel at boot time.)
1404
1405	  If unsure, say "off".
1406
1407config HIGHMEM4G
1408	bool "4GB"
1409	help
1410	  Select this if you have a 32-bit processor and between 1 and 4
1411	  gigabytes of physical RAM.
1412
1413config HIGHMEM64G
1414	bool "64GB"
1415	depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6
1416	select X86_PAE
1417	help
1418	  Select this if you have a 32-bit processor and more than 4
1419	  gigabytes of physical RAM.
1420
1421endchoice
1422
1423choice
1424	prompt "Memory split" if EXPERT
1425	default VMSPLIT_3G
1426	depends on X86_32
1427	help
1428	  Select the desired split between kernel and user memory.
1429
1430	  If the address range available to the kernel is less than the
1431	  physical memory installed, the remaining memory will be available
1432	  as "high memory". Accessing high memory is a little more costly
1433	  than low memory, as it needs to be mapped into the kernel first.
1434	  Note that increasing the kernel address space limits the range
1435	  available to user programs, making the address space there
1436	  tighter.  Selecting anything other than the default 3G/1G split
1437	  will also likely make your kernel incompatible with binary-only
1438	  kernel modules.
1439
1440	  If you are not absolutely sure what you are doing, leave this
1441	  option alone!
1442
1443	config VMSPLIT_3G
1444		bool "3G/1G user/kernel split"
1445	config VMSPLIT_3G_OPT
1446		depends on !X86_PAE
1447		bool "3G/1G user/kernel split (for full 1G low memory)"
1448	config VMSPLIT_2G
1449		bool "2G/2G user/kernel split"
1450	config VMSPLIT_2G_OPT
1451		depends on !X86_PAE
1452		bool "2G/2G user/kernel split (for full 2G low memory)"
1453	config VMSPLIT_1G
1454		bool "1G/3G user/kernel split"
1455endchoice
1456
1457config PAGE_OFFSET
1458	hex
1459	default 0xB0000000 if VMSPLIT_3G_OPT
1460	default 0x80000000 if VMSPLIT_2G
1461	default 0x78000000 if VMSPLIT_2G_OPT
1462	default 0x40000000 if VMSPLIT_1G
1463	default 0xC0000000
1464	depends on X86_32
1465
1466config HIGHMEM
1467	def_bool y
1468	depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
1469
1470config X86_PAE
1471	bool "PAE (Physical Address Extension) Support"
1472	depends on X86_32 && !HIGHMEM4G
1473	select PHYS_ADDR_T_64BIT
1474	select SWIOTLB
1475	help
1476	  PAE is required for NX support, and furthermore enables
1477	  larger swapspace support for non-overcommit purposes. It
1478	  has the cost of more pagetable lookup overhead, and also
1479	  consumes more pagetable space per process.
1480
1481config X86_5LEVEL
1482	bool "Enable 5-level page tables support"
1483	default y
1484	select DYNAMIC_MEMORY_LAYOUT
1485	select SPARSEMEM_VMEMMAP
1486	depends on X86_64
1487	help
1488	  5-level paging enables access to larger address space:
1489	  upto 128 PiB of virtual address space and 4 PiB of
1490	  physical address space.
1491
1492	  It will be supported by future Intel CPUs.
1493
1494	  A kernel with the option enabled can be booted on machines that
1495	  support 4- or 5-level paging.
1496
1497	  See Documentation/x86/x86_64/5level-paging.rst for more
1498	  information.
1499
1500	  Say N if unsure.
1501
1502config X86_DIRECT_GBPAGES
1503	def_bool y
1504	depends on X86_64
1505	help
1506	  Certain kernel features effectively disable kernel
1507	  linear 1 GB mappings (even if the CPU otherwise
1508	  supports them), so don't confuse the user by printing
1509	  that we have them enabled.
1510
1511config X86_CPA_STATISTICS
1512	bool "Enable statistic for Change Page Attribute"
1513	depends on DEBUG_FS
1514	help
1515	  Expose statistics about the Change Page Attribute mechanism, which
1516	  helps to determine the effectiveness of preserving large and huge
1517	  page mappings when mapping protections are changed.
1518
1519config X86_MEM_ENCRYPT
1520	select ARCH_HAS_FORCE_DMA_UNENCRYPTED
1521	select DYNAMIC_PHYSICAL_MASK
1522	def_bool n
1523
1524config AMD_MEM_ENCRYPT
1525	bool "AMD Secure Memory Encryption (SME) support"
1526	depends on X86_64 && CPU_SUP_AMD
1527	select DMA_COHERENT_POOL
1528	select ARCH_USE_MEMREMAP_PROT
1529	select INSTRUCTION_DECODER
1530	select ARCH_HAS_CC_PLATFORM
1531	select X86_MEM_ENCRYPT
1532	help
1533	  Say yes to enable support for the encryption of system memory.
1534	  This requires an AMD processor that supports Secure Memory
1535	  Encryption (SME).
1536
1537config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
1538	bool "Activate AMD Secure Memory Encryption (SME) by default"
1539	depends on AMD_MEM_ENCRYPT
1540	help
1541	  Say yes to have system memory encrypted by default if running on
1542	  an AMD processor that supports Secure Memory Encryption (SME).
1543
1544	  If set to Y, then the encryption of system memory can be
1545	  deactivated with the mem_encrypt=off command line option.
1546
1547	  If set to N, then the encryption of system memory can be
1548	  activated with the mem_encrypt=on command line option.
1549
1550# Common NUMA Features
1551config NUMA
1552	bool "NUMA Memory Allocation and Scheduler Support"
1553	depends on SMP
1554	depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
1555	default y if X86_BIGSMP
1556	select USE_PERCPU_NUMA_NODE_ID
1557	help
1558	  Enable NUMA (Non-Uniform Memory Access) support.
1559
1560	  The kernel will try to allocate memory used by a CPU on the
1561	  local memory controller of the CPU and add some more
1562	  NUMA awareness to the kernel.
1563
1564	  For 64-bit this is recommended if the system is Intel Core i7
1565	  (or later), AMD Opteron, or EM64T NUMA.
1566
1567	  For 32-bit this is only needed if you boot a 32-bit
1568	  kernel on a 64-bit NUMA platform.
1569
1570	  Otherwise, you should say N.
1571
1572config AMD_NUMA
1573	def_bool y
1574	prompt "Old style AMD Opteron NUMA detection"
1575	depends on X86_64 && NUMA && PCI
1576	help
1577	  Enable AMD NUMA node topology detection.  You should say Y here if
1578	  you have a multi processor AMD system. This uses an old method to
1579	  read the NUMA configuration directly from the builtin Northbridge
1580	  of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
1581	  which also takes priority if both are compiled in.
1582
1583config X86_64_ACPI_NUMA
1584	def_bool y
1585	prompt "ACPI NUMA detection"
1586	depends on X86_64 && NUMA && ACPI && PCI
1587	select ACPI_NUMA
1588	help
1589	  Enable ACPI SRAT based node topology detection.
1590
1591config NUMA_EMU
1592	bool "NUMA emulation"
1593	depends on NUMA
1594	help
1595	  Enable NUMA emulation. A flat machine will be split
1596	  into virtual nodes when booted with "numa=fake=N", where N is the
1597	  number of nodes. This is only useful for debugging.
1598
1599config NODES_SHIFT
1600	int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
1601	range 1 10
1602	default "10" if MAXSMP
1603	default "6" if X86_64
1604	default "3"
1605	depends on NUMA
1606	help
1607	  Specify the maximum number of NUMA Nodes available on the target
1608	  system.  Increases memory reserved to accommodate various tables.
1609
1610config ARCH_FLATMEM_ENABLE
1611	def_bool y
1612	depends on X86_32 && !NUMA
1613
1614config ARCH_SPARSEMEM_ENABLE
1615	def_bool y
1616	depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD
1617	select SPARSEMEM_STATIC if X86_32
1618	select SPARSEMEM_VMEMMAP_ENABLE if X86_64
1619
1620config ARCH_SPARSEMEM_DEFAULT
1621	def_bool X86_64 || (NUMA && X86_32)
1622
1623config ARCH_SELECT_MEMORY_MODEL
1624	def_bool y
1625	depends on ARCH_SPARSEMEM_ENABLE && ARCH_FLATMEM_ENABLE
1626
1627config ARCH_MEMORY_PROBE
1628	bool "Enable sysfs memory/probe interface"
1629	depends on MEMORY_HOTPLUG
1630	help
1631	  This option enables a sysfs memory/probe interface for testing.
1632	  See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
1633	  If you are unsure how to answer this question, answer N.
1634
1635config ARCH_PROC_KCORE_TEXT
1636	def_bool y
1637	depends on X86_64 && PROC_KCORE
1638
1639config ILLEGAL_POINTER_VALUE
1640	hex
1641	default 0 if X86_32
1642	default 0xdead000000000000 if X86_64
1643
1644config X86_PMEM_LEGACY_DEVICE
1645	bool
1646
1647config X86_PMEM_LEGACY
1648	tristate "Support non-standard NVDIMMs and ADR protected memory"
1649	depends on PHYS_ADDR_T_64BIT
1650	depends on BLK_DEV
1651	select X86_PMEM_LEGACY_DEVICE
1652	select NUMA_KEEP_MEMINFO if NUMA
1653	select LIBNVDIMM
1654	help
1655	  Treat memory marked using the non-standard e820 type of 12 as used
1656	  by the Intel Sandy Bridge-EP reference BIOS as protected memory.
1657	  The kernel will offer these regions to the 'pmem' driver so
1658	  they can be used for persistent storage.
1659
1660	  Say Y if unsure.
1661
1662config HIGHPTE
1663	bool "Allocate 3rd-level pagetables from highmem"
1664	depends on HIGHMEM
1665	help
1666	  The VM uses one page table entry for each page of physical memory.
1667	  For systems with a lot of RAM, this can be wasteful of precious
1668	  low memory.  Setting this option will put user-space page table
1669	  entries in high memory.
1670
1671config X86_CHECK_BIOS_CORRUPTION
1672	bool "Check for low memory corruption"
1673	help
1674	  Periodically check for memory corruption in low memory, which
1675	  is suspected to be caused by BIOS.  Even when enabled in the
1676	  configuration, it is disabled at runtime.  Enable it by
1677	  setting "memory_corruption_check=1" on the kernel command
1678	  line.  By default it scans the low 64k of memory every 60
1679	  seconds; see the memory_corruption_check_size and
1680	  memory_corruption_check_period parameters in
1681	  Documentation/admin-guide/kernel-parameters.rst to adjust this.
1682
1683	  When enabled with the default parameters, this option has
1684	  almost no overhead, as it reserves a relatively small amount
1685	  of memory and scans it infrequently.  It both detects corruption
1686	  and prevents it from affecting the running system.
1687
1688	  It is, however, intended as a diagnostic tool; if repeatable
1689	  BIOS-originated corruption always affects the same memory,
1690	  you can use memmap= to prevent the kernel from using that
1691	  memory.
1692
1693config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
1694	bool "Set the default setting of memory_corruption_check"
1695	depends on X86_CHECK_BIOS_CORRUPTION
1696	default y
1697	help
1698	  Set whether the default state of memory_corruption_check is
1699	  on or off.
1700
1701config MATH_EMULATION
1702	bool
1703	depends on MODIFY_LDT_SYSCALL
1704	prompt "Math emulation" if X86_32 && (M486SX || MELAN)
1705	help
1706	  Linux can emulate a math coprocessor (used for floating point
1707	  operations) if you don't have one. 486DX and Pentium processors have
1708	  a math coprocessor built in, 486SX and 386 do not, unless you added
1709	  a 487DX or 387, respectively. (The messages during boot time can
1710	  give you some hints here ["man dmesg"].) Everyone needs either a
1711	  coprocessor or this emulation.
1712
1713	  If you don't have a math coprocessor, you need to say Y here; if you
1714	  say Y here even though you have a coprocessor, the coprocessor will
1715	  be used nevertheless. (This behavior can be changed with the kernel
1716	  command line option "no387", which comes handy if your coprocessor
1717	  is broken. Try "man bootparam" or see the documentation of your boot
1718	  loader (lilo or loadlin) about how to pass options to the kernel at
1719	  boot time.) This means that it is a good idea to say Y here if you
1720	  intend to use this kernel on different machines.
1721
1722	  More information about the internals of the Linux math coprocessor
1723	  emulation can be found in <file:arch/x86/math-emu/README>.
1724
1725	  If you are not sure, say Y; apart from resulting in a 66 KB bigger
1726	  kernel, it won't hurt.
1727
1728config MTRR
1729	def_bool y
1730	prompt "MTRR (Memory Type Range Register) support" if EXPERT
1731	help
1732	  On Intel P6 family processors (Pentium Pro, Pentium II and later)
1733	  the Memory Type Range Registers (MTRRs) may be used to control
1734	  processor access to memory ranges. This is most useful if you have
1735	  a video (VGA) card on a PCI or AGP bus. Enabling write-combining
1736	  allows bus write transfers to be combined into a larger transfer
1737	  before bursting over the PCI/AGP bus. This can increase performance
1738	  of image write operations 2.5 times or more. Saying Y here creates a
1739	  /proc/mtrr file which may be used to manipulate your processor's
1740	  MTRRs. Typically the X server should use this.
1741
1742	  This code has a reasonably generic interface so that similar
1743	  control registers on other processors can be easily supported
1744	  as well:
1745
1746	  The Cyrix 6x86, 6x86MX and M II processors have Address Range
1747	  Registers (ARRs) which provide a similar functionality to MTRRs. For
1748	  these, the ARRs are used to emulate the MTRRs.
1749	  The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
1750	  MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
1751	  write-combining. All of these processors are supported by this code
1752	  and it makes sense to say Y here if you have one of them.
1753
1754	  Saying Y here also fixes a problem with buggy SMP BIOSes which only
1755	  set the MTRRs for the boot CPU and not for the secondary CPUs. This
1756	  can lead to all sorts of problems, so it's good to say Y here.
1757
1758	  You can safely say Y even if your machine doesn't have MTRRs, you'll
1759	  just add about 9 KB to your kernel.
1760
1761	  See <file:Documentation/x86/mtrr.rst> for more information.
1762
1763config MTRR_SANITIZER
1764	def_bool y
1765	prompt "MTRR cleanup support"
1766	depends on MTRR
1767	help
1768	  Convert MTRR layout from continuous to discrete, so X drivers can
1769	  add writeback entries.
1770
1771	  Can be disabled with disable_mtrr_cleanup on the kernel command line.
1772	  The largest mtrr entry size for a continuous block can be set with
1773	  mtrr_chunk_size.
1774
1775	  If unsure, say Y.
1776
1777config MTRR_SANITIZER_ENABLE_DEFAULT
1778	int "MTRR cleanup enable value (0-1)"
1779	range 0 1
1780	default "0"
1781	depends on MTRR_SANITIZER
1782	help
1783	  Enable mtrr cleanup default value
1784
1785config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
1786	int "MTRR cleanup spare reg num (0-7)"
1787	range 0 7
1788	default "1"
1789	depends on MTRR_SANITIZER
1790	help
1791	  mtrr cleanup spare entries default, it can be changed via
1792	  mtrr_spare_reg_nr=N on the kernel command line.
1793
1794config X86_PAT
1795	def_bool y
1796	prompt "x86 PAT support" if EXPERT
1797	depends on MTRR
1798	help
1799	  Use PAT attributes to setup page level cache control.
1800
1801	  PATs are the modern equivalents of MTRRs and are much more
1802	  flexible than MTRRs.
1803
1804	  Say N here if you see bootup problems (boot crash, boot hang,
1805	  spontaneous reboots) or a non-working video driver.
1806
1807	  If unsure, say Y.
1808
1809config ARCH_USES_PG_UNCACHED
1810	def_bool y
1811	depends on X86_PAT
1812
1813config X86_UMIP
1814	def_bool y
1815	prompt "User Mode Instruction Prevention" if EXPERT
1816	help
1817	  User Mode Instruction Prevention (UMIP) is a security feature in
1818	  some x86 processors. If enabled, a general protection fault is
1819	  issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are
1820	  executed in user mode. These instructions unnecessarily expose
1821	  information about the hardware state.
1822
1823	  The vast majority of applications do not use these instructions.
1824	  For the very few that do, software emulation is provided in
1825	  specific cases in protected and virtual-8086 modes. Emulated
1826	  results are dummy.
1827
1828config CC_HAS_IBT
1829	# GCC >= 9 and binutils >= 2.29
1830	# Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
1831	# Clang/LLVM >= 14
1832	# https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f
1833	# https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
1834	def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
1835		  (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
1836		  $(as-instr,endbr64)
1837
1838config X86_KERNEL_IBT
1839	prompt "Indirect Branch Tracking"
1840	bool
1841	depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
1842	# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
1843	depends on !LD_IS_LLD || LLD_VERSION >= 140000
1844	select OBJTOOL
1845	help
1846	  Build the kernel with support for Indirect Branch Tracking, a
1847	  hardware support course-grain forward-edge Control Flow Integrity
1848	  protection. It enforces that all indirect calls must land on
1849	  an ENDBR instruction, as such, the compiler will instrument the
1850	  code with them to make this happen.
1851
1852	  In addition to building the kernel with IBT, seal all functions that
1853	  are not indirect call targets, avoiding them ever becoming one.
1854
1855	  This requires LTO like objtool runs and will slow down the build. It
1856	  does significantly reduce the number of ENDBR instructions in the
1857	  kernel image.
1858
1859config X86_INTEL_MEMORY_PROTECTION_KEYS
1860	prompt "Memory Protection Keys"
1861	def_bool y
1862	# Note: only available in 64-bit mode
1863	depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD)
1864	select ARCH_USES_HIGH_VMA_FLAGS
1865	select ARCH_HAS_PKEYS
1866	help
1867	  Memory Protection Keys provides a mechanism for enforcing
1868	  page-based protections, but without requiring modification of the
1869	  page tables when an application changes protection domains.
1870
1871	  For details, see Documentation/core-api/protection-keys.rst
1872
1873	  If unsure, say y.
1874
1875choice
1876	prompt "TSX enable mode"
1877	depends on CPU_SUP_INTEL
1878	default X86_INTEL_TSX_MODE_OFF
1879	help
1880	  Intel's TSX (Transactional Synchronization Extensions) feature
1881	  allows to optimize locking protocols through lock elision which
1882	  can lead to a noticeable performance boost.
1883
1884	  On the other hand it has been shown that TSX can be exploited
1885	  to form side channel attacks (e.g. TAA) and chances are there
1886	  will be more of those attacks discovered in the future.
1887
1888	  Therefore TSX is not enabled by default (aka tsx=off). An admin
1889	  might override this decision by tsx=on the command line parameter.
1890	  Even with TSX enabled, the kernel will attempt to enable the best
1891	  possible TAA mitigation setting depending on the microcode available
1892	  for the particular machine.
1893
1894	  This option allows to set the default tsx mode between tsx=on, =off
1895	  and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
1896	  details.
1897
1898	  Say off if not sure, auto if TSX is in use but it should be used on safe
1899	  platforms or on if TSX is in use and the security aspect of tsx is not
1900	  relevant.
1901
1902config X86_INTEL_TSX_MODE_OFF
1903	bool "off"
1904	help
1905	  TSX is disabled if possible - equals to tsx=off command line parameter.
1906
1907config X86_INTEL_TSX_MODE_ON
1908	bool "on"
1909	help
1910	  TSX is always enabled on TSX capable HW - equals the tsx=on command
1911	  line parameter.
1912
1913config X86_INTEL_TSX_MODE_AUTO
1914	bool "auto"
1915	help
1916	  TSX is enabled on TSX capable HW that is believed to be safe against
1917	  side channel attacks- equals the tsx=auto command line parameter.
1918endchoice
1919
1920config X86_SGX
1921	bool "Software Guard eXtensions (SGX)"
1922	depends on X86_64 && CPU_SUP_INTEL
1923	depends on CRYPTO=y
1924	depends on CRYPTO_SHA256=y
1925	select SRCU
1926	select MMU_NOTIFIER
1927	select NUMA_KEEP_MEMINFO if NUMA
1928	select XARRAY_MULTI
1929	help
1930	  Intel(R) Software Guard eXtensions (SGX) is a set of CPU instructions
1931	  that can be used by applications to set aside private regions of code
1932	  and data, referred to as enclaves. An enclave's private memory can
1933	  only be accessed by code running within the enclave. Accesses from
1934	  outside the enclave, including other enclaves, are disallowed by
1935	  hardware.
1936
1937	  If unsure, say N.
1938
1939config EFI
1940	bool "EFI runtime service support"
1941	depends on ACPI
1942	select UCS2_STRING
1943	select EFI_RUNTIME_WRAPPERS
1944	select ARCH_USE_MEMREMAP_PROT
1945	help
1946	  This enables the kernel to use EFI runtime services that are
1947	  available (such as the EFI variable services).
1948
1949	  This option is only useful on systems that have EFI firmware.
1950	  In addition, you should use the latest ELILO loader available
1951	  at <http://elilo.sourceforge.net> in order to take advantage
1952	  of EFI runtime services. However, even with this option, the
1953	  resultant kernel should continue to boot on existing non-EFI
1954	  platforms.
1955
1956config EFI_STUB
1957	bool "EFI stub support"
1958	depends on EFI
1959	depends on $(cc-option,-mabi=ms) || X86_32
1960	select RELOCATABLE
1961	help
1962	  This kernel feature allows a bzImage to be loaded directly
1963	  by EFI firmware without the use of a bootloader.
1964
1965	  See Documentation/admin-guide/efi-stub.rst for more information.
1966
1967config EFI_MIXED
1968	bool "EFI mixed-mode support"
1969	depends on EFI_STUB && X86_64
1970	help
1971	  Enabling this feature allows a 64-bit kernel to be booted
1972	  on a 32-bit firmware, provided that your CPU supports 64-bit
1973	  mode.
1974
1975	  Note that it is not possible to boot a mixed-mode enabled
1976	  kernel via the EFI boot stub - a bootloader that supports
1977	  the EFI handover protocol must be used.
1978
1979	  If unsure, say N.
1980
1981source "kernel/Kconfig.hz"
1982
1983config KEXEC
1984	bool "kexec system call"
1985	select KEXEC_CORE
1986	help
1987	  kexec is a system call that implements the ability to shutdown your
1988	  current kernel, and to start another kernel.  It is like a reboot
1989	  but it is independent of the system firmware.   And like a reboot
1990	  you can start any kernel with it, not just Linux.
1991
1992	  The name comes from the similarity to the exec system call.
1993
1994	  It is an ongoing process to be certain the hardware in a machine
1995	  is properly shutdown, so do not be surprised if this code does not
1996	  initially work for you.  As of this writing the exact hardware
1997	  interface is strongly in flux, so no good recommendation can be
1998	  made.
1999
2000config KEXEC_FILE
2001	bool "kexec file based system call"
2002	select KEXEC_CORE
2003	select HAVE_IMA_KEXEC if IMA
2004	depends on X86_64
2005	depends on CRYPTO=y
2006	depends on CRYPTO_SHA256=y
2007	help
2008	  This is new version of kexec system call. This system call is
2009	  file based and takes file descriptors as system call argument
2010	  for kernel and initramfs as opposed to list of segments as
2011	  accepted by previous system call.
2012
2013config ARCH_HAS_KEXEC_PURGATORY
2014	def_bool KEXEC_FILE
2015
2016config KEXEC_SIG
2017	bool "Verify kernel signature during kexec_file_load() syscall"
2018	depends on KEXEC_FILE
2019	help
2020
2021	  This option makes the kexec_file_load() syscall check for a valid
2022	  signature of the kernel image.  The image can still be loaded without
2023	  a valid signature unless you also enable KEXEC_SIG_FORCE, though if
2024	  there's a signature that we can check, then it must be valid.
2025
2026	  In addition to this option, you need to enable signature
2027	  verification for the corresponding kernel image type being
2028	  loaded in order for this to work.
2029
2030config KEXEC_SIG_FORCE
2031	bool "Require a valid signature in kexec_file_load() syscall"
2032	depends on KEXEC_SIG
2033	help
2034	  This option makes kernel signature verification mandatory for
2035	  the kexec_file_load() syscall.
2036
2037config KEXEC_BZIMAGE_VERIFY_SIG
2038	bool "Enable bzImage signature verification support"
2039	depends on KEXEC_SIG
2040	depends on SIGNED_PE_FILE_VERIFICATION
2041	select SYSTEM_TRUSTED_KEYRING
2042	help
2043	  Enable bzImage signature verification support.
2044
2045config CRASH_DUMP
2046	bool "kernel crash dumps"
2047	depends on X86_64 || (X86_32 && HIGHMEM)
2048	help
2049	  Generate crash dump after being started by kexec.
2050	  This should be normally only set in special crash dump kernels
2051	  which are loaded in the main kernel with kexec-tools into
2052	  a specially reserved region and then later executed after
2053	  a crash by kdump/kexec. The crash dump kernel must be compiled
2054	  to a memory address not used by the main kernel or BIOS using
2055	  PHYSICAL_START, or it must be built as a relocatable image
2056	  (CONFIG_RELOCATABLE=y).
2057	  For more details see Documentation/admin-guide/kdump/kdump.rst
2058
2059config KEXEC_JUMP
2060	bool "kexec jump"
2061	depends on KEXEC && HIBERNATION
2062	help
2063	  Jump between original kernel and kexeced kernel and invoke
2064	  code in physical address mode via KEXEC
2065
2066config PHYSICAL_START
2067	hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
2068	default "0x1000000"
2069	help
2070	  This gives the physical address where the kernel is loaded.
2071
2072	  If kernel is a not relocatable (CONFIG_RELOCATABLE=n) then
2073	  bzImage will decompress itself to above physical address and
2074	  run from there. Otherwise, bzImage will run from the address where
2075	  it has been loaded by the boot loader and will ignore above physical
2076	  address.
2077
2078	  In normal kdump cases one does not have to set/change this option
2079	  as now bzImage can be compiled as a completely relocatable image
2080	  (CONFIG_RELOCATABLE=y) and be used to load and run from a different
2081	  address. This option is mainly useful for the folks who don't want
2082	  to use a bzImage for capturing the crash dump and want to use a
2083	  vmlinux instead. vmlinux is not relocatable hence a kernel needs
2084	  to be specifically compiled to run from a specific memory area
2085	  (normally a reserved region) and this option comes handy.
2086
2087	  So if you are using bzImage for capturing the crash dump,
2088	  leave the value here unchanged to 0x1000000 and set
2089	  CONFIG_RELOCATABLE=y.  Otherwise if you plan to use vmlinux
2090	  for capturing the crash dump change this value to start of
2091	  the reserved region.  In other words, it can be set based on
2092	  the "X" value as specified in the "crashkernel=YM@XM"
2093	  command line boot parameter passed to the panic-ed
2094	  kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
2095	  for more details about crash dumps.
2096
2097	  Usage of bzImage for capturing the crash dump is recommended as
2098	  one does not have to build two kernels. Same kernel can be used
2099	  as production kernel and capture kernel. Above option should have
2100	  gone away after relocatable bzImage support is introduced. But it
2101	  is present because there are users out there who continue to use
2102	  vmlinux for dump capture. This option should go away down the
2103	  line.
2104
2105	  Don't change this unless you know what you are doing.
2106
2107config RELOCATABLE
2108	bool "Build a relocatable kernel"
2109	default y
2110	help
2111	  This builds a kernel image that retains relocation information
2112	  so it can be loaded someplace besides the default 1MB.
2113	  The relocations tend to make the kernel binary about 10% larger,
2114	  but are discarded at runtime.
2115
2116	  One use is for the kexec on panic case where the recovery kernel
2117	  must live at a different physical address than the primary
2118	  kernel.
2119
2120	  Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
2121	  it has been loaded at and the compile time physical address
2122	  (CONFIG_PHYSICAL_START) is used as the minimum location.
2123
2124config RANDOMIZE_BASE
2125	bool "Randomize the address of the kernel image (KASLR)"
2126	depends on RELOCATABLE
2127	default y
2128	help
2129	  In support of Kernel Address Space Layout Randomization (KASLR),
2130	  this randomizes the physical address at which the kernel image
2131	  is decompressed and the virtual address where the kernel
2132	  image is mapped, as a security feature that deters exploit
2133	  attempts relying on knowledge of the location of kernel
2134	  code internals.
2135
2136	  On 64-bit, the kernel physical and virtual addresses are
2137	  randomized separately. The physical address will be anywhere
2138	  between 16MB and the top of physical memory (up to 64TB). The
2139	  virtual address will be randomized from 16MB up to 1GB (9 bits
2140	  of entropy). Note that this also reduces the memory space
2141	  available to kernel modules from 1.5GB to 1GB.
2142
2143	  On 32-bit, the kernel physical and virtual addresses are
2144	  randomized together. They will be randomized from 16MB up to
2145	  512MB (8 bits of entropy).
2146
2147	  Entropy is generated using the RDRAND instruction if it is
2148	  supported. If RDTSC is supported, its value is mixed into
2149	  the entropy pool as well. If neither RDRAND nor RDTSC are
2150	  supported, then entropy is read from the i8254 timer. The
2151	  usable entropy is limited by the kernel being built using
2152	  2GB addressing, and that PHYSICAL_ALIGN must be at a
2153	  minimum of 2MB. As a result, only 10 bits of entropy are
2154	  theoretically possible, but the implementations are further
2155	  limited due to memory layouts.
2156
2157	  If unsure, say Y.
2158
2159# Relocation on x86 needs some additional build support
2160config X86_NEED_RELOCS
2161	def_bool y
2162	depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
2163
2164config PHYSICAL_ALIGN
2165	hex "Alignment value to which kernel should be aligned"
2166	default "0x200000"
2167	range 0x2000 0x1000000 if X86_32
2168	range 0x200000 0x1000000 if X86_64
2169	help
2170	  This value puts the alignment restrictions on physical address
2171	  where kernel is loaded and run from. Kernel is compiled for an
2172	  address which meets above alignment restriction.
2173
2174	  If bootloader loads the kernel at a non-aligned address and
2175	  CONFIG_RELOCATABLE is set, kernel will move itself to nearest
2176	  address aligned to above value and run from there.
2177
2178	  If bootloader loads the kernel at a non-aligned address and
2179	  CONFIG_RELOCATABLE is not set, kernel will ignore the run time
2180	  load address and decompress itself to the address it has been
2181	  compiled for and run from there. The address for which kernel is
2182	  compiled already meets above alignment restrictions. Hence the
2183	  end result is that kernel runs from a physical address meeting
2184	  above alignment restrictions.
2185
2186	  On 32-bit this value must be a multiple of 0x2000. On 64-bit
2187	  this value must be a multiple of 0x200000.
2188
2189	  Don't change this unless you know what you are doing.
2190
2191config DYNAMIC_MEMORY_LAYOUT
2192	bool
2193	help
2194	  This option makes base addresses of vmalloc and vmemmap as well as
2195	  __PAGE_OFFSET movable during boot.
2196
2197config RANDOMIZE_MEMORY
2198	bool "Randomize the kernel memory sections"
2199	depends on X86_64
2200	depends on RANDOMIZE_BASE
2201	select DYNAMIC_MEMORY_LAYOUT
2202	default RANDOMIZE_BASE
2203	help
2204	  Randomizes the base virtual address of kernel memory sections
2205	  (physical memory mapping, vmalloc & vmemmap). This security feature
2206	  makes exploits relying on predictable memory locations less reliable.
2207
2208	  The order of allocations remains unchanged. Entropy is generated in
2209	  the same way as RANDOMIZE_BASE. Current implementation in the optimal
2210	  configuration have in average 30,000 different possible virtual
2211	  addresses for each memory section.
2212
2213	  If unsure, say Y.
2214
2215config RANDOMIZE_MEMORY_PHYSICAL_PADDING
2216	hex "Physical memory mapping padding" if EXPERT
2217	depends on RANDOMIZE_MEMORY
2218	default "0xa" if MEMORY_HOTPLUG
2219	default "0x0"
2220	range 0x1 0x40 if MEMORY_HOTPLUG
2221	range 0x0 0x40
2222	help
2223	  Define the padding in terabytes added to the existing physical
2224	  memory size during kernel memory randomization. It is useful
2225	  for memory hotplug support but reduces the entropy available for
2226	  address randomization.
2227
2228	  If unsure, leave at the default value.
2229
2230config HOTPLUG_CPU
2231	def_bool y
2232	depends on SMP
2233
2234config BOOTPARAM_HOTPLUG_CPU0
2235	bool "Set default setting of cpu0_hotpluggable"
2236	depends on HOTPLUG_CPU
2237	help
2238	  Set whether default state of cpu0_hotpluggable is on or off.
2239
2240	  Say Y here to enable CPU0 hotplug by default. If this switch
2241	  is turned on, there is no need to give cpu0_hotplug kernel
2242	  parameter and the CPU0 hotplug feature is enabled by default.
2243
2244	  Please note: there are two known CPU0 dependencies if you want
2245	  to enable the CPU0 hotplug feature either by this switch or by
2246	  cpu0_hotplug kernel parameter.
2247
2248	  First, resume from hibernate or suspend always starts from CPU0.
2249	  So hibernate and suspend are prevented if CPU0 is offline.
2250
2251	  Second dependency is PIC interrupts always go to CPU0. CPU0 can not
2252	  offline if any interrupt can not migrate out of CPU0. There may
2253	  be other CPU0 dependencies.
2254
2255	  Please make sure the dependencies are under your control before
2256	  you enable this feature.
2257
2258	  Say N if you don't want to enable CPU0 hotplug feature by default.
2259	  You still can enable the CPU0 hotplug feature at boot by kernel
2260	  parameter cpu0_hotplug.
2261
2262config DEBUG_HOTPLUG_CPU0
2263	def_bool n
2264	prompt "Debug CPU0 hotplug"
2265	depends on HOTPLUG_CPU
2266	help
2267	  Enabling this option offlines CPU0 (if CPU0 can be offlined) as
2268	  soon as possible and boots up userspace with CPU0 offlined. User
2269	  can online CPU0 back after boot time.
2270
2271	  To debug CPU0 hotplug, you need to enable CPU0 offline/online
2272	  feature by either turning on CONFIG_BOOTPARAM_HOTPLUG_CPU0 during
2273	  compilation or giving cpu0_hotplug kernel parameter at boot.
2274
2275	  If unsure, say N.
2276
2277config COMPAT_VDSO
2278	def_bool n
2279	prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
2280	depends on COMPAT_32
2281	help
2282	  Certain buggy versions of glibc will crash if they are
2283	  presented with a 32-bit vDSO that is not mapped at the address
2284	  indicated in its segment table.
2285
2286	  The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
2287	  and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
2288	  49ad572a70b8aeb91e57483a11dd1b77e31c4468.  Glibc 2.3.3 is
2289	  the only released version with the bug, but OpenSUSE 9
2290	  contains a buggy "glibc 2.3.2".
2291
2292	  The symptom of the bug is that everything crashes on startup, saying:
2293	  dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
2294
2295	  Saying Y here changes the default value of the vdso32 boot
2296	  option from 1 to 0, which turns off the 32-bit vDSO entirely.
2297	  This works around the glibc bug but hurts performance.
2298
2299	  If unsure, say N: if you are compiling your own kernel, you
2300	  are unlikely to be using a buggy version of glibc.
2301
2302choice
2303	prompt "vsyscall table for legacy applications"
2304	depends on X86_64
2305	default LEGACY_VSYSCALL_XONLY
2306	help
2307	  Legacy user code that does not know how to find the vDSO expects
2308	  to be able to issue three syscalls by calling fixed addresses in
2309	  kernel space. Since this location is not randomized with ASLR,
2310	  it can be used to assist security vulnerability exploitation.
2311
2312	  This setting can be changed at boot time via the kernel command
2313	  line parameter vsyscall=[emulate|xonly|none].  Emulate mode
2314	  is deprecated and can only be enabled using the kernel command
2315	  line.
2316
2317	  On a system with recent enough glibc (2.14 or newer) and no
2318	  static binaries, you can say None without a performance penalty
2319	  to improve security.
2320
2321	  If unsure, select "Emulate execution only".
2322
2323	config LEGACY_VSYSCALL_XONLY
2324		bool "Emulate execution only"
2325		help
2326		  The kernel traps and emulates calls into the fixed vsyscall
2327		  address mapping and does not allow reads.  This
2328		  configuration is recommended when userspace might use the
2329		  legacy vsyscall area but support for legacy binary
2330		  instrumentation of legacy code is not needed.  It mitigates
2331		  certain uses of the vsyscall area as an ASLR-bypassing
2332		  buffer.
2333
2334	config LEGACY_VSYSCALL_NONE
2335		bool "None"
2336		help
2337		  There will be no vsyscall mapping at all. This will
2338		  eliminate any risk of ASLR bypass due to the vsyscall
2339		  fixed address mapping. Attempts to use the vsyscalls
2340		  will be reported to dmesg, so that either old or
2341		  malicious userspace programs can be identified.
2342
2343endchoice
2344
2345config CMDLINE_BOOL
2346	bool "Built-in kernel command line"
2347	help
2348	  Allow for specifying boot arguments to the kernel at
2349	  build time.  On some systems (e.g. embedded ones), it is
2350	  necessary or convenient to provide some or all of the
2351	  kernel boot arguments with the kernel itself (that is,
2352	  to not rely on the boot loader to provide them.)
2353
2354	  To compile command line arguments into the kernel,
2355	  set this option to 'Y', then fill in the
2356	  boot arguments in CONFIG_CMDLINE.
2357
2358	  Systems with fully functional boot loaders (i.e. non-embedded)
2359	  should leave this option set to 'N'.
2360
2361config CMDLINE
2362	string "Built-in kernel command string"
2363	depends on CMDLINE_BOOL
2364	default ""
2365	help
2366	  Enter arguments here that should be compiled into the kernel
2367	  image and used at boot time.  If the boot loader provides a
2368	  command line at boot time, it is appended to this string to
2369	  form the full kernel command line, when the system boots.
2370
2371	  However, you can use the CONFIG_CMDLINE_OVERRIDE option to
2372	  change this behavior.
2373
2374	  In most cases, the command line (whether built-in or provided
2375	  by the boot loader) should specify the device for the root
2376	  file system.
2377
2378config CMDLINE_OVERRIDE
2379	bool "Built-in command line overrides boot loader arguments"
2380	depends on CMDLINE_BOOL && CMDLINE != ""
2381	help
2382	  Set this option to 'Y' to have the kernel ignore the boot loader
2383	  command line, and use ONLY the built-in command line.
2384
2385	  This is used to work around broken boot loaders.  This should
2386	  be set to 'N' under normal conditions.
2387
2388config MODIFY_LDT_SYSCALL
2389	bool "Enable the LDT (local descriptor table)" if EXPERT
2390	default y
2391	help
2392	  Linux can allow user programs to install a per-process x86
2393	  Local Descriptor Table (LDT) using the modify_ldt(2) system
2394	  call.  This is required to run 16-bit or segmented code such as
2395	  DOSEMU or some Wine programs.  It is also used by some very old
2396	  threading libraries.
2397
2398	  Enabling this feature adds a small amount of overhead to
2399	  context switches and increases the low-level kernel attack
2400	  surface.  Disabling it removes the modify_ldt(2) system call.
2401
2402	  Saying 'N' here may make sense for embedded or server kernels.
2403
2404config STRICT_SIGALTSTACK_SIZE
2405	bool "Enforce strict size checking for sigaltstack"
2406	depends on DYNAMIC_SIGFRAME
2407	help
2408	  For historical reasons MINSIGSTKSZ is a constant which became
2409	  already too small with AVX512 support. Add a mechanism to
2410	  enforce strict checking of the sigaltstack size against the
2411	  real size of the FPU frame. This option enables the check
2412	  by default. It can also be controlled via the kernel command
2413	  line option 'strict_sas_size' independent of this config
2414	  switch. Enabling it might break existing applications which
2415	  allocate a too small sigaltstack but 'work' because they
2416	  never get a signal delivered.
2417
2418	  Say 'N' unless you want to really enforce this check.
2419
2420source "kernel/livepatch/Kconfig"
2421
2422endmenu
2423
2424config CC_HAS_SLS
2425	def_bool $(cc-option,-mharden-sls=all)
2426
2427config CC_HAS_RETURN_THUNK
2428	def_bool $(cc-option,-mfunction-return=thunk-extern)
2429
2430menuconfig SPECULATION_MITIGATIONS
2431	bool "Mitigations for speculative execution vulnerabilities"
2432	default y
2433	help
2434	  Say Y here to enable options which enable mitigations for
2435	  speculative execution hardware vulnerabilities.
2436
2437	  If you say N, all mitigations will be disabled. You really
2438	  should know what you are doing to say so.
2439
2440if SPECULATION_MITIGATIONS
2441
2442config PAGE_TABLE_ISOLATION
2443	bool "Remove the kernel mapping in user mode"
2444	default y
2445	depends on (X86_64 || X86_PAE)
2446	help
2447	  This feature reduces the number of hardware side channels by
2448	  ensuring that the majority of kernel addresses are not mapped
2449	  into userspace.
2450
2451	  See Documentation/x86/pti.rst for more details.
2452
2453config RETPOLINE
2454	bool "Avoid speculative indirect branches in kernel"
2455	select OBJTOOL if HAVE_OBJTOOL
2456	default y
2457	help
2458	  Compile kernel with the retpoline compiler options to guard against
2459	  kernel-to-user data leaks by avoiding speculative indirect
2460	  branches. Requires a compiler with -mindirect-branch=thunk-extern
2461	  support for full protection. The kernel may run slower.
2462
2463config RETHUNK
2464	bool "Enable return-thunks"
2465	depends on RETPOLINE && CC_HAS_RETURN_THUNK
2466	select OBJTOOL if HAVE_OBJTOOL
2467	default y if X86_64
2468	help
2469	  Compile the kernel with the return-thunks compiler option to guard
2470	  against kernel-to-user data leaks by avoiding return speculation.
2471	  Requires a compiler with -mfunction-return=thunk-extern
2472	  support for full protection. The kernel may run slower.
2473
2474config CPU_UNRET_ENTRY
2475	bool "Enable UNRET on kernel entry"
2476	depends on CPU_SUP_AMD && RETHUNK && X86_64
2477	default y
2478	help
2479	  Compile the kernel with support for the retbleed=unret mitigation.
2480
2481config CPU_IBPB_ENTRY
2482	bool "Enable IBPB on kernel entry"
2483	depends on CPU_SUP_AMD && X86_64
2484	default y
2485	help
2486	  Compile the kernel with support for the retbleed=ibpb mitigation.
2487
2488config CPU_IBRS_ENTRY
2489	bool "Enable IBRS on kernel entry"
2490	depends on CPU_SUP_INTEL && X86_64
2491	default y
2492	help
2493	  Compile the kernel with support for the spectre_v2=ibrs mitigation.
2494	  This mitigates both spectre_v2 and retbleed at great cost to
2495	  performance.
2496
2497config SLS
2498	bool "Mitigate Straight-Line-Speculation"
2499	depends on CC_HAS_SLS && X86_64
2500	select OBJTOOL if HAVE_OBJTOOL
2501	default n
2502	help
2503	  Compile the kernel with straight-line-speculation options to guard
2504	  against straight line speculation. The kernel image might be slightly
2505	  larger.
2506
2507endif
2508
2509config ARCH_HAS_ADD_PAGES
2510	def_bool y
2511	depends on ARCH_ENABLE_MEMORY_HOTPLUG
2512
2513config ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE
2514	def_bool y
2515
2516menu "Power management and ACPI options"
2517
2518config ARCH_HIBERNATION_HEADER
2519	def_bool y
2520	depends on HIBERNATION
2521
2522source "kernel/power/Kconfig"
2523
2524source "drivers/acpi/Kconfig"
2525
2526config X86_APM_BOOT
2527	def_bool y
2528	depends on APM
2529
2530menuconfig APM
2531	tristate "APM (Advanced Power Management) BIOS support"
2532	depends on X86_32 && PM_SLEEP
2533	help
2534	  APM is a BIOS specification for saving power using several different
2535	  techniques. This is mostly useful for battery powered laptops with
2536	  APM compliant BIOSes. If you say Y here, the system time will be
2537	  reset after a RESUME operation, the /proc/apm device will provide
2538	  battery status information, and user-space programs will receive
2539	  notification of APM "events" (e.g. battery status change).
2540
2541	  If you select "Y" here, you can disable actual use of the APM
2542	  BIOS by passing the "apm=off" option to the kernel at boot time.
2543
2544	  Note that the APM support is almost completely disabled for
2545	  machines with more than one CPU.
2546
2547	  In order to use APM, you will need supporting software. For location
2548	  and more information, read <file:Documentation/power/apm-acpi.rst>
2549	  and the Battery Powered Linux mini-HOWTO, available from
2550	  <http://www.tldp.org/docs.html#howto>.
2551
2552	  This driver does not spin down disk drives (see the hdparm(8)
2553	  manpage ("man 8 hdparm") for that), and it doesn't turn off
2554	  VESA-compliant "green" monitors.
2555
2556	  This driver does not support the TI 4000M TravelMate and the ACER
2557	  486/DX4/75 because they don't have compliant BIOSes. Many "green"
2558	  desktop machines also don't have compliant BIOSes, and this driver
2559	  may cause those machines to panic during the boot phase.
2560
2561	  Generally, if you don't have a battery in your machine, there isn't
2562	  much point in using this driver and you should say N. If you get
2563	  random kernel OOPSes or reboots that don't seem to be related to
2564	  anything, try disabling/enabling this option (or disabling/enabling
2565	  APM in your BIOS).
2566
2567	  Some other things you should try when experiencing seemingly random,
2568	  "weird" problems:
2569
2570	  1) make sure that you have enough swap space and that it is
2571	  enabled.
2572	  2) pass the "no-hlt" option to the kernel
2573	  3) switch on floating point emulation in the kernel and pass
2574	  the "no387" option to the kernel
2575	  4) pass the "floppy=nodma" option to the kernel
2576	  5) pass the "mem=4M" option to the kernel (thereby disabling
2577	  all but the first 4 MB of RAM)
2578	  6) make sure that the CPU is not over clocked.
2579	  7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
2580	  8) disable the cache from your BIOS settings
2581	  9) install a fan for the video card or exchange video RAM
2582	  10) install a better fan for the CPU
2583	  11) exchange RAM chips
2584	  12) exchange the motherboard.
2585
2586	  To compile this driver as a module, choose M here: the
2587	  module will be called apm.
2588
2589if APM
2590
2591config APM_IGNORE_USER_SUSPEND
2592	bool "Ignore USER SUSPEND"
2593	help
2594	  This option will ignore USER SUSPEND requests. On machines with a
2595	  compliant APM BIOS, you want to say N. However, on the NEC Versa M
2596	  series notebooks, it is necessary to say Y because of a BIOS bug.
2597
2598config APM_DO_ENABLE
2599	bool "Enable PM at boot time"
2600	help
2601	  Enable APM features at boot time. From page 36 of the APM BIOS
2602	  specification: "When disabled, the APM BIOS does not automatically
2603	  power manage devices, enter the Standby State, enter the Suspend
2604	  State, or take power saving steps in response to CPU Idle calls."
2605	  This driver will make CPU Idle calls when Linux is idle (unless this
2606	  feature is turned off -- see "Do CPU IDLE calls", below). This
2607	  should always save battery power, but more complicated APM features
2608	  will be dependent on your BIOS implementation. You may need to turn
2609	  this option off if your computer hangs at boot time when using APM
2610	  support, or if it beeps continuously instead of suspending. Turn
2611	  this off if you have a NEC UltraLite Versa 33/C or a Toshiba
2612	  T400CDT. This is off by default since most machines do fine without
2613	  this feature.
2614
2615config APM_CPU_IDLE
2616	depends on CPU_IDLE
2617	bool "Make CPU Idle calls when idle"
2618	help
2619	  Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
2620	  On some machines, this can activate improved power savings, such as
2621	  a slowed CPU clock rate, when the machine is idle. These idle calls
2622	  are made after the idle loop has run for some length of time (e.g.,
2623	  333 mS). On some machines, this will cause a hang at boot time or
2624	  whenever the CPU becomes idle. (On machines with more than one CPU,
2625	  this option does nothing.)
2626
2627config APM_DISPLAY_BLANK
2628	bool "Enable console blanking using APM"
2629	help
2630	  Enable console blanking using the APM. Some laptops can use this to
2631	  turn off the LCD backlight when the screen blanker of the Linux
2632	  virtual console blanks the screen. Note that this is only used by
2633	  the virtual console screen blanker, and won't turn off the backlight
2634	  when using the X Window system. This also doesn't have anything to
2635	  do with your VESA-compliant power-saving monitor. Further, this
2636	  option doesn't work for all laptops -- it might not turn off your
2637	  backlight at all, or it might print a lot of errors to the console,
2638	  especially if you are using gpm.
2639
2640config APM_ALLOW_INTS
2641	bool "Allow interrupts during APM BIOS calls"
2642	help
2643	  Normally we disable external interrupts while we are making calls to
2644	  the APM BIOS as a measure to lessen the effects of a badly behaving
2645	  BIOS implementation.  The BIOS should reenable interrupts if it
2646	  needs to.  Unfortunately, some BIOSes do not -- especially those in
2647	  many of the newer IBM Thinkpads.  If you experience hangs when you
2648	  suspend, try setting this to Y.  Otherwise, say N.
2649
2650endif # APM
2651
2652source "drivers/cpufreq/Kconfig"
2653
2654source "drivers/cpuidle/Kconfig"
2655
2656source "drivers/idle/Kconfig"
2657
2658endmenu
2659
2660menu "Bus options (PCI etc.)"
2661
2662choice
2663	prompt "PCI access mode"
2664	depends on X86_32 && PCI
2665	default PCI_GOANY
2666	help
2667	  On PCI systems, the BIOS can be used to detect the PCI devices and
2668	  determine their configuration. However, some old PCI motherboards
2669	  have BIOS bugs and may crash if this is done. Also, some embedded
2670	  PCI-based systems don't have any BIOS at all. Linux can also try to
2671	  detect the PCI hardware directly without using the BIOS.
2672
2673	  With this option, you can specify how Linux should detect the
2674	  PCI devices. If you choose "BIOS", the BIOS will be used,
2675	  if you choose "Direct", the BIOS won't be used, and if you
2676	  choose "MMConfig", then PCI Express MMCONFIG will be used.
2677	  If you choose "Any", the kernel will try MMCONFIG, then the
2678	  direct access method and falls back to the BIOS if that doesn't
2679	  work. If unsure, go with the default, which is "Any".
2680
2681config PCI_GOBIOS
2682	bool "BIOS"
2683
2684config PCI_GOMMCONFIG
2685	bool "MMConfig"
2686
2687config PCI_GODIRECT
2688	bool "Direct"
2689
2690config PCI_GOOLPC
2691	bool "OLPC XO-1"
2692	depends on OLPC
2693
2694config PCI_GOANY
2695	bool "Any"
2696
2697endchoice
2698
2699config PCI_BIOS
2700	def_bool y
2701	depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
2702
2703# x86-64 doesn't support PCI BIOS access from long mode so always go direct.
2704config PCI_DIRECT
2705	def_bool y
2706	depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
2707
2708config PCI_MMCONFIG
2709	bool "Support mmconfig PCI config space access" if X86_64
2710	default y
2711	depends on PCI && (ACPI || JAILHOUSE_GUEST)
2712	depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
2713
2714config PCI_OLPC
2715	def_bool y
2716	depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
2717
2718config PCI_XEN
2719	def_bool y
2720	depends on PCI && XEN
2721
2722config MMCONF_FAM10H
2723	def_bool y
2724	depends on X86_64 && PCI_MMCONFIG && ACPI
2725
2726config PCI_CNB20LE_QUIRK
2727	bool "Read CNB20LE Host Bridge Windows" if EXPERT
2728	depends on PCI
2729	help
2730	  Read the PCI windows out of the CNB20LE host bridge. This allows
2731	  PCI hotplug to work on systems with the CNB20LE chipset which do
2732	  not have ACPI.
2733
2734	  There's no public spec for this chipset, and this functionality
2735	  is known to be incomplete.
2736
2737	  You should say N unless you know you need this.
2738
2739config ISA_BUS
2740	bool "ISA bus support on modern systems" if EXPERT
2741	help
2742	  Expose ISA bus device drivers and options available for selection and
2743	  configuration. Enable this option if your target machine has an ISA
2744	  bus. ISA is an older system, displaced by PCI and newer bus
2745	  architectures -- if your target machine is modern, it probably does
2746	  not have an ISA bus.
2747
2748	  If unsure, say N.
2749
2750# x86_64 have no ISA slots, but can have ISA-style DMA.
2751config ISA_DMA_API
2752	bool "ISA-style DMA support" if (X86_64 && EXPERT)
2753	default y
2754	help
2755	  Enables ISA-style DMA support for devices requiring such controllers.
2756	  If unsure, say Y.
2757
2758if X86_32
2759
2760config ISA
2761	bool "ISA support"
2762	help
2763	  Find out whether you have ISA slots on your motherboard.  ISA is the
2764	  name of a bus system, i.e. the way the CPU talks to the other stuff
2765	  inside your box.  Other bus systems are PCI, EISA, MicroChannel
2766	  (MCA) or VESA.  ISA is an older system, now being displaced by PCI;
2767	  newer boards don't support it.  If you have ISA, say Y, otherwise N.
2768
2769config SCx200
2770	tristate "NatSemi SCx200 support"
2771	help
2772	  This provides basic support for National Semiconductor's
2773	  (now AMD's) Geode processors.  The driver probes for the
2774	  PCI-IDs of several on-chip devices, so its a good dependency
2775	  for other scx200_* drivers.
2776
2777	  If compiled as a module, the driver is named scx200.
2778
2779config SCx200HR_TIMER
2780	tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
2781	depends on SCx200
2782	default y
2783	help
2784	  This driver provides a clocksource built upon the on-chip
2785	  27MHz high-resolution timer.  Its also a workaround for
2786	  NSC Geode SC-1100's buggy TSC, which loses time when the
2787	  processor goes idle (as is done by the scheduler).  The
2788	  other workaround is idle=poll boot option.
2789
2790config OLPC
2791	bool "One Laptop Per Child support"
2792	depends on !X86_PAE
2793	select GPIOLIB
2794	select OF
2795	select OF_PROMTREE
2796	select IRQ_DOMAIN
2797	select OLPC_EC
2798	help
2799	  Add support for detecting the unique features of the OLPC
2800	  XO hardware.
2801
2802config OLPC_XO1_PM
2803	bool "OLPC XO-1 Power Management"
2804	depends on OLPC && MFD_CS5535=y && PM_SLEEP
2805	help
2806	  Add support for poweroff and suspend of the OLPC XO-1 laptop.
2807
2808config OLPC_XO1_RTC
2809	bool "OLPC XO-1 Real Time Clock"
2810	depends on OLPC_XO1_PM && RTC_DRV_CMOS
2811	help
2812	  Add support for the XO-1 real time clock, which can be used as a
2813	  programmable wakeup source.
2814
2815config OLPC_XO1_SCI
2816	bool "OLPC XO-1 SCI extras"
2817	depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
2818	depends on INPUT=y
2819	select POWER_SUPPLY
2820	help
2821	  Add support for SCI-based features of the OLPC XO-1 laptop:
2822	   - EC-driven system wakeups
2823	   - Power button
2824	   - Ebook switch
2825	   - Lid switch
2826	   - AC adapter status updates
2827	   - Battery status updates
2828
2829config OLPC_XO15_SCI
2830	bool "OLPC XO-1.5 SCI extras"
2831	depends on OLPC && ACPI
2832	select POWER_SUPPLY
2833	help
2834	  Add support for SCI-based features of the OLPC XO-1.5 laptop:
2835	   - EC-driven system wakeups
2836	   - AC adapter status updates
2837	   - Battery status updates
2838
2839config ALIX
2840	bool "PCEngines ALIX System Support (LED setup)"
2841	select GPIOLIB
2842	help
2843	  This option enables system support for the PCEngines ALIX.
2844	  At present this just sets up LEDs for GPIO control on
2845	  ALIX2/3/6 boards.  However, other system specific setup should
2846	  get added here.
2847
2848	  Note: You must still enable the drivers for GPIO and LED support
2849	  (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
2850
2851	  Note: You have to set alix.force=1 for boards with Award BIOS.
2852
2853config NET5501
2854	bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
2855	select GPIOLIB
2856	help
2857	  This option enables system support for the Soekris Engineering net5501.
2858
2859config GEOS
2860	bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
2861	select GPIOLIB
2862	depends on DMI
2863	help
2864	  This option enables system support for the Traverse Technologies GEOS.
2865
2866config TS5500
2867	bool "Technologic Systems TS-5500 platform support"
2868	depends on MELAN
2869	select CHECK_SIGNATURE
2870	select NEW_LEDS
2871	select LEDS_CLASS
2872	help
2873	  This option enables system support for the Technologic Systems TS-5500.
2874
2875endif # X86_32
2876
2877config AMD_NB
2878	def_bool y
2879	depends on CPU_SUP_AMD && PCI
2880
2881endmenu
2882
2883menu "Binary Emulations"
2884
2885config IA32_EMULATION
2886	bool "IA32 Emulation"
2887	depends on X86_64
2888	select ARCH_WANT_OLD_COMPAT_IPC
2889	select BINFMT_ELF
2890	select COMPAT_OLD_SIGACTION
2891	help
2892	  Include code to run legacy 32-bit programs under a
2893	  64-bit kernel. You should likely turn this on, unless you're
2894	  100% sure that you don't have any 32-bit programs left.
2895
2896config X86_X32_ABI
2897	bool "x32 ABI for 64-bit mode"
2898	depends on X86_64
2899	# llvm-objcopy does not convert x86_64 .note.gnu.property or
2900	# compressed debug sections to x86_x32 properly:
2901	# https://github.com/ClangBuiltLinux/linux/issues/514
2902	# https://github.com/ClangBuiltLinux/linux/issues/1141
2903	depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm)
2904	help
2905	  Include code to run binaries for the x32 native 32-bit ABI
2906	  for 64-bit processors.  An x32 process gets access to the
2907	  full 64-bit register file and wide data path while leaving
2908	  pointers at 32 bits for smaller memory footprint.
2909
2910config COMPAT_32
2911	def_bool y
2912	depends on IA32_EMULATION || X86_32
2913	select HAVE_UID16
2914	select OLD_SIGSUSPEND3
2915
2916config COMPAT
2917	def_bool y
2918	depends on IA32_EMULATION || X86_X32_ABI
2919
2920config COMPAT_FOR_U64_ALIGNMENT
2921	def_bool y
2922	depends on COMPAT
2923
2924endmenu
2925
2926config HAVE_ATOMIC_IOMAP
2927	def_bool y
2928	depends on X86_32
2929
2930source "arch/x86/kvm/Kconfig"
2931
2932source "arch/x86/Kconfig.assembler"
2933