1 # SPDX-License-Identifier: GPL-2.0
4 bool "64-bit kernel" if "$(ARCH)" = "x86"
5 default "$(ARCH)" != "i386"
7 Say yes to build a 64-bit kernel - formerly known as x86_64
8 Say no to build a 32-bit kernel - formerly known as i386
13 # Options that are inherently 32-bit kernel only:
14 select ARCH_WANT_IPC_PARSE_VERSION
16 select CLONE_BACKWARDS
17 select HAVE_DEBUG_STACKOVERFLOW
18 select MODULES_USE_ELF_REL
20 select GENERIC_VDSO_32
25 # Options that are inherently 64-bit kernel only:
26 select ARCH_HAS_GIGANTIC_PAGE
27 select ARCH_SUPPORTS_INT128
28 select ARCH_USE_CMPXCHG_LOCKREF
29 select HAVE_ARCH_SOFT_DIRTY
30 select MODULES_USE_ELF_RELA
31 select NEED_DMA_MAP_STATE
33 select ARCH_HAS_SYSCALL_WRAPPER
35 config FORCE_DYNAMIC_FTRACE
38 depends on FUNCTION_TRACER
41 We keep the static function tracing (!DYNAMIC_FTRACE) around
42 in order to test the non static function tracing in the
43 generic code, as other architectures still use it. But we
44 only need to keep it around for x86_64. No need to keep it
45 for x86_32. For x86_32, force DYNAMIC_FTRACE.
49 # ( Note that options that are marked 'if X86_64' could in principle be
50 # ported to 32-bit as well. )
55 # Note: keep this list sorted alphabetically
57 select ACPI_LEGACY_TABLES_LOOKUP if ACPI
58 select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI
59 select ARCH_32BIT_OFF_T if X86_32
60 select ARCH_CLOCKSOURCE_DATA
61 select ARCH_CLOCKSOURCE_INIT
62 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
63 select ARCH_HAS_DEBUG_VIRTUAL
64 select ARCH_HAS_DEVMEM_IS_ALLOWED
65 select ARCH_HAS_ELF_RANDOMIZE
66 select ARCH_HAS_FAST_MULTIPLIER
67 select ARCH_HAS_FILTER_PGPROT
68 select ARCH_HAS_FORTIFY_SOURCE
69 select ARCH_HAS_GCOV_PROFILE_ALL
70 select ARCH_HAS_KCOV if X86_64
71 select ARCH_HAS_MEMBARRIER_SYNC_CORE
72 select ARCH_HAS_PMEM_API if X86_64
73 select ARCH_HAS_PTE_DEVMAP if X86_64
74 select ARCH_HAS_PTE_SPECIAL
75 select ARCH_HAS_REFCOUNT
76 select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64
77 select ARCH_HAS_UACCESS_MCSAFE if X86_64 && X86_MCE
78 select ARCH_HAS_SET_MEMORY
79 select ARCH_HAS_SET_DIRECT_MAP
80 select ARCH_HAS_STRICT_KERNEL_RWX
81 select ARCH_HAS_STRICT_MODULE_RWX
82 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
83 select ARCH_HAS_UBSAN_SANITIZE_ALL
84 select ARCH_HAVE_NMI_SAFE_CMPXCHG
85 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
86 select ARCH_MIGHT_HAVE_PC_PARPORT
87 select ARCH_MIGHT_HAVE_PC_SERIO
89 select ARCH_SUPPORTS_ACPI
90 select ARCH_SUPPORTS_ATOMIC_RMW
91 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64
92 select ARCH_USE_BUILTIN_BSWAP
93 select ARCH_USE_QUEUED_RWLOCKS
94 select ARCH_USE_QUEUED_SPINLOCKS
95 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
96 select ARCH_WANTS_DYNAMIC_TASK_STRUCT
97 select ARCH_WANT_HUGE_PMD_SHARE
98 select ARCH_WANTS_THP_SWAP if X86_64
99 select BUILDTIME_EXTABLE_SORT
101 select CLOCKSOURCE_VALIDATE_LAST_CYCLE
102 select CLOCKSOURCE_WATCHDOG
103 select DCACHE_WORD_ACCESS
104 select EDAC_ATOMIC_SCRUB
106 select GENERIC_CLOCKEVENTS
107 select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC)
108 select GENERIC_CLOCKEVENTS_MIN_ADJUST
109 select GENERIC_CMOS_UPDATE
110 select GENERIC_CPU_AUTOPROBE
111 select GENERIC_CPU_VULNERABILITIES
112 select GENERIC_EARLY_IOREMAP
113 select GENERIC_FIND_FIRST_BIT
115 select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP
116 select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC
117 select GENERIC_IRQ_MIGRATION if SMP
118 select GENERIC_IRQ_PROBE
119 select GENERIC_IRQ_RESERVATION_MODE
120 select GENERIC_IRQ_SHOW
121 select GENERIC_PENDING_IRQ if SMP
122 select GENERIC_SMP_IDLE_THREAD
123 select GENERIC_STRNCPY_FROM_USER
124 select GENERIC_STRNLEN_USER
125 select GENERIC_TIME_VSYSCALL
126 select GENERIC_GETTIMEOFDAY
127 select GUP_GET_PTE_LOW_HIGH if X86_PAE
128 select HARDLOCKUP_CHECK_TIMESTAMP if X86_64
129 select HAVE_ACPI_APEI if ACPI
130 select HAVE_ACPI_APEI_NMI if ACPI
131 select HAVE_ALIGNED_STRUCT_PAGE if SLUB
132 select HAVE_ARCH_AUDITSYSCALL
133 select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE
134 select HAVE_ARCH_JUMP_LABEL
135 select HAVE_ARCH_JUMP_LABEL_RELATIVE
136 select HAVE_ARCH_KASAN if X86_64
137 select HAVE_ARCH_KGDB
138 select HAVE_ARCH_MMAP_RND_BITS if MMU
139 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT
140 select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT
141 select HAVE_ARCH_PREL32_RELOCATIONS
142 select HAVE_ARCH_SECCOMP_FILTER
143 select HAVE_ARCH_THREAD_STRUCT_WHITELIST
144 select HAVE_ARCH_STACKLEAK
145 select HAVE_ARCH_TRACEHOOK
146 select HAVE_ARCH_TRANSPARENT_HUGEPAGE
147 select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
148 select HAVE_ARCH_VMAP_STACK if X86_64
149 select HAVE_ARCH_WITHIN_STACK_FRAMES
150 select HAVE_CMPXCHG_DOUBLE
151 select HAVE_CMPXCHG_LOCAL
152 select HAVE_CONTEXT_TRACKING if X86_64
153 select HAVE_COPY_THREAD_TLS
154 select HAVE_C_RECORDMCOUNT
155 select HAVE_DEBUG_KMEMLEAK
156 select HAVE_DMA_CONTIGUOUS
157 select HAVE_DYNAMIC_FTRACE
158 select HAVE_DYNAMIC_FTRACE_WITH_REGS
160 select HAVE_EFFICIENT_UNALIGNED_ACCESS
162 select HAVE_EXIT_THREAD
164 select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE
165 select HAVE_FTRACE_MCOUNT_RECORD
166 select HAVE_FUNCTION_GRAPH_TRACER
167 select HAVE_FUNCTION_TRACER
168 select HAVE_GCC_PLUGINS
169 select HAVE_HW_BREAKPOINT
171 select HAVE_IOREMAP_PROT
172 select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
173 select HAVE_IRQ_TIME_ACCOUNTING
174 select HAVE_KERNEL_BZIP2
175 select HAVE_KERNEL_GZIP
176 select HAVE_KERNEL_LZ4
177 select HAVE_KERNEL_LZMA
178 select HAVE_KERNEL_LZO
179 select HAVE_KERNEL_XZ
181 select HAVE_KPROBES_ON_FTRACE
182 select HAVE_FUNCTION_ERROR_INJECTION
183 select HAVE_KRETPROBES
185 select HAVE_LIVEPATCH if X86_64
186 select HAVE_MEMBLOCK_NODE_MAP
187 select HAVE_MIXED_BREAKPOINTS_REGS
188 select HAVE_MOD_ARCH_SPECIFIC
192 select HAVE_OPTPROBES
193 select HAVE_PCSPKR_PLATFORM
194 select HAVE_PERF_EVENTS
195 select HAVE_PERF_EVENTS_NMI
196 select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
198 select HAVE_PERF_REGS
199 select HAVE_PERF_USER_STACK_DUMP
200 select HAVE_RCU_TABLE_FREE if PARAVIRT
201 select HAVE_REGS_AND_STACK_ACCESS_API
202 select HAVE_RELIABLE_STACKTRACE if X86_64 && (UNWINDER_FRAME_POINTER || UNWINDER_ORC) && STACK_VALIDATION
203 select HAVE_FUNCTION_ARG_ACCESS_API
204 select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR
205 select HAVE_STACK_VALIDATION if X86_64
207 select HAVE_SYSCALL_TRACEPOINTS
208 select HAVE_UNSTABLE_SCHED_CLOCK
209 select HAVE_USER_RETURN_NOTIFIER
210 select HAVE_GENERIC_VDSO
211 select HOTPLUG_SMT if SMP
212 select IRQ_FORCED_THREADING
213 select NEED_SG_DMA_LENGTH
214 select PCI_DOMAINS if PCI
215 select PCI_LOCKLESS_CONFIG if PCI
218 select RTC_MC146818_LIB
221 select SYSCTL_EXCEPTION_TRACE
222 select THREAD_INFO_IN_TASK
223 select USER_STACKTRACE_SUPPORT
225 select X86_FEATURE_NAMES if PROC_FS
226 select PROC_PID_ARCH_STATUS if PROC_FS
228 config INSTRUCTION_DECODER
230 depends on KPROBES || PERF_EVENTS || UPROBES
234 default "elf32-i386" if X86_32
235 default "elf64-x86-64" if X86_64
237 config ARCH_DEFCONFIG
239 default "arch/x86/configs/i386_defconfig" if X86_32
240 default "arch/x86/configs/x86_64_defconfig" if X86_64
242 config LOCKDEP_SUPPORT
245 config STACKTRACE_SUPPORT
251 config ARCH_MMAP_RND_BITS_MIN
255 config ARCH_MMAP_RND_BITS_MAX
259 config ARCH_MMAP_RND_COMPAT_BITS_MIN
262 config ARCH_MMAP_RND_COMPAT_BITS_MAX
268 config GENERIC_ISA_DMA
270 depends on ISA_DMA_API
275 select GENERIC_BUG_RELATIVE_POINTERS if X86_64
277 config GENERIC_BUG_RELATIVE_POINTERS
280 config ARCH_MAY_HAVE_PC_FDC
282 depends on ISA_DMA_API
284 config GENERIC_CALIBRATE_DELAY
287 config ARCH_HAS_CPU_RELAX
290 config ARCH_HAS_CACHE_LINE_SIZE
293 config ARCH_HAS_FILTER_PGPROT
296 config HAVE_SETUP_PER_CPU_AREA
299 config NEED_PER_CPU_EMBED_FIRST_CHUNK
302 config NEED_PER_CPU_PAGE_FIRST_CHUNK
305 config ARCH_HIBERNATION_POSSIBLE
308 config ARCH_SUSPEND_POSSIBLE
311 config ARCH_WANT_GENERAL_HUGETLB
320 config ARCH_SUPPORTS_DEBUG_PAGEALLOC
323 config KASAN_SHADOW_OFFSET
326 default 0xdffffc0000000000
328 config HAVE_INTEL_TXT
330 depends on INTEL_IOMMU && ACPI
334 depends on X86_32 && SMP
338 depends on X86_64 && SMP
340 config X86_32_LAZY_GS
342 depends on X86_32 && !STACKPROTECTOR
344 config ARCH_SUPPORTS_UPROBES
347 config FIX_EARLYCON_MEM
350 config DYNAMIC_PHYSICAL_MASK
353 config PGTABLE_LEVELS
355 default 5 if X86_5LEVEL
360 config CC_HAS_SANE_STACKPROTECTOR
362 default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC)) if 64BIT
363 default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC))
365 We have to make sure stack protector is unconditionally disabled if
366 the compiler produces broken code.
368 menu "Processor type and features"
371 bool "DMA memory allocation support" if EXPERT
374 DMA memory allocation support allows devices with less than 32-bit
375 addressing to allocate within the first 16MB of address space.
376 Disable if no such devices will be used.
381 bool "Symmetric multi-processing support"
383 This enables support for systems with more than one CPU. If you have
384 a system with only one CPU, say N. If you have a system with more
387 If you say N here, the kernel will run on uni- and multiprocessor
388 machines, but will use only one CPU of a multiprocessor machine. If
389 you say Y here, the kernel will run on many, but not all,
390 uniprocessor machines. On a uniprocessor machine, the kernel
391 will run faster if you say N here.
393 Note that if you say Y here and choose architecture "586" or
394 "Pentium" under "Processor family", the kernel will not work on 486
395 architectures. Similarly, multiprocessor kernels for the "PPro"
396 architecture may not work on all Pentium based boards.
398 People using multiprocessor machines who say Y here should also say
399 Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
400 Management" code will be disabled if you say Y here.
402 See also <file:Documentation/x86/i386/IO-APIC.rst>,
403 <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
404 <http://www.tldp.org/docs.html#howto>.
406 If you don't know what to do here, say N.
408 config X86_FEATURE_NAMES
409 bool "Processor feature human-readable names" if EMBEDDED
412 This option compiles in a table of x86 feature bits and corresponding
413 names. This is required to support /proc/cpuinfo and a few kernel
414 messages. You can disable this to save space, at the expense of
415 making those few kernel messages show numeric feature bits instead.
420 bool "Support x2apic"
421 depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
423 This enables x2apic support on CPUs that have this feature.
425 This allows 32-bit apic IDs (so it can support very large systems),
426 and accesses the local apic via MSRs not via mmio.
428 If you don't know what to do here, say N.
431 bool "Enable MPS table" if ACPI || SFI
433 depends on X86_LOCAL_APIC
435 For old smp systems that do not have proper acpi support. Newer systems
436 (esp with 64bit cpus) with acpi support, MADT and DSDT will override it
440 depends on X86_GOLDFISH
443 bool "Avoid speculative indirect branches in kernel"
445 select STACK_VALIDATION if HAVE_STACK_VALIDATION
447 Compile kernel with the retpoline compiler options to guard against
448 kernel-to-user data leaks by avoiding speculative indirect
449 branches. Requires a compiler with -mindirect-branch=thunk-extern
450 support for full protection. The kernel may run slower.
452 config X86_CPU_RESCTRL
453 bool "x86 CPU resource control support"
454 depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
457 Enable x86 CPU resource control support.
459 Provide support for the allocation and monitoring of system resources
462 Intel calls this Intel Resource Director Technology
463 (Intel(R) RDT). More information about RDT can be found in the
464 Intel x86 Architecture Software Developer Manual.
466 AMD calls this AMD Platform Quality of Service (AMD QoS).
467 More information about AMD QoS can be found in the AMD64 Technology
468 Platform Quality of Service Extensions manual.
474 bool "Support for big SMP systems with more than 8 CPUs"
477 This option is needed for the systems that have more than 8 CPUs
479 config X86_EXTENDED_PLATFORM
480 bool "Support for extended (non-PC) x86 platforms"
483 If you disable this option then the kernel will only support
484 standard PC platforms. (which covers the vast majority of
487 If you enable this option then you'll be able to select support
488 for the following (non-PC) 32 bit x86 platforms:
489 Goldfish (Android emulator)
492 SGI 320/540 (Visual Workstation)
493 STA2X11-based (e.g. Northville)
494 Moorestown MID devices
496 If you have one of these systems, or if you want to build a
497 generic distribution kernel, say Y here - otherwise say N.
501 config X86_EXTENDED_PLATFORM
502 bool "Support for extended (non-PC) x86 platforms"
505 If you disable this option then the kernel will only support
506 standard PC platforms. (which covers the vast majority of
509 If you enable this option then you'll be able to select support
510 for the following (non-PC) 64 bit x86 platforms:
515 If you have one of these systems, or if you want to build a
516 generic distribution kernel, say Y here - otherwise say N.
518 # This is an alphabetically sorted list of 64 bit extended platforms
519 # Please maintain the alphabetic order if and when there are additions
521 bool "Numascale NumaChip"
523 depends on X86_EXTENDED_PLATFORM
526 depends on X86_X2APIC
527 depends on PCI_MMCONFIG
529 Adds support for Numascale NumaChip large-SMP systems. Needed to
530 enable more than ~168 cores.
531 If you don't have one of these, you should say N here.
535 select HYPERVISOR_GUEST
537 depends on X86_64 && PCI
538 depends on X86_EXTENDED_PLATFORM
541 Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is
542 supposed to run on these EM64T-based machines. Only choose this option
543 if you have one of these machines.
546 bool "SGI Ultraviolet"
548 depends on X86_EXTENDED_PLATFORM
551 depends on X86_X2APIC
554 This option is needed in order to support SGI Ultraviolet systems.
555 If you don't have one of these, you should say N here.
557 # Following is an alphabetically sorted list of 32 bit extended platforms
558 # Please maintain the alphabetic order if and when there are additions
561 bool "Goldfish (Virtual Platform)"
562 depends on X86_EXTENDED_PLATFORM
564 Enable support for the Goldfish virtual platform used primarily
565 for Android development. Unless you are building for the Android
566 Goldfish emulator say N here.
569 bool "CE4100 TV platform"
571 depends on PCI_GODIRECT
572 depends on X86_IO_APIC
574 depends on X86_EXTENDED_PLATFORM
575 select X86_REBOOTFIXUPS
577 select OF_EARLY_FLATTREE
579 Select for the Intel CE media processor (CE4100) SOC.
580 This option compiles in support for the CE4100 SOC for settop
581 boxes and media devices.
584 bool "Intel MID platform support"
585 depends on X86_EXTENDED_PLATFORM
586 depends on X86_PLATFORM_DEVICES
588 depends on X86_64 || (PCI_GOANY && X86_32)
589 depends on X86_IO_APIC
595 select MFD_INTEL_MSIC
597 Select to build a kernel capable of supporting Intel MID (Mobile
598 Internet Device) platform systems which do not have the PCI legacy
599 interfaces. If you are building for a PC class system say N here.
601 Intel MID platforms are based on an Intel processor and chipset which
602 consume less power than most of the x86 derivatives.
604 config X86_INTEL_QUARK
605 bool "Intel Quark platform support"
607 depends on X86_EXTENDED_PLATFORM
608 depends on X86_PLATFORM_DEVICES
612 depends on X86_IO_APIC
617 Select to include support for Quark X1000 SoC.
618 Say Y here if you have a Quark based system such as the Arduino
619 compatible Intel Galileo.
621 config X86_INTEL_LPSS
622 bool "Intel Low Power Subsystem Support"
623 depends on X86 && ACPI && PCI
628 Select to build support for Intel Low Power Subsystem such as
629 found on Intel Lynxpoint PCH. Selecting this option enables
630 things like clock tree (common clock framework) and pincontrol
631 which are needed by the LPSS peripheral drivers.
633 config X86_AMD_PLATFORM_DEVICE
634 bool "AMD ACPI2Platform devices support"
639 Select to interpret AMD specific ACPI device to platform device
640 such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
641 I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
642 implemented under PINCTRL subsystem.
645 tristate "Intel SoC IOSF Sideband support for SoC platforms"
648 This option enables sideband register access support for Intel SoC
649 platforms. On these platforms the IOSF sideband is used in lieu of
650 MSR's for some register accesses, mostly but not limited to thermal
651 and power. Drivers may query the availability of this device to
652 determine if they need the sideband in order to work on these
653 platforms. The sideband is available on the following SoC products.
654 This list is not meant to be exclusive.
659 You should say Y if you are running a kernel on one of these SoC's.
661 config IOSF_MBI_DEBUG
662 bool "Enable IOSF sideband access through debugfs"
663 depends on IOSF_MBI && DEBUG_FS
665 Select this option to expose the IOSF sideband access registers (MCR,
666 MDR, MCRX) through debugfs to write and read register information from
667 different units on the SoC. This is most useful for obtaining device
668 state information for debug and analysis. As this is a general access
669 mechanism, users of this option would have specific knowledge of the
670 device they want to access.
672 If you don't require the option or are in doubt, say N.
675 bool "RDC R-321x SoC"
677 depends on X86_EXTENDED_PLATFORM
679 select X86_REBOOTFIXUPS
681 This option is needed for RDC R-321x system-on-chip, also known
683 If you don't have one of these chips, you should say N here.
685 config X86_32_NON_STANDARD
686 bool "Support non-standard 32-bit SMP architectures"
687 depends on X86_32 && SMP
688 depends on X86_EXTENDED_PLATFORM
690 This option compiles in the bigsmp and STA2X11 default
691 subarchitectures. It is intended for a generic binary
692 kernel. If you select them all, kernel will probe it one by
693 one and will fallback to default.
695 # Alphabetically sorted list of Non standard 32 bit platforms
697 config X86_SUPPORTS_MEMORY_FAILURE
699 # MCE code calls memory_failure():
701 # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
702 # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
703 depends on X86_64 || !SPARSEMEM
704 select ARCH_SUPPORTS_MEMORY_FAILURE
707 bool "STA2X11 Companion Chip Support"
708 depends on X86_32_NON_STANDARD && PCI
709 select ARCH_HAS_PHYS_TO_DMA
714 This adds support for boards based on the STA2X11 IO-Hub,
715 a.k.a. "ConneXt". The chip is used in place of the standard
716 PC chipset, so all "standard" peripherals are missing. If this
717 option is selected the kernel will still be able to boot on
718 standard PC machines.
721 tristate "Eurobraille/Iris poweroff module"
724 The Iris machines from EuroBraille do not have APM or ACPI support
725 to shut themselves down properly. A special I/O sequence is
726 needed to do so, which is what this module does at
729 This is only for Iris machines from EuroBraille.
733 config SCHED_OMIT_FRAME_POINTER
735 prompt "Single-depth WCHAN output"
738 Calculate simpler /proc/<PID>/wchan values. If this option
739 is disabled then wchan values will recurse back to the
740 caller function. This provides more accurate wchan values,
741 at the expense of slightly more scheduling overhead.
743 If in doubt, say "Y".
745 menuconfig HYPERVISOR_GUEST
746 bool "Linux guest support"
748 Say Y here to enable options for running Linux under various hyper-
749 visors. This option enables basic hypervisor detection and platform
752 If you say N, all options in this submenu will be skipped and
753 disabled, and Linux guest support won't be built in.
758 bool "Enable paravirtualization code"
760 This changes the kernel so it can modify itself when it is run
761 under a hypervisor, potentially improving performance significantly
762 over full virtualization. However, when run without a hypervisor
763 the kernel is theoretically slower and slightly larger.
768 config PARAVIRT_DEBUG
769 bool "paravirt-ops debugging"
770 depends on PARAVIRT && DEBUG_KERNEL
772 Enable to debug paravirt_ops internals. Specifically, BUG if
773 a paravirt_op is missing when it is called.
775 config PARAVIRT_SPINLOCKS
776 bool "Paravirtualization layer for spinlocks"
777 depends on PARAVIRT && SMP
779 Paravirtualized spinlocks allow a pvops backend to replace the
780 spinlock implementation with something virtualization-friendly
781 (for example, block the virtual CPU rather than spinning).
783 It has a minimal impact on native kernels and gives a nice performance
784 benefit on paravirtualized KVM / Xen kernels.
786 If you are unsure how to answer this question, answer Y.
788 config X86_HV_CALLBACK_VECTOR
791 source "arch/x86/xen/Kconfig"
794 bool "KVM Guest support (including kvmclock)"
796 select PARAVIRT_CLOCK
799 This option enables various optimizations for running under the KVM
800 hypervisor. It includes a paravirtualized clock, so that instead
801 of relying on a PIT (or probably other) emulation by the
802 underlying device model, the host provides the guest with
803 timing infrastructure such as time of day, and system time
806 bool "Support for running PVH guests"
808 This option enables the PVH entry point for guest virtual machines
809 as specified in the x86/HVM direct boot ABI.
812 bool "Enable debug information for KVM Guests in debugfs"
813 depends on KVM_GUEST && DEBUG_FS
815 This option enables collection of various statistics for KVM guest.
816 Statistics are displayed in debugfs filesystem. Enabling this option
817 may incur significant overhead.
819 config PARAVIRT_TIME_ACCOUNTING
820 bool "Paravirtual steal time accounting"
823 Select this option to enable fine granularity task steal time
824 accounting. Time spent executing other tasks in parallel with
825 the current vCPU is discounted from the vCPU power. To account for
826 that, there can be a small performance impact.
828 If in doubt, say N here.
830 config PARAVIRT_CLOCK
833 config JAILHOUSE_GUEST
834 bool "Jailhouse non-root cell support"
835 depends on X86_64 && PCI
838 This option allows to run Linux as guest in a Jailhouse non-root
839 cell. You can leave this option disabled if you only want to start
840 Jailhouse and run Linux afterwards in the root cell.
843 bool "ACRN Guest support"
845 select X86_HV_CALLBACK_VECTOR
847 This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
848 a flexible, lightweight reference open-source hypervisor, built with
849 real-time and safety-criticality in mind. It is built for embedded
850 IOT with small footprint and real-time features. More details can be
851 found in https://projectacrn.org/.
853 endif #HYPERVISOR_GUEST
855 source "arch/x86/Kconfig.cpu"
859 prompt "HPET Timer Support" if X86_32
861 Use the IA-PC HPET (High Precision Event Timer) to manage
862 time in preference to the PIT and RTC, if a HPET is
864 HPET is the next generation timer replacing legacy 8254s.
865 The HPET provides a stable time base on SMP
866 systems, unlike the TSC, but it is more expensive to access,
867 as it is off-chip. The interface used is documented
868 in the HPET spec, revision 1.
870 You can safely choose Y here. However, HPET will only be
871 activated if the platform and the BIOS support this feature.
872 Otherwise the 8254 will be used for timing services.
874 Choose N to continue using the legacy 8254 timer.
876 config HPET_EMULATE_RTC
878 depends on HPET_TIMER && (RTC=y || RTC=m || RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
881 def_bool y if X86_INTEL_MID
882 prompt "Intel MID APB Timer Support" if X86_INTEL_MID
884 depends on X86_INTEL_MID && SFI
886 APB timer is the replacement for 8254, HPET on X86 MID platforms.
887 The APBT provides a stable time base on SMP
888 systems, unlike the TSC, but it is more expensive to access,
889 as it is off-chip. APB timers are always running regardless of CPU
890 C states, they are used as per CPU clockevent device when possible.
892 # Mark as expert because too many people got it wrong.
893 # The code disables itself when not needed.
896 select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
897 bool "Enable DMI scanning" if EXPERT
899 Enabled scanning of DMI to identify machine quirks. Say Y
900 here unless you have verified that your setup is not
901 affected by entries in the DMI blacklist. Required by PNP
905 bool "Old AMD GART IOMMU support"
908 depends on X86_64 && PCI && AMD_NB
910 Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
911 GART based hardware IOMMUs.
913 The GART supports full DMA access for devices with 32-bit access
914 limitations, on systems with more than 3 GB. This is usually needed
915 for USB, sound, many IDE/SATA chipsets and some other devices.
917 Newer systems typically have a modern AMD IOMMU, supported via
918 the CONFIG_AMD_IOMMU=y config option.
920 In normal configurations this driver is only active when needed:
921 there's more than 3 GB of memory and the system contains a
922 32-bit limited device.
927 bool "IBM Calgary IOMMU support"
930 depends on X86_64 && PCI
932 Support for hardware IOMMUs in IBM's xSeries x366 and x460
933 systems. Needed to run systems with more than 3GB of memory
934 properly with 32-bit PCI devices that do not support DAC
935 (Double Address Cycle). Calgary also supports bus level
936 isolation, where all DMAs pass through the IOMMU. This
937 prevents them from going anywhere except their intended
938 destination. This catches hard-to-find kernel bugs and
939 mis-behaving drivers and devices that do not use the DMA-API
940 properly to set up their DMA buffers. The IOMMU can be
941 turned off at boot time with the iommu=off parameter.
942 Normally the kernel will make the right choice by itself.
945 config CALGARY_IOMMU_ENABLED_BY_DEFAULT
947 prompt "Should Calgary be enabled by default?"
948 depends on CALGARY_IOMMU
950 Should Calgary be enabled by default? if you choose 'y', Calgary
951 will be used (if it exists). If you choose 'n', Calgary will not be
952 used even if it exists. If you choose 'n' and would like to use
953 Calgary anyway, pass 'iommu=calgary' on the kernel command line.
957 bool "Enable Maximum number of SMP Processors and NUMA Nodes"
958 depends on X86_64 && SMP && DEBUG_KERNEL
959 select CPUMASK_OFFSTACK
961 Enable maximum number of CPUS and NUMA Nodes for this architecture.
965 # The maximum number of CPUs supported:
967 # The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
968 # and which can be configured interactively in the
969 # [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
971 # The ranges are different on 32-bit and 64-bit kernels, depending on
972 # hardware capabilities and scalability features of the kernel.
974 # ( If MAXSMP is enabled we just use the highest possible value and disable
975 # interactive configuration. )
978 config NR_CPUS_RANGE_BEGIN
980 default NR_CPUS_RANGE_END if MAXSMP
984 config NR_CPUS_RANGE_END
987 default 64 if SMP && X86_BIGSMP
988 default 8 if SMP && !X86_BIGSMP
991 config NR_CPUS_RANGE_END
994 default 8192 if SMP && ( MAXSMP || CPUMASK_OFFSTACK)
995 default 512 if SMP && (!MAXSMP && !CPUMASK_OFFSTACK)
998 config NR_CPUS_DEFAULT
1001 default 32 if X86_BIGSMP
1005 config NR_CPUS_DEFAULT
1008 default 8192 if MAXSMP
1013 int "Maximum number of CPUs" if SMP && !MAXSMP
1014 range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
1015 default NR_CPUS_DEFAULT
1017 This allows you to specify the maximum number of CPUs which this
1018 kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum
1019 supported value is 8192, otherwise the maximum value is 512. The
1020 minimum value which makes sense is 2.
1022 This is purely to save memory: each supported CPU adds about 8KB
1023 to the kernel image.
1030 prompt "Multi-core scheduler support"
1033 Multi-core scheduler support improves the CPU scheduler's decision
1034 making when dealing with multi-core CPU chips at a cost of slightly
1035 increased overhead in some places. If unsure say N here.
1037 config SCHED_MC_PRIO
1038 bool "CPU core priorities scheduler support"
1039 depends on SCHED_MC && CPU_SUP_INTEL
1040 select X86_INTEL_PSTATE
1044 Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
1045 core ordering determined at manufacturing time, which allows
1046 certain cores to reach higher turbo frequencies (when running
1047 single threaded workloads) than others.
1049 Enabling this kernel feature teaches the scheduler about
1050 the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
1051 scheduler's CPU selection logic accordingly, so that higher
1052 overall system performance can be achieved.
1054 This feature will have no effect on CPUs without this feature.
1056 If unsure say Y here.
1060 depends on !SMP && X86_LOCAL_APIC
1063 bool "Local APIC support on uniprocessors" if !PCI_MSI
1065 depends on X86_32 && !SMP && !X86_32_NON_STANDARD
1067 A local APIC (Advanced Programmable Interrupt Controller) is an
1068 integrated interrupt controller in the CPU. If you have a single-CPU
1069 system which has a processor with a local APIC, you can say Y here to
1070 enable and use it. If you say Y here even though your machine doesn't
1071 have a local APIC, then the kernel will still run with no slowdown at
1072 all. The local APIC supports CPU-generated self-interrupts (timer,
1073 performance counters), and the NMI watchdog which detects hard
1076 config X86_UP_IOAPIC
1077 bool "IO-APIC support on uniprocessors"
1078 depends on X86_UP_APIC
1080 An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
1081 SMP-capable replacement for PC-style interrupt controllers. Most
1082 SMP systems and many recent uniprocessor systems have one.
1084 If you have a single-CPU system with an IO-APIC, you can say Y here
1085 to use it. If you say Y here even though your machine doesn't have
1086 an IO-APIC, then the kernel will still run with no slowdown at all.
1088 config X86_LOCAL_APIC
1090 depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
1091 select IRQ_DOMAIN_HIERARCHY
1092 select PCI_MSI_IRQ_DOMAIN if PCI_MSI
1096 depends on X86_LOCAL_APIC || X86_UP_IOAPIC
1098 config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
1099 bool "Reroute for broken boot IRQs"
1100 depends on X86_IO_APIC
1102 This option enables a workaround that fixes a source of
1103 spurious interrupts. This is recommended when threaded
1104 interrupt handling is used on systems where the generation of
1105 superfluous "boot interrupts" cannot be disabled.
1107 Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
1108 entry in the chipset's IO-APIC is masked (as, e.g. the RT
1109 kernel does during interrupt handling). On chipsets where this
1110 boot IRQ generation cannot be disabled, this workaround keeps
1111 the original IRQ line masked so that only the equivalent "boot
1112 IRQ" is delivered to the CPUs. The workaround also tells the
1113 kernel to set up the IRQ handler on the boot IRQ line. In this
1114 way only one interrupt is delivered to the kernel. Otherwise
1115 the spurious second interrupt may cause the kernel to bring
1116 down (vital) interrupt lines.
1118 Only affects "broken" chipsets. Interrupt sharing may be
1119 increased on these systems.
1122 bool "Machine Check / overheating reporting"
1123 select GENERIC_ALLOCATOR
1126 Machine Check support allows the processor to notify the
1127 kernel if it detects a problem (e.g. overheating, data corruption).
1128 The action the kernel takes depends on the severity of the problem,
1129 ranging from warning messages to halting the machine.
1131 config X86_MCELOG_LEGACY
1132 bool "Support for deprecated /dev/mcelog character device"
1135 Enable support for /dev/mcelog which is needed by the old mcelog
1136 userspace logging daemon. Consider switching to the new generation
1139 config X86_MCE_INTEL
1141 prompt "Intel MCE features"
1142 depends on X86_MCE && X86_LOCAL_APIC
1144 Additional support for intel specific MCE features such as
1145 the thermal monitor.
1149 prompt "AMD MCE features"
1150 depends on X86_MCE && X86_LOCAL_APIC && AMD_NB
1152 Additional support for AMD specific MCE features such as
1153 the DRAM Error Threshold.
1155 config X86_ANCIENT_MCE
1156 bool "Support for old Pentium 5 / WinChip machine checks"
1157 depends on X86_32 && X86_MCE
1159 Include support for machine check handling on old Pentium 5 or WinChip
1160 systems. These typically need to be enabled explicitly on the command
1163 config X86_MCE_THRESHOLD
1164 depends on X86_MCE_AMD || X86_MCE_INTEL
1167 config X86_MCE_INJECT
1168 depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
1169 tristate "Machine check injector support"
1171 Provide support for injecting machine checks for testing purposes.
1172 If you don't know what a machine check is and you don't do kernel
1173 QA it is safe to say n.
1175 config X86_THERMAL_VECTOR
1177 depends on X86_MCE_INTEL
1179 source "arch/x86/events/Kconfig"
1181 config X86_LEGACY_VM86
1182 bool "Legacy VM86 support"
1185 This option allows user programs to put the CPU into V8086
1186 mode, which is an 80286-era approximation of 16-bit real mode.
1188 Some very old versions of X and/or vbetool require this option
1189 for user mode setting. Similarly, DOSEMU will use it if
1190 available to accelerate real mode DOS programs. However, any
1191 recent version of DOSEMU, X, or vbetool should be fully
1192 functional even without kernel VM86 support, as they will all
1193 fall back to software emulation. Nevertheless, if you are using
1194 a 16-bit DOS program where 16-bit performance matters, vm86
1195 mode might be faster than emulation and you might want to
1198 Note that any app that works on a 64-bit kernel is unlikely to
1199 need this option, as 64-bit kernels don't, and can't, support
1200 V8086 mode. This option is also unrelated to 16-bit protected
1201 mode and is not needed to run most 16-bit programs under Wine.
1203 Enabling this option increases the complexity of the kernel
1204 and slows down exception handling a tiny bit.
1206 If unsure, say N here.
1210 default X86_LEGACY_VM86
1213 bool "Enable support for 16-bit segments" if EXPERT
1215 depends on MODIFY_LDT_SYSCALL
1217 This option is required by programs like Wine to run 16-bit
1218 protected mode legacy code on x86 processors. Disabling
1219 this option saves about 300 bytes on i386, or around 6K text
1220 plus 16K runtime memory on x86-64,
1224 depends on X86_16BIT && X86_32
1228 depends on X86_16BIT && X86_64
1230 config X86_VSYSCALL_EMULATION
1231 bool "Enable vsyscall emulation" if EXPERT
1235 This enables emulation of the legacy vsyscall page. Disabling
1236 it is roughly equivalent to booting with vsyscall=none, except
1237 that it will also disable the helpful warning if a program
1238 tries to use a vsyscall. With this option set to N, offending
1239 programs will just segfault, citing addresses of the form
1242 This option is required by many programs built before 2013, and
1243 care should be used even with newer programs if set to N.
1245 Disabling this option saves about 7K of kernel size and
1246 possibly 4K of additional runtime pagetable memory.
1249 tristate "Toshiba Laptop support"
1252 This adds a driver to safely access the System Management Mode of
1253 the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
1254 not work on models with a Phoenix BIOS. The System Management Mode
1255 is used to set the BIOS and power saving options on Toshiba portables.
1257 For information on utilities to make use of this driver see the
1258 Toshiba Linux utilities web site at:
1259 <http://www.buzzard.org.uk/toshiba/>.
1261 Say Y if you intend to run this kernel on a Toshiba portable.
1265 tristate "Dell i8k legacy laptop support"
1267 select SENSORS_DELL_SMM
1269 This option enables legacy /proc/i8k userspace interface in hwmon
1270 dell-smm-hwmon driver. Character file /proc/i8k reports bios version,
1271 temperature and allows controlling fan speeds of Dell laptops via
1272 System Management Mode. For old Dell laptops (like Dell Inspiron 8000)
1273 it reports also power and hotkey status. For fan speed control is
1274 needed userspace package i8kutils.
1276 Say Y if you intend to run this kernel on old Dell laptops or want to
1277 use userspace package i8kutils.
1280 config X86_REBOOTFIXUPS
1281 bool "Enable X86 board specific fixups for reboot"
1284 This enables chipset and/or board specific fixups to be done
1285 in order to get reboot to work correctly. This is only needed on
1286 some combinations of hardware and BIOS. The symptom, for which
1287 this config is intended, is when reboot ends with a stalled/hung
1290 Currently, the only fixup is for the Geode machines using
1291 CS5530A and CS5536 chipsets and the RDC R-321x SoC.
1293 Say Y if you want to enable the fixup. Currently, it's safe to
1294 enable this option even if you don't need it.
1298 bool "CPU microcode loading support"
1300 depends on CPU_SUP_AMD || CPU_SUP_INTEL
1303 If you say Y here, you will be able to update the microcode on
1304 Intel and AMD processors. The Intel support is for the IA32 family,
1305 e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, Xeon etc. The
1306 AMD support is for families 0x10 and later. You will obviously need
1307 the actual microcode binary data itself which is not shipped with
1310 The preferred method to load microcode from a detached initrd is described
1311 in Documentation/x86/microcode.rst. For that you need to enable
1312 CONFIG_BLK_DEV_INITRD in order for the loader to be able to scan the
1313 initrd for microcode blobs.
1315 In addition, you can build the microcode into the kernel. For that you
1316 need to add the vendor-supplied microcode to the CONFIG_EXTRA_FIRMWARE
1319 config MICROCODE_INTEL
1320 bool "Intel microcode loading support"
1321 depends on MICROCODE
1325 This options enables microcode patch loading support for Intel
1328 For the current Intel microcode data package go to
1329 <https://downloadcenter.intel.com> and search for
1330 'Linux Processor Microcode Data File'.
1332 config MICROCODE_AMD
1333 bool "AMD microcode loading support"
1334 depends on MICROCODE
1337 If you select this option, microcode patch loading support for AMD
1338 processors will be enabled.
1340 config MICROCODE_OLD_INTERFACE
1341 bool "Ancient loading interface (DEPRECATED)"
1343 depends on MICROCODE
1345 DO NOT USE THIS! This is the ancient /dev/cpu/microcode interface
1346 which was used by userspace tools like iucode_tool and microcode.ctl.
1347 It is inadequate because it runs too late to be able to properly
1348 load microcode on a machine and it needs special tools. Instead, you
1349 should've switched to the early loading method with the initrd or
1350 builtin microcode by now: Documentation/x86/microcode.rst
1353 tristate "/dev/cpu/*/msr - Model-specific register support"
1355 This device gives privileged processes access to the x86
1356 Model-Specific Registers (MSRs). It is a character device with
1357 major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
1358 MSR accesses are directed to a specific CPU on multi-processor
1362 tristate "/dev/cpu/*/cpuid - CPU information support"
1364 This device gives processes access to the x86 CPUID instruction to
1365 be executed on a specific processor. It is a character device
1366 with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
1370 prompt "High Memory Support"
1377 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
1378 However, the address space of 32-bit x86 processors is only 4
1379 Gigabytes large. That means that, if you have a large amount of
1380 physical memory, not all of it can be "permanently mapped" by the
1381 kernel. The physical memory that's not permanently mapped is called
1384 If you are compiling a kernel which will never run on a machine with
1385 more than 1 Gigabyte total physical RAM, answer "off" here (default
1386 choice and suitable for most users). This will result in a "3GB/1GB"
1387 split: 3GB are mapped so that each process sees a 3GB virtual memory
1388 space and the remaining part of the 4GB virtual memory space is used
1389 by the kernel to permanently map as much physical memory as
1392 If the machine has between 1 and 4 Gigabytes physical RAM, then
1395 If more than 4 Gigabytes is used then answer "64GB" here. This
1396 selection turns Intel PAE (Physical Address Extension) mode on.
1397 PAE implements 3-level paging on IA32 processors. PAE is fully
1398 supported by Linux, PAE mode is implemented on all recent Intel
1399 processors (Pentium Pro and better). NOTE: If you say "64GB" here,
1400 then the kernel will not boot on CPUs that don't support PAE!
1402 The actual amount of total physical memory will either be
1403 auto detected or can be forced by using a kernel command line option
1404 such as "mem=256M". (Try "man bootparam" or see the documentation of
1405 your boot loader (lilo or loadlin) about how to pass options to the
1406 kernel at boot time.)
1408 If unsure, say "off".
1413 Select this if you have a 32-bit processor and between 1 and 4
1414 gigabytes of physical RAM.
1418 depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !WINCHIP3D && !MK6
1421 Select this if you have a 32-bit processor and more than 4
1422 gigabytes of physical RAM.
1427 prompt "Memory split" if EXPERT
1431 Select the desired split between kernel and user memory.
1433 If the address range available to the kernel is less than the
1434 physical memory installed, the remaining memory will be available
1435 as "high memory". Accessing high memory is a little more costly
1436 than low memory, as it needs to be mapped into the kernel first.
1437 Note that increasing the kernel address space limits the range
1438 available to user programs, making the address space there
1439 tighter. Selecting anything other than the default 3G/1G split
1440 will also likely make your kernel incompatible with binary-only
1443 If you are not absolutely sure what you are doing, leave this
1447 bool "3G/1G user/kernel split"
1448 config VMSPLIT_3G_OPT
1450 bool "3G/1G user/kernel split (for full 1G low memory)"
1452 bool "2G/2G user/kernel split"
1453 config VMSPLIT_2G_OPT
1455 bool "2G/2G user/kernel split (for full 2G low memory)"
1457 bool "1G/3G user/kernel split"
1462 default 0xB0000000 if VMSPLIT_3G_OPT
1463 default 0x80000000 if VMSPLIT_2G
1464 default 0x78000000 if VMSPLIT_2G_OPT
1465 default 0x40000000 if VMSPLIT_1G
1471 depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
1474 bool "PAE (Physical Address Extension) Support"
1475 depends on X86_32 && !HIGHMEM4G
1476 select PHYS_ADDR_T_64BIT
1479 PAE is required for NX support, and furthermore enables
1480 larger swapspace support for non-overcommit purposes. It
1481 has the cost of more pagetable lookup overhead, and also
1482 consumes more pagetable space per process.
1485 bool "Enable 5-level page tables support"
1486 select DYNAMIC_MEMORY_LAYOUT
1487 select SPARSEMEM_VMEMMAP
1490 5-level paging enables access to larger address space:
1491 upto 128 PiB of virtual address space and 4 PiB of
1492 physical address space.
1494 It will be supported by future Intel CPUs.
1496 A kernel with the option enabled can be booted on machines that
1497 support 4- or 5-level paging.
1499 See Documentation/x86/x86_64/5level-paging.rst for more
1504 config X86_DIRECT_GBPAGES
1506 depends on X86_64 && !DEBUG_PAGEALLOC
1508 Certain kernel features effectively disable kernel
1509 linear 1 GB mappings (even if the CPU otherwise
1510 supports them), so don't confuse the user by printing
1511 that we have them enabled.
1513 config X86_CPA_STATISTICS
1514 bool "Enable statistic for Change Page Attribute"
1517 Expose statistics about the Change Page Attribute mechanims, which
1518 helps to determine the effectiveness of preserving large and huge
1519 page mappings when mapping protections are changed.
1521 config ARCH_HAS_MEM_ENCRYPT
1524 config AMD_MEM_ENCRYPT
1525 bool "AMD Secure Memory Encryption (SME) support"
1526 depends on X86_64 && CPU_SUP_AMD
1527 select DYNAMIC_PHYSICAL_MASK
1528 select ARCH_USE_MEMREMAP_PROT
1529 select ARCH_HAS_FORCE_DMA_UNENCRYPTED
1531 Say yes to enable support for the encryption of system memory.
1532 This requires an AMD processor that supports Secure Memory
1535 config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
1536 bool "Activate AMD Secure Memory Encryption (SME) by default"
1538 depends on AMD_MEM_ENCRYPT
1540 Say yes to have system memory encrypted by default if running on
1541 an AMD processor that supports Secure Memory Encryption (SME).
1543 If set to Y, then the encryption of system memory can be
1544 deactivated with the mem_encrypt=off command line option.
1546 If set to N, then the encryption of system memory can be
1547 activated with the mem_encrypt=on command line option.
1549 # Common NUMA Features
1551 bool "Numa Memory Allocation and Scheduler Support"
1553 depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
1554 default y if X86_BIGSMP
1556 Enable NUMA (Non Uniform Memory Access) support.
1558 The kernel will try to allocate memory used by a CPU on the
1559 local memory controller of the CPU and add some more
1560 NUMA awareness to the kernel.
1562 For 64-bit this is recommended if the system is Intel Core i7
1563 (or later), AMD Opteron, or EM64T NUMA.
1565 For 32-bit this is only needed if you boot a 32-bit
1566 kernel on a 64-bit NUMA platform.
1568 Otherwise, you should say N.
1572 prompt "Old style AMD Opteron NUMA detection"
1573 depends on X86_64 && NUMA && PCI
1575 Enable AMD NUMA node topology detection. You should say Y here if
1576 you have a multi processor AMD system. This uses an old method to
1577 read the NUMA configuration directly from the builtin Northbridge
1578 of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
1579 which also takes priority if both are compiled in.
1581 config X86_64_ACPI_NUMA
1583 prompt "ACPI NUMA detection"
1584 depends on X86_64 && NUMA && ACPI && PCI
1587 Enable ACPI SRAT based node topology detection.
1589 # Some NUMA nodes have memory ranges that span
1590 # other nodes. Even though a pfn is valid and
1591 # between a node's start and end pfns, it may not
1592 # reside on that node. See memmap_init_zone()
1594 config NODES_SPAN_OTHER_NODES
1596 depends on X86_64_ACPI_NUMA
1599 bool "NUMA emulation"
1602 Enable NUMA emulation. A flat machine will be split
1603 into virtual nodes when booted with "numa=fake=N", where N is the
1604 number of nodes. This is only useful for debugging.
1607 int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
1609 default "10" if MAXSMP
1610 default "6" if X86_64
1612 depends on NEED_MULTIPLE_NODES
1614 Specify the maximum number of NUMA Nodes available on the target
1615 system. Increases memory reserved to accommodate various tables.
1617 config ARCH_HAVE_MEMORY_PRESENT
1619 depends on X86_32 && DISCONTIGMEM
1621 config ARCH_FLATMEM_ENABLE
1623 depends on X86_32 && !NUMA
1625 config ARCH_DISCONTIGMEM_ENABLE
1627 depends on NUMA && X86_32
1630 config ARCH_SPARSEMEM_ENABLE
1632 depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD
1633 select SPARSEMEM_STATIC if X86_32
1634 select SPARSEMEM_VMEMMAP_ENABLE if X86_64
1636 config ARCH_SPARSEMEM_DEFAULT
1637 def_bool X86_64 || (NUMA && X86_32)
1639 config ARCH_SELECT_MEMORY_MODEL
1641 depends on ARCH_SPARSEMEM_ENABLE
1643 config ARCH_MEMORY_PROBE
1644 bool "Enable sysfs memory/probe interface"
1645 depends on X86_64 && MEMORY_HOTPLUG
1647 This option enables a sysfs memory/probe interface for testing.
1648 See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
1649 If you are unsure how to answer this question, answer N.
1651 config ARCH_PROC_KCORE_TEXT
1653 depends on X86_64 && PROC_KCORE
1655 config ILLEGAL_POINTER_VALUE
1658 default 0xdead000000000000 if X86_64
1660 config X86_PMEM_LEGACY_DEVICE
1663 config X86_PMEM_LEGACY
1664 tristate "Support non-standard NVDIMMs and ADR protected memory"
1665 depends on PHYS_ADDR_T_64BIT
1667 select X86_PMEM_LEGACY_DEVICE
1670 Treat memory marked using the non-standard e820 type of 12 as used
1671 by the Intel Sandy Bridge-EP reference BIOS as protected memory.
1672 The kernel will offer these regions to the 'pmem' driver so
1673 they can be used for persistent storage.
1678 bool "Allocate 3rd-level pagetables from highmem"
1681 The VM uses one page table entry for each page of physical memory.
1682 For systems with a lot of RAM, this can be wasteful of precious
1683 low memory. Setting this option will put user-space page table
1684 entries in high memory.
1686 config X86_CHECK_BIOS_CORRUPTION
1687 bool "Check for low memory corruption"
1689 Periodically check for memory corruption in low memory, which
1690 is suspected to be caused by BIOS. Even when enabled in the
1691 configuration, it is disabled at runtime. Enable it by
1692 setting "memory_corruption_check=1" on the kernel command
1693 line. By default it scans the low 64k of memory every 60
1694 seconds; see the memory_corruption_check_size and
1695 memory_corruption_check_period parameters in
1696 Documentation/admin-guide/kernel-parameters.rst to adjust this.
1698 When enabled with the default parameters, this option has
1699 almost no overhead, as it reserves a relatively small amount
1700 of memory and scans it infrequently. It both detects corruption
1701 and prevents it from affecting the running system.
1703 It is, however, intended as a diagnostic tool; if repeatable
1704 BIOS-originated corruption always affects the same memory,
1705 you can use memmap= to prevent the kernel from using that
1708 config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
1709 bool "Set the default setting of memory_corruption_check"
1710 depends on X86_CHECK_BIOS_CORRUPTION
1713 Set whether the default state of memory_corruption_check is
1716 config X86_RESERVE_LOW
1717 int "Amount of low memory, in kilobytes, to reserve for the BIOS"
1721 Specify the amount of low memory to reserve for the BIOS.
1723 The first page contains BIOS data structures that the kernel
1724 must not use, so that page must always be reserved.
1726 By default we reserve the first 64K of physical RAM, as a
1727 number of BIOSes are known to corrupt that memory range
1728 during events such as suspend/resume or monitor cable
1729 insertion, so it must not be used by the kernel.
1731 You can set this to 4 if you are absolutely sure that you
1732 trust the BIOS to get all its memory reservations and usages
1733 right. If you know your BIOS have problems beyond the
1734 default 64K area, you can set this to 640 to avoid using the
1735 entire low memory range.
1737 If you have doubts about the BIOS (e.g. suspend/resume does
1738 not work or there's kernel crashes after certain hardware
1739 hotplug events) then you might want to enable
1740 X86_CHECK_BIOS_CORRUPTION=y to allow the kernel to check
1741 typical corruption patterns.
1743 Leave this to the default value of 64 if you are unsure.
1745 config MATH_EMULATION
1747 depends on MODIFY_LDT_SYSCALL
1748 prompt "Math emulation" if X86_32
1750 Linux can emulate a math coprocessor (used for floating point
1751 operations) if you don't have one. 486DX and Pentium processors have
1752 a math coprocessor built in, 486SX and 386 do not, unless you added
1753 a 487DX or 387, respectively. (The messages during boot time can
1754 give you some hints here ["man dmesg"].) Everyone needs either a
1755 coprocessor or this emulation.
1757 If you don't have a math coprocessor, you need to say Y here; if you
1758 say Y here even though you have a coprocessor, the coprocessor will
1759 be used nevertheless. (This behavior can be changed with the kernel
1760 command line option "no387", which comes handy if your coprocessor
1761 is broken. Try "man bootparam" or see the documentation of your boot
1762 loader (lilo or loadlin) about how to pass options to the kernel at
1763 boot time.) This means that it is a good idea to say Y here if you
1764 intend to use this kernel on different machines.
1766 More information about the internals of the Linux math coprocessor
1767 emulation can be found in <file:arch/x86/math-emu/README>.
1769 If you are not sure, say Y; apart from resulting in a 66 KB bigger
1770 kernel, it won't hurt.
1774 prompt "MTRR (Memory Type Range Register) support" if EXPERT
1776 On Intel P6 family processors (Pentium Pro, Pentium II and later)
1777 the Memory Type Range Registers (MTRRs) may be used to control
1778 processor access to memory ranges. This is most useful if you have
1779 a video (VGA) card on a PCI or AGP bus. Enabling write-combining
1780 allows bus write transfers to be combined into a larger transfer
1781 before bursting over the PCI/AGP bus. This can increase performance
1782 of image write operations 2.5 times or more. Saying Y here creates a
1783 /proc/mtrr file which may be used to manipulate your processor's
1784 MTRRs. Typically the X server should use this.
1786 This code has a reasonably generic interface so that similar
1787 control registers on other processors can be easily supported
1790 The Cyrix 6x86, 6x86MX and M II processors have Address Range
1791 Registers (ARRs) which provide a similar functionality to MTRRs. For
1792 these, the ARRs are used to emulate the MTRRs.
1793 The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
1794 MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
1795 write-combining. All of these processors are supported by this code
1796 and it makes sense to say Y here if you have one of them.
1798 Saying Y here also fixes a problem with buggy SMP BIOSes which only
1799 set the MTRRs for the boot CPU and not for the secondary CPUs. This
1800 can lead to all sorts of problems, so it's good to say Y here.
1802 You can safely say Y even if your machine doesn't have MTRRs, you'll
1803 just add about 9 KB to your kernel.
1805 See <file:Documentation/x86/mtrr.rst> for more information.
1807 config MTRR_SANITIZER
1809 prompt "MTRR cleanup support"
1812 Convert MTRR layout from continuous to discrete, so X drivers can
1813 add writeback entries.
1815 Can be disabled with disable_mtrr_cleanup on the kernel command line.
1816 The largest mtrr entry size for a continuous block can be set with
1821 config MTRR_SANITIZER_ENABLE_DEFAULT
1822 int "MTRR cleanup enable value (0-1)"
1825 depends on MTRR_SANITIZER
1827 Enable mtrr cleanup default value
1829 config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
1830 int "MTRR cleanup spare reg num (0-7)"
1833 depends on MTRR_SANITIZER
1835 mtrr cleanup spare entries default, it can be changed via
1836 mtrr_spare_reg_nr=N on the kernel command line.
1840 prompt "x86 PAT support" if EXPERT
1843 Use PAT attributes to setup page level cache control.
1845 PATs are the modern equivalents of MTRRs and are much more
1846 flexible than MTRRs.
1848 Say N here if you see bootup problems (boot crash, boot hang,
1849 spontaneous reboots) or a non-working video driver.
1853 config ARCH_USES_PG_UNCACHED
1859 prompt "x86 architectural random number generator" if EXPERT
1861 Enable the x86 architectural RDRAND instruction
1862 (Intel Bull Mountain technology) to generate random numbers.
1863 If supported, this is a high bandwidth, cryptographically
1864 secure hardware random number generator.
1868 prompt "Supervisor Mode Access Prevention" if EXPERT
1870 Supervisor Mode Access Prevention (SMAP) is a security
1871 feature in newer Intel processors. There is a small
1872 performance cost if this enabled and turned on; there is
1873 also a small increase in the kernel size if this is enabled.
1877 config X86_INTEL_UMIP
1879 depends on CPU_SUP_INTEL
1880 prompt "Intel User Mode Instruction Prevention" if EXPERT
1882 The User Mode Instruction Prevention (UMIP) is a security
1883 feature in newer Intel processors. If enabled, a general
1884 protection fault is issued if the SGDT, SLDT, SIDT, SMSW
1885 or STR instructions are executed in user mode. These instructions
1886 unnecessarily expose information about the hardware state.
1888 The vast majority of applications do not use these instructions.
1889 For the very few that do, software emulation is provided in
1890 specific cases in protected and virtual-8086 modes. Emulated
1893 config X86_INTEL_MPX
1894 prompt "Intel MPX (Memory Protection Extensions)"
1896 # Note: only available in 64-bit mode due to VMA flags shortage
1897 depends on CPU_SUP_INTEL && X86_64
1898 select ARCH_USES_HIGH_VMA_FLAGS
1900 MPX provides hardware features that can be used in
1901 conjunction with compiler-instrumented code to check
1902 memory references. It is designed to detect buffer
1903 overflow or underflow bugs.
1905 This option enables running applications which are
1906 instrumented or otherwise use MPX. It does not use MPX
1907 itself inside the kernel or to protect the kernel
1908 against bad memory references.
1910 Enabling this option will make the kernel larger:
1911 ~8k of kernel text and 36 bytes of data on a 64-bit
1912 defconfig. It adds a long to the 'mm_struct' which
1913 will increase the kernel memory overhead of each
1914 process and adds some branches to paths used during
1915 exec() and munmap().
1917 For details, see Documentation/x86/intel_mpx.rst
1921 config X86_INTEL_MEMORY_PROTECTION_KEYS
1922 prompt "Intel Memory Protection Keys"
1924 # Note: only available in 64-bit mode
1925 depends on CPU_SUP_INTEL && X86_64
1926 select ARCH_USES_HIGH_VMA_FLAGS
1927 select ARCH_HAS_PKEYS
1929 Memory Protection Keys provides a mechanism for enforcing
1930 page-based protections, but without requiring modification of the
1931 page tables when an application changes protection domains.
1933 For details, see Documentation/core-api/protection-keys.rst
1938 prompt "TSX enable mode"
1939 depends on CPU_SUP_INTEL
1940 default X86_INTEL_TSX_MODE_OFF
1942 Intel's TSX (Transactional Synchronization Extensions) feature
1943 allows to optimize locking protocols through lock elision which
1944 can lead to a noticeable performance boost.
1946 On the other hand it has been shown that TSX can be exploited
1947 to form side channel attacks (e.g. TAA) and chances are there
1948 will be more of those attacks discovered in the future.
1950 Therefore TSX is not enabled by default (aka tsx=off). An admin
1951 might override this decision by tsx=on the command line parameter.
1952 Even with TSX enabled, the kernel will attempt to enable the best
1953 possible TAA mitigation setting depending on the microcode available
1954 for the particular machine.
1956 This option allows to set the default tsx mode between tsx=on, =off
1957 and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
1960 Say off if not sure, auto if TSX is in use but it should be used on safe
1961 platforms or on if TSX is in use and the security aspect of tsx is not
1964 config X86_INTEL_TSX_MODE_OFF
1967 TSX is disabled if possible - equals to tsx=off command line parameter.
1969 config X86_INTEL_TSX_MODE_ON
1972 TSX is always enabled on TSX capable HW - equals the tsx=on command
1975 config X86_INTEL_TSX_MODE_AUTO
1978 TSX is enabled on TSX capable HW that is believed to be safe against
1979 side channel attacks- equals the tsx=auto command line parameter.
1983 bool "EFI runtime service support"
1986 select EFI_RUNTIME_WRAPPERS
1988 This enables the kernel to use EFI runtime services that are
1989 available (such as the EFI variable services).
1991 This option is only useful on systems that have EFI firmware.
1992 In addition, you should use the latest ELILO loader available
1993 at <http://elilo.sourceforge.net> in order to take advantage
1994 of EFI runtime services. However, even with this option, the
1995 resultant kernel should continue to boot on existing non-EFI
1999 bool "EFI stub support"
2000 depends on EFI && !X86_USE_3DNOW
2003 This kernel feature allows a bzImage to be loaded directly
2004 by EFI firmware without the use of a bootloader.
2006 See Documentation/admin-guide/efi-stub.rst for more information.
2009 bool "EFI mixed-mode support"
2010 depends on EFI_STUB && X86_64
2012 Enabling this feature allows a 64-bit kernel to be booted
2013 on a 32-bit firmware, provided that your CPU supports 64-bit
2016 Note that it is not possible to boot a mixed-mode enabled
2017 kernel via the EFI boot stub - a bootloader that supports
2018 the EFI handover protocol must be used.
2024 prompt "Enable seccomp to safely compute untrusted bytecode"
2026 This kernel feature is useful for number crunching applications
2027 that may need to compute untrusted bytecode during their
2028 execution. By using pipes or other transports made available to
2029 the process as file descriptors supporting the read/write
2030 syscalls, it's possible to isolate those applications in
2031 their own address space using seccomp. Once seccomp is
2032 enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
2033 and the task is only allowed to execute a few safe syscalls
2034 defined by each seccomp mode.
2036 If unsure, say Y. Only embedded should say N here.
2038 source "kernel/Kconfig.hz"
2041 bool "kexec system call"
2044 kexec is a system call that implements the ability to shutdown your
2045 current kernel, and to start another kernel. It is like a reboot
2046 but it is independent of the system firmware. And like a reboot
2047 you can start any kernel with it, not just Linux.
2049 The name comes from the similarity to the exec system call.
2051 It is an ongoing process to be certain the hardware in a machine
2052 is properly shutdown, so do not be surprised if this code does not
2053 initially work for you. As of this writing the exact hardware
2054 interface is strongly in flux, so no good recommendation can be
2058 bool "kexec file based system call"
2063 depends on CRYPTO_SHA256=y
2065 This is new version of kexec system call. This system call is
2066 file based and takes file descriptors as system call argument
2067 for kernel and initramfs as opposed to list of segments as
2068 accepted by previous system call.
2070 config ARCH_HAS_KEXEC_PURGATORY
2073 config KEXEC_VERIFY_SIG
2074 bool "Verify kernel signature during kexec_file_load() syscall"
2075 depends on KEXEC_FILE
2077 This option makes kernel signature verification mandatory for
2078 the kexec_file_load() syscall.
2080 In addition to that option, you need to enable signature
2081 verification for the corresponding kernel image type being
2082 loaded in order for this to work.
2084 config KEXEC_BZIMAGE_VERIFY_SIG
2085 bool "Enable bzImage signature verification support"
2086 depends on KEXEC_VERIFY_SIG
2087 depends on SIGNED_PE_FILE_VERIFICATION
2088 select SYSTEM_TRUSTED_KEYRING
2090 Enable bzImage signature verification support.
2093 bool "kernel crash dumps"
2094 depends on X86_64 || (X86_32 && HIGHMEM)
2096 Generate crash dump after being started by kexec.
2097 This should be normally only set in special crash dump kernels
2098 which are loaded in the main kernel with kexec-tools into
2099 a specially reserved region and then later executed after
2100 a crash by kdump/kexec. The crash dump kernel must be compiled
2101 to a memory address not used by the main kernel or BIOS using
2102 PHYSICAL_START, or it must be built as a relocatable image
2103 (CONFIG_RELOCATABLE=y).
2104 For more details see Documentation/admin-guide/kdump/kdump.rst
2108 depends on KEXEC && HIBERNATION
2110 Jump between original kernel and kexeced kernel and invoke
2111 code in physical address mode via KEXEC
2113 config PHYSICAL_START
2114 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
2117 This gives the physical address where the kernel is loaded.
2119 If kernel is a not relocatable (CONFIG_RELOCATABLE=n) then
2120 bzImage will decompress itself to above physical address and
2121 run from there. Otherwise, bzImage will run from the address where
2122 it has been loaded by the boot loader and will ignore above physical
2125 In normal kdump cases one does not have to set/change this option
2126 as now bzImage can be compiled as a completely relocatable image
2127 (CONFIG_RELOCATABLE=y) and be used to load and run from a different
2128 address. This option is mainly useful for the folks who don't want
2129 to use a bzImage for capturing the crash dump and want to use a
2130 vmlinux instead. vmlinux is not relocatable hence a kernel needs
2131 to be specifically compiled to run from a specific memory area
2132 (normally a reserved region) and this option comes handy.
2134 So if you are using bzImage for capturing the crash dump,
2135 leave the value here unchanged to 0x1000000 and set
2136 CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux
2137 for capturing the crash dump change this value to start of
2138 the reserved region. In other words, it can be set based on
2139 the "X" value as specified in the "crashkernel=YM@XM"
2140 command line boot parameter passed to the panic-ed
2141 kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
2142 for more details about crash dumps.
2144 Usage of bzImage for capturing the crash dump is recommended as
2145 one does not have to build two kernels. Same kernel can be used
2146 as production kernel and capture kernel. Above option should have
2147 gone away after relocatable bzImage support is introduced. But it
2148 is present because there are users out there who continue to use
2149 vmlinux for dump capture. This option should go away down the
2152 Don't change this unless you know what you are doing.
2155 bool "Build a relocatable kernel"
2158 This builds a kernel image that retains relocation information
2159 so it can be loaded someplace besides the default 1MB.
2160 The relocations tend to make the kernel binary about 10% larger,
2161 but are discarded at runtime.
2163 One use is for the kexec on panic case where the recovery kernel
2164 must live at a different physical address than the primary
2167 Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
2168 it has been loaded at and the compile time physical address
2169 (CONFIG_PHYSICAL_START) is used as the minimum location.
2171 config RANDOMIZE_BASE
2172 bool "Randomize the address of the kernel image (KASLR)"
2173 depends on RELOCATABLE
2176 In support of Kernel Address Space Layout Randomization (KASLR),
2177 this randomizes the physical address at which the kernel image
2178 is decompressed and the virtual address where the kernel
2179 image is mapped, as a security feature that deters exploit
2180 attempts relying on knowledge of the location of kernel
2183 On 64-bit, the kernel physical and virtual addresses are
2184 randomized separately. The physical address will be anywhere
2185 between 16MB and the top of physical memory (up to 64TB). The
2186 virtual address will be randomized from 16MB up to 1GB (9 bits
2187 of entropy). Note that this also reduces the memory space
2188 available to kernel modules from 1.5GB to 1GB.
2190 On 32-bit, the kernel physical and virtual addresses are
2191 randomized together. They will be randomized from 16MB up to
2192 512MB (8 bits of entropy).
2194 Entropy is generated using the RDRAND instruction if it is
2195 supported. If RDTSC is supported, its value is mixed into
2196 the entropy pool as well. If neither RDRAND nor RDTSC are
2197 supported, then entropy is read from the i8254 timer. The
2198 usable entropy is limited by the kernel being built using
2199 2GB addressing, and that PHYSICAL_ALIGN must be at a
2200 minimum of 2MB. As a result, only 10 bits of entropy are
2201 theoretically possible, but the implementations are further
2202 limited due to memory layouts.
2206 # Relocation on x86 needs some additional build support
2207 config X86_NEED_RELOCS
2209 depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
2211 config PHYSICAL_ALIGN
2212 hex "Alignment value to which kernel should be aligned"
2214 range 0x2000 0x1000000 if X86_32
2215 range 0x200000 0x1000000 if X86_64
2217 This value puts the alignment restrictions on physical address
2218 where kernel is loaded and run from. Kernel is compiled for an
2219 address which meets above alignment restriction.
2221 If bootloader loads the kernel at a non-aligned address and
2222 CONFIG_RELOCATABLE is set, kernel will move itself to nearest
2223 address aligned to above value and run from there.
2225 If bootloader loads the kernel at a non-aligned address and
2226 CONFIG_RELOCATABLE is not set, kernel will ignore the run time
2227 load address and decompress itself to the address it has been
2228 compiled for and run from there. The address for which kernel is
2229 compiled already meets above alignment restrictions. Hence the
2230 end result is that kernel runs from a physical address meeting
2231 above alignment restrictions.
2233 On 32-bit this value must be a multiple of 0x2000. On 64-bit
2234 this value must be a multiple of 0x200000.
2236 Don't change this unless you know what you are doing.
2238 config DYNAMIC_MEMORY_LAYOUT
2241 This option makes base addresses of vmalloc and vmemmap as well as
2242 __PAGE_OFFSET movable during boot.
2244 config RANDOMIZE_MEMORY
2245 bool "Randomize the kernel memory sections"
2247 depends on RANDOMIZE_BASE
2248 select DYNAMIC_MEMORY_LAYOUT
2249 default RANDOMIZE_BASE
2251 Randomizes the base virtual address of kernel memory sections
2252 (physical memory mapping, vmalloc & vmemmap). This security feature
2253 makes exploits relying on predictable memory locations less reliable.
2255 The order of allocations remains unchanged. Entropy is generated in
2256 the same way as RANDOMIZE_BASE. Current implementation in the optimal
2257 configuration have in average 30,000 different possible virtual
2258 addresses for each memory section.
2262 config RANDOMIZE_MEMORY_PHYSICAL_PADDING
2263 hex "Physical memory mapping padding" if EXPERT
2264 depends on RANDOMIZE_MEMORY
2265 default "0xa" if MEMORY_HOTPLUG
2267 range 0x1 0x40 if MEMORY_HOTPLUG
2270 Define the padding in terabytes added to the existing physical
2271 memory size during kernel memory randomization. It is useful
2272 for memory hotplug support but reduces the entropy available for
2273 address randomization.
2275 If unsure, leave at the default value.
2281 config BOOTPARAM_HOTPLUG_CPU0
2282 bool "Set default setting of cpu0_hotpluggable"
2283 depends on HOTPLUG_CPU
2285 Set whether default state of cpu0_hotpluggable is on or off.
2287 Say Y here to enable CPU0 hotplug by default. If this switch
2288 is turned on, there is no need to give cpu0_hotplug kernel
2289 parameter and the CPU0 hotplug feature is enabled by default.
2291 Please note: there are two known CPU0 dependencies if you want
2292 to enable the CPU0 hotplug feature either by this switch or by
2293 cpu0_hotplug kernel parameter.
2295 First, resume from hibernate or suspend always starts from CPU0.
2296 So hibernate and suspend are prevented if CPU0 is offline.
2298 Second dependency is PIC interrupts always go to CPU0. CPU0 can not
2299 offline if any interrupt can not migrate out of CPU0. There may
2300 be other CPU0 dependencies.
2302 Please make sure the dependencies are under your control before
2303 you enable this feature.
2305 Say N if you don't want to enable CPU0 hotplug feature by default.
2306 You still can enable the CPU0 hotplug feature at boot by kernel
2307 parameter cpu0_hotplug.
2309 config DEBUG_HOTPLUG_CPU0
2311 prompt "Debug CPU0 hotplug"
2312 depends on HOTPLUG_CPU
2314 Enabling this option offlines CPU0 (if CPU0 can be offlined) as
2315 soon as possible and boots up userspace with CPU0 offlined. User
2316 can online CPU0 back after boot time.
2318 To debug CPU0 hotplug, you need to enable CPU0 offline/online
2319 feature by either turning on CONFIG_BOOTPARAM_HOTPLUG_CPU0 during
2320 compilation or giving cpu0_hotplug kernel parameter at boot.
2326 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
2327 depends on COMPAT_32
2329 Certain buggy versions of glibc will crash if they are
2330 presented with a 32-bit vDSO that is not mapped at the address
2331 indicated in its segment table.
2333 The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
2334 and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
2335 49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is
2336 the only released version with the bug, but OpenSUSE 9
2337 contains a buggy "glibc 2.3.2".
2339 The symptom of the bug is that everything crashes on startup, saying:
2340 dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
2342 Saying Y here changes the default value of the vdso32 boot
2343 option from 1 to 0, which turns off the 32-bit vDSO entirely.
2344 This works around the glibc bug but hurts performance.
2346 If unsure, say N: if you are compiling your own kernel, you
2347 are unlikely to be using a buggy version of glibc.
2350 prompt "vsyscall table for legacy applications"
2352 default LEGACY_VSYSCALL_XONLY
2354 Legacy user code that does not know how to find the vDSO expects
2355 to be able to issue three syscalls by calling fixed addresses in
2356 kernel space. Since this location is not randomized with ASLR,
2357 it can be used to assist security vulnerability exploitation.
2359 This setting can be changed at boot time via the kernel command
2360 line parameter vsyscall=[emulate|xonly|none].
2362 On a system with recent enough glibc (2.14 or newer) and no
2363 static binaries, you can say None without a performance penalty
2364 to improve security.
2366 If unsure, select "Emulate execution only".
2368 config LEGACY_VSYSCALL_EMULATE
2369 bool "Full emulation"
2371 The kernel traps and emulates calls into the fixed vsyscall
2372 address mapping. This makes the mapping non-executable, but
2373 it still contains readable known contents, which could be
2374 used in certain rare security vulnerability exploits. This
2375 configuration is recommended when using legacy userspace
2376 that still uses vsyscalls along with legacy binary
2377 instrumentation tools that require code to be readable.
2379 An example of this type of legacy userspace is running
2380 Pin on an old binary that still uses vsyscalls.
2382 config LEGACY_VSYSCALL_XONLY
2383 bool "Emulate execution only"
2385 The kernel traps and emulates calls into the fixed vsyscall
2386 address mapping and does not allow reads. This
2387 configuration is recommended when userspace might use the
2388 legacy vsyscall area but support for legacy binary
2389 instrumentation of legacy code is not needed. It mitigates
2390 certain uses of the vsyscall area as an ASLR-bypassing
2393 config LEGACY_VSYSCALL_NONE
2396 There will be no vsyscall mapping at all. This will
2397 eliminate any risk of ASLR bypass due to the vsyscall
2398 fixed address mapping. Attempts to use the vsyscalls
2399 will be reported to dmesg, so that either old or
2400 malicious userspace programs can be identified.
2405 bool "Built-in kernel command line"
2407 Allow for specifying boot arguments to the kernel at
2408 build time. On some systems (e.g. embedded ones), it is
2409 necessary or convenient to provide some or all of the
2410 kernel boot arguments with the kernel itself (that is,
2411 to not rely on the boot loader to provide them.)
2413 To compile command line arguments into the kernel,
2414 set this option to 'Y', then fill in the
2415 boot arguments in CONFIG_CMDLINE.
2417 Systems with fully functional boot loaders (i.e. non-embedded)
2418 should leave this option set to 'N'.
2421 string "Built-in kernel command string"
2422 depends on CMDLINE_BOOL
2425 Enter arguments here that should be compiled into the kernel
2426 image and used at boot time. If the boot loader provides a
2427 command line at boot time, it is appended to this string to
2428 form the full kernel command line, when the system boots.
2430 However, you can use the CONFIG_CMDLINE_OVERRIDE option to
2431 change this behavior.
2433 In most cases, the command line (whether built-in or provided
2434 by the boot loader) should specify the device for the root
2437 config CMDLINE_OVERRIDE
2438 bool "Built-in command line overrides boot loader arguments"
2439 depends on CMDLINE_BOOL
2441 Set this option to 'Y' to have the kernel ignore the boot loader
2442 command line, and use ONLY the built-in command line.
2444 This is used to work around broken boot loaders. This should
2445 be set to 'N' under normal conditions.
2447 config MODIFY_LDT_SYSCALL
2448 bool "Enable the LDT (local descriptor table)" if EXPERT
2451 Linux can allow user programs to install a per-process x86
2452 Local Descriptor Table (LDT) using the modify_ldt(2) system
2453 call. This is required to run 16-bit or segmented code such as
2454 DOSEMU or some Wine programs. It is also used by some very old
2455 threading libraries.
2457 Enabling this feature adds a small amount of overhead to
2458 context switches and increases the low-level kernel attack
2459 surface. Disabling it removes the modify_ldt(2) system call.
2461 Saying 'N' here may make sense for embedded or server kernels.
2463 source "kernel/livepatch/Kconfig"
2467 config ARCH_HAS_ADD_PAGES
2469 depends on X86_64 && ARCH_ENABLE_MEMORY_HOTPLUG
2471 config ARCH_ENABLE_MEMORY_HOTPLUG
2473 depends on X86_64 || (X86_32 && HIGHMEM)
2475 config ARCH_ENABLE_MEMORY_HOTREMOVE
2477 depends on MEMORY_HOTPLUG
2479 config USE_PERCPU_NUMA_NODE_ID
2483 config ARCH_ENABLE_SPLIT_PMD_PTLOCK
2485 depends on X86_64 || X86_PAE
2487 config ARCH_ENABLE_HUGEPAGE_MIGRATION
2489 depends on X86_64 && HUGETLB_PAGE && MIGRATION
2491 config ARCH_ENABLE_THP_MIGRATION
2493 depends on X86_64 && TRANSPARENT_HUGEPAGE
2495 menu "Power management and ACPI options"
2497 config ARCH_HIBERNATION_HEADER
2499 depends on HIBERNATION
2501 source "kernel/power/Kconfig"
2503 source "drivers/acpi/Kconfig"
2505 source "drivers/sfi/Kconfig"
2512 tristate "APM (Advanced Power Management) BIOS support"
2513 depends on X86_32 && PM_SLEEP
2515 APM is a BIOS specification for saving power using several different
2516 techniques. This is mostly useful for battery powered laptops with
2517 APM compliant BIOSes. If you say Y here, the system time will be
2518 reset after a RESUME operation, the /proc/apm device will provide
2519 battery status information, and user-space programs will receive
2520 notification of APM "events" (e.g. battery status change).
2522 If you select "Y" here, you can disable actual use of the APM
2523 BIOS by passing the "apm=off" option to the kernel at boot time.
2525 Note that the APM support is almost completely disabled for
2526 machines with more than one CPU.
2528 In order to use APM, you will need supporting software. For location
2529 and more information, read <file:Documentation/power/apm-acpi.rst>
2530 and the Battery Powered Linux mini-HOWTO, available from
2531 <http://www.tldp.org/docs.html#howto>.
2533 This driver does not spin down disk drives (see the hdparm(8)
2534 manpage ("man 8 hdparm") for that), and it doesn't turn off
2535 VESA-compliant "green" monitors.
2537 This driver does not support the TI 4000M TravelMate and the ACER
2538 486/DX4/75 because they don't have compliant BIOSes. Many "green"
2539 desktop machines also don't have compliant BIOSes, and this driver
2540 may cause those machines to panic during the boot phase.
2542 Generally, if you don't have a battery in your machine, there isn't
2543 much point in using this driver and you should say N. If you get
2544 random kernel OOPSes or reboots that don't seem to be related to
2545 anything, try disabling/enabling this option (or disabling/enabling
2548 Some other things you should try when experiencing seemingly random,
2551 1) make sure that you have enough swap space and that it is
2553 2) pass the "no-hlt" option to the kernel
2554 3) switch on floating point emulation in the kernel and pass
2555 the "no387" option to the kernel
2556 4) pass the "floppy=nodma" option to the kernel
2557 5) pass the "mem=4M" option to the kernel (thereby disabling
2558 all but the first 4 MB of RAM)
2559 6) make sure that the CPU is not over clocked.
2560 7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
2561 8) disable the cache from your BIOS settings
2562 9) install a fan for the video card or exchange video RAM
2563 10) install a better fan for the CPU
2564 11) exchange RAM chips
2565 12) exchange the motherboard.
2567 To compile this driver as a module, choose M here: the
2568 module will be called apm.
2572 config APM_IGNORE_USER_SUSPEND
2573 bool "Ignore USER SUSPEND"
2575 This option will ignore USER SUSPEND requests. On machines with a
2576 compliant APM BIOS, you want to say N. However, on the NEC Versa M
2577 series notebooks, it is necessary to say Y because of a BIOS bug.
2579 config APM_DO_ENABLE
2580 bool "Enable PM at boot time"
2582 Enable APM features at boot time. From page 36 of the APM BIOS
2583 specification: "When disabled, the APM BIOS does not automatically
2584 power manage devices, enter the Standby State, enter the Suspend
2585 State, or take power saving steps in response to CPU Idle calls."
2586 This driver will make CPU Idle calls when Linux is idle (unless this
2587 feature is turned off -- see "Do CPU IDLE calls", below). This
2588 should always save battery power, but more complicated APM features
2589 will be dependent on your BIOS implementation. You may need to turn
2590 this option off if your computer hangs at boot time when using APM
2591 support, or if it beeps continuously instead of suspending. Turn
2592 this off if you have a NEC UltraLite Versa 33/C or a Toshiba
2593 T400CDT. This is off by default since most machines do fine without
2598 bool "Make CPU Idle calls when idle"
2600 Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
2601 On some machines, this can activate improved power savings, such as
2602 a slowed CPU clock rate, when the machine is idle. These idle calls
2603 are made after the idle loop has run for some length of time (e.g.,
2604 333 mS). On some machines, this will cause a hang at boot time or
2605 whenever the CPU becomes idle. (On machines with more than one CPU,
2606 this option does nothing.)
2608 config APM_DISPLAY_BLANK
2609 bool "Enable console blanking using APM"
2611 Enable console blanking using the APM. Some laptops can use this to
2612 turn off the LCD backlight when the screen blanker of the Linux
2613 virtual console blanks the screen. Note that this is only used by
2614 the virtual console screen blanker, and won't turn off the backlight
2615 when using the X Window system. This also doesn't have anything to
2616 do with your VESA-compliant power-saving monitor. Further, this
2617 option doesn't work for all laptops -- it might not turn off your
2618 backlight at all, or it might print a lot of errors to the console,
2619 especially if you are using gpm.
2621 config APM_ALLOW_INTS
2622 bool "Allow interrupts during APM BIOS calls"
2624 Normally we disable external interrupts while we are making calls to
2625 the APM BIOS as a measure to lessen the effects of a badly behaving
2626 BIOS implementation. The BIOS should reenable interrupts if it
2627 needs to. Unfortunately, some BIOSes do not -- especially those in
2628 many of the newer IBM Thinkpads. If you experience hangs when you
2629 suspend, try setting this to Y. Otherwise, say N.
2633 source "drivers/cpufreq/Kconfig"
2635 source "drivers/cpuidle/Kconfig"
2637 source "drivers/idle/Kconfig"
2642 menu "Bus options (PCI etc.)"
2645 prompt "PCI access mode"
2646 depends on X86_32 && PCI
2649 On PCI systems, the BIOS can be used to detect the PCI devices and
2650 determine their configuration. However, some old PCI motherboards
2651 have BIOS bugs and may crash if this is done. Also, some embedded
2652 PCI-based systems don't have any BIOS at all. Linux can also try to
2653 detect the PCI hardware directly without using the BIOS.
2655 With this option, you can specify how Linux should detect the
2656 PCI devices. If you choose "BIOS", the BIOS will be used,
2657 if you choose "Direct", the BIOS won't be used, and if you
2658 choose "MMConfig", then PCI Express MMCONFIG will be used.
2659 If you choose "Any", the kernel will try MMCONFIG, then the
2660 direct access method and falls back to the BIOS if that doesn't
2661 work. If unsure, go with the default, which is "Any".
2666 config PCI_GOMMCONFIG
2683 depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
2685 # x86-64 doesn't support PCI BIOS access from long mode so always go direct.
2688 depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
2691 bool "Support mmconfig PCI config space access" if X86_64
2693 depends on PCI && (ACPI || SFI || JAILHOUSE_GUEST)
2694 depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
2698 depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
2702 depends on PCI && XEN
2705 config MMCONF_FAM10H
2707 depends on X86_64 && PCI_MMCONFIG && ACPI
2709 config PCI_CNB20LE_QUIRK
2710 bool "Read CNB20LE Host Bridge Windows" if EXPERT
2713 Read the PCI windows out of the CNB20LE host bridge. This allows
2714 PCI hotplug to work on systems with the CNB20LE chipset which do
2717 There's no public spec for this chipset, and this functionality
2718 is known to be incomplete.
2720 You should say N unless you know you need this.
2723 bool "ISA bus support on modern systems" if EXPERT
2725 Expose ISA bus device drivers and options available for selection and
2726 configuration. Enable this option if your target machine has an ISA
2727 bus. ISA is an older system, displaced by PCI and newer bus
2728 architectures -- if your target machine is modern, it probably does
2729 not have an ISA bus.
2733 # x86_64 have no ISA slots, but can have ISA-style DMA.
2735 bool "ISA-style DMA support" if (X86_64 && EXPERT)
2738 Enables ISA-style DMA support for devices requiring such controllers.
2746 Find out whether you have ISA slots on your motherboard. ISA is the
2747 name of a bus system, i.e. the way the CPU talks to the other stuff
2748 inside your box. Other bus systems are PCI, EISA, MicroChannel
2749 (MCA) or VESA. ISA is an older system, now being displaced by PCI;
2750 newer boards don't support it. If you have ISA, say Y, otherwise N.
2753 tristate "NatSemi SCx200 support"
2755 This provides basic support for National Semiconductor's
2756 (now AMD's) Geode processors. The driver probes for the
2757 PCI-IDs of several on-chip devices, so its a good dependency
2758 for other scx200_* drivers.
2760 If compiled as a module, the driver is named scx200.
2762 config SCx200HR_TIMER
2763 tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
2767 This driver provides a clocksource built upon the on-chip
2768 27MHz high-resolution timer. Its also a workaround for
2769 NSC Geode SC-1100's buggy TSC, which loses time when the
2770 processor goes idle (as is done by the scheduler). The
2771 other workaround is idle=poll boot option.
2774 bool "One Laptop Per Child support"
2782 Add support for detecting the unique features of the OLPC
2786 bool "OLPC XO-1 Power Management"
2787 depends on OLPC && MFD_CS5535=y && PM_SLEEP
2789 Add support for poweroff and suspend of the OLPC XO-1 laptop.
2792 bool "OLPC XO-1 Real Time Clock"
2793 depends on OLPC_XO1_PM && RTC_DRV_CMOS
2795 Add support for the XO-1 real time clock, which can be used as a
2796 programmable wakeup source.
2799 bool "OLPC XO-1 SCI extras"
2800 depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
2804 Add support for SCI-based features of the OLPC XO-1 laptop:
2805 - EC-driven system wakeups
2809 - AC adapter status updates
2810 - Battery status updates
2812 config OLPC_XO15_SCI
2813 bool "OLPC XO-1.5 SCI extras"
2814 depends on OLPC && ACPI
2817 Add support for SCI-based features of the OLPC XO-1.5 laptop:
2818 - EC-driven system wakeups
2819 - AC adapter status updates
2820 - Battery status updates
2823 bool "PCEngines ALIX System Support (LED setup)"
2826 This option enables system support for the PCEngines ALIX.
2827 At present this just sets up LEDs for GPIO control on
2828 ALIX2/3/6 boards. However, other system specific setup should
2831 Note: You must still enable the drivers for GPIO and LED support
2832 (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
2834 Note: You have to set alix.force=1 for boards with Award BIOS.
2837 bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
2840 This option enables system support for the Soekris Engineering net5501.
2843 bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
2847 This option enables system support for the Traverse Technologies GEOS.
2850 bool "Technologic Systems TS-5500 platform support"
2852 select CHECK_SIGNATURE
2856 This option enables system support for the Technologic Systems TS-5500.
2862 depends on CPU_SUP_AMD && PCI
2865 bool "Mark VGA/VBE/EFI FB as generic system framebuffer"
2867 Firmwares often provide initial graphics framebuffers so the BIOS,
2868 bootloader or kernel can show basic video-output during boot for
2869 user-guidance and debugging. Historically, x86 used the VESA BIOS
2870 Extensions and EFI-framebuffers for this, which are mostly limited
2872 This option, if enabled, marks VGA/VBE/EFI framebuffers as generic
2873 framebuffers so the new generic system-framebuffer drivers can be
2874 used on x86. If the framebuffer is not compatible with the generic
2875 modes, it is advertised as fallback platform framebuffer so legacy
2876 drivers like efifb, vesafb and uvesafb can pick it up.
2877 If this option is not selected, all system framebuffers are always
2878 marked as fallback platform framebuffers as usual.
2880 Note: Legacy fbdev drivers, including vesafb, efifb, uvesafb, will
2881 not be able to pick up generic system framebuffers if this option
2882 is selected. You are highly encouraged to enable simplefb as
2883 replacement if you select this option. simplefb can correctly deal
2884 with generic system framebuffers. But you should still keep vesafb
2885 and others enabled as fallback if a system framebuffer is
2886 incompatible with simplefb.
2893 menu "Binary Emulations"
2895 config IA32_EMULATION
2896 bool "IA32 Emulation"
2898 select ARCH_WANT_OLD_COMPAT_IPC
2900 select COMPAT_BINFMT_ELF
2901 select COMPAT_OLD_SIGACTION
2903 Include code to run legacy 32-bit programs under a
2904 64-bit kernel. You should likely turn this on, unless you're
2905 100% sure that you don't have any 32-bit programs left.
2908 tristate "IA32 a.out support"
2909 depends on IA32_EMULATION
2912 Support old a.out binaries in the 32bit emulation.
2915 bool "x32 ABI for 64-bit mode"
2918 Include code to run binaries for the x32 native 32-bit ABI
2919 for 64-bit processors. An x32 process gets access to the
2920 full 64-bit register file and wide data path while leaving
2921 pointers at 32 bits for smaller memory footprint.
2923 You will need a recent binutils (2.22 or later) with
2924 elf32_x86_64 support enabled to compile a kernel with this
2929 depends on IA32_EMULATION || X86_32
2931 select OLD_SIGSUSPEND3
2935 depends on IA32_EMULATION || X86_X32
2938 config COMPAT_FOR_U64_ALIGNMENT
2941 config SYSVIPC_COMPAT
2949 config HAVE_ATOMIC_IOMAP
2953 config X86_DEV_DMA_OPS
2956 source "drivers/firmware/Kconfig"
2958 source "arch/x86/kvm/Kconfig"