1 # SPDX-License-Identifier: GPL-2.0
4 bool "64-bit kernel" if "$(ARCH)" = "x86"
5 default "$(ARCH)" != "i386"
7 Say yes to build a 64-bit kernel - formerly known as x86_64
8 Say no to build a 32-bit kernel - formerly known as i386
13 # Options that are inherently 32-bit kernel only:
14 select ARCH_WANT_IPC_PARSE_VERSION
16 select CLONE_BACKWARDS
17 select HAVE_DEBUG_STACKOVERFLOW
18 select MODULES_USE_ELF_REL
20 select GENERIC_VDSO_32
25 # Options that are inherently 64-bit kernel only:
26 select ARCH_HAS_GIGANTIC_PAGE
27 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
28 select ARCH_USE_CMPXCHG_LOCKREF
29 select HAVE_ARCH_SOFT_DIRTY
30 select MODULES_USE_ELF_RELA
31 select NEED_DMA_MAP_STATE
33 select ARCH_HAS_SYSCALL_WRAPPER
35 config FORCE_DYNAMIC_FTRACE
38 depends on FUNCTION_TRACER
41 We keep the static function tracing (!DYNAMIC_FTRACE) around
42 in order to test the non static function tracing in the
43 generic code, as other architectures still use it. But we
44 only need to keep it around for x86_64. No need to keep it
45 for x86_32. For x86_32, force DYNAMIC_FTRACE.
49 # ( Note that options that are marked 'if X86_64' could in principle be
50 # ported to 32-bit as well. )
55 # Note: keep this list sorted alphabetically
57 select ACPI_LEGACY_TABLES_LOOKUP if ACPI
58 select ACPI_SYSTEM_POWER_STATES_SUPPORT if ACPI
59 select ARCH_32BIT_OFF_T if X86_32
60 select ARCH_CLOCKSOURCE_DATA
61 select ARCH_CLOCKSOURCE_INIT
62 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
63 select ARCH_HAS_DEBUG_VIRTUAL
64 select ARCH_HAS_DEVMEM_IS_ALLOWED
65 select ARCH_HAS_ELF_RANDOMIZE
66 select ARCH_HAS_FAST_MULTIPLIER
67 select ARCH_HAS_FILTER_PGPROT
68 select ARCH_HAS_FORTIFY_SOURCE
69 select ARCH_HAS_GCOV_PROFILE_ALL
70 select ARCH_HAS_KCOV if X86_64
71 select ARCH_HAS_MEM_ENCRYPT
72 select ARCH_HAS_MEMBARRIER_SYNC_CORE
73 select ARCH_HAS_PMEM_API if X86_64
74 select ARCH_HAS_PTE_DEVMAP if X86_64
75 select ARCH_HAS_PTE_SPECIAL
76 select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64
77 select ARCH_HAS_UACCESS_MCSAFE if X86_64 && X86_MCE
78 select ARCH_HAS_SET_MEMORY
79 select ARCH_HAS_SET_DIRECT_MAP
80 select ARCH_HAS_STRICT_KERNEL_RWX
81 select ARCH_HAS_STRICT_MODULE_RWX
82 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
83 select ARCH_HAS_UBSAN_SANITIZE_ALL
84 select ARCH_HAVE_NMI_SAFE_CMPXCHG
85 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
86 select ARCH_MIGHT_HAVE_PC_PARPORT
87 select ARCH_MIGHT_HAVE_PC_SERIO
89 select ARCH_SUPPORTS_ACPI
90 select ARCH_SUPPORTS_ATOMIC_RMW
91 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64
92 select ARCH_USE_BUILTIN_BSWAP
93 select ARCH_USE_QUEUED_RWLOCKS
94 select ARCH_USE_QUEUED_SPINLOCKS
95 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
96 select ARCH_WANTS_DYNAMIC_TASK_STRUCT
97 select ARCH_WANT_HUGE_PMD_SHARE
98 select ARCH_WANTS_THP_SWAP if X86_64
99 select BUILDTIME_EXTABLE_SORT
101 select CLOCKSOURCE_VALIDATE_LAST_CYCLE
102 select CLOCKSOURCE_WATCHDOG
103 select DCACHE_WORD_ACCESS
104 select EDAC_ATOMIC_SCRUB
106 select GENERIC_CLOCKEVENTS
107 select GENERIC_CLOCKEVENTS_BROADCAST if X86_64 || (X86_32 && X86_LOCAL_APIC)
108 select GENERIC_CLOCKEVENTS_MIN_ADJUST
109 select GENERIC_CMOS_UPDATE
110 select GENERIC_CPU_AUTOPROBE
111 select GENERIC_CPU_VULNERABILITIES
112 select GENERIC_EARLY_IOREMAP
113 select GENERIC_FIND_FIRST_BIT
115 select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP
116 select GENERIC_IRQ_MATRIX_ALLOCATOR if X86_LOCAL_APIC
117 select GENERIC_IRQ_MIGRATION if SMP
118 select GENERIC_IRQ_PROBE
119 select GENERIC_IRQ_RESERVATION_MODE
120 select GENERIC_IRQ_SHOW
121 select GENERIC_PENDING_IRQ if SMP
122 select GENERIC_SMP_IDLE_THREAD
123 select GENERIC_STRNCPY_FROM_USER
124 select GENERIC_STRNLEN_USER
125 select GENERIC_TIME_VSYSCALL
126 select GENERIC_GETTIMEOFDAY
127 select GUP_GET_PTE_LOW_HIGH if X86_PAE
128 select HARDLOCKUP_CHECK_TIMESTAMP if X86_64
129 select HAVE_ACPI_APEI if ACPI
130 select HAVE_ACPI_APEI_NMI if ACPI
131 select HAVE_ALIGNED_STRUCT_PAGE if SLUB
132 select HAVE_ARCH_AUDITSYSCALL
133 select HAVE_ARCH_HUGE_VMAP if X86_64 || X86_PAE
134 select HAVE_ARCH_JUMP_LABEL
135 select HAVE_ARCH_JUMP_LABEL_RELATIVE
136 select HAVE_ARCH_KASAN if X86_64
137 select HAVE_ARCH_KGDB
138 select HAVE_ARCH_MMAP_RND_BITS if MMU
139 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT
140 select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT
141 select HAVE_ARCH_PREL32_RELOCATIONS
142 select HAVE_ARCH_SECCOMP_FILTER
143 select HAVE_ARCH_THREAD_STRUCT_WHITELIST
144 select HAVE_ARCH_STACKLEAK
145 select HAVE_ARCH_TRACEHOOK
146 select HAVE_ARCH_TRANSPARENT_HUGEPAGE
147 select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
148 select HAVE_ARCH_VMAP_STACK if X86_64
149 select HAVE_ARCH_WITHIN_STACK_FRAMES
150 select HAVE_ASM_MODVERSIONS
151 select HAVE_CMPXCHG_DOUBLE
152 select HAVE_CMPXCHG_LOCAL
153 select HAVE_CONTEXT_TRACKING if X86_64
154 select HAVE_COPY_THREAD_TLS
155 select HAVE_C_RECORDMCOUNT
156 select HAVE_DEBUG_KMEMLEAK
157 select HAVE_DMA_CONTIGUOUS
158 select HAVE_DYNAMIC_FTRACE
159 select HAVE_DYNAMIC_FTRACE_WITH_REGS
160 select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
162 select HAVE_EFFICIENT_UNALIGNED_ACCESS
164 select HAVE_EXIT_THREAD
166 select HAVE_FENTRY if X86_64 || DYNAMIC_FTRACE
167 select HAVE_FTRACE_MCOUNT_RECORD
168 select HAVE_FUNCTION_GRAPH_TRACER
169 select HAVE_FUNCTION_TRACER
170 select HAVE_GCC_PLUGINS
171 select HAVE_HW_BREAKPOINT
173 select HAVE_IOREMAP_PROT
174 select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
175 select HAVE_IRQ_TIME_ACCOUNTING
176 select HAVE_KERNEL_BZIP2
177 select HAVE_KERNEL_GZIP
178 select HAVE_KERNEL_LZ4
179 select HAVE_KERNEL_LZMA
180 select HAVE_KERNEL_LZO
181 select HAVE_KERNEL_XZ
183 select HAVE_KPROBES_ON_FTRACE
184 select HAVE_FUNCTION_ERROR_INJECTION
185 select HAVE_KRETPROBES
187 select HAVE_LIVEPATCH if X86_64
188 select HAVE_MEMBLOCK_NODE_MAP
189 select HAVE_MIXED_BREAKPOINTS_REGS
190 select HAVE_MOD_ARCH_SPECIFIC
194 select HAVE_OPTPROBES
195 select HAVE_PCSPKR_PLATFORM
196 select HAVE_PERF_EVENTS
197 select HAVE_PERF_EVENTS_NMI
198 select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI
200 select HAVE_PERF_REGS
201 select HAVE_PERF_USER_STACK_DUMP
202 select HAVE_RCU_TABLE_FREE if PARAVIRT
203 select HAVE_REGS_AND_STACK_ACCESS_API
204 select HAVE_RELIABLE_STACKTRACE if X86_64 && (UNWINDER_FRAME_POINTER || UNWINDER_ORC) && STACK_VALIDATION
205 select HAVE_FUNCTION_ARG_ACCESS_API
206 select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR
207 select HAVE_STACK_VALIDATION if X86_64
209 select HAVE_SYSCALL_TRACEPOINTS
210 select HAVE_UNSTABLE_SCHED_CLOCK
211 select HAVE_USER_RETURN_NOTIFIER
212 select HAVE_GENERIC_VDSO
213 select HOTPLUG_SMT if SMP
214 select IRQ_FORCED_THREADING
215 select NEED_SG_DMA_LENGTH
216 select PCI_DOMAINS if PCI
217 select PCI_LOCKLESS_CONFIG if PCI
220 select RTC_MC146818_LIB
223 select SYSCTL_EXCEPTION_TRACE
224 select THREAD_INFO_IN_TASK
225 select USER_STACKTRACE_SUPPORT
227 select X86_FEATURE_NAMES if PROC_FS
228 select PROC_PID_ARCH_STATUS if PROC_FS
230 config INSTRUCTION_DECODER
232 depends on KPROBES || PERF_EVENTS || UPROBES
236 default "elf32-i386" if X86_32
237 default "elf64-x86-64" if X86_64
239 config ARCH_DEFCONFIG
241 default "arch/x86/configs/i386_defconfig" if X86_32
242 default "arch/x86/configs/x86_64_defconfig" if X86_64
244 config LOCKDEP_SUPPORT
247 config STACKTRACE_SUPPORT
253 config ARCH_MMAP_RND_BITS_MIN
257 config ARCH_MMAP_RND_BITS_MAX
261 config ARCH_MMAP_RND_COMPAT_BITS_MIN
264 config ARCH_MMAP_RND_COMPAT_BITS_MAX
270 config GENERIC_ISA_DMA
272 depends on ISA_DMA_API
277 select GENERIC_BUG_RELATIVE_POINTERS if X86_64
279 config GENERIC_BUG_RELATIVE_POINTERS
282 config ARCH_MAY_HAVE_PC_FDC
284 depends on ISA_DMA_API
286 config GENERIC_CALIBRATE_DELAY
289 config ARCH_HAS_CPU_RELAX
292 config ARCH_HAS_CACHE_LINE_SIZE
295 config ARCH_HAS_FILTER_PGPROT
298 config HAVE_SETUP_PER_CPU_AREA
301 config NEED_PER_CPU_EMBED_FIRST_CHUNK
304 config NEED_PER_CPU_PAGE_FIRST_CHUNK
307 config ARCH_HIBERNATION_POSSIBLE
310 config ARCH_SUSPEND_POSSIBLE
313 config ARCH_WANT_GENERAL_HUGETLB
322 config ARCH_SUPPORTS_DEBUG_PAGEALLOC
325 config KASAN_SHADOW_OFFSET
328 default 0xdffffc0000000000
330 config HAVE_INTEL_TXT
332 depends on INTEL_IOMMU && ACPI
336 depends on X86_32 && SMP
340 depends on X86_64 && SMP
342 config X86_32_LAZY_GS
344 depends on X86_32 && !STACKPROTECTOR
346 config ARCH_SUPPORTS_UPROBES
349 config FIX_EARLYCON_MEM
352 config DYNAMIC_PHYSICAL_MASK
355 config PGTABLE_LEVELS
357 default 5 if X86_5LEVEL
362 config CC_HAS_SANE_STACKPROTECTOR
364 default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC)) if 64BIT
365 default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC))
367 We have to make sure stack protector is unconditionally disabled if
368 the compiler produces broken code.
370 menu "Processor type and features"
373 bool "DMA memory allocation support" if EXPERT
376 DMA memory allocation support allows devices with less than 32-bit
377 addressing to allocate within the first 16MB of address space.
378 Disable if no such devices will be used.
383 bool "Symmetric multi-processing support"
385 This enables support for systems with more than one CPU. If you have
386 a system with only one CPU, say N. If you have a system with more
389 If you say N here, the kernel will run on uni- and multiprocessor
390 machines, but will use only one CPU of a multiprocessor machine. If
391 you say Y here, the kernel will run on many, but not all,
392 uniprocessor machines. On a uniprocessor machine, the kernel
393 will run faster if you say N here.
395 Note that if you say Y here and choose architecture "586" or
396 "Pentium" under "Processor family", the kernel will not work on 486
397 architectures. Similarly, multiprocessor kernels for the "PPro"
398 architecture may not work on all Pentium based boards.
400 People using multiprocessor machines who say Y here should also say
401 Y to "Enhanced Real Time Clock Support", below. The "Advanced Power
402 Management" code will be disabled if you say Y here.
404 See also <file:Documentation/x86/i386/IO-APIC.rst>,
405 <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
406 <http://www.tldp.org/docs.html#howto>.
408 If you don't know what to do here, say N.
410 config X86_FEATURE_NAMES
411 bool "Processor feature human-readable names" if EMBEDDED
414 This option compiles in a table of x86 feature bits and corresponding
415 names. This is required to support /proc/cpuinfo and a few kernel
416 messages. You can disable this to save space, at the expense of
417 making those few kernel messages show numeric feature bits instead.
422 bool "Support x2apic"
423 depends on X86_LOCAL_APIC && X86_64 && (IRQ_REMAP || HYPERVISOR_GUEST)
425 This enables x2apic support on CPUs that have this feature.
427 This allows 32-bit apic IDs (so it can support very large systems),
428 and accesses the local apic via MSRs not via mmio.
430 If you don't know what to do here, say N.
433 bool "Enable MPS table" if ACPI || SFI
435 depends on X86_LOCAL_APIC
437 For old smp systems that do not have proper acpi support. Newer systems
438 (esp with 64bit cpus) with acpi support, MADT and DSDT will override it
442 depends on X86_GOLDFISH
445 bool "Avoid speculative indirect branches in kernel"
447 select STACK_VALIDATION if HAVE_STACK_VALIDATION
449 Compile kernel with the retpoline compiler options to guard against
450 kernel-to-user data leaks by avoiding speculative indirect
451 branches. Requires a compiler with -mindirect-branch=thunk-extern
452 support for full protection. The kernel may run slower.
454 config X86_CPU_RESCTRL
455 bool "x86 CPU resource control support"
456 depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
459 Enable x86 CPU resource control support.
461 Provide support for the allocation and monitoring of system resources
464 Intel calls this Intel Resource Director Technology
465 (Intel(R) RDT). More information about RDT can be found in the
466 Intel x86 Architecture Software Developer Manual.
468 AMD calls this AMD Platform Quality of Service (AMD QoS).
469 More information about AMD QoS can be found in the AMD64 Technology
470 Platform Quality of Service Extensions manual.
476 bool "Support for big SMP systems with more than 8 CPUs"
479 This option is needed for the systems that have more than 8 CPUs
481 config X86_EXTENDED_PLATFORM
482 bool "Support for extended (non-PC) x86 platforms"
485 If you disable this option then the kernel will only support
486 standard PC platforms. (which covers the vast majority of
489 If you enable this option then you'll be able to select support
490 for the following (non-PC) 32 bit x86 platforms:
491 Goldfish (Android emulator)
494 SGI 320/540 (Visual Workstation)
495 STA2X11-based (e.g. Northville)
496 Moorestown MID devices
498 If you have one of these systems, or if you want to build a
499 generic distribution kernel, say Y here - otherwise say N.
503 config X86_EXTENDED_PLATFORM
504 bool "Support for extended (non-PC) x86 platforms"
507 If you disable this option then the kernel will only support
508 standard PC platforms. (which covers the vast majority of
511 If you enable this option then you'll be able to select support
512 for the following (non-PC) 64 bit x86 platforms:
517 If you have one of these systems, or if you want to build a
518 generic distribution kernel, say Y here - otherwise say N.
520 # This is an alphabetically sorted list of 64 bit extended platforms
521 # Please maintain the alphabetic order if and when there are additions
523 bool "Numascale NumaChip"
525 depends on X86_EXTENDED_PLATFORM
528 depends on X86_X2APIC
529 depends on PCI_MMCONFIG
531 Adds support for Numascale NumaChip large-SMP systems. Needed to
532 enable more than ~168 cores.
533 If you don't have one of these, you should say N here.
537 select HYPERVISOR_GUEST
539 depends on X86_64 && PCI
540 depends on X86_EXTENDED_PLATFORM
543 Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is
544 supposed to run on these EM64T-based machines. Only choose this option
545 if you have one of these machines.
548 bool "SGI Ultraviolet"
550 depends on X86_EXTENDED_PLATFORM
553 depends on X86_X2APIC
556 This option is needed in order to support SGI Ultraviolet systems.
557 If you don't have one of these, you should say N here.
559 # Following is an alphabetically sorted list of 32 bit extended platforms
560 # Please maintain the alphabetic order if and when there are additions
563 bool "Goldfish (Virtual Platform)"
564 depends on X86_EXTENDED_PLATFORM
566 Enable support for the Goldfish virtual platform used primarily
567 for Android development. Unless you are building for the Android
568 Goldfish emulator say N here.
571 bool "CE4100 TV platform"
573 depends on PCI_GODIRECT
574 depends on X86_IO_APIC
576 depends on X86_EXTENDED_PLATFORM
577 select X86_REBOOTFIXUPS
579 select OF_EARLY_FLATTREE
581 Select for the Intel CE media processor (CE4100) SOC.
582 This option compiles in support for the CE4100 SOC for settop
583 boxes and media devices.
586 bool "Intel MID platform support"
587 depends on X86_EXTENDED_PLATFORM
588 depends on X86_PLATFORM_DEVICES
590 depends on X86_64 || (PCI_GOANY && X86_32)
591 depends on X86_IO_APIC
597 select MFD_INTEL_MSIC
599 Select to build a kernel capable of supporting Intel MID (Mobile
600 Internet Device) platform systems which do not have the PCI legacy
601 interfaces. If you are building for a PC class system say N here.
603 Intel MID platforms are based on an Intel processor and chipset which
604 consume less power than most of the x86 derivatives.
606 config X86_INTEL_QUARK
607 bool "Intel Quark platform support"
609 depends on X86_EXTENDED_PLATFORM
610 depends on X86_PLATFORM_DEVICES
614 depends on X86_IO_APIC
619 Select to include support for Quark X1000 SoC.
620 Say Y here if you have a Quark based system such as the Arduino
621 compatible Intel Galileo.
623 config X86_INTEL_LPSS
624 bool "Intel Low Power Subsystem Support"
625 depends on X86 && ACPI && PCI
630 Select to build support for Intel Low Power Subsystem such as
631 found on Intel Lynxpoint PCH. Selecting this option enables
632 things like clock tree (common clock framework) and pincontrol
633 which are needed by the LPSS peripheral drivers.
635 config X86_AMD_PLATFORM_DEVICE
636 bool "AMD ACPI2Platform devices support"
641 Select to interpret AMD specific ACPI device to platform device
642 such as I2C, UART, GPIO found on AMD Carrizo and later chipsets.
643 I2C and UART depend on COMMON_CLK to set clock. GPIO driver is
644 implemented under PINCTRL subsystem.
647 tristate "Intel SoC IOSF Sideband support for SoC platforms"
650 This option enables sideband register access support for Intel SoC
651 platforms. On these platforms the IOSF sideband is used in lieu of
652 MSR's for some register accesses, mostly but not limited to thermal
653 and power. Drivers may query the availability of this device to
654 determine if they need the sideband in order to work on these
655 platforms. The sideband is available on the following SoC products.
656 This list is not meant to be exclusive.
661 You should say Y if you are running a kernel on one of these SoC's.
663 config IOSF_MBI_DEBUG
664 bool "Enable IOSF sideband access through debugfs"
665 depends on IOSF_MBI && DEBUG_FS
667 Select this option to expose the IOSF sideband access registers (MCR,
668 MDR, MCRX) through debugfs to write and read register information from
669 different units on the SoC. This is most useful for obtaining device
670 state information for debug and analysis. As this is a general access
671 mechanism, users of this option would have specific knowledge of the
672 device they want to access.
674 If you don't require the option or are in doubt, say N.
677 bool "RDC R-321x SoC"
679 depends on X86_EXTENDED_PLATFORM
681 select X86_REBOOTFIXUPS
683 This option is needed for RDC R-321x system-on-chip, also known
685 If you don't have one of these chips, you should say N here.
687 config X86_32_NON_STANDARD
688 bool "Support non-standard 32-bit SMP architectures"
689 depends on X86_32 && SMP
690 depends on X86_EXTENDED_PLATFORM
692 This option compiles in the bigsmp and STA2X11 default
693 subarchitectures. It is intended for a generic binary
694 kernel. If you select them all, kernel will probe it one by
695 one and will fallback to default.
697 # Alphabetically sorted list of Non standard 32 bit platforms
699 config X86_SUPPORTS_MEMORY_FAILURE
701 # MCE code calls memory_failure():
703 # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
704 # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
705 depends on X86_64 || !SPARSEMEM
706 select ARCH_SUPPORTS_MEMORY_FAILURE
709 bool "STA2X11 Companion Chip Support"
710 depends on X86_32_NON_STANDARD && PCI
715 This adds support for boards based on the STA2X11 IO-Hub,
716 a.k.a. "ConneXt". The chip is used in place of the standard
717 PC chipset, so all "standard" peripherals are missing. If this
718 option is selected the kernel will still be able to boot on
719 standard PC machines.
722 tristate "Eurobraille/Iris poweroff module"
725 The Iris machines from EuroBraille do not have APM or ACPI support
726 to shut themselves down properly. A special I/O sequence is
727 needed to do so, which is what this module does at
730 This is only for Iris machines from EuroBraille.
734 config SCHED_OMIT_FRAME_POINTER
736 prompt "Single-depth WCHAN output"
739 Calculate simpler /proc/<PID>/wchan values. If this option
740 is disabled then wchan values will recurse back to the
741 caller function. This provides more accurate wchan values,
742 at the expense of slightly more scheduling overhead.
744 If in doubt, say "Y".
746 menuconfig HYPERVISOR_GUEST
747 bool "Linux guest support"
749 Say Y here to enable options for running Linux under various hyper-
750 visors. This option enables basic hypervisor detection and platform
753 If you say N, all options in this submenu will be skipped and
754 disabled, and Linux guest support won't be built in.
759 bool "Enable paravirtualization code"
761 This changes the kernel so it can modify itself when it is run
762 under a hypervisor, potentially improving performance significantly
763 over full virtualization. However, when run without a hypervisor
764 the kernel is theoretically slower and slightly larger.
769 config PARAVIRT_DEBUG
770 bool "paravirt-ops debugging"
771 depends on PARAVIRT && DEBUG_KERNEL
773 Enable to debug paravirt_ops internals. Specifically, BUG if
774 a paravirt_op is missing when it is called.
776 config PARAVIRT_SPINLOCKS
777 bool "Paravirtualization layer for spinlocks"
778 depends on PARAVIRT && SMP
780 Paravirtualized spinlocks allow a pvops backend to replace the
781 spinlock implementation with something virtualization-friendly
782 (for example, block the virtual CPU rather than spinning).
784 It has a minimal impact on native kernels and gives a nice performance
785 benefit on paravirtualized KVM / Xen kernels.
787 If you are unsure how to answer this question, answer Y.
789 config X86_HV_CALLBACK_VECTOR
792 source "arch/x86/xen/Kconfig"
795 bool "KVM Guest support (including kvmclock)"
797 select PARAVIRT_CLOCK
798 select ARCH_CPUIDLE_HALTPOLL
801 This option enables various optimizations for running under the KVM
802 hypervisor. It includes a paravirtualized clock, so that instead
803 of relying on a PIT (or probably other) emulation by the
804 underlying device model, the host provides the guest with
805 timing infrastructure such as time of day, and system time
807 config ARCH_CPUIDLE_HALTPOLL
809 prompt "Disable host haltpoll when loading haltpoll driver"
811 If virtualized under KVM, disable host haltpoll.
814 bool "Support for running PVH guests"
816 This option enables the PVH entry point for guest virtual machines
817 as specified in the x86/HVM direct boot ABI.
820 bool "Enable debug information for KVM Guests in debugfs"
821 depends on KVM_GUEST && DEBUG_FS
823 This option enables collection of various statistics for KVM guest.
824 Statistics are displayed in debugfs filesystem. Enabling this option
825 may incur significant overhead.
827 config PARAVIRT_TIME_ACCOUNTING
828 bool "Paravirtual steal time accounting"
831 Select this option to enable fine granularity task steal time
832 accounting. Time spent executing other tasks in parallel with
833 the current vCPU is discounted from the vCPU power. To account for
834 that, there can be a small performance impact.
836 If in doubt, say N here.
838 config PARAVIRT_CLOCK
841 config JAILHOUSE_GUEST
842 bool "Jailhouse non-root cell support"
843 depends on X86_64 && PCI
846 This option allows to run Linux as guest in a Jailhouse non-root
847 cell. You can leave this option disabled if you only want to start
848 Jailhouse and run Linux afterwards in the root cell.
851 bool "ACRN Guest support"
853 select X86_HV_CALLBACK_VECTOR
855 This option allows to run Linux as guest in the ACRN hypervisor. ACRN is
856 a flexible, lightweight reference open-source hypervisor, built with
857 real-time and safety-criticality in mind. It is built for embedded
858 IOT with small footprint and real-time features. More details can be
859 found in https://projectacrn.org/.
861 endif #HYPERVISOR_GUEST
863 source "arch/x86/Kconfig.cpu"
867 prompt "HPET Timer Support" if X86_32
869 Use the IA-PC HPET (High Precision Event Timer) to manage
870 time in preference to the PIT and RTC, if a HPET is
872 HPET is the next generation timer replacing legacy 8254s.
873 The HPET provides a stable time base on SMP
874 systems, unlike the TSC, but it is more expensive to access,
875 as it is off-chip. The interface used is documented
876 in the HPET spec, revision 1.
878 You can safely choose Y here. However, HPET will only be
879 activated if the platform and the BIOS support this feature.
880 Otherwise the 8254 will be used for timing services.
882 Choose N to continue using the legacy 8254 timer.
884 config HPET_EMULATE_RTC
886 depends on HPET_TIMER && (RTC=y || RTC=m || RTC_DRV_CMOS=m || RTC_DRV_CMOS=y)
889 def_bool y if X86_INTEL_MID
890 prompt "Intel MID APB Timer Support" if X86_INTEL_MID
892 depends on X86_INTEL_MID && SFI
894 APB timer is the replacement for 8254, HPET on X86 MID platforms.
895 The APBT provides a stable time base on SMP
896 systems, unlike the TSC, but it is more expensive to access,
897 as it is off-chip. APB timers are always running regardless of CPU
898 C states, they are used as per CPU clockevent device when possible.
900 # Mark as expert because too many people got it wrong.
901 # The code disables itself when not needed.
904 select DMI_SCAN_MACHINE_NON_EFI_FALLBACK
905 bool "Enable DMI scanning" if EXPERT
907 Enabled scanning of DMI to identify machine quirks. Say Y
908 here unless you have verified that your setup is not
909 affected by entries in the DMI blacklist. Required by PNP
913 bool "Old AMD GART IOMMU support"
916 depends on X86_64 && PCI && AMD_NB
918 Provides a driver for older AMD Athlon64/Opteron/Turion/Sempron
919 GART based hardware IOMMUs.
921 The GART supports full DMA access for devices with 32-bit access
922 limitations, on systems with more than 3 GB. This is usually needed
923 for USB, sound, many IDE/SATA chipsets and some other devices.
925 Newer systems typically have a modern AMD IOMMU, supported via
926 the CONFIG_AMD_IOMMU=y config option.
928 In normal configurations this driver is only active when needed:
929 there's more than 3 GB of memory and the system contains a
930 32-bit limited device.
935 bool "Enable Maximum number of SMP Processors and NUMA Nodes"
936 depends on X86_64 && SMP && DEBUG_KERNEL
937 select CPUMASK_OFFSTACK
939 Enable maximum number of CPUS and NUMA Nodes for this architecture.
943 # The maximum number of CPUs supported:
945 # The main config value is NR_CPUS, which defaults to NR_CPUS_DEFAULT,
946 # and which can be configured interactively in the
947 # [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range.
949 # The ranges are different on 32-bit and 64-bit kernels, depending on
950 # hardware capabilities and scalability features of the kernel.
952 # ( If MAXSMP is enabled we just use the highest possible value and disable
953 # interactive configuration. )
956 config NR_CPUS_RANGE_BEGIN
958 default NR_CPUS_RANGE_END if MAXSMP
962 config NR_CPUS_RANGE_END
965 default 64 if SMP && X86_BIGSMP
966 default 8 if SMP && !X86_BIGSMP
969 config NR_CPUS_RANGE_END
972 default 8192 if SMP && CPUMASK_OFFSTACK
973 default 512 if SMP && !CPUMASK_OFFSTACK
976 config NR_CPUS_DEFAULT
979 default 32 if X86_BIGSMP
983 config NR_CPUS_DEFAULT
986 default 8192 if MAXSMP
991 int "Maximum number of CPUs" if SMP && !MAXSMP
992 range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END
993 default NR_CPUS_DEFAULT
995 This allows you to specify the maximum number of CPUs which this
996 kernel will support. If CPUMASK_OFFSTACK is enabled, the maximum
997 supported value is 8192, otherwise the maximum value is 512. The
998 minimum value which makes sense is 2.
1000 This is purely to save memory: each supported CPU adds about 8KB
1001 to the kernel image.
1008 prompt "Multi-core scheduler support"
1011 Multi-core scheduler support improves the CPU scheduler's decision
1012 making when dealing with multi-core CPU chips at a cost of slightly
1013 increased overhead in some places. If unsure say N here.
1015 config SCHED_MC_PRIO
1016 bool "CPU core priorities scheduler support"
1017 depends on SCHED_MC && CPU_SUP_INTEL
1018 select X86_INTEL_PSTATE
1022 Intel Turbo Boost Max Technology 3.0 enabled CPUs have a
1023 core ordering determined at manufacturing time, which allows
1024 certain cores to reach higher turbo frequencies (when running
1025 single threaded workloads) than others.
1027 Enabling this kernel feature teaches the scheduler about
1028 the TBM3 (aka ITMT) priority order of the CPU cores and adjusts the
1029 scheduler's CPU selection logic accordingly, so that higher
1030 overall system performance can be achieved.
1032 This feature will have no effect on CPUs without this feature.
1034 If unsure say Y here.
1038 depends on !SMP && X86_LOCAL_APIC
1041 bool "Local APIC support on uniprocessors" if !PCI_MSI
1043 depends on X86_32 && !SMP && !X86_32_NON_STANDARD
1045 A local APIC (Advanced Programmable Interrupt Controller) is an
1046 integrated interrupt controller in the CPU. If you have a single-CPU
1047 system which has a processor with a local APIC, you can say Y here to
1048 enable and use it. If you say Y here even though your machine doesn't
1049 have a local APIC, then the kernel will still run with no slowdown at
1050 all. The local APIC supports CPU-generated self-interrupts (timer,
1051 performance counters), and the NMI watchdog which detects hard
1054 config X86_UP_IOAPIC
1055 bool "IO-APIC support on uniprocessors"
1056 depends on X86_UP_APIC
1058 An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
1059 SMP-capable replacement for PC-style interrupt controllers. Most
1060 SMP systems and many recent uniprocessor systems have one.
1062 If you have a single-CPU system with an IO-APIC, you can say Y here
1063 to use it. If you say Y here even though your machine doesn't have
1064 an IO-APIC, then the kernel will still run with no slowdown at all.
1066 config X86_LOCAL_APIC
1068 depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI
1069 select IRQ_DOMAIN_HIERARCHY
1070 select PCI_MSI_IRQ_DOMAIN if PCI_MSI
1074 depends on X86_LOCAL_APIC || X86_UP_IOAPIC
1076 config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
1077 bool "Reroute for broken boot IRQs"
1078 depends on X86_IO_APIC
1080 This option enables a workaround that fixes a source of
1081 spurious interrupts. This is recommended when threaded
1082 interrupt handling is used on systems where the generation of
1083 superfluous "boot interrupts" cannot be disabled.
1085 Some chipsets generate a legacy INTx "boot IRQ" when the IRQ
1086 entry in the chipset's IO-APIC is masked (as, e.g. the RT
1087 kernel does during interrupt handling). On chipsets where this
1088 boot IRQ generation cannot be disabled, this workaround keeps
1089 the original IRQ line masked so that only the equivalent "boot
1090 IRQ" is delivered to the CPUs. The workaround also tells the
1091 kernel to set up the IRQ handler on the boot IRQ line. In this
1092 way only one interrupt is delivered to the kernel. Otherwise
1093 the spurious second interrupt may cause the kernel to bring
1094 down (vital) interrupt lines.
1096 Only affects "broken" chipsets. Interrupt sharing may be
1097 increased on these systems.
1100 bool "Machine Check / overheating reporting"
1101 select GENERIC_ALLOCATOR
1104 Machine Check support allows the processor to notify the
1105 kernel if it detects a problem (e.g. overheating, data corruption).
1106 The action the kernel takes depends on the severity of the problem,
1107 ranging from warning messages to halting the machine.
1109 config X86_MCELOG_LEGACY
1110 bool "Support for deprecated /dev/mcelog character device"
1113 Enable support for /dev/mcelog which is needed by the old mcelog
1114 userspace logging daemon. Consider switching to the new generation
1117 config X86_MCE_INTEL
1119 prompt "Intel MCE features"
1120 depends on X86_MCE && X86_LOCAL_APIC
1122 Additional support for intel specific MCE features such as
1123 the thermal monitor.
1127 prompt "AMD MCE features"
1128 depends on X86_MCE && X86_LOCAL_APIC && AMD_NB
1130 Additional support for AMD specific MCE features such as
1131 the DRAM Error Threshold.
1133 config X86_ANCIENT_MCE
1134 bool "Support for old Pentium 5 / WinChip machine checks"
1135 depends on X86_32 && X86_MCE
1137 Include support for machine check handling on old Pentium 5 or WinChip
1138 systems. These typically need to be enabled explicitly on the command
1141 config X86_MCE_THRESHOLD
1142 depends on X86_MCE_AMD || X86_MCE_INTEL
1145 config X86_MCE_INJECT
1146 depends on X86_MCE && X86_LOCAL_APIC && DEBUG_FS
1147 tristate "Machine check injector support"
1149 Provide support for injecting machine checks for testing purposes.
1150 If you don't know what a machine check is and you don't do kernel
1151 QA it is safe to say n.
1153 config X86_THERMAL_VECTOR
1155 depends on X86_MCE_INTEL
1157 source "arch/x86/events/Kconfig"
1159 config X86_LEGACY_VM86
1160 bool "Legacy VM86 support"
1163 This option allows user programs to put the CPU into V8086
1164 mode, which is an 80286-era approximation of 16-bit real mode.
1166 Some very old versions of X and/or vbetool require this option
1167 for user mode setting. Similarly, DOSEMU will use it if
1168 available to accelerate real mode DOS programs. However, any
1169 recent version of DOSEMU, X, or vbetool should be fully
1170 functional even without kernel VM86 support, as they will all
1171 fall back to software emulation. Nevertheless, if you are using
1172 a 16-bit DOS program where 16-bit performance matters, vm86
1173 mode might be faster than emulation and you might want to
1176 Note that any app that works on a 64-bit kernel is unlikely to
1177 need this option, as 64-bit kernels don't, and can't, support
1178 V8086 mode. This option is also unrelated to 16-bit protected
1179 mode and is not needed to run most 16-bit programs under Wine.
1181 Enabling this option increases the complexity of the kernel
1182 and slows down exception handling a tiny bit.
1184 If unsure, say N here.
1188 default X86_LEGACY_VM86
1191 bool "Enable support for 16-bit segments" if EXPERT
1193 depends on MODIFY_LDT_SYSCALL
1195 This option is required by programs like Wine to run 16-bit
1196 protected mode legacy code on x86 processors. Disabling
1197 this option saves about 300 bytes on i386, or around 6K text
1198 plus 16K runtime memory on x86-64,
1202 depends on X86_16BIT && X86_32
1206 depends on X86_16BIT && X86_64
1208 config X86_VSYSCALL_EMULATION
1209 bool "Enable vsyscall emulation" if EXPERT
1213 This enables emulation of the legacy vsyscall page. Disabling
1214 it is roughly equivalent to booting with vsyscall=none, except
1215 that it will also disable the helpful warning if a program
1216 tries to use a vsyscall. With this option set to N, offending
1217 programs will just segfault, citing addresses of the form
1220 This option is required by many programs built before 2013, and
1221 care should be used even with newer programs if set to N.
1223 Disabling this option saves about 7K of kernel size and
1224 possibly 4K of additional runtime pagetable memory.
1226 config X86_IOPL_IOPERM
1227 bool "IOPERM and IOPL Emulation"
1230 This enables the ioperm() and iopl() syscalls which are necessary
1231 for legacy applications.
1233 Legacy IOPL support is an overbroad mechanism which allows user
1234 space aside of accessing all 65536 I/O ports also to disable
1235 interrupts. To gain this access the caller needs CAP_SYS_RAWIO
1236 capabilities and permission from potentially active security
1239 The emulation restricts the functionality of the syscall to
1240 only allowing the full range I/O port access, but prevents the
1241 ability to disable interrupts from user space which would be
1242 granted if the hardware IOPL mechanism would be used.
1245 tristate "Toshiba Laptop support"
1248 This adds a driver to safely access the System Management Mode of
1249 the CPU on Toshiba portables with a genuine Toshiba BIOS. It does
1250 not work on models with a Phoenix BIOS. The System Management Mode
1251 is used to set the BIOS and power saving options on Toshiba portables.
1253 For information on utilities to make use of this driver see the
1254 Toshiba Linux utilities web site at:
1255 <http://www.buzzard.org.uk/toshiba/>.
1257 Say Y if you intend to run this kernel on a Toshiba portable.
1261 tristate "Dell i8k legacy laptop support"
1263 select SENSORS_DELL_SMM
1265 This option enables legacy /proc/i8k userspace interface in hwmon
1266 dell-smm-hwmon driver. Character file /proc/i8k reports bios version,
1267 temperature and allows controlling fan speeds of Dell laptops via
1268 System Management Mode. For old Dell laptops (like Dell Inspiron 8000)
1269 it reports also power and hotkey status. For fan speed control is
1270 needed userspace package i8kutils.
1272 Say Y if you intend to run this kernel on old Dell laptops or want to
1273 use userspace package i8kutils.
1276 config X86_REBOOTFIXUPS
1277 bool "Enable X86 board specific fixups for reboot"
1280 This enables chipset and/or board specific fixups to be done
1281 in order to get reboot to work correctly. This is only needed on
1282 some combinations of hardware and BIOS. The symptom, for which
1283 this config is intended, is when reboot ends with a stalled/hung
1286 Currently, the only fixup is for the Geode machines using
1287 CS5530A and CS5536 chipsets and the RDC R-321x SoC.
1289 Say Y if you want to enable the fixup. Currently, it's safe to
1290 enable this option even if you don't need it.
1294 bool "CPU microcode loading support"
1296 depends on CPU_SUP_AMD || CPU_SUP_INTEL
1299 If you say Y here, you will be able to update the microcode on
1300 Intel and AMD processors. The Intel support is for the IA32 family,
1301 e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, Xeon etc. The
1302 AMD support is for families 0x10 and later. You will obviously need
1303 the actual microcode binary data itself which is not shipped with
1306 The preferred method to load microcode from a detached initrd is described
1307 in Documentation/x86/microcode.rst. For that you need to enable
1308 CONFIG_BLK_DEV_INITRD in order for the loader to be able to scan the
1309 initrd for microcode blobs.
1311 In addition, you can build the microcode into the kernel. For that you
1312 need to add the vendor-supplied microcode to the CONFIG_EXTRA_FIRMWARE
1315 config MICROCODE_INTEL
1316 bool "Intel microcode loading support"
1317 depends on MICROCODE
1321 This options enables microcode patch loading support for Intel
1324 For the current Intel microcode data package go to
1325 <https://downloadcenter.intel.com> and search for
1326 'Linux Processor Microcode Data File'.
1328 config MICROCODE_AMD
1329 bool "AMD microcode loading support"
1330 depends on MICROCODE
1333 If you select this option, microcode patch loading support for AMD
1334 processors will be enabled.
1336 config MICROCODE_OLD_INTERFACE
1337 bool "Ancient loading interface (DEPRECATED)"
1339 depends on MICROCODE
1341 DO NOT USE THIS! This is the ancient /dev/cpu/microcode interface
1342 which was used by userspace tools like iucode_tool and microcode.ctl.
1343 It is inadequate because it runs too late to be able to properly
1344 load microcode on a machine and it needs special tools. Instead, you
1345 should've switched to the early loading method with the initrd or
1346 builtin microcode by now: Documentation/x86/microcode.rst
1349 tristate "/dev/cpu/*/msr - Model-specific register support"
1351 This device gives privileged processes access to the x86
1352 Model-Specific Registers (MSRs). It is a character device with
1353 major 202 and minors 0 to 31 for /dev/cpu/0/msr to /dev/cpu/31/msr.
1354 MSR accesses are directed to a specific CPU on multi-processor
1358 tristate "/dev/cpu/*/cpuid - CPU information support"
1360 This device gives processes access to the x86 CPUID instruction to
1361 be executed on a specific processor. It is a character device
1362 with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
1366 prompt "High Memory Support"
1373 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
1374 However, the address space of 32-bit x86 processors is only 4
1375 Gigabytes large. That means that, if you have a large amount of
1376 physical memory, not all of it can be "permanently mapped" by the
1377 kernel. The physical memory that's not permanently mapped is called
1380 If you are compiling a kernel which will never run on a machine with
1381 more than 1 Gigabyte total physical RAM, answer "off" here (default
1382 choice and suitable for most users). This will result in a "3GB/1GB"
1383 split: 3GB are mapped so that each process sees a 3GB virtual memory
1384 space and the remaining part of the 4GB virtual memory space is used
1385 by the kernel to permanently map as much physical memory as
1388 If the machine has between 1 and 4 Gigabytes physical RAM, then
1391 If more than 4 Gigabytes is used then answer "64GB" here. This
1392 selection turns Intel PAE (Physical Address Extension) mode on.
1393 PAE implements 3-level paging on IA32 processors. PAE is fully
1394 supported by Linux, PAE mode is implemented on all recent Intel
1395 processors (Pentium Pro and better). NOTE: If you say "64GB" here,
1396 then the kernel will not boot on CPUs that don't support PAE!
1398 The actual amount of total physical memory will either be
1399 auto detected or can be forced by using a kernel command line option
1400 such as "mem=256M". (Try "man bootparam" or see the documentation of
1401 your boot loader (lilo or loadlin) about how to pass options to the
1402 kernel at boot time.)
1404 If unsure, say "off".
1409 Select this if you have a 32-bit processor and between 1 and 4
1410 gigabytes of physical RAM.
1414 depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !WINCHIP3D && !MK6
1417 Select this if you have a 32-bit processor and more than 4
1418 gigabytes of physical RAM.
1423 prompt "Memory split" if EXPERT
1427 Select the desired split between kernel and user memory.
1429 If the address range available to the kernel is less than the
1430 physical memory installed, the remaining memory will be available
1431 as "high memory". Accessing high memory is a little more costly
1432 than low memory, as it needs to be mapped into the kernel first.
1433 Note that increasing the kernel address space limits the range
1434 available to user programs, making the address space there
1435 tighter. Selecting anything other than the default 3G/1G split
1436 will also likely make your kernel incompatible with binary-only
1439 If you are not absolutely sure what you are doing, leave this
1443 bool "3G/1G user/kernel split"
1444 config VMSPLIT_3G_OPT
1446 bool "3G/1G user/kernel split (for full 1G low memory)"
1448 bool "2G/2G user/kernel split"
1449 config VMSPLIT_2G_OPT
1451 bool "2G/2G user/kernel split (for full 2G low memory)"
1453 bool "1G/3G user/kernel split"
1458 default 0xB0000000 if VMSPLIT_3G_OPT
1459 default 0x80000000 if VMSPLIT_2G
1460 default 0x78000000 if VMSPLIT_2G_OPT
1461 default 0x40000000 if VMSPLIT_1G
1467 depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
1470 bool "PAE (Physical Address Extension) Support"
1471 depends on X86_32 && !HIGHMEM4G
1472 select PHYS_ADDR_T_64BIT
1475 PAE is required for NX support, and furthermore enables
1476 larger swapspace support for non-overcommit purposes. It
1477 has the cost of more pagetable lookup overhead, and also
1478 consumes more pagetable space per process.
1481 bool "Enable 5-level page tables support"
1483 select DYNAMIC_MEMORY_LAYOUT
1484 select SPARSEMEM_VMEMMAP
1487 5-level paging enables access to larger address space:
1488 upto 128 PiB of virtual address space and 4 PiB of
1489 physical address space.
1491 It will be supported by future Intel CPUs.
1493 A kernel with the option enabled can be booted on machines that
1494 support 4- or 5-level paging.
1496 See Documentation/x86/x86_64/5level-paging.rst for more
1501 config X86_DIRECT_GBPAGES
1505 Certain kernel features effectively disable kernel
1506 linear 1 GB mappings (even if the CPU otherwise
1507 supports them), so don't confuse the user by printing
1508 that we have them enabled.
1510 config X86_CPA_STATISTICS
1511 bool "Enable statistic for Change Page Attribute"
1514 Expose statistics about the Change Page Attribute mechanims, which
1515 helps to determine the effectiveness of preserving large and huge
1516 page mappings when mapping protections are changed.
1518 config AMD_MEM_ENCRYPT
1519 bool "AMD Secure Memory Encryption (SME) support"
1520 depends on X86_64 && CPU_SUP_AMD
1521 select DYNAMIC_PHYSICAL_MASK
1522 select ARCH_USE_MEMREMAP_PROT
1523 select ARCH_HAS_FORCE_DMA_UNENCRYPTED
1525 Say yes to enable support for the encryption of system memory.
1526 This requires an AMD processor that supports Secure Memory
1529 config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
1530 bool "Activate AMD Secure Memory Encryption (SME) by default"
1532 depends on AMD_MEM_ENCRYPT
1534 Say yes to have system memory encrypted by default if running on
1535 an AMD processor that supports Secure Memory Encryption (SME).
1537 If set to Y, then the encryption of system memory can be
1538 deactivated with the mem_encrypt=off command line option.
1540 If set to N, then the encryption of system memory can be
1541 activated with the mem_encrypt=on command line option.
1543 # Common NUMA Features
1545 bool "Numa Memory Allocation and Scheduler Support"
1547 depends on X86_64 || (X86_32 && HIGHMEM64G && X86_BIGSMP)
1548 default y if X86_BIGSMP
1550 Enable NUMA (Non Uniform Memory Access) support.
1552 The kernel will try to allocate memory used by a CPU on the
1553 local memory controller of the CPU and add some more
1554 NUMA awareness to the kernel.
1556 For 64-bit this is recommended if the system is Intel Core i7
1557 (or later), AMD Opteron, or EM64T NUMA.
1559 For 32-bit this is only needed if you boot a 32-bit
1560 kernel on a 64-bit NUMA platform.
1562 Otherwise, you should say N.
1566 prompt "Old style AMD Opteron NUMA detection"
1567 depends on X86_64 && NUMA && PCI
1569 Enable AMD NUMA node topology detection. You should say Y here if
1570 you have a multi processor AMD system. This uses an old method to
1571 read the NUMA configuration directly from the builtin Northbridge
1572 of Opteron. It is recommended to use X86_64_ACPI_NUMA instead,
1573 which also takes priority if both are compiled in.
1575 config X86_64_ACPI_NUMA
1577 prompt "ACPI NUMA detection"
1578 depends on X86_64 && NUMA && ACPI && PCI
1581 Enable ACPI SRAT based node topology detection.
1583 # Some NUMA nodes have memory ranges that span
1584 # other nodes. Even though a pfn is valid and
1585 # between a node's start and end pfns, it may not
1586 # reside on that node. See memmap_init_zone()
1588 config NODES_SPAN_OTHER_NODES
1590 depends on X86_64_ACPI_NUMA
1593 bool "NUMA emulation"
1596 Enable NUMA emulation. A flat machine will be split
1597 into virtual nodes when booted with "numa=fake=N", where N is the
1598 number of nodes. This is only useful for debugging.
1601 int "Maximum NUMA Nodes (as a power of 2)" if !MAXSMP
1603 default "10" if MAXSMP
1604 default "6" if X86_64
1606 depends on NEED_MULTIPLE_NODES
1608 Specify the maximum number of NUMA Nodes available on the target
1609 system. Increases memory reserved to accommodate various tables.
1611 config ARCH_HAVE_MEMORY_PRESENT
1613 depends on X86_32 && DISCONTIGMEM
1615 config ARCH_FLATMEM_ENABLE
1617 depends on X86_32 && !NUMA
1619 config ARCH_DISCONTIGMEM_ENABLE
1621 depends on NUMA && X86_32
1624 config ARCH_SPARSEMEM_ENABLE
1626 depends on X86_64 || NUMA || X86_32 || X86_32_NON_STANDARD
1627 select SPARSEMEM_STATIC if X86_32
1628 select SPARSEMEM_VMEMMAP_ENABLE if X86_64
1630 config ARCH_SPARSEMEM_DEFAULT
1631 def_bool X86_64 || (NUMA && X86_32)
1633 config ARCH_SELECT_MEMORY_MODEL
1635 depends on ARCH_SPARSEMEM_ENABLE
1637 config ARCH_MEMORY_PROBE
1638 bool "Enable sysfs memory/probe interface"
1639 depends on X86_64 && MEMORY_HOTPLUG
1641 This option enables a sysfs memory/probe interface for testing.
1642 See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
1643 If you are unsure how to answer this question, answer N.
1645 config ARCH_PROC_KCORE_TEXT
1647 depends on X86_64 && PROC_KCORE
1649 config ILLEGAL_POINTER_VALUE
1652 default 0xdead000000000000 if X86_64
1654 config X86_PMEM_LEGACY_DEVICE
1657 config X86_PMEM_LEGACY
1658 tristate "Support non-standard NVDIMMs and ADR protected memory"
1659 depends on PHYS_ADDR_T_64BIT
1661 select X86_PMEM_LEGACY_DEVICE
1664 Treat memory marked using the non-standard e820 type of 12 as used
1665 by the Intel Sandy Bridge-EP reference BIOS as protected memory.
1666 The kernel will offer these regions to the 'pmem' driver so
1667 they can be used for persistent storage.
1672 bool "Allocate 3rd-level pagetables from highmem"
1675 The VM uses one page table entry for each page of physical memory.
1676 For systems with a lot of RAM, this can be wasteful of precious
1677 low memory. Setting this option will put user-space page table
1678 entries in high memory.
1680 config X86_CHECK_BIOS_CORRUPTION
1681 bool "Check for low memory corruption"
1683 Periodically check for memory corruption in low memory, which
1684 is suspected to be caused by BIOS. Even when enabled in the
1685 configuration, it is disabled at runtime. Enable it by
1686 setting "memory_corruption_check=1" on the kernel command
1687 line. By default it scans the low 64k of memory every 60
1688 seconds; see the memory_corruption_check_size and
1689 memory_corruption_check_period parameters in
1690 Documentation/admin-guide/kernel-parameters.rst to adjust this.
1692 When enabled with the default parameters, this option has
1693 almost no overhead, as it reserves a relatively small amount
1694 of memory and scans it infrequently. It both detects corruption
1695 and prevents it from affecting the running system.
1697 It is, however, intended as a diagnostic tool; if repeatable
1698 BIOS-originated corruption always affects the same memory,
1699 you can use memmap= to prevent the kernel from using that
1702 config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
1703 bool "Set the default setting of memory_corruption_check"
1704 depends on X86_CHECK_BIOS_CORRUPTION
1707 Set whether the default state of memory_corruption_check is
1710 config X86_RESERVE_LOW
1711 int "Amount of low memory, in kilobytes, to reserve for the BIOS"
1715 Specify the amount of low memory to reserve for the BIOS.
1717 The first page contains BIOS data structures that the kernel
1718 must not use, so that page must always be reserved.
1720 By default we reserve the first 64K of physical RAM, as a
1721 number of BIOSes are known to corrupt that memory range
1722 during events such as suspend/resume or monitor cable
1723 insertion, so it must not be used by the kernel.
1725 You can set this to 4 if you are absolutely sure that you
1726 trust the BIOS to get all its memory reservations and usages
1727 right. If you know your BIOS have problems beyond the
1728 default 64K area, you can set this to 640 to avoid using the
1729 entire low memory range.
1731 If you have doubts about the BIOS (e.g. suspend/resume does
1732 not work or there's kernel crashes after certain hardware
1733 hotplug events) then you might want to enable
1734 X86_CHECK_BIOS_CORRUPTION=y to allow the kernel to check
1735 typical corruption patterns.
1737 Leave this to the default value of 64 if you are unsure.
1739 config MATH_EMULATION
1741 depends on MODIFY_LDT_SYSCALL
1742 prompt "Math emulation" if X86_32 && (M486SX || MELAN)
1744 Linux can emulate a math coprocessor (used for floating point
1745 operations) if you don't have one. 486DX and Pentium processors have
1746 a math coprocessor built in, 486SX and 386 do not, unless you added
1747 a 487DX or 387, respectively. (The messages during boot time can
1748 give you some hints here ["man dmesg"].) Everyone needs either a
1749 coprocessor or this emulation.
1751 If you don't have a math coprocessor, you need to say Y here; if you
1752 say Y here even though you have a coprocessor, the coprocessor will
1753 be used nevertheless. (This behavior can be changed with the kernel
1754 command line option "no387", which comes handy if your coprocessor
1755 is broken. Try "man bootparam" or see the documentation of your boot
1756 loader (lilo or loadlin) about how to pass options to the kernel at
1757 boot time.) This means that it is a good idea to say Y here if you
1758 intend to use this kernel on different machines.
1760 More information about the internals of the Linux math coprocessor
1761 emulation can be found in <file:arch/x86/math-emu/README>.
1763 If you are not sure, say Y; apart from resulting in a 66 KB bigger
1764 kernel, it won't hurt.
1768 prompt "MTRR (Memory Type Range Register) support" if EXPERT
1770 On Intel P6 family processors (Pentium Pro, Pentium II and later)
1771 the Memory Type Range Registers (MTRRs) may be used to control
1772 processor access to memory ranges. This is most useful if you have
1773 a video (VGA) card on a PCI or AGP bus. Enabling write-combining
1774 allows bus write transfers to be combined into a larger transfer
1775 before bursting over the PCI/AGP bus. This can increase performance
1776 of image write operations 2.5 times or more. Saying Y here creates a
1777 /proc/mtrr file which may be used to manipulate your processor's
1778 MTRRs. Typically the X server should use this.
1780 This code has a reasonably generic interface so that similar
1781 control registers on other processors can be easily supported
1784 The Cyrix 6x86, 6x86MX and M II processors have Address Range
1785 Registers (ARRs) which provide a similar functionality to MTRRs. For
1786 these, the ARRs are used to emulate the MTRRs.
1787 The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
1788 MTRRs. The Centaur C6 (WinChip) has 8 MCRs, allowing
1789 write-combining. All of these processors are supported by this code
1790 and it makes sense to say Y here if you have one of them.
1792 Saying Y here also fixes a problem with buggy SMP BIOSes which only
1793 set the MTRRs for the boot CPU and not for the secondary CPUs. This
1794 can lead to all sorts of problems, so it's good to say Y here.
1796 You can safely say Y even if your machine doesn't have MTRRs, you'll
1797 just add about 9 KB to your kernel.
1799 See <file:Documentation/x86/mtrr.rst> for more information.
1801 config MTRR_SANITIZER
1803 prompt "MTRR cleanup support"
1806 Convert MTRR layout from continuous to discrete, so X drivers can
1807 add writeback entries.
1809 Can be disabled with disable_mtrr_cleanup on the kernel command line.
1810 The largest mtrr entry size for a continuous block can be set with
1815 config MTRR_SANITIZER_ENABLE_DEFAULT
1816 int "MTRR cleanup enable value (0-1)"
1819 depends on MTRR_SANITIZER
1821 Enable mtrr cleanup default value
1823 config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
1824 int "MTRR cleanup spare reg num (0-7)"
1827 depends on MTRR_SANITIZER
1829 mtrr cleanup spare entries default, it can be changed via
1830 mtrr_spare_reg_nr=N on the kernel command line.
1834 prompt "x86 PAT support" if EXPERT
1837 Use PAT attributes to setup page level cache control.
1839 PATs are the modern equivalents of MTRRs and are much more
1840 flexible than MTRRs.
1842 Say N here if you see bootup problems (boot crash, boot hang,
1843 spontaneous reboots) or a non-working video driver.
1847 config ARCH_USES_PG_UNCACHED
1853 prompt "x86 architectural random number generator" if EXPERT
1855 Enable the x86 architectural RDRAND instruction
1856 (Intel Bull Mountain technology) to generate random numbers.
1857 If supported, this is a high bandwidth, cryptographically
1858 secure hardware random number generator.
1862 prompt "Supervisor Mode Access Prevention" if EXPERT
1864 Supervisor Mode Access Prevention (SMAP) is a security
1865 feature in newer Intel processors. There is a small
1866 performance cost if this enabled and turned on; there is
1867 also a small increase in the kernel size if this is enabled.
1873 depends on CPU_SUP_INTEL || CPU_SUP_AMD
1874 prompt "User Mode Instruction Prevention" if EXPERT
1876 User Mode Instruction Prevention (UMIP) is a security feature in
1877 some x86 processors. If enabled, a general protection fault is
1878 issued if the SGDT, SLDT, SIDT, SMSW or STR instructions are
1879 executed in user mode. These instructions unnecessarily expose
1880 information about the hardware state.
1882 The vast majority of applications do not use these instructions.
1883 For the very few that do, software emulation is provided in
1884 specific cases in protected and virtual-8086 modes. Emulated
1887 config X86_INTEL_MPX
1888 prompt "Intel MPX (Memory Protection Extensions)"
1890 # Note: only available in 64-bit mode due to VMA flags shortage
1891 depends on CPU_SUP_INTEL && X86_64
1892 select ARCH_USES_HIGH_VMA_FLAGS
1894 MPX provides hardware features that can be used in
1895 conjunction with compiler-instrumented code to check
1896 memory references. It is designed to detect buffer
1897 overflow or underflow bugs.
1899 This option enables running applications which are
1900 instrumented or otherwise use MPX. It does not use MPX
1901 itself inside the kernel or to protect the kernel
1902 against bad memory references.
1904 Enabling this option will make the kernel larger:
1905 ~8k of kernel text and 36 bytes of data on a 64-bit
1906 defconfig. It adds a long to the 'mm_struct' which
1907 will increase the kernel memory overhead of each
1908 process and adds some branches to paths used during
1909 exec() and munmap().
1911 For details, see Documentation/x86/intel_mpx.rst
1915 config X86_INTEL_MEMORY_PROTECTION_KEYS
1916 prompt "Intel Memory Protection Keys"
1918 # Note: only available in 64-bit mode
1919 depends on CPU_SUP_INTEL && X86_64
1920 select ARCH_USES_HIGH_VMA_FLAGS
1921 select ARCH_HAS_PKEYS
1923 Memory Protection Keys provides a mechanism for enforcing
1924 page-based protections, but without requiring modification of the
1925 page tables when an application changes protection domains.
1927 For details, see Documentation/core-api/protection-keys.rst
1932 prompt "TSX enable mode"
1933 depends on CPU_SUP_INTEL
1934 default X86_INTEL_TSX_MODE_OFF
1936 Intel's TSX (Transactional Synchronization Extensions) feature
1937 allows to optimize locking protocols through lock elision which
1938 can lead to a noticeable performance boost.
1940 On the other hand it has been shown that TSX can be exploited
1941 to form side channel attacks (e.g. TAA) and chances are there
1942 will be more of those attacks discovered in the future.
1944 Therefore TSX is not enabled by default (aka tsx=off). An admin
1945 might override this decision by tsx=on the command line parameter.
1946 Even with TSX enabled, the kernel will attempt to enable the best
1947 possible TAA mitigation setting depending on the microcode available
1948 for the particular machine.
1950 This option allows to set the default tsx mode between tsx=on, =off
1951 and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
1954 Say off if not sure, auto if TSX is in use but it should be used on safe
1955 platforms or on if TSX is in use and the security aspect of tsx is not
1958 config X86_INTEL_TSX_MODE_OFF
1961 TSX is disabled if possible - equals to tsx=off command line parameter.
1963 config X86_INTEL_TSX_MODE_ON
1966 TSX is always enabled on TSX capable HW - equals the tsx=on command
1969 config X86_INTEL_TSX_MODE_AUTO
1972 TSX is enabled on TSX capable HW that is believed to be safe against
1973 side channel attacks- equals the tsx=auto command line parameter.
1977 bool "EFI runtime service support"
1980 select EFI_RUNTIME_WRAPPERS
1982 This enables the kernel to use EFI runtime services that are
1983 available (such as the EFI variable services).
1985 This option is only useful on systems that have EFI firmware.
1986 In addition, you should use the latest ELILO loader available
1987 at <http://elilo.sourceforge.net> in order to take advantage
1988 of EFI runtime services. However, even with this option, the
1989 resultant kernel should continue to boot on existing non-EFI
1993 bool "EFI stub support"
1994 depends on EFI && !X86_USE_3DNOW
1997 This kernel feature allows a bzImage to be loaded directly
1998 by EFI firmware without the use of a bootloader.
2000 See Documentation/admin-guide/efi-stub.rst for more information.
2003 bool "EFI mixed-mode support"
2004 depends on EFI_STUB && X86_64
2006 Enabling this feature allows a 64-bit kernel to be booted
2007 on a 32-bit firmware, provided that your CPU supports 64-bit
2010 Note that it is not possible to boot a mixed-mode enabled
2011 kernel via the EFI boot stub - a bootloader that supports
2012 the EFI handover protocol must be used.
2018 prompt "Enable seccomp to safely compute untrusted bytecode"
2020 This kernel feature is useful for number crunching applications
2021 that may need to compute untrusted bytecode during their
2022 execution. By using pipes or other transports made available to
2023 the process as file descriptors supporting the read/write
2024 syscalls, it's possible to isolate those applications in
2025 their own address space using seccomp. Once seccomp is
2026 enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
2027 and the task is only allowed to execute a few safe syscalls
2028 defined by each seccomp mode.
2030 If unsure, say Y. Only embedded should say N here.
2032 source "kernel/Kconfig.hz"
2035 bool "kexec system call"
2038 kexec is a system call that implements the ability to shutdown your
2039 current kernel, and to start another kernel. It is like a reboot
2040 but it is independent of the system firmware. And like a reboot
2041 you can start any kernel with it, not just Linux.
2043 The name comes from the similarity to the exec system call.
2045 It is an ongoing process to be certain the hardware in a machine
2046 is properly shutdown, so do not be surprised if this code does not
2047 initially work for you. As of this writing the exact hardware
2048 interface is strongly in flux, so no good recommendation can be
2052 bool "kexec file based system call"
2057 depends on CRYPTO_SHA256=y
2059 This is new version of kexec system call. This system call is
2060 file based and takes file descriptors as system call argument
2061 for kernel and initramfs as opposed to list of segments as
2062 accepted by previous system call.
2064 config ARCH_HAS_KEXEC_PURGATORY
2068 bool "Verify kernel signature during kexec_file_load() syscall"
2069 depends on KEXEC_FILE
2072 This option makes the kexec_file_load() syscall check for a valid
2073 signature of the kernel image. The image can still be loaded without
2074 a valid signature unless you also enable KEXEC_SIG_FORCE, though if
2075 there's a signature that we can check, then it must be valid.
2077 In addition to this option, you need to enable signature
2078 verification for the corresponding kernel image type being
2079 loaded in order for this to work.
2081 config KEXEC_SIG_FORCE
2082 bool "Require a valid signature in kexec_file_load() syscall"
2083 depends on KEXEC_SIG
2085 This option makes kernel signature verification mandatory for
2086 the kexec_file_load() syscall.
2088 config KEXEC_BZIMAGE_VERIFY_SIG
2089 bool "Enable bzImage signature verification support"
2090 depends on KEXEC_SIG
2091 depends on SIGNED_PE_FILE_VERIFICATION
2092 select SYSTEM_TRUSTED_KEYRING
2094 Enable bzImage signature verification support.
2097 bool "kernel crash dumps"
2098 depends on X86_64 || (X86_32 && HIGHMEM)
2100 Generate crash dump after being started by kexec.
2101 This should be normally only set in special crash dump kernels
2102 which are loaded in the main kernel with kexec-tools into
2103 a specially reserved region and then later executed after
2104 a crash by kdump/kexec. The crash dump kernel must be compiled
2105 to a memory address not used by the main kernel or BIOS using
2106 PHYSICAL_START, or it must be built as a relocatable image
2107 (CONFIG_RELOCATABLE=y).
2108 For more details see Documentation/admin-guide/kdump/kdump.rst
2112 depends on KEXEC && HIBERNATION
2114 Jump between original kernel and kexeced kernel and invoke
2115 code in physical address mode via KEXEC
2117 config PHYSICAL_START
2118 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
2121 This gives the physical address where the kernel is loaded.
2123 If kernel is a not relocatable (CONFIG_RELOCATABLE=n) then
2124 bzImage will decompress itself to above physical address and
2125 run from there. Otherwise, bzImage will run from the address where
2126 it has been loaded by the boot loader and will ignore above physical
2129 In normal kdump cases one does not have to set/change this option
2130 as now bzImage can be compiled as a completely relocatable image
2131 (CONFIG_RELOCATABLE=y) and be used to load and run from a different
2132 address. This option is mainly useful for the folks who don't want
2133 to use a bzImage for capturing the crash dump and want to use a
2134 vmlinux instead. vmlinux is not relocatable hence a kernel needs
2135 to be specifically compiled to run from a specific memory area
2136 (normally a reserved region) and this option comes handy.
2138 So if you are using bzImage for capturing the crash dump,
2139 leave the value here unchanged to 0x1000000 and set
2140 CONFIG_RELOCATABLE=y. Otherwise if you plan to use vmlinux
2141 for capturing the crash dump change this value to start of
2142 the reserved region. In other words, it can be set based on
2143 the "X" value as specified in the "crashkernel=YM@XM"
2144 command line boot parameter passed to the panic-ed
2145 kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
2146 for more details about crash dumps.
2148 Usage of bzImage for capturing the crash dump is recommended as
2149 one does not have to build two kernels. Same kernel can be used
2150 as production kernel and capture kernel. Above option should have
2151 gone away after relocatable bzImage support is introduced. But it
2152 is present because there are users out there who continue to use
2153 vmlinux for dump capture. This option should go away down the
2156 Don't change this unless you know what you are doing.
2159 bool "Build a relocatable kernel"
2162 This builds a kernel image that retains relocation information
2163 so it can be loaded someplace besides the default 1MB.
2164 The relocations tend to make the kernel binary about 10% larger,
2165 but are discarded at runtime.
2167 One use is for the kexec on panic case where the recovery kernel
2168 must live at a different physical address than the primary
2171 Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address
2172 it has been loaded at and the compile time physical address
2173 (CONFIG_PHYSICAL_START) is used as the minimum location.
2175 config RANDOMIZE_BASE
2176 bool "Randomize the address of the kernel image (KASLR)"
2177 depends on RELOCATABLE
2180 In support of Kernel Address Space Layout Randomization (KASLR),
2181 this randomizes the physical address at which the kernel image
2182 is decompressed and the virtual address where the kernel
2183 image is mapped, as a security feature that deters exploit
2184 attempts relying on knowledge of the location of kernel
2187 On 64-bit, the kernel physical and virtual addresses are
2188 randomized separately. The physical address will be anywhere
2189 between 16MB and the top of physical memory (up to 64TB). The
2190 virtual address will be randomized from 16MB up to 1GB (9 bits
2191 of entropy). Note that this also reduces the memory space
2192 available to kernel modules from 1.5GB to 1GB.
2194 On 32-bit, the kernel physical and virtual addresses are
2195 randomized together. They will be randomized from 16MB up to
2196 512MB (8 bits of entropy).
2198 Entropy is generated using the RDRAND instruction if it is
2199 supported. If RDTSC is supported, its value is mixed into
2200 the entropy pool as well. If neither RDRAND nor RDTSC are
2201 supported, then entropy is read from the i8254 timer. The
2202 usable entropy is limited by the kernel being built using
2203 2GB addressing, and that PHYSICAL_ALIGN must be at a
2204 minimum of 2MB. As a result, only 10 bits of entropy are
2205 theoretically possible, but the implementations are further
2206 limited due to memory layouts.
2210 # Relocation on x86 needs some additional build support
2211 config X86_NEED_RELOCS
2213 depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE)
2215 config PHYSICAL_ALIGN
2216 hex "Alignment value to which kernel should be aligned"
2218 range 0x2000 0x1000000 if X86_32
2219 range 0x200000 0x1000000 if X86_64
2221 This value puts the alignment restrictions on physical address
2222 where kernel is loaded and run from. Kernel is compiled for an
2223 address which meets above alignment restriction.
2225 If bootloader loads the kernel at a non-aligned address and
2226 CONFIG_RELOCATABLE is set, kernel will move itself to nearest
2227 address aligned to above value and run from there.
2229 If bootloader loads the kernel at a non-aligned address and
2230 CONFIG_RELOCATABLE is not set, kernel will ignore the run time
2231 load address and decompress itself to the address it has been
2232 compiled for and run from there. The address for which kernel is
2233 compiled already meets above alignment restrictions. Hence the
2234 end result is that kernel runs from a physical address meeting
2235 above alignment restrictions.
2237 On 32-bit this value must be a multiple of 0x2000. On 64-bit
2238 this value must be a multiple of 0x200000.
2240 Don't change this unless you know what you are doing.
2242 config DYNAMIC_MEMORY_LAYOUT
2245 This option makes base addresses of vmalloc and vmemmap as well as
2246 __PAGE_OFFSET movable during boot.
2248 config RANDOMIZE_MEMORY
2249 bool "Randomize the kernel memory sections"
2251 depends on RANDOMIZE_BASE
2252 select DYNAMIC_MEMORY_LAYOUT
2253 default RANDOMIZE_BASE
2255 Randomizes the base virtual address of kernel memory sections
2256 (physical memory mapping, vmalloc & vmemmap). This security feature
2257 makes exploits relying on predictable memory locations less reliable.
2259 The order of allocations remains unchanged. Entropy is generated in
2260 the same way as RANDOMIZE_BASE. Current implementation in the optimal
2261 configuration have in average 30,000 different possible virtual
2262 addresses for each memory section.
2266 config RANDOMIZE_MEMORY_PHYSICAL_PADDING
2267 hex "Physical memory mapping padding" if EXPERT
2268 depends on RANDOMIZE_MEMORY
2269 default "0xa" if MEMORY_HOTPLUG
2271 range 0x1 0x40 if MEMORY_HOTPLUG
2274 Define the padding in terabytes added to the existing physical
2275 memory size during kernel memory randomization. It is useful
2276 for memory hotplug support but reduces the entropy available for
2277 address randomization.
2279 If unsure, leave at the default value.
2285 config BOOTPARAM_HOTPLUG_CPU0
2286 bool "Set default setting of cpu0_hotpluggable"
2287 depends on HOTPLUG_CPU
2289 Set whether default state of cpu0_hotpluggable is on or off.
2291 Say Y here to enable CPU0 hotplug by default. If this switch
2292 is turned on, there is no need to give cpu0_hotplug kernel
2293 parameter and the CPU0 hotplug feature is enabled by default.
2295 Please note: there are two known CPU0 dependencies if you want
2296 to enable the CPU0 hotplug feature either by this switch or by
2297 cpu0_hotplug kernel parameter.
2299 First, resume from hibernate or suspend always starts from CPU0.
2300 So hibernate and suspend are prevented if CPU0 is offline.
2302 Second dependency is PIC interrupts always go to CPU0. CPU0 can not
2303 offline if any interrupt can not migrate out of CPU0. There may
2304 be other CPU0 dependencies.
2306 Please make sure the dependencies are under your control before
2307 you enable this feature.
2309 Say N if you don't want to enable CPU0 hotplug feature by default.
2310 You still can enable the CPU0 hotplug feature at boot by kernel
2311 parameter cpu0_hotplug.
2313 config DEBUG_HOTPLUG_CPU0
2315 prompt "Debug CPU0 hotplug"
2316 depends on HOTPLUG_CPU
2318 Enabling this option offlines CPU0 (if CPU0 can be offlined) as
2319 soon as possible and boots up userspace with CPU0 offlined. User
2320 can online CPU0 back after boot time.
2322 To debug CPU0 hotplug, you need to enable CPU0 offline/online
2323 feature by either turning on CONFIG_BOOTPARAM_HOTPLUG_CPU0 during
2324 compilation or giving cpu0_hotplug kernel parameter at boot.
2330 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
2331 depends on COMPAT_32
2333 Certain buggy versions of glibc will crash if they are
2334 presented with a 32-bit vDSO that is not mapped at the address
2335 indicated in its segment table.
2337 The bug was introduced by f866314b89d56845f55e6f365e18b31ec978ec3a
2338 and fixed by 3b3ddb4f7db98ec9e912ccdf54d35df4aa30e04a and
2339 49ad572a70b8aeb91e57483a11dd1b77e31c4468. Glibc 2.3.3 is
2340 the only released version with the bug, but OpenSUSE 9
2341 contains a buggy "glibc 2.3.2".
2343 The symptom of the bug is that everything crashes on startup, saying:
2344 dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
2346 Saying Y here changes the default value of the vdso32 boot
2347 option from 1 to 0, which turns off the 32-bit vDSO entirely.
2348 This works around the glibc bug but hurts performance.
2350 If unsure, say N: if you are compiling your own kernel, you
2351 are unlikely to be using a buggy version of glibc.
2354 prompt "vsyscall table for legacy applications"
2356 default LEGACY_VSYSCALL_XONLY
2358 Legacy user code that does not know how to find the vDSO expects
2359 to be able to issue three syscalls by calling fixed addresses in
2360 kernel space. Since this location is not randomized with ASLR,
2361 it can be used to assist security vulnerability exploitation.
2363 This setting can be changed at boot time via the kernel command
2364 line parameter vsyscall=[emulate|xonly|none].
2366 On a system with recent enough glibc (2.14 or newer) and no
2367 static binaries, you can say None without a performance penalty
2368 to improve security.
2370 If unsure, select "Emulate execution only".
2372 config LEGACY_VSYSCALL_EMULATE
2373 bool "Full emulation"
2375 The kernel traps and emulates calls into the fixed vsyscall
2376 address mapping. This makes the mapping non-executable, but
2377 it still contains readable known contents, which could be
2378 used in certain rare security vulnerability exploits. This
2379 configuration is recommended when using legacy userspace
2380 that still uses vsyscalls along with legacy binary
2381 instrumentation tools that require code to be readable.
2383 An example of this type of legacy userspace is running
2384 Pin on an old binary that still uses vsyscalls.
2386 config LEGACY_VSYSCALL_XONLY
2387 bool "Emulate execution only"
2389 The kernel traps and emulates calls into the fixed vsyscall
2390 address mapping and does not allow reads. This
2391 configuration is recommended when userspace might use the
2392 legacy vsyscall area but support for legacy binary
2393 instrumentation of legacy code is not needed. It mitigates
2394 certain uses of the vsyscall area as an ASLR-bypassing
2397 config LEGACY_VSYSCALL_NONE
2400 There will be no vsyscall mapping at all. This will
2401 eliminate any risk of ASLR bypass due to the vsyscall
2402 fixed address mapping. Attempts to use the vsyscalls
2403 will be reported to dmesg, so that either old or
2404 malicious userspace programs can be identified.
2409 bool "Built-in kernel command line"
2411 Allow for specifying boot arguments to the kernel at
2412 build time. On some systems (e.g. embedded ones), it is
2413 necessary or convenient to provide some or all of the
2414 kernel boot arguments with the kernel itself (that is,
2415 to not rely on the boot loader to provide them.)
2417 To compile command line arguments into the kernel,
2418 set this option to 'Y', then fill in the
2419 boot arguments in CONFIG_CMDLINE.
2421 Systems with fully functional boot loaders (i.e. non-embedded)
2422 should leave this option set to 'N'.
2425 string "Built-in kernel command string"
2426 depends on CMDLINE_BOOL
2429 Enter arguments here that should be compiled into the kernel
2430 image and used at boot time. If the boot loader provides a
2431 command line at boot time, it is appended to this string to
2432 form the full kernel command line, when the system boots.
2434 However, you can use the CONFIG_CMDLINE_OVERRIDE option to
2435 change this behavior.
2437 In most cases, the command line (whether built-in or provided
2438 by the boot loader) should specify the device for the root
2441 config CMDLINE_OVERRIDE
2442 bool "Built-in command line overrides boot loader arguments"
2443 depends on CMDLINE_BOOL
2445 Set this option to 'Y' to have the kernel ignore the boot loader
2446 command line, and use ONLY the built-in command line.
2448 This is used to work around broken boot loaders. This should
2449 be set to 'N' under normal conditions.
2451 config MODIFY_LDT_SYSCALL
2452 bool "Enable the LDT (local descriptor table)" if EXPERT
2455 Linux can allow user programs to install a per-process x86
2456 Local Descriptor Table (LDT) using the modify_ldt(2) system
2457 call. This is required to run 16-bit or segmented code such as
2458 DOSEMU or some Wine programs. It is also used by some very old
2459 threading libraries.
2461 Enabling this feature adds a small amount of overhead to
2462 context switches and increases the low-level kernel attack
2463 surface. Disabling it removes the modify_ldt(2) system call.
2465 Saying 'N' here may make sense for embedded or server kernels.
2467 source "kernel/livepatch/Kconfig"
2471 config ARCH_HAS_ADD_PAGES
2473 depends on X86_64 && ARCH_ENABLE_MEMORY_HOTPLUG
2475 config ARCH_ENABLE_MEMORY_HOTPLUG
2477 depends on X86_64 || (X86_32 && HIGHMEM)
2479 config ARCH_ENABLE_MEMORY_HOTREMOVE
2481 depends on MEMORY_HOTPLUG
2483 config USE_PERCPU_NUMA_NODE_ID
2487 config ARCH_ENABLE_SPLIT_PMD_PTLOCK
2489 depends on X86_64 || X86_PAE
2491 config ARCH_ENABLE_HUGEPAGE_MIGRATION
2493 depends on X86_64 && HUGETLB_PAGE && MIGRATION
2495 config ARCH_ENABLE_THP_MIGRATION
2497 depends on X86_64 && TRANSPARENT_HUGEPAGE
2499 menu "Power management and ACPI options"
2501 config ARCH_HIBERNATION_HEADER
2503 depends on HIBERNATION
2505 source "kernel/power/Kconfig"
2507 source "drivers/acpi/Kconfig"
2509 source "drivers/sfi/Kconfig"
2516 tristate "APM (Advanced Power Management) BIOS support"
2517 depends on X86_32 && PM_SLEEP
2519 APM is a BIOS specification for saving power using several different
2520 techniques. This is mostly useful for battery powered laptops with
2521 APM compliant BIOSes. If you say Y here, the system time will be
2522 reset after a RESUME operation, the /proc/apm device will provide
2523 battery status information, and user-space programs will receive
2524 notification of APM "events" (e.g. battery status change).
2526 If you select "Y" here, you can disable actual use of the APM
2527 BIOS by passing the "apm=off" option to the kernel at boot time.
2529 Note that the APM support is almost completely disabled for
2530 machines with more than one CPU.
2532 In order to use APM, you will need supporting software. For location
2533 and more information, read <file:Documentation/power/apm-acpi.rst>
2534 and the Battery Powered Linux mini-HOWTO, available from
2535 <http://www.tldp.org/docs.html#howto>.
2537 This driver does not spin down disk drives (see the hdparm(8)
2538 manpage ("man 8 hdparm") for that), and it doesn't turn off
2539 VESA-compliant "green" monitors.
2541 This driver does not support the TI 4000M TravelMate and the ACER
2542 486/DX4/75 because they don't have compliant BIOSes. Many "green"
2543 desktop machines also don't have compliant BIOSes, and this driver
2544 may cause those machines to panic during the boot phase.
2546 Generally, if you don't have a battery in your machine, there isn't
2547 much point in using this driver and you should say N. If you get
2548 random kernel OOPSes or reboots that don't seem to be related to
2549 anything, try disabling/enabling this option (or disabling/enabling
2552 Some other things you should try when experiencing seemingly random,
2555 1) make sure that you have enough swap space and that it is
2557 2) pass the "no-hlt" option to the kernel
2558 3) switch on floating point emulation in the kernel and pass
2559 the "no387" option to the kernel
2560 4) pass the "floppy=nodma" option to the kernel
2561 5) pass the "mem=4M" option to the kernel (thereby disabling
2562 all but the first 4 MB of RAM)
2563 6) make sure that the CPU is not over clocked.
2564 7) read the sig11 FAQ at <http://www.bitwizard.nl/sig11/>
2565 8) disable the cache from your BIOS settings
2566 9) install a fan for the video card or exchange video RAM
2567 10) install a better fan for the CPU
2568 11) exchange RAM chips
2569 12) exchange the motherboard.
2571 To compile this driver as a module, choose M here: the
2572 module will be called apm.
2576 config APM_IGNORE_USER_SUSPEND
2577 bool "Ignore USER SUSPEND"
2579 This option will ignore USER SUSPEND requests. On machines with a
2580 compliant APM BIOS, you want to say N. However, on the NEC Versa M
2581 series notebooks, it is necessary to say Y because of a BIOS bug.
2583 config APM_DO_ENABLE
2584 bool "Enable PM at boot time"
2586 Enable APM features at boot time. From page 36 of the APM BIOS
2587 specification: "When disabled, the APM BIOS does not automatically
2588 power manage devices, enter the Standby State, enter the Suspend
2589 State, or take power saving steps in response to CPU Idle calls."
2590 This driver will make CPU Idle calls when Linux is idle (unless this
2591 feature is turned off -- see "Do CPU IDLE calls", below). This
2592 should always save battery power, but more complicated APM features
2593 will be dependent on your BIOS implementation. You may need to turn
2594 this option off if your computer hangs at boot time when using APM
2595 support, or if it beeps continuously instead of suspending. Turn
2596 this off if you have a NEC UltraLite Versa 33/C or a Toshiba
2597 T400CDT. This is off by default since most machines do fine without
2602 bool "Make CPU Idle calls when idle"
2604 Enable calls to APM CPU Idle/CPU Busy inside the kernel's idle loop.
2605 On some machines, this can activate improved power savings, such as
2606 a slowed CPU clock rate, when the machine is idle. These idle calls
2607 are made after the idle loop has run for some length of time (e.g.,
2608 333 mS). On some machines, this will cause a hang at boot time or
2609 whenever the CPU becomes idle. (On machines with more than one CPU,
2610 this option does nothing.)
2612 config APM_DISPLAY_BLANK
2613 bool "Enable console blanking using APM"
2615 Enable console blanking using the APM. Some laptops can use this to
2616 turn off the LCD backlight when the screen blanker of the Linux
2617 virtual console blanks the screen. Note that this is only used by
2618 the virtual console screen blanker, and won't turn off the backlight
2619 when using the X Window system. This also doesn't have anything to
2620 do with your VESA-compliant power-saving monitor. Further, this
2621 option doesn't work for all laptops -- it might not turn off your
2622 backlight at all, or it might print a lot of errors to the console,
2623 especially if you are using gpm.
2625 config APM_ALLOW_INTS
2626 bool "Allow interrupts during APM BIOS calls"
2628 Normally we disable external interrupts while we are making calls to
2629 the APM BIOS as a measure to lessen the effects of a badly behaving
2630 BIOS implementation. The BIOS should reenable interrupts if it
2631 needs to. Unfortunately, some BIOSes do not -- especially those in
2632 many of the newer IBM Thinkpads. If you experience hangs when you
2633 suspend, try setting this to Y. Otherwise, say N.
2637 source "drivers/cpufreq/Kconfig"
2639 source "drivers/cpuidle/Kconfig"
2641 source "drivers/idle/Kconfig"
2646 menu "Bus options (PCI etc.)"
2649 prompt "PCI access mode"
2650 depends on X86_32 && PCI
2653 On PCI systems, the BIOS can be used to detect the PCI devices and
2654 determine their configuration. However, some old PCI motherboards
2655 have BIOS bugs and may crash if this is done. Also, some embedded
2656 PCI-based systems don't have any BIOS at all. Linux can also try to
2657 detect the PCI hardware directly without using the BIOS.
2659 With this option, you can specify how Linux should detect the
2660 PCI devices. If you choose "BIOS", the BIOS will be used,
2661 if you choose "Direct", the BIOS won't be used, and if you
2662 choose "MMConfig", then PCI Express MMCONFIG will be used.
2663 If you choose "Any", the kernel will try MMCONFIG, then the
2664 direct access method and falls back to the BIOS if that doesn't
2665 work. If unsure, go with the default, which is "Any".
2670 config PCI_GOMMCONFIG
2687 depends on X86_32 && PCI && (PCI_GOBIOS || PCI_GOANY)
2689 # x86-64 doesn't support PCI BIOS access from long mode so always go direct.
2692 depends on PCI && (X86_64 || (PCI_GODIRECT || PCI_GOANY || PCI_GOOLPC || PCI_GOMMCONFIG))
2695 bool "Support mmconfig PCI config space access" if X86_64
2697 depends on PCI && (ACPI || SFI || JAILHOUSE_GUEST)
2698 depends on X86_64 || (PCI_GOANY || PCI_GOMMCONFIG)
2702 depends on PCI && OLPC && (PCI_GOOLPC || PCI_GOANY)
2706 depends on PCI && XEN
2709 config MMCONF_FAM10H
2711 depends on X86_64 && PCI_MMCONFIG && ACPI
2713 config PCI_CNB20LE_QUIRK
2714 bool "Read CNB20LE Host Bridge Windows" if EXPERT
2717 Read the PCI windows out of the CNB20LE host bridge. This allows
2718 PCI hotplug to work on systems with the CNB20LE chipset which do
2721 There's no public spec for this chipset, and this functionality
2722 is known to be incomplete.
2724 You should say N unless you know you need this.
2727 bool "ISA bus support on modern systems" if EXPERT
2729 Expose ISA bus device drivers and options available for selection and
2730 configuration. Enable this option if your target machine has an ISA
2731 bus. ISA is an older system, displaced by PCI and newer bus
2732 architectures -- if your target machine is modern, it probably does
2733 not have an ISA bus.
2737 # x86_64 have no ISA slots, but can have ISA-style DMA.
2739 bool "ISA-style DMA support" if (X86_64 && EXPERT)
2742 Enables ISA-style DMA support for devices requiring such controllers.
2750 Find out whether you have ISA slots on your motherboard. ISA is the
2751 name of a bus system, i.e. the way the CPU talks to the other stuff
2752 inside your box. Other bus systems are PCI, EISA, MicroChannel
2753 (MCA) or VESA. ISA is an older system, now being displaced by PCI;
2754 newer boards don't support it. If you have ISA, say Y, otherwise N.
2757 tristate "NatSemi SCx200 support"
2759 This provides basic support for National Semiconductor's
2760 (now AMD's) Geode processors. The driver probes for the
2761 PCI-IDs of several on-chip devices, so its a good dependency
2762 for other scx200_* drivers.
2764 If compiled as a module, the driver is named scx200.
2766 config SCx200HR_TIMER
2767 tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
2771 This driver provides a clocksource built upon the on-chip
2772 27MHz high-resolution timer. Its also a workaround for
2773 NSC Geode SC-1100's buggy TSC, which loses time when the
2774 processor goes idle (as is done by the scheduler). The
2775 other workaround is idle=poll boot option.
2778 bool "One Laptop Per Child support"
2786 Add support for detecting the unique features of the OLPC
2790 bool "OLPC XO-1 Power Management"
2791 depends on OLPC && MFD_CS5535=y && PM_SLEEP
2793 Add support for poweroff and suspend of the OLPC XO-1 laptop.
2796 bool "OLPC XO-1 Real Time Clock"
2797 depends on OLPC_XO1_PM && RTC_DRV_CMOS
2799 Add support for the XO-1 real time clock, which can be used as a
2800 programmable wakeup source.
2803 bool "OLPC XO-1 SCI extras"
2804 depends on OLPC && OLPC_XO1_PM && GPIO_CS5535=y
2808 Add support for SCI-based features of the OLPC XO-1 laptop:
2809 - EC-driven system wakeups
2813 - AC adapter status updates
2814 - Battery status updates
2816 config OLPC_XO15_SCI
2817 bool "OLPC XO-1.5 SCI extras"
2818 depends on OLPC && ACPI
2821 Add support for SCI-based features of the OLPC XO-1.5 laptop:
2822 - EC-driven system wakeups
2823 - AC adapter status updates
2824 - Battery status updates
2827 bool "PCEngines ALIX System Support (LED setup)"
2830 This option enables system support for the PCEngines ALIX.
2831 At present this just sets up LEDs for GPIO control on
2832 ALIX2/3/6 boards. However, other system specific setup should
2835 Note: You must still enable the drivers for GPIO and LED support
2836 (GPIO_CS5535 & LEDS_GPIO) to actually use the LEDs
2838 Note: You have to set alix.force=1 for boards with Award BIOS.
2841 bool "Soekris Engineering net5501 System Support (LEDS, GPIO, etc)"
2844 This option enables system support for the Soekris Engineering net5501.
2847 bool "Traverse Technologies GEOS System Support (LEDS, GPIO, etc)"
2851 This option enables system support for the Traverse Technologies GEOS.
2854 bool "Technologic Systems TS-5500 platform support"
2856 select CHECK_SIGNATURE
2860 This option enables system support for the Technologic Systems TS-5500.
2866 depends on CPU_SUP_AMD && PCI
2869 bool "Mark VGA/VBE/EFI FB as generic system framebuffer"
2871 Firmwares often provide initial graphics framebuffers so the BIOS,
2872 bootloader or kernel can show basic video-output during boot for
2873 user-guidance and debugging. Historically, x86 used the VESA BIOS
2874 Extensions and EFI-framebuffers for this, which are mostly limited
2876 This option, if enabled, marks VGA/VBE/EFI framebuffers as generic
2877 framebuffers so the new generic system-framebuffer drivers can be
2878 used on x86. If the framebuffer is not compatible with the generic
2879 modes, it is advertised as fallback platform framebuffer so legacy
2880 drivers like efifb, vesafb and uvesafb can pick it up.
2881 If this option is not selected, all system framebuffers are always
2882 marked as fallback platform framebuffers as usual.
2884 Note: Legacy fbdev drivers, including vesafb, efifb, uvesafb, will
2885 not be able to pick up generic system framebuffers if this option
2886 is selected. You are highly encouraged to enable simplefb as
2887 replacement if you select this option. simplefb can correctly deal
2888 with generic system framebuffers. But you should still keep vesafb
2889 and others enabled as fallback if a system framebuffer is
2890 incompatible with simplefb.
2897 menu "Binary Emulations"
2899 config IA32_EMULATION
2900 bool "IA32 Emulation"
2902 select ARCH_WANT_OLD_COMPAT_IPC
2904 select COMPAT_BINFMT_ELF
2905 select COMPAT_OLD_SIGACTION
2907 Include code to run legacy 32-bit programs under a
2908 64-bit kernel. You should likely turn this on, unless you're
2909 100% sure that you don't have any 32-bit programs left.
2912 tristate "IA32 a.out support"
2913 depends on IA32_EMULATION
2916 Support old a.out binaries in the 32bit emulation.
2919 bool "x32 ABI for 64-bit mode"
2922 Include code to run binaries for the x32 native 32-bit ABI
2923 for 64-bit processors. An x32 process gets access to the
2924 full 64-bit register file and wide data path while leaving
2925 pointers at 32 bits for smaller memory footprint.
2927 You will need a recent binutils (2.22 or later) with
2928 elf32_x86_64 support enabled to compile a kernel with this
2933 depends on IA32_EMULATION || X86_32
2935 select OLD_SIGSUSPEND3
2939 depends on IA32_EMULATION || X86_X32
2942 config COMPAT_FOR_U64_ALIGNMENT
2945 config SYSVIPC_COMPAT
2953 config HAVE_ATOMIC_IOMAP
2957 config X86_DEV_DMA_OPS
2960 source "drivers/firmware/Kconfig"
2962 source "arch/x86/kvm/Kconfig"