1# SPDX-License-Identifier: GPL-2.0-only 2config ARM64 3 def_bool y 4 select ACPI_CCA_REQUIRED if ACPI 5 select ACPI_GENERIC_GSI if ACPI 6 select ACPI_GTDT if ACPI 7 select ACPI_IORT if ACPI 8 select ACPI_REDUCED_HARDWARE_ONLY if ACPI 9 select ACPI_MCFG if (ACPI && PCI) 10 select ACPI_SPCR_TABLE if ACPI 11 select ACPI_PPTT if ACPI 12 select ARCH_CLOCKSOURCE_DATA 13 select ARCH_HAS_DEBUG_VIRTUAL 14 select ARCH_HAS_DEVMEM_IS_ALLOWED 15 select ARCH_HAS_DMA_COHERENT_TO_PFN 16 select ARCH_HAS_DMA_PREP_COHERENT 17 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI 18 select ARCH_HAS_FAST_MULTIPLIER 19 select ARCH_HAS_FORTIFY_SOURCE 20 select ARCH_HAS_GCOV_PROFILE_ALL 21 select ARCH_HAS_GIGANTIC_PAGE 22 select ARCH_HAS_KCOV 23 select ARCH_HAS_KEEPINITRD 24 select ARCH_HAS_MEMBARRIER_SYNC_CORE 25 select ARCH_HAS_PTE_DEVMAP 26 select ARCH_HAS_PTE_SPECIAL 27 select ARCH_HAS_SETUP_DMA_OPS 28 select ARCH_HAS_SET_DIRECT_MAP 29 select ARCH_HAS_SET_MEMORY 30 select ARCH_HAS_STRICT_KERNEL_RWX 31 select ARCH_HAS_STRICT_MODULE_RWX 32 select ARCH_HAS_SYNC_DMA_FOR_DEVICE 33 select ARCH_HAS_SYNC_DMA_FOR_CPU 34 select ARCH_HAS_SYSCALL_WRAPPER 35 select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT 36 select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST 37 select ARCH_HAVE_NMI_SAFE_CMPXCHG 38 select ARCH_INLINE_READ_LOCK if !PREEMPT 39 select ARCH_INLINE_READ_LOCK_BH if !PREEMPT 40 select ARCH_INLINE_READ_LOCK_IRQ if !PREEMPT 41 select ARCH_INLINE_READ_LOCK_IRQSAVE if !PREEMPT 42 select ARCH_INLINE_READ_UNLOCK if !PREEMPT 43 select ARCH_INLINE_READ_UNLOCK_BH if !PREEMPT 44 select ARCH_INLINE_READ_UNLOCK_IRQ if !PREEMPT 45 select ARCH_INLINE_READ_UNLOCK_IRQRESTORE if !PREEMPT 46 select ARCH_INLINE_WRITE_LOCK if !PREEMPT 47 select ARCH_INLINE_WRITE_LOCK_BH if !PREEMPT 48 select ARCH_INLINE_WRITE_LOCK_IRQ if !PREEMPT 49 select ARCH_INLINE_WRITE_LOCK_IRQSAVE if !PREEMPT 50 select ARCH_INLINE_WRITE_UNLOCK if !PREEMPT 51 select ARCH_INLINE_WRITE_UNLOCK_BH if !PREEMPT 52 select ARCH_INLINE_WRITE_UNLOCK_IRQ if !PREEMPT 53 select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE if !PREEMPT 54 select ARCH_INLINE_SPIN_TRYLOCK if !PREEMPT 55 select ARCH_INLINE_SPIN_TRYLOCK_BH if !PREEMPT 56 select ARCH_INLINE_SPIN_LOCK if !PREEMPT 57 select ARCH_INLINE_SPIN_LOCK_BH if !PREEMPT 58 select ARCH_INLINE_SPIN_LOCK_IRQ if !PREEMPT 59 select ARCH_INLINE_SPIN_LOCK_IRQSAVE if !PREEMPT 60 select ARCH_INLINE_SPIN_UNLOCK if !PREEMPT 61 select ARCH_INLINE_SPIN_UNLOCK_BH if !PREEMPT 62 select ARCH_INLINE_SPIN_UNLOCK_IRQ if !PREEMPT 63 select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPT 64 select ARCH_KEEP_MEMBLOCK 65 select ARCH_USE_CMPXCHG_LOCKREF 66 select ARCH_USE_QUEUED_RWLOCKS 67 select ARCH_USE_QUEUED_SPINLOCKS 68 select ARCH_SUPPORTS_MEMORY_FAILURE 69 select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK 70 select ARCH_SUPPORTS_LTO_CLANG 71 select ARCH_SUPPORTS_THINLTO 72 select ARCH_SUPPORTS_ATOMIC_RMW 73 select ARCH_SUPPORTS_INT128 if GCC_VERSION >= 50000 || CC_IS_CLANG 74 select ARCH_SUPPORTS_NUMA_BALANCING 75 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION if COMPAT 76 select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT 77 select ARCH_WANT_FRAME_POINTERS 78 select ARCH_WANT_HUGE_PMD_SHARE if ARM64_4K_PAGES || (ARM64_16K_PAGES && !ARM64_VA_BITS_36) 79 select ARCH_HAS_UBSAN_SANITIZE_ALL 80 select ARM_AMBA 81 select ARM_ARCH_TIMER 82 select ARM_GIC 83 select AUDIT_ARCH_COMPAT_GENERIC 84 select ARM_GIC_V2M if PCI 85 select ARM_GIC_V3 86 select ARM_GIC_V3_ITS if PCI 87 select ARM_PSCI_FW 88 select BUILDTIME_EXTABLE_SORT 89 select CLONE_BACKWARDS 90 select COMMON_CLK 91 select CPU_PM if (SUSPEND || CPU_IDLE) 92 select CRC32 93 select DCACHE_WORD_ACCESS 94 select DMA_DIRECT_REMAP 95 select EDAC_SUPPORT 96 select FRAME_POINTER 97 select GENERIC_ALLOCATOR 98 select GENERIC_ARCH_TOPOLOGY 99 select GENERIC_CLOCKEVENTS 100 select GENERIC_CLOCKEVENTS_BROADCAST 101 select GENERIC_CPU_AUTOPROBE 102 select GENERIC_CPU_VULNERABILITIES 103 select GENERIC_EARLY_IOREMAP 104 select GENERIC_IDLE_POLL_SETUP 105 select GENERIC_IRQ_MULTI_HANDLER 106 select GENERIC_IRQ_PROBE 107 select GENERIC_IRQ_SHOW 108 select GENERIC_IRQ_SHOW_LEVEL 109 select GENERIC_PCI_IOMAP 110 select GENERIC_SCHED_CLOCK 111 select GENERIC_SMP_IDLE_THREAD 112 select GENERIC_STRNCPY_FROM_USER 113 select GENERIC_STRNLEN_USER 114 select GENERIC_TIME_VSYSCALL 115 select GENERIC_GETTIMEOFDAY 116 select HANDLE_DOMAIN_IRQ 117 select HARDIRQS_SW_RESEND 118 select HAVE_PCI 119 select HAVE_ACPI_APEI if (ACPI && EFI) 120 select HAVE_ALIGNED_STRUCT_PAGE if SLUB 121 select HAVE_ARCH_AUDITSYSCALL 122 select HAVE_ARCH_BITREVERSE 123 select HAVE_ARCH_HUGE_VMAP 124 select HAVE_ARCH_JUMP_LABEL 125 select HAVE_ARCH_JUMP_LABEL_RELATIVE 126 select HAVE_ARCH_KASAN if !(ARM64_16K_PAGES && ARM64_VA_BITS_48) 127 select HAVE_ARCH_KASAN_SW_TAGS if HAVE_ARCH_KASAN 128 select HAVE_ARCH_KGDB 129 select HAVE_ARCH_MMAP_RND_BITS 130 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT 131 select HAVE_ARCH_PREL32_RELOCATIONS if !LTO_CLANG 132 select HAVE_ARCH_SECCOMP_FILTER 133 select HAVE_ARCH_STACKLEAK 134 select HAVE_ARCH_THREAD_STRUCT_WHITELIST 135 select HAVE_ARCH_TRACEHOOK 136 select HAVE_ARCH_TRANSPARENT_HUGEPAGE 137 select HAVE_ARCH_VMAP_STACK 138 select HAVE_ARM_SMCCC 139 select HAVE_ASM_MODVERSIONS 140 select HAVE_EBPF_JIT 141 select HAVE_C_RECORDMCOUNT 142 select HAVE_CMPXCHG_DOUBLE 143 select HAVE_CMPXCHG_LOCAL 144 select HAVE_CONTEXT_TRACKING 145 select HAVE_COPY_THREAD_TLS 146 select HAVE_DEBUG_BUGVERBOSE 147 select HAVE_DEBUG_KMEMLEAK 148 select HAVE_DMA_CONTIGUOUS 149 select HAVE_DYNAMIC_FTRACE 150 select HAVE_EFFICIENT_UNALIGNED_ACCESS 151 select HAVE_FAST_GUP 152 select HAVE_FTRACE_MCOUNT_RECORD 153 select HAVE_FUNCTION_TRACER 154 select HAVE_FUNCTION_ERROR_INJECTION 155 select HAVE_FUNCTION_GRAPH_TRACER if !SHADOW_CALL_STACK 156 select HAVE_GCC_PLUGINS 157 select HAVE_HW_BREAKPOINT if PERF_EVENTS 158 select HAVE_IRQ_TIME_ACCOUNTING 159 select HAVE_MEMBLOCK_NODE_MAP if NUMA 160 select HAVE_NMI 161 select HAVE_PATA_PLATFORM 162 select HAVE_PERF_EVENTS 163 select HAVE_PERF_REGS 164 select HAVE_PERF_USER_STACK_DUMP 165 select HAVE_REGS_AND_STACK_ACCESS_API 166 select HAVE_FUNCTION_ARG_ACCESS_API 167 select HAVE_RCU_TABLE_FREE 168 select HAVE_RSEQ 169 select HAVE_STACKPROTECTOR 170 select HAVE_SYSCALL_TRACEPOINTS 171 select HAVE_KPROBES 172 select HAVE_KRETPROBES 173 select HAVE_GENERIC_VDSO 174 select IOMMU_DMA if IOMMU_SUPPORT 175 select IRQ_DOMAIN 176 select IRQ_FORCED_THREADING 177 select MODULES_USE_ELF_RELA 178 select NEED_DMA_MAP_STATE 179 select NEED_SG_DMA_LENGTH 180 select OF 181 select OF_EARLY_FLATTREE 182 select PCI_DOMAINS_GENERIC if PCI 183 select PCI_ECAM if (ACPI && PCI) 184 select PCI_SYSCALL if PCI 185 select POWER_RESET 186 select POWER_SUPPLY 187 select REFCOUNT_FULL 188 select SPARSE_IRQ 189 select SWIOTLB 190 select SYSCTL_EXCEPTION_TRACE 191 select THREAD_INFO_IN_TASK 192 help 193 ARM 64-bit (AArch64) Linux support. 194 195config 64BIT 196 def_bool y 197 198config MMU 199 def_bool y 200 201config ARM64_PAGE_SHIFT 202 int 203 default 16 if ARM64_64K_PAGES 204 default 14 if ARM64_16K_PAGES 205 default 12 206 207config ARM64_CONT_SHIFT 208 int 209 default 5 if ARM64_64K_PAGES 210 default 7 if ARM64_16K_PAGES 211 default 4 212 213config ARCH_MMAP_RND_BITS_MIN 214 default 14 if ARM64_64K_PAGES 215 default 16 if ARM64_16K_PAGES 216 default 18 217 218# max bits determined by the following formula: 219# VA_BITS - PAGE_SHIFT - 3 220config ARCH_MMAP_RND_BITS_MAX 221 default 19 if ARM64_VA_BITS=36 222 default 24 if ARM64_VA_BITS=39 223 default 27 if ARM64_VA_BITS=42 224 default 30 if ARM64_VA_BITS=47 225 default 29 if ARM64_VA_BITS=48 && ARM64_64K_PAGES 226 default 31 if ARM64_VA_BITS=48 && ARM64_16K_PAGES 227 default 33 if ARM64_VA_BITS=48 228 default 14 if ARM64_64K_PAGES 229 default 16 if ARM64_16K_PAGES 230 default 18 231 232config ARCH_MMAP_RND_COMPAT_BITS_MIN 233 default 7 if ARM64_64K_PAGES 234 default 9 if ARM64_16K_PAGES 235 default 11 236 237config ARCH_MMAP_RND_COMPAT_BITS_MAX 238 default 16 239 240config NO_IOPORT_MAP 241 def_bool y if !PCI 242 243config STACKTRACE_SUPPORT 244 def_bool y 245 246config ILLEGAL_POINTER_VALUE 247 hex 248 default 0xdead000000000000 249 250config LOCKDEP_SUPPORT 251 def_bool y 252 253config TRACE_IRQFLAGS_SUPPORT 254 def_bool y 255 256config GENERIC_BUG 257 def_bool y 258 depends on BUG 259 260config GENERIC_BUG_RELATIVE_POINTERS 261 def_bool y 262 depends on GENERIC_BUG 263 264config GENERIC_HWEIGHT 265 def_bool y 266 267config GENERIC_CSUM 268 def_bool y 269 270config GENERIC_CALIBRATE_DELAY 271 def_bool y 272 273config ZONE_DMA32 274 bool "Support DMA32 zone" if EXPERT 275 default y 276 277config ARCH_ENABLE_MEMORY_HOTPLUG 278 def_bool y 279 280config SMP 281 def_bool y 282 283config KERNEL_MODE_NEON 284 def_bool y 285 286config FIX_EARLYCON_MEM 287 def_bool y 288 289config PGTABLE_LEVELS 290 int 291 default 2 if ARM64_16K_PAGES && ARM64_VA_BITS_36 292 default 2 if ARM64_64K_PAGES && ARM64_VA_BITS_42 293 default 3 if ARM64_64K_PAGES && (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) 294 default 3 if ARM64_4K_PAGES && ARM64_VA_BITS_39 295 default 3 if ARM64_16K_PAGES && ARM64_VA_BITS_47 296 default 4 if !ARM64_64K_PAGES && ARM64_VA_BITS_48 297 298config ARCH_SUPPORTS_UPROBES 299 def_bool y 300 301config ARCH_PROC_KCORE_TEXT 302 def_bool y 303 304config KASAN_SHADOW_OFFSET 305 hex 306 depends on KASAN 307 default 0xdfffa00000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && !KASAN_SW_TAGS 308 default 0xdfffd00000000000 if ARM64_VA_BITS_47 && !KASAN_SW_TAGS 309 default 0xdffffe8000000000 if ARM64_VA_BITS_42 && !KASAN_SW_TAGS 310 default 0xdfffffd000000000 if ARM64_VA_BITS_39 && !KASAN_SW_TAGS 311 default 0xdffffffa00000000 if ARM64_VA_BITS_36 && !KASAN_SW_TAGS 312 default 0xefff900000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && KASAN_SW_TAGS 313 default 0xefffc80000000000 if ARM64_VA_BITS_47 && KASAN_SW_TAGS 314 default 0xeffffe4000000000 if ARM64_VA_BITS_42 && KASAN_SW_TAGS 315 default 0xefffffc800000000 if ARM64_VA_BITS_39 && KASAN_SW_TAGS 316 default 0xeffffff900000000 if ARM64_VA_BITS_36 && KASAN_SW_TAGS 317 default 0xffffffffffffffff 318 319source "arch/arm64/Kconfig.platforms" 320 321menu "Kernel Features" 322 323menu "ARM errata workarounds via the alternatives framework" 324 325config ARM64_WORKAROUND_CLEAN_CACHE 326 bool 327 328config ARM64_ERRATUM_826319 329 bool "Cortex-A53: 826319: System might deadlock if a write cannot complete until read data is accepted" 330 default y 331 select ARM64_WORKAROUND_CLEAN_CACHE 332 help 333 This option adds an alternative code sequence to work around ARM 334 erratum 826319 on Cortex-A53 parts up to r0p2 with an AMBA 4 ACE or 335 AXI master interface and an L2 cache. 336 337 If a Cortex-A53 uses an AMBA AXI4 ACE interface to other processors 338 and is unable to accept a certain write via this interface, it will 339 not progress on read data presented on the read data channel and the 340 system can deadlock. 341 342 The workaround promotes data cache clean instructions to 343 data cache clean-and-invalidate. 344 Please note that this does not necessarily enable the workaround, 345 as it depends on the alternative framework, which will only patch 346 the kernel if an affected CPU is detected. 347 348 If unsure, say Y. 349 350config ARM64_ERRATUM_827319 351 bool "Cortex-A53: 827319: Data cache clean instructions might cause overlapping transactions to the interconnect" 352 default y 353 select ARM64_WORKAROUND_CLEAN_CACHE 354 help 355 This option adds an alternative code sequence to work around ARM 356 erratum 827319 on Cortex-A53 parts up to r0p2 with an AMBA 5 CHI 357 master interface and an L2 cache. 358 359 Under certain conditions this erratum can cause a clean line eviction 360 to occur at the same time as another transaction to the same address 361 on the AMBA 5 CHI interface, which can cause data corruption if the 362 interconnect reorders the two transactions. 363 364 The workaround promotes data cache clean instructions to 365 data cache clean-and-invalidate. 366 Please note that this does not necessarily enable the workaround, 367 as it depends on the alternative framework, which will only patch 368 the kernel if an affected CPU is detected. 369 370 If unsure, say Y. 371 372config ARM64_ERRATUM_824069 373 bool "Cortex-A53: 824069: Cache line might not be marked as clean after a CleanShared snoop" 374 default y 375 select ARM64_WORKAROUND_CLEAN_CACHE 376 help 377 This option adds an alternative code sequence to work around ARM 378 erratum 824069 on Cortex-A53 parts up to r0p2 when it is connected 379 to a coherent interconnect. 380 381 If a Cortex-A53 processor is executing a store or prefetch for 382 write instruction at the same time as a processor in another 383 cluster is executing a cache maintenance operation to the same 384 address, then this erratum might cause a clean cache line to be 385 incorrectly marked as dirty. 386 387 The workaround promotes data cache clean instructions to 388 data cache clean-and-invalidate. 389 Please note that this option does not necessarily enable the 390 workaround, as it depends on the alternative framework, which will 391 only patch the kernel if an affected CPU is detected. 392 393 If unsure, say Y. 394 395config ARM64_ERRATUM_819472 396 bool "Cortex-A53: 819472: Store exclusive instructions might cause data corruption" 397 default y 398 select ARM64_WORKAROUND_CLEAN_CACHE 399 help 400 This option adds an alternative code sequence to work around ARM 401 erratum 819472 on Cortex-A53 parts up to r0p1 with an L2 cache 402 present when it is connected to a coherent interconnect. 403 404 If the processor is executing a load and store exclusive sequence at 405 the same time as a processor in another cluster is executing a cache 406 maintenance operation to the same address, then this erratum might 407 cause data corruption. 408 409 The workaround promotes data cache clean instructions to 410 data cache clean-and-invalidate. 411 Please note that this does not necessarily enable the workaround, 412 as it depends on the alternative framework, which will only patch 413 the kernel if an affected CPU is detected. 414 415 If unsure, say Y. 416 417config ARM64_ERRATUM_832075 418 bool "Cortex-A57: 832075: possible deadlock on mixing exclusive memory accesses with device loads" 419 default y 420 help 421 This option adds an alternative code sequence to work around ARM 422 erratum 832075 on Cortex-A57 parts up to r1p2. 423 424 Affected Cortex-A57 parts might deadlock when exclusive load/store 425 instructions to Write-Back memory are mixed with Device loads. 426 427 The workaround is to promote device loads to use Load-Acquire 428 semantics. 429 Please note that this does not necessarily enable the workaround, 430 as it depends on the alternative framework, which will only patch 431 the kernel if an affected CPU is detected. 432 433 If unsure, say Y. 434 435config ARM64_ERRATUM_834220 436 bool "Cortex-A57: 834220: Stage 2 translation fault might be incorrectly reported in presence of a Stage 1 fault" 437 depends on KVM 438 default y 439 help 440 This option adds an alternative code sequence to work around ARM 441 erratum 834220 on Cortex-A57 parts up to r1p2. 442 443 Affected Cortex-A57 parts might report a Stage 2 translation 444 fault as the result of a Stage 1 fault for load crossing a 445 page boundary when there is a permission or device memory 446 alignment fault at Stage 1 and a translation fault at Stage 2. 447 448 The workaround is to verify that the Stage 1 translation 449 doesn't generate a fault before handling the Stage 2 fault. 450 Please note that this does not necessarily enable the workaround, 451 as it depends on the alternative framework, which will only patch 452 the kernel if an affected CPU is detected. 453 454 If unsure, say Y. 455 456config ARM64_ERRATUM_845719 457 bool "Cortex-A53: 845719: a load might read incorrect data" 458 depends on COMPAT 459 default y 460 help 461 This option adds an alternative code sequence to work around ARM 462 erratum 845719 on Cortex-A53 parts up to r0p4. 463 464 When running a compat (AArch32) userspace on an affected Cortex-A53 465 part, a load at EL0 from a virtual address that matches the bottom 32 466 bits of the virtual address used by a recent load at (AArch64) EL1 467 might return incorrect data. 468 469 The workaround is to write the contextidr_el1 register on exception 470 return to a 32-bit task. 471 Please note that this does not necessarily enable the workaround, 472 as it depends on the alternative framework, which will only patch 473 the kernel if an affected CPU is detected. 474 475 If unsure, say Y. 476 477config ARM64_ERRATUM_843419 478 bool "Cortex-A53: 843419: A load or store might access an incorrect address" 479 default y 480 select ARM64_MODULE_PLTS if MODULES 481 help 482 This option links the kernel with '--fix-cortex-a53-843419' and 483 enables PLT support to replace certain ADRP instructions, which can 484 cause subsequent memory accesses to use an incorrect address on 485 Cortex-A53 parts up to r0p4. 486 487 If unsure, say Y. 488 489config ARM64_ERRATUM_1024718 490 bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" 491 default y 492 help 493 This option adds a workaround for ARM Cortex-A55 Erratum 1024718. 494 495 Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect 496 update of the hardware dirty bit when the DBM/AP bits are updated 497 without a break-before-make. The workaround is to disable the usage 498 of hardware DBM locally on the affected cores. CPUs not affected by 499 this erratum will continue to use the feature. 500 501 If unsure, say Y. 502 503config ARM64_ERRATUM_1418040 504 bool "Cortex-A76/Neoverse-N1: MRC read following MRRC read of specific Generic Timer in AArch32 might give incorrect result" 505 default y 506 depends on COMPAT 507 help 508 This option adds a workaround for ARM Cortex-A76/Neoverse-N1 509 errata 1188873 and 1418040. 510 511 Affected Cortex-A76/Neoverse-N1 cores (r0p0 to r3p1) could 512 cause register corruption when accessing the timer registers 513 from AArch32 userspace. 514 515 If unsure, say Y. 516 517config ARM64_ERRATUM_1165522 518 bool "Cortex-A76: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 519 default y 520 help 521 This option adds a workaround for ARM Cortex-A76 erratum 1165522. 522 523 Affected Cortex-A76 cores (r0p0, r1p0, r2p0) could end-up with 524 corrupted TLBs by speculating an AT instruction during a guest 525 context switch. 526 527 If unsure, say Y. 528 529config ARM64_ERRATUM_1286807 530 bool "Cortex-A76: Modification of the translation table for a virtual address might lead to read-after-read ordering violation" 531 default y 532 select ARM64_WORKAROUND_REPEAT_TLBI 533 help 534 This option adds a workaround for ARM Cortex-A76 erratum 1286807. 535 536 On the affected Cortex-A76 cores (r0p0 to r3p0), if a virtual 537 address for a cacheable mapping of a location is being 538 accessed by a core while another core is remapping the virtual 539 address to a new physical page using the recommended 540 break-before-make sequence, then under very rare circumstances 541 TLBI+DSB completes before a read using the translation being 542 invalidated has been observed by other observers. The 543 workaround repeats the TLBI+DSB operation. 544 545 If unsure, say Y. 546 547config ARM64_ERRATUM_1463225 548 bool "Cortex-A76: Software Step might prevent interrupt recognition" 549 default y 550 help 551 This option adds a workaround for Arm Cortex-A76 erratum 1463225. 552 553 On the affected Cortex-A76 cores (r0p0 to r3p1), software stepping 554 of a system call instruction (SVC) can prevent recognition of 555 subsequent interrupts when software stepping is disabled in the 556 exception handler of the system call and either kernel debugging 557 is enabled or VHE is in use. 558 559 Work around the erratum by triggering a dummy step exception 560 when handling a system call from a task that is being stepped 561 in a VHE configuration of the kernel. 562 563 If unsure, say Y. 564 565config CAVIUM_ERRATUM_22375 566 bool "Cavium erratum 22375, 24313" 567 default y 568 help 569 Enable workaround for errata 22375 and 24313. 570 571 This implements two gicv3-its errata workarounds for ThunderX. Both 572 with a small impact affecting only ITS table allocation. 573 574 erratum 22375: only alloc 8MB table size 575 erratum 24313: ignore memory access type 576 577 The fixes are in ITS initialization and basically ignore memory access 578 type and table size provided by the TYPER and BASER registers. 579 580 If unsure, say Y. 581 582config CAVIUM_ERRATUM_23144 583 bool "Cavium erratum 23144: ITS SYNC hang on dual socket system" 584 depends on NUMA 585 default y 586 help 587 ITS SYNC command hang for cross node io and collections/cpu mapping. 588 589 If unsure, say Y. 590 591config CAVIUM_ERRATUM_23154 592 bool "Cavium erratum 23154: Access to ICC_IAR1_EL1 is not sync'ed" 593 default y 594 help 595 The gicv3 of ThunderX requires a modified version for 596 reading the IAR status to ensure data synchronization 597 (access to icc_iar1_el1 is not sync'ed before and after). 598 599 If unsure, say Y. 600 601config CAVIUM_ERRATUM_27456 602 bool "Cavium erratum 27456: Broadcast TLBI instructions may cause icache corruption" 603 default y 604 help 605 On ThunderX T88 pass 1.x through 2.1 parts, broadcast TLBI 606 instructions may cause the icache to become corrupted if it 607 contains data for a non-current ASID. The fix is to 608 invalidate the icache when changing the mm context. 609 610 If unsure, say Y. 611 612config CAVIUM_ERRATUM_30115 613 bool "Cavium erratum 30115: Guest may disable interrupts in host" 614 default y 615 help 616 On ThunderX T88 pass 1.x through 2.2, T81 pass 1.0 through 617 1.2, and T83 Pass 1.0, KVM guest execution may disable 618 interrupts in host. Trapping both GICv3 group-0 and group-1 619 accesses sidesteps the issue. 620 621 If unsure, say Y. 622 623config CAVIUM_TX2_ERRATUM_219 624 bool "Cavium ThunderX2 erratum 219: PRFM between TTBR change and ISB fails" 625 default y 626 help 627 On Cavium ThunderX2, a load, store or prefetch instruction between a 628 TTBR update and the corresponding context synchronizing operation can 629 cause a spurious Data Abort to be delivered to any hardware thread in 630 the CPU core. 631 632 Work around the issue by avoiding the problematic code sequence and 633 trapping KVM guest TTBRx_EL1 writes to EL2 when SMT is enabled. The 634 trap handler performs the corresponding register access, skips the 635 instruction and ensures context synchronization by virtue of the 636 exception return. 637 638 If unsure, say Y. 639 640config QCOM_FALKOR_ERRATUM_1003 641 bool "Falkor E1003: Incorrect translation due to ASID change" 642 default y 643 help 644 On Falkor v1, an incorrect ASID may be cached in the TLB when ASID 645 and BADDR are changed together in TTBRx_EL1. Since we keep the ASID 646 in TTBR1_EL1, this situation only occurs in the entry trampoline and 647 then only for entries in the walk cache, since the leaf translation 648 is unchanged. Work around the erratum by invalidating the walk cache 649 entries for the trampoline before entering the kernel proper. 650 651config ARM64_WORKAROUND_REPEAT_TLBI 652 bool 653 654config QCOM_FALKOR_ERRATUM_1009 655 bool "Falkor E1009: Prematurely complete a DSB after a TLBI" 656 default y 657 select ARM64_WORKAROUND_REPEAT_TLBI 658 help 659 On Falkor v1, the CPU may prematurely complete a DSB following a 660 TLBI xxIS invalidate maintenance operation. Repeat the TLBI operation 661 one more time to fix the issue. 662 663 If unsure, say Y. 664 665config QCOM_QDF2400_ERRATUM_0065 666 bool "QDF2400 E0065: Incorrect GITS_TYPER.ITT_Entry_size" 667 default y 668 help 669 On Qualcomm Datacenter Technologies QDF2400 SoC, ITS hardware reports 670 ITE size incorrectly. The GITS_TYPER.ITT_Entry_size field should have 671 been indicated as 16Bytes (0xf), not 8Bytes (0x7). 672 673 If unsure, say Y. 674 675config SOCIONEXT_SYNQUACER_PREITS 676 bool "Socionext Synquacer: Workaround for GICv3 pre-ITS" 677 default y 678 help 679 Socionext Synquacer SoCs implement a separate h/w block to generate 680 MSI doorbell writes with non-zero values for the device ID. 681 682 If unsure, say Y. 683 684config HISILICON_ERRATUM_161600802 685 bool "Hip07 161600802: Erroneous redistributor VLPI base" 686 default y 687 help 688 The HiSilicon Hip07 SoC uses the wrong redistributor base 689 when issued ITS commands such as VMOVP and VMAPP, and requires 690 a 128kB offset to be applied to the target address in this commands. 691 692 If unsure, say Y. 693 694config QCOM_FALKOR_ERRATUM_E1041 695 bool "Falkor E1041: Speculative instruction fetches might cause errant memory access" 696 default y 697 help 698 Falkor CPU may speculatively fetch instructions from an improper 699 memory location when MMU translation is changed from SCTLR_ELn[M]=1 700 to SCTLR_ELn[M]=0. Prefix an ISB instruction to fix the problem. 701 702 If unsure, say Y. 703 704config FUJITSU_ERRATUM_010001 705 bool "Fujitsu-A64FX erratum E#010001: Undefined fault may occur wrongly" 706 default y 707 help 708 This option adds a workaround for Fujitsu-A64FX erratum E#010001. 709 On some variants of the Fujitsu-A64FX cores ver(1.0, 1.1), memory 710 accesses may cause undefined fault (Data abort, DFSC=0b111111). 711 This fault occurs under a specific hardware condition when a 712 load/store instruction performs an address translation using: 713 case-1 TTBR0_EL1 with TCR_EL1.NFD0 == 1. 714 case-2 TTBR0_EL2 with TCR_EL2.NFD0 == 1. 715 case-3 TTBR1_EL1 with TCR_EL1.NFD1 == 1. 716 case-4 TTBR1_EL2 with TCR_EL2.NFD1 == 1. 717 718 The workaround is to ensure these bits are clear in TCR_ELx. 719 The workaround only affects the Fujitsu-A64FX. 720 721 If unsure, say Y. 722 723endmenu 724 725 726choice 727 prompt "Page size" 728 default ARM64_4K_PAGES 729 help 730 Page size (translation granule) configuration. 731 732config ARM64_4K_PAGES 733 bool "4KB" 734 help 735 This feature enables 4KB pages support. 736 737config ARM64_16K_PAGES 738 bool "16KB" 739 help 740 The system will use 16KB pages support. AArch32 emulation 741 requires applications compiled with 16K (or a multiple of 16K) 742 aligned segments. 743 744config ARM64_64K_PAGES 745 bool "64KB" 746 help 747 This feature enables 64KB pages support (4KB by default) 748 allowing only two levels of page tables and faster TLB 749 look-up. AArch32 emulation requires applications compiled 750 with 64K aligned segments. 751 752endchoice 753 754choice 755 prompt "Virtual address space size" 756 default ARM64_VA_BITS_39 if ARM64_4K_PAGES 757 default ARM64_VA_BITS_47 if ARM64_16K_PAGES 758 default ARM64_VA_BITS_42 if ARM64_64K_PAGES 759 help 760 Allows choosing one of multiple possible virtual address 761 space sizes. The level of translation table is determined by 762 a combination of page size and virtual address space size. 763 764config ARM64_VA_BITS_36 765 bool "36-bit" if EXPERT 766 depends on ARM64_16K_PAGES 767 768config ARM64_VA_BITS_39 769 bool "39-bit" 770 depends on ARM64_4K_PAGES 771 772config ARM64_VA_BITS_42 773 bool "42-bit" 774 depends on ARM64_64K_PAGES 775 776config ARM64_VA_BITS_47 777 bool "47-bit" 778 depends on ARM64_16K_PAGES 779 780config ARM64_VA_BITS_48 781 bool "48-bit" 782 783config ARM64_VA_BITS_52 784 bool "52-bit" 785 depends on ARM64_64K_PAGES && (ARM64_PAN || !ARM64_SW_TTBR0_PAN) 786 help 787 Enable 52-bit virtual addressing for userspace when explicitly 788 requested via a hint to mmap(). The kernel will also use 52-bit 789 virtual addresses for its own mappings (provided HW support for 790 this feature is available, otherwise it reverts to 48-bit). 791 792 NOTE: Enabling 52-bit virtual addressing in conjunction with 793 ARMv8.3 Pointer Authentication will result in the PAC being 794 reduced from 7 bits to 3 bits, which may have a significant 795 impact on its susceptibility to brute-force attacks. 796 797 If unsure, select 48-bit virtual addressing instead. 798 799endchoice 800 801config ARM64_FORCE_52BIT 802 bool "Force 52-bit virtual addresses for userspace" 803 depends on ARM64_VA_BITS_52 && EXPERT 804 help 805 For systems with 52-bit userspace VAs enabled, the kernel will attempt 806 to maintain compatibility with older software by providing 48-bit VAs 807 unless a hint is supplied to mmap. 808 809 This configuration option disables the 48-bit compatibility logic, and 810 forces all userspace addresses to be 52-bit on HW that supports it. One 811 should only enable this configuration option for stress testing userspace 812 memory management code. If unsure say N here. 813 814config ARM64_VA_BITS 815 int 816 default 36 if ARM64_VA_BITS_36 817 default 39 if ARM64_VA_BITS_39 818 default 42 if ARM64_VA_BITS_42 819 default 47 if ARM64_VA_BITS_47 820 default 48 if ARM64_VA_BITS_48 821 default 52 if ARM64_VA_BITS_52 822 823choice 824 prompt "Physical address space size" 825 default ARM64_PA_BITS_48 826 help 827 Choose the maximum physical address range that the kernel will 828 support. 829 830config ARM64_PA_BITS_48 831 bool "48-bit" 832 833config ARM64_PA_BITS_52 834 bool "52-bit (ARMv8.2)" 835 depends on ARM64_64K_PAGES 836 depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN 837 help 838 Enable support for a 52-bit physical address space, introduced as 839 part of the ARMv8.2-LPA extension. 840 841 With this enabled, the kernel will also continue to work on CPUs that 842 do not support ARMv8.2-LPA, but with some added memory overhead (and 843 minor performance overhead). 844 845endchoice 846 847config ARM64_PA_BITS 848 int 849 default 48 if ARM64_PA_BITS_48 850 default 52 if ARM64_PA_BITS_52 851 852config CPU_BIG_ENDIAN 853 bool "Build big-endian kernel" 854 help 855 Say Y if you plan on running a kernel in big-endian mode. 856 857config SCHED_MC 858 bool "Multi-core scheduler support" 859 help 860 Multi-core scheduler support improves the CPU scheduler's decision 861 making when dealing with multi-core CPU chips at a cost of slightly 862 increased overhead in some places. If unsure say N here. 863 864config SCHED_SMT 865 bool "SMT scheduler support" 866 help 867 Improves the CPU scheduler's decision making when dealing with 868 MultiThreading at a cost of slightly increased overhead in some 869 places. If unsure say N here. 870 871config NR_CPUS 872 int "Maximum number of CPUs (2-4096)" 873 range 2 4096 874 default "256" 875 876config HOTPLUG_CPU 877 bool "Support for hot-pluggable CPUs" 878 select GENERIC_IRQ_MIGRATION 879 help 880 Say Y here to experiment with turning CPUs off and on. CPUs 881 can be controlled through /sys/devices/system/cpu. 882 883# Common NUMA Features 884config NUMA 885 bool "Numa Memory Allocation and Scheduler Support" 886 select ACPI_NUMA if ACPI 887 select OF_NUMA 888 help 889 Enable NUMA (Non Uniform Memory Access) support. 890 891 The kernel will try to allocate memory used by a CPU on the 892 local memory of the CPU and add some more 893 NUMA awareness to the kernel. 894 895config NODES_SHIFT 896 int "Maximum NUMA Nodes (as a power of 2)" 897 range 1 10 898 default "2" 899 depends on NEED_MULTIPLE_NODES 900 help 901 Specify the maximum number of NUMA Nodes available on the target 902 system. Increases memory reserved to accommodate various tables. 903 904config USE_PERCPU_NUMA_NODE_ID 905 def_bool y 906 depends on NUMA 907 908config HAVE_SETUP_PER_CPU_AREA 909 def_bool y 910 depends on NUMA 911 912config NEED_PER_CPU_EMBED_FIRST_CHUNK 913 def_bool y 914 depends on NUMA 915 916config HOLES_IN_ZONE 917 def_bool y 918 919source "kernel/Kconfig.hz" 920 921config ARCH_SUPPORTS_DEBUG_PAGEALLOC 922 def_bool y 923 924config ARCH_SPARSEMEM_ENABLE 925 def_bool y 926 select SPARSEMEM_VMEMMAP_ENABLE 927 928config ARCH_SPARSEMEM_DEFAULT 929 def_bool ARCH_SPARSEMEM_ENABLE 930 931config ARCH_SELECT_MEMORY_MODEL 932 def_bool ARCH_SPARSEMEM_ENABLE 933 934config ARCH_FLATMEM_ENABLE 935 def_bool !NUMA 936 937config HAVE_ARCH_PFN_VALID 938 def_bool y 939 940config HW_PERF_EVENTS 941 def_bool y 942 depends on ARM_PMU 943 944config SYS_SUPPORTS_HUGETLBFS 945 def_bool y 946 947config ARCH_WANT_HUGE_PMD_SHARE 948 949config ARCH_HAS_CACHE_LINE_SIZE 950 def_bool y 951 952config ARCH_ENABLE_SPLIT_PMD_PTLOCK 953 def_bool y if PGTABLE_LEVELS > 2 954 955# Supported by clang >= 7.0 956config CC_HAVE_SHADOW_CALL_STACK 957 def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18) 958 959config SECCOMP 960 bool "Enable seccomp to safely compute untrusted bytecode" 961 ---help--- 962 This kernel feature is useful for number crunching applications 963 that may need to compute untrusted bytecode during their 964 execution. By using pipes or other transports made available to 965 the process as file descriptors supporting the read/write 966 syscalls, it's possible to isolate those applications in 967 their own address space using seccomp. Once seccomp is 968 enabled via prctl(PR_SET_SECCOMP), it cannot be disabled 969 and the task is only allowed to execute a few safe syscalls 970 defined by each seccomp mode. 971 972config PARAVIRT 973 bool "Enable paravirtualization code" 974 help 975 This changes the kernel so it can modify itself when it is run 976 under a hypervisor, potentially improving performance significantly 977 over full virtualization. 978 979config PARAVIRT_TIME_ACCOUNTING 980 bool "Paravirtual steal time accounting" 981 select PARAVIRT 982 help 983 Select this option to enable fine granularity task steal time 984 accounting. Time spent executing other tasks in parallel with 985 the current vCPU is discounted from the vCPU power. To account for 986 that, there can be a small performance impact. 987 988 If in doubt, say N here. 989 990config KEXEC 991 depends on PM_SLEEP_SMP 992 select KEXEC_CORE 993 bool "kexec system call" 994 ---help--- 995 kexec is a system call that implements the ability to shutdown your 996 current kernel, and to start another kernel. It is like a reboot 997 but it is independent of the system firmware. And like a reboot 998 you can start any kernel with it, not just Linux. 999 1000config KEXEC_FILE 1001 bool "kexec file based system call" 1002 select KEXEC_CORE 1003 help 1004 This is new version of kexec system call. This system call is 1005 file based and takes file descriptors as system call argument 1006 for kernel and initramfs as opposed to list of segments as 1007 accepted by previous system call. 1008 1009config KEXEC_SIG 1010 bool "Verify kernel signature during kexec_file_load() syscall" 1011 depends on KEXEC_FILE 1012 help 1013 Select this option to verify a signature with loaded kernel 1014 image. If configured, any attempt of loading a image without 1015 valid signature will fail. 1016 1017 In addition to that option, you need to enable signature 1018 verification for the corresponding kernel image type being 1019 loaded in order for this to work. 1020 1021config KEXEC_IMAGE_VERIFY_SIG 1022 bool "Enable Image signature verification support" 1023 default y 1024 depends on KEXEC_SIG 1025 depends on EFI && SIGNED_PE_FILE_VERIFICATION 1026 help 1027 Enable Image signature verification support. 1028 1029comment "Support for PE file signature verification disabled" 1030 depends on KEXEC_SIG 1031 depends on !EFI || !SIGNED_PE_FILE_VERIFICATION 1032 1033config CRASH_DUMP 1034 bool "Build kdump crash kernel" 1035 help 1036 Generate crash dump after being started by kexec. This should 1037 be normally only set in special crash dump kernels which are 1038 loaded in the main kernel with kexec-tools into a specially 1039 reserved region and then later executed after a crash by 1040 kdump/kexec. 1041 1042 For more details see Documentation/admin-guide/kdump/kdump.rst 1043 1044config XEN_DOM0 1045 def_bool y 1046 depends on XEN 1047 1048config XEN 1049 bool "Xen guest support on ARM64" 1050 depends on ARM64 && OF 1051 select SWIOTLB_XEN 1052 select PARAVIRT 1053 help 1054 Say Y if you want to run Linux in a Virtual Machine on Xen on ARM64. 1055 1056config FORCE_MAX_ZONEORDER 1057 int 1058 default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE) 1059 default "12" if (ARM64_16K_PAGES && TRANSPARENT_HUGEPAGE) 1060 default "11" 1061 help 1062 The kernel memory allocator divides physically contiguous memory 1063 blocks into "zones", where each zone is a power of two number of 1064 pages. This option selects the largest power of two that the kernel 1065 keeps in the memory allocator. If you need to allocate very large 1066 blocks of physically contiguous memory, then you may need to 1067 increase this value. 1068 1069 This config option is actually maximum order plus one. For example, 1070 a value of 11 means that the largest free memory block is 2^10 pages. 1071 1072 We make sure that we can allocate upto a HugePage size for each configuration. 1073 Hence we have : 1074 MAX_ORDER = (PMD_SHIFT - PAGE_SHIFT) + 1 => PAGE_SHIFT - 2 1075 1076 However for 4K, we choose a higher default value, 11 as opposed to 10, giving us 1077 4M allocations matching the default size used by generic code. 1078 1079config UNMAP_KERNEL_AT_EL0 1080 bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT 1081 default y 1082 help 1083 Speculation attacks against some high-performance processors can 1084 be used to bypass MMU permission checks and leak kernel data to 1085 userspace. This can be defended against by unmapping the kernel 1086 when running in userspace, mapping it back in on exception entry 1087 via a trampoline page in the vector table. 1088 1089 If unsure, say Y. 1090 1091config HARDEN_BRANCH_PREDICTOR 1092 bool "Harden the branch predictor against aliasing attacks" if EXPERT 1093 default y 1094 help 1095 Speculation attacks against some high-performance processors rely on 1096 being able to manipulate the branch predictor for a victim context by 1097 executing aliasing branches in the attacker context. Such attacks 1098 can be partially mitigated against by clearing internal branch 1099 predictor state and limiting the prediction logic in some situations. 1100 1101 This config option will take CPU-specific actions to harden the 1102 branch predictor against aliasing attacks and may rely on specific 1103 instruction sequences or control bits being set by the system 1104 firmware. 1105 1106 If unsure, say Y. 1107 1108config HARDEN_EL2_VECTORS 1109 bool "Harden EL2 vector mapping against system register leak" if EXPERT 1110 default y 1111 help 1112 Speculation attacks against some high-performance processors can 1113 be used to leak privileged information such as the vector base 1114 register, resulting in a potential defeat of the EL2 layout 1115 randomization. 1116 1117 This config option will map the vectors to a fixed location, 1118 independent of the EL2 code mapping, so that revealing VBAR_EL2 1119 to an attacker does not give away any extra information. This 1120 only gets enabled on affected CPUs. 1121 1122 If unsure, say Y. 1123 1124config ARM64_SSBD 1125 bool "Speculative Store Bypass Disable" if EXPERT 1126 default y 1127 help 1128 This enables mitigation of the bypassing of previous stores 1129 by speculative loads. 1130 1131 If unsure, say Y. 1132 1133config RODATA_FULL_DEFAULT_ENABLED 1134 bool "Apply r/o permissions of VM areas also to their linear aliases" 1135 default y 1136 help 1137 Apply read-only attributes of VM areas to the linear alias of 1138 the backing pages as well. This prevents code or read-only data 1139 from being modified (inadvertently or intentionally) via another 1140 mapping of the same memory page. This additional enhancement can 1141 be turned off at runtime by passing rodata=[off|on] (and turned on 1142 with rodata=full if this option is set to 'n') 1143 1144 This requires the linear region to be mapped down to pages, 1145 which may adversely affect performance in some cases. 1146 1147config ARM64_SW_TTBR0_PAN 1148 bool "Emulate Privileged Access Never using TTBR0_EL1 switching" 1149 help 1150 Enabling this option prevents the kernel from accessing 1151 user-space memory directly by pointing TTBR0_EL1 to a reserved 1152 zeroed area and reserved ASID. The user access routines 1153 restore the valid TTBR0_EL1 temporarily. 1154 1155config ARM64_TAGGED_ADDR_ABI 1156 bool "Enable the tagged user addresses syscall ABI" 1157 default y 1158 help 1159 When this option is enabled, user applications can opt in to a 1160 relaxed ABI via prctl() allowing tagged addresses to be passed 1161 to system calls as pointer arguments. For details, see 1162 Documentation/arm64/tagged-address-abi.rst. 1163 1164menuconfig COMPAT 1165 bool "Kernel support for 32-bit EL0" 1166 depends on ARM64_4K_PAGES || EXPERT 1167 select COMPAT_BINFMT_ELF if BINFMT_ELF 1168 select HAVE_UID16 1169 select OLD_SIGSUSPEND3 1170 select COMPAT_OLD_SIGACTION 1171 help 1172 This option enables support for a 32-bit EL0 running under a 64-bit 1173 kernel at EL1. AArch32-specific components such as system calls, 1174 the user helper functions, VFP support and the ptrace interface are 1175 handled appropriately by the kernel. 1176 1177 If you use a page size other than 4KB (i.e, 16KB or 64KB), please be aware 1178 that you will only be able to execute AArch32 binaries that were compiled 1179 with page size aligned segments. 1180 1181 If you want to execute 32-bit userspace applications, say Y. 1182 1183if COMPAT 1184 1185config KUSER_HELPERS 1186 bool "Enable kuser helpers page for 32-bit applications" 1187 default y 1188 help 1189 Warning: disabling this option may break 32-bit user programs. 1190 1191 Provide kuser helpers to compat tasks. The kernel provides 1192 helper code to userspace in read only form at a fixed location 1193 to allow userspace to be independent of the CPU type fitted to 1194 the system. This permits binaries to be run on ARMv4 through 1195 to ARMv8 without modification. 1196 1197 See Documentation/arm/kernel_user_helpers.rst for details. 1198 1199 However, the fixed address nature of these helpers can be used 1200 by ROP (return orientated programming) authors when creating 1201 exploits. 1202 1203 If all of the binaries and libraries which run on your platform 1204 are built specifically for your platform, and make no use of 1205 these helpers, then you can turn this option off to hinder 1206 such exploits. However, in that case, if a binary or library 1207 relying on those helpers is run, it will not function correctly. 1208 1209 Say N here only if you are absolutely certain that you do not 1210 need these helpers; otherwise, the safe option is to say Y. 1211 1212config COMPAT_VDSO 1213 bool "Enable vDSO for 32-bit applications" 1214 depends on !CPU_BIG_ENDIAN && "$(CROSS_COMPILE_COMPAT)" != "" 1215 select GENERIC_COMPAT_VDSO 1216 default y 1217 help 1218 Place in the process address space of 32-bit applications an 1219 ELF shared object providing fast implementations of gettimeofday 1220 and clock_gettime. 1221 1222 You must have a 32-bit build of glibc 2.22 or later for programs 1223 to seamlessly take advantage of this. 1224 1225menuconfig ARMV8_DEPRECATED 1226 bool "Emulate deprecated/obsolete ARMv8 instructions" 1227 depends on SYSCTL 1228 help 1229 Legacy software support may require certain instructions 1230 that have been deprecated or obsoleted in the architecture. 1231 1232 Enable this config to enable selective emulation of these 1233 features. 1234 1235 If unsure, say Y 1236 1237if ARMV8_DEPRECATED 1238 1239config SWP_EMULATION 1240 bool "Emulate SWP/SWPB instructions" 1241 help 1242 ARMv8 obsoletes the use of A32 SWP/SWPB instructions such that 1243 they are always undefined. Say Y here to enable software 1244 emulation of these instructions for userspace using LDXR/STXR. 1245 1246 In some older versions of glibc [<=2.8] SWP is used during futex 1247 trylock() operations with the assumption that the code will not 1248 be preempted. This invalid assumption may be more likely to fail 1249 with SWP emulation enabled, leading to deadlock of the user 1250 application. 1251 1252 NOTE: when accessing uncached shared regions, LDXR/STXR rely 1253 on an external transaction monitoring block called a global 1254 monitor to maintain update atomicity. If your system does not 1255 implement a global monitor, this option can cause programs that 1256 perform SWP operations to uncached memory to deadlock. 1257 1258 If unsure, say Y 1259 1260config CP15_BARRIER_EMULATION 1261 bool "Emulate CP15 Barrier instructions" 1262 help 1263 The CP15 barrier instructions - CP15ISB, CP15DSB, and 1264 CP15DMB - are deprecated in ARMv8 (and ARMv7). It is 1265 strongly recommended to use the ISB, DSB, and DMB 1266 instructions instead. 1267 1268 Say Y here to enable software emulation of these 1269 instructions for AArch32 userspace code. When this option is 1270 enabled, CP15 barrier usage is traced which can help 1271 identify software that needs updating. 1272 1273 If unsure, say Y 1274 1275config SETEND_EMULATION 1276 bool "Emulate SETEND instruction" 1277 help 1278 The SETEND instruction alters the data-endianness of the 1279 AArch32 EL0, and is deprecated in ARMv8. 1280 1281 Say Y here to enable software emulation of the instruction 1282 for AArch32 userspace code. 1283 1284 Note: All the cpus on the system must have mixed endian support at EL0 1285 for this feature to be enabled. If a new CPU - which doesn't support mixed 1286 endian - is hotplugged in after this feature has been enabled, there could 1287 be unexpected results in the applications. 1288 1289 If unsure, say Y 1290endif 1291 1292endif 1293 1294menu "ARMv8.1 architectural features" 1295 1296config ARM64_HW_AFDBM 1297 bool "Support for hardware updates of the Access and Dirty page flags" 1298 default y 1299 help 1300 The ARMv8.1 architecture extensions introduce support for 1301 hardware updates of the access and dirty information in page 1302 table entries. When enabled in TCR_EL1 (HA and HD bits) on 1303 capable processors, accesses to pages with PTE_AF cleared will 1304 set this bit instead of raising an access flag fault. 1305 Similarly, writes to read-only pages with the DBM bit set will 1306 clear the read-only bit (AP[2]) instead of raising a 1307 permission fault. 1308 1309 Kernels built with this configuration option enabled continue 1310 to work on pre-ARMv8.1 hardware and the performance impact is 1311 minimal. If unsure, say Y. 1312 1313config ARM64_PAN 1314 bool "Enable support for Privileged Access Never (PAN)" 1315 default y 1316 help 1317 Privileged Access Never (PAN; part of the ARMv8.1 Extensions) 1318 prevents the kernel or hypervisor from accessing user-space (EL0) 1319 memory directly. 1320 1321 Choosing this option will cause any unprotected (not using 1322 copy_to_user et al) memory access to fail with a permission fault. 1323 1324 The feature is detected at runtime, and will remain as a 'nop' 1325 instruction if the cpu does not implement the feature. 1326 1327config ARM64_LSE_ATOMICS 1328 bool "Atomic instructions" 1329 depends on JUMP_LABEL 1330 default y 1331 help 1332 As part of the Large System Extensions, ARMv8.1 introduces new 1333 atomic instructions that are designed specifically to scale in 1334 very large systems. 1335 1336 Say Y here to make use of these instructions for the in-kernel 1337 atomic routines. This incurs a small overhead on CPUs that do 1338 not support these instructions and requires the kernel to be 1339 built with binutils >= 2.25 in order for the new instructions 1340 to be used. 1341 1342config ARM64_VHE 1343 bool "Enable support for Virtualization Host Extensions (VHE)" 1344 default y 1345 help 1346 Virtualization Host Extensions (VHE) allow the kernel to run 1347 directly at EL2 (instead of EL1) on processors that support 1348 it. This leads to better performance for KVM, as they reduce 1349 the cost of the world switch. 1350 1351 Selecting this option allows the VHE feature to be detected 1352 at runtime, and does not affect processors that do not 1353 implement this feature. 1354 1355endmenu 1356 1357menu "ARMv8.2 architectural features" 1358 1359config ARM64_UAO 1360 bool "Enable support for User Access Override (UAO)" 1361 default y 1362 help 1363 User Access Override (UAO; part of the ARMv8.2 Extensions) 1364 causes the 'unprivileged' variant of the load/store instructions to 1365 be overridden to be privileged. 1366 1367 This option changes get_user() and friends to use the 'unprivileged' 1368 variant of the load/store instructions. This ensures that user-space 1369 really did have access to the supplied memory. When addr_limit is 1370 set to kernel memory the UAO bit will be set, allowing privileged 1371 access to kernel memory. 1372 1373 Choosing this option will cause copy_to_user() et al to use user-space 1374 memory permissions. 1375 1376 The feature is detected at runtime, the kernel will use the 1377 regular load/store instructions if the cpu does not implement the 1378 feature. 1379 1380config ARM64_PMEM 1381 bool "Enable support for persistent memory" 1382 select ARCH_HAS_PMEM_API 1383 select ARCH_HAS_UACCESS_FLUSHCACHE 1384 help 1385 Say Y to enable support for the persistent memory API based on the 1386 ARMv8.2 DCPoP feature. 1387 1388 The feature is detected at runtime, and the kernel will use DC CVAC 1389 operations if DC CVAP is not supported (following the behaviour of 1390 DC CVAP itself if the system does not define a point of persistence). 1391 1392config ARM64_RAS_EXTN 1393 bool "Enable support for RAS CPU Extensions" 1394 default y 1395 help 1396 CPUs that support the Reliability, Availability and Serviceability 1397 (RAS) Extensions, part of ARMv8.2 are able to track faults and 1398 errors, classify them and report them to software. 1399 1400 On CPUs with these extensions system software can use additional 1401 barriers to determine if faults are pending and read the 1402 classification from a new set of registers. 1403 1404 Selecting this feature will allow the kernel to use these barriers 1405 and access the new registers if the system supports the extension. 1406 Platform RAS features may additionally depend on firmware support. 1407 1408config ARM64_CNP 1409 bool "Enable support for Common Not Private (CNP) translations" 1410 default y 1411 depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN 1412 help 1413 Common Not Private (CNP) allows translation table entries to 1414 be shared between different PEs in the same inner shareable 1415 domain, so the hardware can use this fact to optimise the 1416 caching of such entries in the TLB. 1417 1418 Selecting this option allows the CNP feature to be detected 1419 at runtime, and does not affect PEs that do not implement 1420 this feature. 1421 1422endmenu 1423 1424menu "ARMv8.3 architectural features" 1425 1426config ARM64_PTR_AUTH 1427 bool "Enable support for pointer authentication" 1428 default y 1429 depends on !KVM || ARM64_VHE 1430 help 1431 Pointer authentication (part of the ARMv8.3 Extensions) provides 1432 instructions for signing and authenticating pointers against secret 1433 keys, which can be used to mitigate Return Oriented Programming (ROP) 1434 and other attacks. 1435 1436 This option enables these instructions at EL0 (i.e. for userspace). 1437 1438 Choosing this option will cause the kernel to initialise secret keys 1439 for each process at exec() time, with these keys being 1440 context-switched along with the process. 1441 1442 The feature is detected at runtime. If the feature is not present in 1443 hardware it will not be advertised to userspace/KVM guest nor will it 1444 be enabled. However, KVM guest also require VHE mode and hence 1445 CONFIG_ARM64_VHE=y option to use this feature. 1446 1447endmenu 1448 1449config ARM64_SVE 1450 bool "ARM Scalable Vector Extension support" 1451 default y 1452 depends on !KVM || ARM64_VHE 1453 help 1454 The Scalable Vector Extension (SVE) is an extension to the AArch64 1455 execution state which complements and extends the SIMD functionality 1456 of the base architecture to support much larger vectors and to enable 1457 additional vectorisation opportunities. 1458 1459 To enable use of this extension on CPUs that implement it, say Y. 1460 1461 On CPUs that support the SVE2 extensions, this option will enable 1462 those too. 1463 1464 Note that for architectural reasons, firmware _must_ implement SVE 1465 support when running on SVE capable hardware. The required support 1466 is present in: 1467 1468 * version 1.5 and later of the ARM Trusted Firmware 1469 * the AArch64 boot wrapper since commit 5e1261e08abf 1470 ("bootwrapper: SVE: Enable SVE for EL2 and below"). 1471 1472 For other firmware implementations, consult the firmware documentation 1473 or vendor. 1474 1475 If you need the kernel to boot on SVE-capable hardware with broken 1476 firmware, you may need to say N here until you get your firmware 1477 fixed. Otherwise, you may experience firmware panics or lockups when 1478 booting the kernel. If unsure and you are not observing these 1479 symptoms, you should assume that it is safe to say Y. 1480 1481 CPUs that support SVE are architecturally required to support the 1482 Virtualization Host Extensions (VHE), so the kernel makes no 1483 provision for supporting SVE alongside KVM without VHE enabled. 1484 Thus, you will need to enable CONFIG_ARM64_VHE if you want to support 1485 KVM in the same kernel image. 1486 1487config ARM64_MODULE_PLTS 1488 bool "Use PLTs to allow module memory to spill over into vmalloc area" 1489 depends on MODULES 1490 select HAVE_MOD_ARCH_SPECIFIC 1491 help 1492 Allocate PLTs when loading modules so that jumps and calls whose 1493 targets are too far away for their relative offsets to be encoded 1494 in the instructions themselves can be bounced via veneers in the 1495 module's PLT. This allows modules to be allocated in the generic 1496 vmalloc area after the dedicated module memory area has been 1497 exhausted. 1498 1499 When running with address space randomization (KASLR), the module 1500 region itself may be too far away for ordinary relative jumps and 1501 calls, and so in that case, module PLTs are required and cannot be 1502 disabled. 1503 1504 Specific errata workaround(s) might also force module PLTs to be 1505 enabled (ARM64_ERRATUM_843419). 1506 1507config ARM64_PSEUDO_NMI 1508 bool "Support for NMI-like interrupts" 1509 select CONFIG_ARM_GIC_V3 1510 help 1511 Adds support for mimicking Non-Maskable Interrupts through the use of 1512 GIC interrupt priority. This support requires version 3 or later of 1513 ARM GIC. 1514 1515 This high priority configuration for interrupts needs to be 1516 explicitly enabled by setting the kernel parameter 1517 "irqchip.gicv3_pseudo_nmi" to 1. 1518 1519 If unsure, say N 1520 1521if ARM64_PSEUDO_NMI 1522config ARM64_DEBUG_PRIORITY_MASKING 1523 bool "Debug interrupt priority masking" 1524 help 1525 This adds runtime checks to functions enabling/disabling 1526 interrupts when using priority masking. The additional checks verify 1527 the validity of ICC_PMR_EL1 when calling concerned functions. 1528 1529 If unsure, say N 1530endif 1531 1532config RELOCATABLE 1533 bool 1534 select ARCH_HAS_RELR 1535 help 1536 This builds the kernel as a Position Independent Executable (PIE), 1537 which retains all relocation metadata required to relocate the 1538 kernel binary at runtime to a different virtual address than the 1539 address it was linked at. 1540 Since AArch64 uses the RELA relocation format, this requires a 1541 relocation pass at runtime even if the kernel is loaded at the 1542 same address it was linked at. 1543 1544config RANDOMIZE_BASE 1545 bool "Randomize the address of the kernel image" 1546 select ARM64_MODULE_PLTS if MODULES 1547 select RELOCATABLE 1548 help 1549 Randomizes the virtual address at which the kernel image is 1550 loaded, as a security feature that deters exploit attempts 1551 relying on knowledge of the location of kernel internals. 1552 1553 It is the bootloader's job to provide entropy, by passing a 1554 random u64 value in /chosen/kaslr-seed at kernel entry. 1555 1556 When booting via the UEFI stub, it will invoke the firmware's 1557 EFI_RNG_PROTOCOL implementation (if available) to supply entropy 1558 to the kernel proper. In addition, it will randomise the physical 1559 location of the kernel Image as well. 1560 1561 If unsure, say N. 1562 1563config RANDOMIZE_MODULE_REGION_FULL 1564 bool "Randomize the module region over a 4 GB range" 1565 depends on RANDOMIZE_BASE 1566 default y 1567 help 1568 Randomizes the location of the module region inside a 4 GB window 1569 covering the core kernel. This way, it is less likely for modules 1570 to leak information about the location of core kernel data structures 1571 but it does imply that function calls between modules and the core 1572 kernel will need to be resolved via veneers in the module PLT. 1573 1574 When this option is not set, the module region will be randomized over 1575 a limited range that contains the [_stext, _etext] interval of the 1576 core kernel, so branch relocations are always in range. 1577 1578config CC_HAVE_STACKPROTECTOR_SYSREG 1579 def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) 1580 1581config STACKPROTECTOR_PER_TASK 1582 def_bool y 1583 depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG 1584 1585endmenu 1586 1587menu "Boot options" 1588 1589config ARM64_ACPI_PARKING_PROTOCOL 1590 bool "Enable support for the ARM64 ACPI parking protocol" 1591 depends on ACPI 1592 help 1593 Enable support for the ARM64 ACPI parking protocol. If disabled 1594 the kernel will not allow booting through the ARM64 ACPI parking 1595 protocol even if the corresponding data is present in the ACPI 1596 MADT table. 1597 1598config CMDLINE 1599 string "Default kernel command string" 1600 default "" 1601 help 1602 Provide a set of default command-line options at build time by 1603 entering them here. As a minimum, you should specify the the 1604 root device (e.g. root=/dev/nfs). 1605 1606choice 1607 prompt "Kernel command line type" if CMDLINE != "" 1608 default CMDLINE_FROM_BOOTLOADER 1609 1610config CMDLINE_FROM_BOOTLOADER 1611 bool "Use bootloader kernel arguments if available" 1612 help 1613 Uses the command-line options passed by the boot loader. If 1614 the boot loader doesn't provide any, the default kernel command 1615 string provided in CMDLINE will be used. 1616 1617config CMDLINE_EXTEND 1618 bool "Extend bootloader kernel arguments" 1619 help 1620 The command-line arguments provided by the boot loader will be 1621 appended to the default kernel command string. 1622 1623config CMDLINE_FORCE 1624 bool "Always use the default kernel command string" 1625 help 1626 Always use the default kernel command string, even if the boot 1627 loader passes other arguments to the kernel. 1628 This is useful if you cannot or don't want to change the 1629 command-line options your boot loader passes to the kernel. 1630endchoice 1631 1632config EFI_STUB 1633 bool 1634 1635config EFI 1636 bool "UEFI runtime support" 1637 depends on OF && !CPU_BIG_ENDIAN 1638 depends on KERNEL_MODE_NEON 1639 select ARCH_SUPPORTS_ACPI 1640 select LIBFDT 1641 select UCS2_STRING 1642 select EFI_PARAMS_FROM_FDT 1643 select EFI_RUNTIME_WRAPPERS 1644 select EFI_STUB 1645 select EFI_ARMSTUB 1646 default y 1647 help 1648 This option provides support for runtime services provided 1649 by UEFI firmware (such as non-volatile variables, realtime 1650 clock, and platform reset). A UEFI stub is also provided to 1651 allow the kernel to be booted as an EFI application. This 1652 is only useful on systems that have UEFI firmware. 1653 1654config DMI 1655 bool "Enable support for SMBIOS (DMI) tables" 1656 depends on EFI 1657 default y 1658 help 1659 This enables SMBIOS/DMI feature for systems. 1660 1661 This option is only useful on systems that have UEFI firmware. 1662 However, even with this option, the resultant kernel should 1663 continue to boot on existing non-UEFI platforms. 1664 1665endmenu 1666 1667config SYSVIPC_COMPAT 1668 def_bool y 1669 depends on COMPAT && SYSVIPC 1670 1671config ARCH_ENABLE_HUGEPAGE_MIGRATION 1672 def_bool y 1673 depends on HUGETLB_PAGE && MIGRATION 1674 1675menu "Power management options" 1676 1677source "kernel/power/Kconfig" 1678 1679config ARCH_HIBERNATION_POSSIBLE 1680 def_bool y 1681 depends on CPU_PM 1682 1683config ARCH_HIBERNATION_HEADER 1684 def_bool y 1685 depends on HIBERNATION 1686 1687config ARCH_SUSPEND_POSSIBLE 1688 def_bool y 1689 1690endmenu 1691 1692menu "CPU Power Management" 1693 1694source "drivers/cpuidle/Kconfig" 1695 1696source "drivers/cpufreq/Kconfig" 1697 1698endmenu 1699 1700source "drivers/firmware/Kconfig" 1701 1702source "drivers/acpi/Kconfig" 1703 1704source "arch/arm64/kvm/Kconfig" 1705 1706if CRYPTO 1707source "arch/arm64/crypto/Kconfig" 1708endif 1709