• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# SPDX-License-Identifier: GPL-2.0-only
2config ARM64
3	def_bool y
4	select ACPI_CCA_REQUIRED if ACPI
5	select ACPI_GENERIC_GSI if ACPI
6	select ACPI_GTDT if ACPI
7	select ACPI_IORT if ACPI
8	select ACPI_REDUCED_HARDWARE_ONLY if ACPI
9	select ACPI_MCFG if (ACPI && PCI)
10	select ACPI_SPCR_TABLE if ACPI
11	select ACPI_PPTT if ACPI
12	select ARCH_CLOCKSOURCE_DATA
13	select ARCH_HAS_DEBUG_VIRTUAL
14	select ARCH_HAS_DEVMEM_IS_ALLOWED
15	select ARCH_HAS_DMA_COHERENT_TO_PFN
16	select ARCH_HAS_DMA_PREP_COHERENT
17	select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
18	select ARCH_HAS_FAST_MULTIPLIER
19	select ARCH_HAS_FORTIFY_SOURCE
20	select ARCH_HAS_GCOV_PROFILE_ALL
21	select ARCH_HAS_GIGANTIC_PAGE
22	select ARCH_HAS_KCOV
23	select ARCH_HAS_KEEPINITRD
24	select ARCH_HAS_MEMBARRIER_SYNC_CORE
25	select ARCH_HAS_PTE_DEVMAP
26	select ARCH_HAS_PTE_SPECIAL
27	select ARCH_HAS_SETUP_DMA_OPS
28	select ARCH_HAS_SET_DIRECT_MAP
29	select ARCH_HAS_SET_MEMORY
30	select ARCH_HAS_STRICT_KERNEL_RWX
31	select ARCH_HAS_STRICT_MODULE_RWX
32	select ARCH_HAS_SYNC_DMA_FOR_DEVICE
33	select ARCH_HAS_SYNC_DMA_FOR_CPU
34	select ARCH_HAS_SYSCALL_WRAPPER
35	select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT
36	select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
37	select ARCH_HAVE_NMI_SAFE_CMPXCHG
38	select ARCH_INLINE_READ_LOCK if !PREEMPT
39	select ARCH_INLINE_READ_LOCK_BH if !PREEMPT
40	select ARCH_INLINE_READ_LOCK_IRQ if !PREEMPT
41	select ARCH_INLINE_READ_LOCK_IRQSAVE if !PREEMPT
42	select ARCH_INLINE_READ_UNLOCK if !PREEMPT
43	select ARCH_INLINE_READ_UNLOCK_BH if !PREEMPT
44	select ARCH_INLINE_READ_UNLOCK_IRQ if !PREEMPT
45	select ARCH_INLINE_READ_UNLOCK_IRQRESTORE if !PREEMPT
46	select ARCH_INLINE_WRITE_LOCK if !PREEMPT
47	select ARCH_INLINE_WRITE_LOCK_BH if !PREEMPT
48	select ARCH_INLINE_WRITE_LOCK_IRQ if !PREEMPT
49	select ARCH_INLINE_WRITE_LOCK_IRQSAVE if !PREEMPT
50	select ARCH_INLINE_WRITE_UNLOCK if !PREEMPT
51	select ARCH_INLINE_WRITE_UNLOCK_BH if !PREEMPT
52	select ARCH_INLINE_WRITE_UNLOCK_IRQ if !PREEMPT
53	select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE if !PREEMPT
54	select ARCH_INLINE_SPIN_TRYLOCK if !PREEMPT
55	select ARCH_INLINE_SPIN_TRYLOCK_BH if !PREEMPT
56	select ARCH_INLINE_SPIN_LOCK if !PREEMPT
57	select ARCH_INLINE_SPIN_LOCK_BH if !PREEMPT
58	select ARCH_INLINE_SPIN_LOCK_IRQ if !PREEMPT
59	select ARCH_INLINE_SPIN_LOCK_IRQSAVE if !PREEMPT
60	select ARCH_INLINE_SPIN_UNLOCK if !PREEMPT
61	select ARCH_INLINE_SPIN_UNLOCK_BH if !PREEMPT
62	select ARCH_INLINE_SPIN_UNLOCK_IRQ if !PREEMPT
63	select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPT
64	select ARCH_KEEP_MEMBLOCK
65	select ARCH_USE_CMPXCHG_LOCKREF
66	select ARCH_USE_QUEUED_RWLOCKS
67	select ARCH_USE_QUEUED_SPINLOCKS
68	select ARCH_SUPPORTS_MEMORY_FAILURE
69	select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK
70	select ARCH_SUPPORTS_LTO_CLANG
71	select ARCH_SUPPORTS_THINLTO
72	select ARCH_SUPPORTS_ATOMIC_RMW
73	select ARCH_SUPPORTS_INT128 if GCC_VERSION >= 50000 || CC_IS_CLANG
74	select ARCH_SUPPORTS_NUMA_BALANCING
75	select ARCH_WANT_COMPAT_IPC_PARSE_VERSION if COMPAT
76	select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
77	select ARCH_WANT_FRAME_POINTERS
78	select ARCH_WANT_HUGE_PMD_SHARE if ARM64_4K_PAGES || (ARM64_16K_PAGES && !ARM64_VA_BITS_36)
79	select ARCH_HAS_UBSAN_SANITIZE_ALL
80	select ARM_AMBA
81	select ARM_ARCH_TIMER
82	select ARM_GIC
83	select AUDIT_ARCH_COMPAT_GENERIC
84	select ARM_GIC_V2M if PCI
85	select ARM_GIC_V3
86	select ARM_GIC_V3_ITS if PCI
87	select ARM_PSCI_FW
88	select BUILDTIME_EXTABLE_SORT
89	select CLONE_BACKWARDS
90	select COMMON_CLK
91	select CPU_PM if (SUSPEND || CPU_IDLE)
92	select CRC32
93	select DCACHE_WORD_ACCESS
94	select DMA_DIRECT_REMAP
95	select EDAC_SUPPORT
96	select FRAME_POINTER
97	select GENERIC_ALLOCATOR
98	select GENERIC_ARCH_TOPOLOGY
99	select GENERIC_CLOCKEVENTS
100	select GENERIC_CLOCKEVENTS_BROADCAST
101	select GENERIC_CPU_AUTOPROBE
102	select GENERIC_CPU_VULNERABILITIES
103	select GENERIC_EARLY_IOREMAP
104	select GENERIC_IDLE_POLL_SETUP
105	select GENERIC_IRQ_MULTI_HANDLER
106	select GENERIC_IRQ_PROBE
107	select GENERIC_IRQ_SHOW
108	select GENERIC_IRQ_SHOW_LEVEL
109	select GENERIC_PCI_IOMAP
110	select GENERIC_SCHED_CLOCK
111	select GENERIC_SMP_IDLE_THREAD
112	select GENERIC_STRNCPY_FROM_USER
113	select GENERIC_STRNLEN_USER
114	select GENERIC_TIME_VSYSCALL
115	select GENERIC_GETTIMEOFDAY
116	select HANDLE_DOMAIN_IRQ
117	select HARDIRQS_SW_RESEND
118	select HAVE_PCI
119	select HAVE_ACPI_APEI if (ACPI && EFI)
120	select HAVE_ALIGNED_STRUCT_PAGE if SLUB
121	select HAVE_ARCH_AUDITSYSCALL
122	select HAVE_ARCH_BITREVERSE
123	select HAVE_ARCH_HUGE_VMAP
124	select HAVE_ARCH_JUMP_LABEL
125	select HAVE_ARCH_JUMP_LABEL_RELATIVE
126	select HAVE_ARCH_KASAN if !(ARM64_16K_PAGES && ARM64_VA_BITS_48)
127	select HAVE_ARCH_KASAN_SW_TAGS if HAVE_ARCH_KASAN
128	select HAVE_ARCH_KGDB
129	select HAVE_ARCH_MMAP_RND_BITS
130	select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
131	select HAVE_ARCH_PREL32_RELOCATIONS if !LTO_CLANG
132	select HAVE_ARCH_SECCOMP_FILTER
133	select HAVE_ARCH_STACKLEAK
134	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
135	select HAVE_ARCH_TRACEHOOK
136	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
137	select HAVE_ARCH_VMAP_STACK
138	select HAVE_ARM_SMCCC
139	select HAVE_ASM_MODVERSIONS
140	select HAVE_EBPF_JIT
141	select HAVE_C_RECORDMCOUNT
142	select HAVE_CMPXCHG_DOUBLE
143	select HAVE_CMPXCHG_LOCAL
144	select HAVE_CONTEXT_TRACKING
145	select HAVE_COPY_THREAD_TLS
146	select HAVE_DEBUG_BUGVERBOSE
147	select HAVE_DEBUG_KMEMLEAK
148	select HAVE_DMA_CONTIGUOUS
149	select HAVE_DYNAMIC_FTRACE
150	select HAVE_EFFICIENT_UNALIGNED_ACCESS
151	select HAVE_FAST_GUP
152	select HAVE_FTRACE_MCOUNT_RECORD
153	select HAVE_FUNCTION_TRACER
154	select HAVE_FUNCTION_ERROR_INJECTION
155	select HAVE_FUNCTION_GRAPH_TRACER if !SHADOW_CALL_STACK
156	select HAVE_GCC_PLUGINS
157	select HAVE_HW_BREAKPOINT if PERF_EVENTS
158	select HAVE_IRQ_TIME_ACCOUNTING
159	select HAVE_MEMBLOCK_NODE_MAP if NUMA
160	select HAVE_NMI
161	select HAVE_PATA_PLATFORM
162	select HAVE_PERF_EVENTS
163	select HAVE_PERF_REGS
164	select HAVE_PERF_USER_STACK_DUMP
165	select HAVE_REGS_AND_STACK_ACCESS_API
166	select HAVE_FUNCTION_ARG_ACCESS_API
167	select HAVE_RCU_TABLE_FREE
168	select HAVE_RSEQ
169	select HAVE_STACKPROTECTOR
170	select HAVE_SYSCALL_TRACEPOINTS
171	select HAVE_KPROBES
172	select HAVE_KRETPROBES
173	select HAVE_GENERIC_VDSO
174	select IOMMU_DMA if IOMMU_SUPPORT
175	select IRQ_DOMAIN
176	select IRQ_FORCED_THREADING
177	select MODULES_USE_ELF_RELA
178	select NEED_DMA_MAP_STATE
179	select NEED_SG_DMA_LENGTH
180	select OF
181	select OF_EARLY_FLATTREE
182	select PCI_DOMAINS_GENERIC if PCI
183	select PCI_ECAM if (ACPI && PCI)
184	select PCI_SYSCALL if PCI
185	select POWER_RESET
186	select POWER_SUPPLY
187	select REFCOUNT_FULL
188	select SPARSE_IRQ
189	select SWIOTLB
190	select SYSCTL_EXCEPTION_TRACE
191	select THREAD_INFO_IN_TASK
192	help
193	  ARM 64-bit (AArch64) Linux support.
194
195config 64BIT
196	def_bool y
197
198config MMU
199	def_bool y
200
201config ARM64_PAGE_SHIFT
202	int
203	default 16 if ARM64_64K_PAGES
204	default 14 if ARM64_16K_PAGES
205	default 12
206
207config ARM64_CONT_SHIFT
208	int
209	default 5 if ARM64_64K_PAGES
210	default 7 if ARM64_16K_PAGES
211	default 4
212
213config ARCH_MMAP_RND_BITS_MIN
214       default 14 if ARM64_64K_PAGES
215       default 16 if ARM64_16K_PAGES
216       default 18
217
218# max bits determined by the following formula:
219#  VA_BITS - PAGE_SHIFT - 3
220config ARCH_MMAP_RND_BITS_MAX
221       default 19 if ARM64_VA_BITS=36
222       default 24 if ARM64_VA_BITS=39
223       default 27 if ARM64_VA_BITS=42
224       default 30 if ARM64_VA_BITS=47
225       default 29 if ARM64_VA_BITS=48 && ARM64_64K_PAGES
226       default 31 if ARM64_VA_BITS=48 && ARM64_16K_PAGES
227       default 33 if ARM64_VA_BITS=48
228       default 14 if ARM64_64K_PAGES
229       default 16 if ARM64_16K_PAGES
230       default 18
231
232config ARCH_MMAP_RND_COMPAT_BITS_MIN
233       default 7 if ARM64_64K_PAGES
234       default 9 if ARM64_16K_PAGES
235       default 11
236
237config ARCH_MMAP_RND_COMPAT_BITS_MAX
238       default 16
239
240config NO_IOPORT_MAP
241	def_bool y if !PCI
242
243config STACKTRACE_SUPPORT
244	def_bool y
245
246config ILLEGAL_POINTER_VALUE
247	hex
248	default 0xdead000000000000
249
250config LOCKDEP_SUPPORT
251	def_bool y
252
253config TRACE_IRQFLAGS_SUPPORT
254	def_bool y
255
256config GENERIC_BUG
257	def_bool y
258	depends on BUG
259
260config GENERIC_BUG_RELATIVE_POINTERS
261	def_bool y
262	depends on GENERIC_BUG
263
264config GENERIC_HWEIGHT
265	def_bool y
266
267config GENERIC_CSUM
268        def_bool y
269
270config GENERIC_CALIBRATE_DELAY
271	def_bool y
272
273config ZONE_DMA32
274	bool "Support DMA32 zone" if EXPERT
275	default y
276
277config ARCH_ENABLE_MEMORY_HOTPLUG
278	def_bool y
279
280config SMP
281	def_bool y
282
283config KERNEL_MODE_NEON
284	def_bool y
285
286config FIX_EARLYCON_MEM
287	def_bool y
288
289config PGTABLE_LEVELS
290	int
291	default 2 if ARM64_16K_PAGES && ARM64_VA_BITS_36
292	default 2 if ARM64_64K_PAGES && ARM64_VA_BITS_42
293	default 3 if ARM64_64K_PAGES && (ARM64_VA_BITS_48 || ARM64_VA_BITS_52)
294	default 3 if ARM64_4K_PAGES && ARM64_VA_BITS_39
295	default 3 if ARM64_16K_PAGES && ARM64_VA_BITS_47
296	default 4 if !ARM64_64K_PAGES && ARM64_VA_BITS_48
297
298config ARCH_SUPPORTS_UPROBES
299	def_bool y
300
301config ARCH_PROC_KCORE_TEXT
302	def_bool y
303
304config KASAN_SHADOW_OFFSET
305	hex
306	depends on KASAN
307	default 0xdfffa00000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && !KASAN_SW_TAGS
308	default 0xdfffd00000000000 if ARM64_VA_BITS_47 && !KASAN_SW_TAGS
309	default 0xdffffe8000000000 if ARM64_VA_BITS_42 && !KASAN_SW_TAGS
310	default 0xdfffffd000000000 if ARM64_VA_BITS_39 && !KASAN_SW_TAGS
311	default 0xdffffffa00000000 if ARM64_VA_BITS_36 && !KASAN_SW_TAGS
312	default 0xefff900000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && KASAN_SW_TAGS
313	default 0xefffc80000000000 if ARM64_VA_BITS_47 && KASAN_SW_TAGS
314	default 0xeffffe4000000000 if ARM64_VA_BITS_42 && KASAN_SW_TAGS
315	default 0xefffffc800000000 if ARM64_VA_BITS_39 && KASAN_SW_TAGS
316	default 0xeffffff900000000 if ARM64_VA_BITS_36 && KASAN_SW_TAGS
317	default 0xffffffffffffffff
318
319source "arch/arm64/Kconfig.platforms"
320
321menu "Kernel Features"
322
323menu "ARM errata workarounds via the alternatives framework"
324
325config ARM64_WORKAROUND_CLEAN_CACHE
326	bool
327
328config ARM64_ERRATUM_826319
329	bool "Cortex-A53: 826319: System might deadlock if a write cannot complete until read data is accepted"
330	default y
331	select ARM64_WORKAROUND_CLEAN_CACHE
332	help
333	  This option adds an alternative code sequence to work around ARM
334	  erratum 826319 on Cortex-A53 parts up to r0p2 with an AMBA 4 ACE or
335	  AXI master interface and an L2 cache.
336
337	  If a Cortex-A53 uses an AMBA AXI4 ACE interface to other processors
338	  and is unable to accept a certain write via this interface, it will
339	  not progress on read data presented on the read data channel and the
340	  system can deadlock.
341
342	  The workaround promotes data cache clean instructions to
343	  data cache clean-and-invalidate.
344	  Please note that this does not necessarily enable the workaround,
345	  as it depends on the alternative framework, which will only patch
346	  the kernel if an affected CPU is detected.
347
348	  If unsure, say Y.
349
350config ARM64_ERRATUM_827319
351	bool "Cortex-A53: 827319: Data cache clean instructions might cause overlapping transactions to the interconnect"
352	default y
353	select ARM64_WORKAROUND_CLEAN_CACHE
354	help
355	  This option adds an alternative code sequence to work around ARM
356	  erratum 827319 on Cortex-A53 parts up to r0p2 with an AMBA 5 CHI
357	  master interface and an L2 cache.
358
359	  Under certain conditions this erratum can cause a clean line eviction
360	  to occur at the same time as another transaction to the same address
361	  on the AMBA 5 CHI interface, which can cause data corruption if the
362	  interconnect reorders the two transactions.
363
364	  The workaround promotes data cache clean instructions to
365	  data cache clean-and-invalidate.
366	  Please note that this does not necessarily enable the workaround,
367	  as it depends on the alternative framework, which will only patch
368	  the kernel if an affected CPU is detected.
369
370	  If unsure, say Y.
371
372config ARM64_ERRATUM_824069
373	bool "Cortex-A53: 824069: Cache line might not be marked as clean after a CleanShared snoop"
374	default y
375	select ARM64_WORKAROUND_CLEAN_CACHE
376	help
377	  This option adds an alternative code sequence to work around ARM
378	  erratum 824069 on Cortex-A53 parts up to r0p2 when it is connected
379	  to a coherent interconnect.
380
381	  If a Cortex-A53 processor is executing a store or prefetch for
382	  write instruction at the same time as a processor in another
383	  cluster is executing a cache maintenance operation to the same
384	  address, then this erratum might cause a clean cache line to be
385	  incorrectly marked as dirty.
386
387	  The workaround promotes data cache clean instructions to
388	  data cache clean-and-invalidate.
389	  Please note that this option does not necessarily enable the
390	  workaround, as it depends on the alternative framework, which will
391	  only patch the kernel if an affected CPU is detected.
392
393	  If unsure, say Y.
394
395config ARM64_ERRATUM_819472
396	bool "Cortex-A53: 819472: Store exclusive instructions might cause data corruption"
397	default y
398	select ARM64_WORKAROUND_CLEAN_CACHE
399	help
400	  This option adds an alternative code sequence to work around ARM
401	  erratum 819472 on Cortex-A53 parts up to r0p1 with an L2 cache
402	  present when it is connected to a coherent interconnect.
403
404	  If the processor is executing a load and store exclusive sequence at
405	  the same time as a processor in another cluster is executing a cache
406	  maintenance operation to the same address, then this erratum might
407	  cause data corruption.
408
409	  The workaround promotes data cache clean instructions to
410	  data cache clean-and-invalidate.
411	  Please note that this does not necessarily enable the workaround,
412	  as it depends on the alternative framework, which will only patch
413	  the kernel if an affected CPU is detected.
414
415	  If unsure, say Y.
416
417config ARM64_ERRATUM_832075
418	bool "Cortex-A57: 832075: possible deadlock on mixing exclusive memory accesses with device loads"
419	default y
420	help
421	  This option adds an alternative code sequence to work around ARM
422	  erratum 832075 on Cortex-A57 parts up to r1p2.
423
424	  Affected Cortex-A57 parts might deadlock when exclusive load/store
425	  instructions to Write-Back memory are mixed with Device loads.
426
427	  The workaround is to promote device loads to use Load-Acquire
428	  semantics.
429	  Please note that this does not necessarily enable the workaround,
430	  as it depends on the alternative framework, which will only patch
431	  the kernel if an affected CPU is detected.
432
433	  If unsure, say Y.
434
435config ARM64_ERRATUM_834220
436	bool "Cortex-A57: 834220: Stage 2 translation fault might be incorrectly reported in presence of a Stage 1 fault"
437	depends on KVM
438	default y
439	help
440	  This option adds an alternative code sequence to work around ARM
441	  erratum 834220 on Cortex-A57 parts up to r1p2.
442
443	  Affected Cortex-A57 parts might report a Stage 2 translation
444	  fault as the result of a Stage 1 fault for load crossing a
445	  page boundary when there is a permission or device memory
446	  alignment fault at Stage 1 and a translation fault at Stage 2.
447
448	  The workaround is to verify that the Stage 1 translation
449	  doesn't generate a fault before handling the Stage 2 fault.
450	  Please note that this does not necessarily enable the workaround,
451	  as it depends on the alternative framework, which will only patch
452	  the kernel if an affected CPU is detected.
453
454	  If unsure, say Y.
455
456config ARM64_ERRATUM_845719
457	bool "Cortex-A53: 845719: a load might read incorrect data"
458	depends on COMPAT
459	default y
460	help
461	  This option adds an alternative code sequence to work around ARM
462	  erratum 845719 on Cortex-A53 parts up to r0p4.
463
464	  When running a compat (AArch32) userspace on an affected Cortex-A53
465	  part, a load at EL0 from a virtual address that matches the bottom 32
466	  bits of the virtual address used by a recent load at (AArch64) EL1
467	  might return incorrect data.
468
469	  The workaround is to write the contextidr_el1 register on exception
470	  return to a 32-bit task.
471	  Please note that this does not necessarily enable the workaround,
472	  as it depends on the alternative framework, which will only patch
473	  the kernel if an affected CPU is detected.
474
475	  If unsure, say Y.
476
477config ARM64_ERRATUM_843419
478	bool "Cortex-A53: 843419: A load or store might access an incorrect address"
479	default y
480	select ARM64_MODULE_PLTS if MODULES
481	help
482	  This option links the kernel with '--fix-cortex-a53-843419' and
483	  enables PLT support to replace certain ADRP instructions, which can
484	  cause subsequent memory accesses to use an incorrect address on
485	  Cortex-A53 parts up to r0p4.
486
487	  If unsure, say Y.
488
489config ARM64_ERRATUM_1024718
490	bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update"
491	default y
492	help
493	  This option adds a workaround for ARM Cortex-A55 Erratum 1024718.
494
495	  Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect
496	  update of the hardware dirty bit when the DBM/AP bits are updated
497	  without a break-before-make. The workaround is to disable the usage
498	  of hardware DBM locally on the affected cores. CPUs not affected by
499	  this erratum will continue to use the feature.
500
501	  If unsure, say Y.
502
503config ARM64_ERRATUM_1418040
504	bool "Cortex-A76/Neoverse-N1: MRC read following MRRC read of specific Generic Timer in AArch32 might give incorrect result"
505	default y
506	depends on COMPAT
507	help
508	  This option adds a workaround for ARM Cortex-A76/Neoverse-N1
509	  errata 1188873 and 1418040.
510
511	  Affected Cortex-A76/Neoverse-N1 cores (r0p0 to r3p1) could
512	  cause register corruption when accessing the timer registers
513	  from AArch32 userspace.
514
515	  If unsure, say Y.
516
517config ARM64_ERRATUM_1165522
518	bool "Cortex-A76: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation"
519	default y
520	help
521	  This option adds a workaround for ARM Cortex-A76 erratum 1165522.
522
523	  Affected Cortex-A76 cores (r0p0, r1p0, r2p0) could end-up with
524	  corrupted TLBs by speculating an AT instruction during a guest
525	  context switch.
526
527	  If unsure, say Y.
528
529config ARM64_ERRATUM_1286807
530	bool "Cortex-A76: Modification of the translation table for a virtual address might lead to read-after-read ordering violation"
531	default y
532	select ARM64_WORKAROUND_REPEAT_TLBI
533	help
534	  This option adds a workaround for ARM Cortex-A76 erratum 1286807.
535
536	  On the affected Cortex-A76 cores (r0p0 to r3p0), if a virtual
537	  address for a cacheable mapping of a location is being
538	  accessed by a core while another core is remapping the virtual
539	  address to a new physical page using the recommended
540	  break-before-make sequence, then under very rare circumstances
541	  TLBI+DSB completes before a read using the translation being
542	  invalidated has been observed by other observers. The
543	  workaround repeats the TLBI+DSB operation.
544
545	  If unsure, say Y.
546
547config ARM64_ERRATUM_1463225
548	bool "Cortex-A76: Software Step might prevent interrupt recognition"
549	default y
550	help
551	  This option adds a workaround for Arm Cortex-A76 erratum 1463225.
552
553	  On the affected Cortex-A76 cores (r0p0 to r3p1), software stepping
554	  of a system call instruction (SVC) can prevent recognition of
555	  subsequent interrupts when software stepping is disabled in the
556	  exception handler of the system call and either kernel debugging
557	  is enabled or VHE is in use.
558
559	  Work around the erratum by triggering a dummy step exception
560	  when handling a system call from a task that is being stepped
561	  in a VHE configuration of the kernel.
562
563	  If unsure, say Y.
564
565config CAVIUM_ERRATUM_22375
566	bool "Cavium erratum 22375, 24313"
567	default y
568	help
569	  Enable workaround for errata 22375 and 24313.
570
571	  This implements two gicv3-its errata workarounds for ThunderX. Both
572	  with a small impact affecting only ITS table allocation.
573
574	    erratum 22375: only alloc 8MB table size
575	    erratum 24313: ignore memory access type
576
577	  The fixes are in ITS initialization and basically ignore memory access
578	  type and table size provided by the TYPER and BASER registers.
579
580	  If unsure, say Y.
581
582config CAVIUM_ERRATUM_23144
583	bool "Cavium erratum 23144: ITS SYNC hang on dual socket system"
584	depends on NUMA
585	default y
586	help
587	  ITS SYNC command hang for cross node io and collections/cpu mapping.
588
589	  If unsure, say Y.
590
591config CAVIUM_ERRATUM_23154
592	bool "Cavium erratum 23154: Access to ICC_IAR1_EL1 is not sync'ed"
593	default y
594	help
595	  The gicv3 of ThunderX requires a modified version for
596	  reading the IAR status to ensure data synchronization
597	  (access to icc_iar1_el1 is not sync'ed before and after).
598
599	  If unsure, say Y.
600
601config CAVIUM_ERRATUM_27456
602	bool "Cavium erratum 27456: Broadcast TLBI instructions may cause icache corruption"
603	default y
604	help
605	  On ThunderX T88 pass 1.x through 2.1 parts, broadcast TLBI
606	  instructions may cause the icache to become corrupted if it
607	  contains data for a non-current ASID.  The fix is to
608	  invalidate the icache when changing the mm context.
609
610	  If unsure, say Y.
611
612config CAVIUM_ERRATUM_30115
613	bool "Cavium erratum 30115: Guest may disable interrupts in host"
614	default y
615	help
616	  On ThunderX T88 pass 1.x through 2.2, T81 pass 1.0 through
617	  1.2, and T83 Pass 1.0, KVM guest execution may disable
618	  interrupts in host. Trapping both GICv3 group-0 and group-1
619	  accesses sidesteps the issue.
620
621	  If unsure, say Y.
622
623config CAVIUM_TX2_ERRATUM_219
624	bool "Cavium ThunderX2 erratum 219: PRFM between TTBR change and ISB fails"
625	default y
626	help
627	  On Cavium ThunderX2, a load, store or prefetch instruction between a
628	  TTBR update and the corresponding context synchronizing operation can
629	  cause a spurious Data Abort to be delivered to any hardware thread in
630	  the CPU core.
631
632	  Work around the issue by avoiding the problematic code sequence and
633	  trapping KVM guest TTBRx_EL1 writes to EL2 when SMT is enabled. The
634	  trap handler performs the corresponding register access, skips the
635	  instruction and ensures context synchronization by virtue of the
636	  exception return.
637
638	  If unsure, say Y.
639
640config QCOM_FALKOR_ERRATUM_1003
641	bool "Falkor E1003: Incorrect translation due to ASID change"
642	default y
643	help
644	  On Falkor v1, an incorrect ASID may be cached in the TLB when ASID
645	  and BADDR are changed together in TTBRx_EL1. Since we keep the ASID
646	  in TTBR1_EL1, this situation only occurs in the entry trampoline and
647	  then only for entries in the walk cache, since the leaf translation
648	  is unchanged. Work around the erratum by invalidating the walk cache
649	  entries for the trampoline before entering the kernel proper.
650
651config ARM64_WORKAROUND_REPEAT_TLBI
652	bool
653
654config QCOM_FALKOR_ERRATUM_1009
655	bool "Falkor E1009: Prematurely complete a DSB after a TLBI"
656	default y
657	select ARM64_WORKAROUND_REPEAT_TLBI
658	help
659	  On Falkor v1, the CPU may prematurely complete a DSB following a
660	  TLBI xxIS invalidate maintenance operation. Repeat the TLBI operation
661	  one more time to fix the issue.
662
663	  If unsure, say Y.
664
665config QCOM_QDF2400_ERRATUM_0065
666	bool "QDF2400 E0065: Incorrect GITS_TYPER.ITT_Entry_size"
667	default y
668	help
669	  On Qualcomm Datacenter Technologies QDF2400 SoC, ITS hardware reports
670	  ITE size incorrectly. The GITS_TYPER.ITT_Entry_size field should have
671	  been indicated as 16Bytes (0xf), not 8Bytes (0x7).
672
673	  If unsure, say Y.
674
675config SOCIONEXT_SYNQUACER_PREITS
676	bool "Socionext Synquacer: Workaround for GICv3 pre-ITS"
677	default y
678	help
679	  Socionext Synquacer SoCs implement a separate h/w block to generate
680	  MSI doorbell writes with non-zero values for the device ID.
681
682	  If unsure, say Y.
683
684config HISILICON_ERRATUM_161600802
685	bool "Hip07 161600802: Erroneous redistributor VLPI base"
686	default y
687	help
688	  The HiSilicon Hip07 SoC uses the wrong redistributor base
689	  when issued ITS commands such as VMOVP and VMAPP, and requires
690	  a 128kB offset to be applied to the target address in this commands.
691
692	  If unsure, say Y.
693
694config QCOM_FALKOR_ERRATUM_E1041
695	bool "Falkor E1041: Speculative instruction fetches might cause errant memory access"
696	default y
697	help
698	  Falkor CPU may speculatively fetch instructions from an improper
699	  memory location when MMU translation is changed from SCTLR_ELn[M]=1
700	  to SCTLR_ELn[M]=0. Prefix an ISB instruction to fix the problem.
701
702	  If unsure, say Y.
703
704config FUJITSU_ERRATUM_010001
705	bool "Fujitsu-A64FX erratum E#010001: Undefined fault may occur wrongly"
706	default y
707	help
708	  This option adds a workaround for Fujitsu-A64FX erratum E#010001.
709	  On some variants of the Fujitsu-A64FX cores ver(1.0, 1.1), memory
710	  accesses may cause undefined fault (Data abort, DFSC=0b111111).
711	  This fault occurs under a specific hardware condition when a
712	  load/store instruction performs an address translation using:
713	  case-1  TTBR0_EL1 with TCR_EL1.NFD0 == 1.
714	  case-2  TTBR0_EL2 with TCR_EL2.NFD0 == 1.
715	  case-3  TTBR1_EL1 with TCR_EL1.NFD1 == 1.
716	  case-4  TTBR1_EL2 with TCR_EL2.NFD1 == 1.
717
718	  The workaround is to ensure these bits are clear in TCR_ELx.
719	  The workaround only affects the Fujitsu-A64FX.
720
721	  If unsure, say Y.
722
723endmenu
724
725
726choice
727	prompt "Page size"
728	default ARM64_4K_PAGES
729	help
730	  Page size (translation granule) configuration.
731
732config ARM64_4K_PAGES
733	bool "4KB"
734	help
735	  This feature enables 4KB pages support.
736
737config ARM64_16K_PAGES
738	bool "16KB"
739	help
740	  The system will use 16KB pages support. AArch32 emulation
741	  requires applications compiled with 16K (or a multiple of 16K)
742	  aligned segments.
743
744config ARM64_64K_PAGES
745	bool "64KB"
746	help
747	  This feature enables 64KB pages support (4KB by default)
748	  allowing only two levels of page tables and faster TLB
749	  look-up. AArch32 emulation requires applications compiled
750	  with 64K aligned segments.
751
752endchoice
753
754choice
755	prompt "Virtual address space size"
756	default ARM64_VA_BITS_39 if ARM64_4K_PAGES
757	default ARM64_VA_BITS_47 if ARM64_16K_PAGES
758	default ARM64_VA_BITS_42 if ARM64_64K_PAGES
759	help
760	  Allows choosing one of multiple possible virtual address
761	  space sizes. The level of translation table is determined by
762	  a combination of page size and virtual address space size.
763
764config ARM64_VA_BITS_36
765	bool "36-bit" if EXPERT
766	depends on ARM64_16K_PAGES
767
768config ARM64_VA_BITS_39
769	bool "39-bit"
770	depends on ARM64_4K_PAGES
771
772config ARM64_VA_BITS_42
773	bool "42-bit"
774	depends on ARM64_64K_PAGES
775
776config ARM64_VA_BITS_47
777	bool "47-bit"
778	depends on ARM64_16K_PAGES
779
780config ARM64_VA_BITS_48
781	bool "48-bit"
782
783config ARM64_VA_BITS_52
784	bool "52-bit"
785	depends on ARM64_64K_PAGES && (ARM64_PAN || !ARM64_SW_TTBR0_PAN)
786	help
787	  Enable 52-bit virtual addressing for userspace when explicitly
788	  requested via a hint to mmap(). The kernel will also use 52-bit
789	  virtual addresses for its own mappings (provided HW support for
790	  this feature is available, otherwise it reverts to 48-bit).
791
792	  NOTE: Enabling 52-bit virtual addressing in conjunction with
793	  ARMv8.3 Pointer Authentication will result in the PAC being
794	  reduced from 7 bits to 3 bits, which may have a significant
795	  impact on its susceptibility to brute-force attacks.
796
797	  If unsure, select 48-bit virtual addressing instead.
798
799endchoice
800
801config ARM64_FORCE_52BIT
802	bool "Force 52-bit virtual addresses for userspace"
803	depends on ARM64_VA_BITS_52 && EXPERT
804	help
805	  For systems with 52-bit userspace VAs enabled, the kernel will attempt
806	  to maintain compatibility with older software by providing 48-bit VAs
807	  unless a hint is supplied to mmap.
808
809	  This configuration option disables the 48-bit compatibility logic, and
810	  forces all userspace addresses to be 52-bit on HW that supports it. One
811	  should only enable this configuration option for stress testing userspace
812	  memory management code. If unsure say N here.
813
814config ARM64_VA_BITS
815	int
816	default 36 if ARM64_VA_BITS_36
817	default 39 if ARM64_VA_BITS_39
818	default 42 if ARM64_VA_BITS_42
819	default 47 if ARM64_VA_BITS_47
820	default 48 if ARM64_VA_BITS_48
821	default 52 if ARM64_VA_BITS_52
822
823choice
824	prompt "Physical address space size"
825	default ARM64_PA_BITS_48
826	help
827	  Choose the maximum physical address range that the kernel will
828	  support.
829
830config ARM64_PA_BITS_48
831	bool "48-bit"
832
833config ARM64_PA_BITS_52
834	bool "52-bit (ARMv8.2)"
835	depends on ARM64_64K_PAGES
836	depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN
837	help
838	  Enable support for a 52-bit physical address space, introduced as
839	  part of the ARMv8.2-LPA extension.
840
841	  With this enabled, the kernel will also continue to work on CPUs that
842	  do not support ARMv8.2-LPA, but with some added memory overhead (and
843	  minor performance overhead).
844
845endchoice
846
847config ARM64_PA_BITS
848	int
849	default 48 if ARM64_PA_BITS_48
850	default 52 if ARM64_PA_BITS_52
851
852config CPU_BIG_ENDIAN
853       bool "Build big-endian kernel"
854       help
855         Say Y if you plan on running a kernel in big-endian mode.
856
857config SCHED_MC
858	bool "Multi-core scheduler support"
859	help
860	  Multi-core scheduler support improves the CPU scheduler's decision
861	  making when dealing with multi-core CPU chips at a cost of slightly
862	  increased overhead in some places. If unsure say N here.
863
864config SCHED_SMT
865	bool "SMT scheduler support"
866	help
867	  Improves the CPU scheduler's decision making when dealing with
868	  MultiThreading at a cost of slightly increased overhead in some
869	  places. If unsure say N here.
870
871config NR_CPUS
872	int "Maximum number of CPUs (2-4096)"
873	range 2 4096
874	default "256"
875
876config HOTPLUG_CPU
877	bool "Support for hot-pluggable CPUs"
878	select GENERIC_IRQ_MIGRATION
879	help
880	  Say Y here to experiment with turning CPUs off and on.  CPUs
881	  can be controlled through /sys/devices/system/cpu.
882
883# Common NUMA Features
884config NUMA
885	bool "Numa Memory Allocation and Scheduler Support"
886	select ACPI_NUMA if ACPI
887	select OF_NUMA
888	help
889	  Enable NUMA (Non Uniform Memory Access) support.
890
891	  The kernel will try to allocate memory used by a CPU on the
892	  local memory of the CPU and add some more
893	  NUMA awareness to the kernel.
894
895config NODES_SHIFT
896	int "Maximum NUMA Nodes (as a power of 2)"
897	range 1 10
898	default "2"
899	depends on NEED_MULTIPLE_NODES
900	help
901	  Specify the maximum number of NUMA Nodes available on the target
902	  system.  Increases memory reserved to accommodate various tables.
903
904config USE_PERCPU_NUMA_NODE_ID
905	def_bool y
906	depends on NUMA
907
908config HAVE_SETUP_PER_CPU_AREA
909	def_bool y
910	depends on NUMA
911
912config NEED_PER_CPU_EMBED_FIRST_CHUNK
913	def_bool y
914	depends on NUMA
915
916config HOLES_IN_ZONE
917	def_bool y
918
919source "kernel/Kconfig.hz"
920
921config ARCH_SUPPORTS_DEBUG_PAGEALLOC
922	def_bool y
923
924config ARCH_SPARSEMEM_ENABLE
925	def_bool y
926	select SPARSEMEM_VMEMMAP_ENABLE
927
928config ARCH_SPARSEMEM_DEFAULT
929	def_bool ARCH_SPARSEMEM_ENABLE
930
931config ARCH_SELECT_MEMORY_MODEL
932	def_bool ARCH_SPARSEMEM_ENABLE
933
934config ARCH_FLATMEM_ENABLE
935	def_bool !NUMA
936
937config HAVE_ARCH_PFN_VALID
938	def_bool y
939
940config HW_PERF_EVENTS
941	def_bool y
942	depends on ARM_PMU
943
944config SYS_SUPPORTS_HUGETLBFS
945	def_bool y
946
947config ARCH_WANT_HUGE_PMD_SHARE
948
949config ARCH_HAS_CACHE_LINE_SIZE
950	def_bool y
951
952config ARCH_ENABLE_SPLIT_PMD_PTLOCK
953	def_bool y if PGTABLE_LEVELS > 2
954
955# Supported by clang >= 7.0
956config CC_HAVE_SHADOW_CALL_STACK
957	def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
958
959config SECCOMP
960	bool "Enable seccomp to safely compute untrusted bytecode"
961	---help---
962	  This kernel feature is useful for number crunching applications
963	  that may need to compute untrusted bytecode during their
964	  execution. By using pipes or other transports made available to
965	  the process as file descriptors supporting the read/write
966	  syscalls, it's possible to isolate those applications in
967	  their own address space using seccomp. Once seccomp is
968	  enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
969	  and the task is only allowed to execute a few safe syscalls
970	  defined by each seccomp mode.
971
972config PARAVIRT
973	bool "Enable paravirtualization code"
974	help
975	  This changes the kernel so it can modify itself when it is run
976	  under a hypervisor, potentially improving performance significantly
977	  over full virtualization.
978
979config PARAVIRT_TIME_ACCOUNTING
980	bool "Paravirtual steal time accounting"
981	select PARAVIRT
982	help
983	  Select this option to enable fine granularity task steal time
984	  accounting. Time spent executing other tasks in parallel with
985	  the current vCPU is discounted from the vCPU power. To account for
986	  that, there can be a small performance impact.
987
988	  If in doubt, say N here.
989
990config KEXEC
991	depends on PM_SLEEP_SMP
992	select KEXEC_CORE
993	bool "kexec system call"
994	---help---
995	  kexec is a system call that implements the ability to shutdown your
996	  current kernel, and to start another kernel.  It is like a reboot
997	  but it is independent of the system firmware.   And like a reboot
998	  you can start any kernel with it, not just Linux.
999
1000config KEXEC_FILE
1001	bool "kexec file based system call"
1002	select KEXEC_CORE
1003	help
1004	  This is new version of kexec system call. This system call is
1005	  file based and takes file descriptors as system call argument
1006	  for kernel and initramfs as opposed to list of segments as
1007	  accepted by previous system call.
1008
1009config KEXEC_SIG
1010	bool "Verify kernel signature during kexec_file_load() syscall"
1011	depends on KEXEC_FILE
1012	help
1013	  Select this option to verify a signature with loaded kernel
1014	  image. If configured, any attempt of loading a image without
1015	  valid signature will fail.
1016
1017	  In addition to that option, you need to enable signature
1018	  verification for the corresponding kernel image type being
1019	  loaded in order for this to work.
1020
1021config KEXEC_IMAGE_VERIFY_SIG
1022	bool "Enable Image signature verification support"
1023	default y
1024	depends on KEXEC_SIG
1025	depends on EFI && SIGNED_PE_FILE_VERIFICATION
1026	help
1027	  Enable Image signature verification support.
1028
1029comment "Support for PE file signature verification disabled"
1030	depends on KEXEC_SIG
1031	depends on !EFI || !SIGNED_PE_FILE_VERIFICATION
1032
1033config CRASH_DUMP
1034	bool "Build kdump crash kernel"
1035	help
1036	  Generate crash dump after being started by kexec. This should
1037	  be normally only set in special crash dump kernels which are
1038	  loaded in the main kernel with kexec-tools into a specially
1039	  reserved region and then later executed after a crash by
1040	  kdump/kexec.
1041
1042	  For more details see Documentation/admin-guide/kdump/kdump.rst
1043
1044config XEN_DOM0
1045	def_bool y
1046	depends on XEN
1047
1048config XEN
1049	bool "Xen guest support on ARM64"
1050	depends on ARM64 && OF
1051	select SWIOTLB_XEN
1052	select PARAVIRT
1053	help
1054	  Say Y if you want to run Linux in a Virtual Machine on Xen on ARM64.
1055
1056config FORCE_MAX_ZONEORDER
1057	int
1058	default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE)
1059	default "12" if (ARM64_16K_PAGES && TRANSPARENT_HUGEPAGE)
1060	default "11"
1061	help
1062	  The kernel memory allocator divides physically contiguous memory
1063	  blocks into "zones", where each zone is a power of two number of
1064	  pages.  This option selects the largest power of two that the kernel
1065	  keeps in the memory allocator.  If you need to allocate very large
1066	  blocks of physically contiguous memory, then you may need to
1067	  increase this value.
1068
1069	  This config option is actually maximum order plus one. For example,
1070	  a value of 11 means that the largest free memory block is 2^10 pages.
1071
1072	  We make sure that we can allocate upto a HugePage size for each configuration.
1073	  Hence we have :
1074		MAX_ORDER = (PMD_SHIFT - PAGE_SHIFT) + 1 => PAGE_SHIFT - 2
1075
1076	  However for 4K, we choose a higher default value, 11 as opposed to 10, giving us
1077	  4M allocations matching the default size used by generic code.
1078
1079config UNMAP_KERNEL_AT_EL0
1080	bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
1081	default y
1082	help
1083	  Speculation attacks against some high-performance processors can
1084	  be used to bypass MMU permission checks and leak kernel data to
1085	  userspace. This can be defended against by unmapping the kernel
1086	  when running in userspace, mapping it back in on exception entry
1087	  via a trampoline page in the vector table.
1088
1089	  If unsure, say Y.
1090
1091config HARDEN_BRANCH_PREDICTOR
1092	bool "Harden the branch predictor against aliasing attacks" if EXPERT
1093	default y
1094	help
1095	  Speculation attacks against some high-performance processors rely on
1096	  being able to manipulate the branch predictor for a victim context by
1097	  executing aliasing branches in the attacker context.  Such attacks
1098	  can be partially mitigated against by clearing internal branch
1099	  predictor state and limiting the prediction logic in some situations.
1100
1101	  This config option will take CPU-specific actions to harden the
1102	  branch predictor against aliasing attacks and may rely on specific
1103	  instruction sequences or control bits being set by the system
1104	  firmware.
1105
1106	  If unsure, say Y.
1107
1108config HARDEN_EL2_VECTORS
1109	bool "Harden EL2 vector mapping against system register leak" if EXPERT
1110	default y
1111	help
1112	  Speculation attacks against some high-performance processors can
1113	  be used to leak privileged information such as the vector base
1114	  register, resulting in a potential defeat of the EL2 layout
1115	  randomization.
1116
1117	  This config option will map the vectors to a fixed location,
1118	  independent of the EL2 code mapping, so that revealing VBAR_EL2
1119	  to an attacker does not give away any extra information. This
1120	  only gets enabled on affected CPUs.
1121
1122	  If unsure, say Y.
1123
1124config ARM64_SSBD
1125	bool "Speculative Store Bypass Disable" if EXPERT
1126	default y
1127	help
1128	  This enables mitigation of the bypassing of previous stores
1129	  by speculative loads.
1130
1131	  If unsure, say Y.
1132
1133config RODATA_FULL_DEFAULT_ENABLED
1134	bool "Apply r/o permissions of VM areas also to their linear aliases"
1135	default y
1136	help
1137	  Apply read-only attributes of VM areas to the linear alias of
1138	  the backing pages as well. This prevents code or read-only data
1139	  from being modified (inadvertently or intentionally) via another
1140	  mapping of the same memory page. This additional enhancement can
1141	  be turned off at runtime by passing rodata=[off|on] (and turned on
1142	  with rodata=full if this option is set to 'n')
1143
1144	  This requires the linear region to be mapped down to pages,
1145	  which may adversely affect performance in some cases.
1146
1147config ARM64_SW_TTBR0_PAN
1148	bool "Emulate Privileged Access Never using TTBR0_EL1 switching"
1149	help
1150	  Enabling this option prevents the kernel from accessing
1151	  user-space memory directly by pointing TTBR0_EL1 to a reserved
1152	  zeroed area and reserved ASID. The user access routines
1153	  restore the valid TTBR0_EL1 temporarily.
1154
1155config ARM64_TAGGED_ADDR_ABI
1156	bool "Enable the tagged user addresses syscall ABI"
1157	default y
1158	help
1159	  When this option is enabled, user applications can opt in to a
1160	  relaxed ABI via prctl() allowing tagged addresses to be passed
1161	  to system calls as pointer arguments. For details, see
1162	  Documentation/arm64/tagged-address-abi.rst.
1163
1164menuconfig COMPAT
1165	bool "Kernel support for 32-bit EL0"
1166	depends on ARM64_4K_PAGES || EXPERT
1167	select COMPAT_BINFMT_ELF if BINFMT_ELF
1168	select HAVE_UID16
1169	select OLD_SIGSUSPEND3
1170	select COMPAT_OLD_SIGACTION
1171	help
1172	  This option enables support for a 32-bit EL0 running under a 64-bit
1173	  kernel at EL1. AArch32-specific components such as system calls,
1174	  the user helper functions, VFP support and the ptrace interface are
1175	  handled appropriately by the kernel.
1176
1177	  If you use a page size other than 4KB (i.e, 16KB or 64KB), please be aware
1178	  that you will only be able to execute AArch32 binaries that were compiled
1179	  with page size aligned segments.
1180
1181	  If you want to execute 32-bit userspace applications, say Y.
1182
1183if COMPAT
1184
1185config KUSER_HELPERS
1186	bool "Enable kuser helpers page for 32-bit applications"
1187	default y
1188	help
1189	  Warning: disabling this option may break 32-bit user programs.
1190
1191	  Provide kuser helpers to compat tasks. The kernel provides
1192	  helper code to userspace in read only form at a fixed location
1193	  to allow userspace to be independent of the CPU type fitted to
1194	  the system. This permits binaries to be run on ARMv4 through
1195	  to ARMv8 without modification.
1196
1197	  See Documentation/arm/kernel_user_helpers.rst for details.
1198
1199	  However, the fixed address nature of these helpers can be used
1200	  by ROP (return orientated programming) authors when creating
1201	  exploits.
1202
1203	  If all of the binaries and libraries which run on your platform
1204	  are built specifically for your platform, and make no use of
1205	  these helpers, then you can turn this option off to hinder
1206	  such exploits. However, in that case, if a binary or library
1207	  relying on those helpers is run, it will not function correctly.
1208
1209	  Say N here only if you are absolutely certain that you do not
1210	  need these helpers; otherwise, the safe option is to say Y.
1211
1212config COMPAT_VDSO
1213	bool "Enable vDSO for 32-bit applications"
1214	depends on !CPU_BIG_ENDIAN && "$(CROSS_COMPILE_COMPAT)" != ""
1215	select GENERIC_COMPAT_VDSO
1216	default y
1217	help
1218	  Place in the process address space of 32-bit applications an
1219	  ELF shared object providing fast implementations of gettimeofday
1220	  and clock_gettime.
1221
1222	  You must have a 32-bit build of glibc 2.22 or later for programs
1223	  to seamlessly take advantage of this.
1224
1225menuconfig ARMV8_DEPRECATED
1226	bool "Emulate deprecated/obsolete ARMv8 instructions"
1227	depends on SYSCTL
1228	help
1229	  Legacy software support may require certain instructions
1230	  that have been deprecated or obsoleted in the architecture.
1231
1232	  Enable this config to enable selective emulation of these
1233	  features.
1234
1235	  If unsure, say Y
1236
1237if ARMV8_DEPRECATED
1238
1239config SWP_EMULATION
1240	bool "Emulate SWP/SWPB instructions"
1241	help
1242	  ARMv8 obsoletes the use of A32 SWP/SWPB instructions such that
1243	  they are always undefined. Say Y here to enable software
1244	  emulation of these instructions for userspace using LDXR/STXR.
1245
1246	  In some older versions of glibc [<=2.8] SWP is used during futex
1247	  trylock() operations with the assumption that the code will not
1248	  be preempted. This invalid assumption may be more likely to fail
1249	  with SWP emulation enabled, leading to deadlock of the user
1250	  application.
1251
1252	  NOTE: when accessing uncached shared regions, LDXR/STXR rely
1253	  on an external transaction monitoring block called a global
1254	  monitor to maintain update atomicity. If your system does not
1255	  implement a global monitor, this option can cause programs that
1256	  perform SWP operations to uncached memory to deadlock.
1257
1258	  If unsure, say Y
1259
1260config CP15_BARRIER_EMULATION
1261	bool "Emulate CP15 Barrier instructions"
1262	help
1263	  The CP15 barrier instructions - CP15ISB, CP15DSB, and
1264	  CP15DMB - are deprecated in ARMv8 (and ARMv7). It is
1265	  strongly recommended to use the ISB, DSB, and DMB
1266	  instructions instead.
1267
1268	  Say Y here to enable software emulation of these
1269	  instructions for AArch32 userspace code. When this option is
1270	  enabled, CP15 barrier usage is traced which can help
1271	  identify software that needs updating.
1272
1273	  If unsure, say Y
1274
1275config SETEND_EMULATION
1276	bool "Emulate SETEND instruction"
1277	help
1278	  The SETEND instruction alters the data-endianness of the
1279	  AArch32 EL0, and is deprecated in ARMv8.
1280
1281	  Say Y here to enable software emulation of the instruction
1282	  for AArch32 userspace code.
1283
1284	  Note: All the cpus on the system must have mixed endian support at EL0
1285	  for this feature to be enabled. If a new CPU - which doesn't support mixed
1286	  endian - is hotplugged in after this feature has been enabled, there could
1287	  be unexpected results in the applications.
1288
1289	  If unsure, say Y
1290endif
1291
1292endif
1293
1294menu "ARMv8.1 architectural features"
1295
1296config ARM64_HW_AFDBM
1297	bool "Support for hardware updates of the Access and Dirty page flags"
1298	default y
1299	help
1300	  The ARMv8.1 architecture extensions introduce support for
1301	  hardware updates of the access and dirty information in page
1302	  table entries. When enabled in TCR_EL1 (HA and HD bits) on
1303	  capable processors, accesses to pages with PTE_AF cleared will
1304	  set this bit instead of raising an access flag fault.
1305	  Similarly, writes to read-only pages with the DBM bit set will
1306	  clear the read-only bit (AP[2]) instead of raising a
1307	  permission fault.
1308
1309	  Kernels built with this configuration option enabled continue
1310	  to work on pre-ARMv8.1 hardware and the performance impact is
1311	  minimal. If unsure, say Y.
1312
1313config ARM64_PAN
1314	bool "Enable support for Privileged Access Never (PAN)"
1315	default y
1316	help
1317	 Privileged Access Never (PAN; part of the ARMv8.1 Extensions)
1318	 prevents the kernel or hypervisor from accessing user-space (EL0)
1319	 memory directly.
1320
1321	 Choosing this option will cause any unprotected (not using
1322	 copy_to_user et al) memory access to fail with a permission fault.
1323
1324	 The feature is detected at runtime, and will remain as a 'nop'
1325	 instruction if the cpu does not implement the feature.
1326
1327config ARM64_LSE_ATOMICS
1328	bool "Atomic instructions"
1329	depends on JUMP_LABEL
1330	default y
1331	help
1332	  As part of the Large System Extensions, ARMv8.1 introduces new
1333	  atomic instructions that are designed specifically to scale in
1334	  very large systems.
1335
1336	  Say Y here to make use of these instructions for the in-kernel
1337	  atomic routines. This incurs a small overhead on CPUs that do
1338	  not support these instructions and requires the kernel to be
1339	  built with binutils >= 2.25 in order for the new instructions
1340	  to be used.
1341
1342config ARM64_VHE
1343	bool "Enable support for Virtualization Host Extensions (VHE)"
1344	default y
1345	help
1346	  Virtualization Host Extensions (VHE) allow the kernel to run
1347	  directly at EL2 (instead of EL1) on processors that support
1348	  it. This leads to better performance for KVM, as they reduce
1349	  the cost of the world switch.
1350
1351	  Selecting this option allows the VHE feature to be detected
1352	  at runtime, and does not affect processors that do not
1353	  implement this feature.
1354
1355endmenu
1356
1357menu "ARMv8.2 architectural features"
1358
1359config ARM64_UAO
1360	bool "Enable support for User Access Override (UAO)"
1361	default y
1362	help
1363	  User Access Override (UAO; part of the ARMv8.2 Extensions)
1364	  causes the 'unprivileged' variant of the load/store instructions to
1365	  be overridden to be privileged.
1366
1367	  This option changes get_user() and friends to use the 'unprivileged'
1368	  variant of the load/store instructions. This ensures that user-space
1369	  really did have access to the supplied memory. When addr_limit is
1370	  set to kernel memory the UAO bit will be set, allowing privileged
1371	  access to kernel memory.
1372
1373	  Choosing this option will cause copy_to_user() et al to use user-space
1374	  memory permissions.
1375
1376	  The feature is detected at runtime, the kernel will use the
1377	  regular load/store instructions if the cpu does not implement the
1378	  feature.
1379
1380config ARM64_PMEM
1381	bool "Enable support for persistent memory"
1382	select ARCH_HAS_PMEM_API
1383	select ARCH_HAS_UACCESS_FLUSHCACHE
1384	help
1385	  Say Y to enable support for the persistent memory API based on the
1386	  ARMv8.2 DCPoP feature.
1387
1388	  The feature is detected at runtime, and the kernel will use DC CVAC
1389	  operations if DC CVAP is not supported (following the behaviour of
1390	  DC CVAP itself if the system does not define a point of persistence).
1391
1392config ARM64_RAS_EXTN
1393	bool "Enable support for RAS CPU Extensions"
1394	default y
1395	help
1396	  CPUs that support the Reliability, Availability and Serviceability
1397	  (RAS) Extensions, part of ARMv8.2 are able to track faults and
1398	  errors, classify them and report them to software.
1399
1400	  On CPUs with these extensions system software can use additional
1401	  barriers to determine if faults are pending and read the
1402	  classification from a new set of registers.
1403
1404	  Selecting this feature will allow the kernel to use these barriers
1405	  and access the new registers if the system supports the extension.
1406	  Platform RAS features may additionally depend on firmware support.
1407
1408config ARM64_CNP
1409	bool "Enable support for Common Not Private (CNP) translations"
1410	default y
1411	depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN
1412	help
1413	  Common Not Private (CNP) allows translation table entries to
1414	  be shared between different PEs in the same inner shareable
1415	  domain, so the hardware can use this fact to optimise the
1416	  caching of such entries in the TLB.
1417
1418	  Selecting this option allows the CNP feature to be detected
1419	  at runtime, and does not affect PEs that do not implement
1420	  this feature.
1421
1422endmenu
1423
1424menu "ARMv8.3 architectural features"
1425
1426config ARM64_PTR_AUTH
1427	bool "Enable support for pointer authentication"
1428	default y
1429	depends on !KVM || ARM64_VHE
1430	help
1431	  Pointer authentication (part of the ARMv8.3 Extensions) provides
1432	  instructions for signing and authenticating pointers against secret
1433	  keys, which can be used to mitigate Return Oriented Programming (ROP)
1434	  and other attacks.
1435
1436	  This option enables these instructions at EL0 (i.e. for userspace).
1437
1438	  Choosing this option will cause the kernel to initialise secret keys
1439	  for each process at exec() time, with these keys being
1440	  context-switched along with the process.
1441
1442	  The feature is detected at runtime. If the feature is not present in
1443	  hardware it will not be advertised to userspace/KVM guest nor will it
1444	  be enabled. However, KVM guest also require VHE mode and hence
1445	  CONFIG_ARM64_VHE=y option to use this feature.
1446
1447endmenu
1448
1449config ARM64_SVE
1450	bool "ARM Scalable Vector Extension support"
1451	default y
1452	depends on !KVM || ARM64_VHE
1453	help
1454	  The Scalable Vector Extension (SVE) is an extension to the AArch64
1455	  execution state which complements and extends the SIMD functionality
1456	  of the base architecture to support much larger vectors and to enable
1457	  additional vectorisation opportunities.
1458
1459	  To enable use of this extension on CPUs that implement it, say Y.
1460
1461	  On CPUs that support the SVE2 extensions, this option will enable
1462	  those too.
1463
1464	  Note that for architectural reasons, firmware _must_ implement SVE
1465	  support when running on SVE capable hardware.  The required support
1466	  is present in:
1467
1468	    * version 1.5 and later of the ARM Trusted Firmware
1469	    * the AArch64 boot wrapper since commit 5e1261e08abf
1470	      ("bootwrapper: SVE: Enable SVE for EL2 and below").
1471
1472	  For other firmware implementations, consult the firmware documentation
1473	  or vendor.
1474
1475	  If you need the kernel to boot on SVE-capable hardware with broken
1476	  firmware, you may need to say N here until you get your firmware
1477	  fixed.  Otherwise, you may experience firmware panics or lockups when
1478	  booting the kernel.  If unsure and you are not observing these
1479	  symptoms, you should assume that it is safe to say Y.
1480
1481	  CPUs that support SVE are architecturally required to support the
1482	  Virtualization Host Extensions (VHE), so the kernel makes no
1483	  provision for supporting SVE alongside KVM without VHE enabled.
1484	  Thus, you will need to enable CONFIG_ARM64_VHE if you want to support
1485	  KVM in the same kernel image.
1486
1487config ARM64_MODULE_PLTS
1488	bool "Use PLTs to allow module memory to spill over into vmalloc area"
1489	depends on MODULES
1490	select HAVE_MOD_ARCH_SPECIFIC
1491	help
1492	  Allocate PLTs when loading modules so that jumps and calls whose
1493	  targets are too far away for their relative offsets to be encoded
1494	  in the instructions themselves can be bounced via veneers in the
1495	  module's PLT. This allows modules to be allocated in the generic
1496	  vmalloc area after the dedicated module memory area has been
1497	  exhausted.
1498
1499	  When running with address space randomization (KASLR), the module
1500	  region itself may be too far away for ordinary relative jumps and
1501	  calls, and so in that case, module PLTs are required and cannot be
1502	  disabled.
1503
1504	  Specific errata workaround(s) might also force module PLTs to be
1505	  enabled (ARM64_ERRATUM_843419).
1506
1507config ARM64_PSEUDO_NMI
1508	bool "Support for NMI-like interrupts"
1509	select CONFIG_ARM_GIC_V3
1510	help
1511	  Adds support for mimicking Non-Maskable Interrupts through the use of
1512	  GIC interrupt priority. This support requires version 3 or later of
1513	  ARM GIC.
1514
1515	  This high priority configuration for interrupts needs to be
1516	  explicitly enabled by setting the kernel parameter
1517	  "irqchip.gicv3_pseudo_nmi" to 1.
1518
1519	  If unsure, say N
1520
1521if ARM64_PSEUDO_NMI
1522config ARM64_DEBUG_PRIORITY_MASKING
1523	bool "Debug interrupt priority masking"
1524	help
1525	  This adds runtime checks to functions enabling/disabling
1526	  interrupts when using priority masking. The additional checks verify
1527	  the validity of ICC_PMR_EL1 when calling concerned functions.
1528
1529	  If unsure, say N
1530endif
1531
1532config RELOCATABLE
1533	bool
1534	select ARCH_HAS_RELR
1535	help
1536	  This builds the kernel as a Position Independent Executable (PIE),
1537	  which retains all relocation metadata required to relocate the
1538	  kernel binary at runtime to a different virtual address than the
1539	  address it was linked at.
1540	  Since AArch64 uses the RELA relocation format, this requires a
1541	  relocation pass at runtime even if the kernel is loaded at the
1542	  same address it was linked at.
1543
1544config RANDOMIZE_BASE
1545	bool "Randomize the address of the kernel image"
1546	select ARM64_MODULE_PLTS if MODULES
1547	select RELOCATABLE
1548	help
1549	  Randomizes the virtual address at which the kernel image is
1550	  loaded, as a security feature that deters exploit attempts
1551	  relying on knowledge of the location of kernel internals.
1552
1553	  It is the bootloader's job to provide entropy, by passing a
1554	  random u64 value in /chosen/kaslr-seed at kernel entry.
1555
1556	  When booting via the UEFI stub, it will invoke the firmware's
1557	  EFI_RNG_PROTOCOL implementation (if available) to supply entropy
1558	  to the kernel proper. In addition, it will randomise the physical
1559	  location of the kernel Image as well.
1560
1561	  If unsure, say N.
1562
1563config RANDOMIZE_MODULE_REGION_FULL
1564	bool "Randomize the module region over a 4 GB range"
1565	depends on RANDOMIZE_BASE
1566	default y
1567	help
1568	  Randomizes the location of the module region inside a 4 GB window
1569	  covering the core kernel. This way, it is less likely for modules
1570	  to leak information about the location of core kernel data structures
1571	  but it does imply that function calls between modules and the core
1572	  kernel will need to be resolved via veneers in the module PLT.
1573
1574	  When this option is not set, the module region will be randomized over
1575	  a limited range that contains the [_stext, _etext] interval of the
1576	  core kernel, so branch relocations are always in range.
1577
1578config CC_HAVE_STACKPROTECTOR_SYSREG
1579	def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0)
1580
1581config STACKPROTECTOR_PER_TASK
1582	def_bool y
1583	depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG
1584
1585endmenu
1586
1587menu "Boot options"
1588
1589config ARM64_ACPI_PARKING_PROTOCOL
1590	bool "Enable support for the ARM64 ACPI parking protocol"
1591	depends on ACPI
1592	help
1593	  Enable support for the ARM64 ACPI parking protocol. If disabled
1594	  the kernel will not allow booting through the ARM64 ACPI parking
1595	  protocol even if the corresponding data is present in the ACPI
1596	  MADT table.
1597
1598config CMDLINE
1599	string "Default kernel command string"
1600	default ""
1601	help
1602	  Provide a set of default command-line options at build time by
1603	  entering them here. As a minimum, you should specify the the
1604	  root device (e.g. root=/dev/nfs).
1605
1606choice
1607	prompt "Kernel command line type" if CMDLINE != ""
1608	default CMDLINE_FROM_BOOTLOADER
1609
1610config CMDLINE_FROM_BOOTLOADER
1611	bool "Use bootloader kernel arguments if available"
1612	help
1613	  Uses the command-line options passed by the boot loader. If
1614	  the boot loader doesn't provide any, the default kernel command
1615	  string provided in CMDLINE will be used.
1616
1617config CMDLINE_EXTEND
1618	bool "Extend bootloader kernel arguments"
1619	help
1620	  The command-line arguments provided by the boot loader will be
1621	  appended to the default kernel command string.
1622
1623config CMDLINE_FORCE
1624	bool "Always use the default kernel command string"
1625	help
1626	  Always use the default kernel command string, even if the boot
1627	  loader passes other arguments to the kernel.
1628	  This is useful if you cannot or don't want to change the
1629	  command-line options your boot loader passes to the kernel.
1630endchoice
1631
1632config EFI_STUB
1633	bool
1634
1635config EFI
1636	bool "UEFI runtime support"
1637	depends on OF && !CPU_BIG_ENDIAN
1638	depends on KERNEL_MODE_NEON
1639	select ARCH_SUPPORTS_ACPI
1640	select LIBFDT
1641	select UCS2_STRING
1642	select EFI_PARAMS_FROM_FDT
1643	select EFI_RUNTIME_WRAPPERS
1644	select EFI_STUB
1645	select EFI_ARMSTUB
1646	default y
1647	help
1648	  This option provides support for runtime services provided
1649	  by UEFI firmware (such as non-volatile variables, realtime
1650          clock, and platform reset). A UEFI stub is also provided to
1651	  allow the kernel to be booted as an EFI application. This
1652	  is only useful on systems that have UEFI firmware.
1653
1654config DMI
1655	bool "Enable support for SMBIOS (DMI) tables"
1656	depends on EFI
1657	default y
1658	help
1659	  This enables SMBIOS/DMI feature for systems.
1660
1661	  This option is only useful on systems that have UEFI firmware.
1662	  However, even with this option, the resultant kernel should
1663	  continue to boot on existing non-UEFI platforms.
1664
1665endmenu
1666
1667config SYSVIPC_COMPAT
1668	def_bool y
1669	depends on COMPAT && SYSVIPC
1670
1671config ARCH_ENABLE_HUGEPAGE_MIGRATION
1672	def_bool y
1673	depends on HUGETLB_PAGE && MIGRATION
1674
1675menu "Power management options"
1676
1677source "kernel/power/Kconfig"
1678
1679config ARCH_HIBERNATION_POSSIBLE
1680	def_bool y
1681	depends on CPU_PM
1682
1683config ARCH_HIBERNATION_HEADER
1684	def_bool y
1685	depends on HIBERNATION
1686
1687config ARCH_SUSPEND_POSSIBLE
1688	def_bool y
1689
1690endmenu
1691
1692menu "CPU Power Management"
1693
1694source "drivers/cpuidle/Kconfig"
1695
1696source "drivers/cpufreq/Kconfig"
1697
1698endmenu
1699
1700source "drivers/firmware/Kconfig"
1701
1702source "drivers/acpi/Kconfig"
1703
1704source "arch/arm64/kvm/Kconfig"
1705
1706if CRYPTO
1707source "arch/arm64/crypto/Kconfig"
1708endif
1709