1# SPDX-License-Identifier: GPL-2.0-only 2config ARM64 3 def_bool y 4 select ACPI_CCA_REQUIRED if ACPI 5 select ACPI_GENERIC_GSI if ACPI 6 select ACPI_GTDT if ACPI 7 select ACPI_IORT if ACPI 8 select ACPI_REDUCED_HARDWARE_ONLY if ACPI 9 select ACPI_MCFG if (ACPI && PCI) 10 select ACPI_SPCR_TABLE if ACPI 11 select ACPI_PPTT if ACPI 12 select ARCH_HAS_DEBUG_WX 13 select ARCH_BINFMT_ELF_EXTRA_PHDRS 14 select ARCH_BINFMT_ELF_STATE 15 select ARCH_ENABLE_HUGEPAGE_MIGRATION if HUGETLB_PAGE && MIGRATION 16 select ARCH_ENABLE_MEMORY_HOTPLUG 17 select ARCH_ENABLE_MEMORY_HOTREMOVE 18 select ARCH_ENABLE_SPLIT_PMD_PTLOCK if PGTABLE_LEVELS > 2 19 select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE 20 select ARCH_HAS_CACHE_LINE_SIZE 21 select ARCH_HAS_DEBUG_VIRTUAL 22 select ARCH_HAS_DEBUG_VM_PGTABLE 23 select ARCH_HAS_DMA_PREP_COHERENT 24 select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI 25 select ARCH_HAS_FAST_MULTIPLIER 26 select ARCH_HAS_FORTIFY_SOURCE 27 select ARCH_HAS_GCOV_PROFILE_ALL 28 select ARCH_HAS_GIGANTIC_PAGE 29 select ARCH_HAS_IOREMAP_PHYS_HOOKS 30 select ARCH_HAS_KCOV 31 select ARCH_HAS_KEEPINITRD 32 select ARCH_HAS_MEMBARRIER_SYNC_CORE 33 select ARCH_HAS_MEM_ENCRYPT 34 select ARCH_HAS_MEM_RELINQUISH 35 select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE 36 select ARCH_HAS_PTE_DEVMAP 37 select ARCH_HAS_PTE_SPECIAL 38 select ARCH_HAS_SETUP_DMA_OPS 39 select ARCH_HAS_SET_DIRECT_MAP 40 select ARCH_HAS_SET_MEMORY 41 select ARCH_STACKWALK 42 select ARCH_HAS_STRICT_KERNEL_RWX 43 select ARCH_HAS_STRICT_MODULE_RWX 44 select ARCH_HAS_SYNC_DMA_FOR_DEVICE 45 select ARCH_HAS_SYNC_DMA_FOR_CPU 46 select ARCH_HAS_SYSCALL_WRAPPER 47 select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT 48 select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST 49 select ARCH_HAS_ZONE_DMA_SET if EXPERT 50 select ARCH_HAVE_ELF_PROT 51 select ARCH_HAVE_NMI_SAFE_CMPXCHG 52 select ARCH_HAVE_TRACE_MMIO_ACCESS 53 select ARCH_INLINE_READ_LOCK if !PREEMPTION 54 select ARCH_INLINE_READ_LOCK_BH if !PREEMPTION 55 select ARCH_INLINE_READ_LOCK_IRQ if !PREEMPTION 56 select ARCH_INLINE_READ_LOCK_IRQSAVE if !PREEMPTION 57 select ARCH_INLINE_READ_UNLOCK if !PREEMPTION 58 select ARCH_INLINE_READ_UNLOCK_BH if !PREEMPTION 59 select ARCH_INLINE_READ_UNLOCK_IRQ if !PREEMPTION 60 select ARCH_INLINE_READ_UNLOCK_IRQRESTORE if !PREEMPTION 61 select ARCH_INLINE_WRITE_LOCK if !PREEMPTION 62 select ARCH_INLINE_WRITE_LOCK_BH if !PREEMPTION 63 select ARCH_INLINE_WRITE_LOCK_IRQ if !PREEMPTION 64 select ARCH_INLINE_WRITE_LOCK_IRQSAVE if !PREEMPTION 65 select ARCH_INLINE_WRITE_UNLOCK if !PREEMPTION 66 select ARCH_INLINE_WRITE_UNLOCK_BH if !PREEMPTION 67 select ARCH_INLINE_WRITE_UNLOCK_IRQ if !PREEMPTION 68 select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE if !PREEMPTION 69 select ARCH_INLINE_SPIN_TRYLOCK if !PREEMPTION 70 select ARCH_INLINE_SPIN_TRYLOCK_BH if !PREEMPTION 71 select ARCH_INLINE_SPIN_LOCK if !PREEMPTION 72 select ARCH_INLINE_SPIN_LOCK_BH if !PREEMPTION 73 select ARCH_INLINE_SPIN_LOCK_IRQ if !PREEMPTION 74 select ARCH_INLINE_SPIN_LOCK_IRQSAVE if !PREEMPTION 75 select ARCH_INLINE_SPIN_UNLOCK if !PREEMPTION 76 select ARCH_INLINE_SPIN_UNLOCK_BH if !PREEMPTION 77 select ARCH_INLINE_SPIN_UNLOCK_IRQ if !PREEMPTION 78 select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPTION 79 select ARCH_KEEP_MEMBLOCK 80 select ARCH_USE_CMPXCHG_LOCKREF 81 select ARCH_USE_GNU_PROPERTY 82 select ARCH_USE_MEMTEST 83 select ARCH_USE_QUEUED_RWLOCKS 84 select ARCH_USE_QUEUED_SPINLOCKS 85 select ARCH_USE_SYM_ANNOTATIONS 86 select ARCH_SUPPORTS_DEBUG_PAGEALLOC 87 select ARCH_SUPPORTS_HUGETLBFS 88 select ARCH_SUPPORTS_MEMORY_FAILURE 89 select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK 90 select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN 91 select ARCH_SUPPORTS_LTO_CLANG_THIN 92 select ARCH_SUPPORTS_CFI_CLANG 93 select ARCH_SUPPORTS_ATOMIC_RMW 94 select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 95 select ARCH_SUPPORTS_NUMA_BALANCING 96 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION if COMPAT 97 select ARCH_WANT_DEFAULT_BPF_JIT 98 select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT 99 select ARCH_WANT_FRAME_POINTERS 100 select ARCH_WANT_HUGE_PMD_SHARE if ARM64_4K_PAGES || (ARM64_16K_PAGES && !ARM64_VA_BITS_36) 101 select ARCH_WANT_LD_ORPHAN_WARN 102 select ARCH_WANTS_NO_INSTR 103 select ARCH_HAS_UBSAN_SANITIZE_ALL 104 select ARM_AMBA 105 select ARM_ARCH_TIMER 106 select ARM_GIC 107 select AUDIT_ARCH_COMPAT_GENERIC 108 select ARM_GIC_V2M if PCI 109 select ARM_GIC_V3 110 select ARM_GIC_V3_ITS if PCI 111 select ARM_PSCI_FW 112 select BUILDTIME_TABLE_SORT 113 select CLONE_BACKWARDS 114 select COMMON_CLK 115 select CPU_PM if (SUSPEND || CPU_IDLE) 116 select CRC32 117 select DCACHE_WORD_ACCESS 118 select DMA_DIRECT_REMAP 119 select EDAC_SUPPORT 120 select FRAME_POINTER 121 select GENERIC_ALLOCATOR 122 select GENERIC_ARCH_TOPOLOGY 123 select GENERIC_CLOCKEVENTS_BROADCAST 124 select GENERIC_CPU_AUTOPROBE 125 select GENERIC_CPU_VULNERABILITIES 126 select GENERIC_EARLY_IOREMAP 127 select GENERIC_FIND_FIRST_BIT 128 select GENERIC_IDLE_POLL_SETUP 129 select GENERIC_IRQ_IPI 130 select ARCH_WANTS_IRQ_RAW 131 select GENERIC_IRQ_PROBE 132 select GENERIC_IRQ_SHOW 133 select GENERIC_IRQ_SHOW_LEVEL 134 select GENERIC_LIB_DEVMEM_IS_ALLOWED 135 select GENERIC_PCI_IOMAP 136 select GENERIC_PTDUMP 137 select GENERIC_SCHED_CLOCK 138 select GENERIC_SMP_IDLE_THREAD 139 select GENERIC_TIME_VSYSCALL 140 select GENERIC_GETTIMEOFDAY 141 select GENERIC_VDSO_TIME_NS 142 select HANDLE_DOMAIN_IRQ 143 select HARDIRQS_SW_RESEND 144 select HAVE_MOD_ARCH_SPECIFIC if (ARM64_MODULE_PLTS || KVM) 145 select HAVE_MOVE_PMD 146 select HAVE_MOVE_PUD 147 select HAVE_PCI 148 select HAVE_ACPI_APEI if (ACPI && EFI) 149 select HAVE_ALIGNED_STRUCT_PAGE if SLUB 150 select HAVE_ARCH_AUDITSYSCALL 151 select HAVE_ARCH_BITREVERSE 152 select HAVE_ARCH_COMPILER_H 153 select HAVE_ARCH_HUGE_VMAP 154 select HAVE_ARCH_JUMP_LABEL 155 select HAVE_ARCH_JUMP_LABEL_RELATIVE 156 select HAVE_ARCH_KASAN if !(ARM64_16K_PAGES && ARM64_VA_BITS_48) 157 select HAVE_ARCH_KASAN_VMALLOC if HAVE_ARCH_KASAN 158 select HAVE_ARCH_KASAN_SW_TAGS if HAVE_ARCH_KASAN 159 select HAVE_ARCH_KASAN_HW_TAGS if (HAVE_ARCH_KASAN && ARM64_MTE) 160 # Some instrumentation may be unsound, hence EXPERT 161 select HAVE_ARCH_KCSAN if EXPERT 162 select HAVE_ARCH_KFENCE 163 select HAVE_ARCH_KGDB 164 select HAVE_ARCH_MMAP_RND_BITS 165 select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT 166 select HAVE_ARCH_PREL32_RELOCATIONS 167 select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET 168 select HAVE_ARCH_SECCOMP_FILTER 169 select HAVE_ARCH_STACKLEAK 170 select HAVE_ARCH_THREAD_STRUCT_WHITELIST 171 select HAVE_ARCH_TRACEHOOK 172 select HAVE_ARCH_TRANSPARENT_HUGEPAGE 173 select HAVE_ARCH_VMAP_STACK 174 select HAVE_ARM_SMCCC 175 select HAVE_ASM_MODVERSIONS 176 select HAVE_EBPF_JIT 177 select HAVE_C_RECORDMCOUNT 178 select HAVE_CMPXCHG_DOUBLE 179 select HAVE_CMPXCHG_LOCAL 180 select HAVE_CONTEXT_TRACKING 181 select HAVE_DEBUG_KMEMLEAK 182 select HAVE_DMA_CONTIGUOUS 183 select HAVE_DYNAMIC_FTRACE 184 select HAVE_DYNAMIC_FTRACE_WITH_REGS \ 185 if $(cc-option,-fpatchable-function-entry=2) 186 select FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY \ 187 if DYNAMIC_FTRACE_WITH_REGS 188 select HAVE_EFFICIENT_UNALIGNED_ACCESS 189 select HAVE_FAST_GUP 190 select HAVE_FTRACE_MCOUNT_RECORD 191 select HAVE_FUNCTION_TRACER 192 select HAVE_FUNCTION_ERROR_INJECTION 193 select HAVE_FUNCTION_GRAPH_TRACER 194 select HAVE_GCC_PLUGINS 195 select HAVE_HW_BREAKPOINT if PERF_EVENTS 196 select HAVE_IRQ_TIME_ACCOUNTING 197 select HAVE_KVM 198 select HAVE_NMI 199 select HAVE_PATA_PLATFORM 200 select HAVE_PERF_EVENTS 201 select HAVE_PERF_REGS 202 select HAVE_PERF_USER_STACK_DUMP 203 select HAVE_REGS_AND_STACK_ACCESS_API 204 select HAVE_FUNCTION_ARG_ACCESS_API 205 select HAVE_FUTEX_CMPXCHG if FUTEX 206 select MMU_GATHER_RCU_TABLE_FREE 207 select HAVE_RSEQ 208 select HAVE_STACKPROTECTOR 209 select HAVE_SYSCALL_TRACEPOINTS 210 select HAVE_KPROBES 211 select HAVE_KRETPROBES 212 select HAVE_GENERIC_VDSO 213 select IOMMU_DMA if IOMMU_SUPPORT 214 select IRQ_DOMAIN 215 select IRQ_FORCED_THREADING 216 select KASAN_VMALLOC if KASAN 217 select MODULES_USE_ELF_RELA 218 select NEED_DMA_MAP_STATE 219 select NEED_SG_DMA_LENGTH 220 select OF 221 select OF_EARLY_FLATTREE 222 select PCI_DOMAINS_GENERIC if PCI 223 select PCI_ECAM if (ACPI && PCI) 224 select PCI_SYSCALL if PCI 225 select POWER_RESET 226 select POWER_SUPPLY 227 select SPARSE_IRQ 228 select SWIOTLB 229 select SYSCTL_EXCEPTION_TRACE 230 select THREAD_INFO_IN_TASK 231 select HAVE_ARCH_USERFAULTFD_MINOR if USERFAULTFD 232 select TRACE_IRQFLAGS_SUPPORT 233 select TRACE_IRQFLAGS_NMI_SUPPORT 234 select ARCH_SUPPORTS_SPECULATIVE_PAGE_FAULT 235 help 236 ARM 64-bit (AArch64) Linux support. 237 238config 64BIT 239 def_bool y 240 241config MMU 242 def_bool y 243 244config ARM64_PAGE_SHIFT 245 int 246 default 16 if ARM64_64K_PAGES 247 default 14 if ARM64_16K_PAGES 248 default 12 249 250config ARM64_CONT_PTE_SHIFT 251 int 252 default 5 if ARM64_64K_PAGES 253 default 7 if ARM64_16K_PAGES 254 default 4 255 256config ARM64_CONT_PMD_SHIFT 257 int 258 default 5 if ARM64_64K_PAGES 259 default 5 if ARM64_16K_PAGES 260 default 4 261 262config ARCH_MMAP_RND_BITS_MIN 263 default 14 if ARM64_64K_PAGES 264 default 16 if ARM64_16K_PAGES 265 default 18 266 267# max bits determined by the following formula: 268# VA_BITS - PAGE_SHIFT - 3 269config ARCH_MMAP_RND_BITS_MAX 270 default 19 if ARM64_VA_BITS=36 271 default 24 if ARM64_VA_BITS=39 272 default 27 if ARM64_VA_BITS=42 273 default 30 if ARM64_VA_BITS=47 274 default 29 if ARM64_VA_BITS=48 && ARM64_64K_PAGES 275 default 31 if ARM64_VA_BITS=48 && ARM64_16K_PAGES 276 default 33 if ARM64_VA_BITS=48 277 default 14 if ARM64_64K_PAGES 278 default 16 if ARM64_16K_PAGES 279 default 18 280 281config ARCH_MMAP_RND_COMPAT_BITS_MIN 282 default 7 if ARM64_64K_PAGES 283 default 9 if ARM64_16K_PAGES 284 default 11 285 286config ARCH_MMAP_RND_COMPAT_BITS_MAX 287 default 16 288 289config NO_IOPORT_MAP 290 def_bool y if !PCI 291 292config STACKTRACE_SUPPORT 293 def_bool y 294 295config ILLEGAL_POINTER_VALUE 296 hex 297 default 0xdead000000000000 298 299config LOCKDEP_SUPPORT 300 def_bool y 301 302config GENERIC_BUG 303 def_bool y 304 depends on BUG 305 306config GENERIC_BUG_RELATIVE_POINTERS 307 def_bool y 308 depends on GENERIC_BUG 309 310config GENERIC_HWEIGHT 311 def_bool y 312 313config GENERIC_CSUM 314 def_bool y 315 316config GENERIC_CALIBRATE_DELAY 317 def_bool y 318 319config ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE 320 def_bool y 321 322config SMP 323 def_bool y 324 325config KERNEL_MODE_NEON 326 def_bool y 327 328config FIX_EARLYCON_MEM 329 def_bool y 330 331config PGTABLE_LEVELS 332 int 333 default 2 if ARM64_16K_PAGES && ARM64_VA_BITS_36 334 default 2 if ARM64_64K_PAGES && ARM64_VA_BITS_42 335 default 3 if ARM64_64K_PAGES && (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) 336 default 3 if ARM64_4K_PAGES && ARM64_VA_BITS_39 337 default 3 if ARM64_16K_PAGES && ARM64_VA_BITS_47 338 default 4 if !ARM64_64K_PAGES && ARM64_VA_BITS_48 339 340config ARCH_SUPPORTS_UPROBES 341 def_bool y 342 343config ARCH_PROC_KCORE_TEXT 344 def_bool y 345 346config BROKEN_GAS_INST 347 def_bool !$(as-instr,1:\n.inst 0\n.rept . - 1b\n\nnop\n.endr\n) 348 349config KASAN_SHADOW_OFFSET 350 hex 351 depends on KASAN_GENERIC || KASAN_SW_TAGS 352 default 0xdfff800000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && !KASAN_SW_TAGS 353 default 0xdfffc00000000000 if ARM64_VA_BITS_47 && !KASAN_SW_TAGS 354 default 0xdffffe0000000000 if ARM64_VA_BITS_42 && !KASAN_SW_TAGS 355 default 0xdfffffc000000000 if ARM64_VA_BITS_39 && !KASAN_SW_TAGS 356 default 0xdffffff800000000 if ARM64_VA_BITS_36 && !KASAN_SW_TAGS 357 default 0xefff800000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && KASAN_SW_TAGS 358 default 0xefffc00000000000 if ARM64_VA_BITS_47 && KASAN_SW_TAGS 359 default 0xeffffe0000000000 if ARM64_VA_BITS_42 && KASAN_SW_TAGS 360 default 0xefffffc000000000 if ARM64_VA_BITS_39 && KASAN_SW_TAGS 361 default 0xeffffff800000000 if ARM64_VA_BITS_36 && KASAN_SW_TAGS 362 default 0xffffffffffffffff 363 364config UNWIND_TABLES 365 bool 366 367source "arch/arm64/Kconfig.platforms" 368 369menu "Kernel Features" 370 371menu "ARM errata workarounds via the alternatives framework" 372 373config ARM64_WORKAROUND_CLEAN_CACHE 374 bool 375 376config ARM64_ERRATUM_826319 377 bool "Cortex-A53: 826319: System might deadlock if a write cannot complete until read data is accepted" 378 default y 379 select ARM64_WORKAROUND_CLEAN_CACHE 380 help 381 This option adds an alternative code sequence to work around ARM 382 erratum 826319 on Cortex-A53 parts up to r0p2 with an AMBA 4 ACE or 383 AXI master interface and an L2 cache. 384 385 If a Cortex-A53 uses an AMBA AXI4 ACE interface to other processors 386 and is unable to accept a certain write via this interface, it will 387 not progress on read data presented on the read data channel and the 388 system can deadlock. 389 390 The workaround promotes data cache clean instructions to 391 data cache clean-and-invalidate. 392 Please note that this does not necessarily enable the workaround, 393 as it depends on the alternative framework, which will only patch 394 the kernel if an affected CPU is detected. 395 396 If unsure, say Y. 397 398config ARM64_ERRATUM_827319 399 bool "Cortex-A53: 827319: Data cache clean instructions might cause overlapping transactions to the interconnect" 400 default y 401 select ARM64_WORKAROUND_CLEAN_CACHE 402 help 403 This option adds an alternative code sequence to work around ARM 404 erratum 827319 on Cortex-A53 parts up to r0p2 with an AMBA 5 CHI 405 master interface and an L2 cache. 406 407 Under certain conditions this erratum can cause a clean line eviction 408 to occur at the same time as another transaction to the same address 409 on the AMBA 5 CHI interface, which can cause data corruption if the 410 interconnect reorders the two transactions. 411 412 The workaround promotes data cache clean instructions to 413 data cache clean-and-invalidate. 414 Please note that this does not necessarily enable the workaround, 415 as it depends on the alternative framework, which will only patch 416 the kernel if an affected CPU is detected. 417 418 If unsure, say Y. 419 420config ARM64_ERRATUM_824069 421 bool "Cortex-A53: 824069: Cache line might not be marked as clean after a CleanShared snoop" 422 default y 423 select ARM64_WORKAROUND_CLEAN_CACHE 424 help 425 This option adds an alternative code sequence to work around ARM 426 erratum 824069 on Cortex-A53 parts up to r0p2 when it is connected 427 to a coherent interconnect. 428 429 If a Cortex-A53 processor is executing a store or prefetch for 430 write instruction at the same time as a processor in another 431 cluster is executing a cache maintenance operation to the same 432 address, then this erratum might cause a clean cache line to be 433 incorrectly marked as dirty. 434 435 The workaround promotes data cache clean instructions to 436 data cache clean-and-invalidate. 437 Please note that this option does not necessarily enable the 438 workaround, as it depends on the alternative framework, which will 439 only patch the kernel if an affected CPU is detected. 440 441 If unsure, say Y. 442 443config ARM64_ERRATUM_819472 444 bool "Cortex-A53: 819472: Store exclusive instructions might cause data corruption" 445 default y 446 select ARM64_WORKAROUND_CLEAN_CACHE 447 help 448 This option adds an alternative code sequence to work around ARM 449 erratum 819472 on Cortex-A53 parts up to r0p1 with an L2 cache 450 present when it is connected to a coherent interconnect. 451 452 If the processor is executing a load and store exclusive sequence at 453 the same time as a processor in another cluster is executing a cache 454 maintenance operation to the same address, then this erratum might 455 cause data corruption. 456 457 The workaround promotes data cache clean instructions to 458 data cache clean-and-invalidate. 459 Please note that this does not necessarily enable the workaround, 460 as it depends on the alternative framework, which will only patch 461 the kernel if an affected CPU is detected. 462 463 If unsure, say Y. 464 465config ARM64_ERRATUM_832075 466 bool "Cortex-A57: 832075: possible deadlock on mixing exclusive memory accesses with device loads" 467 default y 468 help 469 This option adds an alternative code sequence to work around ARM 470 erratum 832075 on Cortex-A57 parts up to r1p2. 471 472 Affected Cortex-A57 parts might deadlock when exclusive load/store 473 instructions to Write-Back memory are mixed with Device loads. 474 475 The workaround is to promote device loads to use Load-Acquire 476 semantics. 477 Please note that this does not necessarily enable the workaround, 478 as it depends on the alternative framework, which will only patch 479 the kernel if an affected CPU is detected. 480 481 If unsure, say Y. 482 483config ARM64_ERRATUM_834220 484 bool "Cortex-A57: 834220: Stage 2 translation fault might be incorrectly reported in presence of a Stage 1 fault" 485 depends on KVM 486 default y 487 help 488 This option adds an alternative code sequence to work around ARM 489 erratum 834220 on Cortex-A57 parts up to r1p2. 490 491 Affected Cortex-A57 parts might report a Stage 2 translation 492 fault as the result of a Stage 1 fault for load crossing a 493 page boundary when there is a permission or device memory 494 alignment fault at Stage 1 and a translation fault at Stage 2. 495 496 The workaround is to verify that the Stage 1 translation 497 doesn't generate a fault before handling the Stage 2 fault. 498 Please note that this does not necessarily enable the workaround, 499 as it depends on the alternative framework, which will only patch 500 the kernel if an affected CPU is detected. 501 502 If unsure, say Y. 503 504config ARM64_ERRATUM_1742098 505 bool "Cortex-A57/A72: 1742098: ELR recorded incorrectly on interrupt taken between cryptographic instructions in a sequence" 506 depends on COMPAT 507 default y 508 help 509 This option removes the AES hwcap for aarch32 user-space to 510 workaround erratum 1742098 on Cortex-A57 and Cortex-A72. 511 512 Affected parts may corrupt the AES state if an interrupt is 513 taken between a pair of AES instructions. These instructions 514 are only present if the cryptography extensions are present. 515 All software should have a fallback implementation for CPUs 516 that don't implement the cryptography extensions. 517 518 If unsure, say Y. 519 520config ARM64_ERRATUM_845719 521 bool "Cortex-A53: 845719: a load might read incorrect data" 522 depends on COMPAT 523 default y 524 help 525 This option adds an alternative code sequence to work around ARM 526 erratum 845719 on Cortex-A53 parts up to r0p4. 527 528 When running a compat (AArch32) userspace on an affected Cortex-A53 529 part, a load at EL0 from a virtual address that matches the bottom 32 530 bits of the virtual address used by a recent load at (AArch64) EL1 531 might return incorrect data. 532 533 The workaround is to write the contextidr_el1 register on exception 534 return to a 32-bit task. 535 Please note that this does not necessarily enable the workaround, 536 as it depends on the alternative framework, which will only patch 537 the kernel if an affected CPU is detected. 538 539 If unsure, say Y. 540 541config ARM64_ERRATUM_843419 542 bool "Cortex-A53: 843419: A load or store might access an incorrect address" 543 default y 544 select ARM64_MODULE_PLTS if MODULES 545 help 546 This option links the kernel with '--fix-cortex-a53-843419' and 547 enables PLT support to replace certain ADRP instructions, which can 548 cause subsequent memory accesses to use an incorrect address on 549 Cortex-A53 parts up to r0p4. 550 551 If unsure, say Y. 552 553config ARM64_LD_HAS_FIX_ERRATUM_843419 554 def_bool $(ld-option,--fix-cortex-a53-843419) 555 556config ARM64_ERRATUM_1024718 557 bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" 558 default y 559 help 560 This option adds a workaround for ARM Cortex-A55 Erratum 1024718. 561 562 Affected Cortex-A55 cores (all revisions) could cause incorrect 563 update of the hardware dirty bit when the DBM/AP bits are updated 564 without a break-before-make. The workaround is to disable the usage 565 of hardware DBM locally on the affected cores. CPUs not affected by 566 this erratum will continue to use the feature. 567 568 If unsure, say Y. 569 570config ARM64_ERRATUM_1418040 571 bool "Cortex-A76/Neoverse-N1: MRC read following MRRC read of specific Generic Timer in AArch32 might give incorrect result" 572 default y 573 depends on COMPAT 574 help 575 This option adds a workaround for ARM Cortex-A76/Neoverse-N1 576 errata 1188873 and 1418040. 577 578 Affected Cortex-A76/Neoverse-N1 cores (r0p0 to r3p1) could 579 cause register corruption when accessing the timer registers 580 from AArch32 userspace. 581 582 If unsure, say Y. 583 584config ARM64_WORKAROUND_SPECULATIVE_AT 585 bool 586 587config ARM64_ERRATUM_1165522 588 bool "Cortex-A76: 1165522: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 589 default y 590 select ARM64_WORKAROUND_SPECULATIVE_AT 591 help 592 This option adds a workaround for ARM Cortex-A76 erratum 1165522. 593 594 Affected Cortex-A76 cores (r0p0, r1p0, r2p0) could end-up with 595 corrupted TLBs by speculating an AT instruction during a guest 596 context switch. 597 598 If unsure, say Y. 599 600config ARM64_ERRATUM_1319367 601 bool "Cortex-A57/A72: 1319537: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 602 default y 603 select ARM64_WORKAROUND_SPECULATIVE_AT 604 help 605 This option adds work arounds for ARM Cortex-A57 erratum 1319537 606 and A72 erratum 1319367 607 608 Cortex-A57 and A72 cores could end-up with corrupted TLBs by 609 speculating an AT instruction during a guest context switch. 610 611 If unsure, say Y. 612 613config ARM64_ERRATUM_1530923 614 bool "Cortex-A55: 1530923: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation" 615 default y 616 select ARM64_WORKAROUND_SPECULATIVE_AT 617 help 618 This option adds a workaround for ARM Cortex-A55 erratum 1530923. 619 620 Affected Cortex-A55 cores (r0p0, r0p1, r1p0, r2p0) could end-up with 621 corrupted TLBs by speculating an AT instruction during a guest 622 context switch. 623 624 If unsure, say Y. 625 626config ARM64_WORKAROUND_REPEAT_TLBI 627 bool 628 629config ARM64_ERRATUM_2441007 630 bool "Cortex-A55: Completion of affected memory accesses might not be guaranteed by completion of a TLBI" 631 select ARM64_WORKAROUND_REPEAT_TLBI 632 help 633 This option adds a workaround for ARM Cortex-A55 erratum #2441007. 634 635 Under very rare circumstances, affected Cortex-A55 CPUs 636 may not handle a race between a break-before-make sequence on one 637 CPU, and another CPU accessing the same page. This could allow a 638 store to a page that has been unmapped. 639 640 Work around this by adding the affected CPUs to the list that needs 641 TLB sequences to be done twice. 642 643 If unsure, say Y. 644 645config ARM64_ERRATUM_1286807 646 bool "Cortex-A76: Modification of the translation table for a virtual address might lead to read-after-read ordering violation" 647 default y 648 select ARM64_WORKAROUND_REPEAT_TLBI 649 help 650 This option adds a workaround for ARM Cortex-A76 erratum 1286807. 651 652 On the affected Cortex-A76 cores (r0p0 to r3p0), if a virtual 653 address for a cacheable mapping of a location is being 654 accessed by a core while another core is remapping the virtual 655 address to a new physical page using the recommended 656 break-before-make sequence, then under very rare circumstances 657 TLBI+DSB completes before a read using the translation being 658 invalidated has been observed by other observers. The 659 workaround repeats the TLBI+DSB operation. 660 661config ARM64_ERRATUM_1463225 662 bool "Cortex-A76: Software Step might prevent interrupt recognition" 663 default y 664 help 665 This option adds a workaround for Arm Cortex-A76 erratum 1463225. 666 667 On the affected Cortex-A76 cores (r0p0 to r3p1), software stepping 668 of a system call instruction (SVC) can prevent recognition of 669 subsequent interrupts when software stepping is disabled in the 670 exception handler of the system call and either kernel debugging 671 is enabled or VHE is in use. 672 673 Work around the erratum by triggering a dummy step exception 674 when handling a system call from a task that is being stepped 675 in a VHE configuration of the kernel. 676 677 If unsure, say Y. 678 679config ARM64_ERRATUM_1542419 680 bool "Neoverse-N1: workaround mis-ordering of instruction fetches" 681 default y 682 help 683 This option adds a workaround for ARM Neoverse-N1 erratum 684 1542419. 685 686 Affected Neoverse-N1 cores could execute a stale instruction when 687 modified by another CPU. The workaround depends on a firmware 688 counterpart. 689 690 Workaround the issue by hiding the DIC feature from EL0. This 691 forces user-space to perform cache maintenance. 692 693 If unsure, say Y. 694 695config ARM64_ERRATUM_1508412 696 bool "Cortex-A77: 1508412: workaround deadlock on sequence of NC/Device load and store exclusive or PAR read" 697 default y 698 help 699 This option adds a workaround for Arm Cortex-A77 erratum 1508412. 700 701 Affected Cortex-A77 cores (r0p0, r1p0) could deadlock on a sequence 702 of a store-exclusive or read of PAR_EL1 and a load with device or 703 non-cacheable memory attributes. The workaround depends on a firmware 704 counterpart. 705 706 KVM guests must also have the workaround implemented or they can 707 deadlock the system. 708 709 Work around the issue by inserting DMB SY barriers around PAR_EL1 710 register reads and warning KVM users. The DMB barrier is sufficient 711 to prevent a speculative PAR_EL1 read. 712 713 If unsure, say Y. 714 715config ARM64_ERRATUM_2658417 716 bool "Cortex-A510: 2658417: remove BF16 support due to incorrect result" 717 default y 718 help 719 This option adds the workaround for ARM Cortex-A510 erratum 2658417. 720 Affected Cortex-A510 (r0p0 to r1p1) may produce the wrong result for 721 BFMMLA or VMMLA instructions in rare circumstances when a pair of 722 A510 CPUs are using shared neon hardware. As the sharing is not 723 discoverable by the kernel, hide the BF16 HWCAP to indicate that 724 user-space should not be using these instructions. 725 726 If unsure, say Y. 727 728config ARM64_ERRATUM_2119858 729 bool "Cortex-A710: 2119858: workaround TRBE overwriting trace data in FILL mode" 730 default y 731 depends on CORESIGHT_TRBE 732 select ARM64_WORKAROUND_TRBE_OVERWRITE_FILL_MODE 733 help 734 This option adds the workaround for ARM Cortex-A710 erratum 2119858. 735 736 Affected Cortex-A710 cores could overwrite up to 3 cache lines of trace 737 data at the base of the buffer (pointed to by TRBASER_EL1) in FILL mode in 738 the event of a WRAP event. 739 740 Work around the issue by always making sure we move the TRBPTR_EL1 by 741 256 bytes before enabling the buffer and filling the first 256 bytes of 742 the buffer with ETM ignore packets upon disabling. 743 744 If unsure, say Y. 745 746config ARM64_ERRATUM_2139208 747 bool "Neoverse-N2: 2139208: workaround TRBE overwriting trace data in FILL mode" 748 default y 749 depends on CORESIGHT_TRBE 750 select ARM64_WORKAROUND_TRBE_OVERWRITE_FILL_MODE 751 help 752 This option adds the workaround for ARM Neoverse-N2 erratum 2139208. 753 754 Affected Neoverse-N2 cores could overwrite up to 3 cache lines of trace 755 data at the base of the buffer (pointed to by TRBASER_EL1) in FILL mode in 756 the event of a WRAP event. 757 758 Work around the issue by always making sure we move the TRBPTR_EL1 by 759 256 bytes before enabling the buffer and filling the first 256 bytes of 760 the buffer with ETM ignore packets upon disabling. 761 762 If unsure, say Y. 763 764config ARM64_WORKAROUND_TSB_FLUSH_FAILURE 765 bool 766 767config ARM64_ERRATUM_2054223 768 bool "Cortex-A710: 2054223: workaround TSB instruction failing to flush trace" 769 default y 770 select ARM64_WORKAROUND_TSB_FLUSH_FAILURE 771 help 772 Enable workaround for ARM Cortex-A710 erratum 2054223 773 774 Affected cores may fail to flush the trace data on a TSB instruction, when 775 the PE is in trace prohibited state. This will cause losing a few bytes 776 of the trace cached. 777 778 Workaround is to issue two TSB consecutively on affected cores. 779 780 If unsure, say Y. 781 782config ARM64_ERRATUM_2067961 783 bool "Neoverse-N2: 2067961: workaround TSB instruction failing to flush trace" 784 default y 785 select ARM64_WORKAROUND_TSB_FLUSH_FAILURE 786 help 787 Enable workaround for ARM Neoverse-N2 erratum 2067961 788 789 Affected cores may fail to flush the trace data on a TSB instruction, when 790 the PE is in trace prohibited state. This will cause losing a few bytes 791 of the trace cached. 792 793 Workaround is to issue two TSB consecutively on affected cores. 794 795 If unsure, say Y. 796 797config ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE 798 bool 799 800config ARM64_ERRATUM_2253138 801 bool "Neoverse-N2: 2253138: workaround TRBE writing to address out-of-range" 802 depends on CORESIGHT_TRBE 803 default y 804 select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE 805 help 806 This option adds the workaround for ARM Neoverse-N2 erratum 2253138. 807 808 Affected Neoverse-N2 cores might write to an out-of-range address, not reserved 809 for TRBE. Under some conditions, the TRBE might generate a write to the next 810 virtually addressed page following the last page of the TRBE address space 811 (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. 812 813 Work around this in the driver by always making sure that there is a 814 page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. 815 816 If unsure, say Y. 817 818config ARM64_ERRATUM_2224489 819 bool "Cortex-A710: 2224489: workaround TRBE writing to address out-of-range" 820 depends on CORESIGHT_TRBE 821 default y 822 select ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE 823 help 824 This option adds the workaround for ARM Cortex-A710 erratum 2224489. 825 826 Affected Cortex-A710 cores might write to an out-of-range address, not reserved 827 for TRBE. Under some conditions, the TRBE might generate a write to the next 828 virtually addressed page following the last page of the TRBE address space 829 (i.e., the TRBLIMITR_EL1.LIMIT), instead of wrapping around to the base. 830 831 Work around this in the driver by always making sure that there is a 832 page beyond the TRBLIMITR_EL1.LIMIT, within the space allowed for the TRBE. 833 834 If unsure, say Y. 835 836config ARM64_ERRATUM_2441009 837 bool "Cortex-A510: Completion of affected memory accesses might not be guaranteed by completion of a TLBI" 838 select ARM64_WORKAROUND_REPEAT_TLBI 839 help 840 This option adds a workaround for ARM Cortex-A510 erratum #2441009. 841 842 Under very rare circumstances, affected Cortex-A510 CPUs 843 may not handle a race between a break-before-make sequence on one 844 CPU, and another CPU accessing the same page. This could allow a 845 store to a page that has been unmapped. 846 847 Work around this by adding the affected CPUs to the list that needs 848 TLB sequences to be done twice. 849 850 If unsure, say Y. 851 852config ARM64_ERRATUM_2457168 853 bool "Cortex-A510: 2457168: workaround for AMEVCNTR01 incrementing incorrectly" 854 depends on ARM64_AMU_EXTN 855 default y 856 help 857 This option adds the workaround for ARM Cortex-A510 erratum 2457168. 858 859 The AMU counter AMEVCNTR01 (constant counter) should increment at the same rate 860 as the system counter. On affected Cortex-A510 cores AMEVCNTR01 increments 861 incorrectly giving a significantly higher output value. 862 863 Work around this problem by returning 0 when reading the affected counter in 864 key locations that results in disabling all users of this counter. This effect 865 is the same to firmware disabling affected counters. 866 867 If unsure, say Y. 868 869config ARM64_WORKAROUND_TRBE_OVERWRITE_FILL_MODE 870 bool 871 872config CAVIUM_ERRATUM_22375 873 bool "Cavium erratum 22375, 24313" 874 default y 875 help 876 Enable workaround for errata 22375 and 24313. 877 878 This implements two gicv3-its errata workarounds for ThunderX. Both 879 with a small impact affecting only ITS table allocation. 880 881 erratum 22375: only alloc 8MB table size 882 erratum 24313: ignore memory access type 883 884 The fixes are in ITS initialization and basically ignore memory access 885 type and table size provided by the TYPER and BASER registers. 886 887 If unsure, say Y. 888 889config CAVIUM_ERRATUM_23144 890 bool "Cavium erratum 23144: ITS SYNC hang on dual socket system" 891 depends on NUMA 892 default y 893 help 894 ITS SYNC command hang for cross node io and collections/cpu mapping. 895 896 If unsure, say Y. 897 898config CAVIUM_ERRATUM_23154 899 bool "Cavium erratum 23154: Access to ICC_IAR1_EL1 is not sync'ed" 900 default y 901 help 902 The gicv3 of ThunderX requires a modified version for 903 reading the IAR status to ensure data synchronization 904 (access to icc_iar1_el1 is not sync'ed before and after). 905 906 If unsure, say Y. 907 908config CAVIUM_ERRATUM_27456 909 bool "Cavium erratum 27456: Broadcast TLBI instructions may cause icache corruption" 910 default y 911 help 912 On ThunderX T88 pass 1.x through 2.1 parts, broadcast TLBI 913 instructions may cause the icache to become corrupted if it 914 contains data for a non-current ASID. The fix is to 915 invalidate the icache when changing the mm context. 916 917 If unsure, say Y. 918 919config CAVIUM_ERRATUM_30115 920 bool "Cavium erratum 30115: Guest may disable interrupts in host" 921 default y 922 help 923 On ThunderX T88 pass 1.x through 2.2, T81 pass 1.0 through 924 1.2, and T83 Pass 1.0, KVM guest execution may disable 925 interrupts in host. Trapping both GICv3 group-0 and group-1 926 accesses sidesteps the issue. 927 928 If unsure, say Y. 929 930config CAVIUM_TX2_ERRATUM_219 931 bool "Cavium ThunderX2 erratum 219: PRFM between TTBR change and ISB fails" 932 default y 933 help 934 On Cavium ThunderX2, a load, store or prefetch instruction between a 935 TTBR update and the corresponding context synchronizing operation can 936 cause a spurious Data Abort to be delivered to any hardware thread in 937 the CPU core. 938 939 Work around the issue by avoiding the problematic code sequence and 940 trapping KVM guest TTBRx_EL1 writes to EL2 when SMT is enabled. The 941 trap handler performs the corresponding register access, skips the 942 instruction and ensures context synchronization by virtue of the 943 exception return. 944 945 If unsure, say Y. 946 947config FUJITSU_ERRATUM_010001 948 bool "Fujitsu-A64FX erratum E#010001: Undefined fault may occur wrongly" 949 default y 950 help 951 This option adds a workaround for Fujitsu-A64FX erratum E#010001. 952 On some variants of the Fujitsu-A64FX cores ver(1.0, 1.1), memory 953 accesses may cause undefined fault (Data abort, DFSC=0b111111). 954 This fault occurs under a specific hardware condition when a 955 load/store instruction performs an address translation using: 956 case-1 TTBR0_EL1 with TCR_EL1.NFD0 == 1. 957 case-2 TTBR0_EL2 with TCR_EL2.NFD0 == 1. 958 case-3 TTBR1_EL1 with TCR_EL1.NFD1 == 1. 959 case-4 TTBR1_EL2 with TCR_EL2.NFD1 == 1. 960 961 The workaround is to ensure these bits are clear in TCR_ELx. 962 The workaround only affects the Fujitsu-A64FX. 963 964 If unsure, say Y. 965 966config HISILICON_ERRATUM_161600802 967 bool "Hip07 161600802: Erroneous redistributor VLPI base" 968 default y 969 help 970 The HiSilicon Hip07 SoC uses the wrong redistributor base 971 when issued ITS commands such as VMOVP and VMAPP, and requires 972 a 128kB offset to be applied to the target address in this commands. 973 974 If unsure, say Y. 975 976config QCOM_FALKOR_ERRATUM_1003 977 bool "Falkor E1003: Incorrect translation due to ASID change" 978 default y 979 help 980 On Falkor v1, an incorrect ASID may be cached in the TLB when ASID 981 and BADDR are changed together in TTBRx_EL1. Since we keep the ASID 982 in TTBR1_EL1, this situation only occurs in the entry trampoline and 983 then only for entries in the walk cache, since the leaf translation 984 is unchanged. Work around the erratum by invalidating the walk cache 985 entries for the trampoline before entering the kernel proper. 986 987config QCOM_FALKOR_ERRATUM_1009 988 bool "Falkor E1009: Prematurely complete a DSB after a TLBI" 989 default y 990 select ARM64_WORKAROUND_REPEAT_TLBI 991 help 992 On Falkor v1, the CPU may prematurely complete a DSB following a 993 TLBI xxIS invalidate maintenance operation. Repeat the TLBI operation 994 one more time to fix the issue. 995 996 If unsure, say Y. 997 998config QCOM_QDF2400_ERRATUM_0065 999 bool "QDF2400 E0065: Incorrect GITS_TYPER.ITT_Entry_size" 1000 default y 1001 help 1002 On Qualcomm Datacenter Technologies QDF2400 SoC, ITS hardware reports 1003 ITE size incorrectly. The GITS_TYPER.ITT_Entry_size field should have 1004 been indicated as 16Bytes (0xf), not 8Bytes (0x7). 1005 1006 If unsure, say Y. 1007 1008config QCOM_FALKOR_ERRATUM_E1041 1009 bool "Falkor E1041: Speculative instruction fetches might cause errant memory access" 1010 default y 1011 help 1012 Falkor CPU may speculatively fetch instructions from an improper 1013 memory location when MMU translation is changed from SCTLR_ELn[M]=1 1014 to SCTLR_ELn[M]=0. Prefix an ISB instruction to fix the problem. 1015 1016 If unsure, say Y. 1017 1018config NVIDIA_CARMEL_CNP_ERRATUM 1019 bool "NVIDIA Carmel CNP: CNP on Carmel semantically different than ARM cores" 1020 default y 1021 help 1022 If CNP is enabled on Carmel cores, non-sharable TLBIs on a core will not 1023 invalidate shared TLB entries installed by a different core, as it would 1024 on standard ARM cores. 1025 1026 If unsure, say Y. 1027 1028config SOCIONEXT_SYNQUACER_PREITS 1029 bool "Socionext Synquacer: Workaround for GICv3 pre-ITS" 1030 default y 1031 help 1032 Socionext Synquacer SoCs implement a separate h/w block to generate 1033 MSI doorbell writes with non-zero values for the device ID. 1034 1035 If unsure, say Y. 1036 1037config ANDROID_ARM64_WORKAROUND_DMA_BEYOND_POC 1038 bool "Remove cacheable aliases of non-cacheable DMA buffers at stage-2" 1039 default y 1040 depends on KVM 1041 help 1042 Some SoCs integrate non-coherent DMA-capable peripherals beyond 1043 the Point of Coherency (PoC), resulting in loss of coherency 1044 with non-cacheable mappings on the CPU in the presence of a 1045 cacheable alias. 1046 1047 This workaround provides a mechanism (controlled by the kernel 1048 command-line) to remap pages as non-cacheable in pKVM's stage-2 1049 mapping for the host, thereby removing any cacheable aliases 1050 that may be present in the stage-1 mapping. 1051 1052 If unsure, say Y. 1053 1054endmenu 1055 1056 1057choice 1058 prompt "Page size" 1059 default ARM64_4K_PAGES 1060 help 1061 Page size (translation granule) configuration. 1062 1063config ARM64_4K_PAGES 1064 bool "4KB" 1065 help 1066 This feature enables 4KB pages support. 1067 1068config ARM64_16K_PAGES 1069 bool "16KB" 1070 help 1071 The system will use 16KB pages support. AArch32 emulation 1072 requires applications compiled with 16K (or a multiple of 16K) 1073 aligned segments. 1074 1075config ARM64_64K_PAGES 1076 bool "64KB" 1077 help 1078 This feature enables 64KB pages support (4KB by default) 1079 allowing only two levels of page tables and faster TLB 1080 look-up. AArch32 emulation requires applications compiled 1081 with 64K aligned segments. 1082 1083endchoice 1084 1085choice 1086 prompt "Virtual address space size" 1087 default ARM64_VA_BITS_39 if ARM64_4K_PAGES 1088 default ARM64_VA_BITS_47 if ARM64_16K_PAGES 1089 default ARM64_VA_BITS_42 if ARM64_64K_PAGES 1090 help 1091 Allows choosing one of multiple possible virtual address 1092 space sizes. The level of translation table is determined by 1093 a combination of page size and virtual address space size. 1094 1095config ARM64_VA_BITS_36 1096 bool "36-bit" if EXPERT 1097 depends on ARM64_16K_PAGES 1098 1099config ARM64_VA_BITS_39 1100 bool "39-bit" 1101 depends on ARM64_4K_PAGES 1102 1103config ARM64_VA_BITS_42 1104 bool "42-bit" 1105 depends on ARM64_64K_PAGES 1106 1107config ARM64_VA_BITS_47 1108 bool "47-bit" 1109 depends on ARM64_16K_PAGES 1110 1111config ARM64_VA_BITS_48 1112 bool "48-bit" 1113 1114config ARM64_VA_BITS_52 1115 bool "52-bit" 1116 depends on ARM64_64K_PAGES && (ARM64_PAN || !ARM64_SW_TTBR0_PAN) 1117 help 1118 Enable 52-bit virtual addressing for userspace when explicitly 1119 requested via a hint to mmap(). The kernel will also use 52-bit 1120 virtual addresses for its own mappings (provided HW support for 1121 this feature is available, otherwise it reverts to 48-bit). 1122 1123 NOTE: Enabling 52-bit virtual addressing in conjunction with 1124 ARMv8.3 Pointer Authentication will result in the PAC being 1125 reduced from 7 bits to 3 bits, which may have a significant 1126 impact on its susceptibility to brute-force attacks. 1127 1128 If unsure, select 48-bit virtual addressing instead. 1129 1130endchoice 1131 1132config ARM64_FORCE_52BIT 1133 bool "Force 52-bit virtual addresses for userspace" 1134 depends on ARM64_VA_BITS_52 && EXPERT 1135 help 1136 For systems with 52-bit userspace VAs enabled, the kernel will attempt 1137 to maintain compatibility with older software by providing 48-bit VAs 1138 unless a hint is supplied to mmap. 1139 1140 This configuration option disables the 48-bit compatibility logic, and 1141 forces all userspace addresses to be 52-bit on HW that supports it. One 1142 should only enable this configuration option for stress testing userspace 1143 memory management code. If unsure say N here. 1144 1145config ARM64_VA_BITS 1146 int 1147 default 36 if ARM64_VA_BITS_36 1148 default 39 if ARM64_VA_BITS_39 1149 default 42 if ARM64_VA_BITS_42 1150 default 47 if ARM64_VA_BITS_47 1151 default 48 if ARM64_VA_BITS_48 1152 default 52 if ARM64_VA_BITS_52 1153 1154choice 1155 prompt "Physical address space size" 1156 default ARM64_PA_BITS_48 1157 help 1158 Choose the maximum physical address range that the kernel will 1159 support. 1160 1161config ARM64_PA_BITS_48 1162 bool "48-bit" 1163 1164config ARM64_PA_BITS_52 1165 bool "52-bit (ARMv8.2)" 1166 depends on ARM64_64K_PAGES 1167 depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN 1168 help 1169 Enable support for a 52-bit physical address space, introduced as 1170 part of the ARMv8.2-LPA extension. 1171 1172 With this enabled, the kernel will also continue to work on CPUs that 1173 do not support ARMv8.2-LPA, but with some added memory overhead (and 1174 minor performance overhead). 1175 1176endchoice 1177 1178config ARM64_PA_BITS 1179 int 1180 default 48 if ARM64_PA_BITS_48 1181 default 52 if ARM64_PA_BITS_52 1182 1183choice 1184 prompt "Endianness" 1185 default CPU_LITTLE_ENDIAN 1186 help 1187 Select the endianness of data accesses performed by the CPU. Userspace 1188 applications will need to be compiled and linked for the endianness 1189 that is selected here. 1190 1191config CPU_BIG_ENDIAN 1192 bool "Build big-endian kernel" 1193 depends on !LD_IS_LLD || LLD_VERSION >= 130000 1194 # https://github.com/llvm/llvm-project/commit/1379b150991f70a5782e9a143c2ba5308da1161c 1195 depends on AS_IS_GNU || AS_VERSION >= 150000 1196 help 1197 Say Y if you plan on running a kernel with a big-endian userspace. 1198 1199config CPU_LITTLE_ENDIAN 1200 bool "Build little-endian kernel" 1201 help 1202 Say Y if you plan on running a kernel with a little-endian userspace. 1203 This is usually the case for distributions targeting arm64. 1204 1205endchoice 1206 1207config SCHED_MC 1208 bool "Multi-core scheduler support" 1209 help 1210 Multi-core scheduler support improves the CPU scheduler's decision 1211 making when dealing with multi-core CPU chips at a cost of slightly 1212 increased overhead in some places. If unsure say N here. 1213 1214config SCHED_SMT 1215 bool "SMT scheduler support" 1216 help 1217 Improves the CPU scheduler's decision making when dealing with 1218 MultiThreading at a cost of slightly increased overhead in some 1219 places. If unsure say N here. 1220 1221config NR_CPUS 1222 int "Maximum number of CPUs (2-4096)" 1223 range 2 4096 1224 default "256" 1225 1226config HOTPLUG_CPU 1227 bool "Support for hot-pluggable CPUs" 1228 select GENERIC_IRQ_MIGRATION 1229 help 1230 Say Y here to experiment with turning CPUs off and on. CPUs 1231 can be controlled through /sys/devices/system/cpu. 1232 1233# Common NUMA Features 1234config NUMA 1235 bool "NUMA Memory Allocation and Scheduler Support" 1236 select GENERIC_ARCH_NUMA 1237 select ACPI_NUMA if ACPI 1238 select OF_NUMA 1239 help 1240 Enable NUMA (Non-Uniform Memory Access) support. 1241 1242 The kernel will try to allocate memory used by a CPU on the 1243 local memory of the CPU and add some more 1244 NUMA awareness to the kernel. 1245 1246config NODES_SHIFT 1247 int "Maximum NUMA Nodes (as a power of 2)" 1248 range 1 10 1249 default "4" 1250 depends on NUMA 1251 help 1252 Specify the maximum number of NUMA Nodes available on the target 1253 system. Increases memory reserved to accommodate various tables. 1254 1255config USE_PERCPU_NUMA_NODE_ID 1256 def_bool y 1257 depends on NUMA 1258 1259config HAVE_SETUP_PER_CPU_AREA 1260 def_bool y 1261 depends on NUMA 1262 1263config NEED_PER_CPU_EMBED_FIRST_CHUNK 1264 def_bool y 1265 depends on NUMA 1266 1267source "kernel/Kconfig.hz" 1268 1269config ARCH_SPARSEMEM_ENABLE 1270 def_bool y 1271 select SPARSEMEM_VMEMMAP_ENABLE 1272 select SPARSEMEM_VMEMMAP 1273 1274config HW_PERF_EVENTS 1275 def_bool y 1276 depends on ARM_PMU 1277 1278# Supported by clang >= 7.0 1279config CC_HAVE_SHADOW_CALL_STACK 1280 def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18) 1281 1282config PARAVIRT 1283 bool "Enable paravirtualization code" 1284 help 1285 This changes the kernel so it can modify itself when it is run 1286 under a hypervisor, potentially improving performance significantly 1287 over full virtualization. 1288 1289config PARAVIRT_TIME_ACCOUNTING 1290 bool "Paravirtual steal time accounting" 1291 select PARAVIRT 1292 help 1293 Select this option to enable fine granularity task steal time 1294 accounting. Time spent executing other tasks in parallel with 1295 the current vCPU is discounted from the vCPU power. To account for 1296 that, there can be a small performance impact. 1297 1298 If in doubt, say N here. 1299 1300config KEXEC 1301 depends on PM_SLEEP_SMP 1302 select KEXEC_CORE 1303 bool "kexec system call" 1304 help 1305 kexec is a system call that implements the ability to shutdown your 1306 current kernel, and to start another kernel. It is like a reboot 1307 but it is independent of the system firmware. And like a reboot 1308 you can start any kernel with it, not just Linux. 1309 1310config KEXEC_FILE 1311 bool "kexec file based system call" 1312 select KEXEC_CORE 1313 select HAVE_IMA_KEXEC if IMA 1314 help 1315 This is new version of kexec system call. This system call is 1316 file based and takes file descriptors as system call argument 1317 for kernel and initramfs as opposed to list of segments as 1318 accepted by previous system call. 1319 1320config KEXEC_SIG 1321 bool "Verify kernel signature during kexec_file_load() syscall" 1322 depends on KEXEC_FILE 1323 help 1324 Select this option to verify a signature with loaded kernel 1325 image. If configured, any attempt of loading a image without 1326 valid signature will fail. 1327 1328 In addition to that option, you need to enable signature 1329 verification for the corresponding kernel image type being 1330 loaded in order for this to work. 1331 1332config KEXEC_IMAGE_VERIFY_SIG 1333 bool "Enable Image signature verification support" 1334 default y 1335 depends on KEXEC_SIG 1336 depends on EFI && SIGNED_PE_FILE_VERIFICATION 1337 help 1338 Enable Image signature verification support. 1339 1340comment "Support for PE file signature verification disabled" 1341 depends on KEXEC_SIG 1342 depends on !EFI || !SIGNED_PE_FILE_VERIFICATION 1343 1344config CRASH_DUMP 1345 bool "Build kdump crash kernel" 1346 help 1347 Generate crash dump after being started by kexec. This should 1348 be normally only set in special crash dump kernels which are 1349 loaded in the main kernel with kexec-tools into a specially 1350 reserved region and then later executed after a crash by 1351 kdump/kexec. 1352 1353 For more details see Documentation/admin-guide/kdump/kdump.rst 1354 1355config TRANS_TABLE 1356 def_bool y 1357 depends on HIBERNATION 1358 1359config XEN_DOM0 1360 def_bool y 1361 depends on XEN 1362 1363config XEN 1364 bool "Xen guest support on ARM64" 1365 depends on ARM64 && OF 1366 select SWIOTLB_XEN 1367 select PARAVIRT 1368 help 1369 Say Y if you want to run Linux in a Virtual Machine on Xen on ARM64. 1370 1371config FORCE_MAX_ZONEORDER 1372 int 1373 default "14" if ARM64_64K_PAGES 1374 default "12" if ARM64_16K_PAGES 1375 default "11" 1376 help 1377 The kernel memory allocator divides physically contiguous memory 1378 blocks into "zones", where each zone is a power of two number of 1379 pages. This option selects the largest power of two that the kernel 1380 keeps in the memory allocator. If you need to allocate very large 1381 blocks of physically contiguous memory, then you may need to 1382 increase this value. 1383 1384 This config option is actually maximum order plus one. For example, 1385 a value of 11 means that the largest free memory block is 2^10 pages. 1386 1387 We make sure that we can allocate upto a HugePage size for each configuration. 1388 Hence we have : 1389 MAX_ORDER = (PMD_SHIFT - PAGE_SHIFT) + 1 => PAGE_SHIFT - 2 1390 1391 However for 4K, we choose a higher default value, 11 as opposed to 10, giving us 1392 4M allocations matching the default size used by generic code. 1393 1394config UNMAP_KERNEL_AT_EL0 1395 bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT 1396 default y 1397 help 1398 Speculation attacks against some high-performance processors can 1399 be used to bypass MMU permission checks and leak kernel data to 1400 userspace. This can be defended against by unmapping the kernel 1401 when running in userspace, mapping it back in on exception entry 1402 via a trampoline page in the vector table. 1403 1404 If unsure, say Y. 1405 1406config MITIGATE_SPECTRE_BRANCH_HISTORY 1407 bool "Mitigate Spectre style attacks against branch history" if EXPERT 1408 default y 1409 help 1410 Speculation attacks against some high-performance processors can 1411 make use of branch history to influence future speculation. 1412 When taking an exception from user-space, a sequence of branches 1413 or a firmware call overwrites the branch history. 1414 1415config RODATA_FULL_DEFAULT_ENABLED 1416 bool "Apply r/o permissions of VM areas also to their linear aliases" 1417 default y 1418 help 1419 Apply read-only attributes of VM areas to the linear alias of 1420 the backing pages as well. This prevents code or read-only data 1421 from being modified (inadvertently or intentionally) via another 1422 mapping of the same memory page. This additional enhancement can 1423 be turned off at runtime by passing rodata=[off|on] (and turned on 1424 with rodata=full if this option is set to 'n') 1425 1426 This requires the linear region to be mapped down to pages, 1427 which may adversely affect performance in some cases. 1428 1429config ARM64_SW_TTBR0_PAN 1430 bool "Emulate Privileged Access Never using TTBR0_EL1 switching" 1431 help 1432 Enabling this option prevents the kernel from accessing 1433 user-space memory directly by pointing TTBR0_EL1 to a reserved 1434 zeroed area and reserved ASID. The user access routines 1435 restore the valid TTBR0_EL1 temporarily. 1436 1437config ARM64_TAGGED_ADDR_ABI 1438 bool "Enable the tagged user addresses syscall ABI" 1439 default y 1440 help 1441 When this option is enabled, user applications can opt in to a 1442 relaxed ABI via prctl() allowing tagged addresses to be passed 1443 to system calls as pointer arguments. For details, see 1444 Documentation/arm64/tagged-address-abi.rst. 1445 1446menuconfig COMPAT 1447 bool "Kernel support for 32-bit EL0" 1448 depends on ARM64_4K_PAGES || EXPERT 1449 select HAVE_UID16 1450 select OLD_SIGSUSPEND3 1451 select COMPAT_OLD_SIGACTION 1452 help 1453 This option enables support for a 32-bit EL0 running under a 64-bit 1454 kernel at EL1. AArch32-specific components such as system calls, 1455 the user helper functions, VFP support and the ptrace interface are 1456 handled appropriately by the kernel. 1457 1458 If you use a page size other than 4KB (i.e, 16KB or 64KB), please be aware 1459 that you will only be able to execute AArch32 binaries that were compiled 1460 with page size aligned segments. 1461 1462 If you want to execute 32-bit userspace applications, say Y. 1463 1464if COMPAT 1465 1466config KUSER_HELPERS 1467 bool "Enable kuser helpers page for 32-bit applications" 1468 default y 1469 help 1470 Warning: disabling this option may break 32-bit user programs. 1471 1472 Provide kuser helpers to compat tasks. The kernel provides 1473 helper code to userspace in read only form at a fixed location 1474 to allow userspace to be independent of the CPU type fitted to 1475 the system. This permits binaries to be run on ARMv4 through 1476 to ARMv8 without modification. 1477 1478 See Documentation/arm/kernel_user_helpers.rst for details. 1479 1480 However, the fixed address nature of these helpers can be used 1481 by ROP (return orientated programming) authors when creating 1482 exploits. 1483 1484 If all of the binaries and libraries which run on your platform 1485 are built specifically for your platform, and make no use of 1486 these helpers, then you can turn this option off to hinder 1487 such exploits. However, in that case, if a binary or library 1488 relying on those helpers is run, it will not function correctly. 1489 1490 Say N here only if you are absolutely certain that you do not 1491 need these helpers; otherwise, the safe option is to say Y. 1492 1493config COMPAT_VDSO 1494 bool "Enable vDSO for 32-bit applications" 1495 depends on !CPU_BIG_ENDIAN 1496 depends on (CC_IS_CLANG && LD_IS_LLD) || "$(CROSS_COMPILE_COMPAT)" != "" 1497 select GENERIC_COMPAT_VDSO 1498 default y 1499 help 1500 Place in the process address space of 32-bit applications an 1501 ELF shared object providing fast implementations of gettimeofday 1502 and clock_gettime. 1503 1504 You must have a 32-bit build of glibc 2.22 or later for programs 1505 to seamlessly take advantage of this. 1506 1507config THUMB2_COMPAT_VDSO 1508 bool "Compile the 32-bit vDSO for Thumb-2 mode" if EXPERT 1509 depends on COMPAT_VDSO 1510 default y 1511 help 1512 Compile the compat vDSO with '-mthumb -fomit-frame-pointer' if y, 1513 otherwise with '-marm'. 1514 1515menuconfig ARMV8_DEPRECATED 1516 bool "Emulate deprecated/obsolete ARMv8 instructions" 1517 depends on SYSCTL 1518 help 1519 Legacy software support may require certain instructions 1520 that have been deprecated or obsoleted in the architecture. 1521 1522 Enable this config to enable selective emulation of these 1523 features. 1524 1525 If unsure, say Y 1526 1527if ARMV8_DEPRECATED 1528 1529config SWP_EMULATION 1530 bool "Emulate SWP/SWPB instructions" 1531 help 1532 ARMv8 obsoletes the use of A32 SWP/SWPB instructions such that 1533 they are always undefined. Say Y here to enable software 1534 emulation of these instructions for userspace using LDXR/STXR. 1535 This feature can be controlled at runtime with the abi.swp 1536 sysctl which is disabled by default. 1537 1538 In some older versions of glibc [<=2.8] SWP is used during futex 1539 trylock() operations with the assumption that the code will not 1540 be preempted. This invalid assumption may be more likely to fail 1541 with SWP emulation enabled, leading to deadlock of the user 1542 application. 1543 1544 NOTE: when accessing uncached shared regions, LDXR/STXR rely 1545 on an external transaction monitoring block called a global 1546 monitor to maintain update atomicity. If your system does not 1547 implement a global monitor, this option can cause programs that 1548 perform SWP operations to uncached memory to deadlock. 1549 1550 If unsure, say Y 1551 1552config CP15_BARRIER_EMULATION 1553 bool "Emulate CP15 Barrier instructions" 1554 help 1555 The CP15 barrier instructions - CP15ISB, CP15DSB, and 1556 CP15DMB - are deprecated in ARMv8 (and ARMv7). It is 1557 strongly recommended to use the ISB, DSB, and DMB 1558 instructions instead. 1559 1560 Say Y here to enable software emulation of these 1561 instructions for AArch32 userspace code. When this option is 1562 enabled, CP15 barrier usage is traced which can help 1563 identify software that needs updating. This feature can be 1564 controlled at runtime with the abi.cp15_barrier sysctl. 1565 1566 If unsure, say Y 1567 1568config SETEND_EMULATION 1569 bool "Emulate SETEND instruction" 1570 help 1571 The SETEND instruction alters the data-endianness of the 1572 AArch32 EL0, and is deprecated in ARMv8. 1573 1574 Say Y here to enable software emulation of the instruction 1575 for AArch32 userspace code. This feature can be controlled 1576 at runtime with the abi.setend sysctl. 1577 1578 Note: All the cpus on the system must have mixed endian support at EL0 1579 for this feature to be enabled. If a new CPU - which doesn't support mixed 1580 endian - is hotplugged in after this feature has been enabled, there could 1581 be unexpected results in the applications. 1582 1583 If unsure, say Y 1584endif 1585 1586endif 1587 1588menu "ARMv8.1 architectural features" 1589 1590config ARM64_HW_AFDBM 1591 bool "Support for hardware updates of the Access and Dirty page flags" 1592 default y 1593 help 1594 The ARMv8.1 architecture extensions introduce support for 1595 hardware updates of the access and dirty information in page 1596 table entries. When enabled in TCR_EL1 (HA and HD bits) on 1597 capable processors, accesses to pages with PTE_AF cleared will 1598 set this bit instead of raising an access flag fault. 1599 Similarly, writes to read-only pages with the DBM bit set will 1600 clear the read-only bit (AP[2]) instead of raising a 1601 permission fault. 1602 1603 Kernels built with this configuration option enabled continue 1604 to work on pre-ARMv8.1 hardware and the performance impact is 1605 minimal. If unsure, say Y. 1606 1607config ARM64_PAN 1608 bool "Enable support for Privileged Access Never (PAN)" 1609 default y 1610 help 1611 Privileged Access Never (PAN; part of the ARMv8.1 Extensions) 1612 prevents the kernel or hypervisor from accessing user-space (EL0) 1613 memory directly. 1614 1615 Choosing this option will cause any unprotected (not using 1616 copy_to_user et al) memory access to fail with a permission fault. 1617 1618 The feature is detected at runtime, and will remain as a 'nop' 1619 instruction if the cpu does not implement the feature. 1620 1621config AS_HAS_LDAPR 1622 def_bool $(as-instr,.arch_extension rcpc) 1623 1624config AS_HAS_LSE_ATOMICS 1625 def_bool $(as-instr,.arch_extension lse) 1626 1627config ARM64_LSE_ATOMICS 1628 bool 1629 default ARM64_USE_LSE_ATOMICS 1630 depends on AS_HAS_LSE_ATOMICS 1631 1632config ARM64_USE_LSE_ATOMICS 1633 bool "Atomic instructions" 1634 depends on JUMP_LABEL 1635 default y 1636 help 1637 As part of the Large System Extensions, ARMv8.1 introduces new 1638 atomic instructions that are designed specifically to scale in 1639 very large systems. 1640 1641 Say Y here to make use of these instructions for the in-kernel 1642 atomic routines. This incurs a small overhead on CPUs that do 1643 not support these instructions and requires the kernel to be 1644 built with binutils >= 2.25 in order for the new instructions 1645 to be used. 1646 1647endmenu 1648 1649menu "ARMv8.2 architectural features" 1650 1651config ARM64_PMEM 1652 bool "Enable support for persistent memory" 1653 select ARCH_HAS_PMEM_API 1654 select ARCH_HAS_UACCESS_FLUSHCACHE 1655 help 1656 Say Y to enable support for the persistent memory API based on the 1657 ARMv8.2 DCPoP feature. 1658 1659 The feature is detected at runtime, and the kernel will use DC CVAC 1660 operations if DC CVAP is not supported (following the behaviour of 1661 DC CVAP itself if the system does not define a point of persistence). 1662 1663config ARM64_RAS_EXTN 1664 bool "Enable support for RAS CPU Extensions" 1665 default y 1666 help 1667 CPUs that support the Reliability, Availability and Serviceability 1668 (RAS) Extensions, part of ARMv8.2 are able to track faults and 1669 errors, classify them and report them to software. 1670 1671 On CPUs with these extensions system software can use additional 1672 barriers to determine if faults are pending and read the 1673 classification from a new set of registers. 1674 1675 Selecting this feature will allow the kernel to use these barriers 1676 and access the new registers if the system supports the extension. 1677 Platform RAS features may additionally depend on firmware support. 1678 1679config ARM64_CNP 1680 bool "Enable support for Common Not Private (CNP) translations" 1681 default y 1682 depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN 1683 help 1684 Common Not Private (CNP) allows translation table entries to 1685 be shared between different PEs in the same inner shareable 1686 domain, so the hardware can use this fact to optimise the 1687 caching of such entries in the TLB. 1688 1689 Selecting this option allows the CNP feature to be detected 1690 at runtime, and does not affect PEs that do not implement 1691 this feature. 1692 1693endmenu 1694 1695menu "ARMv8.3 architectural features" 1696 1697config ARM64_PTR_AUTH 1698 bool "Enable support for pointer authentication" 1699 default y 1700 help 1701 Pointer authentication (part of the ARMv8.3 Extensions) provides 1702 instructions for signing and authenticating pointers against secret 1703 keys, which can be used to mitigate Return Oriented Programming (ROP) 1704 and other attacks. 1705 1706 This option enables these instructions at EL0 (i.e. for userspace). 1707 Choosing this option will cause the kernel to initialise secret keys 1708 for each process at exec() time, with these keys being 1709 context-switched along with the process. 1710 1711 The feature is detected at runtime. If the feature is not present in 1712 hardware it will not be advertised to userspace/KVM guest nor will it 1713 be enabled. 1714 1715 If the feature is present on the boot CPU but not on a late CPU, then 1716 the late CPU will be parked. Also, if the boot CPU does not have 1717 address auth and the late CPU has then the late CPU will still boot 1718 but with the feature disabled. On such a system, this option should 1719 not be selected. 1720 1721config ARM64_PTR_AUTH_KERNEL 1722 bool "Use pointer authentication for kernel" 1723 default y 1724 depends on ARM64_PTR_AUTH 1725 depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC 1726 # Modern compilers insert a .note.gnu.property section note for PAC 1727 # which is only understood by binutils starting with version 2.33.1. 1728 depends on LD_IS_LLD || LD_VERSION >= 23301 || (CC_IS_GCC && GCC_VERSION < 90100) 1729 depends on !CC_IS_CLANG || AS_HAS_CFI_NEGATE_RA_STATE 1730 depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS) 1731 help 1732 If the compiler supports the -mbranch-protection or 1733 -msign-return-address flag (e.g. GCC 7 or later), then this option 1734 will cause the kernel itself to be compiled with return address 1735 protection. In this case, and if the target hardware is known to 1736 support pointer authentication, then CONFIG_STACKPROTECTOR can be 1737 disabled with minimal loss of protection. 1738 1739 This feature works with FUNCTION_GRAPH_TRACER option only if 1740 DYNAMIC_FTRACE_WITH_REGS is enabled. 1741 1742config CC_HAS_BRANCH_PROT_PAC_RET 1743 # GCC 9 or later, clang 8 or later 1744 def_bool $(cc-option,-mbranch-protection=pac-ret+leaf) 1745 1746config CC_HAS_SIGN_RETURN_ADDRESS 1747 # GCC 7, 8 1748 def_bool $(cc-option,-msign-return-address=all) 1749 1750config AS_HAS_PAC 1751 def_bool $(cc-option,-Wa$(comma)-march=armv8.3-a) 1752 1753config AS_HAS_CFI_NEGATE_RA_STATE 1754 def_bool $(as-instr,.cfi_startproc\n.cfi_negate_ra_state\n.cfi_endproc\n) 1755 1756endmenu 1757 1758menu "ARMv8.4 architectural features" 1759 1760config ARM64_AMU_EXTN 1761 bool "Enable support for the Activity Monitors Unit CPU extension" 1762 default y 1763 help 1764 The activity monitors extension is an optional extension introduced 1765 by the ARMv8.4 CPU architecture. This enables support for version 1 1766 of the activity monitors architecture, AMUv1. 1767 1768 To enable the use of this extension on CPUs that implement it, say Y. 1769 1770 Note that for architectural reasons, firmware _must_ implement AMU 1771 support when running on CPUs that present the activity monitors 1772 extension. The required support is present in: 1773 * Version 1.5 and later of the ARM Trusted Firmware 1774 1775 For kernels that have this configuration enabled but boot with broken 1776 firmware, you may need to say N here until the firmware is fixed. 1777 Otherwise you may experience firmware panics or lockups when 1778 accessing the counter registers. Even if you are not observing these 1779 symptoms, the values returned by the register reads might not 1780 correctly reflect reality. Most commonly, the value read will be 0, 1781 indicating that the counter is not enabled. 1782 1783config AS_HAS_ARMV8_4 1784 def_bool $(cc-option,-Wa$(comma)-march=armv8.4-a) 1785 1786config ARM64_TLB_RANGE 1787 bool "Enable support for tlbi range feature" 1788 default y 1789 depends on AS_HAS_ARMV8_4 1790 help 1791 ARMv8.4-TLBI provides TLBI invalidation instruction that apply to a 1792 range of input addresses. 1793 1794 The feature introduces new assembly instructions, and they were 1795 support when binutils >= 2.30. 1796 1797config ARM64_MPAM 1798 bool "Enable support for MPAM" 1799 help 1800 Memory Partitioning and Monitoring is an optional extension 1801 that allows the CPUs to mark load and store transactions with 1802 labels for partition-id and performance-monitoring-group. 1803 System components, such as the caches, can use the partition-id 1804 to apply a performance policy. MPAM monitors can use the 1805 partition-id and performance-monitoring-group to measure the 1806 cache occupancy or data throughput. 1807 1808 Use of this extension requires CPU support, support in the 1809 memory system components (MSC), and a description from firmware 1810 of where the MSC are in the address space. 1811 1812endmenu 1813 1814menu "ARMv8.5 architectural features" 1815 1816config AS_HAS_ARMV8_5 1817 def_bool $(cc-option,-Wa$(comma)-march=armv8.5-a) 1818 1819config ARM64_BTI 1820 bool "Branch Target Identification support" 1821 default y 1822 help 1823 Branch Target Identification (part of the ARMv8.5 Extensions) 1824 provides a mechanism to limit the set of locations to which computed 1825 branch instructions such as BR or BLR can jump. 1826 1827 To make use of BTI on CPUs that support it, say Y. 1828 1829 BTI is intended to provide complementary protection to other control 1830 flow integrity protection mechanisms, such as the Pointer 1831 authentication mechanism provided as part of the ARMv8.3 Extensions. 1832 For this reason, it does not make sense to enable this option without 1833 also enabling support for pointer authentication. Thus, when 1834 enabling this option you should also select ARM64_PTR_AUTH=y. 1835 1836 Userspace binaries must also be specifically compiled to make use of 1837 this mechanism. If you say N here or the hardware does not support 1838 BTI, such binaries can still run, but you get no additional 1839 enforcement of branch destinations. 1840 1841config ARM64_BTI_KERNEL 1842 bool "Use Branch Target Identification for kernel" 1843 default y 1844 depends on ARM64_BTI 1845 depends on ARM64_PTR_AUTH_KERNEL 1846 depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI 1847 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697 1848 depends on !CC_IS_GCC || GCC_VERSION >= 100100 1849 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671 1850 depends on !CC_IS_GCC 1851 # https://github.com/llvm/llvm-project/commit/a88c722e687e6780dcd6a58718350dc76fcc4cc9 1852 depends on !CC_IS_CLANG || CLANG_VERSION >= 120000 1853 depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS) 1854 help 1855 Build the kernel with Branch Target Identification annotations 1856 and enable enforcement of this for kernel code. When this option 1857 is enabled and the system supports BTI all kernel code including 1858 modular code must have BTI enabled. 1859 1860config CC_HAS_BRANCH_PROT_PAC_RET_BTI 1861 # GCC 9 or later, clang 8 or later 1862 def_bool $(cc-option,-mbranch-protection=pac-ret+leaf+bti) 1863 1864config ARM64_E0PD 1865 bool "Enable support for E0PD" 1866 default y 1867 help 1868 E0PD (part of the ARMv8.5 extensions) allows us to ensure 1869 that EL0 accesses made via TTBR1 always fault in constant time, 1870 providing similar benefits to KASLR as those provided by KPTI, but 1871 with lower overhead and without disrupting legitimate access to 1872 kernel memory such as SPE. 1873 1874 This option enables E0PD for TTBR1 where available. 1875 1876config ARCH_RANDOM 1877 bool "Enable support for random number generation" 1878 default y 1879 help 1880 Random number generation (part of the ARMv8.5 Extensions) 1881 provides a high bandwidth, cryptographically secure 1882 hardware random number generator. 1883 1884config ARM64_AS_HAS_MTE 1885 # Initial support for MTE went in binutils 2.32.0, checked with 1886 # ".arch armv8.5-a+memtag" below. However, this was incomplete 1887 # as a late addition to the final architecture spec (LDGM/STGM) 1888 # is only supported in the newer 2.32.x and 2.33 binutils 1889 # versions, hence the extra "stgm" instruction check below. 1890 def_bool $(as-instr,.arch armv8.5-a+memtag\nstgm xzr$(comma)[x0]) 1891 1892config ARM64_MTE 1893 bool "Memory Tagging Extension support" 1894 default y 1895 depends on ARM64_AS_HAS_MTE && ARM64_TAGGED_ADDR_ABI 1896 depends on AS_HAS_ARMV8_5 1897 depends on AS_HAS_LSE_ATOMICS 1898 # Required for tag checking in the uaccess routines 1899 depends on ARM64_PAN 1900 select ARCH_HAS_SUBPAGE_FAULTS 1901 select ARCH_USES_HIGH_VMA_FLAGS 1902 help 1903 Memory Tagging (part of the ARMv8.5 Extensions) provides 1904 architectural support for run-time, always-on detection of 1905 various classes of memory error to aid with software debugging 1906 to eliminate vulnerabilities arising from memory-unsafe 1907 languages. 1908 1909 This option enables the support for the Memory Tagging 1910 Extension at EL0 (i.e. for userspace). 1911 1912 Selecting this option allows the feature to be detected at 1913 runtime. Any secondary CPU not implementing this feature will 1914 not be allowed a late bring-up. 1915 1916 Userspace binaries that want to use this feature must 1917 explicitly opt in. The mechanism for the userspace is 1918 described in: 1919 1920 Documentation/arm64/memory-tagging-extension.rst. 1921 1922endmenu 1923 1924menu "ARMv8.7 architectural features" 1925 1926config ARM64_EPAN 1927 bool "Enable support for Enhanced Privileged Access Never (EPAN)" 1928 default y 1929 depends on ARM64_PAN 1930 help 1931 Enhanced Privileged Access Never (EPAN) allows Privileged 1932 Access Never to be used with Execute-only mappings. 1933 1934 The feature is detected at runtime, and will remain disabled 1935 if the cpu does not implement the feature. 1936endmenu 1937 1938config ARM64_SVE 1939 bool "ARM Scalable Vector Extension support" 1940 default y 1941 help 1942 The Scalable Vector Extension (SVE) is an extension to the AArch64 1943 execution state which complements and extends the SIMD functionality 1944 of the base architecture to support much larger vectors and to enable 1945 additional vectorisation opportunities. 1946 1947 To enable use of this extension on CPUs that implement it, say Y. 1948 1949 On CPUs that support the SVE2 extensions, this option will enable 1950 those too. 1951 1952 Note that for architectural reasons, firmware _must_ implement SVE 1953 support when running on SVE capable hardware. The required support 1954 is present in: 1955 1956 * version 1.5 and later of the ARM Trusted Firmware 1957 * the AArch64 boot wrapper since commit 5e1261e08abf 1958 ("bootwrapper: SVE: Enable SVE for EL2 and below"). 1959 1960 For other firmware implementations, consult the firmware documentation 1961 or vendor. 1962 1963 If you need the kernel to boot on SVE-capable hardware with broken 1964 firmware, you may need to say N here until you get your firmware 1965 fixed. Otherwise, you may experience firmware panics or lockups when 1966 booting the kernel. If unsure and you are not observing these 1967 symptoms, you should assume that it is safe to say Y. 1968 1969config ARM64_MODULE_PLTS 1970 bool "Use PLTs to allow module memory to spill over into vmalloc area" 1971 depends on MODULES 1972 help 1973 Allocate PLTs when loading modules so that jumps and calls whose 1974 targets are too far away for their relative offsets to be encoded 1975 in the instructions themselves can be bounced via veneers in the 1976 module's PLT. This allows modules to be allocated in the generic 1977 vmalloc area after the dedicated module memory area has been 1978 exhausted. 1979 1980 When running with address space randomization (KASLR), the module 1981 region itself may be too far away for ordinary relative jumps and 1982 calls, and so in that case, module PLTs are required and cannot be 1983 disabled. 1984 1985 Specific errata workaround(s) might also force module PLTs to be 1986 enabled (ARM64_ERRATUM_843419). 1987 1988config ARM64_PSEUDO_NMI 1989 bool "Support for NMI-like interrupts" 1990 select ARM_GIC_V3 1991 help 1992 Adds support for mimicking Non-Maskable Interrupts through the use of 1993 GIC interrupt priority. This support requires version 3 or later of 1994 ARM GIC. 1995 1996 This high priority configuration for interrupts needs to be 1997 explicitly enabled by setting the kernel parameter 1998 "irqchip.gicv3_pseudo_nmi" to 1. 1999 2000 If unsure, say N 2001 2002if ARM64_PSEUDO_NMI 2003config ARM64_DEBUG_PRIORITY_MASKING 2004 bool "Debug interrupt priority masking" 2005 help 2006 This adds runtime checks to functions enabling/disabling 2007 interrupts when using priority masking. The additional checks verify 2008 the validity of ICC_PMR_EL1 when calling concerned functions. 2009 2010 If unsure, say N 2011endif 2012 2013config RELOCATABLE 2014 bool "Build a relocatable kernel image" if EXPERT 2015 select ARCH_HAS_RELR 2016 default y 2017 help 2018 This builds the kernel as a Position Independent Executable (PIE), 2019 which retains all relocation metadata required to relocate the 2020 kernel binary at runtime to a different virtual address than the 2021 address it was linked at. 2022 Since AArch64 uses the RELA relocation format, this requires a 2023 relocation pass at runtime even if the kernel is loaded at the 2024 same address it was linked at. 2025 2026config RANDOMIZE_BASE 2027 bool "Randomize the address of the kernel image" 2028 select ARM64_MODULE_PLTS if MODULES 2029 select RELOCATABLE 2030 help 2031 Randomizes the virtual address at which the kernel image is 2032 loaded, as a security feature that deters exploit attempts 2033 relying on knowledge of the location of kernel internals. 2034 2035 It is the bootloader's job to provide entropy, by passing a 2036 random u64 value in /chosen/kaslr-seed at kernel entry. 2037 2038 When booting via the UEFI stub, it will invoke the firmware's 2039 EFI_RNG_PROTOCOL implementation (if available) to supply entropy 2040 to the kernel proper. In addition, it will randomise the physical 2041 location of the kernel Image as well. 2042 2043 If unsure, say N. 2044 2045config RANDOMIZE_MODULE_REGION_FULL 2046 bool "Randomize the module region over a 2 GB range" 2047 depends on RANDOMIZE_BASE 2048 default y 2049 help 2050 Randomizes the location of the module region inside a 2 GB window 2051 covering the core kernel. This way, it is less likely for modules 2052 to leak information about the location of core kernel data structures 2053 but it does imply that function calls between modules and the core 2054 kernel will need to be resolved via veneers in the module PLT. 2055 2056 When this option is not set, the module region will be randomized over 2057 a limited range that contains the [_stext, _etext] interval of the 2058 core kernel, so branch relocations are almost always in range unless 2059 ARM64_MODULE_PLTS is enabled and the region is exhausted. In this 2060 particular case of region exhaustion, modules might be able to fall 2061 back to a larger 2GB area. 2062 2063config CC_HAVE_STACKPROTECTOR_SYSREG 2064 def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) 2065 2066config STACKPROTECTOR_PER_TASK 2067 def_bool y 2068 depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG 2069 2070config UNWIND_PATCH_PAC_INTO_SCS 2071 bool "Enable shadow call stack dynamically using code patching" 2072 # needs Clang with https://reviews.llvm.org/D111780 incorporated 2073 depends on CC_IS_CLANG && CLANG_VERSION >= 150000 2074 depends on ARM64_PTR_AUTH_KERNEL && CC_HAS_BRANCH_PROT_PAC_RET 2075 depends on SHADOW_CALL_STACK 2076 select UNWIND_TABLES 2077 select DYNAMIC_SCS 2078 2079endmenu 2080 2081menu "Boot options" 2082 2083config ARM64_ACPI_PARKING_PROTOCOL 2084 bool "Enable support for the ARM64 ACPI parking protocol" 2085 depends on ACPI 2086 help 2087 Enable support for the ARM64 ACPI parking protocol. If disabled 2088 the kernel will not allow booting through the ARM64 ACPI parking 2089 protocol even if the corresponding data is present in the ACPI 2090 MADT table. 2091 2092config CMDLINE 2093 string "Default kernel command string" 2094 default "" 2095 help 2096 Provide a set of default command-line options at build time by 2097 entering them here. As a minimum, you should specify the the 2098 root device (e.g. root=/dev/nfs). 2099 2100choice 2101 prompt "Kernel command line type" if CMDLINE != "" 2102 default CMDLINE_FROM_BOOTLOADER 2103 help 2104 Choose how the kernel will handle the provided default kernel 2105 command line string. 2106 2107config CMDLINE_FROM_BOOTLOADER 2108 bool "Use bootloader kernel arguments if available" 2109 help 2110 Uses the command-line options passed by the boot loader. If 2111 the boot loader doesn't provide any, the default kernel command 2112 string provided in CMDLINE will be used. 2113 2114config CMDLINE_EXTEND 2115 bool "Extend bootloader kernel arguments" 2116 help 2117 The command-line arguments provided by the boot loader will be 2118 appended to the default kernel command string. 2119 2120config CMDLINE_FORCE 2121 bool "Always use the default kernel command string" 2122 help 2123 Always use the default kernel command string, even if the boot 2124 loader passes other arguments to the kernel. 2125 This is useful if you cannot or don't want to change the 2126 command-line options your boot loader passes to the kernel. 2127 2128endchoice 2129 2130config EFI_STUB 2131 bool 2132 2133config EFI 2134 bool "UEFI runtime support" 2135 depends on OF && !CPU_BIG_ENDIAN 2136 depends on KERNEL_MODE_NEON 2137 select ARCH_SUPPORTS_ACPI 2138 select LIBFDT 2139 select UCS2_STRING 2140 select EFI_PARAMS_FROM_FDT 2141 select EFI_RUNTIME_WRAPPERS 2142 select EFI_STUB 2143 select EFI_GENERIC_STUB 2144 imply IMA_SECURE_AND_OR_TRUSTED_BOOT 2145 default y 2146 help 2147 This option provides support for runtime services provided 2148 by UEFI firmware (such as non-volatile variables, realtime 2149 clock, and platform reset). A UEFI stub is also provided to 2150 allow the kernel to be booted as an EFI application. This 2151 is only useful on systems that have UEFI firmware. 2152 2153config DMI 2154 bool "Enable support for SMBIOS (DMI) tables" 2155 depends on EFI 2156 default y 2157 help 2158 This enables SMBIOS/DMI feature for systems. 2159 2160 This option is only useful on systems that have UEFI firmware. 2161 However, even with this option, the resultant kernel should 2162 continue to boot on existing non-UEFI platforms. 2163 2164endmenu 2165 2166config SYSVIPC_COMPAT 2167 def_bool y 2168 depends on COMPAT && SYSVIPC 2169 2170menu "Power management options" 2171 2172source "kernel/power/Kconfig" 2173 2174config ARCH_HIBERNATION_POSSIBLE 2175 def_bool y 2176 depends on CPU_PM 2177 2178config ARCH_HIBERNATION_HEADER 2179 def_bool y 2180 depends on HIBERNATION 2181 2182config ARCH_SUSPEND_POSSIBLE 2183 def_bool y 2184 2185endmenu 2186 2187menu "CPU Power Management" 2188 2189source "drivers/cpuidle/Kconfig" 2190 2191source "drivers/cpufreq/Kconfig" 2192 2193endmenu 2194 2195source "drivers/acpi/Kconfig" 2196 2197source "arch/arm64/kvm/Kconfig" 2198 2199if CRYPTO 2200source "arch/arm64/crypto/Kconfig" 2201endif 2202