2f4b829c62
The ARMv8.1 architecture extensions introduce support for hardware updates of the access and dirty information in page table entries. With TCR_EL1.HA enabled, when the CPU accesses an address with the PTE_AF bit cleared in the page table, instead of raising an access flag fault the CPU sets the actual page table entry bit. To ensure that kernel modifications to the page tables do not inadvertently revert a change introduced by hardware updates, the exclusive monitor (ldxr/stxr) is adopted in the pte accessors. When TCR_EL1.HD is enabled, a write access to a memory location with the DBM (Dirty Bit Management) bit set in the corresponding pte automatically clears the read-only bit (AP[2]). Such DBM bit maps onto the Linux PTE_WRITE bit and to check whether a writable (DBM set) page is dirty, the kernel tests the PTE_RDONLY bit. In order to allow read-only and dirty pages, the kernel needs to preserve the software dirty bit. The hardware dirty status is transferred to the software dirty bit in ptep_set_wrprotect() (using load/store exclusive loop) and pte_modify(). Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Will Deacon <will.deacon@arm.com>
805 lines
22 KiB
Plaintext
805 lines
22 KiB
Plaintext
config ARM64
|
|
def_bool y
|
|
select ACPI_CCA_REQUIRED if ACPI
|
|
select ACPI_GENERIC_GSI if ACPI
|
|
select ACPI_REDUCED_HARDWARE_ONLY if ACPI
|
|
select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
|
|
select ARCH_HAS_ELF_RANDOMIZE
|
|
select ARCH_HAS_GCOV_PROFILE_ALL
|
|
select ARCH_HAS_SG_CHAIN
|
|
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
|
|
select ARCH_USE_CMPXCHG_LOCKREF
|
|
select ARCH_SUPPORTS_ATOMIC_RMW
|
|
select ARCH_WANT_OPTIONAL_GPIOLIB
|
|
select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
|
|
select ARCH_WANT_FRAME_POINTERS
|
|
select ARM_AMBA
|
|
select ARM_ARCH_TIMER
|
|
select ARM_GIC
|
|
select AUDIT_ARCH_COMPAT_GENERIC
|
|
select ARM_GIC_V2M if PCI_MSI
|
|
select ARM_GIC_V3
|
|
select ARM_GIC_V3_ITS if PCI_MSI
|
|
select BUILDTIME_EXTABLE_SORT
|
|
select CLONE_BACKWARDS
|
|
select COMMON_CLK
|
|
select CPU_PM if (SUSPEND || CPU_IDLE)
|
|
select DCACHE_WORD_ACCESS
|
|
select EDAC_SUPPORT
|
|
select GENERIC_ALLOCATOR
|
|
select GENERIC_CLOCKEVENTS
|
|
select GENERIC_CLOCKEVENTS_BROADCAST if SMP
|
|
select GENERIC_CPU_AUTOPROBE
|
|
select GENERIC_EARLY_IOREMAP
|
|
select GENERIC_IRQ_PROBE
|
|
select GENERIC_IRQ_SHOW
|
|
select GENERIC_IRQ_SHOW_LEVEL
|
|
select GENERIC_PCI_IOMAP
|
|
select GENERIC_SCHED_CLOCK
|
|
select GENERIC_SMP_IDLE_THREAD
|
|
select GENERIC_STRNCPY_FROM_USER
|
|
select GENERIC_STRNLEN_USER
|
|
select GENERIC_TIME_VSYSCALL
|
|
select HANDLE_DOMAIN_IRQ
|
|
select HARDIRQS_SW_RESEND
|
|
select HAVE_ALIGNED_STRUCT_PAGE if SLUB
|
|
select HAVE_ARCH_AUDITSYSCALL
|
|
select HAVE_ARCH_BITREVERSE
|
|
select HAVE_ARCH_JUMP_LABEL
|
|
select HAVE_ARCH_KGDB
|
|
select HAVE_ARCH_SECCOMP_FILTER
|
|
select HAVE_ARCH_TRACEHOOK
|
|
select HAVE_BPF_JIT
|
|
select HAVE_C_RECORDMCOUNT
|
|
select HAVE_CC_STACKPROTECTOR
|
|
select HAVE_CMPXCHG_DOUBLE
|
|
select HAVE_DEBUG_BUGVERBOSE
|
|
select HAVE_DEBUG_KMEMLEAK
|
|
select HAVE_DMA_API_DEBUG
|
|
select HAVE_DMA_ATTRS
|
|
select HAVE_DMA_CONTIGUOUS
|
|
select HAVE_DYNAMIC_FTRACE
|
|
select HAVE_EFFICIENT_UNALIGNED_ACCESS
|
|
select HAVE_FTRACE_MCOUNT_RECORD
|
|
select HAVE_FUNCTION_TRACER
|
|
select HAVE_FUNCTION_GRAPH_TRACER
|
|
select HAVE_GENERIC_DMA_COHERENT
|
|
select HAVE_HW_BREAKPOINT if PERF_EVENTS
|
|
select HAVE_MEMBLOCK
|
|
select HAVE_PATA_PLATFORM
|
|
select HAVE_PERF_EVENTS
|
|
select HAVE_PERF_REGS
|
|
select HAVE_PERF_USER_STACK_DUMP
|
|
select HAVE_RCU_TABLE_FREE
|
|
select HAVE_SYSCALL_TRACEPOINTS
|
|
select IRQ_DOMAIN
|
|
select IRQ_FORCED_THREADING
|
|
select MODULES_USE_ELF_RELA
|
|
select NO_BOOTMEM
|
|
select OF
|
|
select OF_EARLY_FLATTREE
|
|
select OF_RESERVED_MEM
|
|
select PERF_USE_VMALLOC
|
|
select POWER_RESET
|
|
select POWER_SUPPLY
|
|
select RTC_LIB
|
|
select SPARSE_IRQ
|
|
select SYSCTL_EXCEPTION_TRACE
|
|
select HAVE_CONTEXT_TRACKING
|
|
help
|
|
ARM 64-bit (AArch64) Linux support.
|
|
|
|
config 64BIT
|
|
def_bool y
|
|
|
|
config ARCH_PHYS_ADDR_T_64BIT
|
|
def_bool y
|
|
|
|
config MMU
|
|
def_bool y
|
|
|
|
config NO_IOPORT_MAP
|
|
def_bool y if !PCI
|
|
|
|
config STACKTRACE_SUPPORT
|
|
def_bool y
|
|
|
|
config LOCKDEP_SUPPORT
|
|
def_bool y
|
|
|
|
config TRACE_IRQFLAGS_SUPPORT
|
|
def_bool y
|
|
|
|
config RWSEM_XCHGADD_ALGORITHM
|
|
def_bool y
|
|
|
|
config GENERIC_HWEIGHT
|
|
def_bool y
|
|
|
|
config GENERIC_CSUM
|
|
def_bool y
|
|
|
|
config GENERIC_CALIBRATE_DELAY
|
|
def_bool y
|
|
|
|
config ZONE_DMA
|
|
def_bool y
|
|
|
|
config HAVE_GENERIC_RCU_GUP
|
|
def_bool y
|
|
|
|
config ARCH_DMA_ADDR_T_64BIT
|
|
def_bool y
|
|
|
|
config NEED_DMA_MAP_STATE
|
|
def_bool y
|
|
|
|
config NEED_SG_DMA_LENGTH
|
|
def_bool y
|
|
|
|
config SWIOTLB
|
|
def_bool y
|
|
|
|
config IOMMU_HELPER
|
|
def_bool SWIOTLB
|
|
|
|
config KERNEL_MODE_NEON
|
|
def_bool y
|
|
|
|
config FIX_EARLYCON_MEM
|
|
def_bool y
|
|
|
|
config PGTABLE_LEVELS
|
|
int
|
|
default 2 if ARM64_64K_PAGES && ARM64_VA_BITS_42
|
|
default 3 if ARM64_64K_PAGES && ARM64_VA_BITS_48
|
|
default 3 if ARM64_4K_PAGES && ARM64_VA_BITS_39
|
|
default 4 if ARM64_4K_PAGES && ARM64_VA_BITS_48
|
|
|
|
source "init/Kconfig"
|
|
|
|
source "kernel/Kconfig.freezer"
|
|
|
|
menu "Platform selection"
|
|
|
|
config ARCH_EXYNOS
|
|
bool
|
|
help
|
|
This enables support for Samsung Exynos SoC family
|
|
|
|
config ARCH_EXYNOS7
|
|
bool "ARMv8 based Samsung Exynos7"
|
|
select ARCH_EXYNOS
|
|
select COMMON_CLK_SAMSUNG
|
|
select HAVE_S3C2410_WATCHDOG if WATCHDOG
|
|
select HAVE_S3C_RTC if RTC_CLASS
|
|
select PINCTRL
|
|
select PINCTRL_EXYNOS
|
|
|
|
help
|
|
This enables support for Samsung Exynos7 SoC family
|
|
|
|
config ARCH_FSL_LS2085A
|
|
bool "Freescale LS2085A SOC"
|
|
help
|
|
This enables support for Freescale LS2085A SOC.
|
|
|
|
config ARCH_HISI
|
|
bool "Hisilicon SoC Family"
|
|
help
|
|
This enables support for Hisilicon ARMv8 SoC family
|
|
|
|
config ARCH_MEDIATEK
|
|
bool "Mediatek MT65xx & MT81xx ARMv8 SoC"
|
|
select ARM_GIC
|
|
select PINCTRL
|
|
help
|
|
Support for Mediatek MT65xx & MT81xx ARMv8 SoCs
|
|
|
|
config ARCH_QCOM
|
|
bool "Qualcomm Platforms"
|
|
select PINCTRL
|
|
help
|
|
This enables support for the ARMv8 based Qualcomm chipsets.
|
|
|
|
config ARCH_SEATTLE
|
|
bool "AMD Seattle SoC Family"
|
|
help
|
|
This enables support for AMD Seattle SOC Family
|
|
|
|
config ARCH_TEGRA
|
|
bool "NVIDIA Tegra SoC Family"
|
|
select ARCH_HAS_RESET_CONTROLLER
|
|
select ARCH_REQUIRE_GPIOLIB
|
|
select CLKDEV_LOOKUP
|
|
select CLKSRC_MMIO
|
|
select CLKSRC_OF
|
|
select GENERIC_CLOCKEVENTS
|
|
select HAVE_CLK
|
|
select PINCTRL
|
|
select RESET_CONTROLLER
|
|
help
|
|
This enables support for the NVIDIA Tegra SoC family.
|
|
|
|
config ARCH_TEGRA_132_SOC
|
|
bool "NVIDIA Tegra132 SoC"
|
|
depends on ARCH_TEGRA
|
|
select PINCTRL_TEGRA124
|
|
select USB_ULPI if USB_PHY
|
|
select USB_ULPI_VIEWPORT if USB_PHY
|
|
help
|
|
Enable support for NVIDIA Tegra132 SoC, based on the Denver
|
|
ARMv8 CPU. The Tegra132 SoC is similar to the Tegra124 SoC,
|
|
but contains an NVIDIA Denver CPU complex in place of
|
|
Tegra124's "4+1" Cortex-A15 CPU complex.
|
|
|
|
config ARCH_SPRD
|
|
bool "Spreadtrum SoC platform"
|
|
help
|
|
Support for Spreadtrum ARM based SoCs
|
|
|
|
config ARCH_THUNDER
|
|
bool "Cavium Inc. Thunder SoC Family"
|
|
help
|
|
This enables support for Cavium's Thunder Family of SoCs.
|
|
|
|
config ARCH_VEXPRESS
|
|
bool "ARMv8 software model (Versatile Express)"
|
|
select ARCH_REQUIRE_GPIOLIB
|
|
select COMMON_CLK_VERSATILE
|
|
select POWER_RESET_VEXPRESS
|
|
select VEXPRESS_CONFIG
|
|
help
|
|
This enables support for the ARMv8 software model (Versatile
|
|
Express).
|
|
|
|
config ARCH_XGENE
|
|
bool "AppliedMicro X-Gene SOC Family"
|
|
help
|
|
This enables support for AppliedMicro X-Gene SOC Family
|
|
|
|
config ARCH_ZYNQMP
|
|
bool "Xilinx ZynqMP Family"
|
|
help
|
|
This enables support for Xilinx ZynqMP Family
|
|
|
|
endmenu
|
|
|
|
menu "Bus support"
|
|
|
|
config PCI
|
|
bool "PCI support"
|
|
help
|
|
This feature enables support for PCI bus system. If you say Y
|
|
here, the kernel will include drivers and infrastructure code
|
|
to support PCI bus devices.
|
|
|
|
config PCI_DOMAINS
|
|
def_bool PCI
|
|
|
|
config PCI_DOMAINS_GENERIC
|
|
def_bool PCI
|
|
|
|
config PCI_SYSCALL
|
|
def_bool PCI
|
|
|
|
source "drivers/pci/Kconfig"
|
|
source "drivers/pci/pcie/Kconfig"
|
|
source "drivers/pci/hotplug/Kconfig"
|
|
|
|
endmenu
|
|
|
|
menu "Kernel Features"
|
|
|
|
menu "ARM errata workarounds via the alternatives framework"
|
|
|
|
config ARM64_ERRATUM_826319
|
|
bool "Cortex-A53: 826319: System might deadlock if a write cannot complete until read data is accepted"
|
|
default y
|
|
help
|
|
This option adds an alternative code sequence to work around ARM
|
|
erratum 826319 on Cortex-A53 parts up to r0p2 with an AMBA 4 ACE or
|
|
AXI master interface and an L2 cache.
|
|
|
|
If a Cortex-A53 uses an AMBA AXI4 ACE interface to other processors
|
|
and is unable to accept a certain write via this interface, it will
|
|
not progress on read data presented on the read data channel and the
|
|
system can deadlock.
|
|
|
|
The workaround promotes data cache clean instructions to
|
|
data cache clean-and-invalidate.
|
|
Please note that this does not necessarily enable the workaround,
|
|
as it depends on the alternative framework, which will only patch
|
|
the kernel if an affected CPU is detected.
|
|
|
|
If unsure, say Y.
|
|
|
|
config ARM64_ERRATUM_827319
|
|
bool "Cortex-A53: 827319: Data cache clean instructions might cause overlapping transactions to the interconnect"
|
|
default y
|
|
help
|
|
This option adds an alternative code sequence to work around ARM
|
|
erratum 827319 on Cortex-A53 parts up to r0p2 with an AMBA 5 CHI
|
|
master interface and an L2 cache.
|
|
|
|
Under certain conditions this erratum can cause a clean line eviction
|
|
to occur at the same time as another transaction to the same address
|
|
on the AMBA 5 CHI interface, which can cause data corruption if the
|
|
interconnect reorders the two transactions.
|
|
|
|
The workaround promotes data cache clean instructions to
|
|
data cache clean-and-invalidate.
|
|
Please note that this does not necessarily enable the workaround,
|
|
as it depends on the alternative framework, which will only patch
|
|
the kernel if an affected CPU is detected.
|
|
|
|
If unsure, say Y.
|
|
|
|
config ARM64_ERRATUM_824069
|
|
bool "Cortex-A53: 824069: Cache line might not be marked as clean after a CleanShared snoop"
|
|
default y
|
|
help
|
|
This option adds an alternative code sequence to work around ARM
|
|
erratum 824069 on Cortex-A53 parts up to r0p2 when it is connected
|
|
to a coherent interconnect.
|
|
|
|
If a Cortex-A53 processor is executing a store or prefetch for
|
|
write instruction at the same time as a processor in another
|
|
cluster is executing a cache maintenance operation to the same
|
|
address, then this erratum might cause a clean cache line to be
|
|
incorrectly marked as dirty.
|
|
|
|
The workaround promotes data cache clean instructions to
|
|
data cache clean-and-invalidate.
|
|
Please note that this option does not necessarily enable the
|
|
workaround, as it depends on the alternative framework, which will
|
|
only patch the kernel if an affected CPU is detected.
|
|
|
|
If unsure, say Y.
|
|
|
|
config ARM64_ERRATUM_819472
|
|
bool "Cortex-A53: 819472: Store exclusive instructions might cause data corruption"
|
|
default y
|
|
help
|
|
This option adds an alternative code sequence to work around ARM
|
|
erratum 819472 on Cortex-A53 parts up to r0p1 with an L2 cache
|
|
present when it is connected to a coherent interconnect.
|
|
|
|
If the processor is executing a load and store exclusive sequence at
|
|
the same time as a processor in another cluster is executing a cache
|
|
maintenance operation to the same address, then this erratum might
|
|
cause data corruption.
|
|
|
|
The workaround promotes data cache clean instructions to
|
|
data cache clean-and-invalidate.
|
|
Please note that this does not necessarily enable the workaround,
|
|
as it depends on the alternative framework, which will only patch
|
|
the kernel if an affected CPU is detected.
|
|
|
|
If unsure, say Y.
|
|
|
|
config ARM64_ERRATUM_832075
|
|
bool "Cortex-A57: 832075: possible deadlock on mixing exclusive memory accesses with device loads"
|
|
default y
|
|
help
|
|
This option adds an alternative code sequence to work around ARM
|
|
erratum 832075 on Cortex-A57 parts up to r1p2.
|
|
|
|
Affected Cortex-A57 parts might deadlock when exclusive load/store
|
|
instructions to Write-Back memory are mixed with Device loads.
|
|
|
|
The workaround is to promote device loads to use Load-Acquire
|
|
semantics.
|
|
Please note that this does not necessarily enable the workaround,
|
|
as it depends on the alternative framework, which will only patch
|
|
the kernel if an affected CPU is detected.
|
|
|
|
If unsure, say Y.
|
|
|
|
config ARM64_ERRATUM_845719
|
|
bool "Cortex-A53: 845719: a load might read incorrect data"
|
|
depends on COMPAT
|
|
default y
|
|
help
|
|
This option adds an alternative code sequence to work around ARM
|
|
erratum 845719 on Cortex-A53 parts up to r0p4.
|
|
|
|
When running a compat (AArch32) userspace on an affected Cortex-A53
|
|
part, a load at EL0 from a virtual address that matches the bottom 32
|
|
bits of the virtual address used by a recent load at (AArch64) EL1
|
|
might return incorrect data.
|
|
|
|
The workaround is to write the contextidr_el1 register on exception
|
|
return to a 32-bit task.
|
|
Please note that this does not necessarily enable the workaround,
|
|
as it depends on the alternative framework, which will only patch
|
|
the kernel if an affected CPU is detected.
|
|
|
|
If unsure, say Y.
|
|
|
|
endmenu
|
|
|
|
|
|
choice
|
|
prompt "Page size"
|
|
default ARM64_4K_PAGES
|
|
help
|
|
Page size (translation granule) configuration.
|
|
|
|
config ARM64_4K_PAGES
|
|
bool "4KB"
|
|
help
|
|
This feature enables 4KB pages support.
|
|
|
|
config ARM64_64K_PAGES
|
|
bool "64KB"
|
|
help
|
|
This feature enables 64KB pages support (4KB by default)
|
|
allowing only two levels of page tables and faster TLB
|
|
look-up. AArch32 emulation is not available when this feature
|
|
is enabled.
|
|
|
|
endchoice
|
|
|
|
choice
|
|
prompt "Virtual address space size"
|
|
default ARM64_VA_BITS_39 if ARM64_4K_PAGES
|
|
default ARM64_VA_BITS_42 if ARM64_64K_PAGES
|
|
help
|
|
Allows choosing one of multiple possible virtual address
|
|
space sizes. The level of translation table is determined by
|
|
a combination of page size and virtual address space size.
|
|
|
|
config ARM64_VA_BITS_39
|
|
bool "39-bit"
|
|
depends on ARM64_4K_PAGES
|
|
|
|
config ARM64_VA_BITS_42
|
|
bool "42-bit"
|
|
depends on ARM64_64K_PAGES
|
|
|
|
config ARM64_VA_BITS_48
|
|
bool "48-bit"
|
|
|
|
endchoice
|
|
|
|
config ARM64_VA_BITS
|
|
int
|
|
default 39 if ARM64_VA_BITS_39
|
|
default 42 if ARM64_VA_BITS_42
|
|
default 48 if ARM64_VA_BITS_48
|
|
|
|
config ARM64_HW_AFDBM
|
|
bool "Support for hardware updates of the Access and Dirty page flags"
|
|
default y
|
|
help
|
|
The ARMv8.1 architecture extensions introduce support for
|
|
hardware updates of the access and dirty information in page
|
|
table entries. When enabled in TCR_EL1 (HA and HD bits) on
|
|
capable processors, accesses to pages with PTE_AF cleared will
|
|
set this bit instead of raising an access flag fault.
|
|
Similarly, writes to read-only pages with the DBM bit set will
|
|
clear the read-only bit (AP[2]) instead of raising a
|
|
permission fault.
|
|
|
|
Kernels built with this configuration option enabled continue
|
|
to work on pre-ARMv8.1 hardware and the performance impact is
|
|
minimal. If unsure, say Y.
|
|
|
|
config CPU_BIG_ENDIAN
|
|
bool "Build big-endian kernel"
|
|
help
|
|
Say Y if you plan on running a kernel in big-endian mode.
|
|
|
|
config SMP
|
|
bool "Symmetric Multi-Processing"
|
|
help
|
|
This enables support for systems with more than one CPU. If
|
|
you say N here, the kernel will run on single and
|
|
multiprocessor machines, but will use only one CPU of a
|
|
multiprocessor machine. If you say Y here, the kernel will run
|
|
on many, but not all, single processor machines. On a single
|
|
processor machine, the kernel will run faster if you say N
|
|
here.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config SCHED_MC
|
|
bool "Multi-core scheduler support"
|
|
depends on SMP
|
|
help
|
|
Multi-core scheduler support improves the CPU scheduler's decision
|
|
making when dealing with multi-core CPU chips at a cost of slightly
|
|
increased overhead in some places. If unsure say N here.
|
|
|
|
config SCHED_SMT
|
|
bool "SMT scheduler support"
|
|
depends on SMP
|
|
help
|
|
Improves the CPU scheduler's decision making when dealing with
|
|
MultiThreading at a cost of slightly increased overhead in some
|
|
places. If unsure say N here.
|
|
|
|
config NR_CPUS
|
|
int "Maximum number of CPUs (2-4096)"
|
|
range 2 4096
|
|
depends on SMP
|
|
# These have to remain sorted largest to smallest
|
|
default "64"
|
|
|
|
config HOTPLUG_CPU
|
|
bool "Support for hot-pluggable CPUs"
|
|
depends on SMP
|
|
help
|
|
Say Y here to experiment with turning CPUs off and on. CPUs
|
|
can be controlled through /sys/devices/system/cpu.
|
|
|
|
source kernel/Kconfig.preempt
|
|
|
|
config UP_LATE_INIT
|
|
def_bool y
|
|
depends on !SMP
|
|
|
|
config HZ
|
|
int
|
|
default 100
|
|
|
|
config ARCH_HAS_HOLES_MEMORYMODEL
|
|
def_bool y if SPARSEMEM
|
|
|
|
config ARCH_SPARSEMEM_ENABLE
|
|
def_bool y
|
|
select SPARSEMEM_VMEMMAP_ENABLE
|
|
|
|
config ARCH_SPARSEMEM_DEFAULT
|
|
def_bool ARCH_SPARSEMEM_ENABLE
|
|
|
|
config ARCH_SELECT_MEMORY_MODEL
|
|
def_bool ARCH_SPARSEMEM_ENABLE
|
|
|
|
config HAVE_ARCH_PFN_VALID
|
|
def_bool ARCH_HAS_HOLES_MEMORYMODEL || !SPARSEMEM
|
|
|
|
config HW_PERF_EVENTS
|
|
bool "Enable hardware performance counter support for perf events"
|
|
depends on PERF_EVENTS
|
|
default y
|
|
help
|
|
Enable hardware performance counter support for perf events. If
|
|
disabled, perf events will use software events only.
|
|
|
|
config SYS_SUPPORTS_HUGETLBFS
|
|
def_bool y
|
|
|
|
config ARCH_WANT_GENERAL_HUGETLB
|
|
def_bool y
|
|
|
|
config ARCH_WANT_HUGE_PMD_SHARE
|
|
def_bool y if !ARM64_64K_PAGES
|
|
|
|
config HAVE_ARCH_TRANSPARENT_HUGEPAGE
|
|
def_bool y
|
|
|
|
config ARCH_HAS_CACHE_LINE_SIZE
|
|
def_bool y
|
|
|
|
source "mm/Kconfig"
|
|
|
|
config SECCOMP
|
|
bool "Enable seccomp to safely compute untrusted bytecode"
|
|
---help---
|
|
This kernel feature is useful for number crunching applications
|
|
that may need to compute untrusted bytecode during their
|
|
execution. By using pipes or other transports made available to
|
|
the process as file descriptors supporting the read/write
|
|
syscalls, it's possible to isolate those applications in
|
|
their own address space using seccomp. Once seccomp is
|
|
enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
|
|
and the task is only allowed to execute a few safe syscalls
|
|
defined by each seccomp mode.
|
|
|
|
config XEN_DOM0
|
|
def_bool y
|
|
depends on XEN
|
|
|
|
config XEN
|
|
bool "Xen guest support on ARM64"
|
|
depends on ARM64 && OF
|
|
select SWIOTLB_XEN
|
|
help
|
|
Say Y if you want to run Linux in a Virtual Machine on Xen on ARM64.
|
|
|
|
config FORCE_MAX_ZONEORDER
|
|
int
|
|
default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE)
|
|
default "11"
|
|
|
|
menuconfig ARMV8_DEPRECATED
|
|
bool "Emulate deprecated/obsolete ARMv8 instructions"
|
|
depends on COMPAT
|
|
help
|
|
Legacy software support may require certain instructions
|
|
that have been deprecated or obsoleted in the architecture.
|
|
|
|
Enable this config to enable selective emulation of these
|
|
features.
|
|
|
|
If unsure, say Y
|
|
|
|
if ARMV8_DEPRECATED
|
|
|
|
config SWP_EMULATION
|
|
bool "Emulate SWP/SWPB instructions"
|
|
help
|
|
ARMv8 obsoletes the use of A32 SWP/SWPB instructions such that
|
|
they are always undefined. Say Y here to enable software
|
|
emulation of these instructions for userspace using LDXR/STXR.
|
|
|
|
In some older versions of glibc [<=2.8] SWP is used during futex
|
|
trylock() operations with the assumption that the code will not
|
|
be preempted. This invalid assumption may be more likely to fail
|
|
with SWP emulation enabled, leading to deadlock of the user
|
|
application.
|
|
|
|
NOTE: when accessing uncached shared regions, LDXR/STXR rely
|
|
on an external transaction monitoring block called a global
|
|
monitor to maintain update atomicity. If your system does not
|
|
implement a global monitor, this option can cause programs that
|
|
perform SWP operations to uncached memory to deadlock.
|
|
|
|
If unsure, say Y
|
|
|
|
config CP15_BARRIER_EMULATION
|
|
bool "Emulate CP15 Barrier instructions"
|
|
help
|
|
The CP15 barrier instructions - CP15ISB, CP15DSB, and
|
|
CP15DMB - are deprecated in ARMv8 (and ARMv7). It is
|
|
strongly recommended to use the ISB, DSB, and DMB
|
|
instructions instead.
|
|
|
|
Say Y here to enable software emulation of these
|
|
instructions for AArch32 userspace code. When this option is
|
|
enabled, CP15 barrier usage is traced which can help
|
|
identify software that needs updating.
|
|
|
|
If unsure, say Y
|
|
|
|
config SETEND_EMULATION
|
|
bool "Emulate SETEND instruction"
|
|
help
|
|
The SETEND instruction alters the data-endianness of the
|
|
AArch32 EL0, and is deprecated in ARMv8.
|
|
|
|
Say Y here to enable software emulation of the instruction
|
|
for AArch32 userspace code.
|
|
|
|
Note: All the cpus on the system must have mixed endian support at EL0
|
|
for this feature to be enabled. If a new CPU - which doesn't support mixed
|
|
endian - is hotplugged in after this feature has been enabled, there could
|
|
be unexpected results in the applications.
|
|
|
|
If unsure, say Y
|
|
endif
|
|
|
|
endmenu
|
|
|
|
menu "Boot options"
|
|
|
|
config CMDLINE
|
|
string "Default kernel command string"
|
|
default ""
|
|
help
|
|
Provide a set of default command-line options at build time by
|
|
entering them here. As a minimum, you should specify the the
|
|
root device (e.g. root=/dev/nfs).
|
|
|
|
config CMDLINE_FORCE
|
|
bool "Always use the default kernel command string"
|
|
help
|
|
Always use the default kernel command string, even if the boot
|
|
loader passes other arguments to the kernel.
|
|
This is useful if you cannot or don't want to change the
|
|
command-line options your boot loader passes to the kernel.
|
|
|
|
config EFI_STUB
|
|
bool
|
|
|
|
config EFI
|
|
bool "UEFI runtime support"
|
|
depends on OF && !CPU_BIG_ENDIAN
|
|
select LIBFDT
|
|
select UCS2_STRING
|
|
select EFI_PARAMS_FROM_FDT
|
|
select EFI_RUNTIME_WRAPPERS
|
|
select EFI_STUB
|
|
select EFI_ARMSTUB
|
|
default y
|
|
help
|
|
This option provides support for runtime services provided
|
|
by UEFI firmware (such as non-volatile variables, realtime
|
|
clock, and platform reset). A UEFI stub is also provided to
|
|
allow the kernel to be booted as an EFI application. This
|
|
is only useful on systems that have UEFI firmware.
|
|
|
|
config DMI
|
|
bool "Enable support for SMBIOS (DMI) tables"
|
|
depends on EFI
|
|
default y
|
|
help
|
|
This enables SMBIOS/DMI feature for systems.
|
|
|
|
This option is only useful on systems that have UEFI firmware.
|
|
However, even with this option, the resultant kernel should
|
|
continue to boot on existing non-UEFI platforms.
|
|
|
|
endmenu
|
|
|
|
menu "Userspace binary formats"
|
|
|
|
source "fs/Kconfig.binfmt"
|
|
|
|
config COMPAT
|
|
bool "Kernel support for 32-bit EL0"
|
|
depends on !ARM64_64K_PAGES || EXPERT
|
|
select COMPAT_BINFMT_ELF
|
|
select HAVE_UID16
|
|
select OLD_SIGSUSPEND3
|
|
select COMPAT_OLD_SIGACTION
|
|
help
|
|
This option enables support for a 32-bit EL0 running under a 64-bit
|
|
kernel at EL1. AArch32-specific components such as system calls,
|
|
the user helper functions, VFP support and the ptrace interface are
|
|
handled appropriately by the kernel.
|
|
|
|
If you also enabled CONFIG_ARM64_64K_PAGES, please be aware that you
|
|
will only be able to execute AArch32 binaries that were compiled with
|
|
64k aligned segments.
|
|
|
|
If you want to execute 32-bit userspace applications, say Y.
|
|
|
|
config SYSVIPC_COMPAT
|
|
def_bool y
|
|
depends on COMPAT && SYSVIPC
|
|
|
|
endmenu
|
|
|
|
menu "Power management options"
|
|
|
|
source "kernel/power/Kconfig"
|
|
|
|
config ARCH_SUSPEND_POSSIBLE
|
|
def_bool y
|
|
|
|
endmenu
|
|
|
|
menu "CPU Power Management"
|
|
|
|
source "drivers/cpuidle/Kconfig"
|
|
|
|
source "drivers/cpufreq/Kconfig"
|
|
|
|
endmenu
|
|
|
|
source "net/Kconfig"
|
|
|
|
source "drivers/Kconfig"
|
|
|
|
source "drivers/firmware/Kconfig"
|
|
|
|
source "drivers/acpi/Kconfig"
|
|
|
|
source "fs/Kconfig"
|
|
|
|
source "arch/arm64/kvm/Kconfig"
|
|
|
|
source "arch/arm64/Kconfig.debug"
|
|
|
|
source "security/Kconfig"
|
|
|
|
source "crypto/Kconfig"
|
|
if CRYPTO
|
|
source "arch/arm64/crypto/Kconfig"
|
|
endif
|
|
|
|
source "lib/Kconfig"
|