forked from Minki/linux
aefcf2f4b5
Pull kernel lockdown mode from James Morris:
"This is the latest iteration of the kernel lockdown patchset, from
Matthew Garrett, David Howells and others.
From the original description:
This patchset introduces an optional kernel lockdown feature,
intended to strengthen the boundary between UID 0 and the kernel.
When enabled, various pieces of kernel functionality are restricted.
Applications that rely on low-level access to either hardware or the
kernel may cease working as a result - therefore this should not be
enabled without appropriate evaluation beforehand.
The majority of mainstream distributions have been carrying variants
of this patchset for many years now, so there's value in providing a
doesn't meet every distribution requirement, but gets us much closer
to not requiring external patches.
There are two major changes since this was last proposed for mainline:
- Separating lockdown from EFI secure boot. Background discussion is
covered here: https://lwn.net/Articles/751061/
- Implementation as an LSM, with a default stackable lockdown LSM
module. This allows the lockdown feature to be policy-driven,
rather than encoding an implicit policy within the mechanism.
The new locked_down LSM hook is provided to allow LSMs to make a
policy decision around whether kernel functionality that would allow
tampering with or examining the runtime state of the kernel should be
permitted.
The included lockdown LSM provides an implementation with a simple
policy intended for general purpose use. This policy provides a coarse
level of granularity, controllable via the kernel command line:
lockdown={integrity|confidentiality}
Enable the kernel lockdown feature. If set to integrity, kernel features
that allow userland to modify the running kernel are disabled. If set to
confidentiality, kernel features that allow userland to extract
confidential information from the kernel are also disabled.
This may also be controlled via /sys/kernel/security/lockdown and
overriden by kernel configuration.
New or existing LSMs may implement finer-grained controls of the
lockdown features. Refer to the lockdown_reason documentation in
include/linux/security.h for details.
The lockdown feature has had signficant design feedback and review
across many subsystems. This code has been in linux-next for some
weeks, with a few fixes applied along the way.
Stephen Rothwell noted that commit 9d1f8be5cf
("bpf: Restrict bpf
when kernel lockdown is in confidentiality mode") is missing a
Signed-off-by from its author. Matthew responded that he is providing
this under category (c) of the DCO"
* 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (31 commits)
kexec: Fix file verification on S390
security: constify some arrays in lockdown LSM
lockdown: Print current->comm in restriction messages
efi: Restrict efivar_ssdt_load when the kernel is locked down
tracefs: Restrict tracefs when the kernel is locked down
debugfs: Restrict debugfs when the kernel is locked down
kexec: Allow kexec_file() with appropriate IMA policy when locked down
lockdown: Lock down perf when in confidentiality mode
bpf: Restrict bpf when kernel lockdown is in confidentiality mode
lockdown: Lock down tracing and perf kprobes when in confidentiality mode
lockdown: Lock down /proc/kcore
x86/mmiotrace: Lock down the testmmiotrace module
lockdown: Lock down module params that specify hardware parameters (eg. ioport)
lockdown: Lock down TIOCSSERIAL
lockdown: Prohibit PCMCIA CIS storage when the kernel is locked down
acpi: Disable ACPI table override if the kernel is locked down
acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
ACPI: Limit access to custom_method when the kernel is locked down
x86/msr: Restrict MSR access when the kernel is locked down
x86: Lock down IO port access when the kernel is locked down
...
1009 lines
27 KiB
Plaintext
1009 lines
27 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
config MMU
|
|
def_bool y
|
|
|
|
config ZONE_DMA
|
|
def_bool y
|
|
|
|
config CPU_BIG_ENDIAN
|
|
def_bool y
|
|
|
|
config LOCKDEP_SUPPORT
|
|
def_bool y
|
|
|
|
config STACKTRACE_SUPPORT
|
|
def_bool y
|
|
|
|
config ARCH_HAS_ILOG2_U32
|
|
def_bool n
|
|
|
|
config ARCH_HAS_ILOG2_U64
|
|
def_bool n
|
|
|
|
config GENERIC_HWEIGHT
|
|
def_bool y
|
|
|
|
config GENERIC_BUG
|
|
def_bool y if BUG
|
|
|
|
config GENERIC_BUG_RELATIVE_POINTERS
|
|
def_bool y
|
|
|
|
config GENERIC_LOCKBREAK
|
|
def_bool y if PREEMPT
|
|
|
|
config PGSTE
|
|
def_bool y if KVM
|
|
|
|
config ARCH_SUPPORTS_DEBUG_PAGEALLOC
|
|
def_bool y
|
|
|
|
config AUDIT_ARCH
|
|
def_bool y
|
|
|
|
config NO_IOPORT_MAP
|
|
def_bool y
|
|
|
|
config PCI_QUIRKS
|
|
def_bool n
|
|
|
|
config ARCH_SUPPORTS_UPROBES
|
|
def_bool y
|
|
|
|
config KASAN_SHADOW_OFFSET
|
|
hex
|
|
depends on KASAN
|
|
default 0x18000000000000 if KASAN_S390_4_LEVEL_PAGING
|
|
default 0x30000000000
|
|
|
|
config S390
|
|
def_bool y
|
|
select ARCH_BINFMT_ELF_STATE
|
|
select ARCH_HAS_DEVMEM_IS_ALLOWED
|
|
select ARCH_HAS_ELF_RANDOMIZE
|
|
select ARCH_HAS_FORTIFY_SOURCE
|
|
select ARCH_HAS_GCOV_PROFILE_ALL
|
|
select ARCH_HAS_GIGANTIC_PAGE
|
|
select ARCH_HAS_KCOV
|
|
select ARCH_HAS_MEM_ENCRYPT
|
|
select ARCH_HAS_PTE_SPECIAL
|
|
select ARCH_HAS_SET_MEMORY
|
|
select ARCH_HAS_STRICT_KERNEL_RWX
|
|
select ARCH_HAS_STRICT_MODULE_RWX
|
|
select ARCH_HAS_SYSCALL_WRAPPER
|
|
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
|
select ARCH_INLINE_READ_LOCK
|
|
select ARCH_INLINE_READ_LOCK_BH
|
|
select ARCH_INLINE_READ_LOCK_IRQ
|
|
select ARCH_INLINE_READ_LOCK_IRQSAVE
|
|
select ARCH_INLINE_READ_TRYLOCK
|
|
select ARCH_INLINE_READ_UNLOCK
|
|
select ARCH_INLINE_READ_UNLOCK_BH
|
|
select ARCH_INLINE_READ_UNLOCK_IRQ
|
|
select ARCH_INLINE_READ_UNLOCK_IRQRESTORE
|
|
select ARCH_INLINE_SPIN_LOCK
|
|
select ARCH_INLINE_SPIN_LOCK_BH
|
|
select ARCH_INLINE_SPIN_LOCK_IRQ
|
|
select ARCH_INLINE_SPIN_LOCK_IRQSAVE
|
|
select ARCH_INLINE_SPIN_TRYLOCK
|
|
select ARCH_INLINE_SPIN_TRYLOCK_BH
|
|
select ARCH_INLINE_SPIN_UNLOCK
|
|
select ARCH_INLINE_SPIN_UNLOCK_BH
|
|
select ARCH_INLINE_SPIN_UNLOCK_IRQ
|
|
select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE
|
|
select ARCH_INLINE_WRITE_LOCK
|
|
select ARCH_INLINE_WRITE_LOCK_BH
|
|
select ARCH_INLINE_WRITE_LOCK_IRQ
|
|
select ARCH_INLINE_WRITE_LOCK_IRQSAVE
|
|
select ARCH_INLINE_WRITE_TRYLOCK
|
|
select ARCH_INLINE_WRITE_UNLOCK
|
|
select ARCH_INLINE_WRITE_UNLOCK_BH
|
|
select ARCH_INLINE_WRITE_UNLOCK_IRQ
|
|
select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE
|
|
select ARCH_KEEP_MEMBLOCK
|
|
select ARCH_SAVE_PAGE_KEYS if HIBERNATION
|
|
select ARCH_STACKWALK
|
|
select ARCH_SUPPORTS_ATOMIC_RMW
|
|
select ARCH_SUPPORTS_NUMA_BALANCING
|
|
select ARCH_USE_BUILTIN_BSWAP
|
|
select ARCH_USE_CMPXCHG_LOCKREF
|
|
select ARCH_WANTS_DYNAMIC_TASK_STRUCT
|
|
select ARCH_WANT_IPC_PARSE_VERSION
|
|
select BUILDTIME_EXTABLE_SORT
|
|
select CLONE_BACKWARDS2
|
|
select DYNAMIC_FTRACE if FUNCTION_TRACER
|
|
select GENERIC_CLOCKEVENTS
|
|
select GENERIC_CPU_AUTOPROBE
|
|
select GENERIC_CPU_VULNERABILITIES
|
|
select GENERIC_FIND_FIRST_BIT
|
|
select GENERIC_SMP_IDLE_THREAD
|
|
select GENERIC_TIME_VSYSCALL
|
|
select HAVE_ALIGNED_STRUCT_PAGE if SLUB
|
|
select HAVE_ARCH_AUDITSYSCALL
|
|
select HAVE_ARCH_JUMP_LABEL
|
|
select HAVE_ARCH_JUMP_LABEL_RELATIVE
|
|
select HAVE_ARCH_KASAN
|
|
select CPU_NO_EFFICIENT_FFS if !HAVE_MARCH_Z9_109_FEATURES
|
|
select HAVE_ARCH_SECCOMP_FILTER
|
|
select HAVE_ARCH_SOFT_DIRTY
|
|
select HAVE_ARCH_TRACEHOOK
|
|
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
|
|
select HAVE_ARCH_VMAP_STACK
|
|
select HAVE_ASM_MODVERSIONS
|
|
select HAVE_EBPF_JIT if PACK_STACK && HAVE_MARCH_Z196_FEATURES
|
|
select HAVE_CMPXCHG_DOUBLE
|
|
select HAVE_CMPXCHG_LOCAL
|
|
select HAVE_COPY_THREAD_TLS
|
|
select HAVE_DEBUG_KMEMLEAK
|
|
select HAVE_DMA_CONTIGUOUS
|
|
select HAVE_DYNAMIC_FTRACE
|
|
select HAVE_DYNAMIC_FTRACE_WITH_REGS
|
|
select HAVE_FAST_GUP
|
|
select HAVE_EFFICIENT_UNALIGNED_ACCESS
|
|
select HAVE_FENTRY
|
|
select HAVE_FTRACE_MCOUNT_RECORD
|
|
select HAVE_FUNCTION_GRAPH_TRACER
|
|
select HAVE_FUNCTION_TRACER
|
|
select HAVE_FUTEX_CMPXCHG if FUTEX
|
|
select HAVE_GCC_PLUGINS
|
|
select HAVE_KERNEL_BZIP2
|
|
select HAVE_KERNEL_GZIP
|
|
select HAVE_KERNEL_LZ4
|
|
select HAVE_KERNEL_LZMA
|
|
select HAVE_KERNEL_LZO
|
|
select HAVE_KERNEL_UNCOMPRESSED
|
|
select HAVE_KERNEL_XZ
|
|
select HAVE_KPROBES
|
|
select HAVE_KRETPROBES
|
|
select HAVE_KVM
|
|
select HAVE_LIVEPATCH
|
|
select HAVE_PERF_REGS
|
|
select HAVE_PERF_USER_STACK_DUMP
|
|
select HAVE_MEMBLOCK_NODE_MAP
|
|
select HAVE_MEMBLOCK_PHYS_MAP
|
|
select HAVE_MMU_GATHER_NO_GATHER
|
|
select HAVE_MOD_ARCH_SPECIFIC
|
|
select HAVE_NOP_MCOUNT
|
|
select HAVE_OPROFILE
|
|
select HAVE_PCI
|
|
select HAVE_PERF_EVENTS
|
|
select HAVE_RCU_TABLE_FREE
|
|
select HAVE_REGS_AND_STACK_ACCESS_API
|
|
select HAVE_RSEQ
|
|
select HAVE_SYSCALL_TRACEPOINTS
|
|
select HAVE_VIRT_CPU_ACCOUNTING
|
|
select IOMMU_HELPER if PCI
|
|
select IOMMU_SUPPORT if PCI
|
|
select MODULES_USE_ELF_RELA
|
|
select NEED_DMA_MAP_STATE if PCI
|
|
select NEED_SG_DMA_LENGTH if PCI
|
|
select OLD_SIGACTION
|
|
select OLD_SIGSUSPEND3
|
|
select PCI_DOMAINS if PCI
|
|
select PCI_MSI if PCI
|
|
select SPARSE_IRQ
|
|
select SYSCTL_EXCEPTION_TRACE
|
|
select THREAD_INFO_IN_TASK
|
|
select TTY
|
|
select VIRT_CPU_ACCOUNTING
|
|
select ARCH_HAS_SCALED_CPUTIME
|
|
select HAVE_NMI
|
|
select ARCH_HAS_FORCE_DMA_UNENCRYPTED
|
|
select SWIOTLB
|
|
select GENERIC_ALLOCATOR
|
|
|
|
|
|
config SCHED_OMIT_FRAME_POINTER
|
|
def_bool y
|
|
|
|
config PGTABLE_LEVELS
|
|
int
|
|
default 5
|
|
|
|
source "kernel/livepatch/Kconfig"
|
|
|
|
menu "Processor type and features"
|
|
|
|
config HAVE_MARCH_Z900_FEATURES
|
|
def_bool n
|
|
|
|
config HAVE_MARCH_Z990_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z900_FEATURES
|
|
|
|
config HAVE_MARCH_Z9_109_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z990_FEATURES
|
|
|
|
config HAVE_MARCH_Z10_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z9_109_FEATURES
|
|
|
|
config HAVE_MARCH_Z196_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z10_FEATURES
|
|
|
|
config HAVE_MARCH_ZEC12_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z196_FEATURES
|
|
|
|
config HAVE_MARCH_Z13_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_ZEC12_FEATURES
|
|
|
|
config HAVE_MARCH_Z14_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z13_FEATURES
|
|
|
|
config HAVE_MARCH_Z15_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z14_FEATURES
|
|
|
|
choice
|
|
prompt "Processor type"
|
|
default MARCH_Z196
|
|
|
|
config MARCH_Z900
|
|
bool "IBM zSeries model z800 and z900"
|
|
depends on !CC_IS_CLANG
|
|
select HAVE_MARCH_Z900_FEATURES
|
|
help
|
|
Select this to enable optimizations for model z800/z900 (2064 and
|
|
2066 series). This will enable some optimizations that are not
|
|
available on older ESA/390 (31 Bit) only CPUs.
|
|
|
|
config MARCH_Z990
|
|
bool "IBM zSeries model z890 and z990"
|
|
depends on !CC_IS_CLANG
|
|
select HAVE_MARCH_Z990_FEATURES
|
|
help
|
|
Select this to enable optimizations for model z890/z990 (2084 and
|
|
2086 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z9_109
|
|
bool "IBM System z9"
|
|
depends on !CC_IS_CLANG
|
|
select HAVE_MARCH_Z9_109_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM System z9 (2094 and
|
|
2096 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z10
|
|
bool "IBM System z10"
|
|
select HAVE_MARCH_Z10_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM System z10 (2097 and
|
|
2098 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z196
|
|
bool "IBM zEnterprise 114 and 196"
|
|
select HAVE_MARCH_Z196_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM zEnterprise 114 and 196
|
|
(2818 and 2817 series). The kernel will be slightly faster but will
|
|
not work on older machines.
|
|
|
|
config MARCH_ZEC12
|
|
bool "IBM zBC12 and zEC12"
|
|
select HAVE_MARCH_ZEC12_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM zBC12 and zEC12 (2828 and
|
|
2827 series). The kernel will be slightly faster but will not work on
|
|
older machines.
|
|
|
|
config MARCH_Z13
|
|
bool "IBM z13s and z13"
|
|
select HAVE_MARCH_Z13_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM z13s and z13 (2965 and
|
|
2964 series). The kernel will be slightly faster but will not work on
|
|
older machines.
|
|
|
|
config MARCH_Z14
|
|
bool "IBM z14 ZR1 and z14"
|
|
select HAVE_MARCH_Z14_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM z14 ZR1 and z14 (3907
|
|
and 3906 series). The kernel will be slightly faster but will not
|
|
work on older machines.
|
|
|
|
config MARCH_Z15
|
|
bool "IBM z15"
|
|
select HAVE_MARCH_Z15_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM z15 (8562
|
|
and 8561 series). The kernel will be slightly faster but will not
|
|
work on older machines.
|
|
|
|
endchoice
|
|
|
|
config MARCH_Z900_TUNE
|
|
def_bool TUNE_Z900 || MARCH_Z900 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z990_TUNE
|
|
def_bool TUNE_Z990 || MARCH_Z990 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z9_109_TUNE
|
|
def_bool TUNE_Z9_109 || MARCH_Z9_109 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z10_TUNE
|
|
def_bool TUNE_Z10 || MARCH_Z10 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z196_TUNE
|
|
def_bool TUNE_Z196 || MARCH_Z196 && TUNE_DEFAULT
|
|
|
|
config MARCH_ZEC12_TUNE
|
|
def_bool TUNE_ZEC12 || MARCH_ZEC12 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z13_TUNE
|
|
def_bool TUNE_Z13 || MARCH_Z13 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z14_TUNE
|
|
def_bool TUNE_Z14 || MARCH_Z14 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z15_TUNE
|
|
def_bool TUNE_Z15 || MARCH_Z15 && TUNE_DEFAULT
|
|
|
|
choice
|
|
prompt "Tune code generation"
|
|
default TUNE_DEFAULT
|
|
help
|
|
Cause the compiler to tune (-mtune) the generated code for a machine.
|
|
This will make the code run faster on the selected machine but
|
|
somewhat slower on other machines.
|
|
This option only changes how the compiler emits instructions, not the
|
|
selection of instructions itself, so the resulting kernel will run on
|
|
all other machines.
|
|
|
|
config TUNE_DEFAULT
|
|
bool "Default"
|
|
help
|
|
Tune the generated code for the target processor for which the kernel
|
|
will be compiled.
|
|
|
|
config TUNE_Z900
|
|
bool "IBM zSeries model z800 and z900"
|
|
depends on !CC_IS_CLANG
|
|
|
|
config TUNE_Z990
|
|
bool "IBM zSeries model z890 and z990"
|
|
depends on !CC_IS_CLANG
|
|
|
|
config TUNE_Z9_109
|
|
bool "IBM System z9"
|
|
depends on !CC_IS_CLANG
|
|
|
|
config TUNE_Z10
|
|
bool "IBM System z10"
|
|
|
|
config TUNE_Z196
|
|
bool "IBM zEnterprise 114 and 196"
|
|
|
|
config TUNE_ZEC12
|
|
bool "IBM zBC12 and zEC12"
|
|
|
|
config TUNE_Z13
|
|
bool "IBM z13"
|
|
|
|
config TUNE_Z14
|
|
bool "IBM z14"
|
|
|
|
config TUNE_Z15
|
|
bool "IBM z15"
|
|
|
|
endchoice
|
|
|
|
config 64BIT
|
|
def_bool y
|
|
|
|
config COMPAT
|
|
def_bool y
|
|
prompt "Kernel support for 31 bit emulation"
|
|
select COMPAT_BINFMT_ELF if BINFMT_ELF
|
|
select ARCH_WANT_OLD_COMPAT_IPC
|
|
select COMPAT_OLD_SIGACTION
|
|
select HAVE_UID16
|
|
depends on MULTIUSER
|
|
help
|
|
Select this option if you want to enable your system kernel to
|
|
handle system-calls from ELF binaries for 31 bit ESA. This option
|
|
(and some other stuff like libraries and such) is needed for
|
|
executing 31 bit applications. It is safe to say "Y".
|
|
|
|
config COMPAT_VDSO
|
|
def_bool COMPAT && !CC_IS_CLANG
|
|
|
|
config SYSVIPC_COMPAT
|
|
def_bool y if COMPAT && SYSVIPC
|
|
|
|
config SMP
|
|
def_bool y
|
|
|
|
config NR_CPUS
|
|
int "Maximum number of CPUs (2-512)"
|
|
range 2 512
|
|
default "64"
|
|
help
|
|
This allows you to specify the maximum number of CPUs which this
|
|
kernel will support. The maximum supported value is 512 and the
|
|
minimum value which makes sense is 2.
|
|
|
|
This is purely to save memory - each supported CPU adds
|
|
approximately sixteen kilobytes to the kernel image.
|
|
|
|
config HOTPLUG_CPU
|
|
def_bool y
|
|
|
|
# Some NUMA nodes have memory ranges that span
|
|
# other nodes. Even though a pfn is valid and
|
|
# between a node's start and end pfns, it may not
|
|
# reside on that node. See memmap_init_zone()
|
|
# for details. <- They meant memory holes!
|
|
config NODES_SPAN_OTHER_NODES
|
|
def_bool NUMA
|
|
|
|
config NUMA
|
|
bool "NUMA support"
|
|
depends on SCHED_TOPOLOGY
|
|
default n
|
|
help
|
|
Enable NUMA support
|
|
|
|
This option adds NUMA support to the kernel.
|
|
|
|
An operation mode can be selected by appending
|
|
numa=<method> to the kernel command line.
|
|
|
|
The default behaviour is identical to appending numa=plain to
|
|
the command line. This will create just one node with all
|
|
available memory and all CPUs in it.
|
|
|
|
config NODES_SHIFT
|
|
int "Maximum NUMA nodes (as a power of 2)"
|
|
range 1 10
|
|
depends on NUMA
|
|
default "4"
|
|
help
|
|
Specify the maximum number of NUMA nodes available on the target
|
|
system. Increases memory reserved to accommodate various tables.
|
|
|
|
menu "Select NUMA modes"
|
|
depends on NUMA
|
|
|
|
config NUMA_EMU
|
|
bool "NUMA emulation"
|
|
default y
|
|
help
|
|
Numa emulation mode will split the available system memory into
|
|
equal chunks which then are distributed over the configured number
|
|
of nodes in a round-robin manner.
|
|
|
|
The number of fake nodes is limited by the number of available memory
|
|
chunks (i.e. memory size / fake size) and the number of supported
|
|
nodes in the kernel.
|
|
|
|
The CPUs are assigned to the nodes in a way that partially respects
|
|
the original machine topology (if supported by the machine).
|
|
Fair distribution of the CPUs is not guaranteed.
|
|
|
|
config EMU_SIZE
|
|
hex "NUMA emulation memory chunk size"
|
|
default 0x10000000
|
|
range 0x400000 0x100000000
|
|
depends on NUMA_EMU
|
|
help
|
|
Select the default size by which the memory is chopped and then
|
|
assigned to emulated NUMA nodes.
|
|
|
|
This can be overridden by specifying
|
|
|
|
emu_size=<n>
|
|
|
|
on the kernel command line where also suffixes K, M, G, and T are
|
|
supported.
|
|
|
|
endmenu
|
|
|
|
config SCHED_SMT
|
|
def_bool n
|
|
|
|
config SCHED_MC
|
|
def_bool n
|
|
|
|
config SCHED_BOOK
|
|
def_bool n
|
|
|
|
config SCHED_DRAWER
|
|
def_bool n
|
|
|
|
config SCHED_TOPOLOGY
|
|
def_bool y
|
|
prompt "Topology scheduler support"
|
|
select SCHED_SMT
|
|
select SCHED_MC
|
|
select SCHED_BOOK
|
|
select SCHED_DRAWER
|
|
help
|
|
Topology scheduler support improves the CPU scheduler's decision
|
|
making when dealing with machines that have multi-threading,
|
|
multiple cores or multiple books.
|
|
|
|
source "kernel/Kconfig.hz"
|
|
|
|
config KEXEC
|
|
def_bool y
|
|
select KEXEC_CORE
|
|
|
|
config KEXEC_FILE
|
|
bool "kexec file based system call"
|
|
select KEXEC_CORE
|
|
select BUILD_BIN2C
|
|
depends on CRYPTO
|
|
depends on CRYPTO_SHA256
|
|
depends on CRYPTO_SHA256_S390
|
|
help
|
|
Enable the kexec file based system call. In contrast to the normal
|
|
kexec system call this system call takes file descriptors for the
|
|
kernel and initramfs as arguments.
|
|
|
|
config ARCH_HAS_KEXEC_PURGATORY
|
|
def_bool y
|
|
depends on KEXEC_FILE
|
|
|
|
config KEXEC_SIG
|
|
bool "Verify kernel signature during kexec_file_load() syscall"
|
|
depends on KEXEC_FILE && MODULE_SIG_FORMAT
|
|
help
|
|
This option makes kernel signature verification mandatory for
|
|
the kexec_file_load() syscall.
|
|
|
|
In addition to that option, you need to enable signature
|
|
verification for the corresponding kernel image type being
|
|
loaded in order for this to work.
|
|
|
|
config ARCH_RANDOM
|
|
def_bool y
|
|
prompt "s390 architectural random number generation API"
|
|
help
|
|
Enable the s390 architectural random number generation API
|
|
to provide random data for all consumers within the Linux
|
|
kernel.
|
|
|
|
When enabled the arch_random_* functions declared in linux/random.h
|
|
are implemented. The implementation is based on the s390 CPACF
|
|
instruction subfunction TRNG which provides a real true random
|
|
number generator.
|
|
|
|
If unsure, say Y.
|
|
|
|
config KERNEL_NOBP
|
|
def_bool n
|
|
prompt "Enable modified branch prediction for the kernel by default"
|
|
help
|
|
If this option is selected the kernel will switch to a modified
|
|
branch prediction mode if the firmware interface is available.
|
|
The modified branch prediction mode improves the behaviour in
|
|
regard to speculative execution.
|
|
|
|
With the option enabled the kernel parameter "nobp=0" or "nospec"
|
|
can be used to run the kernel in the normal branch prediction mode.
|
|
|
|
With the option disabled the modified branch prediction mode is
|
|
enabled with the "nobp=1" kernel parameter.
|
|
|
|
If unsure, say N.
|
|
|
|
config EXPOLINE
|
|
def_bool n
|
|
prompt "Avoid speculative indirect branches in the kernel"
|
|
help
|
|
Compile the kernel with the expoline compiler options to guard
|
|
against kernel-to-user data leaks by avoiding speculative indirect
|
|
branches.
|
|
Requires a compiler with -mindirect-branch=thunk support for full
|
|
protection. The kernel may run slower.
|
|
|
|
If unsure, say N.
|
|
|
|
choice
|
|
prompt "Expoline default"
|
|
depends on EXPOLINE
|
|
default EXPOLINE_FULL
|
|
|
|
config EXPOLINE_OFF
|
|
bool "spectre_v2=off"
|
|
|
|
config EXPOLINE_AUTO
|
|
bool "spectre_v2=auto"
|
|
|
|
config EXPOLINE_FULL
|
|
bool "spectre_v2=on"
|
|
|
|
endchoice
|
|
|
|
config RELOCATABLE
|
|
bool "Build a relocatable kernel"
|
|
select MODULE_REL_CRCS if MODVERSIONS
|
|
default y
|
|
help
|
|
This builds a kernel image that retains relocation information
|
|
so it can be loaded at an arbitrary address.
|
|
The kernel is linked as a position-independent executable (PIE)
|
|
and contains dynamic relocations which are processed early in the
|
|
bootup process.
|
|
The relocations make the kernel image about 15% larger (compressed
|
|
10%), but are discarded at runtime.
|
|
|
|
config RANDOMIZE_BASE
|
|
bool "Randomize the address of the kernel image (KASLR)"
|
|
depends on RELOCATABLE
|
|
default y
|
|
help
|
|
In support of Kernel Address Space Layout Randomization (KASLR),
|
|
this randomizes the address at which the kernel image is loaded,
|
|
as a security feature that deters exploit attempts relying on
|
|
knowledge of the location of kernel internals.
|
|
|
|
endmenu
|
|
|
|
menu "Memory setup"
|
|
|
|
config ARCH_SPARSEMEM_ENABLE
|
|
def_bool y
|
|
select SPARSEMEM_VMEMMAP_ENABLE
|
|
select SPARSEMEM_VMEMMAP
|
|
|
|
config ARCH_SPARSEMEM_DEFAULT
|
|
def_bool y
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTPLUG
|
|
def_bool y if SPARSEMEM
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTREMOVE
|
|
def_bool y
|
|
|
|
config ARCH_ENABLE_SPLIT_PMD_PTLOCK
|
|
def_bool y
|
|
|
|
config FORCE_MAX_ZONEORDER
|
|
int
|
|
default "9"
|
|
|
|
config MAX_PHYSMEM_BITS
|
|
int "Maximum size of supported physical memory in bits (42-53)"
|
|
range 42 53
|
|
default "46"
|
|
help
|
|
This option specifies the maximum supported size of physical memory
|
|
in bits. Supported is any size between 2^42 (4TB) and 2^53 (8PB).
|
|
Increasing the number of bits also increases the kernel image size.
|
|
By default 46 bits (64TB) are supported.
|
|
|
|
config PACK_STACK
|
|
def_bool y
|
|
prompt "Pack kernel stack"
|
|
help
|
|
This option enables the compiler option -mkernel-backchain if it
|
|
is available. If the option is available the compiler supports
|
|
the new stack layout which dramatically reduces the minimum stack
|
|
frame size. With an old compiler a non-leaf function needs a
|
|
minimum of 96 bytes on 31 bit and 160 bytes on 64 bit. With
|
|
-mkernel-backchain the minimum size drops to 16 byte on 31 bit
|
|
and 24 byte on 64 bit.
|
|
|
|
Say Y if you are unsure.
|
|
|
|
config CHECK_STACK
|
|
def_bool y
|
|
depends on !VMAP_STACK
|
|
prompt "Detect kernel stack overflow"
|
|
help
|
|
This option enables the compiler option -mstack-guard and
|
|
-mstack-size if they are available. If the compiler supports them
|
|
it will emit additional code to each function prolog to trigger
|
|
an illegal operation if the kernel stack is about to overflow.
|
|
|
|
Say N if you are unsure.
|
|
|
|
config STACK_GUARD
|
|
int "Size of the guard area (128-1024)"
|
|
range 128 1024
|
|
depends on CHECK_STACK
|
|
default "256"
|
|
help
|
|
This allows you to specify the size of the guard area at the lower
|
|
end of the kernel stack. If the kernel stack points into the guard
|
|
area on function entry an illegal operation is triggered. The size
|
|
needs to be a power of 2. Please keep in mind that the size of an
|
|
interrupt frame is 184 bytes for 31 bit and 328 bytes on 64 bit.
|
|
The minimum size for the stack guard should be 256 for 31 bit and
|
|
512 for 64 bit.
|
|
|
|
config WARN_DYNAMIC_STACK
|
|
def_bool n
|
|
prompt "Emit compiler warnings for function with dynamic stack usage"
|
|
help
|
|
This option enables the compiler option -mwarn-dynamicstack. If the
|
|
compiler supports this options generates warnings for functions
|
|
that dynamically allocate stack space using alloca.
|
|
|
|
Say N if you are unsure.
|
|
|
|
endmenu
|
|
|
|
menu "I/O subsystem"
|
|
|
|
config QDIO
|
|
def_tristate y
|
|
prompt "QDIO support"
|
|
---help---
|
|
This driver provides the Queued Direct I/O base support for
|
|
IBM System z.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called qdio.
|
|
|
|
If unsure, say Y.
|
|
|
|
if PCI
|
|
|
|
config PCI_NR_FUNCTIONS
|
|
int "Maximum number of PCI functions (1-4096)"
|
|
range 1 4096
|
|
default "128"
|
|
help
|
|
This allows you to specify the maximum number of PCI functions which
|
|
this kernel will support.
|
|
|
|
endif # PCI
|
|
|
|
config HAS_IOMEM
|
|
def_bool PCI
|
|
|
|
config CHSC_SCH
|
|
def_tristate m
|
|
prompt "Support for CHSC subchannels"
|
|
help
|
|
This driver allows usage of CHSC subchannels. A CHSC subchannel
|
|
is usually present on LPAR only.
|
|
The driver creates a device /dev/chsc, which may be used to
|
|
obtain I/O configuration information about the machine and
|
|
to issue asynchronous chsc commands (DANGEROUS).
|
|
You will usually only want to use this interface on a special
|
|
LPAR designated for system management.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called chsc_sch.
|
|
|
|
If unsure, say N.
|
|
|
|
config SCM_BUS
|
|
def_bool y
|
|
prompt "SCM bus driver"
|
|
help
|
|
Bus driver for Storage Class Memory.
|
|
|
|
config EADM_SCH
|
|
def_tristate m
|
|
prompt "Support for EADM subchannels"
|
|
depends on SCM_BUS
|
|
help
|
|
This driver allows usage of EADM subchannels. EADM subchannels act
|
|
as a communication vehicle for SCM increments.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called eadm_sch.
|
|
|
|
config VFIO_CCW
|
|
def_tristate n
|
|
prompt "Support for VFIO-CCW subchannels"
|
|
depends on S390_CCW_IOMMU && VFIO_MDEV
|
|
help
|
|
This driver allows usage of I/O subchannels via VFIO-CCW.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called vfio_ccw.
|
|
|
|
config VFIO_AP
|
|
def_tristate n
|
|
prompt "VFIO support for AP devices"
|
|
depends on S390_AP_IOMMU && VFIO_MDEV_DEVICE && KVM
|
|
help
|
|
This driver grants access to Adjunct Processor (AP) devices
|
|
via the VFIO mediated device interface.
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called vfio_ap.
|
|
|
|
endmenu
|
|
|
|
menu "Dump support"
|
|
|
|
config CRASH_DUMP
|
|
bool "kernel crash dumps"
|
|
select KEXEC
|
|
help
|
|
Generate crash dump after being started by kexec.
|
|
Crash dump kernels are loaded in the main kernel with kexec-tools
|
|
into a specially reserved region and then later executed after
|
|
a crash by kdump/kexec.
|
|
Refer to <file:Documentation/s390/zfcpdump.rst> for more details on this.
|
|
This option also enables s390 zfcpdump.
|
|
See also <file:Documentation/s390/zfcpdump.rst>
|
|
|
|
endmenu
|
|
|
|
config SECCOMP
|
|
def_bool y
|
|
prompt "Enable seccomp to safely compute untrusted bytecode"
|
|
depends on PROC_FS
|
|
help
|
|
This kernel feature is useful for number crunching applications
|
|
that may need to compute untrusted bytecode during their
|
|
execution. By using pipes or other transports made available to
|
|
the process as file descriptors supporting the read/write
|
|
syscalls, it's possible to isolate those applications in
|
|
their own address space using seccomp. Once seccomp is
|
|
enabled via /proc/<pid>/seccomp, it cannot be disabled
|
|
and the task is only allowed to execute a few safe syscalls
|
|
defined by each seccomp mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
menu "Power Management"
|
|
|
|
config ARCH_HIBERNATION_POSSIBLE
|
|
def_bool y
|
|
|
|
source "kernel/power/Kconfig"
|
|
|
|
endmenu
|
|
|
|
config CCW
|
|
def_bool y
|
|
|
|
config HAVE_PNETID
|
|
tristate
|
|
default (SMC || CCWGROUP)
|
|
|
|
menu "Virtualization"
|
|
|
|
config PROTECTED_VIRTUALIZATION_GUEST
|
|
def_bool n
|
|
prompt "Protected virtualization guest support"
|
|
help
|
|
Select this option, if you want to be able to run this
|
|
kernel as a protected virtualization KVM guest.
|
|
Protected virtualization capable machines have a mini hypervisor
|
|
located at machine level (an ultravisor). With help of the
|
|
Ultravisor, KVM will be able to run "protected" VMs, special
|
|
VMs whose memory and management data are unavailable to KVM.
|
|
|
|
config PFAULT
|
|
def_bool y
|
|
prompt "Pseudo page fault support"
|
|
help
|
|
Select this option, if you want to use PFAULT pseudo page fault
|
|
handling under VM. If running native or in LPAR, this option
|
|
has no effect. If your VM does not support PFAULT, PAGEEX
|
|
pseudo page fault handling will be used.
|
|
Note that VM 4.2 supports PFAULT but has a bug in its
|
|
implementation that causes some problems.
|
|
Everybody who wants to run Linux under VM != VM4.2 should select
|
|
this option.
|
|
|
|
config CMM
|
|
def_tristate n
|
|
prompt "Cooperative memory management"
|
|
help
|
|
Select this option, if you want to enable the kernel interface
|
|
to reduce the memory size of the system. This is accomplished
|
|
by allocating pages of memory and put them "on hold". This only
|
|
makes sense for a system running under VM where the unused pages
|
|
will be reused by VM for other guest systems. The interface
|
|
allows an external monitor to balance memory of many systems.
|
|
Everybody who wants to run Linux under VM should select this
|
|
option.
|
|
|
|
config CMM_IUCV
|
|
def_bool y
|
|
prompt "IUCV special message interface to cooperative memory management"
|
|
depends on CMM && (SMSGIUCV=y || CMM=SMSGIUCV)
|
|
help
|
|
Select this option to enable the special message interface to
|
|
the cooperative memory management.
|
|
|
|
config APPLDATA_BASE
|
|
def_bool n
|
|
prompt "Linux - VM Monitor Stream, base infrastructure"
|
|
depends on PROC_FS
|
|
help
|
|
This provides a kernel interface for creating and updating z/VM APPLDATA
|
|
monitor records. The monitor records are updated at certain time
|
|
intervals, once the timer is started.
|
|
Writing 1 or 0 to /proc/appldata/timer starts(1) or stops(0) the timer,
|
|
i.e. enables or disables monitoring on the Linux side.
|
|
A custom interval value (in seconds) can be written to
|
|
/proc/appldata/interval.
|
|
|
|
Defaults are 60 seconds interval and timer off.
|
|
The /proc entries can also be read from, showing the current settings.
|
|
|
|
config APPLDATA_MEM
|
|
def_tristate m
|
|
prompt "Monitor memory management statistics"
|
|
depends on APPLDATA_BASE && VM_EVENT_COUNTERS
|
|
help
|
|
This provides memory management related data to the Linux - VM Monitor
|
|
Stream, like paging/swapping rate, memory utilisation, etc.
|
|
Writing 1 or 0 to /proc/appldata/memory creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
The /proc entry can also be read from, showing the current settings.
|
|
|
|
This can also be compiled as a module, which will be called
|
|
appldata_mem.o.
|
|
|
|
config APPLDATA_OS
|
|
def_tristate m
|
|
prompt "Monitor OS statistics"
|
|
depends on APPLDATA_BASE
|
|
help
|
|
This provides OS related data to the Linux - VM Monitor Stream, like
|
|
CPU utilisation, etc.
|
|
Writing 1 or 0 to /proc/appldata/os creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
This can also be compiled as a module, which will be called
|
|
appldata_os.o.
|
|
|
|
config APPLDATA_NET_SUM
|
|
def_tristate m
|
|
prompt "Monitor overall network statistics"
|
|
depends on APPLDATA_BASE && NET
|
|
help
|
|
This provides network related data to the Linux - VM Monitor Stream,
|
|
currently there is only a total sum of network I/O statistics, no
|
|
per-interface data.
|
|
Writing 1 or 0 to /proc/appldata/net_sum creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
This can also be compiled as a module, which will be called
|
|
appldata_net_sum.o.
|
|
|
|
config S390_HYPFS_FS
|
|
def_bool y
|
|
prompt "s390 hypervisor file system support"
|
|
select SYS_HYPERVISOR
|
|
help
|
|
This is a virtual file system intended to provide accounting
|
|
information in an s390 hypervisor environment.
|
|
|
|
source "arch/s390/kvm/Kconfig"
|
|
|
|
config S390_GUEST
|
|
def_bool y
|
|
prompt "s390 support for virtio devices"
|
|
select TTY
|
|
select VIRTUALIZATION
|
|
select VIRTIO
|
|
select VIRTIO_CONSOLE
|
|
help
|
|
Enabling this option adds support for virtio based paravirtual device
|
|
drivers on s390.
|
|
|
|
Select this option if you want to run the kernel as a guest under
|
|
the KVM hypervisor.
|
|
|
|
endmenu
|