projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
objtool: Make jump label hack optional
[linux-block.git] / arch / Kconfig
CommitLineData
b2441318 1# SPDX-License-Identifier: GPL-2.0
fb32e03f
MD		 2#
3# General architecture dependent options
4#
125e5645 5
1572497c
CH		 6#
7# Note: arch/$(SRCARCH)/Kconfig needs to be included first so that it can
8# override the default values in this file.
9#
10source "arch/$(SRCARCH)/Kconfig"
11
22471e13
RD		 12menu "General architecture-dependent options"
13
692f66f2
HB		 14config CRASH_CORE
15 bool
16
2965faa5 17config KEXEC_CORE
692f66f2 18 select CRASH_CORE
2965faa5
DY		 19 bool
20
175fca3b
SS		 21config KEXEC_ELF
22 bool
23
467d2782
TJB		 24config HAVE_IMA_KEXEC
25 bool
26
05736e4a
TG		 27config HOTPLUG_SMT
28 bool
29
142781e1
TG		 30config GENERIC_ENTRY
31 bool
32
125e5645
MD		 33config KPROBES
34 bool "Kprobes"
05ed160e 35 depends on MODULES
125e5645 36 depends on HAVE_KPROBES
05ed160e 37 select KALLSYMS
125e5645
MD		 38 help
39 Kprobes allows you to trap at almost any kernel address and
40 execute a callback function. register_kprobe() establishes
41 a probepoint and specifies the callback. Kprobes is useful
42 for kernel debugging, non-intrusive instrumentation and testing.
43 If in doubt, say "N".
44
45f81b1c 45config JUMP_LABEL
24b54fee
KK		 46 bool "Optimize very unlikely/likely branches"
47 depends on HAVE_ARCH_JUMP_LABEL
48 depends on CC_HAS_ASM_GOTO
4ab7674f 49 select OBJTOOL if HAVE_JUMP_LABEL_HACK
24b54fee
KK		 50 help
51 This option enables a transparent branch optimization that
c5905afb
IM		 52 makes certain almost-always-true or almost-always-false branch
53 conditions even cheaper to execute within the kernel.
54
55 Certain performance-sensitive kernel code, such as trace points,
56 scheduler functionality, networking code and KVM have such
57 branches and include support for this optimization technique.
58
24b54fee 59 If it is detected that the compiler has support for "asm goto",
c5905afb
IM		 60 the kernel will compile such branches with just a nop
61 instruction. When the condition flag is toggled to true, the
62 nop will be converted to a jump instruction to execute the
63 conditional block of instructions.
64
65 This technique lowers overhead and stress on the branch prediction
66 of the processor and generally makes the kernel faster. The update
67 of the condition is slower, but those are always very rare.
45f81b1c 68
c5905afb
IM		 69 ( On 32-bit x86, the necessary options added to the compiler
70 flags may increase the size of the kernel slightly. )
45f81b1c 71
1987c947
PZ		 72config STATIC_KEYS_SELFTEST
73 bool "Static key selftest"
74 depends on JUMP_LABEL
75 help
76 Boot time self-test of the branch patching code.
77
f03c4129
PZ		 78config STATIC_CALL_SELFTEST
79 bool "Static call selftest"
80 depends on HAVE_STATIC_CALL
81 help
82 Boot time self-test of the call patching code.
83
afd66255 84config OPTPROBES
5cc718b9
MH		 85 def_bool y
86 depends on KPROBES && HAVE_OPTPROBES
01b1d88b 87 select TASKS_RCU if PREEMPTION
afd66255 88
e7dbfe34
MH		 89config KPROBES_ON_FTRACE
90 def_bool y
91 depends on KPROBES && HAVE_KPROBES_ON_FTRACE
92 depends on DYNAMIC_FTRACE_WITH_REGS
93 help
94 If function tracer is enabled and the arch supports full
95 passing of pt_regs to function tracing, then kprobes can
96 optimize on top of function tracing.
97
2b144498 98config UPROBES
09294e31 99 def_bool n
e8f4aa60 100 depends on ARCH_SUPPORTS_UPROBES
2b144498 101 help
7b2d81d4
IM		 102 Uprobes is the user-space counterpart to kprobes: they
103 enable instrumentation applications (such as 'perf probe')
104 to establish unintrusive probes in user-space binaries and
105 libraries, by executing handler functions when the probes
106 are hit by user-space applications.
107
108 ( These probes come in the form of single-byte breakpoints,
109 managed by the kernel and kept transparent to the probed
110 application. )
2b144498 111
adab66b7
SRV		 112config HAVE_64BIT_ALIGNED_ACCESS
113 def_bool 64BIT && !HAVE_EFFICIENT_UNALIGNED_ACCESS
114 help
115 Some architectures require 64 bit accesses to be 64 bit
116 aligned, which also requires structs containing 64 bit values
117 to be 64 bit aligned too. This includes some 32 bit
118 architectures which can do 64 bit accesses, as well as 64 bit
119 architectures without unaligned access.
120
121 This symbol should be selected by an architecture if 64 bit
122 accesses are required to be 64 bit aligned in this way even
123 though it is not a 64 bit architecture.
124
ba1a297d
LB		 125 See Documentation/core-api/unaligned-memory-access.rst for
126 more information on the topic of unaligned memory accesses.
adab66b7 127
58340a07 128config HAVE_EFFICIENT_UNALIGNED_ACCESS
9ba16087 129 bool
58340a07
JB		 130 help
131 Some architectures are unable to perform unaligned accesses
132 without the use of get_unaligned/put_unaligned. Others are
133 unable to perform such accesses efficiently (e.g. trap on
134 unaligned access and require fixing it up in the exception
135 handler.)
136
137 This symbol should be selected by an architecture if it can
138 perform unaligned accesses efficiently to allow different
139 code paths to be selected for these cases. Some network
140 drivers, for example, could opt to not fix up alignment
141 problems with received packets if doing so would not help
142 much.
143
c9b54d6f 144 See Documentation/core-api/unaligned-memory-access.rst for more
58340a07
JB		 145 information on the topic of unaligned memory accesses.
146
cf66bb93 147config ARCH_USE_BUILTIN_BSWAP
24b54fee
KK		 148 bool
149 help
cf66bb93
DW		 150 Modern versions of GCC (since 4.4) have builtin functions
151 for handling byte-swapping. Using these, instead of the old
152 inline assembler that the architecture code provides in the
153 __arch_bswapXX() macros, allows the compiler to see what's
154 happening and offers more opportunity for optimisation. In
155 particular, the compiler will be able to combine the byteswap
156 with a nearby load or store and use load-and-swap or
157 store-and-swap instructions if the architecture has them. It
158 should almost *never* result in code which is worse than the
159 hand-coded assembler in <asm/swab.h>. But just in case it
160 does, the use of the builtins is optional.
161
162 Any architecture with load-and-swap or store-and-swap
163 instructions should set this. And it shouldn't hurt to set it
164 on architectures that don't have such instructions.
165
9edddaa2
AM		 166config KRETPROBES
167 def_bool y
73f9b911
MH		 168 depends on KPROBES && (HAVE_KRETPROBES || HAVE_RETHOOK)
169
170config KRETPROBE_ON_RETHOOK
171 def_bool y
172 depends on HAVE_RETHOOK
173 depends on KRETPROBES
174 select RETHOOK
9edddaa2 175
7c68af6e
AK		 176config USER_RETURN_NOTIFIER
177 bool
178 depends on HAVE_USER_RETURN_NOTIFIER
179 help
180 Provide a kernel-internal notification when a cpu is about to
181 switch to user mode.
182
28b2ee20 183config HAVE_IOREMAP_PROT
9ba16087 184 bool
28b2ee20 185
125e5645 186config HAVE_KPROBES
9ba16087 187 bool
9edddaa2
AM		 188
189config HAVE_KRETPROBES
9ba16087 190 bool
74bc7cee 191
afd66255
MH		 192config HAVE_OPTPROBES
193 bool
d314d74c 194
e7dbfe34
MH		 195config HAVE_KPROBES_ON_FTRACE
196 bool
197
1f6d3a8f
MH		 198config ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
199 bool
200 help
201 Since kretprobes modifies return address on the stack, the
202 stacktrace may see the kretprobe trampoline address instead
203 of correct one. If the architecture stacktrace code and
204 unwinder can adjust such entries, select this configuration.
205
540adea3 206config HAVE_FUNCTION_ERROR_INJECTION
9802d865
JB		 207 bool
208
42a0bb3f
PM		 209config HAVE_NMI
210 bool
211
a257cacc
CL		 212config HAVE_FUNCTION_DESCRIPTORS
213 bool
214
4aae683f
MY		 215config TRACE_IRQFLAGS_SUPPORT
216 bool
217
1f5a4ad9
RM		 218#
219# An arch should select this if it provides all these things:
220#
221# task_pt_regs() in asm/processor.h or asm/ptrace.h
222# arch_has_single_step() if there is hardware single-step support
223# arch_has_block_step() if there is hardware block-step support
1f5a4ad9
RM		 224# asm/syscall.h supplying asm-generic/syscall.h interface
225# linux/regset.h user_regset interfaces
226# CORE_DUMP_USE_REGSET #define'd in linux/elf.h
153474ba 227# TIF_SYSCALL_TRACE calls ptrace_report_syscall_{entry,exit}
03248add 228# TIF_NOTIFY_RESUME calls resume_user_mode_work()
1f5a4ad9
RM		 229#
230config HAVE_ARCH_TRACEHOOK
9ba16087 231 bool
1f5a4ad9 232
c64be2bb
MS		 233config HAVE_DMA_CONTIGUOUS
234 bool
235
29d5e047 236config GENERIC_SMP_IDLE_THREAD
24b54fee 237 bool
29d5e047 238
485cf5da 239config GENERIC_IDLE_POLL_SETUP
24b54fee 240 bool
485cf5da 241
6974f0c4
DM		 242config ARCH_HAS_FORTIFY_SOURCE
243 bool
244 help
245 An architecture should select this when it can successfully
246 build and run with CONFIG_FORTIFY_SOURCE.
247
d8ae8a37
CH		 248#
249# Select if the arch provides a historic keepinit alias for the retain_initrd
250# command line option
251#
252config ARCH_HAS_KEEPINITRD
253 bool
254
d2852a22
DB		 255# Select if arch has all set_memory_ro/rw/x/nx() functions in asm/cacheflush.h
256config ARCH_HAS_SET_MEMORY
257 bool
258
d253ca0c
RE		 259# Select if arch has all set_direct_map_invalid/default() functions
260config ARCH_HAS_SET_DIRECT_MAP
261 bool
262
c30700db 263#
fa7e2247 264# Select if the architecture provides the arch_dma_set_uncached symbol to
a86ecfa6 265# either provide an uncached segment alias for a DMA allocation, or
fa7e2247 266# to remap the page tables in place.
c30700db 267#
fa7e2247 268config ARCH_HAS_DMA_SET_UNCACHED
c30700db
CH		 269 bool
270
999a5d12
CH		 271#
272# Select if the architectures provides the arch_dma_clear_uncached symbol
273# to undo an in-place page table remap for uncached access.
274#
275config ARCH_HAS_DMA_CLEAR_UNCACHED
c30700db
CH		 276 bool
277
0500871f
DH		 278# Select if arch init_task must go in the __init_task_data section
279config ARCH_TASK_STRUCT_ON_STACK
24b54fee 280 bool
a4a2eb49 281
f5e10287
TG		 282# Select if arch has its private alloc_task_struct() function
283config ARCH_TASK_STRUCT_ALLOCATOR
284 bool
285
5905429a
KC		 286config HAVE_ARCH_THREAD_STRUCT_WHITELIST
287 bool
288 depends on !ARCH_TASK_STRUCT_ALLOCATOR
289 help
290 An architecture should select this to provide hardened usercopy
291 knowledge about what region of the thread_struct should be
292 whitelisted for copying to userspace. Normally this is only the
293 FPU registers. Specifically, arch_thread_struct_whitelist()
294 should be implemented. Without this, the entire thread_struct
295 field in task_struct will be left whitelisted.
296
b235beea
LT		 297# Select if arch has its private alloc_thread_stack() function
298config ARCH_THREAD_STACK_ALLOCATOR
f5e10287
TG		 299 bool
300
5aaeb5c0
IM		 301# Select if arch wants to size task_struct dynamically via arch_task_struct_size:
302config ARCH_WANTS_DYNAMIC_TASK_STRUCT
303 bool
304
51c2ee6d
ND		 305config ARCH_WANTS_NO_INSTR
306 bool
307 help
308 An architecture should select this if the noinstr macro is being used on
309 functions to denote that the toolchain should avoid instrumenting such
310 functions and is required for correctness.
311
942fa985
YN		 312config ARCH_32BIT_OFF_T
313 bool
314 depends on !64BIT
315 help
316 All new 32-bit architectures should have 64-bit off_t type on
317 userspace side which corresponds to the loff_t kernel type. This
318 is the requirement for modern ABIs. Some existing architectures
319 still support 32-bit off_t. This option is enabled for all such
320 architectures explicitly.
321
96c0a6a7
HC		 322# Selected by 64 bit architectures which have a 32 bit f_tinode in struct ustat
323config ARCH_32BIT_USTAT_F_TINODE
324 bool
325
2ff2b7ec
MY		 326config HAVE_ASM_MODVERSIONS
327 bool
328 help
a86ecfa6 329 This symbol should be selected by an architecture if it provides
2ff2b7ec
MY		 330 <asm/asm-prototypes.h> to support the module versioning for symbols
331 exported from assembly code.
332
f850c30c
HC		 333config HAVE_REGS_AND_STACK_ACCESS_API
334 bool
e01292b1 335 help
a86ecfa6 336 This symbol should be selected by an architecture if it supports
e01292b1
HC		 337 the API needed to access registers and stack entries from pt_regs,
338 declared in asm/ptrace.h
339 For example the kprobes-based event tracer needs this API.
f850c30c 340
d7822b1e
MD		 341config HAVE_RSEQ
342 bool
343 depends on HAVE_REGS_AND_STACK_ACCESS_API
344 help
345 This symbol should be selected by an architecture if it
346 supports an implementation of restartable sequences.
347
3c88ee19
MH		 348config HAVE_FUNCTION_ARG_ACCESS_API
349 bool
350 help
a86ecfa6 351 This symbol should be selected by an architecture if it supports
3c88ee19
MH		 352 the API needed to access function arguments from pt_regs,
353 declared in asm/ptrace.h
354
62a038d3
P		 355config HAVE_HW_BREAKPOINT
356 bool
99e8c5a3 357 depends on PERF_EVENTS
62a038d3 358
0102752e
FW		 359config HAVE_MIXED_BREAKPOINTS_REGS
360 bool
361 depends on HAVE_HW_BREAKPOINT
362 help
363 Depending on the arch implementation of hardware breakpoints,
364 some of them have separate registers for data and instruction
365 breakpoints addresses, others have mixed registers to store
366 them but define the access type in a control register.
367 Select this option if your arch implements breakpoints under the
368 latter fashion.
369
7c68af6e
AK		 370config HAVE_USER_RETURN_NOTIFIER
371 bool
a1922ed6 372
c01d4323
FW		 373config HAVE_PERF_EVENTS_NMI
374 bool
23637d47
FW		 375 help
376 System hardware can generate an NMI using the perf event
377 subsystem. Also has support for calculating CPU cycle events
378 to determine how many clock cycles in a given period.
c01d4323 379
05a4a952
NP		 380config HAVE_HARDLOCKUP_DETECTOR_PERF
381 bool
382 depends on HAVE_PERF_EVENTS_NMI
383 help
384 The arch chooses to use the generic perf-NMI-based hardlockup
385 detector. Must define HAVE_PERF_EVENTS_NMI.
386
387config HAVE_NMI_WATCHDOG
388 depends on HAVE_NMI
389 bool
390 help
391 The arch provides a low level NMI watchdog. It provides
392 asm/nmi.h, and defines its own arch_touch_nmi_watchdog().
393
394config HAVE_HARDLOCKUP_DETECTOR_ARCH
395 bool
396 select HAVE_NMI_WATCHDOG
397 help
398 The arch chooses to provide its own hardlockup detector, which is
399 a superset of the HAVE_NMI_WATCHDOG. It also conforms to config
400 interfaces and parameters provided by hardlockup detector subsystem.
401
c5e63197
JO		 402config HAVE_PERF_REGS
403 bool
404 help
405 Support selective register dumps for perf events. This includes
406 bit-mapping of each registers and a unique architecture id.
407
c5ebcedb
JO		 408config HAVE_PERF_USER_STACK_DUMP
409 bool
410 help
411 Support user stack dumps for perf event samples. This needs
412 access to the user stack pointer which is not unified across
413 architectures.
414
bf5438fc
JB		 415config HAVE_ARCH_JUMP_LABEL
416 bool
417
50ff18ab
AB		 418config HAVE_ARCH_JUMP_LABEL_RELATIVE
419 bool
420
0d6e24d4
PZ		 421config MMU_GATHER_TABLE_FREE
422 bool
423
ff2e6d72 424config MMU_GATHER_RCU_TABLE_FREE
26723911 425 bool
0d6e24d4 426 select MMU_GATHER_TABLE_FREE
26723911 427
3af4bd03 428config MMU_GATHER_PAGE_SIZE
ed6a7935
PZ		 429 bool
430
27796d03
PZ		 431config MMU_GATHER_NO_RANGE
432 bool
433
580a586c 434config MMU_GATHER_NO_GATHER
952a31c9 435 bool
0d6e24d4 436 depends on MMU_GATHER_TABLE_FREE
952a31c9 437
d53c3dfb
NP		 438config ARCH_WANT_IRQS_OFF_ACTIVATE_MM
439 bool
440 help
441 Temporary select until all architectures can be converted to have
442 irqs disabled over activate_mm. Architectures that do IPI based TLB
443 shootdowns should enable this.
444
df013ffb
HY		 445config ARCH_HAVE_NMI_SAFE_CMPXCHG
446 bool
447
43570fd2
HC		 448config HAVE_ALIGNED_STRUCT_PAGE
449 bool
450 help
451 This makes sure that struct pages are double word aligned and that
452 e.g. the SLUB allocator can perform double word atomic operations
453 on a struct page for better performance. However selecting this
454 might increase the size of a struct page by a word.
455
4156153c
HC		 456config HAVE_CMPXCHG_LOCAL
457 bool
458
2565409f
HC		 459config HAVE_CMPXCHG_DOUBLE
460 bool
461
77e58496
PM		 462config ARCH_WEAK_RELEASE_ACQUIRE
463 bool
464
c1d7e01d
WD		 465config ARCH_WANT_IPC_PARSE_VERSION
466 bool
467
468config ARCH_WANT_COMPAT_IPC_PARSE_VERSION
469 bool
470
48b25c43 471config ARCH_WANT_OLD_COMPAT_IPC
c1d7e01d 472 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
48b25c43
CM		 473 bool
474
282a181b
YZ		 475config HAVE_ARCH_SECCOMP
476 bool
477 help
478 An arch should select this symbol to support seccomp mode 1 (the fixed
479 syscall policy), and must provide an overrides for __NR_seccomp_sigreturn,
480 and compat syscalls if the asm-generic/seccomp.h defaults need adjustment:
481 - __NR_seccomp_read_32
482 - __NR_seccomp_write_32
483 - __NR_seccomp_exit_32
484 - __NR_seccomp_sigreturn_32
485
e2cfabdf
WD		 486config HAVE_ARCH_SECCOMP_FILTER
487 bool
282a181b 488 select HAVE_ARCH_SECCOMP
e2cfabdf 489 help
fb0fadf9 490 An arch should select this symbol if it provides all of these things:
282a181b 491 - all the requirements for HAVE_ARCH_SECCOMP
bb6ea430
WD		 492 - syscall_get_arch()
493 - syscall_get_arguments()
494 - syscall_rollback()
495 - syscall_set_return_value()
fb0fadf9
WD		 496 - SIGSYS siginfo_t support
497 - secure_computing is called from a ptrace_event()-safe context
498 - secure_computing return value is checked and a return value of -1
499 results in the system call being skipped immediately.
48dc92b9 500 - seccomp syscall wired up
0d8315dd
YZ		 501 - if !HAVE_SPARSE_SYSCALL_NR, have SECCOMP_ARCH_NATIVE,
502 SECCOMP_ARCH_NATIVE_NR, SECCOMP_ARCH_NATIVE_NAME defined. If
503 COMPAT is supported, have the SECCOMP_ARCH_COMPAT* defines too.
e2cfabdf 504
282a181b
YZ		 505config SECCOMP
506 prompt "Enable seccomp to safely execute untrusted bytecode"
507 def_bool y
508 depends on HAVE_ARCH_SECCOMP
509 help
510 This kernel feature is useful for number crunching applications
511 that may need to handle untrusted bytecode during their
512 execution. By using pipes or other transports made available
513 to the process as file descriptors supporting the read/write
514 syscalls, it's possible to isolate those applications in their
515 own address space using seccomp. Once seccomp is enabled via
516 prctl(PR_SET_SECCOMP) or the seccomp() syscall, it cannot be
517 disabled and the task is only allowed to execute a few safe
518 syscalls defined by each seccomp mode.
519
520 If unsure, say Y.
521
e2cfabdf
WD		 522config SECCOMP_FILTER
523 def_bool y
524 depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET
525 help
526 Enable tasks to build secure computing environments defined
527 in terms of Berkeley Packet Filter programs which implement
528 task-defined system call filtering polices.
529
5fb94e9c 530 See Documentation/userspace-api/seccomp_filter.rst for details.
e2cfabdf 531
0d8315dd
YZ		 532config SECCOMP_CACHE_DEBUG
533 bool "Show seccomp filter cache status in /proc/pid/seccomp_cache"
534 depends on SECCOMP_FILTER && !HAVE_SPARSE_SYSCALL_NR
535 depends on PROC_FS
536 help
537 This enables the /proc/pid/seccomp_cache interface to monitor
538 seccomp cache data. The file format is subject to change. Reading
539 the file requires CAP_SYS_ADMIN.
540
541 This option is for debugging only. Enabling presents the risk that
542 an adversary may be able to infer the seccomp filter logic.
543
544 If unsure, say N.
545
afaef01c
AP		 546config HAVE_ARCH_STACKLEAK
547 bool
548 help
549 An architecture should select this if it has the code which
550 fills the used part of the kernel stack with the STACKLEAK_POISON
551 value before returning from system calls.
552
d148eac0 553config HAVE_STACKPROTECTOR
19952a92
KC		 554 bool
555 help
556 An arch should select this symbol if:
19952a92
KC		 557 - it has implemented a stack canary (e.g. __stack_chk_guard)
558
050e9baa 559config STACKPROTECTOR
2a61f474 560 bool "Stack Protector buffer overflow detection"
d148eac0 561 depends on HAVE_STACKPROTECTOR
2a61f474
MY		 562 depends on $(cc-option,-fstack-protector)
563 default y
19952a92 564 help
8779657d 565 This option turns on the "stack-protector" GCC feature. This
19952a92
KC		 566 feature puts, at the beginning of functions, a canary value on
567 the stack just before the return address, and validates
568 the value just before actually returning. Stack based buffer
569 overflows (that need to overwrite this return address) now also
570 overwrite the canary, which gets detected and the attack is then
571 neutralized via a kernel panic.
572
8779657d
KC		 573 Functions will have the stack-protector canary logic added if they
574 have an 8-byte or larger character array on the stack.
575
19952a92 576 This feature requires gcc version 4.2 or above, or a distribution
8779657d
KC		 577 gcc with the feature backported ("-fstack-protector").
578
579 On an x86 "defconfig" build, this feature adds canary checks to
580 about 3% of all kernel functions, which increases kernel code size
581 by about 0.3%.
582
050e9baa 583config STACKPROTECTOR_STRONG
2a61f474 584 bool "Strong Stack Protector"
050e9baa 585 depends on STACKPROTECTOR
2a61f474
MY		 586 depends on $(cc-option,-fstack-protector-strong)
587 default y
8779657d
KC		 588 help
589 Functions will have the stack-protector canary logic added in any
590 of the following conditions:
591
592 - local variable's address used as part of the right hand side of an
593 assignment or function argument
594 - local variable is an array (or union containing an array),
595 regardless of array type or length
596 - uses register local variables
597
598 This feature requires gcc version 4.9 or above, or a distribution
599 gcc with the feature backported ("-fstack-protector-strong").
600
601 On an x86 "defconfig" build, this feature adds canary checks to
602 about 20% of all kernel functions, which increases the kernel code
603 size by about 2%.
604
d08b9f0c
ST		 605config ARCH_SUPPORTS_SHADOW_CALL_STACK
606 bool
607 help
afcf5441
DL		 608 An architecture should select this if it supports the compiler's
609 Shadow Call Stack and implements runtime support for shadow stack
aa7a65ae 610 switching.
d08b9f0c
ST		 611
612config SHADOW_CALL_STACK
afcf5441
DL		 613 bool "Shadow Call Stack"
614 depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
ddc9863e 615 depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
d08b9f0c 616 help
afcf5441
DL		 617 This option enables the compiler's Shadow Call Stack, which
618 uses a shadow stack to protect function return addresses from
619 being overwritten by an attacker. More information can be found
620 in the compiler's documentation:
d08b9f0c 621
afcf5441
DL		 622 - Clang: https://clang.llvm.org/docs/ShadowCallStack.html
623 - GCC: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options
d08b9f0c
ST		 624
625 Note that security guarantees in the kernel differ from the
626 ones documented for user space. The kernel must store addresses
627 of shadow stacks in memory, which means an attacker capable of
628 reading and writing arbitrary memory may be able to locate them
629 and hijack control flow by modifying the stacks.
630
dc5723b0
ST		 631config LTO
632 bool
633 help
634 Selected if the kernel will be built using the compiler's LTO feature.
635
636config LTO_CLANG
637 bool
638 select LTO
639 help
640 Selected if the kernel will be built using Clang's LTO feature.
641
642config ARCH_SUPPORTS_LTO_CLANG
643 bool
644 help
645 An architecture should select this option if it supports:
646 - compiling with Clang,
647 - compiling inline assembly with Clang's integrated assembler,
648 - and linking with LLD.
649
650config ARCH_SUPPORTS_LTO_CLANG_THIN
651 bool
652 help
653 An architecture should select this option if it can support Clang's
654 ThinLTO mode.
655
656config HAS_LTO_CLANG
657 def_bool y
1e68a8af 658 depends on CC_IS_CLANG && LD_IS_LLD && AS_IS_LLVM
dc5723b0
ST		 659 depends on $(success,$(NM) --help | head -n 1 | grep -qi llvm)
660 depends on $(success,$(AR) --help | head -n 1 | grep -qi llvm)
661 depends on ARCH_SUPPORTS_LTO_CLANG
662 depends on !FTRACE_MCOUNT_USE_RECORDMCOUNT
bf3c2551 663 depends on !KASAN || KASAN_HW_TAGS
dc5723b0 664 depends on !GCOV_KERNEL
dc5723b0
ST		 665 help
666 The compiler and Kconfig options support building with Clang's
667 LTO.
668
669choice
670 prompt "Link Time Optimization (LTO)"
671 default LTO_NONE
672 help
673 This option enables Link Time Optimization (LTO), which allows the
674 compiler to optimize binaries globally.
675
676 If unsure, select LTO_NONE. Note that LTO is very resource-intensive
677 so it's disabled by default.
678
679config LTO_NONE
680 bool "None"
681 help
682 Build the kernel normally, without Link Time Optimization (LTO).
683
684config LTO_CLANG_FULL
685 bool "Clang Full LTO (EXPERIMENTAL)"
686 depends on HAS_LTO_CLANG
687 depends on !COMPILE_TEST
688 select LTO_CLANG
689 help
690 This option enables Clang's full Link Time Optimization (LTO), which
691 allows the compiler to optimize the kernel globally. If you enable
692 this option, the compiler generates LLVM bitcode instead of ELF
693 object files, and the actual compilation from bitcode happens at
694 the LTO link step, which may take several minutes depending on the
695 kernel configuration. More information can be found from LLVM's
696 documentation:
697
698 https://llvm.org/docs/LinkTimeOptimization.html
699
700 During link time, this option can use a large amount of RAM, and
701 may take much longer than the ThinLTO option.
702
703config LTO_CLANG_THIN
704 bool "Clang ThinLTO (EXPERIMENTAL)"
705 depends on HAS_LTO_CLANG && ARCH_SUPPORTS_LTO_CLANG_THIN
706 select LTO_CLANG
707 help
708 This option enables Clang's ThinLTO, which allows for parallel
709 optimization and faster incremental compiles compared to the
710 CONFIG_LTO_CLANG_FULL option. More information can be found
711 from Clang's documentation:
712
713 https://clang.llvm.org/docs/ThinLTO.html
714
715 If unsure, say Y.
716endchoice
717
cf68fffb
ST		 718config ARCH_SUPPORTS_CFI_CLANG
719 bool
720 help
721 An architecture should select this option if it can support Clang's
722 Control-Flow Integrity (CFI) checking.
723
724config CFI_CLANG
725 bool "Use Clang's Control Flow Integrity (CFI)"
726 depends on LTO_CLANG && ARCH_SUPPORTS_CFI_CLANG
727 # Clang >= 12:
728 # - https://bugs.llvm.org/show_bug.cgi?id=46258
729 # - https://bugs.llvm.org/show_bug.cgi?id=47479
730 depends on CLANG_VERSION >= 120000
731 select KALLSYMS
732 help
733 This option enables Clang’s forward-edge Control Flow Integrity
734 (CFI) checking, where the compiler injects a runtime check to each
735 indirect function call to ensure the target is a valid function with
736 the correct static type. This restricts possible call targets and
737 makes it more difficult for an attacker to exploit bugs that allow
738 the modification of stored function pointers. More information can be
739 found from Clang's documentation:
740
741 https://clang.llvm.org/docs/ControlFlowIntegrity.html
742
743config CFI_CLANG_SHADOW
744 bool "Use CFI shadow to speed up cross-module checks"
745 default y
746 depends on CFI_CLANG && MODULES
747 help
748 If you select this option, the kernel builds a fast look-up table of
749 CFI check functions in loaded modules to reduce performance overhead.
750
751 If unsure, say Y.
752
753config CFI_PERMISSIVE
754 bool "Use CFI in permissive mode"
755 depends on CFI_CLANG
756 help
757 When selected, Control Flow Integrity (CFI) violations result in a
758 warning instead of a kernel panic. This option should only be used
759 for finding indirect call type mismatches during development.
760
761 If unsure, say N.
762
0f60a8ef
KC		 763config HAVE_ARCH_WITHIN_STACK_FRAMES
764 bool
765 help
766 An architecture should select this if it can walk the kernel stack
767 frames to determine if an object is part of either the arguments
768 or local variables (i.e. that it excludes saved return addresses,
769 and similar) by implementing an inline arch_within_stack_frames(),
770 which is used by CONFIG_HARDENED_USERCOPY.
771
91d1aa43 772config HAVE_CONTEXT_TRACKING
2b1d5024
FW		 773 bool
774 help
91d1aa43
FW		 775 Provide kernel/user boundaries probes necessary for subsystems
776 that need it, such as userspace RCU extended quiescent state.
490f561b
FW		 777 Syscalls need to be wrapped inside user_exit()-user_enter(), either
778 optimized behind static key or through the slow path using TIF_NOHZ
779 flag. Exceptions handlers must be wrapped as well. Irqs are already
780 protected inside rcu_irq_enter/rcu_irq_exit() but preemption or signal
781 handling on irq exit still need to be protected.
782
83c2da2e
FW		 783config HAVE_CONTEXT_TRACKING_OFFSTACK
784 bool
785 help
786 Architecture neither relies on exception_enter()/exception_exit()
787 nor on schedule_user(). Also preempt_schedule_notrace() and
788 preempt_schedule_irq() can't be called in a preemptible section
789 while context tracking is CONTEXT_USER. This feature reflects a sane
790 entry implementation where the following requirements are met on
791 critical entry code, ie: before user_exit() or after user_enter():
792
793 - Critical entry code isn't preemptible (or better yet:
794 not interruptible).
795 - No use of RCU read side critical sections, unless rcu_nmi_enter()
796 got called.
797 - No use of instrumentation, unless instrumentation_begin() got
798 called.
799
490f561b
FW		 800config HAVE_TIF_NOHZ
801 bool
802 help
803 Arch relies on TIF_NOHZ and syscall slow path to implement context
804 tracking calls to user_enter()/user_exit().
2b1d5024 805
b952741c
FW		 806config HAVE_VIRT_CPU_ACCOUNTING
807 bool
808
2b91ec9f
FW		 809config HAVE_VIRT_CPU_ACCOUNTING_IDLE
810 bool
811 help
812 Architecture has its own way to account idle CPU time and therefore
813 doesn't implement vtime_account_idle().
814
40565b5a
SG		 815config ARCH_HAS_SCALED_CPUTIME
816 bool
817
554b0004
KH		 818config HAVE_VIRT_CPU_ACCOUNTING_GEN
819 bool
820 default y if 64BIT
821 help
822 With VIRT_CPU_ACCOUNTING_GEN, cputime_t becomes 64-bit.
823 Before enabling this option, arch code must be audited
824 to ensure there are no races in concurrent read/write of
825 cputime_t. For example, reading/writing 64-bit cputime_t on
826 some 32-bit arches may require multiple accesses, so proper
827 locking is needed to protect against concurrent accesses.
828
fdf9c356
FW		 829config HAVE_IRQ_TIME_ACCOUNTING
830 bool
831 help
832 Archs need to ensure they use a high enough resolution clock to
833 support irq time accounting and then call enable_sched_clock_irqtime().
834
c49dd340
KS		 835config HAVE_MOVE_PUD
836 bool
837 help
838 Architectures that select this are able to move page tables at the
839 PUD level. If there are only 3 page table levels, the move effectively
840 happens at the PGD level.
841
2c91bd4a
JFG		 842config HAVE_MOVE_PMD
843 bool
844 help
845 Archs that select this are able to move page tables at the PMD level.
846
15626062
GS		 847config HAVE_ARCH_TRANSPARENT_HUGEPAGE
848 bool
849
a00cc7d9
MW		 850config HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD
851 bool
852
0ddab1d2
TK		 853config HAVE_ARCH_HUGE_VMAP
854 bool
855
121e6f32
NP		 856#
857# Archs that select this would be capable of PMD-sized vmaps (i.e.,
858# arch_vmap_pmd_supported() returns true), and they must make no assumptions
859# that vmalloc memory is mapped with PAGE_SIZE ptes. The VM_NO_HUGE_VMAP flag
860# can be used to prohibit arch-specific allocations from using hugepages to
861# help with this (e.g., modules may require it).
862#
863config HAVE_ARCH_HUGE_VMALLOC
864 depends on HAVE_ARCH_HUGE_VMAP
865 bool
866
3876d4a3
AG		 867config ARCH_WANT_HUGE_PMD_SHARE
868 bool
869
0f8975ec
PE		 870config HAVE_ARCH_SOFT_DIRTY
871 bool
872
786d35d4
DH		 873config HAVE_MOD_ARCH_SPECIFIC
874 bool
875 help
876 The arch uses struct mod_arch_specific to store data. Many arches
877 just need a simple module loader without arch specific data - those
878 should not enable this.
879
880config MODULES_USE_ELF_RELA
881 bool
882 help
883 Modules only use ELF RELA relocations. Modules with ELF REL
884 relocations will give an error.
885
886config MODULES_USE_ELF_REL
887 bool
888 help
889 Modules only use ELF REL relocations. Modules with ELF RELA
890 relocations will give an error.
891
cc1f0274
FW		 892config HAVE_IRQ_EXIT_ON_IRQ_STACK
893 bool
894 help
895 Architecture doesn't only execute the irq handler on the irq stack
896 but also irq_exit(). This way we can process softirqs on this irq
897 stack instead of switching to a new one when we call __do_softirq()
898 in the end of an hardirq.
899 This spares a stack switch and improves cache usage on softirq
900 processing.
901
cd1a41ce
TG		 902config HAVE_SOFTIRQ_ON_OWN_STACK
903 bool
904 help
905 Architecture provides a function to run __do_softirq() on a
c226bc3c 906 separate stack.
cd1a41ce 907
12700c17
AB		 908config ALTERNATE_USER_ADDRESS_SPACE
909 bool
910 help
911 Architectures set this when the CPU uses separate address
912 spaces for kernel and user space pointers. In this case, the
913 access_ok() check on a __user pointer is skipped.
914
235a8f02
KS		 915config PGTABLE_LEVELS
916 int
917 default 2
918
2b68f6ca
KC		 919config ARCH_HAS_ELF_RANDOMIZE
920 bool
921 help
922 An architecture supports choosing randomized locations for
923 stack, mmap, brk, and ET_DYN. Defined functions:
924 - arch_mmap_rnd()
204db6ed 925 - arch_randomize_brk()
2b68f6ca 926
d07e2259
DC		 927config HAVE_ARCH_MMAP_RND_BITS
928 bool
929 help
930 An arch should select this symbol if it supports setting a variable
931 number of bits for use in establishing the base address for mmap
932 allocations, has MMU enabled and provides values for both:
933 - ARCH_MMAP_RND_BITS_MIN
934 - ARCH_MMAP_RND_BITS_MAX
935
5f56a5df
JS		 936config HAVE_EXIT_THREAD
937 bool
938 help
939 An architecture implements exit_thread.
940
d07e2259
DC		 941config ARCH_MMAP_RND_BITS_MIN
942 int
943
944config ARCH_MMAP_RND_BITS_MAX
945 int
946
947config ARCH_MMAP_RND_BITS_DEFAULT
948 int
949
950config ARCH_MMAP_RND_BITS
951 int "Number of bits to use for ASLR of mmap base address" if EXPERT
952 range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
953 default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
954 default ARCH_MMAP_RND_BITS_MIN
955 depends on HAVE_ARCH_MMAP_RND_BITS
956 help
957 This value can be used to select the number of bits to use to
958 determine the random offset to the base address of vma regions
959 resulting from mmap allocations. This value will be bounded
960 by the architecture's minimum and maximum supported values.
961
962 This value can be changed after boot using the
963 /proc/sys/vm/mmap_rnd_bits tunable
964
965config HAVE_ARCH_MMAP_RND_COMPAT_BITS
966 bool
967 help
968 An arch should select this symbol if it supports running applications
969 in compatibility mode, supports setting a variable number of bits for
970 use in establishing the base address for mmap allocations, has MMU
971 enabled and provides values for both:
972 - ARCH_MMAP_RND_COMPAT_BITS_MIN
973 - ARCH_MMAP_RND_COMPAT_BITS_MAX
974
975config ARCH_MMAP_RND_COMPAT_BITS_MIN
976 int
977
978config ARCH_MMAP_RND_COMPAT_BITS_MAX
979 int
980
981config ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
982 int
983
984config ARCH_MMAP_RND_COMPAT_BITS
985 int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
986 range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
987 default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
988 default ARCH_MMAP_RND_COMPAT_BITS_MIN
989 depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
990 help
991 This value can be used to select the number of bits to use to
992 determine the random offset to the base address of vma regions
993 resulting from mmap allocations for compatible applications This
994 value will be bounded by the architecture's minimum and maximum
995 supported values.
996
997 This value can be changed after boot using the
998 /proc/sys/vm/mmap_rnd_compat_bits tunable
999
1b028f78
DS		 1000config HAVE_ARCH_COMPAT_MMAP_BASES
1001 bool
1002 help
1003 This allows 64bit applications to invoke 32-bit mmap() syscall
1004 and vice-versa 32-bit applications to call 64-bit mmap().
1005 Required for applications doing different bitness syscalls.
1006
1f0e290c
GR		 1007config PAGE_SIZE_LESS_THAN_64KB
1008 def_bool y
1009 depends on !ARM64_64K_PAGES
1010 depends on !IA64_PAGE_SIZE_64KB
1011 depends on !PAGE_SIZE_64KB
1012 depends on !PARISC_PAGE_SIZE_64KB
1013 depends on !PPC_64K_PAGES
e4bbd20d
NC		 1014 depends on PAGE_SIZE_LESS_THAN_256KB
1015
1016config PAGE_SIZE_LESS_THAN_256KB
1017 def_bool y
1f0e290c
GR		 1018 depends on !PPC_256K_PAGES
1019 depends on !PAGE_SIZE_256KB
1020
67f3977f
AG		 1021# This allows to use a set of generic functions to determine mmap base
1022# address by giving priority to top-down scheme only if the process
1023# is not in legacy mode (compat task, unlimited stack size or
1024# sysctl_legacy_va_layout).
1025# Architecture that selects this option can provide its own version of:
1026# - STACK_RND_MASK
1027config ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
1028 bool
1029 depends on MMU
e7142bf5 1030 select ARCH_HAS_ELF_RANDOMIZE
67f3977f 1031
03f16cd0
JP		 1032config HAVE_OBJTOOL
1033 bool
1034
4ab7674f
JP		 1035config HAVE_JUMP_LABEL_HACK
1036 bool
1037
b9ab5ebb
JP		 1038config HAVE_STACK_VALIDATION
1039 bool
1040 help
03f16cd0
JP		 1041 Architecture supports objtool compile-time frame pointer rule
1042 validation.
b9ab5ebb 1043
af085d90
JP		 1044config HAVE_RELIABLE_STACKTRACE
1045 bool
1046 help
140d7e88
MB		 1047 Architecture has either save_stack_trace_tsk_reliable() or
1048 arch_stack_walk_reliable() function which only returns a stack trace
1049 if it can guarantee the trace is reliable.
af085d90 1050
468a9428
GS		 1051config HAVE_ARCH_HASH
1052 bool
1053 default n
1054 help
1055 If this is set, the architecture provides an <asm/hash.h>
1056 file which provides platform-specific implementations of some
1057 functions in <linux/hash.h> or fs/namei.c.
1058
666047fe
FT		 1059config HAVE_ARCH_NVRAM_OPS
1060 bool
1061
3a495511
WBG		 1062config ISA_BUS_API
1063 def_bool ISA
1064
d2125043
AV		 1065#
1066# ABI hall of shame
1067#
1068config CLONE_BACKWARDS
1069 bool
1070 help
1071 Architecture has tls passed as the 4th argument of clone(2),
1072 not the 5th one.
1073
1074config CLONE_BACKWARDS2
1075 bool
1076 help
1077 Architecture has the first two arguments of clone(2) swapped.
1078
dfa9771a
MS		 1079config CLONE_BACKWARDS3
1080 bool
1081 help
1082 Architecture has tls passed as the 3rd argument of clone(2),
1083 not the 5th one.
1084
eaca6eae
AV		 1085config ODD_RT_SIGACTION
1086 bool
1087 help
1088 Architecture has unusual rt_sigaction(2) arguments
1089
0a0e8cdf
AV		 1090config OLD_SIGSUSPEND
1091 bool
1092 help
1093 Architecture has old sigsuspend(2) syscall, of one-argument variety
1094
1095config OLD_SIGSUSPEND3
1096 bool
1097 help
1098 Even weirder antique ABI - three-argument sigsuspend(2)
1099
495dfbf7
AV		 1100config OLD_SIGACTION
1101 bool
1102 help
1103 Architecture has old sigaction(2) syscall. Nope, not the same
1104 as OLD_SIGSUSPEND | OLD_SIGSUSPEND3 - alpha has sigsuspend(2),
1105 but fairly different variant of sigaction(2), thanks to OSF/1
1106 compatibility...
1107
1108config COMPAT_OLD_SIGACTION
1109 bool
1110
17435e5f 1111config COMPAT_32BIT_TIME
942437c9
AB		 1112 bool "Provide system calls for 32-bit time_t"
1113 default !64BIT || COMPAT
17435e5f
DD		 1114 help
1115 This enables 32 bit time_t support in addition to 64 bit time_t support.
1116 This is relevant on all 32-bit architectures, and 64-bit architectures
1117 as part of compat syscall handling.
1118
87a4c375
CH		 1119config ARCH_NO_PREEMPT
1120 bool
1121
cb2c7d1a
MS		 1122config ARCH_EPHEMERAL_INODES
1123 def_bool n
1124 help
1125 An arch should select this symbol if it doesn't keep track of inode
1126 instances on its own, but instead relies on something else (e.g. the
1127 host kernel for an UML kernel).
1128
a50a3f4b
TG		 1129config ARCH_SUPPORTS_RT
1130 bool
1131
fff7fb0b
ZZ		 1132config CPU_NO_EFFICIENT_FFS
1133 def_bool n
1134
ba14a194
AL		 1135config HAVE_ARCH_VMAP_STACK
1136 def_bool n
1137 help
1138 An arch should select this symbol if it can support kernel stacks
1139 in vmalloc space. This means:
1140
1141 - vmalloc space must be large enough to hold many kernel stacks.
1142 This may rule out many 32-bit architectures.
1143
1144 - Stacks in vmalloc space need to work reliably. For example, if
1145 vmap page tables are created on demand, either this mechanism
1146 needs to work while the stack points to a virtual address with
1147 unpopulated page tables or arch code (switch_to() and switch_mm(),
1148 most likely) needs to ensure that the stack's page table entries
1149 are populated before running on a possibly unpopulated stack.
1150
1151 - If the stack overflows into a guard page, something reasonable
1152 should happen. The definition of "reasonable" is flexible, but
1153 instantly rebooting without logging anything would be unfriendly.
1154
1155config VMAP_STACK
1156 default y
1157 bool "Use a virtually-mapped stack"
eafb149e 1158 depends on HAVE_ARCH_VMAP_STACK
38dd767d 1159 depends on !KASAN || KASAN_HW_TAGS || KASAN_VMALLOC
a7f7f624 1160 help
ba14a194
AL		 1161 Enable this if you want the use virtually-mapped kernel stacks
1162 with guard pages. This causes kernel stack overflows to be
1163 caught immediately rather than causing difficult-to-diagnose
1164 corruption.
1165
38dd767d
AK		 1166 To use this with software KASAN modes, the architecture must support
1167 backing virtual mappings with real shadow memory, and KASAN_VMALLOC
1168 must be enabled.
ba14a194 1169
39218ff4
KC		 1170config HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
1171 def_bool n
1172 help
1173 An arch should select this symbol if it can support kernel stack
1174 offset randomization with calls to add_random_kstack_offset()
1175 during syscall entry and choose_random_kstack_offset() during
1176 syscall exit. Careful removal of -fstack-protector-strong and
1177 -fstack-protector should also be applied to the entry code and
1178 closely examined, as the artificial stack bump looks like an array
1179 to the compiler, so it will attempt to add canary checks regardless
1180 of the static branch state.
1181
8cb37a59
ME		 1182config RANDOMIZE_KSTACK_OFFSET
1183 bool "Support for randomizing kernel stack offset on syscall entry" if EXPERT
1184 default y
39218ff4 1185 depends on HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
efa90c11 1186 depends on INIT_STACK_NONE || !CC_IS_CLANG || CLANG_VERSION >= 140000
39218ff4
KC		 1187 help
1188 The kernel stack offset can be randomized (after pt_regs) by
1189 roughly 5 bits of entropy, frustrating memory corruption
1190 attacks that depend on stack address determinism or
8cb37a59
ME		 1191 cross-syscall address exposures.
1192
1193 The feature is controlled via the "randomize_kstack_offset=on/off"
1194 kernel boot param, and if turned off has zero overhead due to its use
1195 of static branches (see JUMP_LABEL).
1196
1197 If unsure, say Y.
1198
1199config RANDOMIZE_KSTACK_OFFSET_DEFAULT
1200 bool "Default state of kernel stack offset randomization"
1201 depends on RANDOMIZE_KSTACK_OFFSET
1202 help
1203 Kernel stack offset randomization is controlled by kernel boot param
1204 "randomize_kstack_offset=on/off", and this config chooses the default
1205 boot state.
39218ff4 1206
ad21fc4f
LA		 1207config ARCH_OPTIONAL_KERNEL_RWX
1208 def_bool n
1209
1210config ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
1211 def_bool n
1212
1213config ARCH_HAS_STRICT_KERNEL_RWX
1214 def_bool n
1215
0f5bf6d0 1216config STRICT_KERNEL_RWX
ad21fc4f
LA		 1217 bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX
1218 depends on ARCH_HAS_STRICT_KERNEL_RWX
1219 default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
1220 help
1221 If this is set, kernel text and rodata memory will be made read-only,
1222 and non-text memory will be made non-executable. This provides
1223 protection against certain security exploits (e.g. executing the heap
1224 or modifying text)
1225
1226 These features are considered standard security practice these days.
1227 You should say Y here in almost all cases.
1228
1229config ARCH_HAS_STRICT_MODULE_RWX
1230 def_bool n
1231
0f5bf6d0 1232config STRICT_MODULE_RWX
ad21fc4f
LA		 1233 bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX
1234 depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES
1235 default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
1236 help
1237 If this is set, module text and rodata memory will be made read-only,
1238 and non-text memory will be made non-executable. This provides
1239 protection against certain security exploits (e.g. writing to text)
1240
ea8c64ac
CH		 1241# select if the architecture provides an asm/dma-direct.h header
1242config ARCH_HAS_PHYS_TO_DMA
1243 bool
1244
04f264d3
PB		 1245config HAVE_ARCH_COMPILER_H
1246 bool
1247 help
1248 An architecture can select this if it provides an
1249 asm/compiler.h header that should be included after
1250 linux/compiler-*.h in order to override macro definitions that those
1251 headers generally provide.
1252
271ca788
AB		 1253config HAVE_ARCH_PREL32_RELOCATIONS
1254 bool
1255 help
1256 May be selected by an architecture if it supports place-relative
1257 32-bit relocations, both in the toolchain and in the module loader,
1258 in which case relative references can be used in special sections
1259 for PCI fixup, initcalls etc which are only half the size on 64 bit
1260 architectures, and don't require runtime relocation on relocatable
1261 kernels.
1262
ce9084ba
AB		 1263config ARCH_USE_MEMREMAP_PROT
1264 bool
1265
fb346fd9
WL		 1266config LOCK_EVENT_COUNTS
1267 bool "Locking event counts collection"
1268 depends on DEBUG_FS
a7f7f624 1269 help
fb346fd9
WL		 1270 Enable light-weight counting of various locking related events
1271 in the system with minimal performance impact. This reduces
1272 the chance of application behavior change because of timing
1273 differences. The counts are reported via debugfs.
1274
5cf896fb
PC		 1275# Select if the architecture has support for applying RELR relocations.
1276config ARCH_HAS_RELR
1277 bool
1278
1279config RELR
1280 bool "Use RELR relocation packing"
1281 depends on ARCH_HAS_RELR && TOOLS_SUPPORT_RELR
1282 default y
1283 help
1284 Store the kernel's dynamic relocations in the RELR relocation packing
1285 format. Requires a compatible linker (LLD supports this feature), as
1286 well as compatible NM and OBJCOPY utilities (llvm-nm and llvm-objcopy
1287 are compatible).
1288
0c9c1d56
TJB		 1289config ARCH_HAS_MEM_ENCRYPT
1290 bool
1291
46b49b12
TL		 1292config ARCH_HAS_CC_PLATFORM
1293 bool
1294
0e242208
HN		 1295config HAVE_SPARSE_SYSCALL_NR
1296 bool
1297 help
1298 An architecture should select this if its syscall numbering is sparse
1299 to save space. For example, MIPS architecture has a syscall array with
1300 entries at 4000, 5000 and 6000 locations. This option turns on syscall
1301 related optimizations for a given architecture.
1302
d60d7de3
SS		 1303config ARCH_HAS_VDSO_DATA
1304 bool
1305
115284d8
JP		 1306config HAVE_STATIC_CALL
1307 bool
1308
9183c3f9
JP		 1309config HAVE_STATIC_CALL_INLINE
1310 bool
1311 depends on HAVE_STATIC_CALL
03f16cd0 1312 select OBJTOOL
9183c3f9 1313
6ef869e0
MH		 1314config HAVE_PREEMPT_DYNAMIC
1315 bool
99cf983c
MR		 1316
1317config HAVE_PREEMPT_DYNAMIC_CALL
1318 bool
6ef869e0 1319 depends on HAVE_STATIC_CALL
99cf983c
MR		 1320 select HAVE_PREEMPT_DYNAMIC
1321 help
1322 An architecture should select this if it can handle the preemption
1323 model being selected at boot time using static calls.
1324
1325 Where an architecture selects HAVE_STATIC_CALL_INLINE, any call to a
1326 preemption function will be patched directly.
1327
1328 Where an architecture does not select HAVE_STATIC_CALL_INLINE, any
1329 call to a preemption function will go through a trampoline, and the
1330 trampoline will be patched.
1331
1332 It is strongly advised to support inline static call to avoid any
1333 overhead.
1334
1335config HAVE_PREEMPT_DYNAMIC_KEY
1336 bool
1337 depends on HAVE_ARCH_JUMP_LABEL && CC_HAS_ASM_GOTO
1338 select HAVE_PREEMPT_DYNAMIC
6ef869e0 1339 help
99cf983c
MR		 1340 An architecture should select this if it can handle the preemption
1341 model being selected at boot time using static keys.
1342
1343 Each preemption function will be given an early return based on a
1344 static key. This should have slightly lower overhead than non-inline
1345 static calls, as this effectively inlines each trampoline into the
1346 start of its callee. This may avoid redundant work, and may
1347 integrate better with CFI schemes.
1348
1349 This will have greater overhead than using inline static calls as
1350 the call to the preemption function cannot be entirely elided.
6ef869e0 1351
59612b24
NC		 1352config ARCH_WANT_LD_ORPHAN_WARN
1353 bool
1354 help
1355 An arch should select this symbol once all linker sections are explicitly
1356 included, size-asserted, or discarded in the linker scripts. This is
1357 important because we never want expected sections to be placed heuristically
1358 by the linker, since the locations of such sections can change between linker
1359 versions.
1360
4f5b0c17
MR		 1361config HAVE_ARCH_PFN_VALID
1362 bool
1363
5d6ad668
MR		 1364config ARCH_SUPPORTS_DEBUG_PAGEALLOC
1365 bool
1366
df4e817b
PT		 1367config ARCH_SUPPORTS_PAGE_TABLE_CHECK
1368 bool
1369
2ca408d9
BG		 1370config ARCH_SPLIT_ARG64
1371 bool
1372 help
1373 If a 32-bit architecture requires 64-bit arguments to be split into
1374 pairs of 32-bit arguments, select this option.
1375
7facdc42
AV		 1376config ARCH_HAS_ELFCORE_COMPAT
1377 bool
1378
58e106e7
BS		 1379config ARCH_HAS_PARANOID_L1D_FLUSH
1380 bool
1381
1bdda24c
TG		 1382config DYNAMIC_SIGFRAME
1383 bool
1384
50468e43
JS		 1385# Select, if arch has a named attribute group bound to NUMA device nodes.
1386config HAVE_ARCH_NODE_DEV_GROUP
1387 bool
1388
2521f2c2 1389source "kernel/gcov/Kconfig"
45332b1b
MY		 1390
1391source "scripts/gcc-plugins/Kconfig"
fa1b5d09 1392
22471e13 1393endmenu
Linux 6.x block layer and io_uring tree(s)