projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
seccomp: Provide stub for __secure_computing()
[linux-block.git] / arch / Kconfig
CommitLineData
b2441318 1# SPDX-License-Identifier: GPL-2.0
fb32e03f
MD		 2#
3# General architecture dependent options
4#
125e5645 5
1572497c
CH		 6#
7# Note: arch/$(SRCARCH)/Kconfig needs to be included first so that it can
8# override the default values in this file.
9#
10source "arch/$(SRCARCH)/Kconfig"
11
22471e13
RD		 12menu "General architecture-dependent options"
13
692f66f2
HB		 14config CRASH_CORE
15 bool
16
2965faa5 17config KEXEC_CORE
692f66f2 18 select CRASH_CORE
2965faa5
DY		 19 bool
20
175fca3b
SS		 21config KEXEC_ELF
22 bool
23
467d2782
TJB		 24config HAVE_IMA_KEXEC
25 bool
26
05736e4a
TG		 27config HOTPLUG_SMT
28 bool
29
125e5645 30config OPROFILE
b309a294 31 tristate "OProfile system profiling"
125e5645
MD		 32 depends on PROFILING
33 depends on HAVE_OPROFILE
d69d59f4 34 select RING_BUFFER
9a5963eb 35 select RING_BUFFER_ALLOW_SWAP
125e5645
MD		 36 help
37 OProfile is a profiling system capable of profiling the
38 whole system, include the kernel, kernel modules, libraries,
39 and applications.
40
41 If unsure, say N.
42
4d4036e0
JY		 43config OPROFILE_EVENT_MULTIPLEX
44 bool "OProfile multiplexing support (EXPERIMENTAL)"
45 default n
46 depends on OPROFILE && X86
47 help
48 The number of hardware counters is limited. The multiplexing
49 feature enables OProfile to gather more events than counters
50 are provided by the hardware. This is realized by switching
9332ef9d 51 between events at a user specified time interval.
4d4036e0
JY		 52
53 If unsure, say N.
54
125e5645 55config HAVE_OPROFILE
9ba16087 56 bool
125e5645 57
dcfce4a0
RR		 58config OPROFILE_NMI_TIMER
59 def_bool y
af9feebe 60 depends on PERF_EVENTS && HAVE_PERF_EVENTS_NMI && !PPC64
dcfce4a0 61
125e5645
MD		 62config KPROBES
63 bool "Kprobes"
05ed160e 64 depends on MODULES
125e5645 65 depends on HAVE_KPROBES
05ed160e 66 select KALLSYMS
125e5645
MD		 67 help
68 Kprobes allows you to trap at almost any kernel address and
69 execute a callback function. register_kprobe() establishes
70 a probepoint and specifies the callback. Kprobes is useful
71 for kernel debugging, non-intrusive instrumentation and testing.
72 If in doubt, say "N".
73
45f81b1c 74config JUMP_LABEL
24b54fee
KK		 75 bool "Optimize very unlikely/likely branches"
76 depends on HAVE_ARCH_JUMP_LABEL
77 depends on CC_HAS_ASM_GOTO
78 help
79 This option enables a transparent branch optimization that
c5905afb
IM		 80 makes certain almost-always-true or almost-always-false branch
81 conditions even cheaper to execute within the kernel.
82
83 Certain performance-sensitive kernel code, such as trace points,
84 scheduler functionality, networking code and KVM have such
85 branches and include support for this optimization technique.
86
24b54fee 87 If it is detected that the compiler has support for "asm goto",
c5905afb
IM		 88 the kernel will compile such branches with just a nop
89 instruction. When the condition flag is toggled to true, the
90 nop will be converted to a jump instruction to execute the
91 conditional block of instructions.
92
93 This technique lowers overhead and stress on the branch prediction
94 of the processor and generally makes the kernel faster. The update
95 of the condition is slower, but those are always very rare.
45f81b1c 96
c5905afb
IM		 97 ( On 32-bit x86, the necessary options added to the compiler
98 flags may increase the size of the kernel slightly. )
45f81b1c 99
1987c947
PZ		 100config STATIC_KEYS_SELFTEST
101 bool "Static key selftest"
102 depends on JUMP_LABEL
103 help
104 Boot time self-test of the branch patching code.
105
afd66255 106config OPTPROBES
5cc718b9
MH		 107 def_bool y
108 depends on KPROBES && HAVE_OPTPROBES
01b1d88b 109 select TASKS_RCU if PREEMPTION
afd66255 110
e7dbfe34
MH		 111config KPROBES_ON_FTRACE
112 def_bool y
113 depends on KPROBES && HAVE_KPROBES_ON_FTRACE
114 depends on DYNAMIC_FTRACE_WITH_REGS
115 help
116 If function tracer is enabled and the arch supports full
117 passing of pt_regs to function tracing, then kprobes can
118 optimize on top of function tracing.
119
2b144498 120config UPROBES
09294e31 121 def_bool n
e8f4aa60 122 depends on ARCH_SUPPORTS_UPROBES
2b144498 123 help
7b2d81d4
IM		 124 Uprobes is the user-space counterpart to kprobes: they
125 enable instrumentation applications (such as 'perf probe')
126 to establish unintrusive probes in user-space binaries and
127 libraries, by executing handler functions when the probes
128 are hit by user-space applications.
129
130 ( These probes come in the form of single-byte breakpoints,
131 managed by the kernel and kept transparent to the probed
132 application. )
2b144498 133
58340a07 134config HAVE_EFFICIENT_UNALIGNED_ACCESS
9ba16087 135 bool
58340a07
JB		 136 help
137 Some architectures are unable to perform unaligned accesses
138 without the use of get_unaligned/put_unaligned. Others are
139 unable to perform such accesses efficiently (e.g. trap on
140 unaligned access and require fixing it up in the exception
141 handler.)
142
143 This symbol should be selected by an architecture if it can
144 perform unaligned accesses efficiently to allow different
145 code paths to be selected for these cases. Some network
146 drivers, for example, could opt to not fix up alignment
147 problems with received packets if doing so would not help
148 much.
149
150 See Documentation/unaligned-memory-access.txt for more
151 information on the topic of unaligned memory accesses.
152
cf66bb93 153config ARCH_USE_BUILTIN_BSWAP
24b54fee
KK		 154 bool
155 help
cf66bb93
DW		 156 Modern versions of GCC (since 4.4) have builtin functions
157 for handling byte-swapping. Using these, instead of the old
158 inline assembler that the architecture code provides in the
159 __arch_bswapXX() macros, allows the compiler to see what's
160 happening and offers more opportunity for optimisation. In
161 particular, the compiler will be able to combine the byteswap
162 with a nearby load or store and use load-and-swap or
163 store-and-swap instructions if the architecture has them. It
164 should almost *never* result in code which is worse than the
165 hand-coded assembler in <asm/swab.h>. But just in case it
166 does, the use of the builtins is optional.
167
168 Any architecture with load-and-swap or store-and-swap
169 instructions should set this. And it shouldn't hurt to set it
170 on architectures that don't have such instructions.
171
9edddaa2
AM		 172config KRETPROBES
173 def_bool y
174 depends on KPROBES && HAVE_KRETPROBES
175
7c68af6e
AK		 176config USER_RETURN_NOTIFIER
177 bool
178 depends on HAVE_USER_RETURN_NOTIFIER
179 help
180 Provide a kernel-internal notification when a cpu is about to
181 switch to user mode.
182
28b2ee20 183config HAVE_IOREMAP_PROT
9ba16087 184 bool
28b2ee20 185
125e5645 186config HAVE_KPROBES
9ba16087 187 bool
9edddaa2
AM		 188
189config HAVE_KRETPROBES
9ba16087 190 bool
74bc7cee 191
afd66255
MH		 192config HAVE_OPTPROBES
193 bool
d314d74c 194
e7dbfe34
MH		 195config HAVE_KPROBES_ON_FTRACE
196 bool
197
540adea3 198config HAVE_FUNCTION_ERROR_INJECTION
9802d865
JB		 199 bool
200
42a0bb3f
PM		 201config HAVE_NMI
202 bool
203
1f5a4ad9
RM		 204#
205# An arch should select this if it provides all these things:
206#
207# task_pt_regs() in asm/processor.h or asm/ptrace.h
208# arch_has_single_step() if there is hardware single-step support
209# arch_has_block_step() if there is hardware block-step support
1f5a4ad9
RM		 210# asm/syscall.h supplying asm-generic/syscall.h interface
211# linux/regset.h user_regset interfaces
212# CORE_DUMP_USE_REGSET #define'd in linux/elf.h
213# TIF_SYSCALL_TRACE calls tracehook_report_syscall_{entry,exit}
214# TIF_NOTIFY_RESUME calls tracehook_notify_resume()
215# signal delivery calls tracehook_signal_handler()
216#
217config HAVE_ARCH_TRACEHOOK
9ba16087 218 bool
1f5a4ad9 219
c64be2bb
MS		 220config HAVE_DMA_CONTIGUOUS
221 bool
222
29d5e047 223config GENERIC_SMP_IDLE_THREAD
24b54fee 224 bool
29d5e047 225
485cf5da 226config GENERIC_IDLE_POLL_SETUP
24b54fee 227 bool
485cf5da 228
6974f0c4
DM		 229config ARCH_HAS_FORTIFY_SOURCE
230 bool
231 help
232 An architecture should select this when it can successfully
233 build and run with CONFIG_FORTIFY_SOURCE.
234
d8ae8a37
CH		 235#
236# Select if the arch provides a historic keepinit alias for the retain_initrd
237# command line option
238#
239config ARCH_HAS_KEEPINITRD
240 bool
241
d2852a22
DB		 242# Select if arch has all set_memory_ro/rw/x/nx() functions in asm/cacheflush.h
243config ARCH_HAS_SET_MEMORY
244 bool
245
d253ca0c
RE		 246# Select if arch has all set_direct_map_invalid/default() functions
247config ARCH_HAS_SET_DIRECT_MAP
248 bool
249
c30700db 250#
fa7e2247
CH		 251# Select if the architecture provides the arch_dma_set_uncached symbol to
252# either provide an uncached segement alias for a DMA allocation, or
253# to remap the page tables in place.
c30700db 254#
fa7e2247 255config ARCH_HAS_DMA_SET_UNCACHED
c30700db
CH		 256 bool
257
999a5d12
CH		 258#
259# Select if the architectures provides the arch_dma_clear_uncached symbol
260# to undo an in-place page table remap for uncached access.
261#
262config ARCH_HAS_DMA_CLEAR_UNCACHED
c30700db
CH		 263 bool
264
0500871f
DH		 265# Select if arch init_task must go in the __init_task_data section
266config ARCH_TASK_STRUCT_ON_STACK
24b54fee 267 bool
a4a2eb49 268
f5e10287
TG		 269# Select if arch has its private alloc_task_struct() function
270config ARCH_TASK_STRUCT_ALLOCATOR
271 bool
272
5905429a
KC		 273config HAVE_ARCH_THREAD_STRUCT_WHITELIST
274 bool
275 depends on !ARCH_TASK_STRUCT_ALLOCATOR
276 help
277 An architecture should select this to provide hardened usercopy
278 knowledge about what region of the thread_struct should be
279 whitelisted for copying to userspace. Normally this is only the
280 FPU registers. Specifically, arch_thread_struct_whitelist()
281 should be implemented. Without this, the entire thread_struct
282 field in task_struct will be left whitelisted.
283
b235beea
LT		 284# Select if arch has its private alloc_thread_stack() function
285config ARCH_THREAD_STACK_ALLOCATOR
f5e10287
TG		 286 bool
287
5aaeb5c0
IM		 288# Select if arch wants to size task_struct dynamically via arch_task_struct_size:
289config ARCH_WANTS_DYNAMIC_TASK_STRUCT
290 bool
291
942fa985
YN		 292config ARCH_32BIT_OFF_T
293 bool
294 depends on !64BIT
295 help
296 All new 32-bit architectures should have 64-bit off_t type on
297 userspace side which corresponds to the loff_t kernel type. This
298 is the requirement for modern ABIs. Some existing architectures
299 still support 32-bit off_t. This option is enabled for all such
300 architectures explicitly.
301
2ff2b7ec
MY		 302config HAVE_ASM_MODVERSIONS
303 bool
304 help
305 This symbol should be selected by an architecure if it provides
306 <asm/asm-prototypes.h> to support the module versioning for symbols
307 exported from assembly code.
308
f850c30c
HC		 309config HAVE_REGS_AND_STACK_ACCESS_API
310 bool
e01292b1
HC		 311 help
312 This symbol should be selected by an architecure if it supports
313 the API needed to access registers and stack entries from pt_regs,
314 declared in asm/ptrace.h
315 For example the kprobes-based event tracer needs this API.
f850c30c 316
d7822b1e
MD		 317config HAVE_RSEQ
318 bool
319 depends on HAVE_REGS_AND_STACK_ACCESS_API
320 help
321 This symbol should be selected by an architecture if it
322 supports an implementation of restartable sequences.
323
3c88ee19
MH		 324config HAVE_FUNCTION_ARG_ACCESS_API
325 bool
326 help
327 This symbol should be selected by an architecure if it supports
328 the API needed to access function arguments from pt_regs,
329 declared in asm/ptrace.h
330
62a038d3
P		 331config HAVE_HW_BREAKPOINT
332 bool
99e8c5a3 333 depends on PERF_EVENTS
62a038d3 334
0102752e
FW		 335config HAVE_MIXED_BREAKPOINTS_REGS
336 bool
337 depends on HAVE_HW_BREAKPOINT
338 help
339 Depending on the arch implementation of hardware breakpoints,
340 some of them have separate registers for data and instruction
341 breakpoints addresses, others have mixed registers to store
342 them but define the access type in a control register.
343 Select this option if your arch implements breakpoints under the
344 latter fashion.
345
7c68af6e
AK		 346config HAVE_USER_RETURN_NOTIFIER
347 bool
a1922ed6 348
c01d4323
FW		 349config HAVE_PERF_EVENTS_NMI
350 bool
23637d47
FW		 351 help
352 System hardware can generate an NMI using the perf event
353 subsystem. Also has support for calculating CPU cycle events
354 to determine how many clock cycles in a given period.
c01d4323 355
05a4a952
NP		 356config HAVE_HARDLOCKUP_DETECTOR_PERF
357 bool
358 depends on HAVE_PERF_EVENTS_NMI
359 help
360 The arch chooses to use the generic perf-NMI-based hardlockup
361 detector. Must define HAVE_PERF_EVENTS_NMI.
362
363config HAVE_NMI_WATCHDOG
364 depends on HAVE_NMI
365 bool
366 help
367 The arch provides a low level NMI watchdog. It provides
368 asm/nmi.h, and defines its own arch_touch_nmi_watchdog().
369
370config HAVE_HARDLOCKUP_DETECTOR_ARCH
371 bool
372 select HAVE_NMI_WATCHDOG
373 help
374 The arch chooses to provide its own hardlockup detector, which is
375 a superset of the HAVE_NMI_WATCHDOG. It also conforms to config
376 interfaces and parameters provided by hardlockup detector subsystem.
377
c5e63197
JO		 378config HAVE_PERF_REGS
379 bool
380 help
381 Support selective register dumps for perf events. This includes
382 bit-mapping of each registers and a unique architecture id.
383
c5ebcedb
JO		 384config HAVE_PERF_USER_STACK_DUMP
385 bool
386 help
387 Support user stack dumps for perf event samples. This needs
388 access to the user stack pointer which is not unified across
389 architectures.
390
bf5438fc
JB		 391config HAVE_ARCH_JUMP_LABEL
392 bool
393
50ff18ab
AB		 394config HAVE_ARCH_JUMP_LABEL_RELATIVE
395 bool
396
0d6e24d4
PZ		 397config MMU_GATHER_TABLE_FREE
398 bool
399
ff2e6d72 400config MMU_GATHER_RCU_TABLE_FREE
26723911 401 bool
0d6e24d4 402 select MMU_GATHER_TABLE_FREE
26723911 403
3af4bd03 404config MMU_GATHER_PAGE_SIZE
ed6a7935
PZ		 405 bool
406
27796d03
PZ		 407config MMU_GATHER_NO_RANGE
408 bool
409
580a586c 410config MMU_GATHER_NO_GATHER
952a31c9 411 bool
0d6e24d4 412 depends on MMU_GATHER_TABLE_FREE
952a31c9 413
df013ffb
HY		 414config ARCH_HAVE_NMI_SAFE_CMPXCHG
415 bool
416
43570fd2
HC		 417config HAVE_ALIGNED_STRUCT_PAGE
418 bool
419 help
420 This makes sure that struct pages are double word aligned and that
421 e.g. the SLUB allocator can perform double word atomic operations
422 on a struct page for better performance. However selecting this
423 might increase the size of a struct page by a word.
424
4156153c
HC		 425config HAVE_CMPXCHG_LOCAL
426 bool
427
2565409f
HC		 428config HAVE_CMPXCHG_DOUBLE
429 bool
430
77e58496
PM		 431config ARCH_WEAK_RELEASE_ACQUIRE
432 bool
433
c1d7e01d
WD		 434config ARCH_WANT_IPC_PARSE_VERSION
435 bool
436
437config ARCH_WANT_COMPAT_IPC_PARSE_VERSION
438 bool
439
48b25c43 440config ARCH_WANT_OLD_COMPAT_IPC
c1d7e01d 441 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
48b25c43
CM		 442 bool
443
e2cfabdf
WD		 444config HAVE_ARCH_SECCOMP_FILTER
445 bool
446 help
fb0fadf9 447 An arch should select this symbol if it provides all of these things:
bb6ea430
WD		 448 - syscall_get_arch()
449 - syscall_get_arguments()
450 - syscall_rollback()
451 - syscall_set_return_value()
fb0fadf9
WD		 452 - SIGSYS siginfo_t support
453 - secure_computing is called from a ptrace_event()-safe context
454 - secure_computing return value is checked and a return value of -1
455 results in the system call being skipped immediately.
48dc92b9 456 - seccomp syscall wired up
e2cfabdf
WD		 457
458config SECCOMP_FILTER
459 def_bool y
460 depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET
461 help
462 Enable tasks to build secure computing environments defined
463 in terms of Berkeley Packet Filter programs which implement
464 task-defined system call filtering polices.
465
5fb94e9c 466 See Documentation/userspace-api/seccomp_filter.rst for details.
e2cfabdf 467
afaef01c
AP		 468config HAVE_ARCH_STACKLEAK
469 bool
470 help
471 An architecture should select this if it has the code which
472 fills the used part of the kernel stack with the STACKLEAK_POISON
473 value before returning from system calls.
474
d148eac0 475config HAVE_STACKPROTECTOR
19952a92
KC		 476 bool
477 help
478 An arch should select this symbol if:
19952a92
KC		 479 - it has implemented a stack canary (e.g. __stack_chk_guard)
480
2a61f474
MY		 481config CC_HAS_STACKPROTECTOR_NONE
482 def_bool $(cc-option,-fno-stack-protector)
483
050e9baa 484config STACKPROTECTOR
2a61f474 485 bool "Stack Protector buffer overflow detection"
d148eac0 486 depends on HAVE_STACKPROTECTOR
2a61f474
MY		 487 depends on $(cc-option,-fstack-protector)
488 default y
19952a92 489 help
8779657d 490 This option turns on the "stack-protector" GCC feature. This
19952a92
KC		 491 feature puts, at the beginning of functions, a canary value on
492 the stack just before the return address, and validates
493 the value just before actually returning. Stack based buffer
494 overflows (that need to overwrite this return address) now also
495 overwrite the canary, which gets detected and the attack is then
496 neutralized via a kernel panic.
497
8779657d
KC		 498 Functions will have the stack-protector canary logic added if they
499 have an 8-byte or larger character array on the stack.
500
19952a92 501 This feature requires gcc version 4.2 or above, or a distribution
8779657d
KC		 502 gcc with the feature backported ("-fstack-protector").
503
504 On an x86 "defconfig" build, this feature adds canary checks to
505 about 3% of all kernel functions, which increases kernel code size
506 by about 0.3%.
507
050e9baa 508config STACKPROTECTOR_STRONG
2a61f474 509 bool "Strong Stack Protector"
050e9baa 510 depends on STACKPROTECTOR
2a61f474
MY		 511 depends on $(cc-option,-fstack-protector-strong)
512 default y
8779657d
KC		 513 help
514 Functions will have the stack-protector canary logic added in any
515 of the following conditions:
516
517 - local variable's address used as part of the right hand side of an
518 assignment or function argument
519 - local variable is an array (or union containing an array),
520 regardless of array type or length
521 - uses register local variables
522
523 This feature requires gcc version 4.9 or above, or a distribution
524 gcc with the feature backported ("-fstack-protector-strong").
525
526 On an x86 "defconfig" build, this feature adds canary checks to
527 about 20% of all kernel functions, which increases the kernel code
528 size by about 2%.
529
d08b9f0c
ST		 530config ARCH_SUPPORTS_SHADOW_CALL_STACK
531 bool
532 help
533 An architecture should select this if it supports Clang's Shadow
aa7a65ae
WD		 534 Call Stack and implements runtime support for shadow stack
535 switching.
d08b9f0c
ST		 536
537config SHADOW_CALL_STACK
538 bool "Clang Shadow Call Stack"
539 depends on CC_IS_CLANG && ARCH_SUPPORTS_SHADOW_CALL_STACK
ddc9863e 540 depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
d08b9f0c
ST		 541 help
542 This option enables Clang's Shadow Call Stack, which uses a
543 shadow stack to protect function return addresses from being
544 overwritten by an attacker. More information can be found in
545 Clang's documentation:
546
547 https://clang.llvm.org/docs/ShadowCallStack.html
548
549 Note that security guarantees in the kernel differ from the
550 ones documented for user space. The kernel must store addresses
551 of shadow stacks in memory, which means an attacker capable of
552 reading and writing arbitrary memory may be able to locate them
553 and hijack control flow by modifying the stacks.
554
0f60a8ef
KC		 555config HAVE_ARCH_WITHIN_STACK_FRAMES
556 bool
557 help
558 An architecture should select this if it can walk the kernel stack
559 frames to determine if an object is part of either the arguments
560 or local variables (i.e. that it excludes saved return addresses,
561 and similar) by implementing an inline arch_within_stack_frames(),
562 which is used by CONFIG_HARDENED_USERCOPY.
563
91d1aa43 564config HAVE_CONTEXT_TRACKING
2b1d5024
FW		 565 bool
566 help
91d1aa43
FW		 567 Provide kernel/user boundaries probes necessary for subsystems
568 that need it, such as userspace RCU extended quiescent state.
490f561b
FW		 569 Syscalls need to be wrapped inside user_exit()-user_enter(), either
570 optimized behind static key or through the slow path using TIF_NOHZ
571 flag. Exceptions handlers must be wrapped as well. Irqs are already
572 protected inside rcu_irq_enter/rcu_irq_exit() but preemption or signal
573 handling on irq exit still need to be protected.
574
575config HAVE_TIF_NOHZ
576 bool
577 help
578 Arch relies on TIF_NOHZ and syscall slow path to implement context
579 tracking calls to user_enter()/user_exit().
2b1d5024 580
b952741c
FW		 581config HAVE_VIRT_CPU_ACCOUNTING
582 bool
583
40565b5a
SG		 584config ARCH_HAS_SCALED_CPUTIME
585 bool
586
554b0004
KH		 587config HAVE_VIRT_CPU_ACCOUNTING_GEN
588 bool
589 default y if 64BIT
590 help
591 With VIRT_CPU_ACCOUNTING_GEN, cputime_t becomes 64-bit.
592 Before enabling this option, arch code must be audited
593 to ensure there are no races in concurrent read/write of
594 cputime_t. For example, reading/writing 64-bit cputime_t on
595 some 32-bit arches may require multiple accesses, so proper
596 locking is needed to protect against concurrent accesses.
597
598
fdf9c356
FW		 599config HAVE_IRQ_TIME_ACCOUNTING
600 bool
601 help
602 Archs need to ensure they use a high enough resolution clock to
603 support irq time accounting and then call enable_sched_clock_irqtime().
604
2c91bd4a
JFG		 605config HAVE_MOVE_PMD
606 bool
607 help
608 Archs that select this are able to move page tables at the PMD level.
609
15626062
GS		 610config HAVE_ARCH_TRANSPARENT_HUGEPAGE
611 bool
612
a00cc7d9
MW		 613config HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD
614 bool
615
0ddab1d2
TK		 616config HAVE_ARCH_HUGE_VMAP
617 bool
618
3876d4a3
AG		 619config ARCH_WANT_HUGE_PMD_SHARE
620 bool
621
0f8975ec
PE		 622config HAVE_ARCH_SOFT_DIRTY
623 bool
624
786d35d4
DH		 625config HAVE_MOD_ARCH_SPECIFIC
626 bool
627 help
628 The arch uses struct mod_arch_specific to store data. Many arches
629 just need a simple module loader without arch specific data - those
630 should not enable this.
631
632config MODULES_USE_ELF_RELA
633 bool
634 help
635 Modules only use ELF RELA relocations. Modules with ELF REL
636 relocations will give an error.
637
638config MODULES_USE_ELF_REL
639 bool
640 help
641 Modules only use ELF REL relocations. Modules with ELF RELA
642 relocations will give an error.
643
cc1f0274
FW		 644config HAVE_IRQ_EXIT_ON_IRQ_STACK
645 bool
646 help
647 Architecture doesn't only execute the irq handler on the irq stack
648 but also irq_exit(). This way we can process softirqs on this irq
649 stack instead of switching to a new one when we call __do_softirq()
650 in the end of an hardirq.
651 This spares a stack switch and improves cache usage on softirq
652 processing.
653
235a8f02
KS		 654config PGTABLE_LEVELS
655 int
656 default 2
657
2b68f6ca
KC		 658config ARCH_HAS_ELF_RANDOMIZE
659 bool
660 help
661 An architecture supports choosing randomized locations for
662 stack, mmap, brk, and ET_DYN. Defined functions:
663 - arch_mmap_rnd()
204db6ed 664 - arch_randomize_brk()
2b68f6ca 665
d07e2259
DC		 666config HAVE_ARCH_MMAP_RND_BITS
667 bool
668 help
669 An arch should select this symbol if it supports setting a variable
670 number of bits for use in establishing the base address for mmap
671 allocations, has MMU enabled and provides values for both:
672 - ARCH_MMAP_RND_BITS_MIN
673 - ARCH_MMAP_RND_BITS_MAX
674
5f56a5df
JS		 675config HAVE_EXIT_THREAD
676 bool
677 help
678 An architecture implements exit_thread.
679
d07e2259
DC		 680config ARCH_MMAP_RND_BITS_MIN
681 int
682
683config ARCH_MMAP_RND_BITS_MAX
684 int
685
686config ARCH_MMAP_RND_BITS_DEFAULT
687 int
688
689config ARCH_MMAP_RND_BITS
690 int "Number of bits to use for ASLR of mmap base address" if EXPERT
691 range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
692 default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
693 default ARCH_MMAP_RND_BITS_MIN
694 depends on HAVE_ARCH_MMAP_RND_BITS
695 help
696 This value can be used to select the number of bits to use to
697 determine the random offset to the base address of vma regions
698 resulting from mmap allocations. This value will be bounded
699 by the architecture's minimum and maximum supported values.
700
701 This value can be changed after boot using the
702 /proc/sys/vm/mmap_rnd_bits tunable
703
704config HAVE_ARCH_MMAP_RND_COMPAT_BITS
705 bool
706 help
707 An arch should select this symbol if it supports running applications
708 in compatibility mode, supports setting a variable number of bits for
709 use in establishing the base address for mmap allocations, has MMU
710 enabled and provides values for both:
711 - ARCH_MMAP_RND_COMPAT_BITS_MIN
712 - ARCH_MMAP_RND_COMPAT_BITS_MAX
713
714config ARCH_MMAP_RND_COMPAT_BITS_MIN
715 int
716
717config ARCH_MMAP_RND_COMPAT_BITS_MAX
718 int
719
720config ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
721 int
722
723config ARCH_MMAP_RND_COMPAT_BITS
724 int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
725 range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
726 default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
727 default ARCH_MMAP_RND_COMPAT_BITS_MIN
728 depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
729 help
730 This value can be used to select the number of bits to use to
731 determine the random offset to the base address of vma regions
732 resulting from mmap allocations for compatible applications This
733 value will be bounded by the architecture's minimum and maximum
734 supported values.
735
736 This value can be changed after boot using the
737 /proc/sys/vm/mmap_rnd_compat_bits tunable
738
1b028f78
DS		 739config HAVE_ARCH_COMPAT_MMAP_BASES
740 bool
741 help
742 This allows 64bit applications to invoke 32-bit mmap() syscall
743 and vice-versa 32-bit applications to call 64-bit mmap().
744 Required for applications doing different bitness syscalls.
745
67f3977f
AG		 746# This allows to use a set of generic functions to determine mmap base
747# address by giving priority to top-down scheme only if the process
748# is not in legacy mode (compat task, unlimited stack size or
749# sysctl_legacy_va_layout).
750# Architecture that selects this option can provide its own version of:
751# - STACK_RND_MASK
752config ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
753 bool
754 depends on MMU
e7142bf5 755 select ARCH_HAS_ELF_RANDOMIZE
67f3977f 756
3033f14a
JT		 757config HAVE_COPY_THREAD_TLS
758 bool
759 help
760 Architecture provides copy_thread_tls to accept tls argument via
761 normal C parameter passing, rather than extracting the syscall
762 argument from pt_regs.
763
b9ab5ebb
JP		 764config HAVE_STACK_VALIDATION
765 bool
766 help
767 Architecture supports the 'objtool check' host tool command, which
768 performs compile-time stack metadata validation.
769
af085d90
JP		 770config HAVE_RELIABLE_STACKTRACE
771 bool
772 help
140d7e88
MB		 773 Architecture has either save_stack_trace_tsk_reliable() or
774 arch_stack_walk_reliable() function which only returns a stack trace
775 if it can guarantee the trace is reliable.
af085d90 776
468a9428
GS		 777config HAVE_ARCH_HASH
778 bool
779 default n
780 help
781 If this is set, the architecture provides an <asm/hash.h>
782 file which provides platform-specific implementations of some
783 functions in <linux/hash.h> or fs/namei.c.
784
666047fe
FT		 785config HAVE_ARCH_NVRAM_OPS
786 bool
787
3a495511
WBG		 788config ISA_BUS_API
789 def_bool ISA
790
d2125043
AV		 791#
792# ABI hall of shame
793#
794config CLONE_BACKWARDS
795 bool
796 help
797 Architecture has tls passed as the 4th argument of clone(2),
798 not the 5th one.
799
800config CLONE_BACKWARDS2
801 bool
802 help
803 Architecture has the first two arguments of clone(2) swapped.
804
dfa9771a
MS		 805config CLONE_BACKWARDS3
806 bool
807 help
808 Architecture has tls passed as the 3rd argument of clone(2),
809 not the 5th one.
810
eaca6eae
AV		 811config ODD_RT_SIGACTION
812 bool
813 help
814 Architecture has unusual rt_sigaction(2) arguments
815
0a0e8cdf
AV		 816config OLD_SIGSUSPEND
817 bool
818 help
819 Architecture has old sigsuspend(2) syscall, of one-argument variety
820
821config OLD_SIGSUSPEND3
822 bool
823 help
824 Even weirder antique ABI - three-argument sigsuspend(2)
825
495dfbf7
AV		 826config OLD_SIGACTION
827 bool
828 help
829 Architecture has old sigaction(2) syscall. Nope, not the same
830 as OLD_SIGSUSPEND | OLD_SIGSUSPEND3 - alpha has sigsuspend(2),
831 but fairly different variant of sigaction(2), thanks to OSF/1
832 compatibility...
833
834config COMPAT_OLD_SIGACTION
835 bool
836
17435e5f 837config COMPAT_32BIT_TIME
942437c9
AB		 838 bool "Provide system calls for 32-bit time_t"
839 default !64BIT || COMPAT
17435e5f
DD		 840 help
841 This enables 32 bit time_t support in addition to 64 bit time_t support.
842 This is relevant on all 32-bit architectures, and 64-bit architectures
843 as part of compat syscall handling.
844
87a4c375
CH		 845config ARCH_NO_PREEMPT
846 bool
847
a50a3f4b
TG		 848config ARCH_SUPPORTS_RT
849 bool
850
fff7fb0b
ZZ		 851config CPU_NO_EFFICIENT_FFS
852 def_bool n
853
ba14a194
AL		 854config HAVE_ARCH_VMAP_STACK
855 def_bool n
856 help
857 An arch should select this symbol if it can support kernel stacks
858 in vmalloc space. This means:
859
860 - vmalloc space must be large enough to hold many kernel stacks.
861 This may rule out many 32-bit architectures.
862
863 - Stacks in vmalloc space need to work reliably. For example, if
864 vmap page tables are created on demand, either this mechanism
865 needs to work while the stack points to a virtual address with
866 unpopulated page tables or arch code (switch_to() and switch_mm(),
867 most likely) needs to ensure that the stack's page table entries
868 are populated before running on a possibly unpopulated stack.
869
870 - If the stack overflows into a guard page, something reasonable
871 should happen. The definition of "reasonable" is flexible, but
872 instantly rebooting without logging anything would be unfriendly.
873
874config VMAP_STACK
875 default y
876 bool "Use a virtually-mapped stack"
eafb149e
DA		 877 depends on HAVE_ARCH_VMAP_STACK
878 depends on !KASAN || KASAN_VMALLOC
a7f7f624 879 help
ba14a194
AL		 880 Enable this if you want the use virtually-mapped kernel stacks
881 with guard pages. This causes kernel stack overflows to be
882 caught immediately rather than causing difficult-to-diagnose
883 corruption.
884
eafb149e
DA		 885 To use this with KASAN, the architecture must support backing
886 virtual mappings with real shadow memory, and KASAN_VMALLOC must
887 be enabled.
ba14a194 888
ad21fc4f
LA		 889config ARCH_OPTIONAL_KERNEL_RWX
890 def_bool n
891
892config ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
893 def_bool n
894
895config ARCH_HAS_STRICT_KERNEL_RWX
896 def_bool n
897
0f5bf6d0 898config STRICT_KERNEL_RWX
ad21fc4f
LA		 899 bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX
900 depends on ARCH_HAS_STRICT_KERNEL_RWX
901 default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
902 help
903 If this is set, kernel text and rodata memory will be made read-only,
904 and non-text memory will be made non-executable. This provides
905 protection against certain security exploits (e.g. executing the heap
906 or modifying text)
907
908 These features are considered standard security practice these days.
909 You should say Y here in almost all cases.
910
911config ARCH_HAS_STRICT_MODULE_RWX
912 def_bool n
913
0f5bf6d0 914config STRICT_MODULE_RWX
ad21fc4f
LA		 915 bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX
916 depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES
917 default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
918 help
919 If this is set, module text and rodata memory will be made read-only,
920 and non-text memory will be made non-executable. This provides
921 protection against certain security exploits (e.g. writing to text)
922
ea8c64ac
CH		 923# select if the architecture provides an asm/dma-direct.h header
924config ARCH_HAS_PHYS_TO_DMA
925 bool
926
04f264d3
PB		 927config HAVE_ARCH_COMPILER_H
928 bool
929 help
930 An architecture can select this if it provides an
931 asm/compiler.h header that should be included after
932 linux/compiler-*.h in order to override macro definitions that those
933 headers generally provide.
934
271ca788
AB		 935config HAVE_ARCH_PREL32_RELOCATIONS
936 bool
937 help
938 May be selected by an architecture if it supports place-relative
939 32-bit relocations, both in the toolchain and in the module loader,
940 in which case relative references can be used in special sections
941 for PCI fixup, initcalls etc which are only half the size on 64 bit
942 architectures, and don't require runtime relocation on relocatable
943 kernels.
944
ce9084ba
AB		 945config ARCH_USE_MEMREMAP_PROT
946 bool
947
fb346fd9
WL		 948config LOCK_EVENT_COUNTS
949 bool "Locking event counts collection"
950 depends on DEBUG_FS
a7f7f624 951 help
fb346fd9
WL		 952 Enable light-weight counting of various locking related events
953 in the system with minimal performance impact. This reduces
954 the chance of application behavior change because of timing
955 differences. The counts are reported via debugfs.
956
5cf896fb
PC		 957# Select if the architecture has support for applying RELR relocations.
958config ARCH_HAS_RELR
959 bool
960
961config RELR
962 bool "Use RELR relocation packing"
963 depends on ARCH_HAS_RELR && TOOLS_SUPPORT_RELR
964 default y
965 help
966 Store the kernel's dynamic relocations in the RELR relocation packing
967 format. Requires a compatible linker (LLD supports this feature), as
968 well as compatible NM and OBJCOPY utilities (llvm-nm and llvm-objcopy
969 are compatible).
970
0c9c1d56
TJB		 971config ARCH_HAS_MEM_ENCRYPT
972 bool
973
0e242208
HN		 974config HAVE_SPARSE_SYSCALL_NR
975 bool
976 help
977 An architecture should select this if its syscall numbering is sparse
978 to save space. For example, MIPS architecture has a syscall array with
979 entries at 4000, 5000 and 6000 locations. This option turns on syscall
980 related optimizations for a given architecture.
981
2521f2c2 982source "kernel/gcov/Kconfig"
45332b1b
MY		 983
984source "scripts/gcc-plugins/Kconfig"
fa1b5d09 985
22471e13 986endmenu
Linux 6.x block layer and io_uring tree(s)