mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-12 08:00:09 +00:00
f19fbd5ed6
Add CONFIG_EXPOLINE to enable the use of the new -mindirect-branch= and -mfunction_return= compiler options to create a kernel fortified against the specte v2 attack. With CONFIG_EXPOLINE=y all indirect branches will be issued with an execute type instruction. For z10 or newer the EXRL instruction will be used, for older machines the EX instruction. The typical indirect call basr %r14,%r1 is replaced with a PC relative call to a new thunk brasl %r14,__s390x_indirect_jump_r1 The thunk contains the EXRL/EX instruction to the indirect branch __s390x_indirect_jump_r1: exrl 0,0f j . 0: br %r1 The detour via the execute type instruction has a performance impact. To get rid of the detour the new kernel parameter "nospectre_v2" and "spectre_v2=[on,off,auto]" can be used. If the parameter is specified the kernel and module code will be patched at runtime. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
969 lines
25 KiB
Plaintext
969 lines
25 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
config MMU
|
|
def_bool y
|
|
|
|
config ZONE_DMA
|
|
def_bool y
|
|
|
|
config CPU_BIG_ENDIAN
|
|
def_bool y
|
|
|
|
config LOCKDEP_SUPPORT
|
|
def_bool y
|
|
|
|
config STACKTRACE_SUPPORT
|
|
def_bool y
|
|
|
|
config RWSEM_GENERIC_SPINLOCK
|
|
bool
|
|
|
|
config RWSEM_XCHGADD_ALGORITHM
|
|
def_bool y
|
|
|
|
config ARCH_HAS_ILOG2_U32
|
|
def_bool n
|
|
|
|
config ARCH_HAS_ILOG2_U64
|
|
def_bool n
|
|
|
|
config GENERIC_HWEIGHT
|
|
def_bool y
|
|
|
|
config GENERIC_BUG
|
|
def_bool y if BUG
|
|
|
|
config GENERIC_BUG_RELATIVE_POINTERS
|
|
def_bool y
|
|
|
|
config ARCH_DMA_ADDR_T_64BIT
|
|
def_bool y
|
|
|
|
config GENERIC_LOCKBREAK
|
|
def_bool y if SMP && PREEMPT
|
|
|
|
config PGSTE
|
|
def_bool y if KVM
|
|
|
|
config ARCH_SUPPORTS_DEBUG_PAGEALLOC
|
|
def_bool y
|
|
|
|
config KEXEC
|
|
def_bool y
|
|
select KEXEC_CORE
|
|
|
|
config AUDIT_ARCH
|
|
def_bool y
|
|
|
|
config NO_IOPORT_MAP
|
|
def_bool y
|
|
|
|
config PCI_QUIRKS
|
|
def_bool n
|
|
|
|
config ARCH_SUPPORTS_UPROBES
|
|
def_bool y
|
|
|
|
config S390
|
|
def_bool y
|
|
select ARCH_BINFMT_ELF_STATE
|
|
select ARCH_HAS_DEVMEM_IS_ALLOWED
|
|
select ARCH_HAS_ELF_RANDOMIZE
|
|
select ARCH_HAS_FORTIFY_SOURCE
|
|
select ARCH_HAS_GCOV_PROFILE_ALL
|
|
select ARCH_HAS_GIGANTIC_PAGE if (MEMORY_ISOLATION && COMPACTION) || CMA
|
|
select ARCH_HAS_KCOV
|
|
select ARCH_HAS_SET_MEMORY
|
|
select ARCH_HAS_SG_CHAIN
|
|
select ARCH_HAS_STRICT_KERNEL_RWX
|
|
select ARCH_HAS_STRICT_MODULE_RWX
|
|
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
|
select ARCH_INLINE_READ_LOCK
|
|
select ARCH_INLINE_READ_LOCK_BH
|
|
select ARCH_INLINE_READ_LOCK_IRQ
|
|
select ARCH_INLINE_READ_LOCK_IRQSAVE
|
|
select ARCH_INLINE_READ_TRYLOCK
|
|
select ARCH_INLINE_READ_UNLOCK
|
|
select ARCH_INLINE_READ_UNLOCK_BH
|
|
select ARCH_INLINE_READ_UNLOCK_IRQ
|
|
select ARCH_INLINE_READ_UNLOCK_IRQRESTORE
|
|
select ARCH_INLINE_SPIN_LOCK
|
|
select ARCH_INLINE_SPIN_LOCK_BH
|
|
select ARCH_INLINE_SPIN_LOCK_IRQ
|
|
select ARCH_INLINE_SPIN_LOCK_IRQSAVE
|
|
select ARCH_INLINE_SPIN_TRYLOCK
|
|
select ARCH_INLINE_SPIN_TRYLOCK_BH
|
|
select ARCH_INLINE_SPIN_UNLOCK
|
|
select ARCH_INLINE_SPIN_UNLOCK_BH
|
|
select ARCH_INLINE_SPIN_UNLOCK_IRQ
|
|
select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE
|
|
select ARCH_INLINE_WRITE_LOCK
|
|
select ARCH_INLINE_WRITE_LOCK_BH
|
|
select ARCH_INLINE_WRITE_LOCK_IRQ
|
|
select ARCH_INLINE_WRITE_LOCK_IRQSAVE
|
|
select ARCH_INLINE_WRITE_TRYLOCK
|
|
select ARCH_INLINE_WRITE_UNLOCK
|
|
select ARCH_INLINE_WRITE_UNLOCK_BH
|
|
select ARCH_INLINE_WRITE_UNLOCK_IRQ
|
|
select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE
|
|
select ARCH_SAVE_PAGE_KEYS if HIBERNATION
|
|
select ARCH_SUPPORTS_ATOMIC_RMW
|
|
select ARCH_SUPPORTS_NUMA_BALANCING
|
|
select ARCH_USE_BUILTIN_BSWAP
|
|
select ARCH_USE_CMPXCHG_LOCKREF
|
|
select ARCH_WANTS_DYNAMIC_TASK_STRUCT
|
|
select ARCH_WANTS_PROT_NUMA_PROT_NONE
|
|
select ARCH_WANTS_UBSAN_NO_NULL
|
|
select ARCH_WANT_IPC_PARSE_VERSION
|
|
select BUILDTIME_EXTABLE_SORT
|
|
select CLONE_BACKWARDS2
|
|
select DYNAMIC_FTRACE if FUNCTION_TRACER
|
|
select GENERIC_CLOCKEVENTS
|
|
select GENERIC_CPU_AUTOPROBE
|
|
select GENERIC_CPU_DEVICES if !SMP
|
|
select GENERIC_FIND_FIRST_BIT
|
|
select GENERIC_SMP_IDLE_THREAD
|
|
select GENERIC_TIME_VSYSCALL
|
|
select HAVE_ALIGNED_STRUCT_PAGE if SLUB
|
|
select HAVE_ARCH_AUDITSYSCALL
|
|
select HAVE_ARCH_JUMP_LABEL
|
|
select CPU_NO_EFFICIENT_FFS if !HAVE_MARCH_Z9_109_FEATURES
|
|
select HAVE_ARCH_SECCOMP_FILTER
|
|
select HAVE_ARCH_SOFT_DIRTY
|
|
select HAVE_ARCH_TRACEHOOK
|
|
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
|
|
select HAVE_EBPF_JIT if PACK_STACK && HAVE_MARCH_Z196_FEATURES
|
|
select HAVE_CMPXCHG_DOUBLE
|
|
select HAVE_CMPXCHG_LOCAL
|
|
select HAVE_COPY_THREAD_TLS
|
|
select HAVE_DEBUG_KMEMLEAK
|
|
select HAVE_DMA_API_DEBUG
|
|
select HAVE_DMA_CONTIGUOUS
|
|
select DMA_DIRECT_OPS
|
|
select HAVE_DYNAMIC_FTRACE
|
|
select HAVE_DYNAMIC_FTRACE_WITH_REGS
|
|
select HAVE_EFFICIENT_UNALIGNED_ACCESS
|
|
select HAVE_FTRACE_MCOUNT_RECORD
|
|
select HAVE_FUNCTION_GRAPH_TRACER
|
|
select HAVE_FUNCTION_TRACER
|
|
select HAVE_FUTEX_CMPXCHG if FUTEX
|
|
select HAVE_GCC_PLUGINS
|
|
select HAVE_KERNEL_BZIP2
|
|
select HAVE_KERNEL_GZIP
|
|
select HAVE_KERNEL_LZ4
|
|
select HAVE_KERNEL_LZMA
|
|
select HAVE_KERNEL_LZO
|
|
select HAVE_KERNEL_XZ
|
|
select HAVE_KPROBES
|
|
select HAVE_KRETPROBES
|
|
select HAVE_KVM
|
|
select HAVE_LIVEPATCH
|
|
select HAVE_PERF_REGS
|
|
select HAVE_PERF_USER_STACK_DUMP
|
|
select HAVE_MEMBLOCK
|
|
select HAVE_MEMBLOCK_NODE_MAP
|
|
select HAVE_MEMBLOCK_PHYS_MAP
|
|
select HAVE_MOD_ARCH_SPECIFIC
|
|
select HAVE_OPROFILE
|
|
select HAVE_PERF_EVENTS
|
|
select HAVE_REGS_AND_STACK_ACCESS_API
|
|
select HAVE_SYSCALL_TRACEPOINTS
|
|
select HAVE_VIRT_CPU_ACCOUNTING
|
|
select MODULES_USE_ELF_RELA
|
|
select NO_BOOTMEM
|
|
select OLD_SIGACTION
|
|
select OLD_SIGSUSPEND3
|
|
select SPARSE_IRQ
|
|
select SYSCTL_EXCEPTION_TRACE
|
|
select THREAD_INFO_IN_TASK
|
|
select TTY
|
|
select VIRT_CPU_ACCOUNTING
|
|
select ARCH_HAS_SCALED_CPUTIME
|
|
select VIRT_TO_BUS
|
|
select HAVE_NMI
|
|
|
|
|
|
config SCHED_OMIT_FRAME_POINTER
|
|
def_bool y
|
|
|
|
config PGTABLE_LEVELS
|
|
int
|
|
default 5
|
|
|
|
source "init/Kconfig"
|
|
|
|
source "kernel/Kconfig.freezer"
|
|
|
|
source "kernel/livepatch/Kconfig"
|
|
|
|
menu "Processor type and features"
|
|
|
|
config HAVE_MARCH_Z900_FEATURES
|
|
def_bool n
|
|
|
|
config HAVE_MARCH_Z990_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z900_FEATURES
|
|
|
|
config HAVE_MARCH_Z9_109_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z990_FEATURES
|
|
|
|
config HAVE_MARCH_Z10_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z9_109_FEATURES
|
|
|
|
config HAVE_MARCH_Z196_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z10_FEATURES
|
|
|
|
config HAVE_MARCH_ZEC12_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z196_FEATURES
|
|
|
|
config HAVE_MARCH_Z13_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_ZEC12_FEATURES
|
|
|
|
config HAVE_MARCH_Z14_FEATURES
|
|
def_bool n
|
|
select HAVE_MARCH_Z13_FEATURES
|
|
|
|
choice
|
|
prompt "Processor type"
|
|
default MARCH_Z196
|
|
|
|
config MARCH_Z900
|
|
bool "IBM zSeries model z800 and z900"
|
|
select HAVE_MARCH_Z900_FEATURES
|
|
help
|
|
Select this to enable optimizations for model z800/z900 (2064 and
|
|
2066 series). This will enable some optimizations that are not
|
|
available on older ESA/390 (31 Bit) only CPUs.
|
|
|
|
config MARCH_Z990
|
|
bool "IBM zSeries model z890 and z990"
|
|
select HAVE_MARCH_Z990_FEATURES
|
|
help
|
|
Select this to enable optimizations for model z890/z990 (2084 and
|
|
2086 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z9_109
|
|
bool "IBM System z9"
|
|
select HAVE_MARCH_Z9_109_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM System z9 (2094 and
|
|
2096 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z10
|
|
bool "IBM System z10"
|
|
select HAVE_MARCH_Z10_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM System z10 (2097 and
|
|
2098 series). The kernel will be slightly faster but will not work
|
|
on older machines.
|
|
|
|
config MARCH_Z196
|
|
bool "IBM zEnterprise 114 and 196"
|
|
select HAVE_MARCH_Z196_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM zEnterprise 114 and 196
|
|
(2818 and 2817 series). The kernel will be slightly faster but will
|
|
not work on older machines.
|
|
|
|
config MARCH_ZEC12
|
|
bool "IBM zBC12 and zEC12"
|
|
select HAVE_MARCH_ZEC12_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM zBC12 and zEC12 (2828 and
|
|
2827 series). The kernel will be slightly faster but will not work on
|
|
older machines.
|
|
|
|
config MARCH_Z13
|
|
bool "IBM z13s and z13"
|
|
select HAVE_MARCH_Z13_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM z13s and z13 (2965 and
|
|
2964 series). The kernel will be slightly faster but will not work on
|
|
older machines.
|
|
|
|
config MARCH_Z14
|
|
bool "IBM z14"
|
|
select HAVE_MARCH_Z14_FEATURES
|
|
help
|
|
Select this to enable optimizations for IBM z14 (3906 series).
|
|
The kernel will be slightly faster but will not work on older
|
|
machines.
|
|
|
|
endchoice
|
|
|
|
config MARCH_Z900_TUNE
|
|
def_bool TUNE_Z900 || MARCH_Z900 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z990_TUNE
|
|
def_bool TUNE_Z990 || MARCH_Z990 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z9_109_TUNE
|
|
def_bool TUNE_Z9_109 || MARCH_Z9_109 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z10_TUNE
|
|
def_bool TUNE_Z10 || MARCH_Z10 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z196_TUNE
|
|
def_bool TUNE_Z196 || MARCH_Z196 && TUNE_DEFAULT
|
|
|
|
config MARCH_ZEC12_TUNE
|
|
def_bool TUNE_ZEC12 || MARCH_ZEC12 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z13_TUNE
|
|
def_bool TUNE_Z13 || MARCH_Z13 && TUNE_DEFAULT
|
|
|
|
config MARCH_Z14_TUNE
|
|
def_bool TUNE_Z14 || MARCH_Z14 && TUNE_DEFAULT
|
|
|
|
choice
|
|
prompt "Tune code generation"
|
|
default TUNE_DEFAULT
|
|
help
|
|
Cause the compiler to tune (-mtune) the generated code for a machine.
|
|
This will make the code run faster on the selected machine but
|
|
somewhat slower on other machines.
|
|
This option only changes how the compiler emits instructions, not the
|
|
selection of instructions itself, so the resulting kernel will run on
|
|
all other machines.
|
|
|
|
config TUNE_DEFAULT
|
|
bool "Default"
|
|
help
|
|
Tune the generated code for the target processor for which the kernel
|
|
will be compiled.
|
|
|
|
config TUNE_Z900
|
|
bool "IBM zSeries model z800 and z900"
|
|
|
|
config TUNE_Z990
|
|
bool "IBM zSeries model z890 and z990"
|
|
|
|
config TUNE_Z9_109
|
|
bool "IBM System z9"
|
|
|
|
config TUNE_Z10
|
|
bool "IBM System z10"
|
|
|
|
config TUNE_Z196
|
|
bool "IBM zEnterprise 114 and 196"
|
|
|
|
config TUNE_ZEC12
|
|
bool "IBM zBC12 and zEC12"
|
|
|
|
config TUNE_Z13
|
|
bool "IBM z13"
|
|
|
|
config TUNE_Z14
|
|
bool "IBM z14"
|
|
|
|
endchoice
|
|
|
|
config 64BIT
|
|
def_bool y
|
|
|
|
config COMPAT
|
|
def_bool y
|
|
prompt "Kernel support for 31 bit emulation"
|
|
select COMPAT_BINFMT_ELF if BINFMT_ELF
|
|
select ARCH_WANT_OLD_COMPAT_IPC
|
|
select COMPAT_OLD_SIGACTION
|
|
depends on MULTIUSER
|
|
help
|
|
Select this option if you want to enable your system kernel to
|
|
handle system-calls from ELF binaries for 31 bit ESA. This option
|
|
(and some other stuff like libraries and such) is needed for
|
|
executing 31 bit applications. It is safe to say "Y".
|
|
|
|
config SYSVIPC_COMPAT
|
|
def_bool y if COMPAT && SYSVIPC
|
|
|
|
config SMP
|
|
def_bool y
|
|
prompt "Symmetric multi-processing support"
|
|
---help---
|
|
This enables support for systems with more than one CPU. If you have
|
|
a system with only one CPU, like most personal computers, say N. If
|
|
you have a system with more than one CPU, say Y.
|
|
|
|
If you say N here, the kernel will run on uni- and multiprocessor
|
|
machines, but will use only one CPU of a multiprocessor machine. If
|
|
you say Y here, the kernel will run on many, but not all,
|
|
uniprocessor machines. On a uniprocessor machine, the kernel
|
|
will run faster if you say N here.
|
|
|
|
See also the SMP-HOWTO available at
|
|
<http://www.tldp.org/docs.html#howto>.
|
|
|
|
Even if you don't know what to do here, say Y.
|
|
|
|
config NR_CPUS
|
|
int "Maximum number of CPUs (2-512)"
|
|
range 2 512
|
|
depends on SMP
|
|
default "64"
|
|
help
|
|
This allows you to specify the maximum number of CPUs which this
|
|
kernel will support. The maximum supported value is 512 and the
|
|
minimum value which makes sense is 2.
|
|
|
|
This is purely to save memory - each supported CPU adds
|
|
approximately sixteen kilobytes to the kernel image.
|
|
|
|
config HOTPLUG_CPU
|
|
def_bool y
|
|
prompt "Support for hot-pluggable CPUs"
|
|
depends on SMP
|
|
help
|
|
Say Y here to be able to turn CPUs off and on. CPUs
|
|
can be controlled through /sys/devices/system/cpu/cpu#.
|
|
Say N if you want to disable CPU hotplug.
|
|
|
|
# Some NUMA nodes have memory ranges that span
|
|
# other nodes. Even though a pfn is valid and
|
|
# between a node's start and end pfns, it may not
|
|
# reside on that node. See memmap_init_zone()
|
|
# for details. <- They meant memory holes!
|
|
config NODES_SPAN_OTHER_NODES
|
|
def_bool NUMA
|
|
|
|
config NUMA
|
|
bool "NUMA support"
|
|
depends on SMP && SCHED_TOPOLOGY
|
|
default n
|
|
help
|
|
Enable NUMA support
|
|
|
|
This option adds NUMA support to the kernel.
|
|
|
|
An operation mode can be selected by appending
|
|
numa=<method> to the kernel command line.
|
|
|
|
The default behaviour is identical to appending numa=plain to
|
|
the command line. This will create just one node with all
|
|
available memory and all CPUs in it.
|
|
|
|
config NODES_SHIFT
|
|
int "Maximum NUMA nodes (as a power of 2)"
|
|
range 1 10
|
|
depends on NUMA
|
|
default "4"
|
|
help
|
|
Specify the maximum number of NUMA nodes available on the target
|
|
system. Increases memory reserved to accommodate various tables.
|
|
|
|
menu "Select NUMA modes"
|
|
depends on NUMA
|
|
|
|
config NUMA_EMU
|
|
bool "NUMA emulation"
|
|
default y
|
|
help
|
|
Numa emulation mode will split the available system memory into
|
|
equal chunks which then are distributed over the configured number
|
|
of nodes in a round-robin manner.
|
|
|
|
The number of fake nodes is limited by the number of available memory
|
|
chunks (i.e. memory size / fake size) and the number of supported
|
|
nodes in the kernel.
|
|
|
|
The CPUs are assigned to the nodes in a way that partially respects
|
|
the original machine topology (if supported by the machine).
|
|
Fair distribution of the CPUs is not guaranteed.
|
|
|
|
config EMU_SIZE
|
|
hex "NUMA emulation memory chunk size"
|
|
default 0x10000000
|
|
range 0x400000 0x100000000
|
|
depends on NUMA_EMU
|
|
help
|
|
Select the default size by which the memory is chopped and then
|
|
assigned to emulated NUMA nodes.
|
|
|
|
This can be overridden by specifying
|
|
|
|
emu_size=<n>
|
|
|
|
on the kernel command line where also suffixes K, M, G, and T are
|
|
supported.
|
|
|
|
endmenu
|
|
|
|
config SCHED_SMT
|
|
def_bool n
|
|
|
|
config SCHED_MC
|
|
def_bool n
|
|
|
|
config SCHED_BOOK
|
|
def_bool n
|
|
|
|
config SCHED_DRAWER
|
|
def_bool n
|
|
|
|
config SCHED_TOPOLOGY
|
|
def_bool y
|
|
prompt "Topology scheduler support"
|
|
depends on SMP
|
|
select SCHED_SMT
|
|
select SCHED_MC
|
|
select SCHED_BOOK
|
|
select SCHED_DRAWER
|
|
help
|
|
Topology scheduler support improves the CPU scheduler's decision
|
|
making when dealing with machines that have multi-threading,
|
|
multiple cores or multiple books.
|
|
|
|
source kernel/Kconfig.preempt
|
|
|
|
source kernel/Kconfig.hz
|
|
|
|
config ARCH_RANDOM
|
|
def_bool y
|
|
prompt "s390 architectural random number generation API"
|
|
help
|
|
Enable the s390 architectural random number generation API
|
|
to provide random data for all consumers within the Linux
|
|
kernel.
|
|
|
|
When enabled the arch_random_* functions declared in linux/random.h
|
|
are implemented. The implementation is based on the s390 CPACF
|
|
instruction subfunction TRNG which provides a real true random
|
|
number generator.
|
|
|
|
If unsure, say Y.
|
|
|
|
config KERNEL_NOBP
|
|
def_bool n
|
|
prompt "Enable modified branch prediction for the kernel by default"
|
|
help
|
|
If this option is selected the kernel will switch to a modified
|
|
branch prediction mode if the firmware interface is available.
|
|
The modified branch prediction mode improves the behaviour in
|
|
regard to speculative execution.
|
|
|
|
With the option enabled the kernel parameter "nobp=0" or "nospec"
|
|
can be used to run the kernel in the normal branch prediction mode.
|
|
|
|
With the option disabled the modified branch prediction mode is
|
|
enabled with the "nobp=1" kernel parameter.
|
|
|
|
If unsure, say N.
|
|
|
|
config EXPOLINE
|
|
def_bool n
|
|
prompt "Avoid speculative indirect branches in the kernel"
|
|
help
|
|
Compile the kernel with the expoline compiler options to guard
|
|
against kernel-to-user data leaks by avoiding speculative indirect
|
|
branches.
|
|
Requires a compiler with -mindirect-branch=thunk support for full
|
|
protection. The kernel may run slower.
|
|
|
|
If unsure, say N.
|
|
|
|
choice
|
|
prompt "Expoline default"
|
|
depends on EXPOLINE
|
|
default EXPOLINE_FULL
|
|
|
|
config EXPOLINE_OFF
|
|
bool "spectre_v2=off"
|
|
|
|
config EXPOLINE_MEDIUM
|
|
bool "spectre_v2=auto"
|
|
|
|
config EXPOLINE_FULL
|
|
bool "spectre_v2=on"
|
|
|
|
endchoice
|
|
|
|
endmenu
|
|
|
|
menu "Memory setup"
|
|
|
|
config ARCH_SPARSEMEM_ENABLE
|
|
def_bool y
|
|
select SPARSEMEM_VMEMMAP_ENABLE
|
|
select SPARSEMEM_VMEMMAP
|
|
|
|
config ARCH_SPARSEMEM_DEFAULT
|
|
def_bool y
|
|
|
|
config ARCH_SELECT_MEMORY_MODEL
|
|
def_bool y
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTPLUG
|
|
def_bool y if SPARSEMEM
|
|
|
|
config ARCH_ENABLE_MEMORY_HOTREMOVE
|
|
def_bool y
|
|
|
|
config ARCH_ENABLE_SPLIT_PMD_PTLOCK
|
|
def_bool y
|
|
|
|
config FORCE_MAX_ZONEORDER
|
|
int
|
|
default "9"
|
|
|
|
source "mm/Kconfig"
|
|
|
|
config MAX_PHYSMEM_BITS
|
|
int "Maximum size of supported physical memory in bits (42-53)"
|
|
range 42 53
|
|
default "46"
|
|
help
|
|
This option specifies the maximum supported size of physical memory
|
|
in bits. Supported is any size between 2^42 (4TB) and 2^53 (8PB).
|
|
Increasing the number of bits also increases the kernel image size.
|
|
By default 46 bits (64TB) are supported.
|
|
|
|
config PACK_STACK
|
|
def_bool y
|
|
prompt "Pack kernel stack"
|
|
help
|
|
This option enables the compiler option -mkernel-backchain if it
|
|
is available. If the option is available the compiler supports
|
|
the new stack layout which dramatically reduces the minimum stack
|
|
frame size. With an old compiler a non-leaf function needs a
|
|
minimum of 96 bytes on 31 bit and 160 bytes on 64 bit. With
|
|
-mkernel-backchain the minimum size drops to 16 byte on 31 bit
|
|
and 24 byte on 64 bit.
|
|
|
|
Say Y if you are unsure.
|
|
|
|
config CHECK_STACK
|
|
def_bool y
|
|
prompt "Detect kernel stack overflow"
|
|
help
|
|
This option enables the compiler option -mstack-guard and
|
|
-mstack-size if they are available. If the compiler supports them
|
|
it will emit additional code to each function prolog to trigger
|
|
an illegal operation if the kernel stack is about to overflow.
|
|
|
|
Say N if you are unsure.
|
|
|
|
config STACK_GUARD
|
|
int "Size of the guard area (128-1024)"
|
|
range 128 1024
|
|
depends on CHECK_STACK
|
|
default "256"
|
|
help
|
|
This allows you to specify the size of the guard area at the lower
|
|
end of the kernel stack. If the kernel stack points into the guard
|
|
area on function entry an illegal operation is triggered. The size
|
|
needs to be a power of 2. Please keep in mind that the size of an
|
|
interrupt frame is 184 bytes for 31 bit and 328 bytes on 64 bit.
|
|
The minimum size for the stack guard should be 256 for 31 bit and
|
|
512 for 64 bit.
|
|
|
|
config WARN_DYNAMIC_STACK
|
|
def_bool n
|
|
prompt "Emit compiler warnings for function with dynamic stack usage"
|
|
help
|
|
This option enables the compiler option -mwarn-dynamicstack. If the
|
|
compiler supports this options generates warnings for functions
|
|
that dynamically allocate stack space using alloca.
|
|
|
|
Say N if you are unsure.
|
|
|
|
endmenu
|
|
|
|
menu "I/O subsystem"
|
|
|
|
config QDIO
|
|
def_tristate y
|
|
prompt "QDIO support"
|
|
---help---
|
|
This driver provides the Queued Direct I/O base support for
|
|
IBM System z.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called qdio.
|
|
|
|
If unsure, say Y.
|
|
|
|
menuconfig PCI
|
|
bool "PCI support"
|
|
select PCI_MSI
|
|
select IOMMU_SUPPORT
|
|
help
|
|
Enable PCI support.
|
|
|
|
if PCI
|
|
|
|
config PCI_NR_FUNCTIONS
|
|
int "Maximum number of PCI functions (1-4096)"
|
|
range 1 4096
|
|
default "128"
|
|
help
|
|
This allows you to specify the maximum number of PCI functions which
|
|
this kernel will support.
|
|
|
|
source "drivers/pci/Kconfig"
|
|
|
|
endif # PCI
|
|
|
|
config PCI_DOMAINS
|
|
def_bool PCI
|
|
|
|
config HAS_IOMEM
|
|
def_bool PCI
|
|
|
|
config IOMMU_HELPER
|
|
def_bool PCI
|
|
|
|
config NEED_SG_DMA_LENGTH
|
|
def_bool PCI
|
|
|
|
config NEED_DMA_MAP_STATE
|
|
def_bool PCI
|
|
|
|
config CHSC_SCH
|
|
def_tristate m
|
|
prompt "Support for CHSC subchannels"
|
|
help
|
|
This driver allows usage of CHSC subchannels. A CHSC subchannel
|
|
is usually present on LPAR only.
|
|
The driver creates a device /dev/chsc, which may be used to
|
|
obtain I/O configuration information about the machine and
|
|
to issue asynchronous chsc commands (DANGEROUS).
|
|
You will usually only want to use this interface on a special
|
|
LPAR designated for system management.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called chsc_sch.
|
|
|
|
If unsure, say N.
|
|
|
|
config SCM_BUS
|
|
def_bool y
|
|
prompt "SCM bus driver"
|
|
help
|
|
Bus driver for Storage Class Memory.
|
|
|
|
config EADM_SCH
|
|
def_tristate m
|
|
prompt "Support for EADM subchannels"
|
|
depends on SCM_BUS
|
|
help
|
|
This driver allows usage of EADM subchannels. EADM subchannels act
|
|
as a communication vehicle for SCM increments.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called eadm_sch.
|
|
|
|
config VFIO_CCW
|
|
def_tristate n
|
|
prompt "Support for VFIO-CCW subchannels"
|
|
depends on S390_CCW_IOMMU && VFIO_MDEV
|
|
help
|
|
This driver allows usage of I/O subchannels via VFIO-CCW.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called vfio_ccw.
|
|
|
|
endmenu
|
|
|
|
menu "Dump support"
|
|
|
|
config CRASH_DUMP
|
|
bool "kernel crash dumps"
|
|
depends on SMP
|
|
select KEXEC
|
|
help
|
|
Generate crash dump after being started by kexec.
|
|
Crash dump kernels are loaded in the main kernel with kexec-tools
|
|
into a specially reserved region and then later executed after
|
|
a crash by kdump/kexec.
|
|
Refer to <file:Documentation/s390/zfcpdump.txt> for more details on this.
|
|
This option also enables s390 zfcpdump.
|
|
See also <file:Documentation/s390/zfcpdump.txt>
|
|
|
|
endmenu
|
|
|
|
menu "Executable file formats / Emulations"
|
|
|
|
source "fs/Kconfig.binfmt"
|
|
|
|
config SECCOMP
|
|
def_bool y
|
|
prompt "Enable seccomp to safely compute untrusted bytecode"
|
|
depends on PROC_FS
|
|
help
|
|
This kernel feature is useful for number crunching applications
|
|
that may need to compute untrusted bytecode during their
|
|
execution. By using pipes or other transports made available to
|
|
the process as file descriptors supporting the read/write
|
|
syscalls, it's possible to isolate those applications in
|
|
their own address space using seccomp. Once seccomp is
|
|
enabled via /proc/<pid>/seccomp, it cannot be disabled
|
|
and the task is only allowed to execute a few safe syscalls
|
|
defined by each seccomp mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
endmenu
|
|
|
|
menu "Power Management"
|
|
|
|
config ARCH_HIBERNATION_POSSIBLE
|
|
def_bool y
|
|
|
|
source "kernel/power/Kconfig"
|
|
|
|
endmenu
|
|
|
|
source "net/Kconfig"
|
|
|
|
config PCMCIA
|
|
def_bool n
|
|
|
|
config CCW
|
|
def_bool y
|
|
|
|
source "drivers/Kconfig"
|
|
|
|
source "fs/Kconfig"
|
|
|
|
source "arch/s390/Kconfig.debug"
|
|
|
|
source "security/Kconfig"
|
|
|
|
source "crypto/Kconfig"
|
|
|
|
source "lib/Kconfig"
|
|
|
|
menu "Virtualization"
|
|
|
|
config PFAULT
|
|
def_bool y
|
|
prompt "Pseudo page fault support"
|
|
help
|
|
Select this option, if you want to use PFAULT pseudo page fault
|
|
handling under VM. If running native or in LPAR, this option
|
|
has no effect. If your VM does not support PFAULT, PAGEEX
|
|
pseudo page fault handling will be used.
|
|
Note that VM 4.2 supports PFAULT but has a bug in its
|
|
implementation that causes some problems.
|
|
Everybody who wants to run Linux under VM != VM4.2 should select
|
|
this option.
|
|
|
|
config CMM
|
|
def_tristate n
|
|
prompt "Cooperative memory management"
|
|
help
|
|
Select this option, if you want to enable the kernel interface
|
|
to reduce the memory size of the system. This is accomplished
|
|
by allocating pages of memory and put them "on hold". This only
|
|
makes sense for a system running under VM where the unused pages
|
|
will be reused by VM for other guest systems. The interface
|
|
allows an external monitor to balance memory of many systems.
|
|
Everybody who wants to run Linux under VM should select this
|
|
option.
|
|
|
|
config CMM_IUCV
|
|
def_bool y
|
|
prompt "IUCV special message interface to cooperative memory management"
|
|
depends on CMM && (SMSGIUCV=y || CMM=SMSGIUCV)
|
|
help
|
|
Select this option to enable the special message interface to
|
|
the cooperative memory management.
|
|
|
|
config APPLDATA_BASE
|
|
def_bool n
|
|
prompt "Linux - VM Monitor Stream, base infrastructure"
|
|
depends on PROC_FS
|
|
help
|
|
This provides a kernel interface for creating and updating z/VM APPLDATA
|
|
monitor records. The monitor records are updated at certain time
|
|
intervals, once the timer is started.
|
|
Writing 1 or 0 to /proc/appldata/timer starts(1) or stops(0) the timer,
|
|
i.e. enables or disables monitoring on the Linux side.
|
|
A custom interval value (in seconds) can be written to
|
|
/proc/appldata/interval.
|
|
|
|
Defaults are 60 seconds interval and timer off.
|
|
The /proc entries can also be read from, showing the current settings.
|
|
|
|
config APPLDATA_MEM
|
|
def_tristate m
|
|
prompt "Monitor memory management statistics"
|
|
depends on APPLDATA_BASE && VM_EVENT_COUNTERS
|
|
help
|
|
This provides memory management related data to the Linux - VM Monitor
|
|
Stream, like paging/swapping rate, memory utilisation, etc.
|
|
Writing 1 or 0 to /proc/appldata/memory creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
The /proc entry can also be read from, showing the current settings.
|
|
|
|
This can also be compiled as a module, which will be called
|
|
appldata_mem.o.
|
|
|
|
config APPLDATA_OS
|
|
def_tristate m
|
|
prompt "Monitor OS statistics"
|
|
depends on APPLDATA_BASE
|
|
help
|
|
This provides OS related data to the Linux - VM Monitor Stream, like
|
|
CPU utilisation, etc.
|
|
Writing 1 or 0 to /proc/appldata/os creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
This can also be compiled as a module, which will be called
|
|
appldata_os.o.
|
|
|
|
config APPLDATA_NET_SUM
|
|
def_tristate m
|
|
prompt "Monitor overall network statistics"
|
|
depends on APPLDATA_BASE && NET
|
|
help
|
|
This provides network related data to the Linux - VM Monitor Stream,
|
|
currently there is only a total sum of network I/O statistics, no
|
|
per-interface data.
|
|
Writing 1 or 0 to /proc/appldata/net_sum creates(1) or removes(0) a z/VM
|
|
APPLDATA monitor record, i.e. enables or disables monitoring this record
|
|
on the z/VM side.
|
|
|
|
Default is disabled.
|
|
This can also be compiled as a module, which will be called
|
|
appldata_net_sum.o.
|
|
|
|
config S390_HYPFS_FS
|
|
def_bool y
|
|
prompt "s390 hypervisor file system support"
|
|
select SYS_HYPERVISOR
|
|
help
|
|
This is a virtual file system intended to provide accounting
|
|
information in an s390 hypervisor environment.
|
|
|
|
source "arch/s390/kvm/Kconfig"
|
|
|
|
config S390_GUEST
|
|
def_bool y
|
|
prompt "s390 support for virtio devices"
|
|
select TTY
|
|
select VIRTUALIZATION
|
|
select VIRTIO
|
|
select VIRTIO_CONSOLE
|
|
help
|
|
Enabling this option adds support for virtio based paravirtual device
|
|
drivers on s390.
|
|
|
|
Select this option if you want to run the kernel as a guest under
|
|
the KVM hypervisor.
|
|
|
|
endmenu
|