disable cpu isolcpus

hc

2023-12-09 958e46acc8e900e8569dd467c1af9b8d2d019394

 kernel/arch/arm64/Kconfig
..
..
@@ -1,3 +1,4 @@
1
+# SPDX-License-Identifier: GPL-2.0-only
1
2
 config ARM64
2
3
 	def_bool y
3
4
 	select ACPI_CCA_REQUIRED if ACPI
..
..
@@ -5,66 +6,85 @@
5
6
 	select ACPI_GTDT if ACPI
6
7
 	select ACPI_IORT if ACPI
7
8
 	select ACPI_REDUCED_HARDWARE_ONLY if ACPI
8
-	select ACPI_MCFG if ACPI
9
+	select ACPI_MCFG if (ACPI && PCI)
9
10
 	select ACPI_SPCR_TABLE if ACPI
10
11
 	select ACPI_PPTT if ACPI
11
-	select ARCH_CLOCKSOURCE_DATA
12
+	select ARCH_HAS_DEBUG_WX
13
+	select ARCH_BINFMT_ELF_STATE
12
14
 	select ARCH_HAS_DEBUG_VIRTUAL
15
+	select ARCH_HAS_DEBUG_VM_PGTABLE
13
16
 	select ARCH_HAS_DEVMEM_IS_ALLOWED
17
+	select ARCH_HAS_DMA_PREP_COHERENT
14
18
 	select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
15
-	select ARCH_HAS_ELF_RANDOMIZE
16
19
 	select ARCH_HAS_FAST_MULTIPLIER
17
20
 	select ARCH_HAS_FORTIFY_SOURCE
18
21
 	select ARCH_HAS_GCOV_PROFILE_ALL
19
-	select ARCH_HAS_GIGANTIC_PAGE if (MEMORY_ISOLATION && COMPACTION) || CMA
22
+	select ARCH_HAS_GIGANTIC_PAGE
20
23
 	select ARCH_HAS_KCOV
24
+	select ARCH_HAS_KEEPINITRD
21
25
 	select ARCH_HAS_MEMBARRIER_SYNC_CORE
26
+	select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
27
+	select ARCH_HAS_PTE_DEVMAP
22
28
 	select ARCH_HAS_PTE_SPECIAL
29
+	select ARCH_HAS_SETUP_DMA_OPS
30
+	select ARCH_HAS_SET_DIRECT_MAP
23
31
 	select ARCH_HAS_SET_MEMORY
24
-	select ARCH_HAS_SG_CHAIN
32
+	select ARCH_STACKWALK
25
33
 	select ARCH_HAS_STRICT_KERNEL_RWX
26
34
 	select ARCH_HAS_STRICT_MODULE_RWX
35
+	select ARCH_HAS_SYNC_DMA_FOR_DEVICE
36
+	select ARCH_HAS_SYNC_DMA_FOR_CPU
27
37
 	select ARCH_HAS_SYSCALL_WRAPPER
38
+	select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT
28
39
 	select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
40
+	select ARCH_HAVE_ELF_PROT
29
41
 	select ARCH_HAVE_NMI_SAFE_CMPXCHG
30
-	select ARCH_INLINE_READ_LOCK if !PREEMPT
31
-	select ARCH_INLINE_READ_LOCK_BH if !PREEMPT
32
-	select ARCH_INLINE_READ_LOCK_IRQ if !PREEMPT
33
-	select ARCH_INLINE_READ_LOCK_IRQSAVE if !PREEMPT
34
-	select ARCH_INLINE_READ_UNLOCK if !PREEMPT
35
-	select ARCH_INLINE_READ_UNLOCK_BH if !PREEMPT
36
-	select ARCH_INLINE_READ_UNLOCK_IRQ if !PREEMPT
37
-	select ARCH_INLINE_READ_UNLOCK_IRQRESTORE if !PREEMPT
38
-	select ARCH_INLINE_WRITE_LOCK if !PREEMPT
39
-	select ARCH_INLINE_WRITE_LOCK_BH if !PREEMPT
40
-	select ARCH_INLINE_WRITE_LOCK_IRQ if !PREEMPT
41
-	select ARCH_INLINE_WRITE_LOCK_IRQSAVE if !PREEMPT
42
-	select ARCH_INLINE_WRITE_UNLOCK if !PREEMPT
43
-	select ARCH_INLINE_WRITE_UNLOCK_BH if !PREEMPT
44
-	select ARCH_INLINE_WRITE_UNLOCK_IRQ if !PREEMPT
45
-	select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE if !PREEMPT
46
-	select ARCH_INLINE_SPIN_TRYLOCK if !PREEMPT
47
-	select ARCH_INLINE_SPIN_TRYLOCK_BH if !PREEMPT
48
-	select ARCH_INLINE_SPIN_LOCK if !PREEMPT
49
-	select ARCH_INLINE_SPIN_LOCK_BH if !PREEMPT
50
-	select ARCH_INLINE_SPIN_LOCK_IRQ if !PREEMPT
51
-	select ARCH_INLINE_SPIN_LOCK_IRQSAVE if !PREEMPT
52
-	select ARCH_INLINE_SPIN_UNLOCK if !PREEMPT
53
-	select ARCH_INLINE_SPIN_UNLOCK_BH if !PREEMPT
54
-	select ARCH_INLINE_SPIN_UNLOCK_IRQ if !PREEMPT
55
-	select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPT
42
+	select ARCH_INLINE_READ_LOCK if !PREEMPTION
43
+	select ARCH_INLINE_READ_LOCK_BH if !PREEMPTION
44
+	select ARCH_INLINE_READ_LOCK_IRQ if !PREEMPTION
45
+	select ARCH_INLINE_READ_LOCK_IRQSAVE if !PREEMPTION
46
+	select ARCH_INLINE_READ_UNLOCK if !PREEMPTION
47
+	select ARCH_INLINE_READ_UNLOCK_BH if !PREEMPTION
48
+	select ARCH_INLINE_READ_UNLOCK_IRQ if !PREEMPTION
49
+	select ARCH_INLINE_READ_UNLOCK_IRQRESTORE if !PREEMPTION
50
+	select ARCH_INLINE_WRITE_LOCK if !PREEMPTION
51
+	select ARCH_INLINE_WRITE_LOCK_BH if !PREEMPTION
52
+	select ARCH_INLINE_WRITE_LOCK_IRQ if !PREEMPTION
53
+	select ARCH_INLINE_WRITE_LOCK_IRQSAVE if !PREEMPTION
54
+	select ARCH_INLINE_WRITE_UNLOCK if !PREEMPTION
55
+	select ARCH_INLINE_WRITE_UNLOCK_BH if !PREEMPTION
56
+	select ARCH_INLINE_WRITE_UNLOCK_IRQ if !PREEMPTION
57
+	select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE if !PREEMPTION
58
+	select ARCH_INLINE_SPIN_TRYLOCK if !PREEMPTION
59
+	select ARCH_INLINE_SPIN_TRYLOCK_BH if !PREEMPTION
60
+	select ARCH_INLINE_SPIN_LOCK if !PREEMPTION
61
+	select ARCH_INLINE_SPIN_LOCK_BH if !PREEMPTION
62
+	select ARCH_INLINE_SPIN_LOCK_IRQ if !PREEMPTION
63
+	select ARCH_INLINE_SPIN_LOCK_IRQSAVE if !PREEMPTION
64
+	select ARCH_INLINE_SPIN_UNLOCK if !PREEMPTION
65
+	select ARCH_INLINE_SPIN_UNLOCK_BH if !PREEMPTION
66
+	select ARCH_INLINE_SPIN_UNLOCK_IRQ if !PREEMPTION
67
+	select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPTION
68
+	select ARCH_KEEP_MEMBLOCK
56
69
 	select ARCH_USE_CMPXCHG_LOCKREF
70
+	select ARCH_USE_GNU_PROPERTY
57
71
 	select ARCH_USE_QUEUED_RWLOCKS
58
72
 	select ARCH_USE_QUEUED_SPINLOCKS
73
+	select ARCH_USE_SYM_ANNOTATIONS
59
74
 	select ARCH_SUPPORTS_MEMORY_FAILURE
60
-	select ARCH_SUPPORTS_LTO_CLANG
61
-	select ARCH_SUPPORTS_THINLTO
62
75
 	select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK
76
+	select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN
77
+	select ARCH_SUPPORTS_LTO_CLANG_THIN
63
78
 	select ARCH_SUPPORTS_ATOMIC_RMW
64
-	select ARCH_SUPPORTS_INT128 if GCC_VERSION >= 50000 || CC_IS_CLANG
79
+	select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 && (GCC_VERSION >= 50000 || CC_IS_CLANG)
65
80
 	select ARCH_SUPPORTS_NUMA_BALANCING
66
-	select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
81
+	select ARCH_SUPPORTS_RT if HAVE_POSIX_CPU_TIMERS_TASK_WORK
82
+	select ARCH_WANT_COMPAT_IPC_PARSE_VERSION if COMPAT
83
+	select ARCH_WANT_DEFAULT_BPF_JIT
84
+	select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
67
85
 	select ARCH_WANT_FRAME_POINTERS
86
+	select ARCH_WANT_HUGE_PMD_SHARE if ARM64_4K_PAGES || (ARM64_16K_PAGES && !ARM64_VA_BITS_36)
87
+	select ARCH_WANT_LD_ORPHAN_WARN
68
88
 	select ARCH_HAS_UBSAN_SANITIZE_ALL
69
89
 	select ARM_AMBA
70
90
 	select ARM_ARCH_TIMER
..
..
@@ -74,12 +94,13 @@
74
94
 	select ARM_GIC_V3
75
95
 	select ARM_GIC_V3_ITS if PCI
76
96
 	select ARM_PSCI_FW
77
-	select BUILDTIME_EXTABLE_SORT
97
+	select BUILDTIME_TABLE_SORT
78
98
 	select CLONE_BACKWARDS
79
99
 	select COMMON_CLK
80
100
 	select CPU_PM if (SUSPEND || CPU_IDLE)
101
+	select CRC32
81
102
 	select DCACHE_WORD_ACCESS
82
-	select DMA_DIRECT_OPS
103
+	select DMA_DIRECT_REMAP
83
104
 	select EDAC_SUPPORT
84
105
 	select FRAME_POINTER
85
106
 	select GENERIC_ALLOCATOR
..
..
@@ -90,31 +111,43 @@
90
111
 	select GENERIC_CPU_VULNERABILITIES
91
112
 	select GENERIC_EARLY_IOREMAP
92
113
 	select GENERIC_IDLE_POLL_SETUP
114
+	select GENERIC_IRQ_IPI
115
+	select ARCH_WANTS_IRQ_RAW
93
116
 	select GENERIC_IRQ_MULTI_HANDLER
94
117
 	select GENERIC_IRQ_PROBE
95
118
 	select GENERIC_IRQ_SHOW
96
119
 	select GENERIC_IRQ_SHOW_LEVEL
97
120
 	select GENERIC_PCI_IOMAP
121
+	select GENERIC_PTDUMP
98
122
 	select GENERIC_SCHED_CLOCK
99
123
 	select GENERIC_SMP_IDLE_THREAD
100
124
 	select GENERIC_STRNCPY_FROM_USER
101
125
 	select GENERIC_STRNLEN_USER
102
126
 	select GENERIC_TIME_VSYSCALL
103
127
 	select GENERIC_GETTIMEOFDAY
128
+	select GENERIC_VDSO_TIME_NS
104
129
 	select HANDLE_DOMAIN_IRQ
105
130
 	select HARDIRQS_SW_RESEND
131
+	select HAVE_MOVE_PMD
132
+	select HAVE_MOVE_PUD
133
+	select HAVE_PCI
106
134
 	select HAVE_ACPI_APEI if (ACPI && EFI)
107
135
 	select HAVE_ALIGNED_STRUCT_PAGE if SLUB
108
136
 	select HAVE_ARCH_AUDITSYSCALL
109
137
 	select HAVE_ARCH_BITREVERSE
138
+	select HAVE_ARCH_COMPILER_H
110
139
 	select HAVE_ARCH_HUGE_VMAP
111
140
 	select HAVE_ARCH_JUMP_LABEL
141
+	select HAVE_ARCH_JUMP_LABEL_RELATIVE
112
142
 	select HAVE_ARCH_KASAN if !(ARM64_16K_PAGES && ARM64_VA_BITS_48)
143
+	select HAVE_ARCH_KASAN_VMALLOC if HAVE_ARCH_KASAN
113
144
 	select HAVE_ARCH_KASAN_SW_TAGS if HAVE_ARCH_KASAN
145
+	select HAVE_ARCH_KASAN_HW_TAGS if (HAVE_ARCH_KASAN && ARM64_MTE)
146
+	select HAVE_ARCH_KFENCE
114
147
 	select HAVE_ARCH_KGDB
115
148
 	select HAVE_ARCH_MMAP_RND_BITS
116
149
 	select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
117
-	select HAVE_ARCH_PREL32_RELOCATIONS if !LTO_CLANG
150
+	select HAVE_ARCH_PREL32_RELOCATIONS
118
151
 	select HAVE_ARCH_SECCOMP_FILTER
119
152
 	select HAVE_ARCH_STACKLEAK
120
153
 	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
..
..
@@ -122,6 +155,7 @@
122
155
 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
123
156
 	select HAVE_ARCH_VMAP_STACK
124
157
 	select HAVE_ARM_SMCCC
158
+	select HAVE_ASM_MODVERSIONS
125
159
 	select HAVE_EBPF_JIT
126
160
 	select HAVE_C_RECORDMCOUNT
127
161
 	select HAVE_CMPXCHG_DOUBLE
..
..
@@ -131,18 +165,19 @@
131
165
 	select HAVE_DEBUG_KMEMLEAK
132
166
 	select HAVE_DMA_CONTIGUOUS
133
167
 	select HAVE_DYNAMIC_FTRACE
168
+	select HAVE_DYNAMIC_FTRACE_WITH_REGS \
169
+		if $(cc-option,-fpatchable-function-entry=2)
170
+	select FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY \
171
+		if DYNAMIC_FTRACE_WITH_REGS
134
172
 	select HAVE_EFFICIENT_UNALIGNED_ACCESS
173
+	select HAVE_FAST_GUP
135
174
 	select HAVE_FTRACE_MCOUNT_RECORD
136
175
 	select HAVE_FUNCTION_TRACER
137
-	select HAVE_FUNCTION_GRAPH_TRACER if !SHADOW_CALL_STACK
176
+	select HAVE_FUNCTION_ERROR_INJECTION
177
+	select HAVE_FUNCTION_GRAPH_TRACER
138
178
 	select HAVE_GCC_PLUGINS
139
-	select HAVE_GENERIC_DMA_COHERENT
140
179
 	select HAVE_HW_BREAKPOINT if PERF_EVENTS
141
180
 	select HAVE_IRQ_TIME_ACCOUNTING
142
-	select HAVE_KERNEL_GZIP
143
-	select HAVE_KERNEL_LZ4
144
-	select HAVE_MEMBLOCK
145
-	select HAVE_MEMBLOCK_NODE_MAP if NUMA
146
181
 	select HAVE_NMI
147
182
 	select HAVE_PATA_PLATFORM
148
183
 	select HAVE_PERF_EVENTS
..
..
@@ -150,7 +185,9 @@
150
185
 	select HAVE_PERF_USER_STACK_DUMP
151
186
 	select HAVE_PREEMPT_LAZY
152
187
 	select HAVE_REGS_AND_STACK_ACCESS_API
153
-	select HAVE_RCU_TABLE_FREE
188
+	select HAVE_FUNCTION_ARG_ACCESS_API
189
+	select HAVE_FUTEX_CMPXCHG if FUTEX
190
+	select MMU_GATHER_RCU_TABLE_FREE
154
191
 	select HAVE_RSEQ
155
192
 	select HAVE_STACKPROTECTOR
156
193
 	select HAVE_SYSCALL_TRACEPOINTS
..
..
@@ -160,22 +197,25 @@
160
197
 	select IOMMU_DMA if IOMMU_SUPPORT
161
198
 	select IRQ_DOMAIN
162
199
 	select IRQ_FORCED_THREADING
200
+	select KASAN_VMALLOC if KASAN_GENERIC
163
201
 	select MODULES_USE_ELF_RELA
164
-	select MULTI_IRQ_HANDLER
165
202
 	select NEED_DMA_MAP_STATE
166
203
 	select NEED_SG_DMA_LENGTH
167
-	select NO_BOOTMEM
168
204
 	select OF
169
205
 	select OF_EARLY_FLATTREE
170
-	select OF_RESERVED_MEM
171
-	select PCI_ECAM if ACPI
206
+	select PCI_DOMAINS_GENERIC if PCI
207
+	select PCI_ECAM if (ACPI && PCI)
208
+	select PCI_SYSCALL if PCI
209
+	select HAVE_POSIX_CPU_TIMERS_TASK_WORK if !KVM
172
210
 	select POWER_RESET
173
211
 	select POWER_SUPPLY
174
-	select REFCOUNT_FULL
212
+	select SET_FS
175
213
 	select SPARSE_IRQ
176
214
 	select SWIOTLB
177
215
 	select SYSCTL_EXCEPTION_TRACE
178
216
 	select THREAD_INFO_IN_TASK
217
+	select ARCH_SUPPORTS_SPECULATIVE_PAGE_FAULT
218
+	select HAVE_ARCH_USERFAULTFD_MINOR if USERFAULTFD
179
219
 	help
180
220
 	  ARM 64-bit (AArch64) Linux support.
181
221
 
..
..
@@ -191,10 +231,16 @@
191
231
 	default 14 if ARM64_16K_PAGES
192
232
 	default 12
193
233
 
194
-config ARM64_CONT_SHIFT
234
+config ARM64_CONT_PTE_SHIFT
195
235
 	int
196
236
 	default 5 if ARM64_64K_PAGES
197
237
 	default 7 if ARM64_16K_PAGES
238
+	default 4
239
+
240
+config ARM64_CONT_PMD_SHIFT
241
+	int
242
+	default 5 if ARM64_64K_PAGES
243
+	default 5 if ARM64_16K_PAGES
198
244
 	default 4
199
245
 
200
246
 config ARCH_MMAP_RND_BITS_MIN
..
..
@@ -240,9 +286,6 @@
240
286
 config TRACE_IRQFLAGS_SUPPORT
241
287
 	def_bool y
242
288
 
243
-config RWSEM_XCHGADD_ALGORITHM
244
-	def_bool y
245
-
246
289
 config GENERIC_BUG
247
290
 	def_bool y
248
291
 	depends on BUG
..
..
@@ -260,11 +303,18 @@
260
303
 config GENERIC_CALIBRATE_DELAY
261
304
 	def_bool y
262
305
 
306
+config ZONE_DMA
307
+	bool "Support DMA zone" if EXPERT
308
+	default y
309
+
263
310
 config ZONE_DMA32
264
311
 	bool "Support DMA32 zone" if EXPERT
265
312
 	default y
266
313
 
267
-config HAVE_GENERIC_GUP
314
+config ARCH_ENABLE_MEMORY_HOTPLUG
315
+	def_bool y
316
+
317
+config ARCH_ENABLE_MEMORY_HOTREMOVE
268
318
 	def_bool y
269
319
 
270
320
 config SMP
..
..
@@ -280,7 +330,7 @@
280
330
 	int
281
331
 	default 2 if ARM64_16K_PAGES && ARM64_VA_BITS_36
282
332
 	default 2 if ARM64_64K_PAGES && ARM64_VA_BITS_42
283
-	default 3 if ARM64_64K_PAGES && ARM64_VA_BITS_48
333
+	default 3 if ARM64_64K_PAGES && (ARM64_VA_BITS_48 || ARM64_VA_BITS_52)
284
334
 	default 3 if ARM64_4K_PAGES && ARM64_VA_BITS_39
285
335
 	default 3 if ARM64_16K_PAGES && ARM64_VA_BITS_47
286
336
 	default 4 if !ARM64_64K_PAGES && ARM64_VA_BITS_48
..
..
@@ -291,37 +341,37 @@
291
341
 config ARCH_PROC_KCORE_TEXT
292
342
 	def_bool y
293
343
 
344
+config BROKEN_GAS_INST
345
+	def_bool !$(as-instr,1:\n.inst 0\n.rept . - 1b\n\nnop\n.endr\n)
346
+
347
+config KASAN_SHADOW_OFFSET
348
+	hex
349
+	depends on KASAN_GENERIC || KASAN_SW_TAGS
350
+	default 0xdfffa00000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && !KASAN_SW_TAGS
351
+	default 0xdfffd00000000000 if ARM64_VA_BITS_47 && !KASAN_SW_TAGS
352
+	default 0xdffffe8000000000 if ARM64_VA_BITS_42 && !KASAN_SW_TAGS
353
+	default 0xdfffffd000000000 if ARM64_VA_BITS_39 && !KASAN_SW_TAGS
354
+	default 0xdffffffa00000000 if ARM64_VA_BITS_36 && !KASAN_SW_TAGS
355
+	default 0xefff900000000000 if (ARM64_VA_BITS_48 || ARM64_VA_BITS_52) && KASAN_SW_TAGS
356
+	default 0xefffc80000000000 if ARM64_VA_BITS_47 && KASAN_SW_TAGS
357
+	default 0xeffffe4000000000 if ARM64_VA_BITS_42 && KASAN_SW_TAGS
358
+	default 0xefffffc800000000 if ARM64_VA_BITS_39 && KASAN_SW_TAGS
359
+	default 0xeffffff900000000 if ARM64_VA_BITS_36 && KASAN_SW_TAGS
360
+	default 0xffffffffffffffff
361
+
294
362
 source "arch/arm64/Kconfig.platforms"
295
-
296
-menu "Bus support"
297
-
298
-config PCI
299
-	bool "PCI support"
300
-	help
301
-	  This feature enables support for PCI bus system. If you say Y
302
-	  here, the kernel will include drivers and infrastructure code
303
-	  to support PCI bus devices.
304
-
305
-config PCI_DOMAINS
306
-	def_bool PCI
307
-
308
-config PCI_DOMAINS_GENERIC
309
-	def_bool PCI
310
-
311
-config PCI_SYSCALL
312
-	def_bool PCI
313
-
314
-source "drivers/pci/Kconfig"
315
-
316
-endmenu
317
363
 
318
364
 menu "Kernel Features"
319
365
 
320
366
 menu "ARM errata workarounds via the alternatives framework"
321
367
 
368
+config ARM64_WORKAROUND_CLEAN_CACHE
369
+	bool
370
+
322
371
 config ARM64_ERRATUM_826319
323
372
 	bool "Cortex-A53: 826319: System might deadlock if a write cannot complete until read data is accepted"
324
373
 	default y
374
+	select ARM64_WORKAROUND_CLEAN_CACHE
325
375
 	help
326
376
 	  This option adds an alternative code sequence to work around ARM
327
377
 	  erratum 826319 on Cortex-A53 parts up to r0p2 with an AMBA 4 ACE or
..
..
@@ -343,6 +393,7 @@
343
393
 config ARM64_ERRATUM_827319
344
394
 	bool "Cortex-A53: 827319: Data cache clean instructions might cause overlapping transactions to the interconnect"
345
395
 	default y
396
+	select ARM64_WORKAROUND_CLEAN_CACHE
346
397
 	help
347
398
 	  This option adds an alternative code sequence to work around ARM
348
399
 	  erratum 827319 on Cortex-A53 parts up to r0p2 with an AMBA 5 CHI
..
..
@@ -364,6 +415,7 @@
364
415
 config ARM64_ERRATUM_824069
365
416
 	bool "Cortex-A53: 824069: Cache line might not be marked as clean after a CleanShared snoop"
366
417
 	default y
418
+	select ARM64_WORKAROUND_CLEAN_CACHE
367
419
 	help
368
420
 	  This option adds an alternative code sequence to work around ARM
369
421
 	  erratum 824069 on Cortex-A53 parts up to r0p2 when it is connected
..
..
@@ -386,6 +438,7 @@
386
438
 config ARM64_ERRATUM_819472
387
439
 	bool "Cortex-A53: 819472: Store exclusive instructions might cause data corruption"
388
440
 	default y
441
+	select ARM64_WORKAROUND_CLEAN_CACHE
389
442
 	help
390
443
 	  This option adds an alternative code sequence to work around ARM
391
444
 	  erratum 819472 on Cortex-A53 parts up to r0p1 with an L2 cache
..
..
@@ -443,6 +496,22 @@
443
496
 
444
497
 	  If unsure, say Y.
445
498
 
499
+config ARM64_ERRATUM_1742098
500
+	bool "Cortex-A57/A72: 1742098: ELR recorded incorrectly on interrupt taken between cryptographic instructions in a sequence"
501
+	depends on COMPAT
502
+	default y
503
+	help
504
+	  This option removes the AES hwcap for aarch32 user-space to
505
+	  workaround erratum 1742098 on Cortex-A57 and Cortex-A72.
506
+
507
+	  Affected parts may corrupt the AES state if an interrupt is
508
+	  taken between a pair of AES instructions. These instructions
509
+	  are only present if the cryptography extensions are present.
510
+	  All software should have a fallback implementation for CPUs
511
+	  that don't implement the cryptography extensions.
512
+
513
+	  If unsure, say Y.
514
+
446
515
 config ARM64_ERRATUM_845719
447
516
 	bool "Cortex-A53: 845719: a load might read incorrect data"
448
517
 	depends on COMPAT
..
..
@@ -480,15 +549,90 @@
480
549
 	bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update"
481
550
 	default y
482
551
 	help
483
-	  This option adds work around for Arm Cortex-A55 Erratum 1024718.
552
+	  This option adds a workaround for ARM Cortex-A55 Erratum 1024718.
484
553
 
485
554
 	  Affected Cortex-A55 cores (all revisions) could cause incorrect
486
555
 	  update of the hardware dirty bit when the DBM/AP bits are updated
487
-	  without a break-before-make. The work around is to disable the usage
556
+	  without a break-before-make. The workaround is to disable the usage
488
557
 	  of hardware DBM locally on the affected cores. CPUs not affected by
489
-	  erratum will continue to use the feature.
558
+	  this erratum will continue to use the feature.
490
559
 
491
560
 	  If unsure, say Y.
561
+
562
+config ARM64_ERRATUM_1418040
563
+	bool "Cortex-A76/Neoverse-N1: MRC read following MRRC read of specific Generic Timer in AArch32 might give incorrect result"
564
+	default y
565
+	depends on COMPAT
566
+	help
567
+	  This option adds a workaround for ARM Cortex-A76/Neoverse-N1
568
+	  errata 1188873 and 1418040.
569
+
570
+	  Affected Cortex-A76/Neoverse-N1 cores (r0p0 to r3p1) could
571
+	  cause register corruption when accessing the timer registers
572
+	  from AArch32 userspace.
573
+
574
+	  If unsure, say Y.
575
+
576
+config ARM64_WORKAROUND_SPECULATIVE_AT
577
+	bool
578
+
579
+config ARM64_ERRATUM_1165522
580
+	bool "Cortex-A76: 1165522: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation"
581
+	default y
582
+	select ARM64_WORKAROUND_SPECULATIVE_AT
583
+	help
584
+	  This option adds a workaround for ARM Cortex-A76 erratum 1165522.
585
+
586
+	  Affected Cortex-A76 cores (r0p0, r1p0, r2p0) could end-up with
587
+	  corrupted TLBs by speculating an AT instruction during a guest
588
+	  context switch.
589
+
590
+	  If unsure, say Y.
591
+
592
+config ARM64_ERRATUM_1319367
593
+	bool "Cortex-A57/A72: 1319537: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation"
594
+	default y
595
+	select ARM64_WORKAROUND_SPECULATIVE_AT
596
+	help
597
+	  This option adds work arounds for ARM Cortex-A57 erratum 1319537
598
+	  and A72 erratum 1319367
599
+
600
+	  Cortex-A57 and A72 cores could end-up with corrupted TLBs by
601
+	  speculating an AT instruction during a guest context switch.
602
+
603
+	  If unsure, say Y.
604
+
605
+config ARM64_ERRATUM_1530923
606
+	bool "Cortex-A55: 1530923: Speculative AT instruction using out-of-context translation regime could cause subsequent request to generate an incorrect translation"
607
+	default y
608
+	select ARM64_WORKAROUND_SPECULATIVE_AT
609
+	help
610
+	  This option adds a workaround for ARM Cortex-A55 erratum 1530923.
611
+
612
+	  Affected Cortex-A55 cores (r0p0, r0p1, r1p0, r2p0) could end-up with
613
+	  corrupted TLBs by speculating an AT instruction during a guest
614
+	  context switch.
615
+
616
+	  If unsure, say Y.
617
+
618
+config ARM64_WORKAROUND_REPEAT_TLBI
619
+	bool
620
+
621
+config ARM64_ERRATUM_1286807
622
+	bool "Cortex-A76: Modification of the translation table for a virtual address might lead to read-after-read ordering violation"
623
+	default y
624
+	select ARM64_WORKAROUND_REPEAT_TLBI
625
+	help
626
+	  This option adds a workaround for ARM Cortex-A76 erratum 1286807.
627
+
628
+	  On the affected Cortex-A76 cores (r0p0 to r3p0), if a virtual
629
+	  address for a cacheable mapping of a location is being
630
+	  accessed by a core while another core is remapping the virtual
631
+	  address to a new physical page using the recommended
632
+	  break-before-make sequence, then under very rare circumstances
633
+	  TLBI+DSB completes before a read using the translation being
634
+	  invalidated has been observed by other observers. The
635
+	  workaround repeats the TLBI+DSB operation.
492
636
 
493
637
 config ARM64_ERRATUM_1463225
494
638
 	bool "Cortex-A76: Software Step might prevent interrupt recognition"
..
..
@@ -524,14 +668,119 @@
524
668
 
525
669
 	  If unsure, say Y.
526
670
 
671
+config ARM64_ERRATUM_1508412
672
+	bool "Cortex-A77: 1508412: workaround deadlock on sequence of NC/Device load and store exclusive or PAR read"
673
+	default y
674
+	help
675
+	  This option adds a workaround for Arm Cortex-A77 erratum 1508412.
676
+
677
+	  Affected Cortex-A77 cores (r0p0, r1p0) could deadlock on a sequence
678
+	  of a store-exclusive or read of PAR_EL1 and a load with device or
679
+	  non-cacheable memory attributes. The workaround depends on a firmware
680
+	  counterpart.
681
+
682
+	  KVM guests must also have the workaround implemented or they can
683
+	  deadlock the system.
684
+
685
+	  Work around the issue by inserting DMB SY barriers around PAR_EL1
686
+	  register reads and warning KVM users. The DMB barrier is sufficient
687
+	  to prevent a speculative PAR_EL1 read.
688
+
689
+	  If unsure, say Y.
690
+
691
+config ARM64_ERRATUM_2051678
692
+	bool "Cortex-A510: 2051678: disable Hardware Update of the page table's dirty bit"
693
+	default y
694
+	help
695
+	  This options adds the workaround for ARM Cortex-A510 erratum ARM64_ERRATUM_2051678.
696
+	  Affected Coretex-A510 might not respect the ordering rules for
697
+	  hardware update of the page table's dirty bit. The workaround
698
+	  is to not enable the feature on affected CPUs.
699
+
700
+	  If unsure, say Y.
701
+
702
+config ARM64_WORKAROUND_TSB_FLUSH_FAILURE
703
+	bool
704
+
705
+config ARM64_ERRATUM_2054223
706
+	bool "Cortex-A710: 2054223: workaround TSB instruction failing to flush trace"
707
+	default y
708
+	select ARM64_WORKAROUND_TSB_FLUSH_FAILURE
709
+	help
710
+	  Enable workaround for ARM Cortex-A710 erratum 2054223
711
+
712
+	  Affected cores may fail to flush the trace data on a TSB instruction, when
713
+	  the PE is in trace prohibited state. This will cause losing a few bytes
714
+	  of the trace cached.
715
+
716
+	  Workaround is to issue two TSB consecutively on affected cores.
717
+
718
+	  If unsure, say Y.
719
+
720
+config ARM64_ERRATUM_2067961
721
+	bool "Neoverse-N2: 2067961: workaround TSB instruction failing to flush trace"
722
+	default y
723
+	select ARM64_WORKAROUND_TSB_FLUSH_FAILURE
724
+	help
725
+	  Enable workaround for ARM Neoverse-N2 erratum 2067961
726
+
727
+	  Affected cores may fail to flush the trace data on a TSB instruction, when
728
+	  the PE is in trace prohibited state. This will cause losing a few bytes
729
+	  of the trace cached.
730
+
731
+	  Workaround is to issue two TSB consecutively on affected cores.
732
+
733
+	  If unsure, say Y.
734
+
735
+config ARM64_ERRATUM_2454944
736
+	bool "Cortex-A510: 2454944: Unmodified cache line might be written back to memory"
737
+	select ARCH_HAS_TEARDOWN_DMA_OPS
738
+	select RODATA_FULL_DEFAULT_ENABLED
739
+	help
740
+	  This option adds the workaround for ARM Cortex-A510 erratum 2454944.
741
+
742
+	  Affected Cortex-A510 core might write unmodified cache lines back to
743
+	  memory, which breaks the assumptions upon which software coherency
744
+	  management for non-coherent DMA relies. If a cache line is
745
+	  speculatively fetched while a non-coherent device is writing directly
746
+	  to DRAM, and subsequently written back by natural eviction, data
747
+	  written by the device in the intervening period can be lost.
748
+
749
+	  The workaround is to enforce as far as reasonably possible that all
750
+	  non-coherent DMA transfers are bounced and/or remapped to minimise
751
+	  the chance that any Cacheable alias exists through which speculative
752
+	  cache fills could occur. To further improve effectiveness of
753
+	  the workaround, lazy TLB flushing should be disabled.
754
+
755
+	  This is quite involved and has unavoidable performance impact on
756
+	  affected systems.
757
+
758
+config ARM64_ERRATUM_2457168
759
+	bool "Cortex-A510: 2457168: workaround for AMEVCNTR01 incrementing incorrectly"
760
+	depends on ARM64_AMU_EXTN
761
+	default y
762
+	help
763
+	  This option adds the workaround for ARM Cortex-A510 erratum 2457168.
764
+
765
+	  The AMU counter AMEVCNTR01 (constant counter) should increment at the same rate
766
+	  as the system counter. On affected Cortex-A510 cores AMEVCNTR01 increments
767
+	  incorrectly giving a significantly higher output value.
768
+
769
+	  Work around this problem by keeping the reference values of affected counters
770
+	  to 0 thus signaling an error case. This effect is the same to firmware disabling
771
+	  affected counters, in which case 0 will be returned when reading the disabled
772
+	  counters.
773
+
774
+	  If unsure, say Y.
775
+
527
776
 config CAVIUM_ERRATUM_22375
528
777
 	bool "Cavium erratum 22375, 24313"
529
778
 	default y
530
779
 	help
531
-	  Enable workaround for erratum 22375, 24313.
780
+	  Enable workaround for errata 22375 and 24313.
532
781
 
533
782
 	  This implements two gicv3-its errata workarounds for ThunderX. Both
534
-	  with small impact affecting only ITS table allocation.
783
+	  with a small impact affecting only ITS table allocation.
535
784
 
536
785
 	    erratum 22375: only alloc 8MB table size
537
786
 	    erratum 24313: ignore memory access type
..
..
@@ -582,6 +831,52 @@
582
831
 
583
832
 	  If unsure, say Y.
584
833
 
834
+config CAVIUM_TX2_ERRATUM_219
835
+	bool "Cavium ThunderX2 erratum 219: PRFM between TTBR change and ISB fails"
836
+	default y
837
+	help
838
+	  On Cavium ThunderX2, a load, store or prefetch instruction between a
839
+	  TTBR update and the corresponding context synchronizing operation can
840
+	  cause a spurious Data Abort to be delivered to any hardware thread in
841
+	  the CPU core.
842
+
843
+	  Work around the issue by avoiding the problematic code sequence and
844
+	  trapping KVM guest TTBRx_EL1 writes to EL2 when SMT is enabled. The
845
+	  trap handler performs the corresponding register access, skips the
846
+	  instruction and ensures context synchronization by virtue of the
847
+	  exception return.
848
+
849
+	  If unsure, say Y.
850
+
851
+config FUJITSU_ERRATUM_010001
852
+	bool "Fujitsu-A64FX erratum E#010001: Undefined fault may occur wrongly"
853
+	default y
854
+	help
855
+	  This option adds a workaround for Fujitsu-A64FX erratum E#010001.
856
+	  On some variants of the Fujitsu-A64FX cores ver(1.0, 1.1), memory
857
+	  accesses may cause undefined fault (Data abort, DFSC=0b111111).
858
+	  This fault occurs under a specific hardware condition when a
859
+	  load/store instruction performs an address translation using:
860
+	  case-1  TTBR0_EL1 with TCR_EL1.NFD0 == 1.
861
+	  case-2  TTBR0_EL2 with TCR_EL2.NFD0 == 1.
862
+	  case-3  TTBR1_EL1 with TCR_EL1.NFD1 == 1.
863
+	  case-4  TTBR1_EL2 with TCR_EL2.NFD1 == 1.
864
+
865
+	  The workaround is to ensure these bits are clear in TCR_ELx.
866
+	  The workaround only affects the Fujitsu-A64FX.
867
+
868
+	  If unsure, say Y.
869
+
870
+config HISILICON_ERRATUM_161600802
871
+	bool "Hip07 161600802: Erroneous redistributor VLPI base"
872
+	default y
873
+	help
874
+	  The HiSilicon Hip07 SoC uses the wrong redistributor base
875
+	  when issued ITS commands such as VMOVP and VMAPP, and requires
876
+	  a 128kB offset to be applied to the target address in this commands.
877
+
878
+	  If unsure, say Y.
879
+
585
880
 config QCOM_FALKOR_ERRATUM_1003
586
881
 	bool "Falkor E1003: Incorrect translation due to ASID change"
587
882
 	default y
..
..
@@ -596,6 +891,7 @@
596
891
 config QCOM_FALKOR_ERRATUM_1009
597
892
 	bool "Falkor E1009: Prematurely complete a DSB after a TLBI"
598
893
 	default y
894
+	select ARM64_WORKAROUND_REPEAT_TLBI
599
895
 	help
600
896
 	  On Falkor v1, the CPU may prematurely complete a DSB following a
601
897
 	  TLBI xxIS invalidate maintenance operation. Repeat the TLBI operation
..
..
@@ -613,25 +909,6 @@
613
909
 
614
910
 	  If unsure, say Y.
615
911
 
616
-config SOCIONEXT_SYNQUACER_PREITS
617
-	bool "Socionext Synquacer: Workaround for GICv3 pre-ITS"
618
-	default y
619
-	help
620
-	  Socionext Synquacer SoCs implement a separate h/w block to generate
621
-	  MSI doorbell writes with non-zero values for the device ID.
622
-
623
-	  If unsure, say Y.
624
-
625
-config HISILICON_ERRATUM_161600802
626
-	bool "Hip07 161600802: Erroneous redistributor VLPI base"
627
-	default y
628
-	help
629
-	  The HiSilicon Hip07 SoC usees the wrong redistributor base
630
-	  when issued ITS commands such as VMOVP and VMAPP, and requires
631
-	  a 128kB offset to be applied to the target address in this commands.
632
-
633
-	  If unsure, say Y.
634
-
635
912
 config QCOM_FALKOR_ERRATUM_E1041
636
913
 	bool "Falkor E1041: Speculative instruction fetches might cause errant memory access"
637
914
 	default y
..
..
@@ -639,6 +916,15 @@
639
916
 	  Falkor CPU may speculatively fetch instructions from an improper
640
917
 	  memory location when MMU translation is changed from SCTLR_ELn[M]=1
641
918
 	  to SCTLR_ELn[M]=0. Prefix an ISB instruction to fix the problem.
919
+
920
+	  If unsure, say Y.
921
+
922
+config SOCIONEXT_SYNQUACER_PREITS
923
+	bool "Socionext Synquacer: Workaround for GICv3 pre-ITS"
924
+	default y
925
+	help
926
+	  Socionext Synquacer SoCs implement a separate h/w block to generate
927
+	  MSI doorbell writes with non-zero values for the device ID.
642
928
 
643
929
 	  If unsure, say Y.
644
930
 
..
..
@@ -702,7 +988,36 @@
702
988
 config ARM64_VA_BITS_48
703
989
 	bool "48-bit"
704
990
 
991
+config ARM64_VA_BITS_52
992
+	bool "52-bit"
993
+	depends on ARM64_64K_PAGES && (ARM64_PAN || !ARM64_SW_TTBR0_PAN)
994
+	help
995
+	  Enable 52-bit virtual addressing for userspace when explicitly
996
+	  requested via a hint to mmap(). The kernel will also use 52-bit
997
+	  virtual addresses for its own mappings (provided HW support for
998
+	  this feature is available, otherwise it reverts to 48-bit).
999
+
1000
+	  NOTE: Enabling 52-bit virtual addressing in conjunction with
1001
+	  ARMv8.3 Pointer Authentication will result in the PAC being
1002
+	  reduced from 7 bits to 3 bits, which may have a significant
1003
+	  impact on its susceptibility to brute-force attacks.
1004
+
1005
+	  If unsure, select 48-bit virtual addressing instead.
1006
+
705
1007
 endchoice
1008
+
1009
+config ARM64_FORCE_52BIT
1010
+	bool "Force 52-bit virtual addresses for userspace"
1011
+	depends on ARM64_VA_BITS_52 && EXPERT
1012
+	help
1013
+	  For systems with 52-bit userspace VAs enabled, the kernel will attempt
1014
+	  to maintain compatibility with older software by providing 48-bit VAs
1015
+	  unless a hint is supplied to mmap.
1016
+
1017
+	  This configuration option disables the 48-bit compatibility logic, and
1018
+	  forces all userspace addresses to be 52-bit on HW that supports it. One
1019
+	  should only enable this configuration option for stress testing userspace
1020
+	  memory management code. If unsure say N here.
706
1021
 
707
1022
 config ARM64_VA_BITS
708
1023
 	int
..
..
@@ -711,6 +1026,7 @@
711
1026
 	default 42 if ARM64_VA_BITS_42
712
1027
 	default 47 if ARM64_VA_BITS_47
713
1028
 	default 48 if ARM64_VA_BITS_48
1029
+	default 52 if ARM64_VA_BITS_52
714
1030
 
715
1031
 choice
716
1032
 	prompt "Physical address space size"
..
..
@@ -741,10 +1057,27 @@
741
1057
 	default 48 if ARM64_PA_BITS_48
742
1058
 	default 52 if ARM64_PA_BITS_52
743
1059
 
1060
+choice
1061
+	prompt "Endianness"
1062
+	default CPU_LITTLE_ENDIAN
1063
+	help
1064
+	  Select the endianness of data accesses performed by the CPU. Userspace
1065
+	  applications will need to be compiled and linked for the endianness
1066
+	  that is selected here.
1067
+
744
1068
 config CPU_BIG_ENDIAN
745
-       bool "Build big-endian kernel"
746
-       help
747
-         Say Y if you plan on running a kernel in big-endian mode.
1069
+	bool "Build big-endian kernel"
1070
+	depends on !LD_IS_LLD || LLD_VERSION >= 130000
1071
+	help
1072
+	  Say Y if you plan on running a kernel with a big-endian userspace.
1073
+
1074
+config CPU_LITTLE_ENDIAN
1075
+	bool "Build little-endian kernel"
1076
+	help
1077
+	  Say Y if you plan on running a kernel with a little-endian userspace.
1078
+	  This is usually the case for distributions targeting arm64.
1079
+
1080
+endchoice
748
1081
 
749
1082
 config SCHED_MC
750
1083
 	bool "Multi-core scheduler support"
..
..
@@ -763,8 +1096,7 @@
763
1096
 config NR_CPUS
764
1097
 	int "Maximum number of CPUs (2-4096)"
765
1098
 	range 2 4096
766
-	# These have to remain sorted largest to smallest
767
-	default "64"
1099
+	default "256"
768
1100
 
769
1101
 config HOTPLUG_CPU
770
1102
 	bool "Support for hot-pluggable CPUs"
..
..
@@ -775,11 +1107,11 @@
775
1107
 
776
1108
 # Common NUMA Features
777
1109
 config NUMA
778
-	bool "Numa Memory Allocation and Scheduler Support"
1110
+	bool "NUMA Memory Allocation and Scheduler Support"
779
1111
 	select ACPI_NUMA if ACPI
780
1112
 	select OF_NUMA
781
1113
 	help
782
-	  Enable NUMA (Non Uniform Memory Access) support.
1114
+	  Enable NUMA (Non-Uniform Memory Access) support.
783
1115
 
784
1116
 	  The kernel will try to allocate memory used by a CPU on the
785
1117
 	  local memory of the CPU and add some more
..
..
@@ -788,7 +1120,7 @@
788
1120
 config NODES_SHIFT
789
1121
 	int "Maximum NUMA Nodes (as a power of 2)"
790
1122
 	range 1 10
791
-	default "2"
1123
+	default "4"
792
1124
 	depends on NEED_MULTIPLE_NODES
793
1125
 	help
794
1126
 	  Specify the maximum number of NUMA Nodes available on the target
..
..
@@ -809,13 +1141,10 @@
809
1141
 config HOLES_IN_ZONE
810
1142
 	def_bool y
811
1143
 
812
-source kernel/Kconfig.hz
1144
+source "kernel/Kconfig.hz"
813
1145
 
814
1146
 config ARCH_SUPPORTS_DEBUG_PAGEALLOC
815
1147
 	def_bool y
816
-
817
-config ARCH_HAS_HOLES_MEMORYMODEL
818
-	def_bool y if SPARSEMEM
819
1148
 
820
1149
 config ARCH_SPARSEMEM_ENABLE
821
1150
 	def_bool y
..
..
@@ -831,7 +1160,7 @@
831
1160
 	def_bool !NUMA
832
1161
 
833
1162
 config HAVE_ARCH_PFN_VALID
834
-	def_bool ARCH_HAS_HOLES_MEMORYMODEL || !SPARSEMEM
1163
+	def_bool y
835
1164
 
836
1165
 config HW_PERF_EVENTS
837
1166
 	def_bool y
..
..
@@ -841,59 +1170,16 @@
841
1170
 	def_bool y
842
1171
 
843
1172
 config ARCH_WANT_HUGE_PMD_SHARE
844
-	def_bool y if ARM64_4K_PAGES || (ARM64_16K_PAGES && !ARM64_VA_BITS_36)
845
1173
 
846
1174
 config ARCH_HAS_CACHE_LINE_SIZE
847
1175
 	def_bool y
848
1176
 
1177
+config ARCH_ENABLE_SPLIT_PMD_PTLOCK
1178
+	def_bool y if PGTABLE_LEVELS > 2
849
1179
 
850
1180
 # Supported by clang >= 7.0
851
1181
 config CC_HAVE_SHADOW_CALL_STACK
852
1182
 	def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
853
-
854
-config ARM64_DMA_USE_IOMMU
855
-	bool "ARM64 DMA iommu integration"
856
-	select ARM_HAS_SG_CHAIN
857
-	select NEED_SG_DMA_LENGTH
858
-	help
859
-	  Enable using iommu through the standard dma apis.
860
-	  dma_alloc_coherent() will allocate scatter-gather memory
861
-	  which is made virtually contiguous via iommu.
862
-	  Enable if system contains IOMMU hardware.
863
-
864
-if ARM64_DMA_USE_IOMMU
865
-
866
-config ARM64_DMA_IOMMU_ALIGNMENT
867
-	int "Maximum PAGE_SIZE order of alignment for DMA IOMMU buffers"
868
-	range 4 9
869
-	default 9
870
-	help
871
-	  DMA mapping framework by default aligns all buffers to the smallest
872
-	  PAGE_SIZE order which is greater than or equal to the requested buffer
873
-	  size. This works well for buffers up to a few hundreds kilobytes, but
874
-	  for larger buffers it just a waste of address space. Drivers which has
875
-	  relatively small addressing window (like 64Mib) might run out of
876
-	  virtual space with just a few allocations.
877
-
878
-	  With this parameter you can specify the maximum PAGE_SIZE order for
879
-	  DMA IOMMU buffers. Larger buffers will be aligned only to this
880
-	  specified order. The order is expressed as a power of two multiplied
881
-	  by the PAGE_SIZE.
882
-
883
-endif
884
-
885
-config SECCOMP
886
-	bool "Enable seccomp to safely compute untrusted bytecode"
887
-	---help---
888
-	  This kernel feature is useful for number crunching applications
889
-	  that may need to compute untrusted bytecode during their
890
-	  execution. By using pipes or other transports made available to
891
-	  the process as file descriptors supporting the read/write
892
-	  syscalls, it's possible to isolate those applications in
893
-	  their own address space using seccomp. Once seccomp is
894
-	  enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
895
-	  and the task is only allowed to execute a few safe syscalls
896
-	  defined by each seccomp mode.
897
1183
 
898
1184
 config PARAVIRT
899
1185
 	bool "Enable paravirtualization code"
..
..
@@ -905,7 +1191,6 @@
905
1191
 config PARAVIRT_TIME_ACCOUNTING
906
1192
 	bool "Paravirtual steal time accounting"
907
1193
 	select PARAVIRT
908
-	default n
909
1194
 	help
910
1195
 	  Select this option to enable fine granularity task steal time
911
1196
 	  accounting. Time spent executing other tasks in parallel with
..
..
@@ -918,11 +1203,44 @@
918
1203
 	depends on PM_SLEEP_SMP
919
1204
 	select KEXEC_CORE
920
1205
 	bool "kexec system call"
921
-	---help---
1206
+	help
922
1207
 	  kexec is a system call that implements the ability to shutdown your
923
1208
 	  current kernel, and to start another kernel.  It is like a reboot
924
1209
 	  but it is independent of the system firmware.   And like a reboot
925
1210
 	  you can start any kernel with it, not just Linux.
1211
+
1212
+config KEXEC_FILE
1213
+	bool "kexec file based system call"
1214
+	select KEXEC_CORE
1215
+	help
1216
+	  This is new version of kexec system call. This system call is
1217
+	  file based and takes file descriptors as system call argument
1218
+	  for kernel and initramfs as opposed to list of segments as
1219
+	  accepted by previous system call.
1220
+
1221
+config KEXEC_SIG
1222
+	bool "Verify kernel signature during kexec_file_load() syscall"
1223
+	depends on KEXEC_FILE
1224
+	help
1225
+	  Select this option to verify a signature with loaded kernel
1226
+	  image. If configured, any attempt of loading a image without
1227
+	  valid signature will fail.
1228
+
1229
+	  In addition to that option, you need to enable signature
1230
+	  verification for the corresponding kernel image type being
1231
+	  loaded in order for this to work.
1232
+
1233
+config KEXEC_IMAGE_VERIFY_SIG
1234
+	bool "Enable Image signature verification support"
1235
+	default y
1236
+	depends on KEXEC_SIG
1237
+	depends on EFI && SIGNED_PE_FILE_VERIFICATION
1238
+	help
1239
+	  Enable Image signature verification support.
1240
+
1241
+comment "Support for PE file signature verification disabled"
1242
+	depends on KEXEC_SIG
1243
+	depends on !EFI || !SIGNED_PE_FILE_VERIFICATION
926
1244
 
927
1245
 config CRASH_DUMP
928
1246
 	bool "Build kdump crash kernel"
..
..
@@ -933,7 +1251,7 @@
933
1251
 	  reserved region and then later executed after a crash by
934
1252
 	  kdump/kexec.
935
1253
 
936
-	  For more details see Documentation/kdump/kdump.txt
1254
+	  For more details see Documentation/admin-guide/kdump/kdump.rst
937
1255
 
938
1256
 config XEN_DOM0
939
1257
 	def_bool y
..
..
@@ -982,47 +1300,36 @@
982
1300
 
983
1301
 	  If unsure, say Y.
984
1302
 
985
-config HARDEN_BRANCH_PREDICTOR
986
-	bool "Harden the branch predictor against aliasing attacks" if EXPERT
987
-	default y
988
-	help
989
-	  Speculation attacks against some high-performance processors rely on
990
-	  being able to manipulate the branch predictor for a victim context by
991
-	  executing aliasing branches in the attacker context.  Such attacks
992
-	  can be partially mitigated against by clearing internal branch
993
-	  predictor state and limiting the prediction logic in some situations.
994
-
995
-	  This config option will take CPU-specific actions to harden the
996
-	  branch predictor against aliasing attacks and may rely on specific
997
-	  instruction sequences or control bits being set by the system
998
-	  firmware.
999
-
1000
-	  If unsure, say Y.
1001
-
1002
-config HARDEN_EL2_VECTORS
1003
-	bool "Harden EL2 vector mapping against system register leak" if EXPERT
1303
+config MITIGATE_SPECTRE_BRANCH_HISTORY
1304
+	bool "Mitigate Spectre style attacks against branch history" if EXPERT
1004
1305
 	default y
1005
1306
 	help
1006
1307
 	  Speculation attacks against some high-performance processors can
1007
-	  be used to leak privileged information such as the vector base
1008
-	  register, resulting in a potential defeat of the EL2 layout
1009
-	  randomization.
1308
+	  make use of branch history to influence future speculation.
1309
+	  When taking an exception from user-space, a sequence of branches
1310
+	  or a firmware call overwrites the branch history.
1010
1311
 
1011
-	  This config option will map the vectors to a fixed location,
1012
-	  independent of the EL2 code mapping, so that revealing VBAR_EL2
1013
-	  to an attacker does not give away any extra information. This
1014
-	  only gets enabled on affected CPUs.
1015
-
1016
-	  If unsure, say Y.
1017
-
1018
-config ARM64_SSBD
1019
-	bool "Speculative Store Bypass Disable" if EXPERT
1312
+config RODATA_FULL_DEFAULT_ENABLED
1313
+	bool "Apply r/o permissions of VM areas also to their linear aliases"
1020
1314
 	default y
1021
1315
 	help
1022
-	  This enables mitigation of the bypassing of previous stores
1023
-	  by speculative loads.
1316
+	  Apply read-only attributes of VM areas to the linear alias of
1317
+	  the backing pages as well. This prevents code or read-only data
1318
+	  from being modified (inadvertently or intentionally) via another
1319
+	  mapping of the same memory page. This additional enhancement can
1320
+	  be turned off at runtime by passing rodata=[off|on] (and turned on
1321
+	  with rodata=full if this option is set to 'n')
1024
1322
 
1025
-	  If unsure, say Y.
1323
+	  This requires the linear region to be mapped down to pages,
1324
+	  which may adversely affect performance in some cases.
1325
+
1326
+config ARM64_SW_TTBR0_PAN
1327
+	bool "Emulate Privileged Access Never using TTBR0_EL1 switching"
1328
+	help
1329
+	  Enabling this option prevents the kernel from accessing
1330
+	  user-space memory directly by pointing TTBR0_EL1 to a reserved
1331
+	  zeroed area and reserved ASID. The user access routines
1332
+	  restore the valid TTBR0_EL1 temporarily.
1026
1333
 
1027
1334
 config ARM64_TAGGED_ADDR_ABI
1028
1335
 	bool "Enable the tagged user addresses syscall ABI"
..
..
@@ -1033,9 +1340,58 @@
1033
1340
 	  to system calls as pointer arguments. For details, see
1034
1341
 	  Documentation/arm64/tagged-address-abi.rst.
1035
1342
 
1343
+menuconfig COMPAT
1344
+	bool "Kernel support for 32-bit EL0"
1345
+	depends on ARM64_4K_PAGES || EXPERT
1346
+	select COMPAT_BINFMT_ELF if BINFMT_ELF
1347
+	select HAVE_UID16
1348
+	select OLD_SIGSUSPEND3
1349
+	select COMPAT_OLD_SIGACTION
1350
+	help
1351
+	  This option enables support for a 32-bit EL0 running under a 64-bit
1352
+	  kernel at EL1. AArch32-specific components such as system calls,
1353
+	  the user helper functions, VFP support and the ptrace interface are
1354
+	  handled appropriately by the kernel.
1355
+
1356
+	  If you use a page size other than 4KB (i.e, 16KB or 64KB), please be aware
1357
+	  that you will only be able to execute AArch32 binaries that were compiled
1358
+	  with page size aligned segments.
1359
+
1360
+	  If you want to execute 32-bit userspace applications, say Y.
1361
+
1362
+if COMPAT
1363
+
1364
+config KUSER_HELPERS
1365
+	bool "Enable kuser helpers page for 32-bit applications"
1366
+	default y
1367
+	help
1368
+	  Warning: disabling this option may break 32-bit user programs.
1369
+
1370
+	  Provide kuser helpers to compat tasks. The kernel provides
1371
+	  helper code to userspace in read only form at a fixed location
1372
+	  to allow userspace to be independent of the CPU type fitted to
1373
+	  the system. This permits binaries to be run on ARMv4 through
1374
+	  to ARMv8 without modification.
1375
+
1376
+	  See Documentation/arm/kernel_user_helpers.rst for details.
1377
+
1378
+	  However, the fixed address nature of these helpers can be used
1379
+	  by ROP (return orientated programming) authors when creating
1380
+	  exploits.
1381
+
1382
+	  If all of the binaries and libraries which run on your platform
1383
+	  are built specifically for your platform, and make no use of
1384
+	  these helpers, then you can turn this option off to hinder
1385
+	  such exploits. However, in that case, if a binary or library
1386
+	  relying on those helpers is run, it will not function correctly.
1387
+
1388
+	  Say N here only if you are absolutely certain that you do not
1389
+	  need these helpers; otherwise, the safe option is to say Y.
1390
+
1036
1391
 config COMPAT_VDSO
1037
1392
 	bool "Enable vDSO for 32-bit applications"
1038
-	depends on !CPU_BIG_ENDIAN && "$(CROSS_COMPILE_COMPAT)" != ""
1393
+	depends on !CPU_BIG_ENDIAN
1394
+	depends on (CC_IS_CLANG && LD_IS_LLD) || "$(CROSS_COMPILE_COMPAT)" != ""
1039
1395
 	select GENERIC_COMPAT_VDSO
1040
1396
 	default y
1041
1397
 	help
..
..
@@ -1046,9 +1402,16 @@
1046
1402
 	  You must have a 32-bit build of glibc 2.22 or later for programs
1047
1403
 	  to seamlessly take advantage of this.
1048
1404
 
1405
+config THUMB2_COMPAT_VDSO
1406
+	bool "Compile the 32-bit vDSO for Thumb-2 mode" if EXPERT
1407
+	depends on COMPAT_VDSO
1408
+	default y
1409
+	help
1410
+	  Compile the compat vDSO with '-mthumb -fomit-frame-pointer' if y,
1411
+	  otherwise with '-marm'.
1412
+
1049
1413
 menuconfig ARMV8_DEPRECATED
1050
1414
 	bool "Emulate deprecated/obsolete ARMv8 instructions"
1051
-	depends on COMPAT
1052
1415
 	depends on SYSCTL
1053
1416
 	help
1054
1417
 	  Legacy software support may require certain instructions
..
..
@@ -1067,6 +1430,8 @@
1067
1430
 	  ARMv8 obsoletes the use of A32 SWP/SWPB instructions such that
1068
1431
 	  they are always undefined. Say Y here to enable software
1069
1432
 	  emulation of these instructions for userspace using LDXR/STXR.
1433
+	  This feature can be controlled at runtime with the abi.swp
1434
+	  sysctl which is disabled by default.
1070
1435
 
1071
1436
 	  In some older versions of glibc [<=2.8] SWP is used during futex
1072
1437
 	  trylock() operations with the assumption that the code will not
..
..
@@ -1093,7 +1458,8 @@
1093
1458
 	  Say Y here to enable software emulation of these
1094
1459
 	  instructions for AArch32 userspace code. When this option is
1095
1460
 	  enabled, CP15 barrier usage is traced which can help
1096
-	  identify software that needs updating.
1461
+	  identify software that needs updating. This feature can be
1462
+	  controlled at runtime with the abi.cp15_barrier sysctl.
1097
1463
 
1098
1464
 	  If unsure, say Y
1099
1465
 
..
..
@@ -1104,7 +1470,8 @@
1104
1470
 	  AArch32 EL0, and is deprecated in ARMv8.
1105
1471
 
1106
1472
 	  Say Y here to enable software emulation of the instruction
1107
-	  for AArch32 userspace code.
1473
+	  for AArch32 userspace code. This feature can be controlled
1474
+	  at runtime with the abi.setend sysctl.
1108
1475
 
1109
1476
 	  Note: All the cpus on the system must have mixed endian support at EL0
1110
1477
 	  for this feature to be enabled. If a new CPU - which doesn't support mixed
..
..
@@ -1114,13 +1481,7 @@
1114
1481
 	  If unsure, say Y
1115
1482
 endif
1116
1483
 
1117
-config ARM64_SW_TTBR0_PAN
1118
-	bool "Emulate Privileged Access Never using TTBR0_EL1 switching"
1119
-	help
1120
-	  Enabling this option prevents the kernel from accessing
1121
-	  user-space memory directly by pointing TTBR0_EL1 to a reserved
1122
-	  zeroed area and reserved ASID. The user access routines
1123
-	  restore the valid TTBR0_EL1 temporarily.
1484
+endif
1124
1485
 
1125
1486
 menu "ARMv8.1 architectural features"
1126
1487
 
..
..
@@ -1155,8 +1516,20 @@
1155
1516
 	 The feature is detected at runtime, and will remain as a 'nop'
1156
1517
 	 instruction if the cpu does not implement the feature.
1157
1518
 
1519
+config AS_HAS_LDAPR
1520
+	def_bool $(as-instr,.arch_extension rcpc)
1521
+
1522
+config AS_HAS_LSE_ATOMICS
1523
+	def_bool $(as-instr,.arch_extension lse)
1524
+
1158
1525
 config ARM64_LSE_ATOMICS
1526
+	bool
1527
+	default ARM64_USE_LSE_ATOMICS
1528
+	depends on AS_HAS_LSE_ATOMICS
1529
+
1530
+config ARM64_USE_LSE_ATOMICS
1159
1531
 	bool "Atomic instructions"
1532
+	depends on JUMP_LABEL
1160
1533
 	default y
1161
1534
 	help
1162
1535
 	  As part of the Large System Extensions, ARMv8.1 introduces new
..
..
@@ -1235,12 +1608,233 @@
1235
1608
 	  and access the new registers if the system supports the extension.
1236
1609
 	  Platform RAS features may additionally depend on firmware support.
1237
1610
 
1611
+config ARM64_CNP
1612
+	bool "Enable support for Common Not Private (CNP) translations"
1613
+	default y
1614
+	depends on ARM64_PAN || !ARM64_SW_TTBR0_PAN
1615
+	help
1616
+	  Common Not Private (CNP) allows translation table entries to
1617
+	  be shared between different PEs in the same inner shareable
1618
+	  domain, so the hardware can use this fact to optimise the
1619
+	  caching of such entries in the TLB.
1620
+
1621
+	  Selecting this option allows the CNP feature to be detected
1622
+	  at runtime, and does not affect PEs that do not implement
1623
+	  this feature.
1624
+
1625
+endmenu
1626
+
1627
+menu "ARMv8.3 architectural features"
1628
+
1629
+config ARM64_PTR_AUTH
1630
+	bool "Enable support for pointer authentication"
1631
+	default y
1632
+	depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC
1633
+	# Modern compilers insert a .note.gnu.property section note for PAC
1634
+	# which is only understood by binutils starting with version 2.33.1.
1635
+	depends on LD_IS_LLD || LD_VERSION >= 233010000 || (CC_IS_GCC && GCC_VERSION < 90100)
1636
+	depends on !CC_IS_CLANG || AS_HAS_CFI_NEGATE_RA_STATE
1637
+	depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
1638
+	help
1639
+	  Pointer authentication (part of the ARMv8.3 Extensions) provides
1640
+	  instructions for signing and authenticating pointers against secret
1641
+	  keys, which can be used to mitigate Return Oriented Programming (ROP)
1642
+	  and other attacks.
1643
+
1644
+	  This option enables these instructions at EL0 (i.e. for userspace).
1645
+	  Choosing this option will cause the kernel to initialise secret keys
1646
+	  for each process at exec() time, with these keys being
1647
+	  context-switched along with the process.
1648
+
1649
+	  If the compiler supports the -mbranch-protection or
1650
+	  -msign-return-address flag (e.g. GCC 7 or later), then this option
1651
+	  will also cause the kernel itself to be compiled with return address
1652
+	  protection. In this case, and if the target hardware is known to
1653
+	  support pointer authentication, then CONFIG_STACKPROTECTOR can be
1654
+	  disabled with minimal loss of protection.
1655
+
1656
+	  The feature is detected at runtime. If the feature is not present in
1657
+	  hardware it will not be advertised to userspace/KVM guest nor will it
1658
+	  be enabled.
1659
+
1660
+	  If the feature is present on the boot CPU but not on a late CPU, then
1661
+	  the late CPU will be parked. Also, if the boot CPU does not have
1662
+	  address auth and the late CPU has then the late CPU will still boot
1663
+	  but with the feature disabled. On such a system, this option should
1664
+	  not be selected.
1665
+
1666
+	  This feature works with FUNCTION_GRAPH_TRACER option only if
1667
+	  DYNAMIC_FTRACE_WITH_REGS is enabled.
1668
+
1669
+config CC_HAS_BRANCH_PROT_PAC_RET
1670
+	# GCC 9 or later, clang 8 or later
1671
+	def_bool $(cc-option,-mbranch-protection=pac-ret+leaf)
1672
+
1673
+config CC_HAS_SIGN_RETURN_ADDRESS
1674
+	# GCC 7, 8
1675
+	def_bool $(cc-option,-msign-return-address=all)
1676
+
1677
+config AS_HAS_PAC
1678
+	def_bool $(cc-option,-Wa$(comma)-march=armv8.3-a)
1679
+
1680
+config AS_HAS_CFI_NEGATE_RA_STATE
1681
+	def_bool $(as-instr,.cfi_startproc\n.cfi_negate_ra_state\n.cfi_endproc\n)
1682
+
1683
+endmenu
1684
+
1685
+menu "ARMv8.4 architectural features"
1686
+
1687
+config ARM64_AMU_EXTN
1688
+	bool "Enable support for the Activity Monitors Unit CPU extension"
1689
+	default y
1690
+	help
1691
+	  The activity monitors extension is an optional extension introduced
1692
+	  by the ARMv8.4 CPU architecture. This enables support for version 1
1693
+	  of the activity monitors architecture, AMUv1.
1694
+
1695
+	  To enable the use of this extension on CPUs that implement it, say Y.
1696
+
1697
+	  Note that for architectural reasons, firmware _must_ implement AMU
1698
+	  support when running on CPUs that present the activity monitors
1699
+	  extension. The required support is present in:
1700
+	    * Version 1.5 and later of the ARM Trusted Firmware
1701
+
1702
+	  For kernels that have this configuration enabled but boot with broken
1703
+	  firmware, you may need to say N here until the firmware is fixed.
1704
+	  Otherwise you may experience firmware panics or lockups when
1705
+	  accessing the counter registers. Even if you are not observing these
1706
+	  symptoms, the values returned by the register reads might not
1707
+	  correctly reflect reality. Most commonly, the value read will be 0,
1708
+	  indicating that the counter is not enabled.
1709
+
1710
+config AS_HAS_ARMV8_4
1711
+	def_bool $(cc-option,-Wa$(comma)-march=armv8.4-a)
1712
+
1713
+config ARM64_TLB_RANGE
1714
+	bool "Enable support for tlbi range feature"
1715
+	default y
1716
+	depends on AS_HAS_ARMV8_4
1717
+	help
1718
+	  ARMv8.4-TLBI provides TLBI invalidation instruction that apply to a
1719
+	  range of input addresses.
1720
+
1721
+	  The feature introduces new assembly instructions, and they were
1722
+	  support when binutils >= 2.30.
1723
+
1724
+endmenu
1725
+
1726
+menu "ARMv8.5 architectural features"
1727
+
1728
+config AS_HAS_ARMV8_5
1729
+	def_bool $(cc-option,-Wa$(comma)-march=armv8.5-a)
1730
+
1731
+config ARM64_BTI
1732
+	bool "Branch Target Identification support"
1733
+	default y
1734
+	help
1735
+	  Branch Target Identification (part of the ARMv8.5 Extensions)
1736
+	  provides a mechanism to limit the set of locations to which computed
1737
+	  branch instructions such as BR or BLR can jump.
1738
+
1739
+	  To make use of BTI on CPUs that support it, say Y.
1740
+
1741
+	  BTI is intended to provide complementary protection to other control
1742
+	  flow integrity protection mechanisms, such as the Pointer
1743
+	  authentication mechanism provided as part of the ARMv8.3 Extensions.
1744
+	  For this reason, it does not make sense to enable this option without
1745
+	  also enabling support for pointer authentication.  Thus, when
1746
+	  enabling this option you should also select ARM64_PTR_AUTH=y.
1747
+
1748
+	  Userspace binaries must also be specifically compiled to make use of
1749
+	  this mechanism.  If you say N here or the hardware does not support
1750
+	  BTI, such binaries can still run, but you get no additional
1751
+	  enforcement of branch destinations.
1752
+
1753
+config ARM64_BTI_KERNEL
1754
+	bool "Use Branch Target Identification for kernel"
1755
+	default y
1756
+	depends on ARM64_BTI
1757
+	depends on ARM64_PTR_AUTH
1758
+	depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI
1759
+	# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
1760
+	depends on !CC_IS_GCC || GCC_VERSION >= 100100
1761
+	# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
1762
+	depends on !CC_IS_GCC
1763
+	# https://bugs.llvm.org/show_bug.cgi?id=46258
1764
+	depends on !CFI_CLANG || CLANG_VERSION >= 120000
1765
+	depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
1766
+	help
1767
+	  Build the kernel with Branch Target Identification annotations
1768
+	  and enable enforcement of this for kernel code. When this option
1769
+	  is enabled and the system supports BTI all kernel code including
1770
+	  modular code must have BTI enabled.
1771
+
1772
+config CC_HAS_BRANCH_PROT_PAC_RET_BTI
1773
+	# GCC 9 or later, clang 8 or later
1774
+	def_bool $(cc-option,-mbranch-protection=pac-ret+leaf+bti)
1775
+
1776
+config ARM64_E0PD
1777
+	bool "Enable support for E0PD"
1778
+	default y
1779
+	help
1780
+	  E0PD (part of the ARMv8.5 extensions) allows us to ensure
1781
+	  that EL0 accesses made via TTBR1 always fault in constant time,
1782
+	  providing similar benefits to KASLR as those provided by KPTI, but
1783
+	  with lower overhead and without disrupting legitimate access to
1784
+	  kernel memory such as SPE.
1785
+
1786
+	  This option enables E0PD for TTBR1 where available.
1787
+
1788
+config ARCH_RANDOM
1789
+	bool "Enable support for random number generation"
1790
+	default y
1791
+	help
1792
+	  Random number generation (part of the ARMv8.5 Extensions)
1793
+	  provides a high bandwidth, cryptographically secure
1794
+	  hardware random number generator.
1795
+
1796
+config ARM64_AS_HAS_MTE
1797
+	# Initial support for MTE went in binutils 2.32.0, checked with
1798
+	# ".arch armv8.5-a+memtag" below. However, this was incomplete
1799
+	# as a late addition to the final architecture spec (LDGM/STGM)
1800
+	# is only supported in the newer 2.32.x and 2.33 binutils
1801
+	# versions, hence the extra "stgm" instruction check below.
1802
+	def_bool $(as-instr,.arch armv8.5-a+memtag\nstgm xzr$(comma)[x0])
1803
+
1804
+config ARM64_MTE
1805
+	bool "Memory Tagging Extension support"
1806
+	default y
1807
+	depends on ARM64_AS_HAS_MTE && ARM64_TAGGED_ADDR_ABI
1808
+	depends on AS_HAS_ARMV8_5
1809
+	# Required for tag checking in the uaccess routines
1810
+	depends on ARM64_PAN
1811
+	depends on AS_HAS_LSE_ATOMICS
1812
+	select ARCH_USES_HIGH_VMA_FLAGS
1813
+	help
1814
+	  Memory Tagging (part of the ARMv8.5 Extensions) provides
1815
+	  architectural support for run-time, always-on detection of
1816
+	  various classes of memory error to aid with software debugging
1817
+	  to eliminate vulnerabilities arising from memory-unsafe
1818
+	  languages.
1819
+
1820
+	  This option enables the support for the Memory Tagging
1821
+	  Extension at EL0 (i.e. for userspace).
1822
+
1823
+	  Selecting this option allows the feature to be detected at
1824
+	  runtime. Any secondary CPU not implementing this feature will
1825
+	  not be allowed a late bring-up.
1826
+
1827
+	  Userspace binaries that want to use this feature must
1828
+	  explicitly opt in. The mechanism for the userspace is
1829
+	  described in:
1830
+
1831
+	  Documentation/arm64/memory-tagging-extension.rst.
1832
+
1238
1833
 endmenu
1239
1834
 
1240
1835
 config ARM64_SVE
1241
1836
 	bool "ARM Scalable Vector Extension support"
1242
1837
 	default y
1243
-	depends on !KVM || ARM64_VHE
1244
1838
 	help
1245
1839
 	  The Scalable Vector Extension (SVE) is an extension to the AArch64
1246
1840
 	  execution state which complements and extends the SIMD functionality
..
..
@@ -1248,6 +1842,9 @@
1248
1842
 	  additional vectorisation opportunities.
1249
1843
 
1250
1844
 	  To enable use of this extension on CPUs that implement it, say Y.
1845
+
1846
+	  On CPUs that support the SVE2 extensions, this option will enable
1847
+	  those too.
1251
1848
 
1252
1849
 	  Note that for architectural reasons, firmware _must_ implement SVE
1253
1850
 	  support when running on SVE capable hardware.  The required support
..
..
@@ -1266,19 +1863,55 @@
1266
1863
 	  booting the kernel.  If unsure and you are not observing these
1267
1864
 	  symptoms, you should assume that it is safe to say Y.
1268
1865
 
1269
-	  CPUs that support SVE are architecturally required to support the
1270
-	  Virtualization Host Extensions (VHE), so the kernel makes no
1271
-	  provision for supporting SVE alongside KVM without VHE enabled.
1272
-	  Thus, you will need to enable CONFIG_ARM64_VHE if you want to support
1273
-	  KVM in the same kernel image.
1274
-
1275
1866
 config ARM64_MODULE_PLTS
1276
-	bool
1867
+	bool "Use PLTs to allow module memory to spill over into vmalloc area"
1868
+	depends on MODULES
1277
1869
 	select HAVE_MOD_ARCH_SPECIFIC
1870
+	help
1871
+	  Allocate PLTs when loading modules so that jumps and calls whose
1872
+	  targets are too far away for their relative offsets to be encoded
1873
+	  in the instructions themselves can be bounced via veneers in the
1874
+	  module's PLT. This allows modules to be allocated in the generic
1875
+	  vmalloc area after the dedicated module memory area has been
1876
+	  exhausted.
1877
+
1878
+	  When running with address space randomization (KASLR), the module
1879
+	  region itself may be too far away for ordinary relative jumps and
1880
+	  calls, and so in that case, module PLTs are required and cannot be
1881
+	  disabled.
1882
+
1883
+	  Specific errata workaround(s) might also force module PLTs to be
1884
+	  enabled (ARM64_ERRATUM_843419).
1885
+
1886
+config ARM64_PSEUDO_NMI
1887
+	bool "Support for NMI-like interrupts"
1888
+	select ARM_GIC_V3
1889
+	help
1890
+	  Adds support for mimicking Non-Maskable Interrupts through the use of
1891
+	  GIC interrupt priority. This support requires version 3 or later of
1892
+	  ARM GIC.
1893
+
1894
+	  This high priority configuration for interrupts needs to be
1895
+	  explicitly enabled by setting the kernel parameter
1896
+	  "irqchip.gicv3_pseudo_nmi" to 1.
1897
+
1898
+	  If unsure, say N
1899
+
1900
+if ARM64_PSEUDO_NMI
1901
+config ARM64_DEBUG_PRIORITY_MASKING
1902
+	bool "Debug interrupt priority masking"
1903
+	help
1904
+	  This adds runtime checks to functions enabling/disabling
1905
+	  interrupts when using priority masking. The additional checks verify
1906
+	  the validity of ICC_PMR_EL1 when calling concerned functions.
1907
+
1908
+	  If unsure, say N
1909
+endif
1278
1910
 
1279
1911
 config RELOCATABLE
1280
-	bool
1912
+	bool "Build a relocatable kernel image" if EXPERT
1281
1913
 	select ARCH_HAS_RELR
1914
+	default y
1282
1915
 	help
1283
1916
 	  This builds the kernel as a Position Independent Executable (PIE),
1284
1917
 	  which retains all relocation metadata required to relocate the
..
..
@@ -1322,6 +1955,13 @@
1322
1955
 	  a limited range that contains the [_stext, _etext] interval of the
1323
1956
 	  core kernel, so branch relocations are always in range.
1324
1957
 
1958
+config CC_HAVE_STACKPROTECTOR_SYSREG
1959
+	def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0)
1960
+
1961
+config STACKPROTECTOR_PER_TASK
1962
+	def_bool y
1963
+	depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG
1964
+
1325
1965
 endmenu
1326
1966
 
1327
1967
 menu "Boot options"
..
..
@@ -1346,6 +1986,9 @@
1346
1986
 choice
1347
1987
 	prompt "Kernel command line type" if CMDLINE != ""
1348
1988
 	default CMDLINE_FROM_BOOTLOADER
1989
+	help
1990
+	  Choose how the kernel will handle the provided default kernel
1991
+	  command line string.
1349
1992
 
1350
1993
 config CMDLINE_FROM_BOOTLOADER
1351
1994
 	bool "Use bootloader kernel arguments if available"
..
..
@@ -1367,6 +2010,7 @@
1367
2010
 	  loader passes other arguments to the kernel.
1368
2011
 	  This is useful if you cannot or don't want to change the
1369
2012
 	  command-line options your boot loader passes to the kernel.
2013
+
1370
2014
 endchoice
1371
2015
 
1372
2016
 config EFI_STUB
..
..
@@ -1382,7 +2026,7 @@
1382
2026
 	select EFI_PARAMS_FROM_FDT
1383
2027
 	select EFI_RUNTIME_WRAPPERS
1384
2028
 	select EFI_STUB
1385
-	select EFI_ARMSTUB
2029
+	select EFI_GENERIC_STUB
1386
2030
 	default y
1387
2031
 	help
1388
2032
 	  This option provides support for runtime services provided
..
..
@@ -1404,57 +2048,18 @@
1404
2048
 
1405
2049
 endmenu
1406
2050
 
1407
-config COMPAT
1408
-	bool "Kernel support for 32-bit EL0"
1409
-	depends on ARM64_4K_PAGES || EXPERT
1410
-	select COMPAT_BINFMT_ELF if BINFMT_ELF
1411
-	select HAVE_UID16
1412
-	select OLD_SIGSUSPEND3
1413
-	select COMPAT_OLD_SIGACTION
1414
-	help
1415
-	  This option enables support for a 32-bit EL0 running under a 64-bit
1416
-	  kernel at EL1. AArch32-specific components such as system calls,
1417
-	  the user helper functions, VFP support and the ptrace interface are
1418
-	  handled appropriately by the kernel.
1419
-
1420
-	  If you use a page size other than 4KB (i.e, 16KB or 64KB), please be aware
1421
-	  that you will only be able to execute AArch32 binaries that were compiled
1422
-	  with page size aligned segments.
1423
-
1424
-	  If you want to execute 32-bit userspace applications, say Y.
1425
-
1426
-config KUSER_HELPERS
1427
-	bool "Enable kuser helpers page for 32 bit applications."
1428
-	depends on COMPAT
1429
-	default y
1430
-	help
1431
-	  Warning: disabling this option may break 32-bit user programs.
1432
-
1433
-	  Provide kuser helpers to compat tasks. The kernel provides
1434
-	  helper code to userspace in read only form at a fixed location
1435
-	  to allow userspace to be independent of the CPU type fitted to
1436
-	  the system. This permits binaries to be run on ARMv4 through
1437
-	  to ARMv8 without modification.
1438
-
1439
-	  See Documentation/arm/kernel_user_helpers.txt for details.
1440
-
1441
-	  However, the fixed address nature of these helpers can be used
1442
-	  by ROP (return orientated programming) authors when creating
1443
-	  exploits.
1444
-
1445
-	  If all of the binaries and libraries which run on your platform
1446
-	  are built specifically for your platform, and make no use of
1447
-	  these helpers, then you can turn this option off to hinder
1448
-	  such exploits. However, in that case, if a binary or library
1449
-	  relying on those helpers is run, it will not function correctly.
1450
-
1451
-	  Say N here only if you are absolutely certain that you do not
1452
-	  need these helpers; otherwise, the safe option is to say Y.
1453
-
1454
2051
 config SYSVIPC_COMPAT
1455
2052
 	def_bool y
1456
2053
 	depends on COMPAT && SYSVIPC
1457
2054
 
2055
+config ARCH_ENABLE_HUGEPAGE_MIGRATION
2056
+	def_bool y
2057
+	depends on HUGETLB_PAGE && MIGRATION
2058
+
2059
+config ARCH_ENABLE_THP_MIGRATION
2060
+	def_bool y
2061
+	depends on TRANSPARENT_HUGEPAGE
2062
+
1458
2063
 menu "Power management options"
1459
2064
 
1460
2065
 source "kernel/power/Kconfig"