mirror of
https://github.com/torvalds/linux.git
synced 2024-11-19 02:21:47 +00:00
40548c6b6c
Pull x86 pti updates from Thomas Gleixner:
"This contains:
- a PTI bugfix to avoid setting reserved CR3 bits when PCID is
disabled. This seems to cause issues on a virtual machine at least
and is incorrect according to the AMD manual.
- a PTI bugfix which disables the perf BTS facility if PTI is
enabled. The BTS AUX buffer is not globally visible and causes the
CPU to fault when the mapping disappears on switching CR3 to user
space. A full fix which restores BTS on PTI is non trivial and will
be worked on.
- PTI bugfixes for EFI and trusted boot which make sure that the user
space visible page table entries have the NX bit cleared
- removal of dead code in the PTI pagetable setup functions
- add PTI documentation
- add a selftest for vsyscall to verify that the kernel actually
implements what it advertises.
- a sysfs interface to expose vulnerability and mitigation
information so there is a coherent way for users to retrieve the
status.
- the initial spectre_v2 mitigations, aka retpoline:
+ The necessary ASM thunk and compiler support
+ The ASM variants of retpoline and the conversion of affected ASM
code
+ Make LFENCE serializing on AMD so it can be used as speculation
trap
+ The RSB fill after vmexit
- initial objtool support for retpoline
As I said in the status mail this is the most of the set of patches
which should go into 4.15 except two straight forward patches still on
hold:
- the retpoline add on of LFENCE which waits for ACKs
- the RSB fill after context switch
Both should be ready to go early next week and with that we'll have
covered the major holes of spectre_v2 and go back to normality"
* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (28 commits)
x86,perf: Disable intel_bts when PTI
security/Kconfig: Correct the Documentation reference for PTI
x86/pti: Fix !PCID and sanitize defines
selftests/x86: Add test_vsyscall
x86/retpoline: Fill return stack buffer on vmexit
x86/retpoline/irq32: Convert assembler indirect jumps
x86/retpoline/checksum32: Convert assembler indirect jumps
x86/retpoline/xen: Convert Xen hypercall indirect jumps
x86/retpoline/hyperv: Convert assembler indirect jumps
x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
x86/retpoline/entry: Convert entry assembler indirect jumps
x86/retpoline/crypto: Convert crypto assembler indirect jumps
x86/spectre: Add boot time option to select Spectre v2 mitigation
x86/retpoline: Add initial retpoline support
objtool: Allow alternatives to be ignored
objtool: Detect jumps to retpoline thunks
x86/pti: Make unpoison of pgd for trusted boot work for real
x86/alternatives: Fix optimize_nops() checking
sysfs/cpu: Fix typos in vulnerability documentation
x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
...
353 lines
12 KiB
Plaintext
353 lines
12 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
menu "Generic Driver Options"
|
|
|
|
config UEVENT_HELPER
|
|
bool "Support for uevent helper"
|
|
default y
|
|
help
|
|
The uevent helper program is forked by the kernel for
|
|
every uevent.
|
|
Before the switch to the netlink-based uevent source, this was
|
|
used to hook hotplug scripts into kernel device events. It
|
|
usually pointed to a shell script at /sbin/hotplug.
|
|
This should not be used today, because usual systems create
|
|
many events at bootup or device discovery in a very short time
|
|
frame. One forked process per event can create so many processes
|
|
that it creates a high system load, or on smaller systems
|
|
it is known to create out-of-memory situations during bootup.
|
|
|
|
config UEVENT_HELPER_PATH
|
|
string "path to uevent helper"
|
|
depends on UEVENT_HELPER
|
|
default ""
|
|
help
|
|
To disable user space helper program execution at by default
|
|
specify an empty string here. This setting can still be altered
|
|
via /proc/sys/kernel/hotplug or via /sys/kernel/uevent_helper
|
|
later at runtime.
|
|
|
|
config DEVTMPFS
|
|
bool "Maintain a devtmpfs filesystem to mount at /dev"
|
|
help
|
|
This creates a tmpfs/ramfs filesystem instance early at bootup.
|
|
In this filesystem, the kernel driver core maintains device
|
|
nodes with their default names and permissions for all
|
|
registered devices with an assigned major/minor number.
|
|
Userspace can modify the filesystem content as needed, add
|
|
symlinks, and apply needed permissions.
|
|
It provides a fully functional /dev directory, where usually
|
|
udev runs on top, managing permissions and adding meaningful
|
|
symlinks.
|
|
In very limited environments, it may provide a sufficient
|
|
functional /dev without any further help. It also allows simple
|
|
rescue systems, and reliably handles dynamic major/minor numbers.
|
|
|
|
Notice: if CONFIG_TMPFS isn't enabled, the simpler ramfs
|
|
file system will be used instead.
|
|
|
|
config DEVTMPFS_MOUNT
|
|
bool "Automount devtmpfs at /dev, after the kernel mounted the rootfs"
|
|
depends on DEVTMPFS
|
|
help
|
|
This will instruct the kernel to automatically mount the
|
|
devtmpfs filesystem at /dev, directly after the kernel has
|
|
mounted the root filesystem. The behavior can be overridden
|
|
with the commandline parameter: devtmpfs.mount=0|1.
|
|
This option does not affect initramfs based booting, here
|
|
the devtmpfs filesystem always needs to be mounted manually
|
|
after the rootfs is mounted.
|
|
With this option enabled, it allows to bring up a system in
|
|
rescue mode with init=/bin/sh, even when the /dev directory
|
|
on the rootfs is completely empty.
|
|
|
|
config STANDALONE
|
|
bool "Select only drivers that don't need compile-time external firmware"
|
|
default y
|
|
help
|
|
Select this option if you don't have magic firmware for drivers that
|
|
need it.
|
|
|
|
If unsure, say Y.
|
|
|
|
config PREVENT_FIRMWARE_BUILD
|
|
bool "Prevent firmware from being built"
|
|
default y
|
|
help
|
|
Say yes to avoid building firmware. Firmware is usually shipped
|
|
with the driver and only when updating the firmware should a
|
|
rebuild be made.
|
|
If unsure, say Y here.
|
|
|
|
config FW_LOADER
|
|
tristate "Userspace firmware loading support" if EXPERT
|
|
default y
|
|
---help---
|
|
This option is provided for the case where none of the in-tree modules
|
|
require userspace firmware loading support, but a module built
|
|
out-of-tree does.
|
|
|
|
config FIRMWARE_IN_KERNEL
|
|
bool "Include in-kernel firmware blobs in kernel binary"
|
|
depends on FW_LOADER
|
|
default y
|
|
help
|
|
Various drivers in the kernel source tree may require firmware,
|
|
which is generally available in your distribution's linux-firmware
|
|
package.
|
|
|
|
The linux-firmware package should install firmware into
|
|
/lib/firmware/ on your system, so they can be loaded by userspace
|
|
helpers on request.
|
|
|
|
Enabling this option will build each required firmware blob
|
|
specified by EXTRA_FIRMWARE into the kernel directly, where
|
|
request_firmware() will find them without having to call out to
|
|
userspace. This may be useful if your root file system requires a
|
|
device that uses such firmware and you do not wish to use an
|
|
initrd.
|
|
|
|
This single option controls the inclusion of firmware for
|
|
every driver that uses request_firmware(), which avoids a
|
|
proliferation of 'Include firmware for xxx device' options.
|
|
|
|
Say 'N' and let firmware be loaded from userspace.
|
|
|
|
config EXTRA_FIRMWARE
|
|
string "External firmware blobs to build into the kernel binary"
|
|
depends on FW_LOADER
|
|
help
|
|
This option allows firmware to be built into the kernel for the case
|
|
where the user either cannot or doesn't want to provide it from
|
|
userspace at runtime (for example, when the firmware in question is
|
|
required for accessing the boot device, and the user doesn't want to
|
|
use an initrd).
|
|
|
|
This option is a string and takes the (space-separated) names of the
|
|
firmware files -- the same names that appear in MODULE_FIRMWARE()
|
|
and request_firmware() in the source. These files should exist under
|
|
the directory specified by the EXTRA_FIRMWARE_DIR option, which is
|
|
by default the firmware subdirectory of the kernel source tree.
|
|
|
|
For example, you might set CONFIG_EXTRA_FIRMWARE="usb8388.bin", copy
|
|
the usb8388.bin file into the firmware directory, and build the kernel.
|
|
Then any request_firmware("usb8388.bin") will be satisfied internally
|
|
without needing to call out to userspace.
|
|
|
|
WARNING: If you include additional firmware files into your binary
|
|
kernel image that are not available under the terms of the GPL,
|
|
then it may be a violation of the GPL to distribute the resulting
|
|
image since it combines both GPL and non-GPL work. You should
|
|
consult a lawyer of your own before distributing such an image.
|
|
|
|
config EXTRA_FIRMWARE_DIR
|
|
string "Firmware blobs root directory"
|
|
depends on EXTRA_FIRMWARE != ""
|
|
default "/lib/firmware"
|
|
help
|
|
This option controls the directory in which the kernel build system
|
|
looks for the firmware files listed in the EXTRA_FIRMWARE option.
|
|
|
|
config FW_LOADER_USER_HELPER
|
|
bool
|
|
|
|
config FW_LOADER_USER_HELPER_FALLBACK
|
|
bool "Fallback user-helper invocation for firmware loading"
|
|
depends on FW_LOADER
|
|
select FW_LOADER_USER_HELPER
|
|
help
|
|
This option enables / disables the invocation of user-helper
|
|
(e.g. udev) for loading firmware files as a fallback after the
|
|
direct file loading in kernel fails. The user-mode helper is
|
|
no longer required unless you have a special firmware file that
|
|
resides in a non-standard path. Moreover, the udev support has
|
|
been deprecated upstream.
|
|
|
|
If you are unsure about this, say N here.
|
|
|
|
config WANT_DEV_COREDUMP
|
|
bool
|
|
help
|
|
Drivers should "select" this option if they desire to use the
|
|
device coredump mechanism.
|
|
|
|
config ALLOW_DEV_COREDUMP
|
|
bool "Allow device coredump" if EXPERT
|
|
default y
|
|
help
|
|
This option controls if the device coredump mechanism is available or
|
|
not; if disabled, the mechanism will be omitted even if drivers that
|
|
can use it are enabled.
|
|
Say 'N' for more sensitive systems or systems that don't want
|
|
to ever access the information to not have the code, nor keep any
|
|
data.
|
|
|
|
If unsure, say Y.
|
|
|
|
config DEV_COREDUMP
|
|
bool
|
|
default y if WANT_DEV_COREDUMP
|
|
depends on ALLOW_DEV_COREDUMP
|
|
|
|
config DEBUG_DRIVER
|
|
bool "Driver Core verbose debug messages"
|
|
depends on DEBUG_KERNEL
|
|
help
|
|
Say Y here if you want the Driver core to produce a bunch of
|
|
debug messages to the system log. Select this if you are having a
|
|
problem with the driver core and want to see more of what is
|
|
going on.
|
|
|
|
If you are unsure about this, say N here.
|
|
|
|
config DEBUG_DEVRES
|
|
bool "Managed device resources verbose debug messages"
|
|
depends on DEBUG_KERNEL
|
|
help
|
|
This option enables kernel parameter devres.log. If set to
|
|
non-zero, devres debug messages are printed. Select this if
|
|
you are having a problem with devres or want to debug
|
|
resource management for a managed device. devres.log can be
|
|
switched on and off from sysfs node.
|
|
|
|
If you are unsure about this, Say N here.
|
|
|
|
config DEBUG_TEST_DRIVER_REMOVE
|
|
bool "Test driver remove calls during probe (UNSTABLE)"
|
|
depends on DEBUG_KERNEL
|
|
help
|
|
Say Y here if you want the Driver core to test driver remove functions
|
|
by calling probe, remove, probe. This tests the remove path without
|
|
having to unbind the driver or unload the driver module.
|
|
|
|
This option is expected to find errors and may render your system
|
|
unusable. You should say N here unless you are explicitly looking to
|
|
test this functionality.
|
|
|
|
source "drivers/base/test/Kconfig"
|
|
|
|
config SYS_HYPERVISOR
|
|
bool
|
|
default n
|
|
|
|
config GENERIC_CPU_DEVICES
|
|
bool
|
|
default n
|
|
|
|
config GENERIC_CPU_AUTOPROBE
|
|
bool
|
|
|
|
config GENERIC_CPU_VULNERABILITIES
|
|
bool
|
|
|
|
config SOC_BUS
|
|
bool
|
|
select GLOB
|
|
|
|
source "drivers/base/regmap/Kconfig"
|
|
|
|
config DMA_SHARED_BUFFER
|
|
bool
|
|
default n
|
|
select ANON_INODES
|
|
help
|
|
This option enables the framework for buffer-sharing between
|
|
multiple drivers. A buffer is associated with a file using driver
|
|
APIs extension; the file's descriptor can then be passed on to other
|
|
driver.
|
|
|
|
config DMA_FENCE_TRACE
|
|
bool "Enable verbose DMA_FENCE_TRACE messages"
|
|
depends on DMA_SHARED_BUFFER
|
|
help
|
|
Enable the DMA_FENCE_TRACE printks. This will add extra
|
|
spam to the console log, but will make it easier to diagnose
|
|
lockup related problems for dma-buffers shared across multiple
|
|
devices.
|
|
|
|
config DMA_CMA
|
|
bool "DMA Contiguous Memory Allocator"
|
|
depends on HAVE_DMA_CONTIGUOUS && CMA
|
|
help
|
|
This enables the Contiguous Memory Allocator which allows drivers
|
|
to allocate big physically-contiguous blocks of memory for use with
|
|
hardware components that do not support I/O map nor scatter-gather.
|
|
|
|
You can disable CMA by specifying "cma=0" on the kernel's command
|
|
line.
|
|
|
|
For more information see <include/linux/dma-contiguous.h>.
|
|
If unsure, say "n".
|
|
|
|
if DMA_CMA
|
|
comment "Default contiguous memory area size:"
|
|
|
|
config CMA_SIZE_MBYTES
|
|
int "Size in Mega Bytes"
|
|
depends on !CMA_SIZE_SEL_PERCENTAGE
|
|
default 0 if X86
|
|
default 16
|
|
help
|
|
Defines the size (in MiB) of the default memory area for Contiguous
|
|
Memory Allocator. If the size of 0 is selected, CMA is disabled by
|
|
default, but it can be enabled by passing cma=size[MG] to the kernel.
|
|
|
|
|
|
config CMA_SIZE_PERCENTAGE
|
|
int "Percentage of total memory"
|
|
depends on !CMA_SIZE_SEL_MBYTES
|
|
default 0 if X86
|
|
default 10
|
|
help
|
|
Defines the size of the default memory area for Contiguous Memory
|
|
Allocator as a percentage of the total memory in the system.
|
|
If 0 percent is selected, CMA is disabled by default, but it can be
|
|
enabled by passing cma=size[MG] to the kernel.
|
|
|
|
choice
|
|
prompt "Selected region size"
|
|
default CMA_SIZE_SEL_MBYTES
|
|
|
|
config CMA_SIZE_SEL_MBYTES
|
|
bool "Use mega bytes value only"
|
|
|
|
config CMA_SIZE_SEL_PERCENTAGE
|
|
bool "Use percentage value only"
|
|
|
|
config CMA_SIZE_SEL_MIN
|
|
bool "Use lower value (minimum)"
|
|
|
|
config CMA_SIZE_SEL_MAX
|
|
bool "Use higher value (maximum)"
|
|
|
|
endchoice
|
|
|
|
config CMA_ALIGNMENT
|
|
int "Maximum PAGE_SIZE order of alignment for contiguous buffers"
|
|
range 4 12
|
|
default 8
|
|
help
|
|
DMA mapping framework by default aligns all buffers to the smallest
|
|
PAGE_SIZE order which is greater than or equal to the requested buffer
|
|
size. This works well for buffers up to a few hundreds kilobytes, but
|
|
for larger buffers it just a memory waste. With this parameter you can
|
|
specify the maximum PAGE_SIZE order for contiguous buffers. Larger
|
|
buffers will be aligned only to this specified order. The order is
|
|
expressed as a power of two multiplied by the PAGE_SIZE.
|
|
|
|
For example, if your system defaults to 4KiB pages, the order value
|
|
of 8 means that the buffers will be aligned up to 1MiB only.
|
|
|
|
If unsure, leave the default value "8".
|
|
|
|
endif
|
|
|
|
config GENERIC_ARCH_TOPOLOGY
|
|
bool
|
|
help
|
|
Enable support for architectures common topology code: e.g., parsing
|
|
CPU capacity information from DT, usage of such information for
|
|
appropriate scaling, sysfs interface for changing capacity values at
|
|
runtime.
|
|
|
|
endmenu
|