| # IA32-specific X86 subarchitecture options |
| |
| # Copyright (c) 2019 Intel Corp. |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| if !X86_64 |
| |
| config NESTED_INTERRUPTS |
| bool "Nested interrupts" |
| default y |
| help |
| This option enables support for nested interrupts. |
| |
| menu "Memory Layout Options" |
| |
| config IDT_NUM_VECTORS |
| int "Number of IDT vectors" |
| default 256 |
| range 32 256 |
| help |
| This option specifies the number of interrupt vector entries in the |
| Interrupt Descriptor Table (IDT). By default all 256 vectors are |
| supported in an IDT requiring 2048 bytes of memory. |
| |
| config SET_GDT |
| bool "Setup GDT as part of boot process" |
| default y |
| help |
| This option sets up the GDT as part of the boot process. However, |
| this may conflict with some security scenarios where the GDT is |
| already appropriately set by an earlier bootloader stage, in which |
| case this should be disabled. If disabled, the global _gdt pointer |
| will not be available. |
| |
| config GDT_DYNAMIC |
| bool "Store GDT in RAM so that it can be modified" |
| depends on SET_GDT |
| help |
| This option stores the GDT in RAM instead of ROM, so that it may |
| be modified at runtime at the expense of some memory. |
| |
| endmenu |
| |
| menu "Processor Capabilities" |
| |
| config X86_ENABLE_TSS |
| bool |
| help |
| This hidden option enables defining a Task State Segment (TSS) for |
| kernel execution. This is needed to handle double-faults or |
| do privilege elevation. It also defines a special TSS and handler |
| for correctly handling double-fault exceptions, instead of just |
| letting the system triple-fault and reset. |
| |
| config X86_STACK_PROTECTION |
| bool |
| default y if HW_STACK_PROTECTION |
| select THREAD_STACK_INFO |
| select SET_GDT |
| select GDT_DYNAMIC |
| select X86_ENABLE_TSS |
| help |
| This option leverages the MMU to cause a system fatal error if the |
| bounds of the current process stack are overflowed. This is done |
| by preceding all stack areas with a 4K guard page. |
| |
| config X86_USERSPACE |
| bool |
| default y if USERSPACE |
| select THREAD_STACK_INFO |
| select SET_GDT |
| select GDT_DYNAMIC |
| select X86_ENABLE_TSS |
| help |
| This option enables APIs to drop a thread's privileges down to ring 3, |
| supporting user-level threads that are protected from each other and |
| from crashing the kernel. |
| |
| config X86_PAE |
| bool "Use PAE page tables" |
| default y |
| depends on X86_MMU |
| help |
| If enabled, use PAE-style page tables instead of 32-bit page tables. |
| The advantage is support for the Execute Disable bit, at a cost of |
| more memory for paging structures. |
| |
| menu "Architecture Floating Point Options" |
| |
| if CPU_HAS_FPU |
| |
| config SSE |
| bool "SSE registers" |
| depends on FPU |
| select X86_SSE |
| help |
| This option is deprecated. Please use CONFIG_X86_SSE instead. |
| |
| config SSE_FP_MATH |
| bool "Compiler-generated SSEx instructions" |
| depends on X86_SSE |
| select X86_SSE_FP_MATH |
| help |
| This option is deprecated. Please use CONFIG_X86_SSE_FP_MATH instead. |
| |
| config EAGER_FPU_SHARING |
| bool |
| depends on FPU |
| depends on USERSPACE |
| default y if !X86_NO_LAZY_FP |
| help |
| This hidden option unconditionally saves/restores the FPU/SIMD |
| register state on every context switch. |
| |
| Mitigates CVE-2018-3665, but incurs a performance hit. |
| |
| For vulnerable systems that process sensitive information in the |
| FPU register set, should be used any time CONFIG_FPU is |
| enabled, regardless if the FPU is used by one thread or multiple. |
| |
| config LAZY_FPU_SHARING |
| bool |
| depends on FPU |
| depends on !EAGER_FPU_SHARING |
| depends on FPU_SHARING |
| default y if X86_NO_LAZY_FP || !USERSPACE |
| help |
| This hidden option allows multiple threads to use the floating point |
| registers, using logic to lazily save/restore the floating point |
| register state on context switch. |
| |
| On Intel Core processors, may be vulnerable to exploits which allows |
| malware to read the contents of all floating point registers, see |
| CVE-2018-3665. |
| |
| endif # CPU_HAS_FPU |
| |
| config X86_FP_USE_SOFT_FLOAT |
| bool |
| prompt "Use Software Floating Point Operations" if !(NEWLIB_LIBC && !FPU) |
| default y if NEWLIB_LIBC && !FPU |
| help |
| Enable using software floating point operations. |
| |
| endmenu |
| |
| config X86_DYNAMIC_IRQ_STUBS |
| int "Number of dynamic interrupt stubs" |
| depends on DYNAMIC_INTERRUPTS |
| default 4 |
| help |
| Installing interrupt handlers with irq_connect_dynamic() requires |
| some stub code to be generated at build time, one stub per dynamic |
| interrupt. |
| |
| endmenu |
| |
| config X86_EXCEPTION_STACK_TRACE |
| bool |
| default y |
| depends on EXCEPTION_STACK_TRACE |
| help |
| Internal config to enable runtime stack traces on fatal exceptions. |
| |
| config X86_USE_THREAD_LOCAL_STORAGE |
| bool |
| default y if THREAD_LOCAL_STORAGE |
| select SET_GDT |
| select GDT_DYNAMIC |
| help |
| Internal config to enable thread local storage. |
| |
| config X86_MFENCE_INSTRUCTION_SUPPORTED |
| bool "X86 MFENCE instruction supported" |
| default y |
| depends on CACHE_MANAGEMENT |
| help |
| Set n to disable the use of MFENCE instruction in arch_dcache_flush() |
| for X86 CPUs have CLFLUSH instruction but no MFENCE |
| |
| endif # !X86_64 |