| # IA32-specific X86 subarchitecture options |
| |
| # Copyright (c) 2019 Intel Corp. |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| if !X86_64 |
| |
| config NESTED_INTERRUPTS |
| bool "Enable nested interrupts" |
| default y |
| help |
| This option enables support for nested interrupts. |
| |
| menu "Memory Layout Options" |
| |
| config IDT_NUM_VECTORS |
| int "Number of IDT vectors" |
| default 256 |
| range 32 256 |
| help |
| This option specifies the number of interrupt vector entries in the |
| Interrupt Descriptor Table (IDT). By default all 256 vectors are |
| supported in an IDT requiring 2048 bytes of memory. |
| |
| config SET_GDT |
| bool "Setup GDT as part of boot process" |
| default y |
| help |
| This option sets up the GDT as part of the boot process. However, |
| this may conflict with some security scenarios where the GDT is |
| already appropriately set by an earlier bootloader stage, in which |
| case this should be disabled. If disabled, the global _gdt pointer |
| will not be available. |
| |
| config GDT_DYNAMIC |
| bool "Store GDT in RAM so that it can be modified" |
| depends on SET_GDT |
| help |
| This option stores the GDT in RAM instead of ROM, so that it may |
| be modified at runtime at the expense of some memory. |
| |
| endmenu |
| |
| menu "Processor Capabilities" |
| |
| config X86_ENABLE_TSS |
| bool |
| help |
| This hidden option enables defining a Task State Segment (TSS) for |
| kernel execution. This is needed to handle double-faults or |
| do privilege elevation. It also defines a special TSS and handler |
| for correctly handling double-fault exceptions, instead of just |
| letting the system triple-fault and reset. |
| |
| config X86_STACK_PROTECTION |
| bool |
| default y if HW_STACK_PROTECTION |
| select SET_GDT |
| select GDT_DYNAMIC |
| select X86_ENABLE_TSS |
| help |
| This option leverages the MMU to cause a system fatal error if the |
| bounds of the current process stack are overflowed. This is done |
| by preceding all stack areas with a 4K guard page. |
| |
| config X86_USERSPACE |
| bool |
| default y if USERSPACE |
| select THREAD_STACK_INFO |
| select SET_GDT |
| select GDT_DYNAMIC |
| select X86_ENABLE_TSS |
| help |
| This option enables APIs to drop a thread's privileges down to ring 3, |
| supporting user-level threads that are protected from each other and |
| from crashing the kernel. |
| |
| menu "Architecture Floating Point Options" |
| depends on CPU_HAS_FPU |
| |
| config SSE |
| bool "SSE registers" |
| depends on FPU |
| help |
| This option enables the use of SSE registers by threads. |
| |
| config SSE_FP_MATH |
| bool "Compiler-generated SSEx instructions" |
| depends on SSE |
| help |
| This option allows the compiler to generate SSEx instructions for |
| performing floating point math. This can greatly improve performance |
| when exactly the same operations are to be performed on multiple |
| data objects; however, it can also significantly reduce performance |
| when preemptive task switches occur because of the larger register |
| set that must be saved and restored. |
| |
| Disabling this option means that the compiler utilizes only the |
| x87 instruction set for floating point operations. |
| |
| config EAGER_FPU_SHARING |
| bool |
| depends on FPU |
| depends on USERSPACE |
| default y if !X86_NO_LAZY_FP |
| help |
| This hidden option unconditionally saves/restores the FPU/SIMD |
| register state on every context switch. |
| |
| Mitigates CVE-2018-3665, but incurs a performance hit. |
| |
| For vulnerable systems that process sensitive information in the |
| FPU register set, should be used any time CONFIG_FPU is |
| enabled, regardless if the FPU is used by one thread or multiple. |
| |
| config LAZY_FPU_SHARING |
| bool |
| depends on FPU |
| depends on !EAGER_FPU_SHARING |
| depends on FPU_SHARING |
| default y if X86_NO_LAZY_FP || !USERSPACE |
| help |
| This hidden option allows multiple threads to use the floating point |
| registers, using logic to lazily save/restore the floating point |
| register state on context switch. |
| |
| On Intel Core processors, may be vulnerable to exploits which allows |
| malware to read the contents of all floating point registers, see |
| CVE-2018-3665. |
| |
| endmenu |
| |
| config CACHE_LINE_SIZE_DETECT |
| bool "Detect cache line size at runtime" |
| default y |
| help |
| This option enables querying the CPUID register for finding the cache line |
| size at the expense of taking more memory and code and a slightly increased |
| boot time. |
| |
| If the CPU's cache line size is known in advance, disable this option and |
| manually enter the value for CACHE_LINE_SIZE. |
| |
| config CACHE_LINE_SIZE |
| int "Cache line size" if !CACHE_LINE_SIZE_DETECT |
| default 64 if CPU_ATOM |
| default 0 |
| help |
| Size in bytes of a CPU cache line. |
| |
| Detect automatically at runtime by selecting CACHE_LINE_SIZE_DETECT. |
| |
| config CLFLUSH_INSTRUCTION_SUPPORTED |
| bool "CLFLUSH instruction supported" |
| depends on !CLFLUSH_DETECT && CACHE_FLUSHING |
| help |
| An implementation of sys_cache_flush() that uses CLFLUSH is made |
| available, instead of the one using WBINVD. |
| |
| This option should only be enabled if it is known in advance that the |
| CPU supports the CLFLUSH instruction. It disables runtime detection of |
| CLFLUSH support thereby reducing both memory footprint and boot time. |
| |
| config CLFLUSH_DETECT |
| bool "Detect support of CLFLUSH instruction at runtime" |
| depends on CACHE_FLUSHING |
| help |
| This option should be enabled if it is not known in advance whether the |
| CPU supports the CLFLUSH instruction or not. |
| |
| The CPU is queried at boot time to determine which of the multiple |
| implementations of sys_cache_flush() linked into the image is the |
| correct one to use. |
| |
| If the CPU's support (or lack thereof) of CLFLUSH is known in advance, then |
| disable this option and set CLFLUSH_INSTRUCTION_SUPPORTED as appropriate. |
| |
| config ARCH_CACHE_FLUSH_DETECT |
| bool |
| default y |
| depends on CLFLUSH_DETECT |
| |
| config CACHE_FLUSHING |
| bool "Enable cache flushing mechanism" |
| help |
| This links in the sys_cache_flush() function. A mechanism for flushing the |
| cache must be selected as well. By default, that mechanism is discovered at |
| runtime. |
| |
| config X86_DYNAMIC_IRQ_STUBS |
| int "Number of dynamic interrupt stubs" |
| depends on DYNAMIC_INTERRUPTS |
| default 4 |
| help |
| Installing interrupt handlers with irq_connect_dynamic() requires |
| some stub code to be generated at build time, one stub per dynamic |
| interrupt. |
| |
| endmenu |
| |
| config X86_EXCEPTION_STACK_TRACE |
| bool |
| default y |
| depends on EXCEPTION_STACK_TRACE |
| help |
| Internal config to enable runtime stack traces on fatal exceptions. |
| |
| endif # !X86_64 |