mirror of
https://github.com/zephyrproject-rtos/zephyr.git
synced 2024-12-04 10:18:24 +08:00
e34f1cee06
Implement a set of per-cpu trampoline stacks which all interrupts and exceptions will initially land on, and also as an intermediate stack for privilege changes as we need some stack space to swap page tables. Set up the special trampoline page which contains all the trampoline stacks, TSS, and GDT. This page needs to be present in the user page tables or interrupts don't work. CPU exceptions, with KPTI turned on, are treated as interrupts and not traps so that we have IRQs locked on exception entry. Add some additional macros for defining IDT entries. Add special handling of locore text/rodata sections when creating user mode page tables on x86-64. Restore qemu_x86_64 to use KPTI, and remove restrictions on enabling user mode on x86-64. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
283 lines
8.0 KiB
Plaintext
283 lines
8.0 KiB
Plaintext
# x86 general configuration options
|
|
|
|
# Copyright (c) 2014-2015 Wind River Systems, Inc.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
menu "X86 Architecture Options"
|
|
depends on X86
|
|
|
|
config ARCH
|
|
default "x86"
|
|
|
|
#
|
|
# CPU Families - the SoC configuration should select the right one.
|
|
#
|
|
|
|
config CPU_ATOM
|
|
bool
|
|
select CPU_HAS_FPU
|
|
select ARCH_HAS_STACK_PROTECTION if X86_MMU
|
|
select ARCH_HAS_USERSPACE if X86_MMU
|
|
help
|
|
This option signifies the use of a CPU from the Atom family.
|
|
|
|
config CPU_MINUTEIA
|
|
bool
|
|
select ARCH_HAS_STACK_PROTECTION if X86_MMU
|
|
select ARCH_HAS_USERSPACE if X86_MMU
|
|
help
|
|
This option signifies the use of a CPU from the Minute IA family.
|
|
|
|
config CPU_APOLLO_LAKE
|
|
bool
|
|
select CPU_HAS_FPU
|
|
select ARCH_HAS_STACK_PROTECTION if X86_MMU
|
|
select ARCH_HAS_USERSPACE if X86_MMU
|
|
help
|
|
This option signifies the use of a CPU from the Apollo Lake family.
|
|
|
|
#
|
|
# Configuration common to both IA32 and Intel64 sub-architectures.
|
|
#
|
|
|
|
config X86_64
|
|
bool "Run in 64-bit mode"
|
|
select 64BIT
|
|
select USE_SWITCH
|
|
select USE_SWITCH_SUPPORTED
|
|
select SCHED_IPI_SUPPORTED
|
|
|
|
config MAX_IRQ_LINES
|
|
int "Number of IRQ lines"
|
|
default 128
|
|
range 0 224
|
|
help
|
|
This option specifies the number of IRQ lines in the system. It
|
|
determines the size of the _irq_to_interrupt_vector_table, which
|
|
is used to track the association between vectors and IRQ numbers.
|
|
|
|
config IRQ_OFFLOAD_VECTOR
|
|
int "IDT vector to use for IRQ offload"
|
|
default 33
|
|
range 32 255
|
|
depends on IRQ_OFFLOAD
|
|
|
|
config XIP
|
|
default n
|
|
|
|
config PIC_DISABLE
|
|
bool "Disable PIC"
|
|
help
|
|
This option disables all interrupts on the legacy i8259 PICs at boot.
|
|
|
|
choice
|
|
prompt "Reboot implementation"
|
|
depends on REBOOT
|
|
default REBOOT_RST_CNT
|
|
|
|
config REBOOT_RST_CNT
|
|
bool "Reboot via RST_CNT register"
|
|
help
|
|
Reboot via the RST_CNT register, going back to BIOS.
|
|
endchoice
|
|
|
|
config ACPI
|
|
bool "ACPI (Advanced Configuration and Power Interface) support"
|
|
help
|
|
Allow retrieval of platform configuration at runtime.
|
|
|
|
config X86_MEMMAP_ENTRIES
|
|
int "Number of memory map entries"
|
|
range 1 256
|
|
default 1 if !MULTIBOOT_MEMMAP
|
|
default 64 if MULTIBOOT_MEMMAP
|
|
help
|
|
Maximum number of memory regions to hold in the memory map.
|
|
|
|
config MULTIBOOT
|
|
bool "Generate multiboot header"
|
|
default y
|
|
help
|
|
Embed a multiboot header in the output executable. This is used
|
|
by some boot loaders (e.g., GRUB) when loading Zephyr. It is safe
|
|
to leave this option on if you're not sure. It only expands the
|
|
text segment by 12-16 bytes and is typically ignored if not needed.
|
|
|
|
if MULTIBOOT
|
|
|
|
config MULTIBOOT_INFO
|
|
bool "Preserve multiboot information structure"
|
|
help
|
|
Multiboot passes a pointer to an information structure to the
|
|
kernel entry point. Some drivers (e.g., the multiboot framebuffer
|
|
display driver) need to refer to information in this structure,
|
|
and so set this option to preserve the data in a permanent location.
|
|
|
|
config MULTIBOOT_MEMMAP
|
|
bool "Use multiboot memory map if provided"
|
|
select MULTIBOOT_INFO
|
|
help
|
|
Use the multiboot memory map if the loader provides one.
|
|
|
|
config MULTIBOOT_FRAMEBUF
|
|
bool "Multiboot framebuffer support"
|
|
select DISPLAY
|
|
select FRAMEBUF_DISPLAY
|
|
select MULTIBOOT_INFO
|
|
|
|
if MULTIBOOT_FRAMEBUF
|
|
|
|
config MULTIBOOT_FRAMEBUF_X
|
|
int "Multiboot framebuffer X pixels"
|
|
default 640
|
|
|
|
config MULTIBOOT_FRAMEBUF_Y
|
|
int "Multiboot framebuffer Y pixels"
|
|
default 480
|
|
|
|
endif # MULTIBOOT_FRAMEBUF
|
|
|
|
endif # MULTIBOOT
|
|
|
|
config EXCEPTION_DEBUG
|
|
bool "Unhandled exception debugging"
|
|
default y
|
|
depends on LOG
|
|
help
|
|
Install handlers for various CPU exception/trap vectors to
|
|
make debugging them easier, at a small expense in code size.
|
|
This prints out the specific exception vector and any associated
|
|
error codes.
|
|
|
|
config X86_VERY_EARLY_CONSOLE
|
|
bool "Support very early boot printk"
|
|
depends on PRINTK
|
|
help
|
|
Non-emulated X86 devices often require special hardware to attach
|
|
a debugger, which may not be easily available. This option adds a
|
|
very minimal serial driver which gets initialized at the very
|
|
beginning of z_cstart(), via arch_kernel_init(). This driver enables
|
|
printk to emit messages to the 16550 UART port 0 instance in device
|
|
tree. This mini-driver assumes I/O to the UART is done via ports.
|
|
|
|
config X86_MMU
|
|
bool "Enable Memory Management Unit"
|
|
select MEMORY_PROTECTION
|
|
help
|
|
This options enables the memory management unit present in x86
|
|
and creates a set of page tables at boot time that is runtime-
|
|
mutable.
|
|
|
|
config X86_MMU_PAGE_POOL_PAGES
|
|
int "Number of pages to reserve for building page tables"
|
|
default 16
|
|
depends on X86_MMU
|
|
help
|
|
Building page tables at boot requires a pool of free memory pages
|
|
to construct it. This can't be derived at build time, tune this
|
|
to your SoC's specific memory map.
|
|
|
|
config X86_NO_MELTDOWN
|
|
bool
|
|
help
|
|
This hidden option should be set on a per-SOC basis to indicate that
|
|
a particular SOC is not vulnerable to the Meltdown CPU vulnerability,
|
|
as described in CVE-2017-5754.
|
|
|
|
config X86_NO_SPECTRE_V1
|
|
bool
|
|
help
|
|
This hidden option should be set on a per-SOC basis to indicate that
|
|
a particular SOC is not vulnerable to the Spectre V1, V1.1, V1.2, and
|
|
swapgs CPU vulnerabilities as described in CVE-2017-5753,
|
|
CVE-2018-3693, and CVE-2019-1125.
|
|
|
|
config X86_NO_SPECTRE_V2
|
|
bool
|
|
help
|
|
This hidden option should be set on a per-SOC basis to indicate that
|
|
a particular SOC is not vulnerable to the Spectre V2 CPU
|
|
vulnerability, as described in CVE-2017-5715.
|
|
|
|
config X86_NO_SPECTRE_V4
|
|
bool
|
|
help
|
|
This hidden option should be set on a per-SOC basis to indicate that
|
|
a particular SOC is not vulnerable to the Spectre V4 CPU
|
|
vulnerability, as described in CVE-2018-3639.
|
|
|
|
config X86_NO_LAZY_FP
|
|
bool
|
|
help
|
|
This hidden option should be set on a per-SOC basis to indicate
|
|
that a particular SOC is not vulnerable to the Lazy FP CPU
|
|
vulnerability, as described in CVE-2018-3665.
|
|
|
|
config X86_NO_SPECULATIVE_VULNERABILITIES
|
|
bool
|
|
select X86_NO_MELTDOWN
|
|
select X86_NO_SPECTRE_V1
|
|
select X86_NO_SPECTRE_V2
|
|
select X86_NO_SPECTRE_V4
|
|
select X86_NO_LAZY_FP
|
|
help
|
|
This hidden option should be set on a per-SOC basis to indicate that
|
|
a particular SOC does not perform any kind of speculative execution,
|
|
or is a newer chip which is immune to the class of vulnerabilities
|
|
which exploit speculative execution side channel attacks.
|
|
|
|
config DISABLE_SSBD
|
|
bool "Disable Speculative Store Bypass"
|
|
depends on USERSPACE
|
|
default y if !X86_NO_SPECTRE_V4
|
|
help
|
|
This option will disable Speculative Store Bypass in order to
|
|
mitigate against certain kinds of side channel attacks. Quoting
|
|
the "Speculative Execution Side Channels" document, version 2.0:
|
|
|
|
When SSBD is set, loads will not execute speculatively
|
|
until the addresses of all older stores are known. This
|
|
ensure s that a load does not speculatively consume stale
|
|
data values due to bypassing an older store on the same
|
|
logical processor.
|
|
|
|
If enabled, this applies to all threads in the system.
|
|
|
|
Even if enabled, will have no effect on CPUs that do not
|
|
require this feature.
|
|
|
|
config ENABLE_EXTENDED_IBRS
|
|
bool "Enable Extended IBRS"
|
|
depends on USERSPACE
|
|
default y if !X86_NO_SPECTRE_V2
|
|
help
|
|
This option will enable the Extended Indirect Branch Restricted
|
|
Speculation 'always on' feature. This mitigates Indirect Branch
|
|
Control vulnerabilities (aka Spectre V2).
|
|
|
|
config X86_BOUNDS_CHECK_BYPASS_MITIGATION
|
|
bool
|
|
depends on USERSPACE
|
|
default y if !X86_NO_SPECTRE_V1
|
|
select BOUNDS_CHECK_BYPASS_MITIGATION
|
|
help
|
|
Hidden config to select arch-independent option to enable
|
|
Spectre V1 mitigations by default if the CPU is not known
|
|
to be immune to it.
|
|
|
|
config X86_KPTI
|
|
bool "Enable kernel page table isolation"
|
|
default y
|
|
depends on USERSPACE
|
|
depends on !X86_NO_MELTDOWN
|
|
help
|
|
Implements kernel page table isolation to mitigate Meltdown exploits
|
|
to read Kernel RAM. Incurs a significant performance cost for
|
|
user thread interrupts and system calls, and significant footprint
|
|
increase for additional page tables and trampoline stacks.
|
|
|
|
source "arch/x86/core/Kconfig.ia32"
|
|
source "arch/x86/core/Kconfig.intel64"
|
|
|
|
endmenu
|