aboutsummaryrefslogtreecommitdiff
path: root/arch/x86_64/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'arch/x86_64/Kconfig')
-rw-r--r--arch/x86_64/Kconfig40
1 files changed, 35 insertions, 5 deletions
diff --git a/arch/x86_64/Kconfig b/arch/x86_64/Kconfig
index 581ce9af0ec..efe249e7d6b 100644
--- a/arch/x86_64/Kconfig
+++ b/arch/x86_64/Kconfig
@@ -109,6 +109,7 @@ config X86_PC
config X86_VSMP
bool "Support for ScaleMP vSMP"
+ depends on PCI
help
Support for ScaleMP vSMP systems. Say 'Y' here if this kernel is
supposed to run on these EM64T-based machines. Only choose this option
@@ -295,7 +296,7 @@ config NUMA
config K8_NUMA
bool "Old style AMD Opteron NUMA detection"
- depends on NUMA
+ depends on NUMA && PCI
default y
help
Enable K8 NUMA node topology detection. You should say Y here if
@@ -425,7 +426,6 @@ config IOMMU
config CALGARY_IOMMU
bool "IBM Calgary IOMMU support"
- default y
select SWIOTLB
depends on PCI && EXPERIMENTAL
help
@@ -472,8 +472,7 @@ config X86_MCE_AMD
the DRAM Error Threshold.
config KEXEC
- bool "kexec system call (EXPERIMENTAL)"
- depends on EXPERIMENTAL
+ bool "kexec system call"
help
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
@@ -492,7 +491,14 @@ config CRASH_DUMP
bool "kernel crash dumps (EXPERIMENTAL)"
depends on EXPERIMENTAL
help
- Generate crash dump after being started by kexec.
+ Generate crash dump after being started by kexec.
+ This should be normally only set in special crash dump kernels
+ which are loaded in the main kernel with kexec-tools into
+ a specially reserved region and then later executed after
+ a crash by kdump/kexec. The crash dump kernel must be compiled
+ to a memory address not used by the main kernel or BIOS using
+ PHYSICAL_START.
+ For more details see Documentation/kdump/kdump.txt
config PHYSICAL_START
hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
@@ -530,6 +536,30 @@ config SECCOMP
If unsure, say Y. Only embedded should say N here.
+config CC_STACKPROTECTOR
+ bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
+ depends on EXPERIMENTAL
+ help
+ This option turns on the -fstack-protector GCC feature. This
+ feature puts, at the beginning of critical functions, a canary
+ value on the stack just before the return address, and validates
+ the value just before actually returning. Stack based buffer
+ overflows (that need to overwrite this return address) now also
+ overwrite the canary, which gets detected and the attack is then
+ neutralized via a kernel panic.
+
+ This feature requires gcc version 4.2 or above, or a distribution
+ gcc with the feature backported. Older versions are automatically
+ detected and for those versions, this configuration option is ignored.
+
+config CC_STACKPROTECTOR_ALL
+ bool "Use stack-protector for all functions"
+ depends on CC_STACKPROTECTOR
+ help
+ Normally, GCC only inserts the canary value protection for
+ functions that use large-ish on-stack buffers. By enabling
+ this option, GCC will be asked to do this for ALL functions.
+
source kernel/Kconfig.hz
config REORDER