Lines Matching +full:flow +full:- +full:controlled
1 # SPDX-License-Identifier: GPL-2.0
22 # IOMMUs not handled by dma-iommu. Drivers must never select this symbol.
29 menu "General architecture-dependent options"
34 Select if the architecture can check permissions at sub-page
80 for kernel debugging, non-intrusive instrumentation and testing.
89 makes certain almost-always-true or almost-always-false branch
92 Certain performance-sensitive kernel code, such as trace points,
106 ( On 32-bit x86, the necessary options added to the compiler
113 Boot time self-test of the branch patching code.
119 Boot time self-test of the call patching code.
139 Uprobes is the user-space counterpart to kprobes: they
141 to establish unintrusive probes in user-space binaries and
143 are hit by user-space applications.
145 ( These probes come in the form of single-byte breakpoints,
162 See Documentation/core-api/unaligned-memory-access.rst for
181 See Documentation/core-api/unaligned-memory-access.rst for more
188 for handling byte-swapping. Using these, instead of the old
193 with a nearby load or store and use load-and-swap or
194 store-and-swap instructions if the architecture has them. It
196 hand-coded assembler in <asm/swab.h>. But just in case it
199 Any architecture with load-and-swap or store-and-swap
217 Provide a kernel-internal notification when a cpu is about to
262 # arch_has_single_step() if there is hardware single-step support
263 # arch_has_block_step() if there is hardware block-step support
264 # asm/syscall.h supplying asm-generic/syscall.h interface
313 # to undo an in-place page table remap for uncached access.
321 # The architecture has a per-task state that includes the mm's PASID
351 All new 32-bit architectures should have 64-bit off_t type on
354 still support 32-bit off_t. This option is enabled for all such
365 <asm/asm-prototypes.h> to support the module versioning for symbols
374 For example the kprobes-based event tracer needs this API.
425 The arch chooses to use the generic perf-NMI-based hardlockup
441 bit-mapping of each registers and a unique architecture id.
490 # multi-threaded application), by reducing contention on the mm refcount.
499 # the lazy tlb reference of a kthread's ->active_mm (non-arch code has been
513 # - At the time of the final mmdrop of the mm, ensure mm_cpumask(mm) contains
515 # - It must meet the requirements for MMU_LAZY_TLB_REFCOUNT=n (see above).
526 arch-specific ELF note section to core files. It must provide two
566 and compat syscalls if the asm-generic/seccomp.h defaults need adjustment:
567 - __NR_seccomp_read_32
568 - __NR_seccomp_write_32
569 - __NR_seccomp_exit_32
570 - __NR_seccomp_sigreturn_32
577 - all the requirements for HAVE_ARCH_SECCOMP
578 - syscall_get_arch()
579 - syscall_get_arguments()
580 - syscall_rollback()
581 - syscall_set_return_value()
582 - SIGSYS siginfo_t support
583 - secure_computing is called from a ptrace_event()-safe context
584 - secure_computing return value is checked and a return value of -1
586 - seccomp syscall wired up
587 - if !HAVE_SPARSE_SYSCALL_NR, have SECCOMP_ARCH_NATIVE,
614 task-defined system call filtering polices.
616 See Documentation/userspace-api/seccomp_filter.rst for details.
643 - it has implemented a stack canary (e.g. __stack_chk_guard)
648 depends on $(cc-option,-fstack-protector)
651 This option turns on the "stack-protector" GCC feature. This
659 Functions will have the stack-protector canary logic added if they
660 have an 8-byte or larger character array on the stack.
663 gcc with the feature backported ("-fstack-protector").
672 depends on $(cc-option,-fstack-protector-strong)
675 Functions will have the stack-protector canary logic added in any
678 - local variable's address used as part of the right hand side of an
680 - local variable is an array (or union containing an array),
682 - uses register local variables
685 gcc with the feature backported ("-fstack-protector-strong").
709 - Clang: https://clang.llvm.org/docs/ShadowCallStack.html
710 - GCC: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options
716 and hijack control flow by modifying the stacks.
740 - compiling with Clang,
741 - compiling inline assembly with Clang's integrated assembler,
742 - and linking with LLD.
753 depends on $(success,$(NM) --help | head -n 1 | grep -qi llvm)
754 depends on $(success,$(AR) --help | head -n 1 | grep -qi llvm)
772 If unsure, select LTO_NONE. Note that LTO is very resource-intensive
818 Control-Flow Integrity (CFI) checking.
824 bool "Use Clang's Control Flow Integrity (CFI)"
826 depends on $(cc-option,-fsanitize=kcfi)
828 This option enables Clang's forward-edge Control Flow Integrity
856 depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
857 # With GCOV/KASAN we need this fix: https://github.com/llvm/llvm-project/pull/104826
864 # With GCOV/KASAN we need this fix: https://github.com/rust-lang/rust/pull/129373
872 When selected, Control Flow Integrity (CFI) violations result in a
892 Syscalls need to be wrapped inside user_exit()-user_enter(), either
908 - Critical entry code isn't preemptible (or better yet:
910 - No use of RCU read side critical sections, unless ct_nmi_enter()
912 - No use of instrumentation, unless instrumentation_begin() got
937 With VIRT_CPU_ACCOUNTING_GEN, cputime_t becomes 64-bit.
940 cputime_t. For example, reading/writing 64-bit cputime_t on
941 some 32-bit arches may require multiple accesses, so proper
972 # Archs that select this would be capable of PMD-sized vmaps (i.e.,
998 just need a simple module loader without arch specific data - those
1062 - arch_mmap_rnd()
1063 - arch_randomize_brk()
1071 - ARCH_MMAP_RND_BITS_MIN
1072 - ARCH_MMAP_RND_BITS_MAX
1110 - ARCH_MMAP_RND_COMPAT_BITS_MIN
1111 - ARCH_MMAP_RND_COMPAT_BITS_MAX
1141 This allows 64bit applications to invoke 32-bit mmap() syscall
1142 and vice-versa 32-bit applications to call 64-bit mmap().
1192 per-page operations in the kernel at the expense of a larger
1212 This is not suitable for general-purpose workloads but the
1215 large in-memory data rather than small files.
1223 that have been compiled with '-zmax-page-size' set to 256KiB
1247 # address by giving priority to top-down scheme only if the process
1251 # - STACK_RND_MASK
1276 Architecture supports objtool compile-time frame pointer rule
1291 file which provides platform-specific implementations of some
1328 Architecture has old sigsuspend(2) syscall, of one-argument variety
1333 Even weirder antique ABI - three-argument sigsuspend(2)
1339 as OLD_SIGSUSPEND | OLD_SIGSUSPEND3 - alpha has sigsuspend(2),
1347 bool "Provide system calls for 32-bit time_t"
1351 This is relevant on all 32-bit architectures, and 64-bit architectures
1369 - vmalloc space must be large enough to hold many kernel stacks.
1370 This may rule out many 32-bit architectures.
1372 - Stacks in vmalloc space need to work reliably. For example, if
1379 - If the stack overflows into a guard page, something reasonable
1385 bool "Use a virtually-mapped stack"
1389 Enable this if you want the use virtually-mapped kernel stacks
1391 caught immediately rather than causing difficult-to-diagnose
1404 syscall exit. Careful removal of -fstack-protector-strong and
1405 -fstack-protector should also be applied to the entry code and
1419 cross-syscall address exposures.
1421 The feature is controlled via the "randomize_kstack_offset=on/off"
1431 Kernel stack offset randomization is controlled by kernel boot param
1445 bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX
1449 If this is set, kernel text and rodata memory will be made read-only,
1450 and non-text memory will be made non-executable. This provides
1465 If this is set, module text and rodata memory will be made read-only,
1466 and non-text memory will be made non-executable. This provides
1469 # select if the architecture provides an asm/dma-direct.h header
1478 linux/compiler-*.h in order to override macro definitions that those
1484 May be selected by an architecture if it supports place-relative
1485 32-bit relocations, both in the toolchain and in the module loader,
1498 Enable light-weight counting of various locking related events
1514 well as compatible NM and OBJCOPY utilities (llvm-nm and llvm-objcopy
1572 static key. This should have slightly lower overhead than non-inline
1584 included, size-asserted, or discarded in the linker scripts. This is
1601 If a 32-bit architecture requires 64-bit arguments to be split into
1602 pairs of 32-bit arguments, select this option.
1632 accessed bit in non-leaf PMD entries when using them as part of linear
1639 Architectures that select this option can run floating-point code in
1640 the kernel, as described in Documentation/core-api/floating-point.rst.
1644 source "scripts/gcc-plugins/Kconfig"
1671 # Detect availability of the GCC option -fmin-function-alignment which
1673 # -falign-functions which the compiler ignores for cold functions.
1674 def_bool $(cc-option, -fmin-function-alignment=8)
1677 # Set if the guaranteed alignment with -fmin-function-alignment is
1679 # strict alignment always, even with -falign-functions.