diff options
| author | Xi Ruoyao <xry111@xry111.site> | 2022-08-24 16:25:19 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@xry111.site> | 2022-08-24 16:42:48 +0800 |
| commit | 83b86449a152433dbb623a7b275b6cc5a4becdf6 (patch) | |
| tree | 5daedf813b2923d1d12569a269968c9ecf5f5391 | |
| parent | 20007e51c22ad737e2e1d57bce351b2d31802a0e (diff) | |
linux kernel: enable CONFIG_X86_X2APIC
It's recommended for CVE-2022-21233 mitigation. And, if the BIOS has
enabled x2APIC but CONFIG_X86_X2APIC=n, the kernel will panic on boot.
If x2APIC is disabled or not available, the kernel with
CONFIG_X86_X2APIC=y can still boot normally.
No need to tag anything again because interrupt handling cannot affect
userspace.
| -rw-r--r-- | chapter10/kernel.xml | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 1bf8b112e..32c9682b8 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -149,6 +149,21 @@ File systems ---> [*] Inotify support for userspace [CONFIG_INOTIFY_USER] Pseudo filesystems ---> [*] Tmpfs POSIX Access Control Lists [CONFIG_TMPFS_POSIX_ACL]</screen> + + <para>Enable some additional features if you are building a 64-bit + system. If you are using menuconfig, enable them in the order of + <parameter>CONFIG_PCI_MSI</parameter> first, then + <parameter>CONFIG_IRQ_REMAP</parameter>, at last + <parameter>CONFIG_X86_X2APIC</parameter> because an option only + shows up after its dependencies are selected.</para> + + <screen role="nodump">Processor type and features ---> + [*] Support x2apic [CONFIG_X86_X2APIC] +Device Drivers ---> + [*] PCI Support ---> [CONFIG_PCI] + [*] Message Signaled Interrupts (MSI and MSI-X) [CONFIG_PCI_MSI] + [*] IOMMU Hardware Support ---> [CONFIG_IOMMU_SUPPORT] + [*] Support for Interrupt Remapping [CONFIG_IRQ_REMAP]</screen> </note> <note revision="systemd"> @@ -225,6 +240,16 @@ File systems ---> </listitem> </varlistentry> + <varlistentry> + <term><parameter>Support x2apic</parameter></term> + <listitem> + <para>Avoid a kernel panic booting on a system with x2APIC enabled + by the BIOS. This option does no harm if x2APIC is not enabled + or not available, but it's recommended to enable x2APIC in the + BIOS setting for a modern 64-bit x86 system.</para> + </listitem> + </varlistentry> + </variablelist> <para>Alternatively, <command>make oldconfig</command> may be more |