From 83b86449a152433dbb623a7b275b6cc5a4becdf6 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Wed, 24 Aug 2022 16:25:19 +0800 Subject: linux kernel: enable CONFIG_X86_X2APIC It's recommended for CVE-2022-21233 mitigation. And, if the BIOS has enabled x2APIC but CONFIG_X86_X2APIC=n, the kernel will panic on boot. If x2APIC is disabled or not available, the kernel with CONFIG_X86_X2APIC=y can still boot normally. No need to tag anything again because interrupt handling cannot affect userspace. --- chapter10/kernel.xml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'chapter10/kernel.xml') diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 1bf8b112e..32c9682b8 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -149,6 +149,21 @@ File systems ---> [*] Inotify support for userspace [CONFIG_INOTIFY_USER] Pseudo filesystems ---> [*] Tmpfs POSIX Access Control Lists [CONFIG_TMPFS_POSIX_ACL] + + Enable some additional features if you are building a 64-bit + system. If you are using menuconfig, enable them in the order of + CONFIG_PCI_MSI first, then + CONFIG_IRQ_REMAP, at last + CONFIG_X86_X2APIC because an option only + shows up after its dependencies are selected. + + Processor type and features ---> + [*] Support x2apic [CONFIG_X86_X2APIC] +Device Drivers ---> + [*] PCI Support ---> [CONFIG_PCI] + [*] Message Signaled Interrupts (MSI and MSI-X) [CONFIG_PCI_MSI] + [*] IOMMU Hardware Support ---> [CONFIG_IOMMU_SUPPORT] + [*] Support for Interrupt Remapping [CONFIG_IRQ_REMAP] @@ -225,6 +240,16 @@ File systems ---> + + Support x2apic + + Avoid a kernel panic booting on a system with x2APIC enabled + by the BIOS. This option does no harm if x2APIC is not enabled + or not available, but it's recommended to enable x2APIC in the + BIOS setting for a modern 64-bit x86 system. + + + Alternatively, make oldconfig may be more -- cgit v1.2.3-54-g00ecf