1# SPDX-License-Identifier: GPL-2.0 2# 3# KVM configuration 4# 5 6source "virt/kvm/Kconfig" 7 8menuconfig VIRTUALIZATION 9 bool "Virtualization" 10 default y 11 help 12 Say Y here to get to see options for using your Linux host to run other 13 operating systems inside virtual machines (guests). 14 This option alone does not add any kernel code. 15 16 If you say N, all options in this submenu will be skipped and disabled. 17 18if VIRTUALIZATION 19 20config KVM_X86 21 def_tristate KVM if (KVM_INTEL != n || KVM_AMD != n) 22 select KVM_COMMON 23 select KVM_GENERIC_MMU_NOTIFIER 24 select KVM_ELIDE_TLB_FLUSH_IF_YOUNG 25 select KVM_MMU_LOCKLESS_AGING 26 select HAVE_KVM_IRQCHIP 27 select HAVE_KVM_PFNCACHE 28 select HAVE_KVM_DIRTY_RING_TSO 29 select HAVE_KVM_DIRTY_RING_ACQ_REL 30 select HAVE_KVM_IRQ_BYPASS 31 select HAVE_KVM_IRQ_ROUTING 32 select HAVE_KVM_READONLY_MEM 33 select VHOST_TASK 34 select KVM_ASYNC_PF 35 select USER_RETURN_NOTIFIER 36 select KVM_MMIO 37 select SCHED_INFO 38 select PERF_EVENTS 39 select GUEST_PERF_EVENTS 40 select HAVE_KVM_MSI 41 select HAVE_KVM_CPU_RELAX_INTERCEPT 42 select HAVE_KVM_NO_POLL 43 select VIRT_XFER_TO_GUEST_WORK 44 select KVM_GENERIC_DIRTYLOG_READ_PROTECT 45 select KVM_VFIO 46 select HAVE_KVM_PM_NOTIFIER if PM 47 select KVM_GENERIC_HARDWARE_ENABLING 48 select KVM_GENERIC_PRE_FAULT_MEMORY 49 select KVM_WERROR if WERROR 50 select KVM_GUEST_MEMFD if X86_64 51 52config KVM 53 tristate "Kernel-based Virtual Machine (KVM) support" 54 depends on X86_LOCAL_APIC 55 help 56 Support hosting fully virtualized guest machines using hardware 57 virtualization extensions. You will need a fairly recent 58 processor equipped with virtualization extensions. You will also 59 need to select one or more of the processor modules below. 60 61 This module provides access to the hardware capabilities through 62 a character device node named /dev/kvm. 63 64 To compile this as a module, choose M here: the module 65 will be called kvm. 66 67 If unsure, say N. 68 69config KVM_WERROR 70 bool "Compile KVM with -Werror" 71 # Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against 72 # randomized configs from selecting KVM_WERROR=y, which doesn't play 73 # nice with KASAN. KASAN builds generates warnings for the default 74 # FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning. 75 # Building KVM with -Werror and KASAN is still doable via enabling 76 # the kernel-wide WERROR=y. 77 depends on KVM_X86 && ((EXPERT && !KASAN) || WERROR) 78 help 79 Add -Werror to the build flags for KVM. 80 81 If in doubt, say "N". 82 83config KVM_SW_PROTECTED_VM 84 bool "Enable support for KVM software-protected VMs" 85 depends on EXPERT 86 depends on KVM_X86 && X86_64 87 select KVM_GENERIC_MEMORY_ATTRIBUTES 88 help 89 Enable support for KVM software-protected VMs. Currently, software- 90 protected VMs are purely a development and testing vehicle for 91 KVM_CREATE_GUEST_MEMFD. Attempting to run a "real" VM workload as a 92 software-protected VM will fail miserably. 93 94 If unsure, say "N". 95 96config KVM_INTEL 97 tristate "KVM for Intel (and compatible) processors support" 98 depends on KVM && IA32_FEAT_CTL 99 help 100 Provides support for KVM on processors equipped with Intel's VT 101 extensions, a.k.a. Virtual Machine Extensions (VMX). 102 103 To compile this as a module, choose M here: the module 104 will be called kvm-intel. 105 106config KVM_INTEL_PROVE_VE 107 bool "Check that guests do not receive #VE exceptions" 108 depends on KVM_INTEL && EXPERT 109 help 110 Checks that KVM's page table management code will not incorrectly 111 let guests receive a virtualization exception. Virtualization 112 exceptions will be trapped by the hypervisor rather than injected 113 in the guest. 114 115 Note: some CPUs appear to generate spurious EPT Violations #VEs 116 that trigger KVM's WARN, in particular with eptad=0 and/or nested 117 virtualization. 118 119 If unsure, say N. 120 121config X86_SGX_KVM 122 bool "Software Guard eXtensions (SGX) Virtualization" 123 depends on X86_SGX && KVM_INTEL 124 help 125 126 Enables KVM guests to create SGX enclaves. 127 128 This includes support to expose "raw" unreclaimable enclave memory to 129 guests via a device node, e.g. /dev/sgx_vepc. 130 131 If unsure, say N. 132 133config KVM_INTEL_TDX 134 bool "Intel Trust Domain Extensions (TDX) support" 135 default y 136 depends on INTEL_TDX_HOST 137 select KVM_GENERIC_MEMORY_ATTRIBUTES 138 select HAVE_KVM_ARCH_GMEM_POPULATE 139 help 140 Provides support for launching Intel Trust Domain Extensions (TDX) 141 confidential VMs on Intel processors. 142 143 If unsure, say N. 144 145config KVM_AMD 146 tristate "KVM for AMD processors support" 147 depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON) 148 help 149 Provides support for KVM on AMD processors equipped with the AMD-V 150 (SVM) extensions. 151 152 To compile this as a module, choose M here: the module 153 will be called kvm-amd. 154 155config KVM_AMD_SEV 156 bool "AMD Secure Encrypted Virtualization (SEV) support" 157 default y 158 depends on KVM_AMD && X86_64 159 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) 160 select ARCH_HAS_CC_PLATFORM 161 select KVM_GENERIC_MEMORY_ATTRIBUTES 162 select HAVE_KVM_ARCH_GMEM_PREPARE 163 select HAVE_KVM_ARCH_GMEM_INVALIDATE 164 select HAVE_KVM_ARCH_GMEM_POPULATE 165 help 166 Provides support for launching encrypted VMs which use Secure 167 Encrypted Virtualization (SEV), Secure Encrypted Virtualization with 168 Encrypted State (SEV-ES), and Secure Encrypted Virtualization with 169 Secure Nested Paging (SEV-SNP) technologies on AMD processors. 170 171config KVM_IOAPIC 172 bool "I/O APIC, PIC, and PIT emulation" 173 default y 174 depends on KVM_X86 175 help 176 Provides support for KVM to emulate an I/O APIC, PIC, and PIT, i.e. 177 for full in-kernel APIC emulation. 178 179 If unsure, say Y. 180 181config KVM_SMM 182 bool "System Management Mode emulation" 183 default y 184 depends on KVM_X86 185 help 186 Provides support for KVM to emulate System Management Mode (SMM) 187 in virtual machines. This can be used by the virtual machine 188 firmware to implement UEFI secure boot. 189 190 If unsure, say Y. 191 192config KVM_HYPERV 193 bool "Support for Microsoft Hyper-V emulation" 194 depends on KVM_X86 195 default y 196 help 197 Provides KVM support for emulating Microsoft Hyper-V. This allows KVM 198 to expose a subset of the paravirtualized interfaces defined in the 199 Hyper-V Hypervisor Top-Level Functional Specification (TLFS): 200 https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs 201 These interfaces are required for the correct and performant functioning 202 of Windows and Hyper-V guests on KVM. 203 204 If unsure, say "Y". 205 206config KVM_XEN 207 bool "Support for Xen hypercall interface" 208 depends on KVM_X86 209 help 210 Provides KVM support for the hosting Xen HVM guests and 211 passing Xen hypercalls to userspace. 212 213 If in doubt, say "N". 214 215config KVM_PROVE_MMU 216 bool "Prove KVM MMU correctness" 217 depends on DEBUG_KERNEL 218 depends on KVM_X86 219 depends on EXPERT 220 help 221 Enables runtime assertions in KVM's MMU that are too costly to enable 222 in anything remotely resembling a production environment, e.g. this 223 gates code that verifies a to-be-freed page table doesn't have any 224 present SPTEs. 225 226 If in doubt, say "N". 227 228config KVM_EXTERNAL_WRITE_TRACKING 229 bool 230 231config KVM_MAX_NR_VCPUS 232 int "Maximum number of vCPUs per KVM guest" 233 depends on KVM_X86 234 range 1024 4096 235 default 4096 if MAXSMP 236 default 1024 237 help 238 Set the maximum number of vCPUs per KVM guest. Larger values will increase 239 the memory footprint of each KVM guest, regardless of how many vCPUs are 240 created for a given VM. 241 242endif # VIRTUALIZATION 243