1# SPDX-License-Identifier: GPL-2.0 2# 3# KVM configuration 4# 5 6source "virt/kvm/Kconfig" 7 8menuconfig VIRTUALIZATION 9 bool "Virtualization" 10 default y 11 help 12 Say Y here to get to see options for using your Linux host to run other 13 operating systems inside virtual machines (guests). 14 This option alone does not add any kernel code. 15 16 If you say N, all options in this submenu will be skipped and disabled. 17 18if VIRTUALIZATION 19 20config KVM_X86 21 def_tristate KVM if (KVM_INTEL != n || KVM_AMD != n) 22 select KVM_COMMON 23 select KVM_GENERIC_MMU_NOTIFIER 24 select KVM_ELIDE_TLB_FLUSH_IF_YOUNG 25 select KVM_MMU_LOCKLESS_AGING 26 select HAVE_KVM_IRQCHIP 27 select HAVE_KVM_PFNCACHE 28 select HAVE_KVM_DIRTY_RING_TSO 29 select HAVE_KVM_DIRTY_RING_ACQ_REL 30 select HAVE_KVM_IRQ_BYPASS 31 select HAVE_KVM_IRQ_ROUTING 32 select HAVE_KVM_READONLY_MEM 33 select VHOST_TASK 34 select KVM_ASYNC_PF 35 select USER_RETURN_NOTIFIER 36 select KVM_MMIO 37 select SCHED_INFO 38 select PERF_EVENTS 39 select GUEST_PERF_EVENTS 40 select PERF_GUEST_MEDIATED_PMU 41 select HAVE_KVM_MSI 42 select HAVE_KVM_CPU_RELAX_INTERCEPT 43 select HAVE_KVM_NO_POLL 44 select VIRT_XFER_TO_GUEST_WORK 45 select KVM_GENERIC_DIRTYLOG_READ_PROTECT 46 select KVM_VFIO 47 select HAVE_KVM_PM_NOTIFIER if PM 48 select KVM_GENERIC_HARDWARE_ENABLING 49 select KVM_GENERIC_PRE_FAULT_MEMORY 50 select KVM_WERROR if WERROR 51 select KVM_GUEST_MEMFD if X86_64 52 53config KVM 54 tristate "Kernel-based Virtual Machine (KVM) support" 55 depends on X86_LOCAL_APIC 56 help 57 Support hosting fully virtualized guest machines using hardware 58 virtualization extensions. You will need a fairly recent 59 processor equipped with virtualization extensions. You will also 60 need to select one or more of the processor modules below. 61 62 This module provides access to the hardware capabilities through 63 a character device node named /dev/kvm. 64 65 To compile this as a module, choose M here: the module 66 will be called kvm. 67 68 If unsure, say N. 69 70config KVM_WERROR 71 bool "Compile KVM with -Werror" 72 # Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against 73 # randomized configs from selecting KVM_WERROR=y, which doesn't play 74 # nice with KASAN. KASAN builds generates warnings for the default 75 # FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning. 76 # Building KVM with -Werror and KASAN is still doable via enabling 77 # the kernel-wide WERROR=y. 78 depends on KVM_X86 && ((EXPERT && !KASAN) || WERROR) 79 help 80 Add -Werror to the build flags for KVM. 81 82 If in doubt, say "N". 83 84config KVM_SW_PROTECTED_VM 85 bool "Enable support for KVM software-protected VMs" 86 depends on EXPERT 87 depends on KVM_X86 && X86_64 88 select KVM_GENERIC_MEMORY_ATTRIBUTES 89 help 90 Enable support for KVM software-protected VMs. Currently, software- 91 protected VMs are purely a development and testing vehicle for 92 KVM_CREATE_GUEST_MEMFD. Attempting to run a "real" VM workload as a 93 software-protected VM will fail miserably. 94 95 If unsure, say "N". 96 97config KVM_INTEL 98 tristate "KVM for Intel (and compatible) processors support" 99 depends on KVM && IA32_FEAT_CTL 100 select X86_FRED if X86_64 101 help 102 Provides support for KVM on processors equipped with Intel's VT 103 extensions, a.k.a. Virtual Machine Extensions (VMX). 104 105 To compile this as a module, choose M here: the module 106 will be called kvm-intel. 107 108config KVM_INTEL_PROVE_VE 109 bool "Check that guests do not receive #VE exceptions" 110 depends on KVM_INTEL && EXPERT 111 help 112 Checks that KVM's page table management code will not incorrectly 113 let guests receive a virtualization exception. Virtualization 114 exceptions will be trapped by the hypervisor rather than injected 115 in the guest. 116 117 Note: some CPUs appear to generate spurious EPT Violations #VEs 118 that trigger KVM's WARN, in particular with eptad=0 and/or nested 119 virtualization. 120 121 If unsure, say N. 122 123config X86_SGX_KVM 124 bool "Software Guard eXtensions (SGX) Virtualization" 125 depends on X86_SGX && KVM_INTEL 126 help 127 128 Enables KVM guests to create SGX enclaves. 129 130 This includes support to expose "raw" unreclaimable enclave memory to 131 guests via a device node, e.g. /dev/sgx_vepc. 132 133 If unsure, say N. 134 135config KVM_INTEL_TDX 136 bool "Intel Trust Domain Extensions (TDX) support" 137 default y 138 depends on INTEL_TDX_HOST 139 select KVM_GENERIC_MEMORY_ATTRIBUTES 140 select HAVE_KVM_ARCH_GMEM_POPULATE 141 help 142 Provides support for launching Intel Trust Domain Extensions (TDX) 143 confidential VMs on Intel processors. 144 145 If unsure, say N. 146 147config KVM_AMD 148 tristate "KVM for AMD processors support" 149 depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON) 150 help 151 Provides support for KVM on AMD processors equipped with the AMD-V 152 (SVM) extensions. 153 154 To compile this as a module, choose M here: the module 155 will be called kvm-amd. 156 157config KVM_AMD_SEV 158 bool "AMD Secure Encrypted Virtualization (SEV) support" 159 default y 160 depends on KVM_AMD && X86_64 161 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) 162 select ARCH_HAS_CC_PLATFORM 163 select KVM_GENERIC_MEMORY_ATTRIBUTES 164 select HAVE_KVM_ARCH_GMEM_PREPARE 165 select HAVE_KVM_ARCH_GMEM_INVALIDATE 166 select HAVE_KVM_ARCH_GMEM_POPULATE 167 help 168 Provides support for launching encrypted VMs which use Secure 169 Encrypted Virtualization (SEV), Secure Encrypted Virtualization with 170 Encrypted State (SEV-ES), and Secure Encrypted Virtualization with 171 Secure Nested Paging (SEV-SNP) technologies on AMD processors. 172 173config KVM_IOAPIC 174 bool "I/O APIC, PIC, and PIT emulation" 175 default y 176 depends on KVM_X86 177 help 178 Provides support for KVM to emulate an I/O APIC, PIC, and PIT, i.e. 179 for full in-kernel APIC emulation. 180 181 If unsure, say Y. 182 183config KVM_SMM 184 bool "System Management Mode emulation" 185 default y 186 depends on KVM_X86 187 help 188 Provides support for KVM to emulate System Management Mode (SMM) 189 in virtual machines. This can be used by the virtual machine 190 firmware to implement UEFI secure boot. 191 192 If unsure, say Y. 193 194config KVM_HYPERV 195 bool "Support for Microsoft Hyper-V emulation" 196 depends on KVM_X86 197 default y 198 help 199 Provides KVM support for emulating Microsoft Hyper-V. This allows KVM 200 to expose a subset of the paravirtualized interfaces defined in the 201 Hyper-V Hypervisor Top-Level Functional Specification (TLFS): 202 https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs 203 These interfaces are required for the correct and performant functioning 204 of Windows and Hyper-V guests on KVM. 205 206 If unsure, say "Y". 207 208config KVM_XEN 209 bool "Support for Xen hypercall interface" 210 depends on KVM_X86 211 help 212 Provides KVM support for the hosting Xen HVM guests and 213 passing Xen hypercalls to userspace. 214 215 If in doubt, say "N". 216 217config KVM_PROVE_MMU 218 bool "Prove KVM MMU correctness" 219 depends on DEBUG_KERNEL 220 depends on KVM_X86 221 depends on EXPERT 222 help 223 Enables runtime assertions in KVM's MMU that are too costly to enable 224 in anything remotely resembling a production environment, e.g. this 225 gates code that verifies a to-be-freed page table doesn't have any 226 present SPTEs. 227 228 If in doubt, say "N". 229 230config KVM_EXTERNAL_WRITE_TRACKING 231 bool 232 233config KVM_MAX_NR_VCPUS 234 int "Maximum number of vCPUs per KVM guest" 235 depends on KVM_X86 236 range 1024 4096 237 default 4096 if MAXSMP 238 default 1024 239 help 240 Set the maximum number of vCPUs per KVM guest. Larger values will increase 241 the memory footprint of each KVM guest, regardless of how many vCPUs are 242 created for a given VM. 243 244endif # VIRTUALIZATION 245