xref: /linux/arch/x86/kvm/Kconfig (revision be602cde657ee43d23adbf309be6d700d0106dc9) 
1# SPDX-License-Identifier: GPL-2.0
2#
3# KVM configuration
4#
5
6source "virt/kvm/Kconfig"
7
8menuconfig VIRTUALIZATION
9	bool "Virtualization"
10	default y
11	help
12	  Say Y here to get to see options for using your Linux host to run other
13	  operating systems inside virtual machines (guests).
14	  This option alone does not add any kernel code.
15
16	  If you say N, all options in this submenu will be skipped and disabled.
17
18if VIRTUALIZATION
19
20config KVM_X86
21	def_tristate KVM if KVM_INTEL || KVM_AMD
22	depends on X86_LOCAL_APIC
23	select KVM_COMMON
24	select KVM_GENERIC_MMU_NOTIFIER
25	select HAVE_KVM_IRQCHIP
26	select HAVE_KVM_PFNCACHE
27	select HAVE_KVM_DIRTY_RING_TSO
28	select HAVE_KVM_DIRTY_RING_ACQ_REL
29	select HAVE_KVM_IRQ_BYPASS
30	select HAVE_KVM_IRQ_ROUTING
31	select HAVE_KVM_READONLY_MEM
32	select KVM_ASYNC_PF
33	select USER_RETURN_NOTIFIER
34	select KVM_MMIO
35	select SCHED_INFO
36	select PERF_EVENTS
37	select GUEST_PERF_EVENTS
38	select HAVE_KVM_MSI
39	select HAVE_KVM_CPU_RELAX_INTERCEPT
40	select HAVE_KVM_NO_POLL
41	select KVM_XFER_TO_GUEST_WORK
42	select KVM_GENERIC_DIRTYLOG_READ_PROTECT
43	select KVM_VFIO
44	select HAVE_KVM_PM_NOTIFIER if PM
45	select KVM_GENERIC_HARDWARE_ENABLING
46	select KVM_GENERIC_PRE_FAULT_MEMORY
47	select KVM_GENERIC_PRIVATE_MEM if KVM_SW_PROTECTED_VM
48	select KVM_WERROR if WERROR
49
50config KVM
51	tristate "Kernel-based Virtual Machine (KVM) support"
52	help
53	  Support hosting fully virtualized guest machines using hardware
54	  virtualization extensions.  You will need a fairly recent
55	  processor equipped with virtualization extensions. You will also
56	  need to select one or more of the processor modules below.
57
58	  This module provides access to the hardware capabilities through
59	  a character device node named /dev/kvm.
60
61	  To compile this as a module, choose M here: the module
62	  will be called kvm.
63
64	  If unsure, say N.
65
66config KVM_WERROR
67	bool "Compile KVM with -Werror"
68	# Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against
69	# randomized configs from selecting KVM_WERROR=y, which doesn't play
70	# nice with KASAN.  KASAN builds generates warnings for the default
71	# FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning.
72	# Building KVM with -Werror and KASAN is still doable via enabling
73	# the kernel-wide WERROR=y.
74	depends on KVM && ((EXPERT && !KASAN) || WERROR)
75	help
76	  Add -Werror to the build flags for KVM.
77
78	  If in doubt, say "N".
79
80config KVM_SW_PROTECTED_VM
81	bool "Enable support for KVM software-protected VMs"
82	depends on EXPERT
83	depends on KVM && X86_64
84	help
85	  Enable support for KVM software-protected VMs.  Currently, software-
86	  protected VMs are purely a development and testing vehicle for
87	  KVM_CREATE_GUEST_MEMFD.  Attempting to run a "real" VM workload as a
88	  software-protected VM will fail miserably.
89
90	  If unsure, say "N".
91
92config KVM_INTEL
93	tristate "KVM for Intel (and compatible) processors support"
94	depends on KVM && IA32_FEAT_CTL
95	help
96	  Provides support for KVM on processors equipped with Intel's VT
97	  extensions, a.k.a. Virtual Machine Extensions (VMX).
98
99	  To compile this as a module, choose M here: the module
100	  will be called kvm-intel.
101
102config KVM_INTEL_PROVE_VE
103        bool "Check that guests do not receive #VE exceptions"
104        depends on KVM_INTEL && EXPERT
105        help
106          Checks that KVM's page table management code will not incorrectly
107          let guests receive a virtualization exception.  Virtualization
108          exceptions will be trapped by the hypervisor rather than injected
109          in the guest.
110
111          Note: some CPUs appear to generate spurious EPT Violations #VEs
112          that trigger KVM's WARN, in particular with eptad=0 and/or nested
113          virtualization.
114
115          If unsure, say N.
116
117config X86_SGX_KVM
118	bool "Software Guard eXtensions (SGX) Virtualization"
119	depends on X86_SGX && KVM_INTEL
120	help
121
122	  Enables KVM guests to create SGX enclaves.
123
124	  This includes support to expose "raw" unreclaimable enclave memory to
125	  guests via a device node, e.g. /dev/sgx_vepc.
126
127	  If unsure, say N.
128
129config KVM_AMD
130	tristate "KVM for AMD processors support"
131	depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON)
132	help
133	  Provides support for KVM on AMD processors equipped with the AMD-V
134	  (SVM) extensions.
135
136	  To compile this as a module, choose M here: the module
137	  will be called kvm-amd.
138
139config KVM_AMD_SEV
140	bool "AMD Secure Encrypted Virtualization (SEV) support"
141	default y
142	depends on KVM_AMD && X86_64
143	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
144	select ARCH_HAS_CC_PLATFORM
145	select KVM_GENERIC_PRIVATE_MEM
146	select HAVE_KVM_ARCH_GMEM_PREPARE
147	select HAVE_KVM_ARCH_GMEM_INVALIDATE
148	help
149	  Provides support for launching encrypted VMs which use Secure
150	  Encrypted Virtualization (SEV), Secure Encrypted Virtualization with
151	  Encrypted State (SEV-ES), and Secure Encrypted Virtualization with
152	  Secure Nested Paging (SEV-SNP) technologies on AMD processors.
153
154config KVM_SMM
155	bool "System Management Mode emulation"
156	default y
157	depends on KVM
158	help
159	  Provides support for KVM to emulate System Management Mode (SMM)
160	  in virtual machines.  This can be used by the virtual machine
161	  firmware to implement UEFI secure boot.
162
163	  If unsure, say Y.
164
165config KVM_HYPERV
166	bool "Support for Microsoft Hyper-V emulation"
167	depends on KVM
168	default y
169	help
170	  Provides KVM support for emulating Microsoft Hyper-V.  This allows KVM
171	  to expose a subset of the paravirtualized interfaces defined in the
172	  Hyper-V Hypervisor Top-Level Functional Specification (TLFS):
173	  https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs
174	  These interfaces are required for the correct and performant functioning
175	  of Windows and Hyper-V guests on KVM.
176
177	  If unsure, say "Y".
178
179config KVM_XEN
180	bool "Support for Xen hypercall interface"
181	depends on KVM
182	help
183	  Provides KVM support for the hosting Xen HVM guests and
184	  passing Xen hypercalls to userspace.
185
186	  If in doubt, say "N".
187
188config KVM_PROVE_MMU
189	bool "Prove KVM MMU correctness"
190	depends on DEBUG_KERNEL
191	depends on KVM
192	depends on EXPERT
193	help
194	  Enables runtime assertions in KVM's MMU that are too costly to enable
195	  in anything remotely resembling a production environment, e.g. this
196	  gates code that verifies a to-be-freed page table doesn't have any
197	  present SPTEs.
198
199	  If in doubt, say "N".
200
201config KVM_EXTERNAL_WRITE_TRACKING
202	bool
203
204config KVM_MAX_NR_VCPUS
205	int "Maximum number of vCPUs per KVM guest"
206	depends on KVM
207	range 1024 4096
208	default 4096 if MAXSMP
209	default 1024
210	help
211	  Set the maximum number of vCPUs per KVM guest. Larger values will increase
212	  the memory footprint of each KVM guest, regardless of how many vCPUs are
213	  created for a given VM.
214
215endif # VIRTUALIZATION
216