1# SPDX-License-Identifier: GPL-2.0 2# 3# KVM configuration 4# 5 6source "virt/kvm/Kconfig" 7 8menuconfig VIRTUALIZATION 9 bool "Virtualization" 10 default y 11 help 12 Say Y here to get to see options for using your Linux host to run other 13 operating systems inside virtual machines (guests). 14 This option alone does not add any kernel code. 15 16 If you say N, all options in this submenu will be skipped and disabled. 17 18if VIRTUALIZATION 19 20config KVM_X86 21 def_tristate KVM if (KVM_INTEL != n || KVM_AMD != n) 22 select KVM_COMMON 23 select KVM_GENERIC_MMU_NOTIFIER 24 select KVM_ELIDE_TLB_FLUSH_IF_YOUNG 25 select KVM_MMU_LOCKLESS_AGING 26 select HAVE_KVM_IRQCHIP 27 select HAVE_KVM_PFNCACHE 28 select HAVE_KVM_DIRTY_RING_TSO 29 select HAVE_KVM_DIRTY_RING_ACQ_REL 30 select HAVE_KVM_IRQ_BYPASS 31 select HAVE_KVM_IRQ_ROUTING 32 select HAVE_KVM_READONLY_MEM 33 select VHOST_TASK 34 select KVM_ASYNC_PF 35 select USER_RETURN_NOTIFIER 36 select KVM_MMIO 37 select SCHED_INFO 38 select PERF_EVENTS 39 select GUEST_PERF_EVENTS 40 select HAVE_KVM_MSI 41 select HAVE_KVM_CPU_RELAX_INTERCEPT 42 select HAVE_KVM_NO_POLL 43 select VIRT_XFER_TO_GUEST_WORK 44 select KVM_GENERIC_DIRTYLOG_READ_PROTECT 45 select KVM_VFIO 46 select HAVE_KVM_PM_NOTIFIER if PM 47 select KVM_GENERIC_HARDWARE_ENABLING 48 select KVM_GENERIC_PRE_FAULT_MEMORY 49 select KVM_WERROR if WERROR 50 select KVM_GUEST_MEMFD if X86_64 51 52config KVM 53 tristate "Kernel-based Virtual Machine (KVM) support" 54 depends on X86_LOCAL_APIC 55 help 56 Support hosting fully virtualized guest machines using hardware 57 virtualization extensions. You will need a fairly recent 58 processor equipped with virtualization extensions. You will also 59 need to select one or more of the processor modules below. 60 61 This module provides access to the hardware capabilities through 62 a character device node named /dev/kvm. 63 64 To compile this as a module, choose M here: the module 65 will be called kvm. 66 67 If unsure, say N. 68 69config KVM_WERROR 70 bool "Compile KVM with -Werror" 71 # Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against 72 # randomized configs from selecting KVM_WERROR=y, which doesn't play 73 # nice with KASAN. KASAN builds generates warnings for the default 74 # FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning. 75 # Building KVM with -Werror and KASAN is still doable via enabling 76 # the kernel-wide WERROR=y. 77 depends on KVM_X86 && ((EXPERT && !KASAN) || WERROR) 78 help 79 Add -Werror to the build flags for KVM. 80 81 If in doubt, say "N". 82 83config KVM_SW_PROTECTED_VM 84 bool "Enable support for KVM software-protected VMs" 85 depends on EXPERT 86 depends on KVM_X86 && X86_64 87 select KVM_GENERIC_MEMORY_ATTRIBUTES 88 help 89 Enable support for KVM software-protected VMs. Currently, software- 90 protected VMs are purely a development and testing vehicle for 91 KVM_CREATE_GUEST_MEMFD. Attempting to run a "real" VM workload as a 92 software-protected VM will fail miserably. 93 94 If unsure, say "N". 95 96config KVM_INTEL 97 tristate "KVM for Intel (and compatible) processors support" 98 depends on KVM && IA32_FEAT_CTL 99 select X86_FRED if X86_64 100 help 101 Provides support for KVM on processors equipped with Intel's VT 102 extensions, a.k.a. Virtual Machine Extensions (VMX). 103 104 To compile this as a module, choose M here: the module 105 will be called kvm-intel. 106 107config KVM_INTEL_PROVE_VE 108 bool "Check that guests do not receive #VE exceptions" 109 depends on KVM_INTEL && EXPERT 110 help 111 Checks that KVM's page table management code will not incorrectly 112 let guests receive a virtualization exception. Virtualization 113 exceptions will be trapped by the hypervisor rather than injected 114 in the guest. 115 116 Note: some CPUs appear to generate spurious EPT Violations #VEs 117 that trigger KVM's WARN, in particular with eptad=0 and/or nested 118 virtualization. 119 120 If unsure, say N. 121 122config X86_SGX_KVM 123 bool "Software Guard eXtensions (SGX) Virtualization" 124 depends on X86_SGX && KVM_INTEL 125 help 126 127 Enables KVM guests to create SGX enclaves. 128 129 This includes support to expose "raw" unreclaimable enclave memory to 130 guests via a device node, e.g. /dev/sgx_vepc. 131 132 If unsure, say N. 133 134config KVM_INTEL_TDX 135 bool "Intel Trust Domain Extensions (TDX) support" 136 default y 137 depends on INTEL_TDX_HOST 138 select KVM_GENERIC_MEMORY_ATTRIBUTES 139 select HAVE_KVM_ARCH_GMEM_POPULATE 140 help 141 Provides support for launching Intel Trust Domain Extensions (TDX) 142 confidential VMs on Intel processors. 143 144 If unsure, say N. 145 146config KVM_AMD 147 tristate "KVM for AMD processors support" 148 depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON) 149 help 150 Provides support for KVM on AMD processors equipped with the AMD-V 151 (SVM) extensions. 152 153 To compile this as a module, choose M here: the module 154 will be called kvm-amd. 155 156config KVM_AMD_SEV 157 bool "AMD Secure Encrypted Virtualization (SEV) support" 158 default y 159 depends on KVM_AMD && X86_64 160 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) 161 select ARCH_HAS_CC_PLATFORM 162 select KVM_GENERIC_MEMORY_ATTRIBUTES 163 select HAVE_KVM_ARCH_GMEM_PREPARE 164 select HAVE_KVM_ARCH_GMEM_INVALIDATE 165 select HAVE_KVM_ARCH_GMEM_POPULATE 166 help 167 Provides support for launching encrypted VMs which use Secure 168 Encrypted Virtualization (SEV), Secure Encrypted Virtualization with 169 Encrypted State (SEV-ES), and Secure Encrypted Virtualization with 170 Secure Nested Paging (SEV-SNP) technologies on AMD processors. 171 172config KVM_IOAPIC 173 bool "I/O APIC, PIC, and PIT emulation" 174 default y 175 depends on KVM_X86 176 help 177 Provides support for KVM to emulate an I/O APIC, PIC, and PIT, i.e. 178 for full in-kernel APIC emulation. 179 180 If unsure, say Y. 181 182config KVM_SMM 183 bool "System Management Mode emulation" 184 default y 185 depends on KVM_X86 186 help 187 Provides support for KVM to emulate System Management Mode (SMM) 188 in virtual machines. This can be used by the virtual machine 189 firmware to implement UEFI secure boot. 190 191 If unsure, say Y. 192 193config KVM_HYPERV 194 bool "Support for Microsoft Hyper-V emulation" 195 depends on KVM_X86 196 default y 197 help 198 Provides KVM support for emulating Microsoft Hyper-V. This allows KVM 199 to expose a subset of the paravirtualized interfaces defined in the 200 Hyper-V Hypervisor Top-Level Functional Specification (TLFS): 201 https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs 202 These interfaces are required for the correct and performant functioning 203 of Windows and Hyper-V guests on KVM. 204 205 If unsure, say "Y". 206 207config KVM_XEN 208 bool "Support for Xen hypercall interface" 209 depends on KVM_X86 210 help 211 Provides KVM support for the hosting Xen HVM guests and 212 passing Xen hypercalls to userspace. 213 214 If in doubt, say "N". 215 216config KVM_PROVE_MMU 217 bool "Prove KVM MMU correctness" 218 depends on DEBUG_KERNEL 219 depends on KVM_X86 220 depends on EXPERT 221 help 222 Enables runtime assertions in KVM's MMU that are too costly to enable 223 in anything remotely resembling a production environment, e.g. this 224 gates code that verifies a to-be-freed page table doesn't have any 225 present SPTEs. 226 227 If in doubt, say "N". 228 229config KVM_EXTERNAL_WRITE_TRACKING 230 bool 231 232config KVM_MAX_NR_VCPUS 233 int "Maximum number of vCPUs per KVM guest" 234 depends on KVM_X86 235 range 1024 4096 236 default 4096 if MAXSMP 237 default 1024 238 help 239 Set the maximum number of vCPUs per KVM guest. Larger values will increase 240 the memory footprint of each KVM guest, regardless of how many vCPUs are 241 created for a given VM. 242 243endif # VIRTUALIZATION 244