xref: /linux/arch/x86/kvm/Kconfig (revision 1260ed77798502de9c98020040d2995008de10cc) 
1# SPDX-License-Identifier: GPL-2.0
2#
3# KVM configuration
4#
5
6source "virt/kvm/Kconfig"
7
8menuconfig VIRTUALIZATION
9	bool "Virtualization"
10	default y
11	help
12	  Say Y here to get to see options for using your Linux host to run other
13	  operating systems inside virtual machines (guests).
14	  This option alone does not add any kernel code.
15
16	  If you say N, all options in this submenu will be skipped and disabled.
17
18if VIRTUALIZATION
19
20config KVM_X86
21	def_tristate KVM if (KVM_INTEL != n || KVM_AMD != n)
22	select KVM_COMMON
23	select KVM_GENERIC_MMU_NOTIFIER
24	select KVM_ELIDE_TLB_FLUSH_IF_YOUNG
25	select KVM_MMU_LOCKLESS_AGING
26	select HAVE_KVM_IRQCHIP
27	select HAVE_KVM_PFNCACHE
28	select HAVE_KVM_DIRTY_RING_TSO
29	select HAVE_KVM_DIRTY_RING_ACQ_REL
30	select HAVE_KVM_IRQ_BYPASS
31	select HAVE_KVM_IRQ_ROUTING
32	select HAVE_KVM_READONLY_MEM
33	select VHOST_TASK
34	select KVM_ASYNC_PF
35	select USER_RETURN_NOTIFIER
36	select KVM_MMIO
37	select SCHED_INFO
38	select PERF_EVENTS
39	select GUEST_PERF_EVENTS
40	select HAVE_KVM_MSI
41	select HAVE_KVM_CPU_RELAX_INTERCEPT
42	select HAVE_KVM_NO_POLL
43	select KVM_XFER_TO_GUEST_WORK
44	select KVM_GENERIC_DIRTYLOG_READ_PROTECT
45	select KVM_VFIO
46	select HAVE_KVM_PM_NOTIFIER if PM
47	select KVM_GENERIC_HARDWARE_ENABLING
48	select KVM_GENERIC_PRE_FAULT_MEMORY
49	select KVM_GENERIC_PRIVATE_MEM if KVM_SW_PROTECTED_VM
50	select KVM_WERROR if WERROR
51
52config KVM
53	tristate "Kernel-based Virtual Machine (KVM) support"
54	depends on X86_LOCAL_APIC
55	help
56	  Support hosting fully virtualized guest machines using hardware
57	  virtualization extensions.  You will need a fairly recent
58	  processor equipped with virtualization extensions. You will also
59	  need to select one or more of the processor modules below.
60
61	  This module provides access to the hardware capabilities through
62	  a character device node named /dev/kvm.
63
64	  To compile this as a module, choose M here: the module
65	  will be called kvm.
66
67	  If unsure, say N.
68
69config KVM_WERROR
70	bool "Compile KVM with -Werror"
71	# Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against
72	# randomized configs from selecting KVM_WERROR=y, which doesn't play
73	# nice with KASAN.  KASAN builds generates warnings for the default
74	# FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning.
75	# Building KVM with -Werror and KASAN is still doable via enabling
76	# the kernel-wide WERROR=y.
77	depends on KVM && ((EXPERT && !KASAN) || WERROR)
78	help
79	  Add -Werror to the build flags for KVM.
80
81	  If in doubt, say "N".
82
83config KVM_SW_PROTECTED_VM
84	bool "Enable support for KVM software-protected VMs"
85	depends on EXPERT
86	depends on KVM && X86_64
87	help
88	  Enable support for KVM software-protected VMs.  Currently, software-
89	  protected VMs are purely a development and testing vehicle for
90	  KVM_CREATE_GUEST_MEMFD.  Attempting to run a "real" VM workload as a
91	  software-protected VM will fail miserably.
92
93	  If unsure, say "N".
94
95config KVM_INTEL
96	tristate "KVM for Intel (and compatible) processors support"
97	depends on KVM && IA32_FEAT_CTL
98	help
99	  Provides support for KVM on processors equipped with Intel's VT
100	  extensions, a.k.a. Virtual Machine Extensions (VMX).
101
102	  To compile this as a module, choose M here: the module
103	  will be called kvm-intel.
104
105config KVM_INTEL_PROVE_VE
106        bool "Check that guests do not receive #VE exceptions"
107        depends on KVM_INTEL && EXPERT
108        help
109          Checks that KVM's page table management code will not incorrectly
110          let guests receive a virtualization exception.  Virtualization
111          exceptions will be trapped by the hypervisor rather than injected
112          in the guest.
113
114          Note: some CPUs appear to generate spurious EPT Violations #VEs
115          that trigger KVM's WARN, in particular with eptad=0 and/or nested
116          virtualization.
117
118          If unsure, say N.
119
120config X86_SGX_KVM
121	bool "Software Guard eXtensions (SGX) Virtualization"
122	depends on X86_SGX && KVM_INTEL
123	help
124
125	  Enables KVM guests to create SGX enclaves.
126
127	  This includes support to expose "raw" unreclaimable enclave memory to
128	  guests via a device node, e.g. /dev/sgx_vepc.
129
130	  If unsure, say N.
131
132config KVM_AMD
133	tristate "KVM for AMD processors support"
134	depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON)
135	help
136	  Provides support for KVM on AMD processors equipped with the AMD-V
137	  (SVM) extensions.
138
139	  To compile this as a module, choose M here: the module
140	  will be called kvm-amd.
141
142config KVM_AMD_SEV
143	bool "AMD Secure Encrypted Virtualization (SEV) support"
144	default y
145	depends on KVM_AMD && X86_64
146	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
147	select ARCH_HAS_CC_PLATFORM
148	select KVM_GENERIC_PRIVATE_MEM
149	select HAVE_KVM_ARCH_GMEM_PREPARE
150	select HAVE_KVM_ARCH_GMEM_INVALIDATE
151	help
152	  Provides support for launching encrypted VMs which use Secure
153	  Encrypted Virtualization (SEV), Secure Encrypted Virtualization with
154	  Encrypted State (SEV-ES), and Secure Encrypted Virtualization with
155	  Secure Nested Paging (SEV-SNP) technologies on AMD processors.
156
157config KVM_SMM
158	bool "System Management Mode emulation"
159	default y
160	depends on KVM
161	help
162	  Provides support for KVM to emulate System Management Mode (SMM)
163	  in virtual machines.  This can be used by the virtual machine
164	  firmware to implement UEFI secure boot.
165
166	  If unsure, say Y.
167
168config KVM_HYPERV
169	bool "Support for Microsoft Hyper-V emulation"
170	depends on KVM
171	default y
172	help
173	  Provides KVM support for emulating Microsoft Hyper-V.  This allows KVM
174	  to expose a subset of the paravirtualized interfaces defined in the
175	  Hyper-V Hypervisor Top-Level Functional Specification (TLFS):
176	  https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs
177	  These interfaces are required for the correct and performant functioning
178	  of Windows and Hyper-V guests on KVM.
179
180	  If unsure, say "Y".
181
182config KVM_XEN
183	bool "Support for Xen hypercall interface"
184	depends on KVM
185	help
186	  Provides KVM support for the hosting Xen HVM guests and
187	  passing Xen hypercalls to userspace.
188
189	  If in doubt, say "N".
190
191config KVM_PROVE_MMU
192	bool "Prove KVM MMU correctness"
193	depends on DEBUG_KERNEL
194	depends on KVM
195	depends on EXPERT
196	help
197	  Enables runtime assertions in KVM's MMU that are too costly to enable
198	  in anything remotely resembling a production environment, e.g. this
199	  gates code that verifies a to-be-freed page table doesn't have any
200	  present SPTEs.
201
202	  If in doubt, say "N".
203
204config KVM_EXTERNAL_WRITE_TRACKING
205	bool
206
207config KVM_MAX_NR_VCPUS
208	int "Maximum number of vCPUs per KVM guest"
209	depends on KVM
210	range 1024 4096
211	default 4096 if MAXSMP
212	default 1024
213	help
214	  Set the maximum number of vCPUs per KVM guest. Larger values will increase
215	  the memory footprint of each KVM guest, regardless of how many vCPUs are
216	  created for a given VM.
217
218endif # VIRTUALIZATION
219