1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0 2edf88417SAvi Kivity# 3edf88417SAvi Kivity# KVM configuration 4edf88417SAvi Kivity# 5edf88417SAvi Kivity 60ba12d10SAvi Kivitysource "virt/kvm/Kconfig" 75d9b8e30SAvi Kivity 8edf88417SAvi Kivitymenuconfig VIRTUALIZATION 9edf88417SAvi Kivity bool "Virtualization" 10edf88417SAvi Kivity default y 11a7f7f624SMasahiro Yamada help 12edf88417SAvi Kivity Say Y here to get to see options for using your Linux host to run other 13edf88417SAvi Kivity operating systems inside virtual machines (guests). 14edf88417SAvi Kivity This option alone does not add any kernel code. 15edf88417SAvi Kivity 16edf88417SAvi Kivity If you say N, all options in this submenu will be skipped and disabled. 17edf88417SAvi Kivity 18edf88417SAvi Kivityif VIRTUALIZATION 19edf88417SAvi Kivity 20edf88417SAvi Kivityconfig KVM 21edf88417SAvi Kivity tristate "Kernel-based Virtual Machine (KVM) support" 2292b5265dSLiu, Jinsong depends on HIGH_RES_TIMERS 23e42eef4bSArnd Bergmann depends on X86_LOCAL_APIC 24caadf876SPaolo Bonzini select KVM_COMMON 25f128cf8cSSean Christopherson select KVM_GENERIC_MMU_NOTIFIER 260ba12d10SAvi Kivity select HAVE_KVM_IRQCHIP 27982ed0deSDavid Woodhouse select HAVE_KVM_PFNCACHE 2817601bfeSMarc Zyngier select HAVE_KVM_DIRTY_RING_TSO 29fc0693d4SMarc Zyngier select HAVE_KVM_DIRTY_RING_ACQ_REL 3087276880SFeng Wu select HAVE_KVM_IRQ_BYPASS 31a725d56aSAlexander Graf select HAVE_KVM_IRQ_ROUTING 328886640dSPaolo Bonzini select HAVE_KVM_READONLY_MEM 33af585b92SGleb Natapov select KVM_ASYNC_PF 3418863bddSAvi Kivity select USER_RETURN_NOTIFIER 3550eb2a3cSAvi Kivity select KVM_MMIO 3663b3f96eSPeter Zijlstra select SCHED_INFO 37f5132b01SGleb Natapov select PERF_EVENTS 382aef6f30SSean Christopherson select GUEST_PERF_EVENTS 3907975ad3SJan Kiszka select HAVE_KVM_MSI 40f2a74347SRaghavendra K T select HAVE_KVM_CPU_RELAX_INTERCEPT 412d5ba19bSMarcelo Tosatti select HAVE_KVM_NO_POLL 4272c3c0feSThomas Gleixner select KVM_XFER_TO_GUEST_WORK 43e108ff2fSPaolo Bonzini select KVM_GENERIC_DIRTYLOG_READ_PROTECT 44ec53500fSAlex Williamson select KVM_VFIO 457d62874fSSergey Senozhatsky select HAVE_KVM_PM_NOTIFIER if PM 46441f7bfaSSean Christopherson select KVM_GENERIC_HARDWARE_ENABLING 476e01b760SPaolo Bonzini select KVM_GENERIC_PRE_FAULT_MEMORY 4876d5363cSSean Christopherson select KVM_WERROR if WERROR 49a7f7f624SMasahiro Yamada help 50edf88417SAvi Kivity Support hosting fully virtualized guest machines using hardware 51edf88417SAvi Kivity virtualization extensions. You will need a fairly recent 52edf88417SAvi Kivity processor equipped with virtualization extensions. You will also 53edf88417SAvi Kivity need to select one or more of the processor modules below. 54edf88417SAvi Kivity 55edf88417SAvi Kivity This module provides access to the hardware capabilities through 56edf88417SAvi Kivity a character device node named /dev/kvm. 57edf88417SAvi Kivity 58edf88417SAvi Kivity To compile this as a module, choose M here: the module 59edf88417SAvi Kivity will be called kvm. 60edf88417SAvi Kivity 61edf88417SAvi Kivity If unsure, say N. 62edf88417SAvi Kivity 634f337fafSPaolo Bonziniconfig KVM_WERROR 644f337fafSPaolo Bonzini bool "Compile KVM with -Werror" 6575bedc1eSSean Christopherson # Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against 6675bedc1eSSean Christopherson # randomized configs from selecting KVM_WERROR=y, which doesn't play 6775bedc1eSSean Christopherson # nice with KASAN. KASAN builds generates warnings for the default 6875bedc1eSSean Christopherson # FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning. 6975bedc1eSSean Christopherson # Building KVM with -Werror and KASAN is still doable via enabling 7075bedc1eSSean Christopherson # the kernel-wide WERROR=y. 7176d5363cSSean Christopherson depends on KVM && ((EXPERT && !KASAN) || WERROR) 724f337fafSPaolo Bonzini help 73a754acc3SJason A. Donenfeld Add -Werror to the build flags for KVM. 744f337fafSPaolo Bonzini 754f337fafSPaolo Bonzini If in doubt, say "N". 764f337fafSPaolo Bonzini 7789ea60c2SSean Christophersonconfig KVM_SW_PROTECTED_VM 7889ea60c2SSean Christopherson bool "Enable support for KVM software-protected VMs" 7989ea60c2SSean Christopherson depends on EXPERT 8078328801SPaolo Bonzini depends on KVM && X86_64 8189ea60c2SSean Christopherson select KVM_GENERIC_PRIVATE_MEM 8289ea60c2SSean Christopherson help 8342269209SSean Christopherson Enable support for KVM software-protected VMs. Currently, software- 8442269209SSean Christopherson protected VMs are purely a development and testing vehicle for 8542269209SSean Christopherson KVM_CREATE_GUEST_MEMFD. Attempting to run a "real" VM workload as a 8642269209SSean Christopherson software-protected VM will fail miserably. 8789ea60c2SSean Christopherson 8889ea60c2SSean Christopherson If unsure, say "N". 8989ea60c2SSean Christopherson 90edf88417SAvi Kivityconfig KVM_INTEL 918f63aaf5SSean Christopherson tristate "KVM for Intel (and compatible) processors support" 928f63aaf5SSean Christopherson depends on KVM && IA32_FEAT_CTL 93a7f7f624SMasahiro Yamada help 948f63aaf5SSean Christopherson Provides support for KVM on processors equipped with Intel's VT 958f63aaf5SSean Christopherson extensions, a.k.a. Virtual Machine Extensions (VMX). 96edf88417SAvi Kivity 9758f8ac27SRobert P. J. Day To compile this as a module, choose M here: the module 9858f8ac27SRobert P. J. Day will be called kvm-intel. 9958f8ac27SRobert P. J. Day 1008131cf5bSIsaku Yamahataconfig KVM_INTEL_PROVE_VE 1018131cf5bSIsaku Yamahata bool "Check that guests do not receive #VE exceptions" 1026af6142eSSean Christopherson depends on KVM_INTEL && EXPERT 1038131cf5bSIsaku Yamahata help 1048131cf5bSIsaku Yamahata Checks that KVM's page table management code will not incorrectly 1058131cf5bSIsaku Yamahata let guests receive a virtualization exception. Virtualization 1068131cf5bSIsaku Yamahata exceptions will be trapped by the hypervisor rather than injected 1078131cf5bSIsaku Yamahata in the guest. 1088131cf5bSIsaku Yamahata 1096af6142eSSean Christopherson Note: some CPUs appear to generate spurious EPT Violations #VEs 1106af6142eSSean Christopherson that trigger KVM's WARN, in particular with eptad=0 and/or nested 1116af6142eSSean Christopherson virtualization. 1126af6142eSSean Christopherson 1138131cf5bSIsaku Yamahata If unsure, say N. 1148131cf5bSIsaku Yamahata 115540745ddSSean Christophersonconfig X86_SGX_KVM 116540745ddSSean Christopherson bool "Software Guard eXtensions (SGX) Virtualization" 117540745ddSSean Christopherson depends on X86_SGX && KVM_INTEL 118540745ddSSean Christopherson help 119540745ddSSean Christopherson 120540745ddSSean Christopherson Enables KVM guests to create SGX enclaves. 121540745ddSSean Christopherson 122540745ddSSean Christopherson This includes support to expose "raw" unreclaimable enclave memory to 123540745ddSSean Christopherson guests via a device node, e.g. /dev/sgx_vepc. 124540745ddSSean Christopherson 125540745ddSSean Christopherson If unsure, say N. 126540745ddSSean Christopherson 127edf88417SAvi Kivityconfig KVM_AMD 128edf88417SAvi Kivity tristate "KVM for AMD processors support" 129554856b6SSean Christopherson depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON) 130a7f7f624SMasahiro Yamada help 131edf88417SAvi Kivity Provides support for KVM on AMD processors equipped with the AMD-V 132edf88417SAvi Kivity (SVM) extensions. 133edf88417SAvi Kivity 13458f8ac27SRobert P. J. Day To compile this as a module, choose M here: the module 13558f8ac27SRobert P. J. Day will be called kvm-amd. 13658f8ac27SRobert P. J. Day 1375dd0a57cSBrijesh Singhconfig KVM_AMD_SEV 1385dd0a57cSBrijesh Singh bool "AMD Secure Encrypted Virtualization (SEV) support" 139cd14b018SMasahiro Yamada default y 1405dd0a57cSBrijesh Singh depends on KVM_AMD && X86_64 141d30f370dSJanakarajan Natarajan depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) 14254f5f47bSBorislav Petkov (AMD) select ARCH_HAS_CC_PLATFORM 143a8e31983SMichael Roth select KVM_GENERIC_PRIVATE_MEM 144564429a6SPaolo Bonzini select HAVE_KVM_ARCH_GMEM_PREPARE 145564429a6SPaolo Bonzini select HAVE_KVM_ARCH_GMEM_INVALIDATE 146a7f7f624SMasahiro Yamada help 147*5fa9f048SVitaly Kuznetsov Provides support for launching encrypted VMs which use Secure 148*5fa9f048SVitaly Kuznetsov Encrypted Virtualization (SEV), Secure Encrypted Virtualization with 149*5fa9f048SVitaly Kuznetsov Encrypted State (SEV-ES), and Secure Encrypted Virtualization with 150*5fa9f048SVitaly Kuznetsov Secure Nested Paging (SEV-SNP) technologies on AMD processors. 1515dd0a57cSBrijesh Singh 1524b8e1b32SPaolo Bonziniconfig KVM_SMM 1534b8e1b32SPaolo Bonzini bool "System Management Mode emulation" 1544b8e1b32SPaolo Bonzini default y 1554b8e1b32SPaolo Bonzini depends on KVM 1564b8e1b32SPaolo Bonzini help 1574b8e1b32SPaolo Bonzini Provides support for KVM to emulate System Management Mode (SMM) 1584b8e1b32SPaolo Bonzini in virtual machines. This can be used by the virtual machine 1594b8e1b32SPaolo Bonzini firmware to implement UEFI secure boot. 1604b8e1b32SPaolo Bonzini 1614b8e1b32SPaolo Bonzini If unsure, say Y. 1624b8e1b32SPaolo Bonzini 163b4f69df0SVitaly Kuznetsovconfig KVM_HYPERV 164b4f69df0SVitaly Kuznetsov bool "Support for Microsoft Hyper-V emulation" 165b4f69df0SVitaly Kuznetsov depends on KVM 166b4f69df0SVitaly Kuznetsov default y 167b4f69df0SVitaly Kuznetsov help 168b4f69df0SVitaly Kuznetsov Provides KVM support for emulating Microsoft Hyper-V. This allows KVM 169b4f69df0SVitaly Kuznetsov to expose a subset of the paravirtualized interfaces defined in the 170b4f69df0SVitaly Kuznetsov Hyper-V Hypervisor Top-Level Functional Specification (TLFS): 171b4f69df0SVitaly Kuznetsov https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs 172b4f69df0SVitaly Kuznetsov These interfaces are required for the correct and performant functioning 173b4f69df0SVitaly Kuznetsov of Windows and Hyper-V guests on KVM. 174b4f69df0SVitaly Kuznetsov 175b4f69df0SVitaly Kuznetsov If unsure, say "Y". 176b4f69df0SVitaly Kuznetsov 177b59b153dSPaolo Bonziniconfig KVM_XEN 178b59b153dSPaolo Bonzini bool "Support for Xen hypercall interface" 179b59b153dSPaolo Bonzini depends on KVM 180b59b153dSPaolo Bonzini help 181b59b153dSPaolo Bonzini Provides KVM support for the hosting Xen HVM guests and 182b59b153dSPaolo Bonzini passing Xen hypercalls to userspace. 183b59b153dSPaolo Bonzini 184b59b153dSPaolo Bonzini If in doubt, say "N". 185b59b153dSPaolo Bonzini 186870d4d4eSSean Christophersonconfig KVM_PROVE_MMU 187870d4d4eSSean Christopherson bool "Prove KVM MMU correctness" 188870d4d4eSSean Christopherson depends on DEBUG_KERNEL 189870d4d4eSSean Christopherson depends on KVM 190870d4d4eSSean Christopherson depends on EXPERT 191870d4d4eSSean Christopherson help 192870d4d4eSSean Christopherson Enables runtime assertions in KVM's MMU that are too costly to enable 193870d4d4eSSean Christopherson in anything remotely resembling a production environment, e.g. this 194870d4d4eSSean Christopherson gates code that verifies a to-be-freed page table doesn't have any 195870d4d4eSSean Christopherson present SPTEs. 196870d4d4eSSean Christopherson 197870d4d4eSSean Christopherson If in doubt, say "N". 198870d4d4eSSean Christopherson 199e9d0c0c4SDavid Stevensconfig KVM_EXTERNAL_WRITE_TRACKING 200e9d0c0c4SDavid Stevens bool 201e9d0c0c4SDavid Stevens 202f10a570bSKyle Meyerconfig KVM_MAX_NR_VCPUS 203f10a570bSKyle Meyer int "Maximum number of vCPUs per KVM guest" 204f10a570bSKyle Meyer depends on KVM 205f10a570bSKyle Meyer range 1024 4096 206f10a570bSKyle Meyer default 4096 if MAXSMP 207f10a570bSKyle Meyer default 1024 208f10a570bSKyle Meyer help 209f10a570bSKyle Meyer Set the maximum number of vCPUs per KVM guest. Larger values will increase 210f10a570bSKyle Meyer the memory footprint of each KVM guest, regardless of how many vCPUs are 211f10a570bSKyle Meyer created for a given VM. 212f10a570bSKyle Meyer 213edf88417SAvi Kivityendif # VIRTUALIZATION 214