1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0 2edf88417SAvi Kivity# 3edf88417SAvi Kivity# KVM configuration 4edf88417SAvi Kivity# 5edf88417SAvi Kivity 60ba12d10SAvi Kivitysource "virt/kvm/Kconfig" 75d9b8e30SAvi Kivity 8edf88417SAvi Kivitymenuconfig VIRTUALIZATION 9edf88417SAvi Kivity bool "Virtualization" 10edf88417SAvi Kivity default y 11a7f7f624SMasahiro Yamada help 12edf88417SAvi Kivity Say Y here to get to see options for using your Linux host to run other 13edf88417SAvi Kivity operating systems inside virtual machines (guests). 14edf88417SAvi Kivity This option alone does not add any kernel code. 15edf88417SAvi Kivity 16edf88417SAvi Kivity If you say N, all options in this submenu will be skipped and disabled. 17edf88417SAvi Kivity 18edf88417SAvi Kivityif VIRTUALIZATION 19edf88417SAvi Kivity 20edf88417SAvi Kivityconfig KVM 21edf88417SAvi Kivity tristate "Kernel-based Virtual Machine (KVM) support" 2292b5265dSLiu, Jinsong depends on HIGH_RES_TIMERS 23e42eef4bSArnd Bergmann depends on X86_LOCAL_APIC 24caadf876SPaolo Bonzini select KVM_COMMON 25f128cf8cSSean Christopherson select KVM_GENERIC_MMU_NOTIFIER 260ba12d10SAvi Kivity select HAVE_KVM_IRQCHIP 27982ed0deSDavid Woodhouse select HAVE_KVM_PFNCACHE 2817601bfeSMarc Zyngier select HAVE_KVM_DIRTY_RING_TSO 29fc0693d4SMarc Zyngier select HAVE_KVM_DIRTY_RING_ACQ_REL 3087276880SFeng Wu select HAVE_KVM_IRQ_BYPASS 31a725d56aSAlexander Graf select HAVE_KVM_IRQ_ROUTING 328886640dSPaolo Bonzini select HAVE_KVM_READONLY_MEM 33af585b92SGleb Natapov select KVM_ASYNC_PF 3418863bddSAvi Kivity select USER_RETURN_NOTIFIER 3550eb2a3cSAvi Kivity select KVM_MMIO 3663b3f96eSPeter Zijlstra select SCHED_INFO 37f5132b01SGleb Natapov select PERF_EVENTS 382aef6f30SSean Christopherson select GUEST_PERF_EVENTS 3907975ad3SJan Kiszka select HAVE_KVM_MSI 40f2a74347SRaghavendra K T select HAVE_KVM_CPU_RELAX_INTERCEPT 412d5ba19bSMarcelo Tosatti select HAVE_KVM_NO_POLL 4272c3c0feSThomas Gleixner select KVM_XFER_TO_GUEST_WORK 43e108ff2fSPaolo Bonzini select KVM_GENERIC_DIRTYLOG_READ_PROTECT 44ec53500fSAlex Williamson select KVM_VFIO 457d62874fSSergey Senozhatsky select HAVE_KVM_PM_NOTIFIER if PM 46441f7bfaSSean Christopherson select KVM_GENERIC_HARDWARE_ENABLING 47*76d5363cSSean Christopherson select KVM_WERROR if WERROR 48a7f7f624SMasahiro Yamada help 49edf88417SAvi Kivity Support hosting fully virtualized guest machines using hardware 50edf88417SAvi Kivity virtualization extensions. You will need a fairly recent 51edf88417SAvi Kivity processor equipped with virtualization extensions. You will also 52edf88417SAvi Kivity need to select one or more of the processor modules below. 53edf88417SAvi Kivity 54edf88417SAvi Kivity This module provides access to the hardware capabilities through 55edf88417SAvi Kivity a character device node named /dev/kvm. 56edf88417SAvi Kivity 57edf88417SAvi Kivity To compile this as a module, choose M here: the module 58edf88417SAvi Kivity will be called kvm. 59edf88417SAvi Kivity 60edf88417SAvi Kivity If unsure, say N. 61edf88417SAvi Kivity 624f337fafSPaolo Bonziniconfig KVM_WERROR 634f337fafSPaolo Bonzini bool "Compile KVM with -Werror" 6475bedc1eSSean Christopherson # Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against 6575bedc1eSSean Christopherson # randomized configs from selecting KVM_WERROR=y, which doesn't play 6675bedc1eSSean Christopherson # nice with KASAN. KASAN builds generates warnings for the default 6775bedc1eSSean Christopherson # FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning. 6875bedc1eSSean Christopherson # Building KVM with -Werror and KASAN is still doable via enabling 6975bedc1eSSean Christopherson # the kernel-wide WERROR=y. 70*76d5363cSSean Christopherson depends on KVM && ((EXPERT && !KASAN) || WERROR) 714f337fafSPaolo Bonzini help 72a754acc3SJason A. Donenfeld Add -Werror to the build flags for KVM. 734f337fafSPaolo Bonzini 744f337fafSPaolo Bonzini If in doubt, say "N". 754f337fafSPaolo Bonzini 7689ea60c2SSean Christophersonconfig KVM_SW_PROTECTED_VM 7789ea60c2SSean Christopherson bool "Enable support for KVM software-protected VMs" 7889ea60c2SSean Christopherson depends on EXPERT 7978328801SPaolo Bonzini depends on KVM && X86_64 8089ea60c2SSean Christopherson select KVM_GENERIC_PRIVATE_MEM 8189ea60c2SSean Christopherson help 8242269209SSean Christopherson Enable support for KVM software-protected VMs. Currently, software- 8342269209SSean Christopherson protected VMs are purely a development and testing vehicle for 8442269209SSean Christopherson KVM_CREATE_GUEST_MEMFD. Attempting to run a "real" VM workload as a 8542269209SSean Christopherson software-protected VM will fail miserably. 8689ea60c2SSean Christopherson 8789ea60c2SSean Christopherson If unsure, say "N". 8889ea60c2SSean Christopherson 89edf88417SAvi Kivityconfig KVM_INTEL 908f63aaf5SSean Christopherson tristate "KVM for Intel (and compatible) processors support" 918f63aaf5SSean Christopherson depends on KVM && IA32_FEAT_CTL 92a7f7f624SMasahiro Yamada help 938f63aaf5SSean Christopherson Provides support for KVM on processors equipped with Intel's VT 948f63aaf5SSean Christopherson extensions, a.k.a. Virtual Machine Extensions (VMX). 95edf88417SAvi Kivity 9658f8ac27SRobert P. J. Day To compile this as a module, choose M here: the module 9758f8ac27SRobert P. J. Day will be called kvm-intel. 9858f8ac27SRobert P. J. Day 998131cf5bSIsaku Yamahataconfig KVM_INTEL_PROVE_VE 1008131cf5bSIsaku Yamahata bool "Check that guests do not receive #VE exceptions" 1016af6142eSSean Christopherson depends on KVM_INTEL && EXPERT 1028131cf5bSIsaku Yamahata help 1038131cf5bSIsaku Yamahata Checks that KVM's page table management code will not incorrectly 1048131cf5bSIsaku Yamahata let guests receive a virtualization exception. Virtualization 1058131cf5bSIsaku Yamahata exceptions will be trapped by the hypervisor rather than injected 1068131cf5bSIsaku Yamahata in the guest. 1078131cf5bSIsaku Yamahata 1086af6142eSSean Christopherson Note: some CPUs appear to generate spurious EPT Violations #VEs 1096af6142eSSean Christopherson that trigger KVM's WARN, in particular with eptad=0 and/or nested 1106af6142eSSean Christopherson virtualization. 1116af6142eSSean Christopherson 1128131cf5bSIsaku Yamahata If unsure, say N. 1138131cf5bSIsaku Yamahata 114540745ddSSean Christophersonconfig X86_SGX_KVM 115540745ddSSean Christopherson bool "Software Guard eXtensions (SGX) Virtualization" 116540745ddSSean Christopherson depends on X86_SGX && KVM_INTEL 117540745ddSSean Christopherson help 118540745ddSSean Christopherson 119540745ddSSean Christopherson Enables KVM guests to create SGX enclaves. 120540745ddSSean Christopherson 121540745ddSSean Christopherson This includes support to expose "raw" unreclaimable enclave memory to 122540745ddSSean Christopherson guests via a device node, e.g. /dev/sgx_vepc. 123540745ddSSean Christopherson 124540745ddSSean Christopherson If unsure, say N. 125540745ddSSean Christopherson 126edf88417SAvi Kivityconfig KVM_AMD 127edf88417SAvi Kivity tristate "KVM for AMD processors support" 128554856b6SSean Christopherson depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON) 129a7f7f624SMasahiro Yamada help 130edf88417SAvi Kivity Provides support for KVM on AMD processors equipped with the AMD-V 131edf88417SAvi Kivity (SVM) extensions. 132edf88417SAvi Kivity 13358f8ac27SRobert P. J. Day To compile this as a module, choose M here: the module 13458f8ac27SRobert P. J. Day will be called kvm-amd. 13558f8ac27SRobert P. J. Day 1365dd0a57cSBrijesh Singhconfig KVM_AMD_SEV 1375dd0a57cSBrijesh Singh bool "AMD Secure Encrypted Virtualization (SEV) support" 138cd14b018SMasahiro Yamada default y 1395dd0a57cSBrijesh Singh depends on KVM_AMD && X86_64 140d30f370dSJanakarajan Natarajan depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) 14154f5f47bSBorislav Petkov (AMD) select ARCH_HAS_CC_PLATFORM 142a7f7f624SMasahiro Yamada help 143916391a2STom Lendacky Provides support for launching Encrypted VMs (SEV) and Encrypted VMs 144916391a2STom Lendacky with Encrypted State (SEV-ES) on AMD processors. 1455dd0a57cSBrijesh Singh 1464b8e1b32SPaolo Bonziniconfig KVM_SMM 1474b8e1b32SPaolo Bonzini bool "System Management Mode emulation" 1484b8e1b32SPaolo Bonzini default y 1494b8e1b32SPaolo Bonzini depends on KVM 1504b8e1b32SPaolo Bonzini help 1514b8e1b32SPaolo Bonzini Provides support for KVM to emulate System Management Mode (SMM) 1524b8e1b32SPaolo Bonzini in virtual machines. This can be used by the virtual machine 1534b8e1b32SPaolo Bonzini firmware to implement UEFI secure boot. 1544b8e1b32SPaolo Bonzini 1554b8e1b32SPaolo Bonzini If unsure, say Y. 1564b8e1b32SPaolo Bonzini 157b4f69df0SVitaly Kuznetsovconfig KVM_HYPERV 158b4f69df0SVitaly Kuznetsov bool "Support for Microsoft Hyper-V emulation" 159b4f69df0SVitaly Kuznetsov depends on KVM 160b4f69df0SVitaly Kuznetsov default y 161b4f69df0SVitaly Kuznetsov help 162b4f69df0SVitaly Kuznetsov Provides KVM support for emulating Microsoft Hyper-V. This allows KVM 163b4f69df0SVitaly Kuznetsov to expose a subset of the paravirtualized interfaces defined in the 164b4f69df0SVitaly Kuznetsov Hyper-V Hypervisor Top-Level Functional Specification (TLFS): 165b4f69df0SVitaly Kuznetsov https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs 166b4f69df0SVitaly Kuznetsov These interfaces are required for the correct and performant functioning 167b4f69df0SVitaly Kuznetsov of Windows and Hyper-V guests on KVM. 168b4f69df0SVitaly Kuznetsov 169b4f69df0SVitaly Kuznetsov If unsure, say "Y". 170b4f69df0SVitaly Kuznetsov 171b59b153dSPaolo Bonziniconfig KVM_XEN 172b59b153dSPaolo Bonzini bool "Support for Xen hypercall interface" 173b59b153dSPaolo Bonzini depends on KVM 174b59b153dSPaolo Bonzini help 175b59b153dSPaolo Bonzini Provides KVM support for the hosting Xen HVM guests and 176b59b153dSPaolo Bonzini passing Xen hypercalls to userspace. 177b59b153dSPaolo Bonzini 178b59b153dSPaolo Bonzini If in doubt, say "N". 179b59b153dSPaolo Bonzini 180870d4d4eSSean Christophersonconfig KVM_PROVE_MMU 181870d4d4eSSean Christopherson bool "Prove KVM MMU correctness" 182870d4d4eSSean Christopherson depends on DEBUG_KERNEL 183870d4d4eSSean Christopherson depends on KVM 184870d4d4eSSean Christopherson depends on EXPERT 185870d4d4eSSean Christopherson help 186870d4d4eSSean Christopherson Enables runtime assertions in KVM's MMU that are too costly to enable 187870d4d4eSSean Christopherson in anything remotely resembling a production environment, e.g. this 188870d4d4eSSean Christopherson gates code that verifies a to-be-freed page table doesn't have any 189870d4d4eSSean Christopherson present SPTEs. 190870d4d4eSSean Christopherson 191870d4d4eSSean Christopherson If in doubt, say "N". 192870d4d4eSSean Christopherson 193e9d0c0c4SDavid Stevensconfig KVM_EXTERNAL_WRITE_TRACKING 194e9d0c0c4SDavid Stevens bool 195e9d0c0c4SDavid Stevens 196f10a570bSKyle Meyerconfig KVM_MAX_NR_VCPUS 197f10a570bSKyle Meyer int "Maximum number of vCPUs per KVM guest" 198f10a570bSKyle Meyer depends on KVM 199f10a570bSKyle Meyer range 1024 4096 200f10a570bSKyle Meyer default 4096 if MAXSMP 201f10a570bSKyle Meyer default 1024 202f10a570bSKyle Meyer help 203f10a570bSKyle Meyer Set the maximum number of vCPUs per KVM guest. Larger values will increase 204f10a570bSKyle Meyer the memory footprint of each KVM guest, regardless of how many vCPUs are 205f10a570bSKyle Meyer created for a given VM. 206f10a570bSKyle Meyer 207edf88417SAvi Kivityendif # VIRTUALIZATION 208