xref: /linux/arch/x86/kvm/Kconfig (revision 89ea60c2c7b5838bf192c50062d5720cd6ab8662) 
1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0
2edf88417SAvi Kivity#
3edf88417SAvi Kivity# KVM configuration
4edf88417SAvi Kivity#
5edf88417SAvi Kivity
60ba12d10SAvi Kivitysource "virt/kvm/Kconfig"
75d9b8e30SAvi Kivity
8edf88417SAvi Kivitymenuconfig VIRTUALIZATION
9edf88417SAvi Kivity	bool "Virtualization"
10edf88417SAvi Kivity	depends on HAVE_KVM || X86
11edf88417SAvi Kivity	default y
12a7f7f624SMasahiro Yamada	help
13edf88417SAvi Kivity	  Say Y here to get to see options for using your Linux host to run other
14edf88417SAvi Kivity	  operating systems inside virtual machines (guests).
15edf88417SAvi Kivity	  This option alone does not add any kernel code.
16edf88417SAvi Kivity
17edf88417SAvi Kivity	  If you say N, all options in this submenu will be skipped and disabled.
18edf88417SAvi Kivity
19edf88417SAvi Kivityif VIRTUALIZATION
20edf88417SAvi Kivity
21edf88417SAvi Kivityconfig KVM
22edf88417SAvi Kivity	tristate "Kernel-based Virtual Machine (KVM) support"
23268fe02aSAvi Kivity	depends on HAVE_KVM
2492b5265dSLiu, Jinsong	depends on HIGH_RES_TIMERS
25e42eef4bSArnd Bergmann	depends on X86_LOCAL_APIC
26edf88417SAvi Kivity	select PREEMPT_NOTIFIERS
27f128cf8cSSean Christopherson	select KVM_GENERIC_MMU_NOTIFIER
280ba12d10SAvi Kivity	select HAVE_KVM_IRQCHIP
29982ed0deSDavid Woodhouse	select HAVE_KVM_PFNCACHE
30297e2105SPaul Mackerras	select HAVE_KVM_IRQFD
3117601bfeSMarc Zyngier	select HAVE_KVM_DIRTY_RING_TSO
32fc0693d4SMarc Zyngier	select HAVE_KVM_DIRTY_RING_ACQ_REL
3387276880SFeng Wu	select IRQ_BYPASS_MANAGER
3487276880SFeng Wu	select HAVE_KVM_IRQ_BYPASS
35a725d56aSAlexander Graf	select HAVE_KVM_IRQ_ROUTING
36721eecbfSGregory Haskins	select HAVE_KVM_EVENTFD
37af585b92SGleb Natapov	select KVM_ASYNC_PF
3818863bddSAvi Kivity	select USER_RETURN_NOTIFIER
3950eb2a3cSAvi Kivity	select KVM_MMIO
4063b3f96eSPeter Zijlstra	select SCHED_INFO
41f5132b01SGleb Natapov	select PERF_EVENTS
422aef6f30SSean Christopherson	select GUEST_PERF_EVENTS
4307975ad3SJan Kiszka	select HAVE_KVM_MSI
44f2a74347SRaghavendra K T	select HAVE_KVM_CPU_RELAX_INTERCEPT
452d5ba19bSMarcelo Tosatti	select HAVE_KVM_NO_POLL
4672c3c0feSThomas Gleixner	select KVM_XFER_TO_GUEST_WORK
47e108ff2fSPaolo Bonzini	select KVM_GENERIC_DIRTYLOG_READ_PROTECT
48ec53500fSAlex Williamson	select KVM_VFIO
49ed922739SMaciej S. Szmigiero	select INTERVAL_TREE
507d62874fSSergey Senozhatsky	select HAVE_KVM_PM_NOTIFIER if PM
51441f7bfaSSean Christopherson	select KVM_GENERIC_HARDWARE_ENABLING
52a7f7f624SMasahiro Yamada	help
53edf88417SAvi Kivity	  Support hosting fully virtualized guest machines using hardware
54edf88417SAvi Kivity	  virtualization extensions.  You will need a fairly recent
55edf88417SAvi Kivity	  processor equipped with virtualization extensions. You will also
56edf88417SAvi Kivity	  need to select one or more of the processor modules below.
57edf88417SAvi Kivity
58edf88417SAvi Kivity	  This module provides access to the hardware capabilities through
59edf88417SAvi Kivity	  a character device node named /dev/kvm.
60edf88417SAvi Kivity
61edf88417SAvi Kivity	  To compile this as a module, choose M here: the module
62edf88417SAvi Kivity	  will be called kvm.
63edf88417SAvi Kivity
64edf88417SAvi Kivity	  If unsure, say N.
65edf88417SAvi Kivity
664f337fafSPaolo Bonziniconfig KVM_WERROR
674f337fafSPaolo Bonzini	bool "Compile KVM with -Werror"
684f337fafSPaolo Bonzini	# KASAN may cause the build to fail due to larger frames
694f337fafSPaolo Bonzini	default y if X86_64 && !KASAN
704f337fafSPaolo Bonzini	# We use the dependency on !COMPILE_TEST to not be enabled
714f337fafSPaolo Bonzini	# blindly in allmodconfig or allyesconfig configurations
728f116a6cSMatteo Croce	depends on KVM
734f337fafSPaolo Bonzini	depends on (X86_64 && !KASAN) || !COMPILE_TEST
744f337fafSPaolo Bonzini	depends on EXPERT
754f337fafSPaolo Bonzini	help
76a754acc3SJason A. Donenfeld	  Add -Werror to the build flags for KVM.
774f337fafSPaolo Bonzini
784f337fafSPaolo Bonzini	  If in doubt, say "N".
794f337fafSPaolo Bonzini
80*89ea60c2SSean Christophersonconfig KVM_SW_PROTECTED_VM
81*89ea60c2SSean Christopherson	bool "Enable support for KVM software-protected VMs"
82*89ea60c2SSean Christopherson	depends on EXPERT
83*89ea60c2SSean Christopherson	depends on X86_64
84*89ea60c2SSean Christopherson	select KVM_GENERIC_PRIVATE_MEM
85*89ea60c2SSean Christopherson	help
86*89ea60c2SSean Christopherson	  Enable support for KVM software-protected VMs.  Currently "protected"
87*89ea60c2SSean Christopherson	  means the VM can be backed with memory provided by
88*89ea60c2SSean Christopherson	  KVM_CREATE_GUEST_MEMFD.
89*89ea60c2SSean Christopherson
90*89ea60c2SSean Christopherson	  If unsure, say "N".
91*89ea60c2SSean Christopherson
92edf88417SAvi Kivityconfig KVM_INTEL
938f63aaf5SSean Christopherson	tristate "KVM for Intel (and compatible) processors support"
948f63aaf5SSean Christopherson	depends on KVM && IA32_FEAT_CTL
95a7f7f624SMasahiro Yamada	help
968f63aaf5SSean Christopherson	  Provides support for KVM on processors equipped with Intel's VT
978f63aaf5SSean Christopherson	  extensions, a.k.a. Virtual Machine Extensions (VMX).
98edf88417SAvi Kivity
9958f8ac27SRobert P. J. Day	  To compile this as a module, choose M here: the module
10058f8ac27SRobert P. J. Day	  will be called kvm-intel.
10158f8ac27SRobert P. J. Day
102540745ddSSean Christophersonconfig X86_SGX_KVM
103540745ddSSean Christopherson	bool "Software Guard eXtensions (SGX) Virtualization"
104540745ddSSean Christopherson	depends on X86_SGX && KVM_INTEL
105540745ddSSean Christopherson	help
106540745ddSSean Christopherson
107540745ddSSean Christopherson	  Enables KVM guests to create SGX enclaves.
108540745ddSSean Christopherson
109540745ddSSean Christopherson	  This includes support to expose "raw" unreclaimable enclave memory to
110540745ddSSean Christopherson	  guests via a device node, e.g. /dev/sgx_vepc.
111540745ddSSean Christopherson
112540745ddSSean Christopherson	  If unsure, say N.
113540745ddSSean Christopherson
114edf88417SAvi Kivityconfig KVM_AMD
115edf88417SAvi Kivity	tristate "KVM for AMD processors support"
116554856b6SSean Christopherson	depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON)
117a7f7f624SMasahiro Yamada	help
118edf88417SAvi Kivity	  Provides support for KVM on AMD processors equipped with the AMD-V
119edf88417SAvi Kivity	  (SVM) extensions.
120edf88417SAvi Kivity
12158f8ac27SRobert P. J. Day	  To compile this as a module, choose M here: the module
12258f8ac27SRobert P. J. Day	  will be called kvm-amd.
12358f8ac27SRobert P. J. Day
1245dd0a57cSBrijesh Singhconfig KVM_AMD_SEV
1255dd0a57cSBrijesh Singh	def_bool y
1265dd0a57cSBrijesh Singh	bool "AMD Secure Encrypted Virtualization (SEV) support"
1275dd0a57cSBrijesh Singh	depends on KVM_AMD && X86_64
128d30f370dSJanakarajan Natarajan	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
129a7f7f624SMasahiro Yamada	help
130916391a2STom Lendacky	  Provides support for launching Encrypted VMs (SEV) and Encrypted VMs
131916391a2STom Lendacky	  with Encrypted State (SEV-ES) on AMD processors.
1325dd0a57cSBrijesh Singh
1334b8e1b32SPaolo Bonziniconfig KVM_SMM
1344b8e1b32SPaolo Bonzini	bool "System Management Mode emulation"
1354b8e1b32SPaolo Bonzini	default y
1364b8e1b32SPaolo Bonzini	depends on KVM
1374b8e1b32SPaolo Bonzini	help
1384b8e1b32SPaolo Bonzini	  Provides support for KVM to emulate System Management Mode (SMM)
1394b8e1b32SPaolo Bonzini	  in virtual machines.  This can be used by the virtual machine
1404b8e1b32SPaolo Bonzini	  firmware to implement UEFI secure boot.
1414b8e1b32SPaolo Bonzini
1424b8e1b32SPaolo Bonzini	  If unsure, say Y.
1434b8e1b32SPaolo Bonzini
144b59b153dSPaolo Bonziniconfig KVM_XEN
145b59b153dSPaolo Bonzini	bool "Support for Xen hypercall interface"
146b59b153dSPaolo Bonzini	depends on KVM
147b59b153dSPaolo Bonzini	help
148b59b153dSPaolo Bonzini	  Provides KVM support for the hosting Xen HVM guests and
149b59b153dSPaolo Bonzini	  passing Xen hypercalls to userspace.
150b59b153dSPaolo Bonzini
151b59b153dSPaolo Bonzini	  If in doubt, say "N".
152b59b153dSPaolo Bonzini
153870d4d4eSSean Christophersonconfig KVM_PROVE_MMU
154870d4d4eSSean Christopherson	bool "Prove KVM MMU correctness"
155870d4d4eSSean Christopherson	depends on DEBUG_KERNEL
156870d4d4eSSean Christopherson	depends on KVM
157870d4d4eSSean Christopherson	depends on EXPERT
158870d4d4eSSean Christopherson	help
159870d4d4eSSean Christopherson	  Enables runtime assertions in KVM's MMU that are too costly to enable
160870d4d4eSSean Christopherson	  in anything remotely resembling a production environment, e.g. this
161870d4d4eSSean Christopherson	  gates code that verifies a to-be-freed page table doesn't have any
162870d4d4eSSean Christopherson	  present SPTEs.
163870d4d4eSSean Christopherson
164870d4d4eSSean Christopherson	  If in doubt, say "N".
165870d4d4eSSean Christopherson
166e9d0c0c4SDavid Stevensconfig KVM_EXTERNAL_WRITE_TRACKING
167e9d0c0c4SDavid Stevens	bool
168e9d0c0c4SDavid Stevens
169f10a570bSKyle Meyerconfig KVM_MAX_NR_VCPUS
170f10a570bSKyle Meyer	int "Maximum number of vCPUs per KVM guest"
171f10a570bSKyle Meyer	depends on KVM
172f10a570bSKyle Meyer	range 1024 4096
173f10a570bSKyle Meyer	default 4096 if MAXSMP
174f10a570bSKyle Meyer	default 1024
175f10a570bSKyle Meyer	help
176f10a570bSKyle Meyer	  Set the maximum number of vCPUs per KVM guest. Larger values will increase
177f10a570bSKyle Meyer	  the memory footprint of each KVM guest, regardless of how many vCPUs are
178f10a570bSKyle Meyer	  created for a given VM.
179f10a570bSKyle Meyer
180edf88417SAvi Kivityendif # VIRTUALIZATION
181