xref: /linux/arch/x86/kvm/Kconfig (revision 0d20742b8e6bd94a3a335c061557ec9592a3444b) 
1# SPDX-License-Identifier: GPL-2.0
2#
3# KVM configuration
4#
5
6source "virt/kvm/Kconfig"
7
8menuconfig VIRTUALIZATION
9	bool "Virtualization"
10	default y
11	help
12	  Say Y here to get to see options for using your Linux host to run other
13	  operating systems inside virtual machines (guests).
14	  This option alone does not add any kernel code.
15
16	  If you say N, all options in this submenu will be skipped and disabled.
17
18if VIRTUALIZATION
19
20config KVM_X86
21	def_tristate KVM if (KVM_INTEL != n || KVM_AMD != n)
22	select KVM_COMMON
23	select KVM_GENERIC_MMU_NOTIFIER
24	select KVM_ELIDE_TLB_FLUSH_IF_YOUNG
25	select HAVE_KVM_IRQCHIP
26	select HAVE_KVM_PFNCACHE
27	select HAVE_KVM_DIRTY_RING_TSO
28	select HAVE_KVM_DIRTY_RING_ACQ_REL
29	select HAVE_KVM_IRQ_BYPASS
30	select HAVE_KVM_IRQ_ROUTING
31	select HAVE_KVM_READONLY_MEM
32	select VHOST_TASK
33	select KVM_ASYNC_PF
34	select USER_RETURN_NOTIFIER
35	select KVM_MMIO
36	select SCHED_INFO
37	select PERF_EVENTS
38	select GUEST_PERF_EVENTS
39	select HAVE_KVM_MSI
40	select HAVE_KVM_CPU_RELAX_INTERCEPT
41	select HAVE_KVM_NO_POLL
42	select KVM_XFER_TO_GUEST_WORK
43	select KVM_GENERIC_DIRTYLOG_READ_PROTECT
44	select KVM_VFIO
45	select HAVE_KVM_PM_NOTIFIER if PM
46	select KVM_GENERIC_HARDWARE_ENABLING
47	select KVM_GENERIC_PRE_FAULT_MEMORY
48	select KVM_GENERIC_PRIVATE_MEM if KVM_SW_PROTECTED_VM
49	select KVM_WERROR if WERROR
50
51config KVM
52	tristate "Kernel-based Virtual Machine (KVM) support"
53	depends on X86_LOCAL_APIC
54	help
55	  Support hosting fully virtualized guest machines using hardware
56	  virtualization extensions.  You will need a fairly recent
57	  processor equipped with virtualization extensions. You will also
58	  need to select one or more of the processor modules below.
59
60	  This module provides access to the hardware capabilities through
61	  a character device node named /dev/kvm.
62
63	  To compile this as a module, choose M here: the module
64	  will be called kvm.
65
66	  If unsure, say N.
67
68config KVM_WERROR
69	bool "Compile KVM with -Werror"
70	# Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against
71	# randomized configs from selecting KVM_WERROR=y, which doesn't play
72	# nice with KASAN.  KASAN builds generates warnings for the default
73	# FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning.
74	# Building KVM with -Werror and KASAN is still doable via enabling
75	# the kernel-wide WERROR=y.
76	depends on KVM && ((EXPERT && !KASAN) || WERROR)
77	help
78	  Add -Werror to the build flags for KVM.
79
80	  If in doubt, say "N".
81
82config KVM_SW_PROTECTED_VM
83	bool "Enable support for KVM software-protected VMs"
84	depends on EXPERT
85	depends on KVM && X86_64
86	help
87	  Enable support for KVM software-protected VMs.  Currently, software-
88	  protected VMs are purely a development and testing vehicle for
89	  KVM_CREATE_GUEST_MEMFD.  Attempting to run a "real" VM workload as a
90	  software-protected VM will fail miserably.
91
92	  If unsure, say "N".
93
94config KVM_INTEL
95	tristate "KVM for Intel (and compatible) processors support"
96	depends on KVM && IA32_FEAT_CTL
97	select KVM_GENERIC_PRIVATE_MEM if INTEL_TDX_HOST
98	select KVM_GENERIC_MEMORY_ATTRIBUTES if INTEL_TDX_HOST
99	help
100	  Provides support for KVM on processors equipped with Intel's VT
101	  extensions, a.k.a. Virtual Machine Extensions (VMX).
102
103	  To compile this as a module, choose M here: the module
104	  will be called kvm-intel.
105
106config KVM_INTEL_PROVE_VE
107        bool "Check that guests do not receive #VE exceptions"
108        depends on KVM_INTEL && EXPERT
109        help
110          Checks that KVM's page table management code will not incorrectly
111          let guests receive a virtualization exception.  Virtualization
112          exceptions will be trapped by the hypervisor rather than injected
113          in the guest.
114
115          Note: some CPUs appear to generate spurious EPT Violations #VEs
116          that trigger KVM's WARN, in particular with eptad=0 and/or nested
117          virtualization.
118
119          If unsure, say N.
120
121config X86_SGX_KVM
122	bool "Software Guard eXtensions (SGX) Virtualization"
123	depends on X86_SGX && KVM_INTEL
124	help
125
126	  Enables KVM guests to create SGX enclaves.
127
128	  This includes support to expose "raw" unreclaimable enclave memory to
129	  guests via a device node, e.g. /dev/sgx_vepc.
130
131	  If unsure, say N.
132
133config KVM_INTEL_TDX
134	bool "Intel Trust Domain Extensions (TDX) support"
135	default y
136	depends on INTEL_TDX_HOST
137	help
138	  Provides support for launching Intel Trust Domain Extensions (TDX)
139	  confidential VMs on Intel processors.
140
141	  If unsure, say N.
142
143config KVM_AMD
144	tristate "KVM for AMD processors support"
145	depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON)
146	help
147	  Provides support for KVM on AMD processors equipped with the AMD-V
148	  (SVM) extensions.
149
150	  To compile this as a module, choose M here: the module
151	  will be called kvm-amd.
152
153config KVM_AMD_SEV
154	bool "AMD Secure Encrypted Virtualization (SEV) support"
155	default y
156	depends on KVM_AMD && X86_64
157	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
158	select ARCH_HAS_CC_PLATFORM
159	select KVM_GENERIC_PRIVATE_MEM
160	select HAVE_KVM_ARCH_GMEM_PREPARE
161	select HAVE_KVM_ARCH_GMEM_INVALIDATE
162	help
163	  Provides support for launching encrypted VMs which use Secure
164	  Encrypted Virtualization (SEV), Secure Encrypted Virtualization with
165	  Encrypted State (SEV-ES), and Secure Encrypted Virtualization with
166	  Secure Nested Paging (SEV-SNP) technologies on AMD processors.
167
168config KVM_SMM
169	bool "System Management Mode emulation"
170	default y
171	depends on KVM
172	help
173	  Provides support for KVM to emulate System Management Mode (SMM)
174	  in virtual machines.  This can be used by the virtual machine
175	  firmware to implement UEFI secure boot.
176
177	  If unsure, say Y.
178
179config KVM_HYPERV
180	bool "Support for Microsoft Hyper-V emulation"
181	depends on KVM
182	default y
183	help
184	  Provides KVM support for emulating Microsoft Hyper-V.  This allows KVM
185	  to expose a subset of the paravirtualized interfaces defined in the
186	  Hyper-V Hypervisor Top-Level Functional Specification (TLFS):
187	  https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs
188	  These interfaces are required for the correct and performant functioning
189	  of Windows and Hyper-V guests on KVM.
190
191	  If unsure, say "Y".
192
193config KVM_XEN
194	bool "Support for Xen hypercall interface"
195	depends on KVM
196	help
197	  Provides KVM support for the hosting Xen HVM guests and
198	  passing Xen hypercalls to userspace.
199
200	  If in doubt, say "N".
201
202config KVM_PROVE_MMU
203	bool "Prove KVM MMU correctness"
204	depends on DEBUG_KERNEL
205	depends on KVM
206	depends on EXPERT
207	help
208	  Enables runtime assertions in KVM's MMU that are too costly to enable
209	  in anything remotely resembling a production environment, e.g. this
210	  gates code that verifies a to-be-freed page table doesn't have any
211	  present SPTEs.
212
213	  If in doubt, say "N".
214
215config KVM_EXTERNAL_WRITE_TRACKING
216	bool
217
218config KVM_MAX_NR_VCPUS
219	int "Maximum number of vCPUs per KVM guest"
220	depends on KVM
221	range 1024 4096
222	default 4096 if MAXSMP
223	default 1024
224	help
225	  Set the maximum number of vCPUs per KVM guest. Larger values will increase
226	  the memory footprint of each KVM guest, regardless of how many vCPUs are
227	  created for a given VM.
228
229endif # VIRTUALIZATION
230