1 # SPDX-License-Identifier: GPL-2.0 2 # 3 # KVM configuration 4 # 5 6 source "virt/kvm/Kconfig" 7 8 menuconfig VIRTUALIZATION 9 bool "Virtualization" 10 default y 11 help 12 Say Y here to get to see options for using your Linux host to run other 13 operating systems inside virtual machines (guests). 14 This option alone does not add any kernel code. 15 16 If you say N, all options in this submenu will be skipped and disabled. 17 18 if VIRTUALIZATION 19 20 config KVM_X86 21 def_tristate KVM if KVM_INTEL || KVM_AMD 22 depends on X86_LOCAL_APIC 23 select KVM_COMMON 24 select KVM_GENERIC_MMU_NOTIFIER 25 select HAVE_KVM_IRQCHIP 26 select HAVE_KVM_PFNCACHE 27 select HAVE_KVM_DIRTY_RING_TSO 28 select HAVE_KVM_DIRTY_RING_ACQ_REL 29 select HAVE_KVM_IRQ_BYPASS 30 select HAVE_KVM_IRQ_ROUTING 31 select HAVE_KVM_READONLY_MEM 32 select KVM_ASYNC_PF 33 select USER_RETURN_NOTIFIER 34 select KVM_MMIO 35 select SCHED_INFO 36 select PERF_EVENTS 37 select GUEST_PERF_EVENTS 38 select HAVE_KVM_MSI 39 select HAVE_KVM_CPU_RELAX_INTERCEPT 40 select HAVE_KVM_NO_POLL 41 select KVM_XFER_TO_GUEST_WORK 42 select KVM_GENERIC_DIRTYLOG_READ_PROTECT 43 select KVM_VFIO 44 select HAVE_KVM_PM_NOTIFIER if PM 45 select KVM_GENERIC_HARDWARE_ENABLING 46 select KVM_GENERIC_PRE_FAULT_MEMORY 47 select KVM_GENERIC_PRIVATE_MEM if KVM_SW_PROTECTED_VM 48 select KVM_WERROR if WERROR 49 50 config KVM 51 tristate "Kernel-based Virtual Machine (KVM) support" 52 help 53 Support hosting fully virtualized guest machines using hardware 54 virtualization extensions. You will need a fairly recent 55 processor equipped with virtualization extensions. You will also 56 need to select one or more of the processor modules below. 57 58 This module provides access to the hardware capabilities through 59 a character device node named /dev/kvm. 60 61 To compile this as a module, choose M here: the module 62 will be called kvm. 63 64 If unsure, say N. 65 66 config KVM_WERROR 67 bool "Compile KVM with -Werror" 68 # Disallow KVM's -Werror if KASAN is enabled, e.g. to guard against 69 # randomized configs from selecting KVM_WERROR=y, which doesn't play 70 # nice with KASAN. KASAN builds generates warnings for the default 71 # FRAME_WARN, i.e. KVM_WERROR=y with KASAN=y requires special tuning. 72 # Building KVM with -Werror and KASAN is still doable via enabling 73 # the kernel-wide WERROR=y. 74 depends on KVM && ((EXPERT && !KASAN) || WERROR) 75 help 76 Add -Werror to the build flags for KVM. 77 78 If in doubt, say "N". 79 80 config KVM_SW_PROTECTED_VM 81 bool "Enable support for KVM software-protected VMs" 82 depends on EXPERT 83 depends on KVM && X86_64 84 help 85 Enable support for KVM software-protected VMs. Currently, software- 86 protected VMs are purely a development and testing vehicle for 87 KVM_CREATE_GUEST_MEMFD. Attempting to run a "real" VM workload as a 88 software-protected VM will fail miserably. 89 90 If unsure, say "N". 91 92 config KVM_INTEL 93 tristate "KVM for Intel (and compatible) processors support" 94 depends on KVM && IA32_FEAT_CTL 95 help 96 Provides support for KVM on processors equipped with Intel's VT 97 extensions, a.k.a. Virtual Machine Extensions (VMX). 98 99 To compile this as a module, choose M here: the module 100 will be called kvm-intel. 101 102 config KVM_INTEL_PROVE_VE 103 bool "Check that guests do not receive #VE exceptions" 104 depends on KVM_INTEL && EXPERT 105 help 106 Checks that KVM's page table management code will not incorrectly 107 let guests receive a virtualization exception. Virtualization 108 exceptions will be trapped by the hypervisor rather than injected 109 in the guest. 110 111 Note: some CPUs appear to generate spurious EPT Violations #VEs 112 that trigger KVM's WARN, in particular with eptad=0 and/or nested 113 virtualization. 114 115 If unsure, say N. 116 117 config X86_SGX_KVM 118 bool "Software Guard eXtensions (SGX) Virtualization" 119 depends on X86_SGX && KVM_INTEL 120 help 121 122 Enables KVM guests to create SGX enclaves. 123 124 This includes support to expose "raw" unreclaimable enclave memory to 125 guests via a device node, e.g. /dev/sgx_vepc. 126 127 If unsure, say N. 128 129 config KVM_AMD 130 tristate "KVM for AMD processors support" 131 depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON) 132 help 133 Provides support for KVM on AMD processors equipped with the AMD-V 134 (SVM) extensions. 135 136 To compile this as a module, choose M here: the module 137 will be called kvm-amd. 138 139 config KVM_AMD_SEV 140 bool "AMD Secure Encrypted Virtualization (SEV) support" 141 default y 142 depends on KVM_AMD && X86_64 143 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) 144 select ARCH_HAS_CC_PLATFORM 145 select KVM_GENERIC_PRIVATE_MEM 146 select HAVE_KVM_ARCH_GMEM_PREPARE 147 select HAVE_KVM_ARCH_GMEM_INVALIDATE 148 help 149 Provides support for launching encrypted VMs which use Secure 150 Encrypted Virtualization (SEV), Secure Encrypted Virtualization with 151 Encrypted State (SEV-ES), and Secure Encrypted Virtualization with 152 Secure Nested Paging (SEV-SNP) technologies on AMD processors. 153 154 config KVM_SMM 155 bool "System Management Mode emulation" 156 default y 157 depends on KVM 158 help 159 Provides support for KVM to emulate System Management Mode (SMM) 160 in virtual machines. This can be used by the virtual machine 161 firmware to implement UEFI secure boot. 162 163 If unsure, say Y. 164 165 config KVM_HYPERV 166 bool "Support for Microsoft Hyper-V emulation" 167 depends on KVM 168 default y 169 help 170 Provides KVM support for emulating Microsoft Hyper-V. This allows KVM 171 to expose a subset of the paravirtualized interfaces defined in the 172 Hyper-V Hypervisor Top-Level Functional Specification (TLFS): 173 https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs 174 These interfaces are required for the correct and performant functioning 175 of Windows and Hyper-V guests on KVM. 176 177 If unsure, say "Y". 178 179 config KVM_XEN 180 bool "Support for Xen hypercall interface" 181 depends on KVM 182 help 183 Provides KVM support for the hosting Xen HVM guests and 184 passing Xen hypercalls to userspace. 185 186 If in doubt, say "N". 187 188 config KVM_PROVE_MMU 189 bool "Prove KVM MMU correctness" 190 depends on DEBUG_KERNEL 191 depends on KVM 192 depends on EXPERT 193 help 194 Enables runtime assertions in KVM's MMU that are too costly to enable 195 in anything remotely resembling a production environment, e.g. this 196 gates code that verifies a to-be-freed page table doesn't have any 197 present SPTEs. 198 199 If in doubt, say "N". 200 201 config KVM_EXTERNAL_WRITE_TRACKING 202 bool 203 204 config KVM_MAX_NR_VCPUS 205 int "Maximum number of vCPUs per KVM guest" 206 depends on KVM 207 range 1024 4096 208 default 4096 if MAXSMP 209 default 1024 210 help 211 Set the maximum number of vCPUs per KVM guest. Larger values will increase 212 the memory footprint of each KVM guest, regardless of how many vCPUs are 213 created for a given VM. 214 215 endif # VIRTUALIZATION
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.