projects / thirdparty / kernel / stable.git / blame
| Commit | Line | Data |
|---|---|---|
| b2441318 | 1 | # SPDX-License-Identifier: GPL-2.0 |
| 6aa8b732 AK |
2 | # |
| 3 | # KVM configuration | |
| 4 | # | |
| fb56dbb3 | 5 | |
| 0ba12d10 | 6 | source "virt/kvm/Kconfig" |
| 5d9b8e30 | 7 | |
| de062065 JE |
8 | menuconfig VIRTUALIZATION |
| 9 | bool "Virtualization" | |
| fb56dbb3 | 10 | depends on HAVE_KVM || X86 |
| de062065 | 11 | default y |
| a7f7f624 | 12 | help |
| 36a74097 AK |
13 | Say Y here to get to see options for using your Linux host to run other |
| 14 | operating systems inside virtual machines (guests). | |
| 06bfb7eb JE |
15 | This option alone does not add any kernel code. |
| 16 | ||
| 17 | If you say N, all options in this submenu will be skipped and disabled. | |
| de062065 JE |
18 | |
| 19 | if VIRTUALIZATION | |
| fd24dc4a | 20 | |
| 6aa8b732 AK |
21 | config KVM |
| 22 | tristate "Kernel-based Virtual Machine (KVM) support" | |
| 268fe02a | 23 | depends on HAVE_KVM |
| 92b5265d | 24 | depends on HIGH_RES_TIMERS |
| e42eef4b | 25 | depends on X86_LOCAL_APIC |
| caadf876 | 26 | select KVM_COMMON |
| f128cf8c | 27 | select KVM_GENERIC_MMU_NOTIFIER |
| 0ba12d10 | 28 | select HAVE_KVM_IRQCHIP |
| 982ed0de | 29 | select HAVE_KVM_PFNCACHE |
| 17601bfe | 30 | select HAVE_KVM_DIRTY_RING_TSO |
| fc0693d4 | 31 | select HAVE_KVM_DIRTY_RING_ACQ_REL |
| 87276880 FW |
32 | select IRQ_BYPASS_MANAGER |
| 33 | select HAVE_KVM_IRQ_BYPASS | |
| a725d56a | 34 | select HAVE_KVM_IRQ_ROUTING |
| af585b92 | 35 | select KVM_ASYNC_PF |
| 18863bdd | 36 | select USER_RETURN_NOTIFIER |
| 50eb2a3c | 37 | select KVM_MMIO |
| 63b3f96e | 38 | select SCHED_INFO |
| f5132b01 | 39 | select PERF_EVENTS |
| 2aef6f30 | 40 | select GUEST_PERF_EVENTS |
| 07975ad3 | 41 | select HAVE_KVM_MSI |
| f2a74347 | 42 | select HAVE_KVM_CPU_RELAX_INTERCEPT |
| 2d5ba19b | 43 | select HAVE_KVM_NO_POLL |
| 72c3c0fe | 44 | select KVM_XFER_TO_GUEST_WORK |
| e108ff2f | 45 | select KVM_GENERIC_DIRTYLOG_READ_PROTECT |
| ec53500f | 46 | select KVM_VFIO |
| 7d62874f | 47 | select HAVE_KVM_PM_NOTIFIER if PM |
| 441f7bfa | 48 | select KVM_GENERIC_HARDWARE_ENABLING |
| a7f7f624 | 49 | help |
| 6aa8b732 AK |
50 | Support hosting fully virtualized guest machines using hardware |
| 51 | virtualization extensions. You will need a fairly recent | |
| 52 | processor equipped with virtualization extensions. You will also | |
| 53 | need to select one or more of the processor modules below. | |
| 54 | ||
| 55 | This module provides access to the hardware capabilities through | |
| 56 | a character device node named /dev/kvm. | |
| 57 | ||
| 58 | To compile this as a module, choose M here: the module | |
| 59 | will be called kvm. | |
| 60 | ||
| 61 | If unsure, say N. | |
| 62 | ||
| 4f337faf PB |
63 | config KVM_WERROR |
| 64 | bool "Compile KVM with -Werror" | |
| 65 | # KASAN may cause the build to fail due to larger frames | |
| 66 | default y if X86_64 && !KASAN | |
| 67 | # We use the dependency on !COMPILE_TEST to not be enabled | |
| 68 | # blindly in allmodconfig or allyesconfig configurations | |
| 8f116a6c | 69 | depends on KVM |
| 4f337faf PB |
70 | depends on (X86_64 && !KASAN) || !COMPILE_TEST |
| 71 | depends on EXPERT | |
| 72 | help | |
| a754acc3 | 73 | Add -Werror to the build flags for KVM. |
| 4f337faf PB |
74 | |
| 75 | If in doubt, say "N". | |
| 76 | ||
| 89ea60c2 SC |
77 | config KVM_SW_PROTECTED_VM |
| 78 | bool "Enable support for KVM software-protected VMs" | |
| 79 | depends on EXPERT | |
| 80 | depends on X86_64 | |
| 81 | select KVM_GENERIC_PRIVATE_MEM | |
| 82 | help | |
| 83 | Enable support for KVM software-protected VMs. Currently "protected" | |
| 84 | means the VM can be backed with memory provided by | |
| 85 | KVM_CREATE_GUEST_MEMFD. | |
| 86 | ||
| 87 | If unsure, say "N". | |
| 88 | ||
| 6aa8b732 | 89 | config KVM_INTEL |
| 8f63aaf5 SC |
90 | tristate "KVM for Intel (and compatible) processors support" |
| 91 | depends on KVM && IA32_FEAT_CTL | |
| a7f7f624 | 92 | help |
| 8f63aaf5 SC |
93 | Provides support for KVM on processors equipped with Intel's VT |
| 94 | extensions, a.k.a. Virtual Machine Extensions (VMX). | |
| 6aa8b732 | 95 | |
| 58f8ac27 RD |
96 | To compile this as a module, choose M here: the module |
| 97 | will be called kvm-intel. | |
| 98 | ||
| 540745dd SC |
99 | config X86_SGX_KVM |
| 100 | bool "Software Guard eXtensions (SGX) Virtualization" | |
| 101 | depends on X86_SGX && KVM_INTEL | |
| 102 | help | |
| 103 | ||
| 104 | Enables KVM guests to create SGX enclaves. | |
| 105 | ||
| 106 | This includes support to expose "raw" unreclaimable enclave memory to | |
| 107 | guests via a device node, e.g. /dev/sgx_vepc. | |
| 108 | ||
| 109 | If unsure, say N. | |
| 110 | ||
| 6aa8b732 AK |
111 | config KVM_AMD |
| 112 | tristate "KVM for AMD processors support" | |
| 554856b6 | 113 | depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON) |
| a7f7f624 | 114 | help |
| 6aa8b732 AK |
115 | Provides support for KVM on AMD processors equipped with the AMD-V |
| 116 | (SVM) extensions. | |
| fd24dc4a | 117 | |
| 58f8ac27 RD |
118 | To compile this as a module, choose M here: the module |
| 119 | will be called kvm-amd. | |
| 120 | ||
| 5dd0a57c BS |
121 | config KVM_AMD_SEV |
| 122 | def_bool y | |
| 123 | bool "AMD Secure Encrypted Virtualization (SEV) support" | |
| 124 | depends on KVM_AMD && X86_64 | |
| d30f370d | 125 | depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) |
| a7f7f624 | 126 | help |
| 916391a2 TL |
127 | Provides support for launching Encrypted VMs (SEV) and Encrypted VMs |
| 128 | with Encrypted State (SEV-ES) on AMD processors. | |
| 5dd0a57c | 129 | |
| 4b8e1b32 PB |
130 | config KVM_SMM |
| 131 | bool "System Management Mode emulation" | |
| 132 | default y | |
| 133 | depends on KVM | |
| 134 | help | |
| 135 | Provides support for KVM to emulate System Management Mode (SMM) | |
| 136 | in virtual machines. This can be used by the virtual machine | |
| 137 | firmware to implement UEFI secure boot. | |
| 138 | ||
| 139 | If unsure, say Y. | |
| 140 | ||
| b59b153d PB |
141 | config KVM_XEN |
| 142 | bool "Support for Xen hypercall interface" | |
| 143 | depends on KVM | |
| 144 | help | |
| 145 | Provides KVM support for the hosting Xen HVM guests and | |
| 146 | passing Xen hypercalls to userspace. | |
| 147 | ||
| 148 | If in doubt, say "N". | |
| 149 | ||
| 870d4d4e SC |
150 | config KVM_PROVE_MMU |
| 151 | bool "Prove KVM MMU correctness" | |
| 152 | depends on DEBUG_KERNEL | |
| 153 | depends on KVM | |
| 154 | depends on EXPERT | |
| 155 | help | |
| 156 | Enables runtime assertions in KVM's MMU that are too costly to enable | |
| 157 | in anything remotely resembling a production environment, e.g. this | |
| 158 | gates code that verifies a to-be-freed page table doesn't have any | |
| 159 | present SPTEs. | |
| 160 | ||
| 161 | If in doubt, say "N". | |
| 162 | ||
| e9d0c0c4 DS |
163 | config KVM_EXTERNAL_WRITE_TRACKING |
| 164 | bool | |
| 165 | ||
| f10a570b KM |
166 | config KVM_MAX_NR_VCPUS |
| 167 | int "Maximum number of vCPUs per KVM guest" | |
| 168 | depends on KVM | |
| 169 | range 1024 4096 | |
| 170 | default 4096 if MAXSMP | |
| 171 | default 1024 | |
| 172 | help | |
| 173 | Set the maximum number of vCPUs per KVM guest. Larger values will increase | |
| 174 | the memory footprint of each KVM guest, regardless of how many vCPUs are | |
| 175 | created for a given VM. | |
| 176 | ||
| de062065 | 177 | endif # VIRTUALIZATION |