Google Git
Sign in
android / kernel / common / 78992c81d937e9a7935af01d98a1843dc212bae3 / . / arch / x86 / kvm / Kconfig
blob: 091b8b1b7a65cbb30746548a5899579d439876c0 [file] [log] [blame]
# SPDX-License-Identifier: GPL-2.0
#
# KVM configuration
#
source "virt/kvm/Kconfig"
menuconfig VIRTUALIZATION
bool "Virtualization"
depends on HAVE_KVM || X86
default y
help
Say Y here to get to see options for using your Linux host to run other
operating systems inside virtual machines (guests).
This option alone does not add any kernel code.
If you say N, all options in this submenu will be skipped and disabled.
if VIRTUALIZATION
config KVM
tristate "Kernel-based Virtual Machine (KVM) support"
depends on HAVE_KVM
depends on HIGH_RES_TIMERS
depends on X86_LOCAL_APIC
select PREEMPT_NOTIFIERS
select MMU_NOTIFIER
select HAVE_KVM_IRQCHIP
select HAVE_KVM_PFNCACHE
select HAVE_KVM_IRQFD
select HAVE_KVM_DIRTY_RING_TSO
select HAVE_KVM_DIRTY_RING_ACQ_REL
select IRQ_BYPASS_MANAGER
select HAVE_KVM_IRQ_BYPASS
select HAVE_KVM_IRQ_ROUTING
select HAVE_KVM_EVENTFD
select KVM_ASYNC_PF
select USER_RETURN_NOTIFIER
select KVM_MMIO
select SCHED_INFO
select PERF_EVENTS
select GUEST_PERF_EVENTS
select HAVE_KVM_MSI
select HAVE_KVM_CPU_RELAX_INTERCEPT
select HAVE_KVM_NO_POLL
select KVM_XFER_TO_GUEST_WORK
select KVM_GENERIC_DIRTYLOG_READ_PROTECT
select KVM_VFIO
select INTERVAL_TREE
select HAVE_KVM_PM_NOTIFIER if PM
select KVM_GENERIC_HARDWARE_ENABLING
select HAVE_KVM_VCPU_RUN_PID_CHANGE
help
Support hosting fully virtualized guest machines using hardware
virtualization extensions. You will need a fairly recent
processor equipped with virtualization extensions. You will also
need to select one or more of the processor modules below.
This module provides access to the hardware capabilities through
a character device node named /dev/kvm.
To compile this as a module, choose M here: the module
will be called kvm.
If unsure, say N.
config KVM_WERROR
bool "Compile KVM with -Werror"
# KASAN may cause the build to fail due to larger frames
default y if X86_64 && !KASAN
# We use the dependency on !COMPILE_TEST to not be enabled
# blindly in allmodconfig or allyesconfig configurations
depends on KVM
depends on (X86_64 && !KASAN) || !COMPILE_TEST
depends on EXPERT
help
Add -Werror to the build flags for KVM.
If in doubt, say "N".
config KVM_INTEL
tristate "KVM for Intel (and compatible) processors support"
depends on KVM && IA32_FEAT_CTL
help
Provides support for KVM on processors equipped with Intel's VT
extensions, a.k.a. Virtual Machine Extensions (VMX).
To compile this as a module, choose M here: the module
will be called kvm-intel.
config PKVM_INTEL
bool "pKVM for Intel processors support"
depends on KVM_INTEL=y
depends on X86_64
depends on !KSM
depends on INTEL_IOMMU
select INTEL_IOMMU_DEFAULT_ON
select INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON
help
Provides support for pKVM on Intel processors.
This will deprivilege the host as a VM running in non-root VMX
operation mode, and pKVM hypervisor will run in root VMX
operation mode.
If unsure, say N.
config PKVM_INTEL_DEBUG
bool "Debug pKVM"
depends on PKVM_INTEL
help
Provides debug support for pKVM.
If unsure, say N.
config X86_SGX_KVM
bool "Software Guard eXtensions (SGX) Virtualization"
depends on X86_SGX && KVM_INTEL
help
Enables KVM guests to create SGX enclaves.
This includes support to expose "raw" unreclaimable enclave memory to
guests via a device node, e.g. /dev/sgx_vepc.
If unsure, say N.
config KVM_AMD
tristate "KVM for AMD processors support"
depends on KVM && (CPU_SUP_AMD || CPU_SUP_HYGON)
help
Provides support for KVM on AMD processors equipped with the AMD-V
(SVM) extensions.
To compile this as a module, choose M here: the module
will be called kvm-amd.
config KVM_AMD_SEV
def_bool y
bool "AMD Secure Encrypted Virtualization (SEV) support"
depends on KVM_AMD && X86_64
depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
help
Provides support for launching Encrypted VMs (SEV) and Encrypted VMs
with Encrypted State (SEV-ES) on AMD processors.
config KVM_SMM
bool "System Management Mode emulation"
default y
depends on KVM
help
Provides support for KVM to emulate System Management Mode (SMM)
in virtual machines. This can be used by the virtual machine
firmware to implement UEFI secure boot.
If unsure, say Y.
config KVM_XEN
bool "Support for Xen hypercall interface"
depends on KVM
help
Provides KVM support for the hosting Xen HVM guests and
passing Xen hypercalls to userspace.
If in doubt, say "N".
config KVM_PROVE_MMU
bool "Prove KVM MMU correctness"
depends on DEBUG_KERNEL
depends on KVM
depends on EXPERT
help
Enables runtime assertions in KVM's MMU that are too costly to enable
in anything remotely resembling a production environment, e.g. this
gates code that verifies a to-be-freed page table doesn't have any
present SPTEs.
If in doubt, say "N".
config KVM_EXTERNAL_WRITE_TRACKING
bool
config KVM_VIRT_SUSPEND_TIMING
bool "Host support for virtual suspend time injection"
depends on KVM=y && HAVE_KVM_PM_NOTIFIER
default n
help
This option makes the host's suspension reflected on the guest's clocks.
In other words, guest's CLOCK_MONOTONIC will stop and
CLOCK_BOOTTIME keeps running during the host's suspension.
This feature will only be effective when both guest and host support
this feature. For the guest side, see KVM_VIRT_SUSPEND_TIMING_GUEST.
If unsure, say N.
config PARAVIRT_SCHED_KVM
bool "Enable paravirt scheduling capability for kvm"
depends on KVM
default n
help
Paravirtualized scheduling facilitates the exchange of scheduling
related information between the host and guest through shared memory,
enhancing the efficiency of vCPU thread scheduling by the hypervisor.
An illustrative use case involves dynamically boosting the priority of
a vCPU thread when the guest is executing a latency-sensitive workload
on that specific vCPU.
This config enables paravirt scheduling in the kvm hypervisor.
endif # VIRTUALIZATION