# SPDX-License-Identifier: GPL-2.0
#
# KVM configuration
#

source "virt/kvm/Kconfig"

menuconfig VIRTUALIZATION
	bool "Virtualization"
	depends on HAVE_KVM || X86
	default y
	---help---
	  Say Y here to get to see options for using your Linux host to run other
	  operating systems inside virtual machines (guests).
	  This option alone does not add any kernel code.

	  If you say N, all options in this submenu will be skipped and disabled.

if VIRTUALIZATION

config KVM
	tristate "Kernel-based Virtual Machine (KVM) support"
	depends on HAVE_KVM
	depends on HIGH_RES_TIMERS
	# for TASKSTATS/TASK_DELAY_ACCT:
	depends on NET && MULTIUSER
	depends on X86_LOCAL_APIC
	select PREEMPT_NOTIFIERS
	select MMU_NOTIFIER
	select HAVE_KVM_IRQCHIP
	select HAVE_KVM_IRQFD
	select IRQ_BYPASS_MANAGER
	select HAVE_KVM_IRQ_BYPASS
	select HAVE_KVM_IRQ_ROUTING
	select HAVE_KVM_EVENTFD
	select KVM_ASYNC_PF
	select USER_RETURN_NOTIFIER
	select KVM_MMIO
	select TASKSTATS
	select TASK_DELAY_ACCT
	select PERF_EVENTS
	select HAVE_KVM_MSI
	select HAVE_KVM_CPU_RELAX_INTERCEPT
	select HAVE_KVM_NO_POLL
	select KVM_GENERIC_DIRTYLOG_READ_PROTECT
	select KVM_VFIO
	select SRCU
	select HAVE_KVM_PM_NOTIFIER if PM
	---help---
	  Support hosting fully virtualized guest machines using hardware
	  virtualization extensions.  You will need a fairly recent
	  processor equipped with virtualization extensions. You will also
	  need to select one or more of the processor modules below.

	  This module provides access to the hardware capabilities through
	  a character device node named /dev/kvm.

	  To compile this as a module, choose M here: the module
	  will be called kvm.

	  If unsure, say N.

config KVM_INTEL
	tristate "KVM for Intel processors support"
	depends on KVM
	# for perf_guest_get_msrs():
	depends on CPU_SUP_INTEL
	---help---
	  Provides support for KVM on Intel processors equipped with the VT
	  extensions.

	  To compile this as a module, choose M here: the module
	  will be called kvm-intel.

config KVM_INVEPT_GLOBAL
	bool "Always use global context for INVEPT"
	default n
	depends on KVM_INTEL
	---help---
	  Always use global context for INVEPT, to workaround b/188008861.

	  If unsure, say N.

config KVM_AMD
	tristate "KVM for AMD processors support"
	depends on KVM
	depends on !CRYPTO_DEV_SP_PSP || (CRYPTO_DEV_SP_PSP && CRYPTO_DEV_CCP_DD)
	---help---
	  Provides support for KVM on AMD processors equipped with the AMD-V
	  (SVM) extensions.

	  To compile this as a module, choose M here: the module
	  will be called kvm-amd.

config KVM_AMD_SEV
	def_bool y
	bool "AMD Secure Encrypted Virtualization (SEV) support"
	depends on KVM_AMD && X86_64
	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
	---help---
	Provides support for launching Encrypted VMs on AMD processors.

config KVM_MMU_AUDIT
	bool "Audit KVM MMU"
	depends on KVM && TRACEPOINTS
	---help---
	 This option adds a R/W kVM module parameter 'mmu_audit', which allows
	 auditing of KVM MMU events at runtime.

config KVM_HETEROGENEOUS_RT
	bool "Support for heterogeneous real-time VCPU configurations"
	depends on KVM
	select HAVE_KVM_MAY_PREEMPT
	help
	 Allows some VCPUs to be real-time. Without this option, if some
	 VCPUs are real-time while others are not, extremely long latencies
	 might be experienced. Needs guest with CONFIG_PREEMPT_COUNT_REPORTING
	 enabled.

         If in doubt, say "N".

config KVM_VIRT_SUSPEND_TIMING
	bool "Host support for virtual suspend time injection"
	depends on KVM=y && HAVE_KVM_PM_NOTIFIER
	default n
	help
	 This option makes the host's suspension reflected on the guest's clocks.
	 In other words, guest's CLOCK_MONOTONIC will stop and
	 CLOCK_BOOTTIME keeps running during the host's suspension.
	 This feature will only be effective when both guest and host support
	 this feature. For the guest side, see KVM_VIRT_SUSPEND_TIMING_GUEST.

	 If unsure, say N.

# OK, it's a little counter-intuitive to do this, but it puts it neatly under
# the virtualization menu.
source "drivers/vhost/Kconfig"

endif # VIRTUALIZATION