1# SPDX-License-Identifier: GPL-2.0-only
2menuconfig VFIO
3	tristate "VFIO Non-Privileged userspace driver framework"
4	select IOMMU_API
5	depends on IOMMUFD || !IOMMUFD
6	select INTERVAL_TREE
7	select VFIO_GROUP if SPAPR_TCE_IOMMU || IOMMUFD=n
8	select VFIO_DEVICE_CDEV if !VFIO_GROUP
9	select VFIO_CONTAINER if IOMMUFD=n
10	help
11	  VFIO provides a framework for secure userspace device drivers.
12	  See Documentation/driver-api/vfio.rst for more details.
13
14	  If you don't know what to do here, say N.
15
16if VFIO
17config VFIO_DEVICE_CDEV
18	bool "Support for the VFIO cdev /dev/vfio/devices/vfioX"
19	depends on IOMMUFD && !SPAPR_TCE_IOMMU
20	default !VFIO_GROUP
21	help
22	  The VFIO device cdev is another way for userspace to get device
23	  access. Userspace gets device fd by opening device cdev under
24	  /dev/vfio/devices/vfioX, and then bind the device fd with an iommufd
25	  to set up secure DMA context for device access.  This interface does
26	  not support noiommu.
27
28	  If you don't know what to do here, say N.
29
30config VFIO_GROUP
31	bool "Support for the VFIO group /dev/vfio/$group_id"
32	default y
33	help
34	   VFIO group support provides the traditional model for accessing
35	   devices through VFIO and is used by the majority of userspace
36	   applications and drivers making use of VFIO.
37
38	   If you don't know what to do here, say Y.
39
40config VFIO_CONTAINER
41	bool "Support for the VFIO container /dev/vfio/vfio"
42	select VFIO_IOMMU_TYPE1 if MMU && (X86 || S390 || ARM || ARM64)
43	depends on VFIO_GROUP
44	default y
45	help
46	  The VFIO container is the classic interface to VFIO for establishing
47	  IOMMU mappings. If N is selected here then IOMMUFD must be used to
48	  manage the mappings.
49
50	  Unless testing IOMMUFD say Y here.
51
52if VFIO_CONTAINER
53config VFIO_IOMMU_TYPE1
54	tristate
55	default n
56
57config VFIO_IOMMU_SPAPR_TCE
58	tristate
59	depends on SPAPR_TCE_IOMMU
60	default VFIO
61endif
62
63config VFIO_NOIOMMU
64	bool "VFIO No-IOMMU support"
65	depends on VFIO_GROUP
66	help
67	  VFIO is built on the ability to isolate devices using the IOMMU.
68	  Only with an IOMMU can userspace access to DMA capable devices be
69	  considered secure.  VFIO No-IOMMU mode enables IOMMU groups for
70	  devices without IOMMU backing for the purpose of re-using the VFIO
71	  infrastructure in a non-secure mode.  Use of this mode will result
72	  in an unsupportable kernel and will therefore taint the kernel.
73	  Device assignment to virtual machines is also not possible with
74	  this mode since there is no IOMMU to provide DMA translation.
75
76	  If you don't know what to do here, say N.
77
78config VFIO_VIRQFD
79	bool
80	select EVENTFD
81	default n
82
83config VFIO_DEBUGFS
84	bool "Export VFIO internals in DebugFS"
85	depends on DEBUG_FS
86	help
87	  Allows exposure of VFIO device internals. This option enables
88	  the use of debugfs by VFIO drivers as required. The device can
89	  cause the VFIO code create a top-level debug/vfio directory
90	  during initialization, and then populate a subdirectory with
91	  entries as required.
92
93source "drivers/vfio/pci/Kconfig"
94source "drivers/vfio/platform/Kconfig"
95source "drivers/vfio/mdev/Kconfig"
96source "drivers/vfio/fsl-mc/Kconfig"
97source "drivers/vfio/cdx/Kconfig"
98endif
99
100source "virt/lib/Kconfig"
101