1# SPDX-License-Identifier: GPL-2.0-only 2menuconfig VFIO 3 tristate "VFIO Non-Privileged userspace driver framework" 4 select IOMMU_API 5 depends on IOMMUFD || !IOMMUFD 6 select INTERVAL_TREE 7 select VFIO_GROUP if SPAPR_TCE_IOMMU || IOMMUFD=n 8 select VFIO_DEVICE_CDEV if !VFIO_GROUP 9 select VFIO_CONTAINER if IOMMUFD=n 10 help 11 VFIO provides a framework for secure userspace device drivers. 12 See Documentation/driver-api/vfio.rst for more details. 13 14 If you don't know what to do here, say N. 15 16if VFIO 17config VFIO_DEVICE_CDEV 18 bool "Support for the VFIO cdev /dev/vfio/devices/vfioX" 19 depends on IOMMUFD && !SPAPR_TCE_IOMMU 20 default !VFIO_GROUP 21 help 22 The VFIO device cdev is another way for userspace to get device 23 access. Userspace gets device fd by opening device cdev under 24 /dev/vfio/devices/vfioX, and then bind the device fd with an iommufd 25 to set up secure DMA context for device access. This interface does 26 not support noiommu. 27 28 If you don't know what to do here, say N. 29 30config VFIO_GROUP 31 bool "Support for the VFIO group /dev/vfio/$group_id" 32 default y 33 help 34 VFIO group support provides the traditional model for accessing 35 devices through VFIO and is used by the majority of userspace 36 applications and drivers making use of VFIO. 37 38 If you don't know what to do here, say Y. 39 40config VFIO_CONTAINER 41 bool "Support for the VFIO container /dev/vfio/vfio" 42 select VFIO_IOMMU_TYPE1 if MMU && (X86 || S390 || ARM || ARM64) 43 depends on VFIO_GROUP 44 default y 45 help 46 The VFIO container is the classic interface to VFIO for establishing 47 IOMMU mappings. If N is selected here then IOMMUFD must be used to 48 manage the mappings. 49 50 Unless testing IOMMUFD say Y here. 51 52if VFIO_CONTAINER 53config VFIO_IOMMU_TYPE1 54 tristate 55 default n 56 57config VFIO_IOMMU_SPAPR_TCE 58 tristate 59 depends on SPAPR_TCE_IOMMU 60 default VFIO 61endif 62 63config VFIO_NOIOMMU 64 bool "VFIO No-IOMMU support" 65 depends on VFIO_GROUP 66 help 67 VFIO is built on the ability to isolate devices using the IOMMU. 68 Only with an IOMMU can userspace access to DMA capable devices be 69 considered secure. VFIO No-IOMMU mode enables IOMMU groups for 70 devices without IOMMU backing for the purpose of re-using the VFIO 71 infrastructure in a non-secure mode. Use of this mode will result 72 in an unsupportable kernel and will therefore taint the kernel. 73 Device assignment to virtual machines is also not possible with 74 this mode since there is no IOMMU to provide DMA translation. 75 76 If you don't know what to do here, say N. 77 78config VFIO_VIRQFD 79 bool 80 select EVENTFD 81 default n 82 83source "drivers/vfio/pci/Kconfig" 84source "drivers/vfio/platform/Kconfig" 85source "drivers/vfio/mdev/Kconfig" 86source "drivers/vfio/fsl-mc/Kconfig" 87source "drivers/vfio/cdx/Kconfig" 88endif 89 90source "virt/lib/Kconfig" 91