| # SPDX-License-Identifier: GPL-2.0-only |
| menuconfig VFIO |
| tristate "VFIO Non-Privileged userspace driver framework" |
| select IOMMU_API |
| depends on IOMMUFD || !IOMMUFD |
| select INTERVAL_TREE |
| select VFIO_GROUP if SPAPR_TCE_IOMMU || IOMMUFD=n |
| select VFIO_DEVICE_CDEV if !VFIO_GROUP |
| select VFIO_CONTAINER if IOMMUFD=n |
| help |
| VFIO provides a framework for secure userspace device drivers. |
| See Documentation/driver-api/vfio.rst for more details. |
| |
| If you don't know what to do here, say N. |
| |
| if VFIO |
| config VFIO_DEVICE_CDEV |
| bool "Support for the VFIO cdev /dev/vfio/devices/vfioX" |
| depends on IOMMUFD && !SPAPR_TCE_IOMMU |
| default !VFIO_GROUP |
| help |
| The VFIO device cdev is another way for userspace to get device |
| access. Userspace gets device fd by opening device cdev under |
| /dev/vfio/devices/vfioX, and then bind the device fd with an iommufd |
| to set up secure DMA context for device access. This interface does |
| not support noiommu. |
| |
| If you don't know what to do here, say N. |
| |
| config VFIO_GROUP |
| bool "Support for the VFIO group /dev/vfio/$group_id" |
| default y |
| help |
| VFIO group support provides the traditional model for accessing |
| devices through VFIO and is used by the majority of userspace |
| applications and drivers making use of VFIO. |
| |
| If you don't know what to do here, say Y. |
| |
| config VFIO_CONTAINER |
| bool "Support for the VFIO container /dev/vfio/vfio" |
| select VFIO_IOMMU_TYPE1 if MMU && (X86 || S390 || ARM || ARM64) |
| depends on VFIO_GROUP |
| default y |
| help |
| The VFIO container is the classic interface to VFIO for establishing |
| IOMMU mappings. If N is selected here then IOMMUFD must be used to |
| manage the mappings. |
| |
| Unless testing IOMMUFD say Y here. |
| |
| if VFIO_CONTAINER |
| config VFIO_IOMMU_TYPE1 |
| tristate |
| default n |
| |
| config VFIO_IOMMU_SPAPR_TCE |
| tristate |
| depends on SPAPR_TCE_IOMMU |
| default VFIO |
| endif |
| |
| config VFIO_NOIOMMU |
| bool "VFIO No-IOMMU support" |
| depends on VFIO_GROUP |
| help |
| VFIO is built on the ability to isolate devices using the IOMMU. |
| Only with an IOMMU can userspace access to DMA capable devices be |
| considered secure. VFIO No-IOMMU mode enables IOMMU groups for |
| devices without IOMMU backing for the purpose of re-using the VFIO |
| infrastructure in a non-secure mode. Use of this mode will result |
| in an unsupportable kernel and will therefore taint the kernel. |
| Device assignment to virtual machines is also not possible with |
| this mode since there is no IOMMU to provide DMA translation. |
| |
| If you don't know what to do here, say N. |
| |
| config VFIO_VIRQFD |
| bool |
| select EVENTFD |
| default n |
| |
| config VFIO_DEBUGFS |
| bool "Export VFIO internals in DebugFS" |
| depends on DEBUG_FS |
| help |
| Allows exposure of VFIO device internals. This option enables |
| the use of debugfs by VFIO drivers as required. The device can |
| cause the VFIO code create a top-level debug/vfio directory |
| during initialization, and then populate a subdirectory with |
| entries as required. |
| |
| source "drivers/vfio/pci/Kconfig" |
| source "drivers/vfio/platform/Kconfig" |
| source "drivers/vfio/mdev/Kconfig" |
| source "drivers/vfio/fsl-mc/Kconfig" |
| source "drivers/vfio/cdx/Kconfig" |
| endif |
| |
| source "virt/lib/Kconfig" |
